See the control loop before a bad action runs.
Pick an OpenClaw, Hermes, or custom-agent boundary, then inspect local block, live preflight, or sandbox gate responses, decision headers, and proof digest without exposing runtime secrets.
Live strict preflight
Calls the live runtime preflight endpoint and blocks before the function body.
pendingpendingsha256:pendingpendingmsFrom account setup to proof export.
Publish the policy
The customer chooses allowed, blocked, review-required, sandbox, and database boundaries for one OpenClaw, Hermes, or custom agent.
Wrap dangerous capabilities
The agent keeps its normal brain and tools. Imladri sits around OpenClaw tools, Hermes plugins, custom SDK actions, database branches, cloud calls, payments, or compute jobs that can cause side effects.
Block or halt before the boundary
Known-bad local actions stop before network. High-risk actions can use live preflight, sandbox-before-spawn, or governed database execution.
Inspect deployment state
The private pilot workspace keeps agent activity, blocked attempts, halt state, constitution revision, DB sandbox evidence, training runs, and proof export in one surface.
Export SHA-256 proof
Security review gets a signed packet with the published policy, runtime decision, evidence rows, and proof integrity metadata.
Wrap the tool body.
Imladri is not a replacement for the customer's agent. It is the runtime boundary around side-effectful OpenClaw tools, Hermes plugins, or custom SDK actions.
const guardedDeploy = agent.action(
"deploy.preview",
async (plan) => deployPreview(plan),
{
strictPreflight: true,
intent: (plan) => ({ service: plan.service, version: plan.version }),
},
);
await guardedDeploy(releasePlan);The private workspace becomes the control room.
release-agentactionpayment.transferoutcomeBLOCKED before function bodyproofSHA-256 evidence packetHonest boundaries are part of the product.
Dangerous capabilities routed through SDK action wrappers, strict preflight, sandboxed actions, or governed database actions.
Capabilities not routed through the boundary can still become evidence and halt triggers, but they are not pre-execution preventable.
Operator halt propagates to SDK, strict-preflight, sandbox, and database enforcement boundaries before the next side-effectful action runs.
Local blocks optimize known-bad actions. Live preflight checks current state. Sandbox and database lanes add process, branch, or SQL-scoped proof.
Local cached constitution state can trail a new publish briefly. Force poll or live preflight is the stronger path for urgent changes.
Customer evidence stays on the SHA-256/FIPS-compatible path. BLAKE3 remains experimental only.
Start with one privileged workflow.
Connect the runtime bridge, publish policy, verify one allowed action, block one dangerous native tool or plugin body, and export proof.
Wrap deploy.preview, release promotion, pull-request mutation, and infrastructure changes before they touch production.
Branch Postgres sandboxes, route SQL through approved templates, isolate writes, and prove the source database stayed untouched.
Gate IAM, resource creation, billing-sensitive operations, and environment changes with halt and proof export attached.
Bring one OpenClaw, Hermes, or custom agent with one dangerous tool.
The useful pilot is narrow: publish policy, wrap the tool, run one allowed call or database branch, block one prohibited action, verify halt, and export proof.