A single adapter proof is useful, but enterprise buyers will ask whether the boundary is tied to one agent framework. This test makes the next claim concrete: OpenClaw, Hermes, an MCP tool host, and a generic local HTTP agent can sit behind the same Imladri constitution, produce the same evidence shape, and fail closed through the same strict preflight path.
Live bridge checks and seven verifier checks ran as one evidence packet.
The demo runner first exercised the OpenClaw, Hermes, MCP, and Generic HTTP local bridges with connect, policy, allowed-action, and denied-action phases. It then ran the verifier through the TypeScript SDK boundary and four runtime adapters, mixing prohibited attempts across all runtimes before checking delegation, halt, fail-closed transport, schema compatibility, and clean bootstrap behavior.
| Check | Result |
|---|---|
| Shared constitution | OpenClaw, Hermes, MCP, and Generic HTTP loaded the same allow, deny, and unknown-action policy. |
| Mixed concurrency | 100 mixed-runtime prohibited attempts blocked before body entry across all four adapters. |
| Cross-runtime delegation | OpenClaw delegated to Hermes, Hermes delegated to MCP, MCP delegated to Generic HTTP, and Generic HTTP delegated back to OpenClaw; all delegated dangerous calls were denied. |
| Shared halt state | A single halted preflight boundary stopped all four runtimes before safe bodies could run. |
| Fail-closed preflight | A transport failure on strict preflight denied all four runtimes before body entry. |
| Evidence schema | All four runtimes produced the same normalized event fields for audit and proof export. |
| Clean bootstrap | All four adapters started from config, ran one safe action, and denied one dangerous action with no external secrets. |
The shared action names map to native runtime actions.
Customers should not need a separate policy model per agent framework. The verifier used shared logical actions and mapped only the runtime-specific safe version call.
| Runtime | Local bridge | Native version action |
|---|---|---|
| OpenClaw | http://127.0.0.1:8788/openclaw/agent | openclaw.version |
| Hermes | http://127.0.0.1:8798/hermes/agent | hermes.version |
| MCP tool host | http://127.0.0.1:8800/mcp/agent | mcp.tools.list |
| Generic HTTP agent | http://127.0.0.1:8799/custom/agent | runtime.version |
The boundary held when one runtime handed work to another.
The run allowed agent.delegate across OpenClaw, Hermes, MCP, and Generic HTTP, then blocked the dangerous delegated action on the receiving runtime. A separate shared halt check denied all four runtimes through one strict preflight boundary before safe bodies ran.
The JSON packet contains all checks and the proof digest.
The public artifact includes the shared constitution, every normalized event, assertion results, latency summary, and a SHA-256 digest over the packet.
Joint runtime artifact: openclaw-hermes-joint-runtime-parity-20260519.json
This proves the shared Imladri layer, not automatic protection of unwrapped plugins.
The runtime-specific articles still carry the native body-entry proof for OpenClaw and Hermes. This article proves the shared policy, preflight, delegation, halt, and evidence abstraction above those adapters plus MCP and generic custom-agent HTTP bridges. Dangerous functions still need to be explicitly wrapped.