AIOps Claw is a build-time AI agent governance layer for self-built agents that connect through MCP. It helps teams define policy-as-code, validate actions before execution, log every governance decision, and keep recoverable snapshots before state changes. In practice, Claw gives engineering teams a consistent MCP governance control plane for custom agents instead of relying on prompt instructions alone.

Rail is designed to put guardrails around prebuilt or externally operated AI agents. Claw is for teams that are building their own agent workflows, tools, and execution pipelines. Rail focuses on runtime interception for governed use, while Claw extends governance into policy definition, preflight validation, action review, and AI audit readiness for custom agent development.

Policy-as-code means agent behavior is enforced through explicit, reviewable rules instead of informal team conventions. With Claw, those rules can describe which paths an agent may touch, what actions require snapshots, what operations must always be denied, and how approvals are recorded. This makes AI agent governance repeatable, testable, and portable across teams and environments.

The 18-tool layout separates foundational governance from Claw-specific policy workflows. Six tools come from the shared Rail governance model for scope declaration, permission checks, snapshots, and rollback. Twelve additional tools are specific to Claw and support policy definition, action validation, policy inventory, AI audit visibility, policy scanning, route inventory review, session health monitoring, subagent control, and webhook operations. The split keeps MCP governance understandable while covering the full lifecycle from planning to review.

Yes. Claw is designed for build-time and preflight control, so dangerous actions can be evaluated before an agent writes files, mutates data, or pushes changes into sensitive environments. Combined with Constitutional Constraints, it can block clearly prohibited actions even if a prompt or internal workflow tries to override them. That reduces the chance that a self-built agent silently drifts into unsafe behavior.

Claw supports AI audit by keeping a decision trail around policy evaluation, validation outcomes, snapshot events, and reviewable session context. Instead of only inspecting generated text, teams can examine what the agent attempted to do, what policy applied, whether the action was allowed or blocked, and what rollback point existed. That makes AI audit practical for engineering, security, and compliance reviews.

No. Constitutional Constraints are intentionally immutable. They exist to protect the environment even when a user, prompt, or agent chain requests something unsafe. For example, they can permanently deny access to secret files, protected system paths, or destructive production operations. This immutable layer is what gives Claw dependable AI agent governance rather than optional best-effort safety.

Start by registering an email, receiving the shared Rail and Claw API key, and adding the Claw MCP endpoint to your client configuration. The free tier includes 50 calls per month, access to all 18 MCP tools, core policy-as-code workflows, action validation, audit visibility, and shared authentication. Teams that need continuous delivery pipelines or larger production usage can move to a paid AIOps Live plan for unlimited usage.

Register structured YAML documents via define_policy. Each rule combines conditions (field, operator, value) with an action (allow, block, or defer). AND/OR compound conditions are supported, and risk levels (low, medium, high, critical) can be compared with gte/lte operators. Every update auto-increments the policy version, and you can roll back to any previous version.

Validates policy quality before registration. It detects four categories: (1) Contradicting rules — same conditions mapped to both allow and block, (2) Overly-permissive rules — allow rules with no conditions, (3) Uncovered dangerous patterns — 8 high-risk patterns (.env, /etc/passwd, SSH keys, secret files, etc.) not addressed by any rule, (4) Shadowed rules — rules that are unreachable because a higher-priority rule always matches first. The policy is not saved to D1, so it is safe to test freely.

When validate_action judges an action as high-risk, it returns DEFERRED instead of ALLOWED or BLOCKED. Agent execution pauses at that point and waits for a human decision. Use list_pending_approvals to review pending actions and approve_action to approve or deny each one. Approving resumes execution; denying blocks the action.

The confidence score is a 0-100 risk score in every validate_action response, calculated from 30+ pattern analyses. Scores ≥90 auto-escalate to defer mode. Webhooks — register an endpoint and secret via register_webhook to receive real-time HMAC-SHA256 signed notifications for events like tool_blocked, tool_deferred, and session_start/end. Use them to integrate with Slack, PagerDuty, or any internal dashboard.

The default concurrent execution limit is 5 agents. This limit can be changed via organization settings (Enterprise plan required). Calling register_subagent beyond the limit returns an error. You can also check the current number of running agents in the report_subagent_status response.