功能描述

ASF V4.0 工业化增强模块 - 治理门禁 + 成本模型 + 安全优化。提供否决权执行、所有权证明、经济学评分、返工风险预测、安全在线优化等工业级能力。

使用说明 (SKILL.md)

ASF V4.0 - 工业化增强模块

Name: Asf V4
Author: alshowse-tech

版本: v0.9.0
OpenClaw 兼容性: >=2026.3.24

功能说明

ASF V4.0 为 OpenClaw 提供工业级治理和优化能力：

否决权执行 - 硬/软否决规则验证变更
所有权证明 - 可验证的 single-writer 证明
经济学评分 - 基于成本的角色分配优化
返工风险 - 预测性风险分析
安全优化器 - 带回滚保护的在线优化

工具

工具	说明
`veto-check`	检查变更是否通过硬/软否决规则
`ownership-proof`	生成可验证的所有权证明
`economics-score`	计算角色分配经济学评分
`interface-budget`	计算跨角色依赖成本
`rework-risk`	预测任务返工风险
`hot-contract`	分析契约耦合度并建议角色数量
`conflict-resolve`	解决所有权冲突
`safe-optimize`	安全在线优化

命令

命令	说明
`asf:status`	检查 ASF V4.0 状态
`asf:veto`	运行否决检查
`asf:proof`	生成所有权证明
`asf:score`	计算经济学评分
`asf:risk`	预测返工风险
`asf:hot-contracts`	分析热契约

配置

编辑 config/asf-v4.config.yaml：

veto:
  mode: default  # default | strict | custom
  
economics:
  scoreWeights:
    interfaceCost: -0.30
    bottleneck: -0.20
    skillMatch: 0.20
    parallelismGain: 0.15
    reworkRisk: -0.15

optimizer:
  enabled: true
  cooldownMs: 1800000  # 30 分钟
  failureThreshold: 2

依赖

Node.js >=20.0.0
OpenClaw >=2026.3.24

使用示例

# 检查状态
asf:status

# 运行否决检查
asf:veto --changes='[{"resourceType":"contract","resourcePath":"/orders","action":"update"}]'

# 生成所有权证明
asf:proof --resources='[{"type":"contract","path":"/orders#POST"}]' --roles='[{"id":"backend-team"}]'

架构影响

激活 ASF V4.0 后，ANFSF 架构获得以下增强：

Layer 4 (Requirement Graph) - 增加变更追溯和热力图
Layer 8.5 (Role Control Plane) - 增加 Interface Budget v2 和否决门禁
Layer 9 (Agent OS) - 增加角色 KPI 仪表板
Layer 13 (Semantic Consistency) - 增加契约语义化 diff
Layer 16 (Runtime Intelligence) - 增加自动回滚和进化守卫

许可证

MIT License

安全使用建议

What to check before installing or enabling: - Inspect the code before running: review integrations/* (memory-extension.ts, agent-status-extension.ts, security-audit-extension.ts) and scripts/security-audit.sh for any network calls, credential reads, or unexpected shell commands. - Don’t run publishing scripts with your real ClawHub credentials or CLAWHUB_TOKEN until you trust the package; the docs include curl examples that require a token. - The SKILL.md metadata says no install steps, but package.json and README show you must run npm install / npx ts-node / npm run build. Treat that as a signal to run builds/tests in an isolated environment (container or VM) first. - Pay attention to agent-memory and agent-status access: this skill is designed to write/read OpenClaw memory and extend agent state — if your agent stores sensitive data, audit the code paths that handle memory entries and logs. - Run the included security-audit.sh and the unit/bench tests locally in a sandbox to validate claims, and search the code for outbound network endpoints or hardcoded URLs before enabling in production. If you can't perform a code review yourself: run the skill in an isolated test agent with no access to production data and no network egress, confirm behavior, then decide whether to enable it more widely.

功能分析

Type: OpenClaw Skill Name: anfsf-v1 Version: 1.5.2 The ASF V4.0 skill bundle is a comprehensive governance and optimization framework for OpenClaw agents, focusing on veto enforcement, ownership verification, and economic modeling. Analysis of the TypeScript source code and shell scripts reveals no evidence of data exfiltration, unauthorized remote execution, or malicious prompt injection. While the 'security-audit.sh' script utilizes 'eval' to execute its internal check logic, this is a standard pattern for local testing utilities and does not pose a runtime risk to the agent. The bundle is well-documented and its behavior aligns strictly with its stated purpose of industrial-grade agent governance.

能力评估

ℹ Purpose & Capability

Name/description (governance, veto, ownership, economics) align with the code and the listed tools/integrations (memory, agent status, security audit). However SKILL.md metadata says no install steps but the package includes package.json, TypeScript code, benchmark and script files and documentation that instruct running npm/npx/ts-node and bash scripts — so the declared minimal runtime (empty install list) is inconsistent with what the repository actually contains and what the docs expect.

⚠ Instruction Scope

The runtime docs and other guides instruct executing local scripts (scripts/security-audit.sh), running npx ts-node benchmarks, editing ~/.openclaw/openclaw.json, and optionally using ClawHub publish APIs (curl with CLAWHUB_TOKEN). The skill's code also exposes functions that write to OpenClaw memory and extend agent status (openclaw.memory.write, extendAgentStatusWithKPI, addVetoCheck). Those capabilities are reasonable for a governance tool, but the instructions ask for filesystem and agent-state changes and running arbitrary local scripts without a declared install process — this gives the skill broad discretion over agent-local state and execution, so review of the actual code (especially scripts/security-audit.sh and integrations/*.ts) is recommended before use.

⚠ Install Mechanism

SKILL.md declares an empty install list while the repository contains package.json, TypeScript source, and docs that expect npm install / npx ts-node / npm run build. Lack of an explicit install spec (and no declared required binaries beyond Node >=20) is an inconsistency: users will likely need to run npm install or otherwise build the code to use it. That missing explicit install makes accidental execution of unreviewed code more likely.

ℹ Credentials

The skill declares no required environment variables or credentials, which matches most runtime behavior. However documentation includes examples that use CLAWHUB_TOKEN (for web/API publish examples) and asks users to run clawhub login — these are publishing/user-actions not runtime credentials, but they are present in repo docs without being declared. The skill's integrations allow writing to agent memory and agent status (sensitive local state) but do not request external secrets — this is proportionate for a governance/agent integration tool if you trust the code, but it still grants access to internal agent data and state.

ℹ Persistence & Privilege

always:false (good). The skill includes code to integrate with OpenClaw internals (Memory, Agent Status, Security Audit) and docs show modifying ~/.openclaw/openclaw.json to enable the skill; these are expected for a skill that extends the agent. Because the skill can read/write agent memory and register checks, installing it grants it non-trivial local privileges — this is not automatically malicious but should be considered before enabling in production.

版本历史

v1.5.2

- Internal skill version updated to 1.5.2. - No file or documentation changes detected in this release.

v1.5.1

Version 1.5.1 of anfsf-v1 - No file changes detected in this release. - No updates made to documentation or functionality.

v1.5.0

ASF V4.0 brings major industrial-grade enhancements with governance, cost modeling, and security optimization features. - Adds veto enforcement, single-writer ownership proof, economic scoring, rework risk prediction, and safe online optimization capabilities. - Offers new tools and commands for change veto checks, ownership proofs, economic score calculations, rework risk forecasting, contract analysis, conflict resolution, and optimization. - Introduces detailed configuration options for veto rules, scoring weights, and optimizer behavior. - Enhances multiple architecture layers with traceability, interface budgeting, KPI dashboards, semantic diff, and runtime intelligence. - Requires Node.js >=20.0.0 and OpenClaw >=2026.3.24.

元数据

Slug anfsf-v1

版本 1.5.2

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题

Asf V4 是什么？

ASF V4.0 工业化增强模块 - 治理门禁 + 成本模型 + 安全优化。提供否决权执行、所有权证明、经济学评分、返工风险预测、安全在线优化等工业级能力。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 97 次。

如何安装 Asf V4？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install anfsf-v1」即可一键安装，无需额外配置。

Asf V4 是免费的吗？

是的，Asf V4 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Asf V4 支持哪些平台？

Asf V4 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Asf V4？

由 alshowse-tech（@alshowse-tech）开发并维护，当前版本 v1.5.2。

Asf V4