← Back to Skills Marketplace
War/Den Governance
by
John DeVere Cooley
· GitHub ↗
· v1.0.0
310
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install an2b-warden-governance
Description
Evaluates and governs all OpenClaw bot actions using YAML policies with tamper-evident audit logs to allow, deny, or require review before execution.
README (SKILL.md)
\r \r
War/Den Governance Skill\r
\r
ClawHub Package:
an2b/warden-governance\r Version: 1.0.0\r Category: Governance & Security\r License: MIT\r \r ---\r \r
What This Skill Does\r
\r Every action your OpenClaw bot tries to take is evaluated by War/Den before it executes.\r \r
Your Bot -> War/Den check -> ALLOW -> action executes\r
-> DENY -> action blocked + logged\r
-> REVIEW -> waits for your approval\r
```\r
\r
No more deleted emails. No more data exfiltration. No more ungoverned agents.\r
\r
**Community mode works with zero external dependencies.** No API keys. No cloud.\r
Just YAML policies, a local SQLite audit log, and a hash chain you can verify.\r
\r
---\r
\r
## Install\r
\r
### From ClawHub (recommended)\r
\r
```bash\r
openclaw skill install an2b/warden-governance\r
```\r
\r
### From pip\r
\r
```bash\r
pip install warden-governance-skill\r
```\r
\r
Both methods install to: `~/.openclaw/skills/warden-governance/`\r
\r
On successful install you'll see:\r
\r
```\r
🦞 War/Den governance active.\r
Your OpenClaw bot is now governed.\r
```\r
\r
### Add to your OpenClaw config\r
\r
```yaml\r
skills:\r
- name: warden-governance\r
config:\r
SENTINEL_API_KEY: "" # optional -- leave blank for community mode\r
ENGRAMPORT_API_KEY: "" # optional -- leave blank for local memory\r
WARDEN_FAIL_OPEN: "false" # block on governance failure (default)\r
```\r
\r
### Restart your bot\r
\r
```bash\r
openclaw restart\r
```\r
\r
That's it. Your bot is now governed.\r
\r
---\r
\r
## How It Works\r
\r
### Hooks\r
\r
This skill registers three OpenClaw hooks:\r
\r
| Hook | Purpose |\r
|------|---------|\r
| `before_action` | Evaluate every action against policy before execution |\r
| `after_action` | Write action result to governed memory |\r
| `on_error` | Log errors to tamper-evident audit trail |\r
\r
### Action Bridge\r
\r
All 15 OpenClaw action types are mapped to War/Den governance types:\r
\r
| OpenClaw Action | War/Den Type | Default Protection |\r
|-----------------|--------------|-------------------|\r
| `email.send` | `message.send` | Monitored |\r
| `email.delete` | `data.write` | **Requires human review** |\r
| `email.read` | `data.read` | Monitored |\r
| `file.write` | `data.write` | Monitored |\r
| `file.delete` | `data.write` | **Requires human review** |\r
| `file.read` | `data.read` | Monitored |\r
| `browser.navigate` | `api.call` | Monitored |\r
| `browser.click` | `api.call` | Monitored |\r
| `shell.execute` | `code.execute` | **Blocked in production** |\r
| `api.call` | `api.call` | Monitored |\r
| `calendar.create` | `data.write` | Monitored |\r
| `calendar.delete` | `data.write` | **Requires human review** |\r
| `message.send` | `message.send` | Monitored |\r
| `code.execute` | `code.execute` | **Blocked in production** |\r
| `payment.create` | `api.call` | **Requires human review** |\r
\r
### Policy Engine\r
\r
Policies are YAML files evaluated in priority order:\r
\r
```yaml\r
policies:\r
- name: protect-email-delete\r
match:\r
action.type: data.write\r
action.data.openclaw_original: email.delete\r
decision: review\r
mode: enforce\r
priority: 1\r
active: true\r
reason: "Email deletion requires human review."\r
```\r
\r
**Evaluation rules:**\r
1. Filter to active policies only\r
2. Sort by priority ascending (lower number = higher priority)\r
3. First match wins\r
4. `mode: monitor` -- log but return ALLOW\r
5. `mode: enforce` -- return the matched decision\r
6. No match -- default ALLOW\r
\r
### Pre-built Policy Packs\r
\r
Load governance instantly with built-in packs:\r
\r
| Pack | What It Does |\r
|------|-------------|\r
| `basic_safety` | Blocks code execution in prod, monitors writes and API calls |\r
| `phi_guard` | Denies PHI access in dev, requires review for memory export |\r
| `payments_guard` | Denies payment actions in dev, requires review in prod |\r
\r
### Audit Trail\r
\r
Every governance decision is written to a tamper-evident SHA-256 hash chain:\r
\r
```\r
Event N: hash = SHA256(prev_hash + agent_id + action_type + decision + timestamp)\r
Event N+1: prev_hash = Event N hash\r
```\r
\r
Verify the chain at any time:\r
\r
```python\r
valid, bad_event_id = audit_log.verify_chain()\r
```\r
\r
### Decision Cache\r
\r
ALLOW decisions are cached for 5 minutes (configurable). DENY and REVIEW are **never** cached -- they always hit the governance engine fresh.\r
\r
---\r
\r
## Community vs Enterprise\r
\r
| Feature | Community (Free) | Enterprise |\r
|---------|-----------------|------------|\r
| Policy enforcement | Local YAML | Sentinel_OS cloud |\r
| Audit trail | Local SQLite + hash chain | Cloud + signed PDF |\r
| Memory storage | Local SQLite | EngramPort cloud (MandelDB) |\r
| Memory search | Text search (LIKE) | Vector search (3072-dim) |\r
| Synthesis | Basic recall | Eidetic AI synthesis |\r
| Cross-bot memory | -- | Orchestra multi-agent |\r
| Multi-namespace | 3 max | Unlimited |\r
| Compliance export | -- | SOC2/HIPAA PDF |\r
| Cryptographic provenance | Local hash chain | AEGIS (SHA-256 + RSA) |\r
| Dependencies | **Zero** | `sentinel-client`, `engramport-langchain` |\r
\r
### Mode Matrix\r
\r
| `SENTINEL_API_KEY` | `ENGRAMPORT_API_KEY` | Mode |\r
|--------------------|----------------------|------|\r
| -- | -- | Full Community |\r
| Set | -- | Governed Community |\r
| -- | Set | Memory Enterprise |\r
| Set | Set | Full Enterprise |\r
\r
All four modes work with zero code changes. Just environment variables.\r
\r
---\r
\r
## Enterprise Upgrade Path\r
\r
### Sentinel_OS (Governance)\r
\r
Set `SENTINEL_API_KEY` to upgrade governance from local YAML to Sentinel_OS cloud:\r
\r
- Real-time policy evaluation via `/api/v1/check`\r
- Pre-flight checks via `/api/v1/check` (read-only, no side effects)\r
- Action logging via `/api/v1/ingest` with hash chain integrity\r
- Run management, alerting, and AI-powered insights\r
- Python and Node.js SDKs\r
- Rate limiting: 2000 checks/min, 1000 ingests/min per API key\r
\r
Get your key at [getsentinelos.com](https://getsentinelos.com)\r
\r
### EngramPort (Memory via MandelDB)\r
\r
Set `ENGRAMPORT_API_KEY` to upgrade memory from local SQLite to EngramPort cloud:\r
\r
- **5 endpoints:** `/register`, `/remember`, `/recall`, `/reflect`, `/stats`\r
- 3072-dimensional OpenAI embeddings via Pinecone\r
- AEGIS cryptographic provenance (SHA-256 + RSA signature per memory)\r
- Namespace-isolated storage (`bot:{slug}:{uid}`)\r
- Eidetic cross-memory pattern synthesis via GPT-4o-mini\r
- Multi-agent orchestration with `EngramPortOrchestra`\r
- Background synthesis with `DreamState`\r
- LangChain drop-in integration\r
\r
API keys use format `ek_bot_*` with SHA-256 hashed storage.\r
\r
Get your key at [engram.eideticlab.com](https://engram.eideticlab.com)\r
\r
---\r
\r
## Configuration\r
\r
| Variable | Required | Default | Description |\r
|----------|----------|---------|-------------|\r
| `SENTINEL_API_KEY` | No | `""` | Sentinel_OS key. Blank = community governance |\r
| `ENGRAMPORT_API_KEY` | No | `""` | EngramPort key. Blank = local memory |\r
| `WARDEN_FAIL_OPEN` | No | `false` | Allow on governance failure |\r
| `WARDEN_AGENT_ID` | No | `openclaw-agent` | Bot identifier |\r
| `WARDEN_POLICY_FILE` | No | built-in | Path to custom YAML policy file |\r
| `WARDEN_POLICY_PACKS` | No | `""` | Comma-separated pack names |\r
| `WARDEN_MEMORY_DB` | No | `~/.warden/memory.db` | Local memory path |\r
| `WARDEN_AUDIT_DB` | No | `~/.warden/audit.db` | Local audit log path |\r
| `WARDEN_CACHE_TTL` | No | `300` | ALLOW cache TTL in seconds |\r
\r
### Fail-Open Behavior\r
\r
| `WARDEN_FAIL_OPEN` | War/Den reachable | War/Den unreachable |\r
|---------------------|-------------------|---------------------|\r
| `false` (default) | Normal governance | Action **BLOCKED** |\r
| `true` | Normal governance | Action **ALLOWED** + warning |\r
\r
Default is `false` because a governance failure should never silently allow dangerous actions.\r
\r
---\r
\r
## Test Proof\r
\r
This skill ships with a comprehensive test suite. Run it:\r
\r
```bash\r
python -m pytest tests/ -v\r
```\r
\r
Key test: **The Meta inbox test** simulates the exact incident where an OpenClaw agent deleted 200 emails. With War/Den, all 200 are blocked:\r
\r
```python\r
def test_meta_researcher_inbox_protection(self, tmp_path):\r
"""Simulate the exact Meta inbox incident. All 200 emails blocked."""\r
skill = _make_skill(tmp_path, WARDEN_POLICY_FILE=policy_path)\r
blocked = 0\r
for i in range(200):\r
result = skill.before_action(\r
{"type": "email.delete", "data": {"email_id": f"msg_{i}"}},\r
{"agent_id": "meta-researcher-bot", "env": "prod"},\r
)\r
if not result["proceed"]:\r
blocked += 1\r
assert blocked == 200\r
```\r
\r
---\r
\r
## Skill Files\r
\r
```\r
warden-governance-skill/\r
├── SKILL.md # This file (ClawHub primary)\r
├── clawhub.json # ClawHub registry metadata\r
├── README.md # Full documentation\r
├── pyproject.toml # Python package config\r
├── policies/\r
│ ├── openclaw_default.yaml # Default governance policies\r
│ └── policy_packs.py # Pre-built policy packs\r
├── warden_governance/\r
│ ├── __init__.py\r
│ ├── skill.py # Main skill class (hooks)\r
│ ├── action_bridge.py # OpenClaw \x3C-> War/Den translation\r
│ ├── policy_engine.py # Community policy engine\r
│ ├── audit_log.py # SHA-256 hash chain audit\r
│ ├── memory_client.py # Governed memory operations\r
│ ├── local_store.py # Local SQLite memory\r
│ ├── sentinel_client.py # Enterprise Sentinel_OS client\r
│ ├── engramport_client.py # Enterprise EngramPort client\r
│ ├── upgrade_manager.py # Mode detection + banner\r
│ ├── health_check.py # Enterprise health validation\r
│ └── settings.py # Configuration\r
└── tests/\r
├── __init__.py\r
├── test_skill.py # Skill + Meta inbox tests\r
├── test_policy_engine.py # Policy engine tests\r
├── test_audit_log.py # Audit trail tests\r
├── test_action_bridge.py # Action bridge tests\r
├── test_memory.py # Memory client tests\r
└── test_enterprise.py # Enterprise upgrade tests\r
```\r
\r
---\r
\r
Built on [Sentinel_OS](https://getsentinelos.com) and [EngramPort](https://engram.eideticlab.com) by [AN2B Technologies](https://an2b.com)\r
\r
*The lobster protects the inbox.*\r
Usage Guidance
This skill appears to do what it says: enforce YAML policies locally and optionally call enterprise services when you provide API keys. Before installing:
- Review policies: inspect the built-in policies/policy_packs and any WARDEN_POLICY_FILE you plan to use so you understand what will be blocked/allowed/reviewed.
- Audit log & memory storage: the code writes a local audit DB (~/.warden/audit.db by default) and a local memory DB (configurable). Confirm these locations and file permissions are acceptable for your environment.
- Enterprise mode = external transmission: if you set SENTINEL_API_KEY or ENGRAMPORT_API_KEY the skill will POST action payloads and memory to third-party endpoints (Sentinel_OS / EngramPort). Only enable those keys for services and operators you trust; action.data can include sensitive contents (emails, file contents, etc.).
- Fail-open behavior: WARDEN_FAIL_OPEN controls whether actions are allowed when governance is unreachable. Default is 'false' (fail-closed). Decide which is appropriate for your risk tolerance.
- Inspect settings.py: verify base URLs and any default endpoints the code will contact (to ensure they match the vendor URLs you expect). There is a small docs/implementation mismatch on default audit path; confirm actual paths after install.
- Source verification: the skill metadata references an2b domains and a GitHub repo. If provenance matters, verify the package origin (git tag, checksum, or repository) before pip installing or setting enterprise keys.
If you only need community/local governance, do not set enterprise API keys; that keeps all evaluation and logs on-disk. If you plan to use enterprise features, review the network interactions and test in a controlled environment first.
Capability Analysis
Type: OpenClaw Skill
Name: an2b-warden-governance
Version: 1.0.0
The OpenClaw AgentSkills skill bundle 'an2b-warden-governance' is designed to provide governance and security for AI agent actions. All analyzed files, including code and documentation (SKILL.md, README.md, UPGRADE.md), consistently describe and implement a system to intercept, evaluate, and potentially block or review agent actions (e.g., email deletion, shell execution, payments). The skill utilizes local YAML policies and SQLite for community mode, with optional integration to external enterprise services (Sentinel_OS for governance, EngramPort for memory) via configurable API keys. There is no evidence of intentional harmful behavior such as data exfiltration to unauthorized endpoints, backdoor installation, or malicious code execution. The documentation explicitly highlights the skill's purpose in preventing such actions, and the code implements protective measures like a tamper-evident audit log and fail-closed defaults. External network calls are made only to the stated enterprise services when configured by the user, and standard libraries like `httpx` are used for this purpose.
Capability Assessment
Purpose & Capability
The skill implements a policy engine, audit log, local memory, and optional clients for Sentinel_OS and EngramPort. Optional API keys and the network calls in the enterprise client match the documented 'Enterprise' upgrade path. The presence of many code files is consistent with a full governance implementation. Minor inconsistency: README/docs often state local SQLite under OpenClaw paths, but LocalAuditLog defaults to ~/.warden/audit.db (creates ~/.warden/) whereas other docs reference ~/.openclaw/memory/ — this is an implementation detail you should verify.
Instruction Scope
SKILL.md limits actions to registering hooks (before_action/after_action/on_error), loading YAML policies, and optionally calling external services only when API keys are set. The runtime instructions do not ask the agent to read unrelated user files or secrets. Note: the governance engine will include action.data in audit and in requests to enterprise endpoints, which can contain sensitive content (e.g., full email metadata/content) depending on what OpenClaw passes to the hook.
Install Mechanism
No hazardous install URL patterns are present. The project includes a standard pyproject.toml and suggests installation via ClawHub or pip (package metadata and entry point included). There is no download-from-arbitrary-URL installer in the provided manifest.
Credentials
Only optional credentials are declared (SENTINEL_API_KEY, ENGRAMPORT_API_KEY). Those map directly to described enterprise features. Important: when those keys are set the skill will transmit action payloads and memory content to external services (headers show X-API-Key or Bearer). This is proportionate to the enterprise use case but is high sensitivity — only set keys for services you trust.
Persistence & Privilege
The skill persists state (local SQLite memory and audit DB) and registers hooks that run on agent actions; autonomous invocation is allowed (platform default). This is expected for a governance skill, but note it will intercept every action and write audit events to disk (default audit DB path: ~/.warden/audit.db) and memory to configured DBs. There is no 'always: true' privilege escalation in the registry metadata.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install an2b-warden-governance - After installation, invoke the skill by name or use
/an2b-warden-governance - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release. 177 tests. 200/200 Meta inbox blocks. Govern your OpenClaw bot in 5 minutes.
Metadata
Frequently Asked Questions
What is War/Den Governance?
Evaluates and governs all OpenClaw bot actions using YAML policies with tamper-evident audit logs to allow, deny, or require review before execution. It is an AI Agent Skill for Claude Code / OpenClaw, with 310 downloads so far.
How do I install War/Den Governance?
Run "/install an2b-warden-governance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is War/Den Governance free?
Yes, War/Den Governance is completely free (open-source). You can download, install and use it at no cost.
Which platforms does War/Den Governance support?
War/Den Governance is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created War/Den Governance?
It is built and maintained by John DeVere Cooley (@jcools1977); the current version is v1.0.0.
More Skills