LawClaw – Constitutional governance for AI agents (MIT)

Name: LawClaw – Constitutional governance for AI agents (MIT)
Availability: InStock
Author: nghiahsgs

by nghiahsgs·Feb 22, 2026·2 points·1 comment

Visit Project View on HN

AI Analysis

●●●BangerBig BrainSolve My ProblemZero to One

Constitutional governance for AI agents beats prompt injection with pre-execution enforcement.

Strengths

•Pre-judicial enforcement (before execution, not after) genuinely novel compared to post-hoc monitoring
•Plain markdown laws layer is human-readable and git-diffable, avoiding custom DSL complexity
•Separation of powers model borrowed from governance is conceptually elegant and systematic

Weaknesses

•Limited to Telegram bot demo; unclear how well this scales to production agents with complex tool chains
•No evaluation against adversarial prompts or real-world jailbreak attempts shown yet

Post Description

Most AI agents today run with unchecked access to tools like shell execution, database writes, and arbitrary HTTP calls. There's no systematic way to constrain what they can do before execution happens. You're essentially giving a new employee root access and no employment contract.

LawClaw applies a separation-of-powers model to agent governance — borrowing from constitutional design to create layered, enforceable rules.

Three layers:

Constitution: Immutable core rules embedded in the system prompt. The agent cannot override these regardless of user instruction.

Legislature: Detailed behavioral laws written as plain markdown files. Human-readable, git-diffable, no custom DSL. Change the law by editing a file and committing.

Pre-Judiciary: Automated enforcement that runs before tool execution, not after. It inspects the LLM's intended action and blocks it if it violates law. Think traffic cameras, not courtrooms. This is where "rm -rf /", "DROP TABLE", and "curl | bash" get intercepted.

Because the governed "society" has exactly one citizen (the agent), there's no need for an Executive branch — enforcement is fully automated.

What ships with it:

- Telegram bot interface - Multi-provider LLM support (OpenRouter, Z.AI, Claude Max proxy) - Cron job scheduling - Full audit trail of every action attempted and whether it was allowed or blocked - Runtime tool ban/approve without restart

The governance layer itself is just markdown. If you want to prohibit file deletions in production paths, you write a markdown file that says so. The Pre-Judiciary reads it, parses the constraint, and enforces it before any tool fires.

This started as a practical response to a real problem: we needed to deploy agents with meaningful autonomy but couldn't accept unconstrained tool use. The constitutional framing turned out to be a useful mental model for reasoning about agent permissions and audit.

GitHub: https://github.com/nghiahsgs/LawClaw

MIT licensed. Early stage. Interested in feedback from anyone running agents in production, particularly on the Pre-Judiciary enforcement model and whether the constitutional framing maps well to other agent architectures. Security researchers welcome — the threat model for agents bypassing their own governance is worth scrutinizing.

Similar Projects

Developer Tools●●Solid

Core – Constitutional governance runtime for AI coding agents

Constitutional enforcement blocks AI agent violations at runtime, but unclear if practical for most teams.

Big BrainBold Bet

DNewecki

123mo ago

Security●●Solid

Sanna – Enforce AI agent constitutions with cryptographic receipts

Governance rules live in version-controlled YAML and can be applied either by decorating functions with @sanna_observe or by dropping a gateway between an MCP client and downstream tools. It emits portable Ed25519-signed receipts you can persist and verify, which is a neat, practical way to build an auditable trail — the tough part will be ecosystem adoption around MCP and agent integrations.

Big BrainNiche Gem

nicallen

114mo ago

Developer Tools●●Solid