OpenClaw Starter — Chat, Autonomous & SOC Modes Live Back to Platform →
Chat · Autonomous · SOC Modes Live

Let AI Act
in the Real World.
Without Losing Control.

The governed execution layer for autonomous AI systems.

Spawn agents. Execute tasks. Coordinate systems. Every action is governed before it runs, optionally approved by humans, and cryptographically recorded with proof.

64 governed tools across the full AGTS 6-layer agent stack Scheduled Heartbeats · Profile-Matched Playbooks Sub-agents · Delegation Chains Cryptographic Proof · Merkle Transparency Timeline Deterministic Provenance · Recall You Can Prove AGTS_COGNITION_V1 · Public Verifier Live →
Initialize Scroll
Governed Tools 0
Governance Gates 0
Signing Algorithm Hybrid Ed25519
Silent Failures ZERO

Three Modes of Governance

One Agent. Three Operating Modes.

Every mode runs the same five-gate governance pipeline, the same cryptographic proof, the same transparency log. What changes is how much human involvement you want.

Available Now
chat

Chat Mode

Human-in-the-loop. You direct the agent through natural language. Every tool call is proposed, explained, and requires your approval before execution. Full governance pipeline runs on every action.

  • Conversational interface
  • Human approval on every action
  • Step-by-step task execution
  • Full proof bundle per decision
Live
Available Now
smart_toy

Autonomous Mode

The agent runs on its own — on a heartbeat schedule and on event triggers — using a playbook of recipes matched to its profile. Every autonomous tool call still passes the same five governance gates, produces the same signed commitment, and is anchored to the same Merkle transparency log as Chat Mode. You watch it execute in a time-indexed timeline; humans are only pulled in when a gate escalates.

  • Scheduled heartbeats (daily / weekly / monthly cadences)
  • Profile-matched playbook recipes (mail, drive, billing, monitor, more)
  • Run-now, propose, approve, reject and disable per recipe
  • Time-indexed governance timeline with cryptographic proof per row
  • Surfaced persistence failures — no silent drift
  • Policy-bounded autonomy with human escalation on gate violations
Live
Available Now
shield

SOC Mode

Autonomous Security Operations Centre. A deterministic, rule-based detection engine runs scheduled recipes, correlates signals into findings, auto-promotes findings to incidents, and an alarm-driven playbook executor advances each incident through triage and containment — all rule-evaluated and cryptographically governed, with bounded read-only LLM sub-tasks inside two investigation playbooks. Incident resolution and close remain operator-gated. Every detection, response, and remediation action is five-gate governed, cryptographically signed, and Merkle-anchored.

  • Scheduled detection → finding → incident lifecycle
  • Per-tenant Autonomous Action Manifest with per-hour ceilings
  • On-call escalation with SLA teeth on out-of-scope actions
  • Signed NIS2 / DORA / SOC 2 compliance packs on close
  • HCE Ω-breach auto-disable + transparency-log anchored proof

Same protocol. Same five gates. Same Merkle-anchored proof. The governance standard does not change between modes — only the level of human involvement. Every mode produces identical, independently verifiable proof bundles.

This is not a chatbot.
This is not an agent framework.

OpenClaw Starter is the execution layer for autonomous AI systems.

Agents don't just generate text — they take actions: sending emails, rotating keys, deploying systems, coordinating workflows.

OpenClaw ensures every action is evaluated, controlled, and provable before it executes.

What your agent can do
  • Spawn sub-agents to parallelize work
  • Delegate tasks across execution chains
  • Coordinate tools across infrastructure, identity, and memory
  • Persist state across sessions
  • Act continuously via schedules and events
What the system guarantees
  • Every action evaluated through five governance gates
  • Human approval enforced when required
  • Execution cryptographically bound to authorization
  • Full audit trail anchored in a Merkle transparency log
  • No silent failures. No invisible drift.

Autonomy without governance is risk.
Governance without autonomy is useless.

OpenClaw gives you both — systems that can act independently, and guarantees that every action is justified, controlled, and provable.

01 — Sovereign Memory

Memory that proves itself.
Rules that don't drift.

An agent that runs thousands of tasks per week is only as trustworthy as the memory underneath it. Most platforms gave their agents a notebook. We gave ours a ledger — and a constitution. This is the strategic foundation every other capability on this page sits on top of.

Pillar 01 · Atomic Institutional Memory

A ledger, not a notebook.

Every fact the agent learns and every decision it makes is anchored as a leaf on the same transparency log that gates its tool calls. Recall is newest-first by construction — not best-effort sorting at display time. If the index isn't fully consistent yet, the system says so out loud instead of returning a partial guess.

  • Newest-first retrieval at any volume — thousands of executions don't hide the latest ones
  • Truth over availability — partial views are refused, not faked
  • Every memory write is a signed leaf in the same Merkle log as governance decisions
  • Tampering surfaces immediately through daily integrity checks
Pillar 02 · The Signed Rulebook

Your preferences. Enforced as a contract.

Most agents try to remember how you want things done. Ours executes a signed rulebook — the policies, preferences, and approvals you've established become a versioned, cryptographically committed contract that the agent is bound to. The agent doesn't drift between sessions. It doesn't quietly relearn. It runs the rulebook you signed.

  • Preferences and approvals are committed to the same governance chain
  • Every rulebook change is a signed amendment with a verifiable history
  • Autonomous runs prove which rulebook version they executed against
  • Roll back to any prior rulebook with a full audit trail
Portable identity

Your agent's memory and rulebook export as a single sovereign bundle. Move it between environments. Your institutional memory is yours — not stranded inside someone else's product.

Time-indexed timeline

Every memory entry, every rulebook amendment, every governed decision lives on the same timeline. One scrub bar across what the agent knew, what it was allowed to do, and what it actually did.

Regulator-ready

When the question becomes “how do you know?”, the answer isn't a screenshot. It's a verifiable proof chain pointing at the exact memory leaf and the exact rulebook clause the agent acted on.

shield
Foundation for SOC Mode

Multi-agent security operations are only as defensible as the memory and rulebook beneath them. SOC Mode — now live — inherits exactly this substrate: a tamper-evident memory of every detection and every response, and a signed rulebook of escalation policies that no agent (and no operator) can quietly redraft. The same proof model that anchors a single agent today scales to a coordinated fleet under continuous five-gate governance.

Independently Verifiable

Three classes of proof.
One verifier. Zero accounts.

Three signed leaf classes are now exposed on the public verifier surface, all anchored in the same Merkle transparency log. Walk any of them from any browser at /verify/ — no account, no SDK. Hash lookup hits a public read-only endpoint; every cryptographic check (schema, leaf hash, intent hash, signature) runs client-side in your browser via the Web Crypto API against the public JWKS.

Leaf Class 01

GOVERNANCE_ENVELOPE_V1

Every five-gate decision the platform admits or refuses. The signed receipt that binds an authorization to a specific tool call, policy version, and rulebook clause.

  • One leaf per governed action
  • Anchors gate decisions G1–G5
  • Hybrid Ed25519 signature
Leaf Class 02

WORKBENCH_AUDIT_EXPORT_V1

Signed compliance packs from SOC Mode investigations. The regulator-grade NIS2 / DORA / SOC 2 writeups, sealed at incident close with a hash that pins every detection and response inside.

  • One leaf per closed incident
  • Pins every action manifest entry
  • Auditor-shareable, browser-verifiable
New
Leaf Class 03

AGTS_COGNITION_V1

Cognition leaves — the epistemic record of how the agent reached a decision. Chain-walk from the final admission back through every intermediate candidate to the governance envelope that authorized the deliberation.

  • Parent-hash chain across leaf classes
  • Schema, leaf, intent, signature checked independently
  • DEMONSTRATION leaves marked inadmissible by mode
Cognition tab — live, public, no account

Paste any leaf hash. Walk the chain. Watch schema, leaf hash, intent hash, and signature flip green — or red, on the tamper-test panel. Hash lookup is the only thing sent to us; every cryptographic verdict is computed in your browser, trusting nothing from our servers beyond the public JWKS.

Verify any leaf →

Same Merkle log. Same signing key. Same JWKS. Three leaf classes, one independent verification surface.

02 — What You Can Do

Real scenarios.
Real governance.

Deploy Safely

Agent evaluates deployment risk. Low risk deploys automatically. High risk requires human approval. Dangerous changes are blocked.

ADMIT → deploy automatically
REVIEW → require approval
REFUSE → block deployment
Rotate Secrets

Agent proposes key rotation. Governance requires approval. Execution is logged with cryptographic proof. Full audit trail.

1. Agent proposes rotation
2. G5 requires human sign-off
3. Execution recorded with proof
Automate Compliance

Scheduled agent scans systems on a cadence. Only alerts when governance detects risk. Every scan decision is provable and replayable.

Scheduled scans via SchedulerDO
Risk-tiered governance per action
Merkle-anchored audit trail

03 — The Execution Model

Controlled Execution.
Not a Chat Loop.

This is not request → response. This is a governed execution cycle where the agent plans, acts, evaluates outcomes, and continues — under enforced control.

Execution Model
  • Agent receives a goal
  • Builds a plan across tools and steps
  • Executes actions through governed tool calls
  • Evaluates results and adjusts strategy
  • Continues until completion or human decision
System Guarantees
  • No action executes without governance approval
  • Every decision produces a signed commitment
  • Execution is cryptographically bound to authorization
  • Failures trigger reflection, not blind retries
  • All steps are recorded in an immutable audit log
Execution Pipeline
INPUT → PLAN → GOVERN → EXECUTE → VERIFY → REFLECT → CONTINUE

Each stage produces a verifiable artifact: governance envelope, signed commitment, execution trace, and audit record.

Deterministic execution loop. No undefined behavior.

Beyond a Single Agent

The system does not stop at one loop.

  • Agents spawn sub-agents for parallel execution
  • Tasks are delegated across governed chains
  • Each sub-agent runs its own execution cycle
  • Results are merged into a final outcome
  • All delegation is cryptographically linked and auditable

This is how AI systems operate in production.

Not single responses — but continuous execution, coordinated actions, and verifiable outcomes.

04 — Five-Gate Governance

Five gates.
Every action.

G1
Statistical Confidence
H ≥ 0.40
Is the model confident enough to act?
G2
Causal Attribution
C ≥ 0.40
Can the action be traced to a cause?
G3
Regression Safety
E ≤ 0.60
Will this action make things worse?
G4
Evidence Integrity
SHA-256
Is the evidence chain intact?
G5
Human Authorization
Ed25519+SLH-DSA
Does a human need to approve?

All tiers use identical five-gate governance. The same cryptographic proof chain. The same transparency log.

05 — What This Replaces

One system.
Not six vendors.

The typical stack
  • Agent framework
  • Tool orchestration layer
  • Memory API
  • Guardrails / policy engine
  • Workflow system
  • Audit logging
OpenClaw

One governed execution system.

All six layers unified. Every action evaluated. Every outcome provable.

vs Chatbots

Chatbots generate text. OpenClaw governs real execution with proof chains.

vs Agent Frameworks

Frameworks let agents act. OpenClaw ensures every action is evaluated before it runs.

vs Guardrails

Guardrails filter output. OpenClaw governs the execution itself with cryptographic accountability.

06 — The 6-Layer Agent Stack

Every layer.
One governed platform.

AI agents need six infrastructure layers to operate in the real world. The industry is assembling these from dozens of point solutions — a sandbox vendor, an email startup, a memory API, a billing shim, and hand-rolled orchestration. OpenClaw Starter delivers all six, governed end-to-end.

L1
Infrastructure

11 Workers, health monitoring, VPN tunnels, distributed tracing, alerting pipeline

L2
Identity

Claw Passport (Ed25519 + PQC), sovereign mail, encrypted drive, peer-to-peer trust

L3
Governance

Five-gate firewall, BFT consensus, Merkle transparency log, policy management

L4
Memory

Atomic institutional memory — newest-first at any volume, notarized facts, complete or it doesn't ship

L5
Billing

HCE risk-tier pricing, log leaves = receipts, provisioning, budget controls

L6
Orchestration

Sub-agent spawning, cascading delegation, result merge, workflow templates

The industry approach

A sandbox vendor for compute. An email startup for identity. A memory API. A tool integration layer. A billing shim. Hand-rolled orchestration. Six vendors, six auth flows, zero governance between them. End-to-end reliability is the product of each layer's reliability — five layers at 99% each = 95%.

The OpenClaw approach

One platform. 64 governed tools. All six layers unified behind a single MCP Gateway. Every tool invocation passes through the same five-gate pipeline, produces the same cryptographic proof chain, and anchors in the same Merkle transparency log. No shims. No duct tape.

Recall vs Proof.

The memory gap most agent platforms still have

Mainstream agent memory is built to remember. Ours is built to prove. The difference shows up the moment an agent runs thousands of tasks, the moment a regulator asks “how do you know?”, and the moment you try to take your agent somewhere else.

Trust model
Best-effort recall
Cryptographically anchored proof
At high volume
Newest entries quietly missed
Newest-first at any volume
When uncertain
Returns a partial guess
Says “still indexing” — truth over availability
Ownership
Locked in a vendor SaaS
Portable agent identity, exportable history
Validated past 10,000 governed decisions Enterprise pilot — zero loss, real-time governance throughout.

07 — LLM Routing & Sovereign Headers

Choose your model.
Keep your governance.

L1 — Free Trial

Workers AI

Llama 3.1 8B inference at the edge, included free. No API keys needed. Every response governed through the five-gate pipeline.

@cf/meta/llama-3.1-8b-instruct
BYOK

AI Gateway

Bring your own API keys for OpenAI, Anthropic, or Google. Routed through Cloudflare AI Gateway with sovereign headers for governance inspection.

AES-GCM encrypted key vault
Enterprise

Managed

ObligationSign-provisioned keys with premium model access. Full SLA, dedicated support, unlimited governance events.

Contact sales for pricing

When OpenClaw Starter routes through the AI Gateway, every outbound request includes sovereign headers — the governance commitment hash, agent ID, and governance mode. The AI provider receives cryptographic context proving the request was governed before it was sent.

The same headers are used for BYOK and Managed tiers. The governance record is anchored before the LLM call is made.

Sovereign Headers
X-AGTS-Commitment-Hash: sha256:abc...
X-AGTS-Sovereign-Header: True
X-AGTS-Agent-Id: agent-xyz
X-AGTS-Governance-Mode: transparent

08 — Edge Architecture & Billing

100% edge.
Log leaves are the billing obligation.

11 Workers
Edge compute mesh
7 Durable Objects
Agent + chat state
64 MCP Tools
6-layer governed stack
AI Gateway
LLM routing
L1 — Free Trial
30 days
full stack access
Workers AI included. All 6 layers. No credit card.
L2 — Pay-as-you-govern
HCE
risk-tiered pricing per leaf
Low risk€0.08 / leaf
Medium risk€0.25 / leaf
High risk€0.50 / leaf
Enterprise
unlimited + SLA
Volume commitment. Dedicated support.

Higher governance risk = higher cost per leaf. Agents that stay compliant pay less. Economic incentive and governance constraint — mathematically unified via IEED.

09 — Quick Start

Three steps.
Governed AI.

01

Create an Agent

POST /v1/agents
{ "name": "my-agent" }
02

Connect via WebSocket

GET /v1/agents/:id/chat
Upgrade: websocket
03

Verify Governance

GET /v1/agents/:id/proofs/:hash
→ { leaf_hash, verdict }

Every Action.
Every Commitment.
Independently Verifiable.

Launch a dashboard. Deploy an agent. Watch it plan, govern, execute, and prove. 64 tools. One governed execution layer. One transparency log.