Appendix C. Cedar authorization with OpenClaw agents
This appendix provides hands-on demonstrations of the authorization patterns introduced in chapter 18. These examples show how Cedar policies can shape agent behavior during execution, planning, and delegation.
The demonstrations use OpenClaw, an open-source framework for tool-using language model agents, together with a lightweight Cedar policy decision point (PDP). The goal is not to build a production system, but to make the architectural ideas from chapter 18 concrete and observable.
You will run three demonstrations:
- Reactive authorization—the agent attempts actions and adapts to permit or deny decisions
- Constraint-aware planning—the agent queries policy constraints before acting
- Delegation as data—a main agent grants a subagent a restricted subset of its authority
Together, these examples show how authorization becomes part of the agent’s runtime behavior.
The demonstrations correspond directly to the patterns described in chapter 18:
- Section 18.3—policy-aware agent loop
- Section 18.4—policy constraints guiding planning
- Section 18.6—delegation and subagents
Each demo builds on the previous one. You should run them in order.
Note
The examples in this appendix make use of the GitHub repository openclaw-cedar-policy-demo (https://github.com/windley/openclaw-cedar-policy-demo/tree/main)