Perimeter-Level Access Control (OpenClaw)

• Entity ID: ent-20260423-p3a000000002
• Type: pattern
• Scope: private
• Status: active

Description

OpenClaw's trust architecture: rather than evaluating safety per tool-invocation like Claude Code, OpenClaw places the trust boundary at the gateway perimeter using DM pairing codes, sender allowlists, and gateway authentication, with tool policy as configurable allow/deny lists per agent. Sandboxing (Docker/SSH/OpenShell backends) is opt-in and explicitly does not claim hostile multi-tenant isolation as a supported security boundary.

Key claims

• Claude Code vs OpenClaw: per-action vs perimeter safety
• Opposite bets follow from different trust models and deployment topologies

Relations

• OpenClaw --[contains]--> Perimeter-Level Access Control (OpenClaw)
• Perimeter-Level Access Control (OpenClaw) --[contrasts_with]--> Architectural Convergence Thesis

Sources

src-20260423-0cff68d3291b