Rules of Engagement
rulesofengagement.dev

Policy for what an agent may not do.

Rules of Engagement (ROE) is a policy framework for AI agents focused on restraint: deny, escalate, or allow actions before tool execution, with human-readable reasoning and fail-closed defaults.

Read the whitepaper Browse patterns View source docs GitHub ↗
live policy example
name: financial-actions-standing
version: 0.1.0
doctrinal_basis: CJCSI 3121.01B standing-vs-special ROE
rules:
  - id: escalate-refund-approved-ticket
    applies_to:
      action_class: financial.refund
    decision: escalate
    escalation:
      requires: human_approval
      via: finance-ops
    reasoning: >-
      Refund request for order ${order_id} must be approved by a human
      before execution.

What is this?

ROE is not another agent framework and not an observability layer bolted on after the fact. It sits in the decision path between intent and execution, where a pending action can still be governed.

The design goal is narrow on purpose: encode restraint. A policy can say this action class is denied, this action class requires approval, or this action class is allowed when conditions hold. If no rule authorizes the action, the engine denies it by default.

That posture is different from “best effort” safety filters. It is closer to operational policy: machine-readable rules, deterministic evaluation order, and reasoning that an operator can understand quickly when a workflow pauses or blocks.

The doctrinal inspiration is military Rules of Engagement, but the implementation is technical and modern. The software borrows the discipline of authorization boundaries, escalation, and proportionality without borrowing the aesthetics of command posters or “tactical” marketing.

Action interception flow Agent intent is evaluated by the ROE engine, checked against loaded policies, then routed to allow, deny, or escalate enforcement. 1 · agent forms intent tool call, parameters, context, originating input 2 · ROE engine receives serializes the action into an ActionIntent 3 · loaded policies deny → escalate → allow default deny if nothing matches allow escalate deny enforcement surface OpenClaw hook blocks, permits, or pauses the action based on the ROE decision. Action interception flow Agent intent is evaluated by the ROE engine, checked against loaded policies, then routed to allow, deny, or escalate enforcement. 1 · agent forms intent tool call, parameters, context, originating input 2 · ROE engine receives serializes the action into an ActionIntent 3 · loaded policies deny → escalate → allow · default deny if nothing matches allow escalate deny enforcement surface · OpenClaw blocks, permits, or pauses the action
engine

Deny → escalate → allow

A deterministic precedence stack with a documented default deny. No hidden classifier deciding after the fact.

adapter

OpenClaw-first interception

The current integration model serializes pending tool calls into an ActionIntent before execution, then returns allow, deny, or require approval back to the host.

policy

Standing templates with doctrinal grounding

v0.1 starts with three standing templates for financial actions, external automations, and destructive filesystem behavior.

See the templates

quickstart

Start from policy, not persuasion.

The initial release is still in active development, but the site mirrors the intended install and integration shape.

pnpm add @rules-of-engagement/core

# OpenClaw adapter install path (planned v0.1)
openclaw plugins install @rules-of-engagement/openclaw-plugin

# evaluate an action intent
import { evaluate } from '@rules-of-engagement/core';
import policy from './financial-actions-standing.roe.yaml';

const decision = evaluate(intent, [policy]);
// allow | deny | escalate
Docs index Patterns library Whitepaper Site repository ↗

Use the docs index for source files, the pattern library for concrete policy templates, or the whitepaper for the full framework write-up.