← 返回 Skills 市场
jcools1977

War/Den Governance

作者 John DeVere Cooley · GitHub ↗ · v1.0.0
cross-platform ✓ 安全检测通过
310
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install an2b-warden-governance
功能描述
Evaluates and governs all OpenClaw bot actions using YAML policies with tamper-evident audit logs to allow, deny, or require review before execution.
使用说明 (SKILL.md)

\r \r

War/Den Governance Skill\r

\r

ClawHub Package: an2b/warden-governance\r Version: 1.0.0\r Category: Governance & Security\r License: MIT\r \r ---\r \r

What This Skill Does\r

\r Every action your OpenClaw bot tries to take is evaluated by War/Den before it executes.\r \r

Your Bot -> War/Den check -> ALLOW  -> action executes\r
                          -> DENY   -> action blocked + logged\r
                          -> REVIEW -> waits for your approval\r
```\r
\r
No more deleted emails. No more data exfiltration. No more ungoverned agents.\r
\r
**Community mode works with zero external dependencies.** No API keys. No cloud.\r
Just YAML policies, a local SQLite audit log, and a hash chain you can verify.\r
\r
---\r
\r
## Install\r
\r
### From ClawHub (recommended)\r
\r
```bash\r
openclaw skill install an2b/warden-governance\r
```\r
\r
### From pip\r
\r
```bash\r
pip install warden-governance-skill\r
```\r
\r
Both methods install to: `~/.openclaw/skills/warden-governance/`\r
\r
On successful install you'll see:\r
\r
```\r
🦞 War/Den governance active.\r
   Your OpenClaw bot is now governed.\r
```\r
\r
### Add to your OpenClaw config\r
\r
```yaml\r
skills:\r
  - name: warden-governance\r
    config:\r
      SENTINEL_API_KEY: ""       # optional -- leave blank for community mode\r
      ENGRAMPORT_API_KEY: ""     # optional -- leave blank for local memory\r
      WARDEN_FAIL_OPEN: "false"  # block on governance failure (default)\r
```\r
\r
### Restart your bot\r
\r
```bash\r
openclaw restart\r
```\r
\r
That's it. Your bot is now governed.\r
\r
---\r
\r
## How It Works\r
\r
### Hooks\r
\r
This skill registers three OpenClaw hooks:\r
\r
| Hook | Purpose |\r
|------|---------|\r
| `before_action` | Evaluate every action against policy before execution |\r
| `after_action` | Write action result to governed memory |\r
| `on_error` | Log errors to tamper-evident audit trail |\r
\r
### Action Bridge\r
\r
All 15 OpenClaw action types are mapped to War/Den governance types:\r
\r
| OpenClaw Action | War/Den Type | Default Protection |\r
|-----------------|--------------|-------------------|\r
| `email.send` | `message.send` | Monitored |\r
| `email.delete` | `data.write` | **Requires human review** |\r
| `email.read` | `data.read` | Monitored |\r
| `file.write` | `data.write` | Monitored |\r
| `file.delete` | `data.write` | **Requires human review** |\r
| `file.read` | `data.read` | Monitored |\r
| `browser.navigate` | `api.call` | Monitored |\r
| `browser.click` | `api.call` | Monitored |\r
| `shell.execute` | `code.execute` | **Blocked in production** |\r
| `api.call` | `api.call` | Monitored |\r
| `calendar.create` | `data.write` | Monitored |\r
| `calendar.delete` | `data.write` | **Requires human review** |\r
| `message.send` | `message.send` | Monitored |\r
| `code.execute` | `code.execute` | **Blocked in production** |\r
| `payment.create` | `api.call` | **Requires human review** |\r
\r
### Policy Engine\r
\r
Policies are YAML files evaluated in priority order:\r
\r
```yaml\r
policies:\r
  - name: protect-email-delete\r
    match:\r
      action.type: data.write\r
      action.data.openclaw_original: email.delete\r
    decision: review\r
    mode: enforce\r
    priority: 1\r
    active: true\r
    reason: "Email deletion requires human review."\r
```\r
\r
**Evaluation rules:**\r
1. Filter to active policies only\r
2. Sort by priority ascending (lower number = higher priority)\r
3. First match wins\r
4. `mode: monitor` -- log but return ALLOW\r
5. `mode: enforce` -- return the matched decision\r
6. No match -- default ALLOW\r
\r
### Pre-built Policy Packs\r
\r
Load governance instantly with built-in packs:\r
\r
| Pack | What It Does |\r
|------|-------------|\r
| `basic_safety` | Blocks code execution in prod, monitors writes and API calls |\r
| `phi_guard` | Denies PHI access in dev, requires review for memory export |\r
| `payments_guard` | Denies payment actions in dev, requires review in prod |\r
\r
### Audit Trail\r
\r
Every governance decision is written to a tamper-evident SHA-256 hash chain:\r
\r
```\r
Event N:  hash = SHA256(prev_hash + agent_id + action_type + decision + timestamp)\r
Event N+1: prev_hash = Event N hash\r
```\r
\r
Verify the chain at any time:\r
\r
```python\r
valid, bad_event_id = audit_log.verify_chain()\r
```\r
\r
### Decision Cache\r
\r
ALLOW decisions are cached for 5 minutes (configurable). DENY and REVIEW are **never** cached -- they always hit the governance engine fresh.\r
\r
---\r
\r
## Community vs Enterprise\r
\r
| Feature | Community (Free) | Enterprise |\r
|---------|-----------------|------------|\r
| Policy enforcement | Local YAML | Sentinel_OS cloud |\r
| Audit trail | Local SQLite + hash chain | Cloud + signed PDF |\r
| Memory storage | Local SQLite | EngramPort cloud (MandelDB) |\r
| Memory search | Text search (LIKE) | Vector search (3072-dim) |\r
| Synthesis | Basic recall | Eidetic AI synthesis |\r
| Cross-bot memory | -- | Orchestra multi-agent |\r
| Multi-namespace | 3 max | Unlimited |\r
| Compliance export | -- | SOC2/HIPAA PDF |\r
| Cryptographic provenance | Local hash chain | AEGIS (SHA-256 + RSA) |\r
| Dependencies | **Zero** | `sentinel-client`, `engramport-langchain` |\r
\r
### Mode Matrix\r
\r
| `SENTINEL_API_KEY` | `ENGRAMPORT_API_KEY` | Mode |\r
|--------------------|----------------------|------|\r
| -- | -- | Full Community |\r
| Set | -- | Governed Community |\r
| -- | Set | Memory Enterprise |\r
| Set | Set | Full Enterprise |\r
\r
All four modes work with zero code changes. Just environment variables.\r
\r
---\r
\r
## Enterprise Upgrade Path\r
\r
### Sentinel_OS (Governance)\r
\r
Set `SENTINEL_API_KEY` to upgrade governance from local YAML to Sentinel_OS cloud:\r
\r
- Real-time policy evaluation via `/api/v1/check`\r
- Pre-flight checks via `/api/v1/check` (read-only, no side effects)\r
- Action logging via `/api/v1/ingest` with hash chain integrity\r
- Run management, alerting, and AI-powered insights\r
- Python and Node.js SDKs\r
- Rate limiting: 2000 checks/min, 1000 ingests/min per API key\r
\r
Get your key at [getsentinelos.com](https://getsentinelos.com)\r
\r
### EngramPort (Memory via MandelDB)\r
\r
Set `ENGRAMPORT_API_KEY` to upgrade memory from local SQLite to EngramPort cloud:\r
\r
- **5 endpoints:** `/register`, `/remember`, `/recall`, `/reflect`, `/stats`\r
- 3072-dimensional OpenAI embeddings via Pinecone\r
- AEGIS cryptographic provenance (SHA-256 + RSA signature per memory)\r
- Namespace-isolated storage (`bot:{slug}:{uid}`)\r
- Eidetic cross-memory pattern synthesis via GPT-4o-mini\r
- Multi-agent orchestration with `EngramPortOrchestra`\r
- Background synthesis with `DreamState`\r
- LangChain drop-in integration\r
\r
API keys use format `ek_bot_*` with SHA-256 hashed storage.\r
\r
Get your key at [engram.eideticlab.com](https://engram.eideticlab.com)\r
\r
---\r
\r
## Configuration\r
\r
| Variable | Required | Default | Description |\r
|----------|----------|---------|-------------|\r
| `SENTINEL_API_KEY` | No | `""` | Sentinel_OS key. Blank = community governance |\r
| `ENGRAMPORT_API_KEY` | No | `""` | EngramPort key. Blank = local memory |\r
| `WARDEN_FAIL_OPEN` | No | `false` | Allow on governance failure |\r
| `WARDEN_AGENT_ID` | No | `openclaw-agent` | Bot identifier |\r
| `WARDEN_POLICY_FILE` | No | built-in | Path to custom YAML policy file |\r
| `WARDEN_POLICY_PACKS` | No | `""` | Comma-separated pack names |\r
| `WARDEN_MEMORY_DB` | No | `~/.warden/memory.db` | Local memory path |\r
| `WARDEN_AUDIT_DB` | No | `~/.warden/audit.db` | Local audit log path |\r
| `WARDEN_CACHE_TTL` | No | `300` | ALLOW cache TTL in seconds |\r
\r
### Fail-Open Behavior\r
\r
| `WARDEN_FAIL_OPEN` | War/Den reachable | War/Den unreachable |\r
|---------------------|-------------------|---------------------|\r
| `false` (default) | Normal governance | Action **BLOCKED** |\r
| `true` | Normal governance | Action **ALLOWED** + warning |\r
\r
Default is `false` because a governance failure should never silently allow dangerous actions.\r
\r
---\r
\r
## Test Proof\r
\r
This skill ships with a comprehensive test suite. Run it:\r
\r
```bash\r
python -m pytest tests/ -v\r
```\r
\r
Key test: **The Meta inbox test** simulates the exact incident where an OpenClaw agent deleted 200 emails. With War/Den, all 200 are blocked:\r
\r
```python\r
def test_meta_researcher_inbox_protection(self, tmp_path):\r
    """Simulate the exact Meta inbox incident. All 200 emails blocked."""\r
    skill = _make_skill(tmp_path, WARDEN_POLICY_FILE=policy_path)\r
    blocked = 0\r
    for i in range(200):\r
        result = skill.before_action(\r
            {"type": "email.delete", "data": {"email_id": f"msg_{i}"}},\r
            {"agent_id": "meta-researcher-bot", "env": "prod"},\r
        )\r
        if not result["proceed"]:\r
            blocked += 1\r
    assert blocked == 200\r
```\r
\r
---\r
\r
## Skill Files\r
\r
```\r
warden-governance-skill/\r
├── SKILL.md                          # This file (ClawHub primary)\r
├── clawhub.json                      # ClawHub registry metadata\r
├── README.md                         # Full documentation\r
├── pyproject.toml                    # Python package config\r
├── policies/\r
│   ├── openclaw_default.yaml         # Default governance policies\r
│   └── policy_packs.py              # Pre-built policy packs\r
├── warden_governance/\r
│   ├── __init__.py\r
│   ├── skill.py                      # Main skill class (hooks)\r
│   ├── action_bridge.py              # OpenClaw \x3C-> War/Den translation\r
│   ├── policy_engine.py              # Community policy engine\r
│   ├── audit_log.py                  # SHA-256 hash chain audit\r
│   ├── memory_client.py              # Governed memory operations\r
│   ├── local_store.py                # Local SQLite memory\r
│   ├── sentinel_client.py            # Enterprise Sentinel_OS client\r
│   ├── engramport_client.py          # Enterprise EngramPort client\r
│   ├── upgrade_manager.py            # Mode detection + banner\r
│   ├── health_check.py               # Enterprise health validation\r
│   └── settings.py                   # Configuration\r
└── tests/\r
    ├── __init__.py\r
    ├── test_skill.py                 # Skill + Meta inbox tests\r
    ├── test_policy_engine.py         # Policy engine tests\r
    ├── test_audit_log.py             # Audit trail tests\r
    ├── test_action_bridge.py         # Action bridge tests\r
    ├── test_memory.py                # Memory client tests\r
    └── test_enterprise.py            # Enterprise upgrade tests\r
```\r
\r
---\r
\r
Built on [Sentinel_OS](https://getsentinelos.com) and [EngramPort](https://engram.eideticlab.com) by [AN2B Technologies](https://an2b.com)\r
\r
*The lobster protects the inbox.*\r
安全使用建议
This skill appears to do what it says: enforce YAML policies locally and optionally call enterprise services when you provide API keys. Before installing: - Review policies: inspect the built-in policies/policy_packs and any WARDEN_POLICY_FILE you plan to use so you understand what will be blocked/allowed/reviewed. - Audit log & memory storage: the code writes a local audit DB (~/.warden/audit.db by default) and a local memory DB (configurable). Confirm these locations and file permissions are acceptable for your environment. - Enterprise mode = external transmission: if you set SENTINEL_API_KEY or ENGRAMPORT_API_KEY the skill will POST action payloads and memory to third-party endpoints (Sentinel_OS / EngramPort). Only enable those keys for services and operators you trust; action.data can include sensitive contents (emails, file contents, etc.). - Fail-open behavior: WARDEN_FAIL_OPEN controls whether actions are allowed when governance is unreachable. Default is 'false' (fail-closed). Decide which is appropriate for your risk tolerance. - Inspect settings.py: verify base URLs and any default endpoints the code will contact (to ensure they match the vendor URLs you expect). There is a small docs/implementation mismatch on default audit path; confirm actual paths after install. - Source verification: the skill metadata references an2b domains and a GitHub repo. If provenance matters, verify the package origin (git tag, checksum, or repository) before pip installing or setting enterprise keys. If you only need community/local governance, do not set enterprise API keys; that keeps all evaluation and logs on-disk. If you plan to use enterprise features, review the network interactions and test in a controlled environment first.
功能分析
Type: OpenClaw Skill Name: an2b-warden-governance Version: 1.0.0 The OpenClaw AgentSkills skill bundle 'an2b-warden-governance' is designed to provide governance and security for AI agent actions. All analyzed files, including code and documentation (SKILL.md, README.md, UPGRADE.md), consistently describe and implement a system to intercept, evaluate, and potentially block or review agent actions (e.g., email deletion, shell execution, payments). The skill utilizes local YAML policies and SQLite for community mode, with optional integration to external enterprise services (Sentinel_OS for governance, EngramPort for memory) via configurable API keys. There is no evidence of intentional harmful behavior such as data exfiltration to unauthorized endpoints, backdoor installation, or malicious code execution. The documentation explicitly highlights the skill's purpose in preventing such actions, and the code implements protective measures like a tamper-evident audit log and fail-closed defaults. External network calls are made only to the stated enterprise services when configured by the user, and standard libraries like `httpx` are used for this purpose.
能力评估
Purpose & Capability
The skill implements a policy engine, audit log, local memory, and optional clients for Sentinel_OS and EngramPort. Optional API keys and the network calls in the enterprise client match the documented 'Enterprise' upgrade path. The presence of many code files is consistent with a full governance implementation. Minor inconsistency: README/docs often state local SQLite under OpenClaw paths, but LocalAuditLog defaults to ~/.warden/audit.db (creates ~/.warden/) whereas other docs reference ~/.openclaw/memory/ — this is an implementation detail you should verify.
Instruction Scope
SKILL.md limits actions to registering hooks (before_action/after_action/on_error), loading YAML policies, and optionally calling external services only when API keys are set. The runtime instructions do not ask the agent to read unrelated user files or secrets. Note: the governance engine will include action.data in audit and in requests to enterprise endpoints, which can contain sensitive content (e.g., full email metadata/content) depending on what OpenClaw passes to the hook.
Install Mechanism
No hazardous install URL patterns are present. The project includes a standard pyproject.toml and suggests installation via ClawHub or pip (package metadata and entry point included). There is no download-from-arbitrary-URL installer in the provided manifest.
Credentials
Only optional credentials are declared (SENTINEL_API_KEY, ENGRAMPORT_API_KEY). Those map directly to described enterprise features. Important: when those keys are set the skill will transmit action payloads and memory content to external services (headers show X-API-Key or Bearer). This is proportionate to the enterprise use case but is high sensitivity — only set keys for services you trust.
Persistence & Privilege
The skill persists state (local SQLite memory and audit DB) and registers hooks that run on agent actions; autonomous invocation is allowed (platform default). This is expected for a governance skill, but note it will intercept every action and write audit events to disk (default audit DB path: ~/.warden/audit.db) and memory to configured DBs. There is no 'always: true' privilege escalation in the registry metadata.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install an2b-warden-governance
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /an2b-warden-governance 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release. 177 tests. 200/200 Meta inbox blocks. Govern your OpenClaw bot in 5 minutes.
元数据
Slug an2b-warden-governance
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

War/Den Governance 是什么?

Evaluates and governs all OpenClaw bot actions using YAML policies with tamper-evident audit logs to allow, deny, or require review before execution. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 310 次。

如何安装 War/Den Governance?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install an2b-warden-governance」即可一键安装,无需额外配置。

War/Den Governance 是免费的吗?

是的,War/Den Governance 完全免费(开源免费),可自由下载、安装和使用。

War/Den Governance 支持哪些平台?

War/Den Governance 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 War/Den Governance?

由 John DeVere Cooley(@jcools1977)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论