Protocol-Level Proof vs Inference-Time Guardrails
Guardrails (NVIDIA NeMo Guardrails, Guardrails AI, custom wrappers) filter what models say. Claw EA proves what agents did. These solve different problems and work well together.
Head-to-Head
| Dimension | Claw EA | Inference guardrails |
|---|---|---|
| Primary function | Proof of what happened (receipts + bundles) | Prevent harmful outputs (inference-time filtering) |
| Enforcement point | Gateway + tool boundary + policy engine | Model input/output layer |
| Evidence produced | Signed receipts, hash-linked event chain, proof bundle | Block/allow decision logs |
| Offline verifiable | Yes (Ed25519 + SHA-256) | No (requires platform access) |
| Policy model | Declarative WPC (signed, immutable, content-addressed) | Rule sets and classifiers (mutable) |
| Scope | Full execution lifecycle (model + tools + side effects) | Model I/O only |
| Tamper evidence | Merkle transparency log | Application logs (mutable) |
| Complementary | Yes: guardrails can run inside a Claw-receipted pipeline | Yes: output filtering + proof are orthogonal |
Different Layers, Different Questions
Guardrails answer: "Did the model output something harmful?" They operate at the inference layer, filtering or blocking specific patterns in model input and output.
Claw EA answers: "Can you prove what the agent did, where it ran, and under what policy?" It operates at the execution layer, producing cryptographic evidence of the full lifecycle.
An enterprise that deploys guardrails still cannot answer an auditor who asks "prove this agent only accessed approved systems." An enterprise that deploys Claw EA can, because every boundary crossing produces a signed receipt.
Using Them Together
The strongest posture combines both. Run guardrails inside a Claw-receipted pipeline: the guardrail filters harmful outputs, and the receipt chain proves the guardrail was active. A gateway receipt from clawproxy will capture that the model call was mediated, and the tool receipt will capture that the guardrail check ran.
Work Policy Contracts can enforce that guardrail middleware is required for specific models or use cases.