Workspace Governance

OpenClaw workspace governance plugin and prompts. Bootstrap, migration, audit, and boot apply.

Workspace Governance is the most comprehensive governance plugin in the OpenClaw ecosystem, adding a discipline layer that factory settings don't include. It enforces a write-before-read workflow (PLAN→READ→CHANGE→QC→PERSIST), produces traceable run reports for every workspace modification, and maintains an always-on governance anchor that survives automated cron and heartbeat runs. If you've ever had an OpenClaw agent overwrite a file it hadn't read, answer version questions from training data instead of checking live, or leave no trace of what changed — this plugin fixes all of that. The plugin provides a suite of slash commands for lifecycle management: /gov_setup quick for one-shot install/upgrade/migrate/audit, /gov_migrate to align workspace behavior with the latest governance rules, /gov_audit to run 12 integrity checks catching drift before it becomes a problem, and /gov_openclaw_json for safe platform config editing with backup, validation, and rollback. It also includes /gov_brain_audit for reviewing and hardening Brain Docs (AGENTS.md, SOUL.md) quality, and /gov_boot_audit for scanning recurring issues. With 218 automated regression tests covering the full operator lifecycle — from fresh install through upgrade, migration, audit, config editing, Brain Docs protection, failure recovery, and clean uninstall — this is one of the most rigorously tested community plugins. The risk-tiered gate system uses a 3-step escalation for high-risk writes: first a soft block with PLAN+READ reminder, second allows through, third and beyond hard-blocks. Media turn detection prevents governance instructions from polluting image/audio perception tasks. Optimized for OpenClaw v2026.3.7+ (full prependSystemContext always-on anchor, sessionId gate isolation, trigger detection), but compatible with older versions where governance hooks still fire. The plugin has 799 weekly downloads and is actively maintained with frequent releases (v0.2.9 released March 21, 2026). Available via both npm and ClawHub installer.

Tags: utility, governance, tool

Use Cases

  • Production OpenClaw deployments requiring audit trails for every workspace change
  • Teams sharing an OpenClaw workspace needing write discipline and handover records
  • Preventing agents from overwriting critical files without reading them first
  • Safe platform configuration editing with automatic backup and rollback
  • Brain Docs (AGENTS.md, SOUL.md) quality control and hardening
  • CI/CD environments where governance events need to be logged and verified

Tips

  • Always start with /gov_setup quick — it auto-runs check → install/upgrade → migrate → audit
  • Use /gov_audit regularly to catch drift before it compounds
  • Add _control/ACTIVE_GUARDS.md and _control/LESSONS.md reading to your AGENTS.md read-gate rules
  • Use /gov_openclaw_json instead of manually editing openclaw.json for safe config changes with rollback
  • Check the YouTube overview video for a 2-minute visual walkthrough
  • After applying any governance changes, close with /gov_migrate and /gov_audit
  • Use /gov_brain_audit to review Brain Docs quality with preview-first approval
  • Pin to specific versions in production rather than @latest

Known Issues & Gotchas

  • Must add the plugin to plugins.allow in openclaw.json — auto-append doesn't work in all builds
  • Run /gov_setup quick after every upgrade — don't skip migration
  • If you see 'Error: not in allowlist', manually edit plugins.allow before other commands work
  • The quiet-turn governance injection can interfere with media perception tasks on older versions
  • Uninstall requires running /gov_uninstall quick BEFORE removing the npm package
  • Brain Docs protection may flag legitimate edits to AGENTS.md or SOUL.md as risky
  • Governance rules in _control/ACTIVE_GUARDS.md must be read before writes — enforce this in your AGENTS.md
  • The ClawHub installer page and npm package are separate install paths — pick one

Alternatives

  • Deterministic Governance
  • Squad
  • Manual AGENTS.md rules

Community Feedback

OpenClaw agents act fast — sometimes too fast. This plugin adds the governance layer factory settings don't include: write-before-read enforcement, traceable run reports, and an always-on anchor that survives automated runs.

— GitHub

The deterministic state management is an aggregated mess. Generally, the abstraction between deterministics and non-deterministics is a mess.

— Reddit r/vibecoding

A secure OpenClaw implementation would look less like a plugin playground and more like a tightly sandboxed execution engine with a policy layer.

— Reddit r/LLMDevs

2-minute overview video demonstrates the governance flow from setup through audit — the PLAN→READ→CHANGE→QC→PERSIST workflow makes agent behavior predictable.

— YouTube

Frequently Asked Questions

What happens if I install the plugin but don't run /gov_setup?

The plugin will be loaded but governance rules won't be active in your workspace. Always run /gov_setup quick after installation to apply governance rules, migrate workspace files, and run the initial audit.

Will this plugin slow down my agent?

There's a slight overhead on each agent turn as write validation checks run. For most users this is imperceptible. The trade-off is predictable, auditable agent behavior vs. marginal speed loss.

Can I use this with cron and heartbeat runs?

Yes — the always-on anchor specifically survives automated runs. Governance rules stay active in cron and heartbeat sessions, which is one of the plugin's key differentiators.

How do I upgrade to a new version?

Run openclaw plugins update openclaw-workspace-governance in your terminal, restart the gateway, then run /gov_setup quick in chat. The setup command auto-detects whether to install, upgrade, or skip.

What are the 12 integrity checks in /gov_audit?

The audit verifies governance markers, migration state, config alignment, _control directory integrity, Brain Docs protection, guards read-gate compliance, and more. It catches drift before it compounds into issues.

Is there a video walkthrough?

Yes — a 2-minute overview video is available on YouTube showing the governance flow from setup through audit. Check the GitHub README for the link.

What if I want to uninstall the plugin?

Run /gov_uninstall quick in OpenClaw chat FIRST to clean up workspace governance files (with backup). Only then remove the npm package. The uninstaller creates a backup at archive/_gov_uninstall_backup_<timestamp>/.

Configuration Examples

Quick Setup (recommended)

# In terminal:
openclaw plugins install @adamchanadam/openclaw-workspace-governance@latest
openclaw gateway restart

# In OpenClaw chat:
/gov_setup quick

Manual Allowlist Fix

# Check current allowlist:
openclaw config get plugins.allow

# Add to allowlist:
openclaw configure
# In plugins.allow, append openclaw-workspace-governance

openclaw plugins enable openclaw-workspace-governance
openclaw gateway restart

Clean Uninstall

# In OpenClaw chat first:
/gov_uninstall quick
/gov_uninstall check  # optional strict verify

# Then in terminal:
openclaw plugins disable openclaw-workspace-governance
openclaw plugins uninstall openclaw-workspace-governance
openclaw gateway restart

Installation

openclaw plugins install @adamchanadam/openclaw-workspace-governance