Back to HALMAI™
API DocsQuickstart
Developer SDKs

HALMAI™ Software Development Kits

Downloadable SDKs for integrating policy-gated authorization, governance enforcement, and cryptographic proof verification into your autonomous AI agents.

npm install @halm/kernel-sdk
npm install @halm/verifier-sdk
npm install @halm/edge-sdk
npm install @halm/edge

The primary integration SDK. Provides typed methods for authorizing AI agent actions, executing approved proposals, replaying decisions for audit, and querying the append-only audit event log. Every side-effect your agent produces passes through this gate.

Install

npm install @halm/kernel-sdk

Dependencies: Zero runtime dependencies beyond fetch

Capabilities

  • authorize() — policy-gated action authorization
  • execute() — bypass-proof execution guard
  • replay() — deterministic decision replay for audit
  • getAuditEvents() — append-only audit log query
  • Typed 4-status model (ALLOW / DENY / REQUIRE_HUMAN / HELD_FOR_VETO)
  • 9 action types (ledger:write, vault:write, policy:update, …)
  • Full error hierarchy (ExecutionDeniedError, DoubleExecutionError, …)

Exports

HALMClient, ActionType, AuthorizationStatus, ProposedAction, AuthorizationDecision, ExecutionResult, ReplayResult, HALMError, AuthenticationError, ExecutionDeniedError, DoubleExecutionError

Usage Example

typescript
import { HALMClient } from '@halm/kernel-sdk';

const halm = new HALMClient({
  baseUrl: 'https://your-tenant.halmai.ai',
  apiKey: process.env.HALM_API_KEY!,
});

// Authorize a financial action
const decision = await halm.authorize({
  type: 'ledger:write',
  payload: { amount: 5000, recipient: 'vendor-42' },
  context: { confidenceScore: 0.94, agentId: 'agent-7' },
});

if (decision.status === 'ALLOW') {
  const result = await halm.execute({
    proposalId: decision.proposalId,
  });
  console.log('Executed:', result.executionId);
}

How the SDKs Connect

Four packages — from cloud to silicon

Kernel SDK

Your agent calls authorize() and execute()

Sends requests to HALMAI™ API
HALMAI™ Cloud

Governance Kernel

Policy enforcement, budget gates, proof generation

Ed25519-signed proof packets

Verifier SDK

Auditors verify proofs independently

Zero-dependency offline verification
Industrial Control

Edge Kernel

trapAndSign() intercepts physical intents

HMAC-SHA256 signed motor commands
API calls
Proof packets
Signed commands

Pentagon Vertex Mapping

How each governance vertex translates from digital agents to physical actuators

Pentagon VertexDigital Agent ContextCyber-Physical (Robotics) Context
INVARIANTDo not mutate core logic.Do not exceed maximum physical torque or enter restricted spatial coordinates.
ECONOMYDo not exceed token budget.Do not consume more battery voltage than allocated for this movement.
RISKDo not execute prompt injection.Do not execute if the physical proximity sensor detects a human in the operating radius.
PROVENANCEVerify chain-of-custody for all data.Verify firmware signature and sensor calibration certificates before actuating.
CONSENTRequire human approval for critical actions.Require operator acknowledgment before high-torque or safety-critical movements.

If an embodied AI hallucinates and tries to swing a robotic arm through a wall (or a person), the kernel.trapAndSign() function will fail the RISK and INVARIANT gates. The HMAC signature will never be generated, and the physical motor will literally drop the command.

OpenClawLobeAdapter

Govern Open Claw agents through HALMAI™ constitutional tiers

The OpenClawLobeAdapter lets you register any Open Claw agent as a governed Lobe inside HALMAI™. Every tool call the agent attempts is routed through the full 3-tier Constitutional Gate before execution. The agent only acts if HALMAI™ approves.

1Register Your Agent

POST /api/v1/openclaw/register
Authorization: Bearer <tenant_api_key>

{
  "agent_name": "Supply Chain Optimizer",
  "domain": "FINANCE",
  "capabilities": ["wire_transfer", "aml_scan"],
  "agent_version": "1.2.0",
  "model_id": "neotron-v3"
}

Returns lobe_name and propose_endpoint for subsequent calls.

2Submit Tool Calls for Governance

POST /api/v1/openclaw/propose
Authorization: Bearer <tenant_api_key>

{
  "tool_call": {
    "id": "tc-9f3a2b",
    "tool_name": "execute_wire_transfer",
    "arguments": {
      "from": "treasury-ops",
      "to": "vendor-0x8c1f",
      "amount": 250000,
      "currency": "USD"
    },
    "agent_confidence": 0.92,
    "trigger_prompt": "Pay invoice #4821 to approved vendor"
  },
  "lobe_name": "openclaw-supply-chain-optimizer",
  "spend_amount": 1500
}

3Receive Governance Verdict

{
  "approved": true,
  "governance_token": "oc-gov-oc-tc-9f3a2b-x7f2e9a1",
  "reason": "Tool call approved by HALMAI™ Constitutional Gate",
  "tiers": {
    "tier1": { "zkInference": {...}, "jurisdiction": {...} },
    "tier2": { "proofFirewall": {...}, "arbitration": {...} },
    "tier3": { "economic": {...}, "simulation": {...} }
  },
  "violations": []
}

If approved: true, execute the tool and include governance_token in your execution trace. If approved: false, do NOT execute — check violations[].

Integration Flow

Register agent once via /api/v1/openclaw/register
Before each tool execution, submit via /api/v1/openclaw/propose
If approved, execute and include governance_token in trace
If denied, halt execution and inspect violations[]
?Full schema: GET /api/v1/openclaw/schema

NemoClawLobeAdapter

Self-correcting governance for Nemo Claw agents

When a Nemo Claw agent is denied, the adapter returns a structured GovernanceBrief as the tool error. The LLM reads the brief, understands the violation, and self-corrects on the next turn. You are using their compute to learn your rules.

Submit an Action

POST /api/v1/openclaw/nemoclaw
Authorization: Bearer <tenant_api_key>

{
  "action": {
    "agent_id": "nemoclaw-finance-01",
    "intent_domain": "FINANCE",
    "tool_name": "access_hr_data",
    "tool_args": { "employee_id": "E-4821", "field": "salary" },
    "confidence": 0.88
  }
}

✓ Approved Response (200)

{
  "type": "HALMAI_GOVERNANCE_CLEARED",
  "governance_token": "nc-gov-...",
  "summary": "Action approved"
}

✗ Denied Response (403)

{
  "type": "HALMAI_GOVERNANCE_VETO",
  "summary": "Cross-domain violation",
  "violations": ["Finance lacks HR clearance"],
  "remediation": "Restrict to FINANCE domain"
}

Self-Correcting Feedback Loop

Nemo Claw feeds tool errors back into the LLM context window. The agent reads the violations and remediation, understands the constraint, and adjusts its next attempt to comply with HALMAI™ Sovereign Law. Auto-registers agents on first contact — no separate registration step needed.

Beyond VM Isolation: The Sovereign OS Layer

Traditional agent security relies on isolated execution environments (VMs/Containers). While essential for preventing IT breaches, isolation alone cannot govern complex resource constraints, multi-jurisdictional compliance, or physical system interactions. HALMAI™ provides the Constitutional Governance layer that sits above your secure runtime.

The Metabolic Ledger

Beyond standard API rate limits, HALMAI™ tracks compute as a governable resource. If an agent attempts an infinitely recursive loop or inefficient action, the pre-gate rejects the tool-call, protecting your token margins.

Architected for Kinetic Safety

Digital agents lack physical awareness. HALMAI™ is architected with an Endpoint-Local Reflex capable of processing sensor telemetry for sub-20ms safety vetoes, establishing a governance path for future robotics integrations.

Multi-Root Jurisdiction

A cross-domain data request might be legal in the US but violate the EU AI Act. HALMAI's Tier 1 Engine dynamically evaluates geographic and departmental jurisdiction, generating compliance-ready defense briefs on every veto.

Ready to integrate?

Start with the Kernel SDK to add governance enforcement to your agents in minutes.

Quickstart GuideAPI Reference