wait I have a huge repo that's a platform for agents that acts as a firewall between agent actions and production systems. so you're saying I can have my agent platform be an agent on my agent platform?
this is cool, definitely going to look into it and probably try to integrate it with my opensource project. prompt injection keeps me up at night thanks for putting in some work trying to solve it.
Thanks! Checked out your project — really impressive work. The way I see it, our projects are complementary: FireClaw sanitizes inputs (is this content trying to hijack the agent?), yours governs outputs (should the agent take this action?). Together that's defense-in-depth.
We just shipped /api/scan in v1.1.0 which could plug into your policy evaluation — scan content before it enters the decision pipeline. Also now on Docker and npm (npx fireclaw) for easier integration.
Happy to brainstorm integration. Feel free to open an issue on our repo or reach out on GitHub.
One design question I ran into was where governance should actually live in an agent stack.
If you put guardrails inside the prompt, the model can ignore them.
If you put them inside the agent framework, they can be bypassed.
DashClaw tries to solve this by intercepting actions instead of prompts. The agent can reason however it wants, but execution goes through a policy layer.
Good framing on where governance should live. Intercepting actions outside the prompt and outside the framework is the right call, the model and the orchestrator are both untrusted surfaces. We took the same approach for spend specifically at nornr.com: agent requests a mandate before committing money, policy decides approve/queue/block at the infrastructure layer, every decision gets a signed receipt. Curious whether DashClaw distinguishes between 'read' actions and 'actions that cost money' — that's where we found the policy logic gets interesting.
