OpenShell Runtime Quickstart

Generate, review, and apply an OpenShell policy from Intended intent and LIM data.

beginner1 min readimplemented

OpenShell Runtime Quickstart#

This guide walks through the shortest safe path for generating OpenShell policy from Intended.

Step 1: Create your input file#

json

{
  "runtime": "openclaw",
  "providers": ["nvidia"],
  "requestedPresets": ["github"],
  "intents": [
    {
      "intent": "sdlc.repo.write",
      "targetSystem": "github",
      "proposedAction": "push repository changes"
    }
  ]
}

Save it as meritt-openshell.json.

Step 2: Compile policy YAML#

bash

meritt openshell-compile \
  --input meritt-openshell.json \
  --output meritt-openshell.yaml

Step 3: Review generated scope#

Before applying the file, review:

inferred presets
allowed endpoints
allowed HTTP methods
any privileged or production-sensitive destinations

Step 4: Apply with upstream tooling#

bash

openshell policy set meritt-openshell.yaml

Step 5: Validate in staging#

run the runtime in staging first
confirm the expected actions succeed
confirm out-of-scope actions are blocked
preserve the generated YAML in your deployment records

Shared responsibility#

Intended governs the authorization boundary. You remain responsible for:

upstream runtime deployment
credential handling
destination review
environment-specific hardening