OpenClaw has launched a new opt-in "auto" mode for its host execution guardrails, designed to reduce approval prompt friction in Enterprise environments. While the existing "YOLO" mode allows commands to run without prompts and "Ask" mode requires manual approval for all policy misses, "auto" introduces an intermediate layer where commands are evaluated by a reviewer model before escalating to human intervention. Under this new configuration, deterministic safe commands run immediately, while requests that miss predefined policy are sent to an automated reviewer. If the reviewer model cannot confirm safety, or if the request is high-risk, ambiguous, or unparseable, OpenClaw routes the approval prompt to a human user. Users can configure the reviewer to operate separately from the main agent, allowing them to utilize powerful models like openai/gpt-5.5 specifically for security judgment while keeping daily tasks on local models.

The auto mode maintains strict adherence to existing host safety policies and local configurations; it does not override settings that mandate manual denial or universal approval requirements. When an approval is necessary, OpenClaw binds the request to specific context including the command plan, current working directory, and arguments. To prevent execution of altered requests, any change by the caller after an approval prompt is generated results in an automatic rejection. This system extends to communication platforms, allowing approval prompts to be routed directly into Slack, Telegram, or iMessage. This pattern mirrors the Guardian-reviewed flow used by OpenAI in its Codex harness, ensuring workspace safety for actions like network access or writes outside of a sandbox. The "auto" mode is currently available for public testing, with the developer noting that YOLO remains accessible for trusted or externally sandboxed environments.

OpenClaw has launched a new opt-in "auto" mode for its host execution guardrails, designed to reduce approval prompt friction in Enterprise environments. While the existing "YOLO" mode allows commands to run without prompts and "Ask" mode requires manual approval for all policy misses, "auto" introduces an intermediate layer where commands are evaluated by a reviewer model before escalating to human intervention. Under this new configuration, deterministic safe commands run immediately, while requests that miss predefined policy are sent to an automated reviewer. If the reviewer model cannot confirm safety, or if the request is high-risk, ambiguous, or unparseable, OpenClaw routes the approval prompt to a human user. Users can configure the reviewer to operate separately from the main agent, allowing them to utilize powerful models like openai/gpt-5.5 specifically for security judgment while keeping daily tasks on local models.

The auto mode maintains strict adherence to existing host safety policies and local configurations; it does not override settings that mandate manual denial or universal approval requirements. When an approval is necessary, OpenClaw binds the request to specific context including the command plan, current working directory, and arguments. To prevent execution of altered requests, any change by the caller after an approval prompt is generated results in an automatic rejection. This system extends to communication platforms, allowing approval prompts to be routed directly into Slack, Telegram, or iMessage. This pattern mirrors the Guardian-reviewed flow used by OpenAI in its Codex harness, ensuring workspace safety for actions like network access or writes outside of a sandbox. The "auto" mode is currently available for public testing, with the developer noting that YOLO remains accessible for trusted or externally sandboxed environments.