← 返回 Skills 市场
ia-agent-native-architecture
作者
Ilia Alshanetsky
· GitHub ↗
· v3.0.4
· MIT-0
254
总下载
0
收藏
0
当前安装
11
版本数
在 OpenClaw 中安装
/install compound-eng-agent-native-architecture
功能描述
Design agent-native applications where agents replace UI users as the primary actor. Use when designing MCP tools, agent-loop architectures, shared-workspace...
使用说明 (SKILL.md)
Agent-Native Architecture
Core Principles
Five principles govern agent-native design. For detailed explanations, examples, and test criteria, see core-principles.md.
| Principle | One-line test |
|---|---|
| Parity | Can the agent achieve every outcome the UI allows? |
| Granularity | To change behavior, do you edit prose or refactor code? |
| Composability | Can you add a feature by writing a new prompt, without new code? |
| Emergent Capability | Can the agent handle open-ended requests you didn't design for? |
| Improvement Over Time | Does the app work better after a month, even without code changes? |
Focus Area Selection
- Design architecture - Plan a new agent-native system from scratch
- Files & workspace - Use files as the universal interface, shared workspace patterns
- Tool design - Build primitive tools, dynamic capability discovery, CRUD completeness
- Domain tools - Know when to add domain tools vs stay with primitives
- Execution patterns - Completion signals, partial completion, context limits
- System prompts - Define agent behavior in prompts, judgment criteria
- Context injection - Inject runtime app state into agent prompts
- Action parity - Ensure agents can do everything users can do
- Self-modification - Enable agents to safely evolve themselves
- Product design - Progressive disclosure, latent demand, approval patterns
- Mobile patterns - iOS storage, background execution, checkpoint/resume
- Testing - Test agent-native apps for capability and parity
- Refactoring - Make existing code more agent-native
- Anti-patterns - Common mistakes and how to avoid them
- Success criteria - Verify your architecture is agent-native
- Hooks patterns - Hook events, decision control, MCP matchers, async hooks
Wait for response before proceeding.
Reference Routing
| Response | Action |
|---|---|
| 1, "design", "architecture", "plan" | Read architecture-patterns.md, then apply Architecture Checklist below |
| 2, "files", "workspace", "filesystem" | Read files-universal-interface.md and shared-workspace-architecture.md |
| 3, "tool", "mcp", "primitive", "crud" | Read mcp-tool-design.md |
| 4, "domain tool", "when to add" | Read from-primitives-to-domain-tools.md |
| 5, "execution", "completion", "loop" | Read agent-execution-patterns.md |
| 6, "prompt", "system prompt", "behavior" | Read system-prompt-design.md |
| 7, "context", "inject", "runtime", "dynamic" | Read dynamic-context-injection.md |
| 8, "parity", "ui action", "capability map" | Read action-parity-discipline.md |
| 9, "self-modify", "evolve", "git" | Read self-modification.md |
| 10, "product", "progressive", "approval", "latent demand" | Read product-implications.md |
| 11, "mobile", "ios", "android", "background", "checkpoint" | Read mobile-patterns.md |
| 11a, "icloud", "storage", "documents", "file state", "entitlement" | Read mobile-storage.md |
| 11b, "background task", "battery", "on-device", "cloud routing" | Read mobile-execution.md |
| 11c, "model tier", "token budget", "cost-aware", "batch", "caching" | Read mobile-cost.md |
| 12, "test", "testing", "verify", "validate" | Read agent-native-testing.md |
| 13, "review", "refactor", "existing" | Read refactoring-to-prompt-native.md |
| 14, "anti-pattern", "mistake", "wrong" | Read anti-patterns.md |
| 15, "success", "criteria", "verify", "checklist" | Read success-criteria.md |
| 16, "hook", "hooks", "PreToolUse", "decision control", "async hook" | Read hooks-patterns.md |
| 0, "quick start", "getting started", "overview", "introduction" | Read quick-start.md |
After reading the reference, apply those patterns to the user's specific context.
Architecture Review Checklist
When designing an agent-native system, verify these before implementation:
Core Principles
- Parity: Every UI action has a corresponding agent capability
- Granularity: Tools are primitives; features are prompt-defined outcomes
- Composability: New features can be added via prompts alone
- Emergent Capability: Agent can handle open-ended requests in your domain
Tool Design
- Dynamic vs Static: For external APIs where agent should have full access, use Dynamic Capability Discovery
- CRUD Completeness: Every entity has create, read, update, AND delete
- Primitives over Workflows: Tools expose atomic capabilities; compose workflows in prompts
- API as Validator: Use
z.string()inputs when the API validates, notz.enum() - Eval Gate: 10 Q/A pairs in CI (read-only, multi-hop, closed-data), 9/10 pass threshold. See mcp-tool-design.md Evaluation section.
Files & Workspace
- Shared Workspace: Agent and user work in same data space
- context.md Pattern: Agent reads/updates context file for accumulated knowledge
- File Organization: Entity-scoped directories with consistent naming
- Context Durability: Incremental progress writes (WAL pattern) so interrupted tasks resume from last checkpoint
Agent Execution
- Completion Signals: Agent has explicit
complete_tasktool (not heuristic detection) - Partial Completion: Multi-step tasks track progress for resume
- Context Limits: Designed for bounded context from the start
- Validate-Before-Run: Agent previews planned actions before executing destructive operations
Context Injection
- Available Resources: System prompt includes what exists (files, data, types)
- Available Capabilities: System prompt documents tools with user vocabulary
- Dynamic Context: Context refreshes for long sessions (or provide
refresh_contexttool) - Trust levels for loaded content: System prompt distinguishes trusted (developer-authored) from untrusted (user input, retrieved docs, tool outputs); untrusted text is data, never instructions. See dynamic-context-injection.md Trust Levels section for the prompt-injection defense details.
UI Integration
- Agent -> UI: Agent changes reflect in UI (shared service, file watching, or event bus)
- No Silent Actions: Agent writes trigger UI updates immediately
- Capability Discovery: Users can learn what agent can do
Governance
- Approval Gates: Destructive or irreversible actions require user confirmation
- Audit Trail: Agent actions logged with timestamp, tool, and outcome
- Scope Boundaries: Agent cannot access resources outside its designated workspace
Hooks & Governance Automation
- Event Coverage: Only 6 hook events fire in agent context (PreToolUse, PostToolUse, PermissionRequest, PostToolUseFailure, Stop/SubagentStop); session lifecycle logic lives in the orchestrator
- Decision Gates: PreToolUse hooks enforce tool-level policy (allow/deny/ask/defer) instead of hardcoded checks
- Completion Gating: SubagentStop hooks block premature completion when verification steps remain
- MCP Matchers: Regex patterns target tools by server and operation for capability-based security
- Two-Tier Config: Shared policy committed, personal overrides git-ignored, per-hook disable toggles
Mobile (if applicable)
- Checkpoint/Resume: Handle iOS app suspension gracefully
- iCloud Storage: iCloud-first with local fallback for multi-device sync
- Cost Awareness: Model tier selection (Haiku/Sonnet/Opus)
When designing architecture, explicitly address each checkbox in your plan.
安全使用建议
This skill is a coherent, comprehensive guide for building agent-native apps — useful if you're designing agent loops, file-based workspaces, or self-modifying agents. Before installing or enabling it for an agent instance, consider:
- Review: read the SKILL.md and referenced docs yourself, focusing on sections about write_file, git/self_deploy, and system-prompt changes. Ensure you understand what the guidance would ask an empowered agent to do.
- Principle of least privilege: do NOT enable this skill on agents that have unreviewed tools granting file writes, git commits/pushes, or the ability to change system prompts, unless you have explicit approval gates in place.
- Approval gates: if you must allow the agent to modify code or prompts, enforce the approval-gates pattern described in the references (propose → review → apply) with human-in-the-loop confirmations and not automatic apply.
- Sandbox testing: try the skill in a tightly sandboxed environment where file writes, network pushes, and deploy actions are disabled or mocked.
- Search for explicit override phrasing: because the scanner flagged prompt-injection patterns, grep the SKILL.md and referenced files for any literal instructions like 'ignore previous instructions', 'override system prompt', or automated 'apply' flows and validate that such instructions are contextual/design-level notes rather than executable directives.
If you cannot perform these checks, treat the skill as potentially hazardous when attached to agents with write/exec/deploy privileges and prefer to use it only for manual design review rather than giving it autonomous capabilities.
功能分析
Type: OpenClaw Skill
Name: compound-eng-agent-native-architecture
Version: 3.0.4
This skill bundle is a comprehensive architectural guide for designing 'agent-native' applications where AI agents act as primary system actors. While it discusses high-risk capabilities such as self-modifying code (self-modification.md) and direct filesystem access (files-universal-interface.md), these are presented as legitimate design patterns for developer tools. Crucially, the documentation consistently emphasizes security and governance, including 'Approval Gates' for destructive operations (architecture-patterns.md), 'Trust Levels' to mitigate prompt injection (dynamic-context-injection.md), and 'Capability-based security' via lifecycle hooks (hooks-patterns.md). No evidence of malicious intent, data exfiltration, or unauthorized execution was found.
能力标签
能力评估
Purpose & Capability
Name, description, and bundled reference docs align: this is a meta skill (patterns, checklists, and guidelines) for designing agent-native architectures. It requests no binaries, env vars, or installs — which is proportionate for a documentation/guide skill.
Instruction Scope
The runtime instructions route the agent to read many internal references and then 'apply those patterns to the user's specific context.' Several referenced docs explicitly discuss system prompt design, approval gates, write_file/git commit flows, and self-modification patterns. That is coherent for a design guide, but the SKILL.md also contains pre-scan prompt-injection indicators (ignore-previous-instructions, system-prompt-override). If an agent that loads this skill also has tool primitives that write files, commit, or change system prompts, the instructions could be used to escalate actions beyond pure design advice. The SKILL.md does not itself request secrets or file reads, but it gives broad discretion to modify prompts/code when applied.
Install Mechanism
Instruction-only, no install spec, no downloads, no code executed on install. This is low-risk from an install/execution perspective.
Credentials
The skill declares no required environment variables, credentials, or config paths. The documentation discusses tooling patterns (write_file, git, approval gates) but the skill itself does not request secrets. That said, the guidance presumes availability of tools that may require credentials in a real deployment.
Persistence & Privilege
always: false and no special privileges are requested. However, the content promotes self-modification patterns (two-layer git, self_deploy, approval gates, modifying system prompts). If this skill is enabled for an agent that has persistent write/commit/deploy capabilities or can change system prompts, the combination increases risk because the skill explicitly instructs how to apply such changes. The skill does include patterns for approval gates, which is a mitigating design point, but it does not enforce them.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install compound-eng-agent-native-architecture - 安装完成后,直接呼叫该 Skill 的名称或使用
/compound-eng-agent-native-architecture触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.0.4
v3.0.4
v3.0.3
v3.0.3
v3.0.2
v3.0.2
v3.0.1
v3.0.1
v3.0.0
v3.0.0
v2.56.1
v2.56.1
v2.56.0
v2.56.0
v2.55.1
v2.55.1
v2.55.0
v2.55.0
v2.53.2
v2.53.2
v2.53.0
v2.53.0
元数据
常见问题
ia-agent-native-architecture 是什么?
Design agent-native applications where agents replace UI users as the primary actor. Use when designing MCP tools, agent-loop architectures, shared-workspace... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 254 次。
如何安装 ia-agent-native-architecture?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install compound-eng-agent-native-architecture」即可一键安装,无需额外配置。
ia-agent-native-architecture 是免费的吗?
是的,ia-agent-native-architecture 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
ia-agent-native-architecture 支持哪些平台?
ia-agent-native-architecture 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ia-agent-native-architecture?
由 Ilia Alshanetsky(@iliaal)开发并维护,当前版本 v3.0.4。
推荐 Skills