AI automation for business operations -- with governance built in.
FixClaw is a pipeline engine written in Go that puts AI to work on real operations workflows (email triage, customer follow-ups, job classification) while enforcing token budgets, audit trails, input sanitization, and human-in-the-loop approval on every outbound action.
AI never executes. Deterministic code does.
git clone https://github.com/renezander030/fixclaw.git && cd fixclaw
cp secrets.yaml.example secrets.yaml # add your Slack + API keys
go build -o fixclaw . && ./fixclawDefine your pipelines in config.yaml, your prompts in skills/, and FixClaw handles the rest.
Operations teams use AI assistants for personal productivity. But when AI output touches customers, contracts, or compliance, you need more than a chatbot.
| Claude Dispatch | OpenClaw | FixClaw | |
|---|---|---|---|
| Purpose | Personal productivity | Personal AI agent | Business operations |
| Governance | Anthropic-managed | None | You own it: YAML pipelines, token budgets, audit trail |
| Human-in-the-loop | Pause on destructive actions | Optional | Every outbound action requires operator approval |
| Token budgets | None (subscription) | None | Per-step, per-pipeline, per-day limits |
| Prompt injection defense | Platform-level | None | Input sanitization + output schema validation |
| Data residency | Anthropic cloud | Self-hosted | Self-hosted. Your data stays on your infrastructure |
| Configuration | Natural language | Natural language | YAML. Deterministic, version-controlled, auditable |
Every pipeline run produces a verifiable audit trail:
- Token budgets -- per-step, per-pipeline, and per-day limits. Exceeding any budget halts the pipeline immediately. No silent overruns.
- Human-in-the-loop -- approval steps present AI output to the operator via Slack/Telegram with approve/edit/reject controls. Nothing leaves the system without explicit sign-off.
- Input sanitization -- operator input is scanned for prompt injection patterns, stripped of role markers and formatting that could break prompt boundaries. Rejected inputs are logged silently (no information leakage to attacker).
- Output validation -- AI output is validated against the skill's JSON schema. Type checks, range enforcement, required fields. Invalid output is rejected.
- Rate limiting -- per-user, per-minute limits on operator interactions prevent abuse.
- Channel security -- allowed user lists, input length limits, and markdown stripping are enforced at startup. The engine refuses to start without security configuration.
FixClaw runs pipelines. Each pipeline is a sequence of typed steps:
| Step type | What it does |
|---|---|
deterministic |
Plain code: fetch emails, filter, route, notify |
ai |
LLM inference with a skill template, budget-checked |
approval |
Human-in-the-loop: operator reviews before proceeding |
Example pipeline:
pipelines:
- name: email-digest
schedule: 30m
steps:
- name: fetch-unread
type: deterministic
action: email_unread
- name: summarize
type: ai
skill: email-digest
- name: report
type: deterministic
action: notify
Defines LLM providers, models, token budgets, and pipelines.
provider:
type: openrouter
api_key_env: OPENROUTER_API_KEY
base_url: https://openrouter.ai/api/v1
models:
haiku:
model: anthropic/claude-haiku-4-5
max_tokens: 1024
gpt-4o-mini:
model: openai/gpt-4o-mini
max_tokens: 1024
budgets:
per_step_tokens: 2048
per_pipeline_tokens: 10000
per_day_tokens: 100000Private values that stay out of version control. Copy secrets.yaml.example to get started.
YAML prompt templates in skills/. Each skill defines the system prompt, input variables, and optional output schema for validation.
# skills/classify-job.yaml
name: classify-job
system: |
You are a job classifier. Given a job posting, determine if it matches
the freelancer's profile. Return a JSON object with:
- match: boolean
- reason: string (one sentence)
- score: number (0-100)
input_vars:
- posting
- profile
output_schema:
type: object
required: [match, reason, score]fixclaw/
main.go # Engine: pipeline runner, operator bot, scheduler, guardrails
gmail.go # Gmail / Microsoft 365 integration (OAuth 2.0, read + send with HITL approval)
config.yaml # Pipelines, models, budgets, timeouts
secrets.yaml # Private config (operator IDs) -- gitignored
skills/ # Prompt templates with schema validation
MIT. See LICENSE.