← Back to Skills Marketplace
nefas11

Governed Agents

by Nefas11 · GitHub ↗ · v0.1.11 · MIT-0
cross-platform ✓ Security Clean
363
Downloads
1
Stars
0
Active Installs
12
Versions
Install in OpenClaw
/install governed-agents
Description
Deterministic verification + reputation scoring for AI sub-agents. Prevents hallucinated success via 4 code gates (files, tests, lint, AST) and a 3-layer pip...
README (SKILL.md)

Governed Agents

Deterministic verification + reputation scoring for AI sub-agents. Prevents hallucinated success ("I did it!") by verifying claims independently before updating the agent's score.

Pure Python stdlib — zero external dependencies.

Capabilities

Spawns external CLIs (codex, openclaw, git, pytest) and makes HTTP HEAD requests.

When to Use

Use this skill when you need to:

  • Spawn sub-agents and verify their output automatically
  • Score agent reliability across tasks (EMA-based reputation)
  • Detect hallucinated success — agent claims "done" but files are missing or tests fail
  • Verify open-ended tasks (research, analysis, strategy) via LLM Council
  • Enforce supervision levels based on agent track record

Quick Start

Coding Tasks (Deterministic Verification)

from governed_agents.contract import TaskContract
from governed_agents.orchestrator import GovernedOrchestrator

contract = TaskContract(
    objective="Add JWT auth endpoint",
    acceptance_criteria=["POST /api/auth returns JWT", "Tests pass"],
    required_files=["api/auth.py", "tests/test_auth.py"],
    run_tests="pytest tests/test_auth.py -v",
)

g = GovernedOrchestrator(contract, model="openai/gpt-5.2-codex")
# After agent completes:
result = g.record_success()  # runs gates, updates reputation

Open-Ended Tasks (3-Layer Pipeline + LLM Council)

contract = TaskContract(
    objective="Write architecture decision record for auth module",
    acceptance_criteria=["Trade-offs documented", "Decision stated"],
    verification_mode="council",
    task_type="analysis",
    council_size=3,
)

g = GovernedOrchestrator(contract, model="openai/gpt-5.2-codex")
prompts = g.generate_council_tasks(worker_output)
result = g.record_council_verdict(raw_reviewer_outputs)
# → "Council: 2/3 approved (score=0.67, PASS ✅)"

CLI Spawning (Codex / OpenClaw)

from governed_agents.openclaw_wrapper import spawn_governed

contract = TaskContract(
    objective="Build a REST API for todos",
    acceptance_criteria=["CRUD endpoints work", "Tests pass"],
    required_files=["api.py", "tests/test_api.py"],
)

# Uses Codex 5.3 CLI by default
result = spawn_governed(contract, engine="codex53")
# Or via OpenClaw agent CLI:
result = spawn_governed(contract, engine="openclaw")

Verification Modes

Deterministic (Coding Tasks)

4 gates run automatically — all must pass:

Gate Check Signal
Files Required files exist and are non-empty Hard fail
Tests Test command exits 0 Hard fail
Lint No lint errors Hard fail
AST Python files parse without SyntaxError Hard fail

If agent claims SUCCESS but any gate fails → score override to -1.0 (hallucination penalty).

Council (Open-Ended Tasks)

3-layer pipeline with short-circuit:

  1. Structural Gate (\x3C1s) — word count, required sections, no empty sections
  2. Grounding Gate (5–30s) — URL reachability, citation checks
  3. LLM Council (30–120s) — N independent reviewers, majority vote

If Layer 1 fails → no LLM calls, instant result, zero cost.

Reputation System

R(t+1) = (1 − α) · R(t) + α · s(t),   α = 0.3
Score Meaning
+1.0 Verified success (first try)
+0.7 Verified success (after retry)
+0.5 Honest blocker report
0.0 Failed but tried
−1.0 Hallucinated success

Supervision Levels

Reputation Level Effect
> 0.8 autonomous Full trust
> 0.6 standard Normal supervision
> 0.4 supervised Checkpoints required
> 0.2 strict Model override to Opus
≤ 0.2 suspended Task blocked

Task-Type Profiles

Pre-configured gate combinations:

task_type Layer 1 Layer 2 Min words
research word_count, sources_list url_reachable, citations 200
analysis word_count, required_sections numbers_consistent 150
strategy required_sections, word_count cross_refs_resolve 100
writing word_count 50
planning required_sections, has_steps dates_valid 50

Installation

bash install.sh
# → Copies governed_agents/ to $OPENCLAW_WORKSPACE/governed_agents/
# → Runs verification suite (37 tests)

Tests

python3 -m pytest governed_agents/test_verification.py \
                   governed_agents/test_council.py \
                   governed_agents/test_profiles.py -v
# 37 passed
Usage Guidance
This skill appears coherent and implements exactly what it claims: it spawns external agent CLIs, runs git/pytest, probes URLs, and stores a local reputation DB. Before installing, review install.sh and confirm you are comfortable with copying the repository into your OpenClaw workspace. Consider these precautions: (1) run the install in a sandbox or inspect the script to confirm no unexpected actions, (2) ensure the external CLIs (codex, openclaw, git, pytest) you allow are trusted, (3) do not set sensitive API keys into env vars that would be forwarded (GOVERNED_AUTH_TOKEN is optional and listed), (4) if you want to prevent any network checks, set GOVERNED_NO_NETWORK=1 to skip URL probing, and (5) review the allowlist in the code if you have special secret-management needs. The repository includes prompt-injection detection and some sanitization, but always treat outputs used to build prompts with caution.
Capability Analysis
Type: OpenClaw Skill Name: governed-agents Version: 0.1.11 The governed-agents skill bundle is a sophisticated framework for AI agent verification and reputation management that demonstrates strong security engineering. It includes proactive defenses against common AI-related risks, such as SSRF protection in grounding_gate.py (blocking private/internal IPs), strict environment variable allowlisting in openclaw_wrapper.py to prevent credential leakage to subprocesses, and AST-based analysis in verification.py to detect dangerous imports in agent-generated code. The installation script (install.sh) incorporates path validation to prevent traversal, and the orchestrator uses shlex for safe command execution, effectively mitigating shell injection risks.
Capability Assessment
Purpose & Capability
Name/description (deterministic verification + reputation for sub-agents) matches the actual code and SKILL.md: the package runs deterministic gates (files/tests/lint/AST), a grounding gate (HTTP HEAD reachability), and an LLM council. Requested binaries (codex, git, pytest) and optional linters are proportionate to these features.
Instruction Scope
SKILL.md and code direct the agent to spawn external CLIs (codex/openclaw), run git/pytest, probe URLs with HTTP HEAD, and write a local SQLite DB under the skill's workspace. These actions are within the stated verification/rep scoring scope. The skill also includes prompt-sanitization and prompt-injection detection logic (e.g., replacing IGNORE/OVERRIDE), which explains the presence of such strings.
Install Mechanism
Install is a bundled install.sh script (present in the repo) that copies code into the OpenClaw workspace. No external downloads from untrusted URLs or remote extract operations are used. This is an expected and proportionate install method for an instruction+code skill, but you should still inspect the script before running.
Credentials
Only optional env vars are declared (workspace paths, DB path, optional GOVERNED_AUTH_TOKEN). The code documents a narrow allowlist for env variables forwarded to subprocesses and provides a GOVERNED_NO_NETWORK toggle. No unrelated secret-scoped variables are requested. Requiring access to a workspace and a local DB file is consistent with a reputation/persistence feature.
Persistence & Privilege
The skill writes to its own state directory (~/.openclaw/workspace/.state/governed_agents/) and persists a local SQLite DB for reputations. always is false and it does not request system-wide privileged persistence or modify other skills' configs. This level of persistence matches the declared purpose.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install governed-agents
  3. After installation, invoke the skill by name or use /governed-agents
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.11
- Improved error handling and messaging in verification logic. - Minor code refactoring in `verification.py` and `verifier.py` for clarity and maintainability.
v0.1.10
- Updated metadata in SKILL.md to restructure required and optional binaries. - Adjusted manifest metadata for improved clarity and organization. - No functional changes to core code or APIs.
v0.1.9
- Added "source" and "homepage" URLs to metadata, referencing the GitHub repository. - Updated metadata to reflect bin requirements as objects with "name" and "optional" fields, and changed "type" to "executable/with-install". - Manifest and SKILL.md now declare public repository for origin and documentation. - No changes to core logic or test coverage.
v0.1.8
- Added environment variable support for configuration (OPENCLAW_WORKSPACE, GOVERNED_WORK_DIR, GOVERNED_DB_PATH, GOVERNED_AUTH_TOKEN). - Updated SKILL.md to document new environment variables. - Minor metadata and manifest adjustments for improved clarity and configuration. - Added conftest.py files to support test isolation and setup.
v0.1.7
- Updated manifest.json for compatibility or metadata adjustment. - No functional or documentation changes to the skill itself.
v0.1.6
- Improved import hygiene and isolation in test and wrapper modules. - Enhanced environment isolation in tests to prevent cross-test state leakage. - Security documentation (SECURITY.md) added or updated. - Manifest and metadata updated for clarity and completeness.
v0.1.5
- Added thorough security documentation (SECURITY.md). - Introduced new files for prompt validation and test coverage, including council, grounding, metadata, and environment isolation tests. - Updated SKILL.md with clearer install instructions, capability flags, directory details, and improved metadata structure. - Enhanced test suite for better coverage of governance, environment isolation, metadata validation, and SSRF grounding checks. - Refactored core modules and install script for improved maintainability.
v0.1.4
**v0.1.4 - Adds network and subprocess capability metadata, expands CLI requirements** - Added skill capabilities section: now explicitly marked as network-capable and subprocess-capable. - Expanded executable requirements: codex, openclaw, git, pytest, ruff, flake8, and pylint now listed as needed binaries. - Updated install metadata to clarify install spec and execution type. - README and SKILL.md updated to document the ability to spawn external processes and make network (HTTP HEAD) requests. - No changes to core logic; primarily metadata and documentation improvements.
v0.1.3
- No functional changes; version bumped to 0.1.3 without file modifications. - Documentation and metadata remain unchanged.
v0.1.2
- No changes detected since the previous version. - Version bump to 0.1.2 only; documentation and code remain identical.
v0.1.1
Version 0.1.1 of governed-agents - No file changes detected in this release. - No updates or modifications to functionality, documentation, or metadata.
v0.1.0
Initial release of governed-agents: deterministic verification and reputation scoring for AI sub-agents. - Prevents hallucinated success with 4 code gates (files, tests, lint, AST) and a 3-layer pipeline (Structural → Grounding → LLM Council) for open-ended tasks. - EMA-based reputation scoring adapts supervision level to agent reliability. - Supports deterministic (coding) and council (open-ended) verification modes. - Includes pre-configured task-type profiles and CLI/script install. - Pure Python stdlib; no external dependencies.
Metadata
Slug governed-agents
Version 0.1.11
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 12
Frequently Asked Questions

What is Governed Agents?

Deterministic verification + reputation scoring for AI sub-agents. Prevents hallucinated success via 4 code gates (files, tests, lint, AST) and a 3-layer pip... It is an AI Agent Skill for Claude Code / OpenClaw, with 363 downloads so far.

How do I install Governed Agents?

Run "/install governed-agents" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Governed Agents free?

Yes, Governed Agents is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Governed Agents support?

Governed Agents is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Governed Agents?

It is built and maintained by Nefas11 (@nefas11); the current version is v0.1.11.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments