A permission isolation and collaborative governance solution for multi-Agent environments on OpenClaw single gateway

This solution adopts a "soft isolation" design. Please be aware of the following limitations:

• 🔓 No Hard ACL Enforcement - Relies on Agent self-discipline and prompt constraints; technically Agents can access all directories
• 🤝 Trust-Based Model - Suitable for trusted environments, NOT for zero-trust/high-compliance scenarios
• 🚫 DO NOT USE for - Financial, military, medical, or other high-security requirement scenarios

For hard security guarantees, please use systems with mandatory access controls. See SECURITY.md for details.

When running multiple Agents in an OpenClaw single-gateway environment, how do you ensure:

• 🔒 Data Isolation: Each Agent's private data remains inaccessible to others
• 🤝 Collaboration Capability: Necessary cross-Agent communication and sharing
• 📊 Auditability: Operations are traceable and accountability is assignable
• ⚖️ Governance Mechanism: Conflicts have arbitration and violations have handling

This solution provides a complete governance framework from physical isolation to application-layer governance.

# 1. Clone this repository
cd ~/.openclaw

# 2. Copy template files
cp -r /path/to/this/repo/templates/* ./

# 3. Edit registry to configure your Agents
vim shared/AGENT_REGISTRY.md

# 4. Restart Gateway
openclaw gateway restart

一套面向个人和企业的 OpenClaw 单网关多 Agent 权限隔离与协作治理方案

本方案采用"软隔离"设计，请注意以下限制：

• 🔓 无硬 ACL 强制 - 依赖 Agent 自律和提示词约束，技术上 Agent 可访问所有目录
• 🤝 基于信任模型 - 适用于信任环境，不适用于零信任/高合规场景
• 🚫 请勿用于 - 金融、军工、医疗等高安全要求场景

如需硬安全保证，请使用具有强制访问控制的系统。详见 SECURITY.md。

在 OpenClaw 单网关环境下运行多个 Agent 时，如何确保：

• 🔒 数据隔离：各 Agent 的私有数据互不侵犯
• 🤝 协作能力：必要的跨 Agent 通信与共享
• 📊 可审计性：操作可追溯，责任可归属
• ⚖️ 治理机制：冲突有仲裁，违规有处理

本方案提供从物理隔离到应用层治理的完整解决方案。

# 1. 克隆本仓库到 OpenClaw 配置目录
cd ~/.openclaw

# 2. 复制模板文件（中文版本使用 templates-zh/）
cp -r /path/to/this/repo/templates-zh/* ./

# 3. 编辑注册表，配置你的 Agent
vim shared/AGENT_REGISTRY.md

# 4. 启动 Gateway
openclaw gateway restart

openclaw-multi-agent-auth/
├── README.md                    # This file / 本文件
├── LICENSE                      # MIT License
├── SECURITY.md                  # Security policy / 安全政策
├── CONTRIBUTING.md              # Contribution guidelines / 贡献指南
├── CHANGELOG.md                 # Changelog / 更新日志
├── SECURITY_AUDIT_REPORT.md     # Audit report / 安全性审计报告
├── docs/                        # English Documentation / 英文文档
│   ├── goal.md
│   ├── organizations.md
│   ├── architecture.md
│   ├── setup.md
│   └── usage.md
├── docs-zh/                     # 中文文档
│   ├── goal.md                 # 设计目标
│   ├── organizations.md        # 适用组织
│   ├── architecture.md         # 架构设计
│   ├── setup.md                # 设置方案
│   └── usage.md                # 使用指南
├── templates/                   # English Templates / 英文模板
│   ├── AGENT_REGISTRY.md
│   ├── AGENT_CONSTRAINTS.md
│   ├── GOVERNANCE.md
│   ├── AUDIT_BUFFER.md
│   ├── AUDIT_LOG.md
│   ├── COMPLIANCE_CHECKLIST.md
│   ├── AUDIT_MAINTENANCE_GUIDE.md
│   └── SOUL_WORKER.md
├── templates-zh/                # 中文模板
│   ├── AGENT_REGISTRY.md       # Agent 注册表模板
│   ├── AGENT_CONSTRAINTS.md    # 权限约束模板
│   ├── GOVERNANCE.md           # 治理规范模板
│   ├── AUDIT_BUFFER.md         # 审计缓冲模板
│   ├── AUDIT_LOG.md            # 审计日志模板
│   ├── COMPLIANCE_CHECKLIST.md # 合规检查模板
│   ├── AUDIT_MAINTENANCE_GUIDE.md # 维护手册模板
│   └── SOUL_WORKER.md          # Worker SOUL 模板
├── examples/                    # English Examples / 英文示例
│   ├── personal-3-agents/
│   └── enterprise-10-agents/
└── examples-zh/                 # 中文示例
    ├── personal-3-agents/      # 个人3 Agent示例
    └── enterprise-10-agents/   # 企业10 Agent示例

MIT License - See LICENSE file / 详见 LICENSE 文件

Issues and PRs are welcome! / 欢迎提交 Issue 和 PR！

See CONTRIBUTING.md for details. / 详见 CONTRIBUTING.md

This solution is based on best practices from the OpenClaw community. / 本方案基于 OpenClaw 社区的最佳实践总结而成。