Agentic AI Security

Zedly Shield: Runtime Safety for Agentic AI

A compiled Rust daemon that enforces security policy for OpenClaw. Shield redacts PII, detects API keys, enforces content deny lists, and blocks dangerous tool calls — all locally. Sensitive data never passes through Zedly infrastructure.

For engineering leads, security teams, and compliance officers deploying agentic AI on sensitive workflows.

Create Free Account Install the Daemon

How Shield Enforces the Agent Lifecycle

Every tool call passes through the same five-step pipeline via Unix domain socket.

Agent Requests Tool Call

LLM decides to run exec, read, write, or HTTP

OpenClaw Routes to shieldd

Command sent via UDS socket to the daemon

Policy Engine Evaluates

Block / allow / redact based on rules

Command Executes (or Blocked)

Dangerous calls stopped, PII stripped from results

Log + Forward Event

Hash-chained JSONL + forwarded to dashboard

What Shield Does

Nine layers of runtime protection for agentic workflows.

🔒

PII Redaction

Emails, SSNs, and credit card numbers are detected and tokenized before they reach the model provider. Rehydration happens locally after the response returns.

Read the guide →
🛡️

Policy-Based Blocking

Block dangerous shell commands, restrict file write paths, and deny network access from unattended cron sessions. Rules match tool name and argument patterns.

Read the guide →

Human Approval Gates

Queue sensitive operations for human review before execution. Policy decides which tool calls need approval based on tool type, arguments, and session context.

Read the guide →
📋

Immutable Audit Log

Every event is a JSON line with a SHA-256 hash linking it to the previous event. Tamper with one line and the chain breaks. Generate technical evidence that supports your internal compliance and audit processes.

Read the guide →
📊

Fleet Dashboard

Manage multiple Shield instances from a single control plane. See events, blocks, and redactions across all deployments. Push policy changes from the cloud.

Read the guide →
👁️

Ops Visibility

Session runs with status, duration, and tool counts. Event timeline filterable by type. Cost tracking per job, tool, and model.

Read the guide →
🔑

API Key & Secret Detection

12 provider-specific patterns detect OpenAI, Anthropic, Google, AWS, GitHub, Stripe, and other API keys before they reach the model. Always on by default, zero configuration required.

Read the guide →
🚫

Content Deny Lists

Block or redact organization-specific keywords, project names, and regex patterns. Define what cannot leave your environment, whether that is a project codename or an internal document ID format.

Read the guide →
⚙️

Mandatory Execution Boundary

The Shield daemon (shieldd) is a compiled Rust binary that acts as the execution layer for shell commands. The agent cannot bypass it because it depends on it to run tools.

Read the guide →

Security Principles

How Shield earns trust in sensitive environments.

🏠
Local-first enforcement

Policies run on your machine. Sensitive content never transits through Zedly.

🔗
Tamper-evident logs

SHA-256 hash chain on every event. Modification breaks the chain.

🔐
Least-privilege controls

Block by default. Approve by exception. Scope by tool, path, and session.

Human approval gates

Sensitive operations queue for review before execution.

🗑️
No unnecessary retention

Only metadata forwarded to the cloud. Raw content stays on your machine.

More Than Redaction: Evidence-First Governance

OpenClaw has plugins for PII and command blocking. Shield adds what they don't: tamper-evident audit, prompt injection detection, and fleet visibility.

Tamper-evident audit trail

SHA-256 hash chain on every event. Exportable evidence for your internal compliance and audit processes. OpenClaw core declined a similar proposal; Shield ships it.

Prompt injection detection

30+ pattern-based scans on messages and tool results. Flag and warn before the model sees injected instructions. OpenClaw has an open request for this; Shield has it today.

Fleet visibility

One dashboard for all Shield instances. Event timelines, blocks, and redactions across every deployment. No other OpenClaw plugin offers cross-instance visibility.

Single binary, defense in depth

PII, shell blocking, prompt injection, approval gates, and audit in one compiled daemon. No Node.js, no plugin dependencies — just one binary.

Cloud Dashboard for Your Fleet

One place to see what every Shield instance is doing. View session runs, event timelines, policy blocks, and PII redactions across all deployments. The daemon forwards event metadata to the dashboard automatically.

  • Fleet-wide stats: instances, events, blocks, redactions
  • Session run table with status, duration, and tool breakdown
  • Event timeline filterable by type and session
  • Policy editor with save and sync to instances
  • API key management and instance provisioning
Zedly Shield dashboard showing event timeline with tool calls, redaction events, and policy hits

How It Compares

What you get with Shield vs. the alternatives.

Capability No Protection DIY Middleware Zedly Shield
PII redaction (email, SSN, credit card) None Build your own regex Built-in, on by default
Tool-call blocking None Custom hook code Policy-as-JSON rules
Human approval gates None Build approval queue Policy-based interception via daemon
Audit trail integrity Terminal scrollback Append-only log file SHA-256 hash chain
Multi-instance dashboard N/A Build from scratch Fleet view, per-instance drill-down
Install & upgrade N/A Manual deployment curl + systemctl / launchctl
Policy-as-code None Hardcoded logic JSON config, cloud-synced
API key / secret detection None Build your own regex 12 providers, on by default
Content deny lists None Hardcoded keyword lists Configurable keywords + regex
Mandatory execution boundary None N/A Rust daemon, cannot be bypassed

Get Started

Create your Shield instance, download the daemon, and see events in the dashboard within a minute.

1 Create your Shield instance

Create a free account, open the Shield dashboard, and create a new instance. Copy the API key it generates.

2 Download the daemon

# macOS (Apple Silicon) curl -fsSL -o ~/.openclaw/bin/shieldd https://zedly.ai/dl/shield/shieldd-latest-darwin-arm64 chmod +x ~/.openclaw/bin/shieldd # Linux (x86_64) curl -fsSL -o ~/.openclaw/bin/shieldd https://zedly.ai/dl/shield/shieldd-latest-linux-x86_64 chmod +x ~/.openclaw/bin/shieldd

Single binary, no Node.js or npm required. Also available from GitHub Releases.

3 Configure

# ~/.openclaw/shieldd.toml [forward] api_url = "https://zedly.ai/api/shield/events" api_key = "sk_shield_paste_your_key_here"

Write this to ~/.openclaw/shieldd.toml. All protections (PII redaction, shell blocking, audit logging) are on by default. The [forward] section is optional — it sends event metadata to the cloud dashboard.

4 Start as a service

# macOS launchctl load ~/Library/LaunchAgents/ai.zedly.shieldd.plist # Linux systemctl --user enable --now shieldd

Verify with shieldd status or curl http://127.0.0.1:4017/health. Events will appear in your dashboard immediately.

Upgrade later

# Download the latest binary and restart curl -fsSL -o ~/.openclaw/bin/shieldd https://zedly.ai/dl/shield/shieldd-latest-$(uname -s | tr A-Z a-z)-$(uname -m | sed 's/aarch64/arm64/;s/x86_64/x86_64/') chmod +x ~/.openclaw/bin/shieldd && shieldd status

New protections are enabled by default on upgrade. No config edits needed.

Using Zedly Setup? Shield is installed automatically during onboarding.

Shield Guides

Deep dives on each layer of agentic AI security.

How to Add PII Redaction to OpenClaw

Detect, tokenize, and rehydrate emails, SSNs, and credit card numbers before data leaves your environment.

8 min read

OpenClaw Tool Call Audit Log

Capture every agent action with structured event logging: tool name, arguments, result, and timing.

7 min read

OpenClaw Immutable Audit Log

Build a tamper-evident event chain with SHA-256 hashing. Detect tampering, export for compliance.

8 min read

Human Approval for Sensitive Actions

Add gates before tools execute. Policy-based blocking, argument-pattern matching, and structured audit events.

9 min read

OpenClaw Cron Run History Dashboard

Track every scheduled job: start time, duration, exit status, tool calls, and policy blocks.

7 min read

OpenClaw Tool Call History Dashboard

See what your agents actually do. Filterable timeline of every tool invocation across sessions.

7 min read

OpenClaw Cost Dashboard

Track agent spend by job, tool, and model. Spot runaway costs before they hit your invoice.

7 min read

OpenClaw DLP Data Loss Prevention

On-device data loss prevention for agentic AI. Three architectural approaches compared, with deployment guide.

12 min read

Frequently Asked Questions

What is Zedly Shield?
Zedly Shield is a compiled Rust daemon (shieldd) that provides local-first enforcement for agentic AI workflows. It runs alongside agent runtimes like OpenClaw to redact PII, block dangerous tool calls via policy, and produce tamper-evident audit logs. All policy enforcement and redaction happens on your machine — sensitive content never passes through Zedly infrastructure.
How does Shield integrate with OpenClaw?
Shield runs as a compiled Rust daemon (shieldd) alongside the OpenClaw Gateway. OpenClaw routes commands to the daemon via a Unix domain socket. The policy engine evaluates every tool call — blocking dangerous commands, redacting PII, and logging tamper-evident events — before the command executes. Configure with shieldd.toml and run as a system service.
Does Shield work with other agent frameworks?
Shield is built OpenClaw-first, using its UDS socket protocol. The daemon architecture is designed to support additional runtimes in the future, but OpenClaw is the only supported runtime today.
How does Shield compare to other OpenClaw security plugins?
OpenClaw has third-party plugins for PII redaction and command blocking. Shield adds tamper-evident audit trails (SHA-256 hash chain — OpenClaw core declined a similar proposal; Shield ships it), prompt injection detection (30+ patterns; no other solution offers this today), fleet visibility across instances, and a single compiled binary that combines PII, shell blocking, prompt injection detection, approval gates, and audit — no Node.js or npm required.
What data does Shield send to the cloud?
Shield sends event metadata (event type, tool name, session ID, timestamps, block/redact counts) to the Zedly cloud dashboard. It does not send prompt content, tool output, or document data. PII redaction happens locally before any data leaves the host. The cloud dashboard is optional; all events are also logged locally in JSONL format.
Is there a free tier?
The Shield daemon is open source and free to use. Local policy enforcement, PII redaction, and JSONL audit logging work without a cloud account. The cloud dashboard is available on all accounts, including free. Create a free account to get started.
How do I upgrade Shield?
Download the latest shieldd binary for your platform from zedly.ai/dl/shield/ or GitHub Releases, replace the existing binary at ~/.openclaw/bin/shieldd, and restart the service. New protections are enabled by default — no config edits needed.

Start Using Zedly Shield

Create a free account to access the dashboard, manage instances, and see events from your Shield daemon.

Create Free Account

Interested in fleet management, enterprise features, or policy packs?

You're on the list.

We'll reach out when enterprise access opens. In the meantime, install the daemon and start protecting your OpenClaw deployment locally.

No spam. We'll email you when enterprise features launch.

Related Solutions

📄

Private AI for Documents

Private-by-design document analysis with strict retention controls

 📋

AI Contract Extraction

Extract clauses and key terms with reviewable outputs

Protect Your Agentic AI Workflows Today

Install the daemon for free. Create your account to see events in the dashboard.

Install Zedly Shield Create Free Account