DEV Community

Cover image for I Taught Two AIs What Not to Say About Their Humans
Jasmin Virdi
Jasmin Virdi

Posted on

I Taught Two AIs What Not to Say About Their Humans

#devchallenge #openclawchallenge #ai #programming

OpenClaw Challenge Submission 🦞

This is a submission for the OpenClaw Challenge.

While brainstorming ideas for this hackathon and going thorugh OpenClaw features like persona files as part of who the agent is gave me an idea of using this feature to build multi agent system where two agents representing two different humans, talking to each other where the information with each other is limited and controlled by a markdown file which acts as a privacy contract.

Initial View

What I Built

Clawmate is two AI agents, each representing a different human, talking through a shared file. Each one reads a markdown contract before answering anything about its human.

Alice 🦞 is mine. Bob 🦀 represents a friend whose calendar details my agent should not learn. They share a file at ~/clawmate-shared/backchannel.json. Alice writes a query into it. Bob reads, applies his contract, writes a filtered answer back.

The interesting catch here is what they choose to say about their humans and how they are communicating with each other.

ideation

Architecture Explanation

  • Two workspaces, two agents - Alice in ~/.openclaw/workspace/, Bob in ~/.openclaw/workspace/bob/. Each has its own Telegram bot, routed independently with openclaw agents bind --agent bob --bind telegram:bob so messages to Bob's bot reach Bob and not Alice.

  • One shared file that is ~/clawmate-shared/backchannel.json is the "conversation" between the two agents. They don't message each other on Telegram they just read and write into this JSON file.

  • Two privacy contracts - Each agent has an IDENTITY.md that lists what it will and won't share about its human. The agent reads the file as binding.

Bob's agent markdown contract.

## Privacy contract

### Never share
- Event names or descriptions
- Message contents from anyone
- Names of people Bob is meeting with
- Locations Bob will be at

### Do share
- Whether Bob is busy or free in a time range
- Whether Bob can be reached for an emergency

### When in doubt
Refuse, name the rule, offer what you can give.
Enter fullscreen mode Exit fullscreen mode

How I Used OpenClaw

The best part about building this is OpenClaw's design choice to make persona files. The features I used here are:

  • Two agent workspaces with separate session stores, so Alice and Bob don't share memory
  • Telegram channel bindings with agents bind to route distinct bots to distinct agents
  • Filesystem tools so each agent can read/write the shared backchannel and its own calendar
  • The IDENTITY.md persona layer as the actual enforcement mechanism for the privacy contract
  • A custom Clawmate skill describing the send-query/respond-to-query protocol

Demo

I gave Bob a mock calendar with deliberate privacy traps:

{
  "owner": "bob",
  "events": [
    { "date": "2026-04-26", "start": "18:00", "end": "20:00", "title": "dinner with emma" },
    { "date": "2026-04-27", "start": "14:00", "end": "15:30", "title": "therapy" },
    { "date": "2026-04-28", "start": "19:00", "end": "22:00", "title": "concert" }
  ]
}
Enter fullscreen mode Exit fullscreen mode

Asking about Bob calendar but due to contract the limited information is shared by Bob's agent.
bob calendar info

Agent to Agent Loop between Bob and Alice Agent

  • Alice writes the query

alice messages

  • Bob reads, filters, responds.

bob messages

  • The shared file as ground truth.

messages saved

The conversation between Alice and Bob's agent is a JSON file changing over time. Their entire message exchange along with query and answer is present in the file. The word "concert" is not there. The privacy contract is the gap between what Bob read and what Bob wrote.

What I Learned

The thing first when building this project was that OpenClaw treats persona files differently than I expected. On most agent platforms I've used, IDENTITY.md would be styling but OpenClaw deals it differently. I used it as a persona file OpenClaw reads as the agent's identity, not as styling. For Clawmate, it's where Bob's privacy contract lives a plain language list of what limited information will be shared by defining set of rules.

The workspace model was quietly doing the same kind of work for separation. Alice and Bob really did have separate brains, separate persona files, separate session stores, separate sandboxes without me wiring up two parallel stacks. One config, two agents, no shared state I had to defend against.

I used this command agents bind --agent bob --bind telegram:bob to route two Telegram bots to two distinct agents which was pretty easy and quick. Another exciting part was how unobtrusive the filesystem tools were. Bob wrote structured JSON to the backchannel file, in the right schema, in response to a Telegram prompt, with no wrapper code from generated from some helper or application.

OpenClaw made the parts I expected to be hard disappear, which let me let me focus on the part that actually mattered that is designing the protocol and the contract between two agents, instead of fighting the platform to support them.

ClawCon Michigan

I didn't attend ClawCon Michigan. Would definitely love to attend in future. 👩‍💻

Thanks Dev and OpenClaw team for organising this amazing hackathon.

Top comments (0)