OpenClaw with ArmorIQ
Plugin Setup

Running & Testing

Start the gateway and test ArmorIQ intent verification

Running & Testing

Start the OpenClaw gateway and verify the ArmorIQ integration is working correctly.

Starting the Gateway

cd /path/to/aiq-openclaw

Build (if not already built)

pnpm build

Start the Gateway

# Development mode with verbose logging
node scripts/run-node.mjs --dev gateway
# Production mode
node scripts/run-node.mjs gateway
# Run in background
node scripts/run-node.mjs --dev gateway &

# Or with nohup
nohup node scripts/run-node.mjs --dev gateway > gateway.log 2>&1 &

Verify Startup

Expected console output:

[openclaw] Building TypeScript (dist is stale).
[plugins] IAP Verification Service initialized - Base URL: https://customer-api.armoriq.ai
[plugins] CSRG Verification URL: https://customer-iap.armoriq.ai
[plugins] CSRG /verify/action is ENABLED for cryptographic verification
[gateway] agent model: openai/gpt-4-turbo
[gateway] listening on ws://127.0.0.1:19001 (PID 12345)
[gateway/channels/telegram] [default] starting provider (@your_bot)

The gateway listens on port 19001 by default. Telegram integration starts automatically if configured.

Viewing Logs

Log Location

Gateway logs are written to:

/tmp/openclaw/openclaw-YYYY-MM-DD.log

Watch Logs in Real-time

# All logs
tail -f /tmp/openclaw/openclaw-*.log

# ArmorIQ-specific logs
tail -f /tmp/openclaw/openclaw-*.log | grep -E "ArmorIQ|armoriq|policy|Plan captured|verify-step"

Key Log Messages

Log PatternMeaning
ArmorIQ SDK initializedPlugin started successfully
Capturing planLLM received prompt, creating tool plan
Plan captured with N stepsLLM planned N tool actions
Requesting intent tokenAsking IAP for authorization
Intent token issuedIAP authorized the plan
verify-step requestVerifying a specific tool call
verify-step result: allowed=trueTool execution approved

Testing via Telegram

Connect to Your Bot

  1. Open Telegram
  2. Search for your bot (e.g., @my_openclaw_bot)
  3. Start a chat: /start

Test Basic Functionality

Send a simple message:

Hello, what can you do?

Expected: Bot responds with capabilities description.

Test Tool Execution

Send a prompt that requires tools:

Use web to find 3 Boston attractions and 2 restaurants. 
Use web_fetch to open at least 2 sources. 
Write a concise itinerary to aiqdemo/itinerary.md. 
Then read that file and send me a 5-bullet summary.

What Happens Behind the Scenes

When you send this prompt:

  1. ArmorIQ SDK initializes - Connects to IAP/backend
  2. Capturing plan - LLM reads prompt and decides tools
  3. Plan captured with 6 steps - LLM plans: web_search, web_fetch, write_file, read_file
  4. Requesting intent token - ArmorIQ asks IAP: "Can I execute this plan?"
  5. Intent token issued - IAP returns JWT with cryptographic proofs
  6. For each step:
    • verify-step request - ArmorIQ checks proof matches tool call
    • verify-step result: allowed=true - Token + policy allows execution
  7. Tools execute - web_search runs, files written, etc.
  8. Response sent - Bot replies with summary

Test Policy Commands

List Policies

Send to your bot:

Policy list

Expected response:

Policy version 1. No explicit rules. Default: allow all tools.

Meaning: With no rules configured, all tools are allowed by default.

Create a Policy

Policy new: block upload_file for payment data

Expected response:

✅ Policy created: policy1
- Action: block
- Tool: upload_file
- Data: payment data

Verify Policy Enforcement

  1. Create a blocking policy:

    Policy new: block write_file for payment data

  2. Try to trigger it:

    Write "credit_card=4111111111111111" to /tmp/test.txt

  3. Expected: Action should be blocked with policy violation message (detects PCI + PAYMENT data).

Reset Policies

Policy reset

Test Scenarios

Scenario 1: Web Search + File Write

Search for the top 3 programming languages in 2026 and write a summary to /tmp/languages.md

Watch logs for:

Plan captured with 2 steps
verify-step request tool=web_search
verify-step result tool=web_search allowed=true
verify-step request tool=write_file
verify-step result tool=write_file allowed=true

Scenario 2: Policy Blocking

# First, create blocking policy
Policy new: block all file operations

# Then try to write
Create a file test.txt with content "hello"

Watch logs for:

verify-step result tool=write_file allowed=false reason=Policy blocks...

Scenario 3: Multi-step Workflow

1. Search for Boston weather
2. Search for Boston events this weekend  
3. Write a travel guide to aiqdemo/boston-guide.md
4. Read the file and summarize in 3 points

Watch logs for:

  • Plan captured with 4+ steps
  • Multiple verify-step requests
  • All steps allowed=true

Stopping the Gateway

If running in foreground

Press Ctrl+C

If running in background

# Find the process
ps aux | grep gateway

# Kill it
pkill -f "node.*gateway"

# Or by PID
kill <PID>

Restart Gateway

pkill -f "node.*gateway"
sleep 2
node scripts/run-node.mjs --dev gateway &

Log Analysis

Successful Flow

19:55:39 [plugins] armoriq: planning with model openai/gpt-4-turbo
19:55:57 Capturing plan: llm=openclaw, prompt=[Telegram user prompt...]
19:55:57 Plan captured with 6 steps
19:55:57 Requesting intent token for plan with 6 steps
19:56:05 Intent token issued: id=75357..., expires=60.0s, stepProofs=12
19:56:21 [plugins] armoriq: plan check (cached token) tool=web_search steps=6 status=ok
19:56:21 [plugins] armoriq: verify-step request tool=web_search proofs=present
19:56:22 [plugins] armoriq: verify-step result tool=web_search allowed=true

Failed Flow (0 Steps)

19:06:30 Capturing plan: llm=openclaw, prompt=[...]
19:06:30 Plan captured with 0 steps

Cause: LLM didn't plan any tool actions. May need to rephrase prompt or check tool registration.

Policy Blocked

19:56:21 [plugins] armoriq: verify-step request tool=write_file
19:56:22 [plugins] armoriq: verify-step result tool=write_file allowed=false reason=Policy blocks write_file

Cause: Active policy prevented the tool execution.

Quick Reference Commands

# Start gateway
cd /path/to/aiq-openclaw
node scripts/run-node.mjs --dev gateway &

# Watch logs
tail -f /tmp/openclaw/openclaw-*.log | grep -E "Plan captured|verify-step|allowed"

# Stop gateway
pkill -f "node.*gateway"

# Rebuild and restart
pnpm build && pkill -f "node.*gateway" && node scripts/run-node.mjs --dev gateway &

Troubleshooting

Bot not responding

  • Check gateway is running: ps aux | grep gateway
  • Verify Telegram token in config
  • Check logs for errors: tail -50 /tmp/openclaw/openclaw-*.log

"Plan captured with 0 steps"

  • LLM didn't plan tools - try rephrasing prompt
  • Check model is set correctly (e.g., openai/gpt-4-turbo)
  • Verify API keys are valid

Policy commands not working

  • Check policyUpdateEnabled: true
  • Verify your user ID in policyUpdateAllowList
  • Restart gateway after config changes

Tools blocked unexpectedly

  • Run Policy list to check active policies
  • Run Policy reset to clear all policies
  • Check logs for specific block reason

Next Steps

✅ Gateway running and tested!

Proceed to Concepts to understand the architecture and verification flow in detail.

ArmorIQ Plugin Setup

Enable and configure the ArmorIQ plugin for intent verification

Concepts

Understanding ArmorIQ intent verification and policy enforcement

On this page

Running & TestingStarting the GatewayNavigate to Project DirectoryBuild (if not already built)Start the GatewayVerify StartupViewing LogsLog LocationWatch Logs in Real-timeKey Log MessagesTesting via TelegramConnect to Your BotTest Basic FunctionalityTest Tool ExecutionWhat Happens Behind the ScenesTest Policy CommandsList PoliciesCreate a PolicyVerify Policy EnforcementReset PoliciesTest ScenariosScenario 1: Web Search + File WriteScenario 2: Policy BlockingScenario 3: Multi-step WorkflowStopping the GatewayIf running in foregroundIf running in backgroundRestart GatewayLog AnalysisSuccessful FlowFailed Flow (0 Steps)Policy BlockedQuick Reference CommandsTroubleshootingBot not responding"Plan captured with 0 steps"Policy commands not workingTools blocked unexpectedlyNext Steps