Before destructive actions
Intercept deletes, bulk edits, payment calls, migrations, and risky shell commands before they execute.
Built for OpenClaw users
Give OpenClaw a kill switch before it gets hands.
HaltState sits between autonomous agents and the tools they call. Let OpenClaw read, plan, and act, while HaltState AI creates the right starter policies and checks them before anything destructive executes.
No YAML required. Generate policies with HaltState AI, ask the in-site support agent to help create them, then review, accept, and enforce them.
generated policy drafts
review, accept, enforce
[
{
"name": "Require approval for shell commands",
"action_pattern": "shell.*",
"effect": "APPROVAL_REQUIRED",
"priority": 80
},
{
"name": "Block dangerous shell commands",
"action_pattern": "shell.*",
"effect": "DENY",
"conditions": [
{"path": "params.command", "op": "matches", "value": "rm -rf|mkfs|dd if="}
],
"priority": 95
},
{
"name": "Block file deletion outside allowed paths",
"action_pattern": "file.delete",
"effect": "DENY",
"conditions": [
{"path": "params.path", "op": "not_matches", "value": "^/safe-agent-workspace/"}
],
"priority": 90
}
]OpenClaw makes agents useful. HaltState makes them survivable.
The moment an agent can touch your shell, inbox, cloud account, or database, prompt instructions stop being enough. HaltState gives you a control point outside the model, and its AI can create the starter policies for you.
When prompts get weird
Prompt injection, confused goals, and tool hallucinations become policy decisions instead of live incidents.
After something happens
Proof Packs preserve what the agent saw, what it attempted, who approved it, and what actually ran.
The OpenClaw control pattern
Connect OpenClaw tool calls to HaltState. The system can generate starter policies from a wizard, AI suggestions, or the in-site support agent, then the runtime enforces accepted policies before tools execute.
1
OpenClaw proposes a tool call
Delete a message, run a command, modify a repo, update a database, or call an API.
2
HaltState evaluates accepted policies
Policies match the action pattern, params, resource, account, dollar amount, actor, and current incident mode.
3
The runtime blocks, allows, or asks
Safe calls continue. Risky calls wait for approval. Forbidden calls never reach the target system.
4
The proof is saved
Every decision becomes an audit record for debugging, compliance, and incident response.
Policies HaltState can create for OpenClaw
Tell HaltState what OpenClaw can access and how cautious you want to be. HaltState AI drafts the policies; you review, accept, edit, or dismiss them.
No silent deletion
Require approval before deleting email, files, cloud objects, database rows, or tickets.
Safe shell boundary
Allow commands inside a sandbox folder. Block recursive deletes, credential reads, and production paths.
Money needs a human
Require approval before payments, paid API calls, ad spend, cloud scaling, or vendor changes.
Database guard
Block destructive SQL and migrations unless a break-glass flow is explicitly approved.
Secrets stay sealed
Deny attempts to read keys, tokens, password stores, and environment files outside approved contexts.
Incident mode
Flip a global stop to block all agent writes while you inspect what happened.
Support-agent setup
Use the site chat support agent to help turn your OpenClaw setup into policy drafts inside HaltState.
Did OpenClaw already delete, send, spend, or run something?
Use the emergency checklist first. Stop the agent, rotate exposed secrets, preserve logs, and lock the risky integration before you restart automation.