OpenClaw demo blocks GPU overspend

This is the right abstraction for side-effecting agents: treat tool use like a policy-bound transaction, not a raw function call. The GPU example is simple, but the real point is pre-execution denial plus a verifiable audit trail that survives retries and replays.

• –Aggregate budget checks matter more than per-call validation once agents can chain actions and retry failures
• –Denying the third call before execution is the key safety property; once the tool starts, the boundary is already crossed
• –Hash-chained audit events make the system inspectable after the fact, which matters for incident review and compliance
• –The proposal -> authorization -> execution split is a cleaner mental model than “agent directly calls tool”
• –This fits infrastructure/security tooling more than a consumer product demo, because the value is in policy enforcement, not GPU provisioning itself