Security Rules Guard for OpenClaw - enforces ironclads via before_prompt_build hook
Install
$
openclaw plugins install clawhub:openclaw-rules-guardopenclaw-rules-guard (OpenClaw Extension)
Version: 1.0.1 | Author: kamusis
Security Rules Guard for OpenClaw - enforces mandatory security rules (ironclads) via the before_prompt_build lifecycle hook.
Features
- Mandatory Rule Injection: Automatically injects rules from a
RULES.md(uppercase) file into every agent turn. - Dual-Layer Search:
- Workspace Level: Checks for
RULES.mdin the current project root. - Global Fallback: If no workspace rule exists, falls back to the
RULES.mdin the extension directory.
- Workspace Level: Checks for
- Security Enforcement: Ensures that critical security guidelines are always present in the context immediately before the user's prompt.
- Context Management: Uses
prependContextto maintain priority and visibility of the injected rules.
Installation
Via ClawHub (recommended):
clawhub package publish openclaw-rules-guard
# or install from registry:
openclaw plugins install clawhub:openclaw-rules-guard
Manual:
- Place this extension directory in
~/.openclaw/extensions/openclaw-rules-guard. - (Optional) Create a workspace-specific
RULES.mdin your project root to override the global one.
Configuration
The plugin is configured via openclaw.plugin.json. By default, it requires no additional configuration beyond its presence.
How it Works
The plugin registers a listener for the before_prompt_build event. When an agent is about to build its prompt, the plugin:
- Tries to find
RULES.mdinctx.workspaceDir. - If not found, uses the
RULES.mdlocated in the extension folder itself. - Reads the determined file and prepends the content to the prompt context under a
### 🚨 SECURITY RULES (MANDATORY)header.
