Most AI agents today run with unchecked access to tools like shell execution, database writes, and arbitrary HTTP calls. There's no systematic way to constrain what they can do before execution happens. You're essentially giving a new employee root access and no employment contract.
LawClaw applies a separation-of-powers model to agent governance — borrowing from constitutional design to create layered,
enforceable rules.
Three layers:
Constitution: Immutable core rules embedded in the system prompt. The agent cannot override these regardless of user instruction.
Legislature: Detailed behavioral laws written as plain markdown files. Human-readable, git-diffable, no custom DSL. Change the law
by editing a file and committing.
Pre-Judiciary: Automated enforcement that runs before tool execution, not after. It inspects the LLM's intended action and blocks
it if it violates law. Think traffic cameras, not courtrooms. This is where "rm -rf /", "DROP TABLE", and "curl | bash" get
intercepted.
Because the governed "society" has exactly one citizen (the agent), there's no need for an Executive branch — enforcement is fully
automated.
What ships with it:
- Telegram bot interface
- Multi-provider LLM support (OpenRouter, Z.AI, Claude Max proxy)
- Cron job scheduling
- Full audit trail of every action attempted and whether it was allowed or blocked
- Runtime tool ban/approve without restart
The governance layer itself is just markdown. If you want to prohibit file deletions in production paths, you write a markdown
file that says so. The Pre-Judiciary reads it, parses the constraint, and enforces it before any tool fires.
This started as a practical response to a real problem: we needed to deploy agents with meaningful autonomy but couldn't accept
unconstrained tool use. The constitutional framing turned out to be a useful mental model for reasoning about agent permissions
and audit.
GitHub: https://github.com/nghiahsgs/LawClaw
MIT licensed. Early stage. Interested in feedback from anyone running agents in production, particularly on the Pre-Judiciary
enforcement model and whether the constitutional framing maps well to other agent architectures. Security researchers welcome —
the threat model for agents bypassing their own governance is worth scrutinizing.Comments URL: https://news.ycombinator.com/item?id=47109076
Points: 1
# Comments: 1