← Back to Skills Marketplace
kaicianflone

consensus-code-merge-guard

by Kai Cianflone · GitHub ↗ · v1.1.15
cross-platform ✓ Security Clean
525
Downloads
0
Stars
0
Active Installs
18
Versions
Install in OpenClaw
/install consensus-code-merge-guard
Description
Persona-weighted merge governance for AI-assisted engineering. Evaluates PR risk (tests, security markers, reliability signals), returns MERGE/BLOCK/REVISE d...
README (SKILL.md)

consensus-code-merge-guard

consensus-code-merge-guard turns code merge approval into a governed, auditable decision.

What this skill does

  • consumes PR/change summary input
  • runs persona-weighted vote arbitration
  • enforces hard constraints (e.g., tests/security flags)
  • maps to engineering decision states: MERGE | BLOCK | REVISE
  • writes decision and updated persona artifacts to board state

Why this matters

CI passing does not guarantee risk-aware merge quality. Consensus review reduces silent failure propagation into production.

Ecosystem role

Uses the same consensus substrate as other guards, enabling cross-domain governance with comparable metrics.

Useful for

  • autonomous or semi-autonomous merge pipelines
  • high-risk repos needing policy checks
  • repeatable release governance with artifact history

Runtime, credentials, and network behavior

  • runtime binaries: node, tsx
  • network calls: none in the guard decision path itself
  • filesystem writes: board/state artifacts under the configured consensus state path

Dependency trust model

  • consensus-guard-core is the first-party consensus package used in guard execution
  • versions are semver-pinned in package.json for reproducible installs
  • this skill does not request host-wide privileges and does not mutate other skills

Install (registry)

npm i consensus-code-merge-guard

Quick start

node --import tsx run.js --input ./examples/input.json

Tool-call integration

This skill is wired to the consensus-interact contract boundary (via shared consensus-guard-core wrappers where applicable):

  • readBoardPolicy
  • getLatestPersonaSet / getPersonaSet
  • writeArtifact / writeDecision
  • idempotent decision lookup

This keeps board orchestration standardized across skills.

Invoke Contract

This skill exposes a canonical entrypoint:

  • invoke(input, opts?) -> Promise\x3COutputJson | ErrorJson>

invoke() starts the guard flow and executes deterministic policy evaluation with board operations via shared guard-core wrappers.

external_agent mode

Guards support two modes:

  • mode="external_agent": caller supplies external_votes[] from agents/humans/models for deterministic aggregation.
  • mode="persona": requires an existing persona_set_id; guard will not generate persona sets internally.
Usage Guidance
This package appears to do what it says: evaluate PR summaries and write an auditable decision to a configured state path. Before installing, review the consensus-guard-core dependency because all board reads/writes and state resolution are delegated to it — that component determines whether any network calls or broader filesystem access occur. Confirm the CONSENSUS_STATE_FILE / CONSENSUS_STATE_ROOT environment variables point to a safe directory (not containing secrets or system config). Run the included tests in an isolated environment (npm test/demo) and inspect the produced artifact files (./out and your state path). Note minor metadata/version inconsistencies across SKILL.md, metadata.json, and package.json — not a blocker, but worth verifying you install the intended version.
Capability Analysis
Type: OpenClaw Skill Name: consensus-code-merge-guard Version: 1.1.15 The skill is designed for code merge governance, evaluating PR risk and recording audit artifacts locally. It explicitly declares no network calls in its decision path and performs local filesystem writes for state management, as confirmed by `SKILL.md`, `metadata.json`, and `src/index.mjs`. Input validation is implemented in `src/index.mjs` to reject unknown fields. There is no evidence of data exfiltration, unauthorized execution, persistence mechanisms, or prompt injection attempts in any of the analyzed files. File system interactions are confined to its stated purpose of writing structured decision artifacts, relying on environment variables (`CONSENSUS_STATE_ROOT`, `CONSENSUS_STATE_FILE`) for path resolution, which is a configuration concern for the agent rather than malicious intent within the skill itself.
Capability Assessment
Purpose & Capability
Name/description (persona-weighted merge governance) match the code and declared requirements. Requested binaries (node, tsx) and environment variables (CONSENSUS_STATE_FILE, CONSENSUS_STATE_ROOT) are plausibly needed to read/write the consensus board state and run the packaged JS guard.
Instruction Scope
SKILL.md and run.js describe a local decision flow that reads input JSON, evaluates policy, and writes decision/artifact files to a configured consensus state path. The decision path itself contains no outbound network calls, but actual board read/write/aggregation calls are delegated to the 'consensus-guard-core' package (imported functions like writeArtifact, getLatest, resolveStatePath). You should audit that package because it is the component that performs state persistence and could perform network or filesystem actions beyond what this skill's code shows.
Install Mechanism
Install is a normal npm package (consensus-code-merge-guard) with a package-lock.json present. There are no download-from-personal-server or URL-extract install steps in the manifest. Dependencies are registry packages (consensus-guard-core, tsx) which is expected for a Node skill.
Credentials
Only two env vars (CONSENSUS_STATE_FILE, CONSENSUS_STATE_ROOT) are required and are consistent with the skill's stated need to read/write board state. No cloud credentials, tokens, or other sensitive variables are requested. Note: both env names are required by the metadata even though the code uses a resolveStatePath helper — verify which of the two actually controls the path in your deployment.
Persistence & Privilege
always:false (no forced global presence). The skill writes artifacts only under the configured consensus state path and its own output directory (run.js writes ./out). It does not modify other skills or system-wide agent settings in the provided code.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install consensus-code-merge-guard
  3. After installation, invoke the skill by name or use /consensus-code-merge-guard
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.15
Aligned SKILL metadata/install docs for registry-only path and removed misleading install bins.
v1.1.14
Bumped consensus-guard-core dependency to ^1.1.15 and rolled forward release.
v1.1.13
Added explicit requires/env/install SKILL frontmatter for registry scanner parity.
v1.1.12
Updated to consensus-guard-core ^1.1.13 with package-root import contract and compatibility fixes.
v1.1.11
Bumped consensus-guard-core dependency to ^1.1.11 and rolled forward release.
v1.1.10
Bumped consensus-guard-core dependency to ^1.1.10 and released patch version.
v1.1.9
Bumped semver deps (consensus-guard-core 1.1.5 / consensus-tools 0.1.8) and version.
v1.1.8
Decoupled guard/provider path; deterministic contract updates.
v1.1.7
Bump consensus-guard-core dependency to ^1.1.4 for corrected invoke contract and shared core alignment.
v1.1.6
Scanner hardening: remove required OPENAI_API_KEY metadata; clarify optional/conditional LLM credentials
v1.1.5
confirm release sync
v1.1.4
Security hardening: explicit runtime/credential model and semver-pinned npm dependencies
v1.1.3
Packaging hardening: standalone install metadata, dependency cleanup, and safer runtime requirements
v1.1.2
Security hardening: statePath confined to safe root with traversal protection
v1.1.1
1.1.1: tested examples/input.json in e2e to keep docs and behavior synced
v1.1.0
Release 1.1.0: invoke contract + external-agent support + ecosystem alignment
v1.0.0
1.0.0 initial public release
v0.1.0
Initial public release
Metadata
Slug consensus-code-merge-guard
Version 1.1.15
License
All-time Installs 0
Active Installs 0
Total Versions 18
Frequently Asked Questions

What is consensus-code-merge-guard?

Persona-weighted merge governance for AI-assisted engineering. Evaluates PR risk (tests, security markers, reliability signals), returns MERGE/BLOCK/REVISE d... It is an AI Agent Skill for Claude Code / OpenClaw, with 525 downloads so far.

How do I install consensus-code-merge-guard?

Run "/install consensus-code-merge-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is consensus-code-merge-guard free?

Yes, consensus-code-merge-guard is completely free (open-source). You can download, install and use it at no cost.

Which platforms does consensus-code-merge-guard support?

consensus-code-merge-guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created consensus-code-merge-guard?

It is built and maintained by Kai Cianflone (@kaicianflone); the current version is v1.1.15.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments