Skip to main content

Cord-Claw Policy Guide

Overview

Cord-Claw ships three built-in policy profiles. Each profile defines rules for 10 OpenClaw action categories. You can use a profile as-is or customize individual rules.

Profiles

ProfileUse CaseDefault Behavior
PermissivePersonal / developer useAllow most operations. Block only obviously destructive commands and secrets access.
ModerateTeam / stagingAllow routine operations. Require approval for external messaging, scheduling, and package installs. Deny destructive and secrets access.
StrictEnterprise / productionRequire approval for most write operations. Deny destructive commands, secrets access, and cloud infrastructure operations.

Set your profile during install:

CORDCLAW_PROFILE=moderate ./setup/install.sh

Action Categories

CategoryToolRisk TagsPermissiveModerateStrict
Shell executionexecexec, system, writeAllow (deny destructive)Allow (deny destructive)Require approval
File readfile_readfilesystem, readAllowAllowAllow
File writefile_writefilesystem, writeAllow (deny secrets)Allow (deny secrets)Require approval (deny secrets)
Browser navigatebrowser_navigatenetwork, browserAllowAllowAllow
Browser interactbrowser_interactnetwork, browser, writeAllowAllowRequire approval
Web searchweb_searchnetwork, readAllowAllowAllow
Web fetchweb_fetchnetwork, readAllowAllowAllow (deny non-HTTPS)
Send messagesessions_sendmessaging, write, externalAllowRequire approvalRequire approval
Memory writememory_writememory, write, persistenceAllowAllowRequire approval
Create croncron.createschedule, write, autonomyAllowRequire approvalDeny

Risk Tags

Risk tags are inferred from action metadata using regex patterns. They augment the base category to trigger stricter rules.

TagTriggerEffect
destructiverm -rf, DROP, DELETE FROM, mkfs, dd if=Escalates to DENY in all profiles
secretsPaths matching .env, .pem, .key, credentials, tokensEscalates to DENY in all profiles
cloudaws, gcloud, az, terraform, kubectl commandsEscalates to DENY in strict
package-installnpm install, pip install, apt installEscalates to REQUIRE_APPROVAL in moderate/strict
non-httpsURLs without https:// prefixAdds warning tag; DENY in strict

Custom Policies

Create a YAML file with your overrides:

# custom-policy.yaml
rules:
- topic: job.cordclaw.exec
capability: cordclaw.shell-execute
match:
riskTags:
contains: ["package-install"]
decision: ALLOW
reason: "Team policy: allow package installs without approval"

- topic: job.cordclaw.message-send
capability: cordclaw.message-send
decision: DENY
reason: "No external messaging allowed in this environment"

Apply it:

cordclaw-daemon --policy-override ./custom-policy.yaml

Custom rules are evaluated before profile defaults. First matching rule wins.

Simulation

Test policy decisions without executing actions:

curl -X POST http://localhost:19090/simulate \
-H "Content-Type: application/json" \
-d @examples/payloads/deny-destructive-exec.json

Response:

{
"decision": "DENY",
"reason": "Destructive command detected: rm -rf",
"riskTags": ["exec", "system", "write", "destructive"],
"cached": false
}

See examples/payloads/ for sample simulation inputs in the source repo.


Source: cordum-io/Cord-Claw/docs/POLICY_GUIDE.md — last mirrored 2026-05-16 (task-ea3ad94e).