[ucsandman]

One design question I ran into was where governance should actually live in an agent stack.

If you put guardrails inside the prompt, the model can ignore them.

If you put them inside the agent framework, they can be bypassed.

DashClaw tries to solve this by intercepting actions instead of prompts. The agent can reason however it wants, but execution goes through a policy layer.

Curious how others are approaching this.

[dreadpirates]

Good framing on where governance should live. Intercepting actions outside the prompt and outside the framework is the right call, the model and the orchestrator are both untrusted surfaces. We took the same approach for spend specifically at nornr.com: agent requests a mandate before committing money, policy decides approve/queue/block at the infrastructure layer, every decision gets a signed receipt. Curious whether DashClaw distinguishes between 'read' actions and 'actions that cost money' — that's where we found the policy logic gets interesting.