← Back to Skills Marketplace
betterdataco

Loop Engine — Governed Loops for OpenClaw

by betterdataco · GitHub ↗ · v1.0.4 · MIT-0
cross-platform ✓ Security Clean
280
Downloads
1
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install loop-engine-governance
Description
Integrate Loop Engine with OpenClaw to enforce human approval, AI confidence checks, evidence capture, and immutable audit trails on workflow steps.
README (SKILL.md)

loop-engine-governance

Overview

loop-engine-governance adds policy enforcement to OpenClaw workflows by routing decisions through Loop Engine transitions and guards.

Modes of operation

Local governance mode (no external LLM provider)

  • Uses Loop Engine runtime, guards, and audit trail only.
  • No external LLM API calls occur in this mode.
  • Suitable for human-only and automation-only loop flows.

LLM-augmented mode (external provider calls enabled)

  • Enabled only when a provider adapter is explicitly configured.
  • Provider-backed examples call external APIs and may transmit prompt/evidence context to that provider.

Installation

# Core (required for all modes)
npm install @loop-engine/sdk @loop-engine/adapter-memory @loop-engine/adapter-openclaw

# Optional: provider-backed adapters (install only what you use)
npm install @loop-engine/adapter-anthropic @anthropic-ai/sdk
npm install @loop-engine/adapter-openai openai
npm install @loop-engine/adapter-grok

Configuration

  • Local mode requires loop definitions, storage, and guard registry configuration only.
  • Provider-backed mode additionally requires the corresponding provider adapter and API key.
  • External provider calls are activated by adapter usage (for example createOpenAIActorAdapter(...)), not by Loop Engine core alone.

Environment variables

Provider keys are required only for provider-backed examples:

Example Mode Required env var
example-expense-approval.ts local governance none
example-openclaw-integration.ts local governance + OpenClaw gateway none
example-ai-replenishment-claude.ts provider-backed (Anthropic) ANTHROPIC_API_KEY
example-infrastructure-change-openai.ts provider-backed (OpenAI) OPENAI_API_KEY
example-fraud-review-grok.ts provider-backed (xAI) XAI_API_KEY

Additional provider key used elsewhere in this repo:

  • GOOGLE_AI_API_KEY for @loop-engine/adapter-gemini examples and adapter usage.

External network and data flow

  • No provider adapter configured: no external LLM network calls.
  • Provider adapter configured: prompt/evidence context passed to createSubmission(...) may be sent to:
    • OpenAI (@loop-engine/adapter-openai)
    • Anthropic (@loop-engine/adapter-anthropic)
    • xAI Grok (@loop-engine/adapter-grok)
    • Google Gemini (@loop-engine/adapter-gemini)
  • OpenClaw integration (@loop-engine/adapter-openclaw) uses a WebSocket gateway connection (gatewayUrl, default ws://127.0.0.1:18789) for event forwarding.

Sensitive data guidance

  • Do not send raw PII, PHI, PCI, credentials, or other regulated data to provider-backed examples without review.
  • Redact, tokenize, or minimize sensitive fields before submitting evidence context.
  • Review provider retention, training, and contractual controls before production use.

Provenance

Package/source references

What this skill does

Wires Loop Engine into OpenClaw so that any workflow step can be governed by:

  • Human approval gates — transitions only a named human actor can trigger
  • AI confidence guards — block AI recommendations below a threshold
  • Evidence capture — attach structured context to every decision
  • Audit trail — every transition is attributed, timestamped, and immutable

How it works with OpenClaw

OpenClaw agent proposes action
        ↓
Loop Engine evaluates guards       ← @loop-engine/adapter-openclaw
        ↓
Human approves (if policy requires)
        ↓
OpenClaw executes the approved action

Guards are enforced at the runtime level — not in prompts.

How governance weighting works

Three types of weighting evaluated in sequence — all must pass:

1. Confidence threshold (numeric gate) Every AI actor submission carries a 0–1 confidence score. The guard blocks the transition if the score falls below the configured threshold.

2. Guard priority (hard vs soft) Hard failures block the transition regardless of everything else. A human-only guard is an absolute block — no confidence score overrides it.

3. Evidence completeness (structural gate) The evidence-required guard checks for specific fields before allowing a transition. Missing any required field blocks the transition.

Evaluation order:

1. Actor authorized for this signal?
2. Required evidence fields present?
3. Confidence score above threshold?
4. All hard guards pass?

Quick start (no API key required)

import { createLoopSystem, parseLoopYaml, CommonGuards, guardEvidence } from '@loop-engine/sdk'
import { MemoryAdapter } from '@loop-engine/adapter-memory'

const definition = parseLoopYaml(`
  loopId: approval.workflow
  name: Approval Workflow
  version: 1.0.0
  initialState: pending
  states:
    - stateId: pending
      label: Pending Approval
    - stateId: approved
      label: Approved
      terminal: true
  transitions:
    - transitionId: approve
      from: pending
      to: approved
      signal: approve
      allowedActors: [human]
      guards: [human-only]
`)

const system = createLoopSystem({
  storage: new MemoryAdapter(),
  guards: CommonGuards,
})

const loop = await system.startLoop({ definition, context: {} })

// Only a human actor can approve — AI and automation actors are blocked.
// guardEvidence strips PII fields and prompt-injection patterns before
// the evidence object is forwarded to any external LLM adapter.
await system.transition({
  loopId: loop.loopId,
  signalId: 'approve',
  actor: { id: 'alice', type: 'human' },
  evidence: guardEvidence({ reviewNote: 'Looks good' }),
})

Examples included

File Provider API key
example-expense-approval.ts None Not required
example-ai-replenishment-claude.ts Anthropic Claude ANTHROPIC_API_KEY
example-infrastructure-change-openai.ts OpenAI GPT-4o OPENAI_API_KEY
example-fraud-review-grok.ts xAI Grok 3 XAI_API_KEY

All examples use synthetic data. Do not use real PII or regulated data without reviewing your provider's data processing agreements.

Evidence sanitization

All evidence objects must be guarded before being forwarded to external LLM adapters. guardEvidence (exported from @loop-engine/sdk) enforces three rules at the skill boundary:

  1. PII field blocking — fields whose names match known PII patterns (ssn, email, phone, dob, password, token, healthrecord, mrn, and 20+ others) are dropped before forwarding.
  2. Prompt injection stripping — string values beginning with role prefixes (system:, user:, assistant:) are stripped to prevent instruction injection via evidence payloads.
  3. Value length cap — string values are truncated at 512 characters to prevent context stuffing.

Always wrap caller-supplied evidence with guardEvidence() before passing it to system.transition(). The Quick Start above shows the correct pattern.

Security notes

  • Local governance mode runs without external LLM provider calls.
  • Provider-backed mode requires explicit adapter activation and the corresponding API key.
  • Evidence and prompt context can leave the local environment only in provider-backed mode.
  • This skill does not claim compliance certifications or data-processing guarantees.

Documentation

https://loopengine.io/docs/integrations/openclaw

License

MIT-0 — free to use, modify, and redistribute. No attribution required.

@loop-engine/* packages: Apache-2.0 Provider SDKs: licensed by their respective maintainers

Usage Guidance
This skill appears to do what it says: govern OpenClaw workflows and optionally call third‑party LLMs if you install and configure provider adapters. Before using it: (1) only enable provider-backed adapters if you are comfortable sending the evidence/prompt context to that provider — redact or tokenize PII/PHI/credentials first; (2) verify the npm packages and their maintainers (check the referenced GitHub canonical repo and the @loop-engine packages on npm) to ensure you trust the source; (3) do not paste real sensitive production data into the example scripts or run provider-backed examples with real API keys until you audit retention/training policies of the provider; (4) if you want purely local governance, run the local-mode examples (they do not make network calls). If you need higher assurance, ask for the upstream repository commit hashes or a signed release to validate provenance.
Capability Analysis
Type: OpenClaw Skill Name: loop-engine-governance Version: 1.0.4 The loop-engine-governance skill bundle provides a framework for implementing human-in-the-loop approvals and AI-driven guardrails within OpenClaw workflows. The code and documentation (SKILL.md) focus on policy enforcement, evidence sanitization, and audit trails. While the skill handles sensitive API keys for external LLM providers (OpenAI, Anthropic, xAI) and transmits context to them, this behavior is transparently documented as its primary purpose and includes explicit security guidance for PII redaction. No evidence of malicious execution, unauthorized data exfiltration, or prompt injection was found across the example files or documentation.
Capability Assessment
Purpose & Capability
Name/description match the shipped artifacts: examples and SKILL.md implement Loop Engine governance for OpenClaw and include provider-backed adapters where explicitly documented. The files only require LLM API keys for the provider-backed examples, which is proportional to the described functionality.
Instruction Scope
SKILL.md and example code clearly distinguish local (no external calls) vs provider-backed modes. Provider-backed examples will send prompt/evidence context to third‑party LLM providers (OpenAI, Anthropic, xAI, Google Gemini) when you install and configure those adapters — this is expected behavior but has data-exposure implications; the documentation repeatedly warns to redact sensitive data.
Install Mechanism
This is instruction-only (no automatic installer). The documented install steps use npm packages from public registries (moderate risk typical for Node examples). There are no downloads from untrusted URLs or extract/install steps embedded in the skill bundle.
Credentials
No global required environment variables are declared; examples require provider keys only when using provider-backed adapters (OPENAI_API_KEY, ANTHROPIC_API_KEY, XAI_API_KEY, GOOGLE_AI_API_KEY). Those requests are proportional to doing LLM calls. No unrelated secrets or system config paths are requested.
Persistence & Privilege
Flags show no forced 'always' installation and autonomous invocation is the platform default. The skill does not request system-wide configuration changes or extra privileges in its files.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install loop-engine-governance
  3. After installation, invoke the skill by name or use /loop-engine-governance
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.4
loop-engine-governance 1.0.4 - Updated documentation for clarity on local vs provider-backed (LLM) governance modes. - Expanded environment variable and provider adapter usage guidance. - Improved explanations of network/data flow, provenance, and security for sensitive data. - Installation and configuration instructions restructured for ease of understanding. - No functional or code changes; documentation only.
v1.0.3
- Clarified Grok example now does not require the "openai" npm package. - Updated quick start to demonstrate use of guardEvidence() for evidence sanitization. - Added section describing how guardEvidence strips PII, injection patterns, and enforces length limits. - Improved documentation and warnings about handling evidence and sensitive data for production. - No code changes; documentation only.
v1.0.2
- Added new example: example-openclaw-integration.ts demonstrating OpenClaw integration. - No changes to core logic or other documentation.
v1.0.1
- Improved documentation: new sections on maintainer info, licensing, and required environment variables. - Clarified API key usage and provided security guidance; outlined data flows to LLM providers. - Listed included examples, credentials needed per provider, and installation instructions for each. - Added detailed explanation of governance weighting (confidence thresholds, guard priority, evidence completeness). - Expanded information on audit trail, actor types, guard evaluation order, and compliance considerations.
v1.0.0
Initial release of loop-engine-governance. - Add governed decision loops to any OpenClaw workflow with human approval gates, AI confidence guards, evidence capture, and immutable audit trails. - Integrate Loop Engine with OpenClaw to enforce runtime policies across workflow steps without changing agent logic. - Supports named human actor approvals and AI-based thresholds for transition guards. - Provides install instructions, quick start code, and real-world use case examples. - Documentation and licensing details included.
Metadata
Slug loop-engine-governance
Version 1.0.4
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 5
Frequently Asked Questions

What is Loop Engine — Governed Loops for OpenClaw?

Integrate Loop Engine with OpenClaw to enforce human approval, AI confidence checks, evidence capture, and immutable audit trails on workflow steps. It is an AI Agent Skill for Claude Code / OpenClaw, with 280 downloads so far.

How do I install Loop Engine — Governed Loops for OpenClaw?

Run "/install loop-engine-governance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Loop Engine — Governed Loops for OpenClaw free?

Yes, Loop Engine — Governed Loops for OpenClaw is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Loop Engine — Governed Loops for OpenClaw support?

Loop Engine — Governed Loops for OpenClaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Loop Engine — Governed Loops for OpenClaw?

It is built and maintained by betterdataco (@betterdataco); the current version is v1.0.4.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments