← Back to Skills Marketplace

Workflow Guardian

Name: Workflow Guardian
Author: cyber-bye

by cyber-bye · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ Security Clean

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install workflow-guardian

Description

Defines, enforces, and tracks structured workflows for any task type. Manages do/don't rules, execution sequences, hard gates, soft advisories, checkpoints,...

README (SKILL.md)

Workflow Guardian Skill

Purpose

Give the agent a system for HOW to work — not just what to do. Every repeating task type gets a defined workflow. Every workflow has rules, checkpoints, and gates. Violations are caught in real time and logged for review.

Core Concepts

Concept	Meaning
`workflow`	Ordered step sequence for a specific task type
`rule`	A do or don't that applies globally or per workflow
`checkpoint`	Mandatory verification point inside a workflow
`gate`	Hard stop — cannot proceed until condition is met
`advisory`	Soft warning — log it, do not block
`violation`	A rule or gate broken during execution
`post-fix`	Corrective action applied after a violation

Workflow States

State	Meaning
`pending`	Defined, not yet started
`active`	Currently executing
`paused`	Waiting on gate condition or owner input
`completed`	Finished successfully, all checkpoints passed
`aborted`	Stopped — violation or owner cancel
`post-fix`	Completed but violation found, correction in progress

Rule Types

Type	Enforcement	What happens on break
`hard-do`	Mandatory action	Gate — workflow stops
`hard-dont`	Prohibited action	Gate — workflow stops
`soft-do`	Recommended action	Advisory — log + warn
`soft-dont`	Discouraged action	Advisory — log + warn
`global`	Applies to ALL workflows	Either hard or soft
`scoped`	Applies to one workflow only	Either hard or soft

Folder Structure

workflow-guardian/
  workflows/
    active/                  ← currently defined workflows
      \x3Cworkflow-id>/
        workflow.md          ← definition: steps, gates, rules
        run-log.md           ← execution history (append-only)
    archived/                ← deprecated workflows (never delete)
    templates/               ← reusable workflow templates
  rules/
    global/
      do.md                  ← global hard/soft dos
      dont.md                ← global hard/soft don'ts
    do/                      ← scoped do rules by workflow
      \x3Cworkflow-id>.md
    dont/                    ← scoped don't rules by workflow
      \x3Cworkflow-id>.md
  checkpoints/
    \x3Cworkflow-id>.md         ← checkpoint definitions per workflow
  violations/
    raw/                     ← captured immediately on detection
      YYYY-MM-DD-\x3Cwf>-\x3Cslug>/entry.md
    reviewed/                ← processed violations
  hooks/
    pre-task.md              ← runs before any workflow step
    post-task.md             ← runs after any workflow step
    on-violation.md          ← fires immediately on rule break
    on-complete.md           ← fires when workflow completes
  memory/
    schema.json              ← validated memory structure
    index.json               ← runtime state (auto-managed)
  templates/
    workflow.md              ← template for new workflow definitions
    violation-entry.md       ← template for violation entries
  crons/
    active/
    completed/
  WORKFLOW_LOG.md            ← master execution log (append-only)
  RULES_INDEX.md             ← all rules in one place
  STATS.md                   ← compliance rate, violation counts
  SOUL.md                    ← persistent soul context
  AGENT.md                   ← behavioral enforcement rules

Slug Format

Workflow IDs: \x3Ccategory>-\x3Ctask-type> e.g. code-review, file-creation, api-integration Violation slugs: YYYY-MM-DD-\x3Cworkflow-id>-\x3Crule-broken>

Immediate Violation Capture Rule

The moment a rule is broken — before any other action:

Write to violations/raw/\x3Cslug>/entry.md (minimum viable)
Fire hooks/on-violation.md
If hard rule → GATE: stop workflow, surface to owner
If soft rule → ADVISORY: log, warn, continue

Post-Fix Protocol

When a violation is found AFTER workflow completion:

Set workflow state to post-fix
Write violation entry
Determine corrective action
Apply fix if autonomous, else escalate
Mark workflow completed only after fix confirmed

Workflow Definition Requirements

Every workflow in workflows/active/ MUST define:

steps[] — ordered list with descriptions
gates[] — hard stop conditions
checkpoints[] — verification points
rules[] — scoped dos and don'ts
post-fix-policy — what to do if violation found after completion

Stats Tracking

After every workflow completion or violation:

Update STATS.md compliance rate
Update memory/index.json
If compliance rate drops below 80% for any workflow → advisory to owner

Usage Guidance

This skill appears coherent and local-only: it manages workflows by reading/writing files in a contained folder structure and does not request credentials or network access. Before installing, consider: 1) Back up any existing workspace files you care about (WORKFLOW_LOG.md, memory/index.json, SOUL.md) because the skill expects to append/update them. 2) Review the global rules/docs (AGENT.md, rules/global/*.md) to confirm you accept the strict gate semantics and the claim that some rules 'cannot be overridden by owner instruction' — if you need manual bypasses, plan how you'll signal overrides. 3) Test in a non-production workspace to verify behavior and that the agent's file writes match your expectations. If you need the skill to call external services or require fewer persistent writes, request a variant that limits persistence or exposes explicit owner-controlled override mechanisms.

Capability Analysis

Type: OpenClaw Skill Name: workflow-guardian Version: 1.0.0 The 'workflow-guardian' skill is a comprehensive framework for defining and enforcing structured task sequences (workflows) for an AI agent. It implements a governance system using rules, gates, and checkpoints to ensure auditability and process integrity, with state maintained across files like `SOUL.md`, `STATS.md`, and `memory/schema.json`. While it contains strong instructions for the agent to prioritize global safety rules over user overrides (e.g., requiring confirmation for destructive operations in `rules/global/dont.md`), these constraints are aligned with its stated purpose of workflow enforcement and lack any indicators of malicious intent, data exfiltration, or unauthorized system access.

Capability Assessment

✓ Purpose & Capability

The name/description (workflow enforcement, gates, checkpoints, violation logging) matches the content of SKILL.md and the included docs. No unrelated environment variables, binaries, or external services are requested.

ℹ Instruction Scope

All runtime instructions operate on a clearly defined local folder layout (workflows/, rules/, checkpoints/, violations/, memory/, SOUL.md, logs). The skill directs the agent to read/write those files and to run hooks before/after steps. This is expected for a workflow enforcer, but note the skill prescribes global rules that 'cannot be overridden by owner instruction' and enforces gate behavior strictly — this is a behavioral policy choice that may surprise operators.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files to execute. No downloads, package installs, or binaries are required, minimizing install-time risk.

✓ Credentials

The skill requests no environment variables, credentials, or config paths outside its own document tree. All state is local (files and memory/schema.json). No secret exfiltration vectors are requested in the manifest or instructions.

ℹ Persistence & Privilege

The skill writes persistent state (SOUL.md, memory/index.json, WORKFLOW_LOG.md, run logs, violations). It does not set always:true and does not request system-wide config changes, but it does expect to maintain persistent 'soul' context and runtime state — ensure you are comfortable with the agent writing and updating these files in the workspace.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install workflow-guardian
After installation, invoke the skill by name or use /workflow-guardian
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release: full workflow definition, do/dont rule system, gates, checkpoints, violations, post-fix protocol, soul + memory integration

Metadata

Slug workflow-guardian

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Workflow Guardian?

Defines, enforces, and tracks structured workflows for any task type. Manages do/don't rules, execution sequences, hard gates, soft advisories, checkpoints,... It is an AI Agent Skill for Claude Code / OpenClaw, with 96 downloads so far.

How do I install Workflow Guardian?

Run "/install workflow-guardian" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Workflow Guardian free?

Yes, Workflow Guardian is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Workflow Guardian support?

Workflow Guardian is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Workflow Guardian?

It is built and maintained by cyber-bye (@cyber-bye); the current version is v1.0.0.

More Skills