autonomy demo openclaw

Demo the OpenClaw agent scenario: permitted calls, exfiltration block, WAL rollback

Synopsis

Runs the OpenClaw demo agent against a real AutonomyOps governance runtime.

The agent submits three tool calls via POST /v1/tool. The governance runtime evaluates the embedded OPA/Rego policy before each one executes:

tool.echo → ALLOW (environment probe; permitted by demo policy) tool.http_get → skipped (no upstream endpoint registered in demo mode) tool.shell → DENY (exfiltration attempt; blocked before execution)

After the shell call is denied, a policy-scoped rollback fires and the unsafe state transition is recorded in the local WAL. Every decision is written to the WAL before this command exits — the record survives process restart and cannot be altered by the agent.

No Docker, external registry, or control-plane connection is needed. Requires python3 on PATH.

Usage

autonomy demo openclaw

See also

  • autonomy demo — Run self-contained demos that require no Docker or control plane