← 返回 Skills 市场
362
总下载
0
收藏
3
当前安装
5
版本数
在 OpenClaw 中安装
/install constraint-engine
功能描述
Learn from consequences, not instructions — generate and enforce constraints from experience
使用说明 (SKILL.md)
constraint-engine (制約)
Unified skill for constraint generation, pre-action checking, circuit breaker management, and constraint lifecycle. Consolidates 7 granular skills into a single enforcement system.
Trigger: 行動前∨閾値到達 (pre-action or threshold reached)
Source skills: constraint-generator, circuit-breaker, emergency-override, constraint-lifecycle, constraint-versioning, positive-framer (partial), contextual-injection (partial)
Installation
openclaw install leegitw/constraint-engine
Dependencies: leegitw/failure-memory (for eligibility data)
# Install with dependencies
openclaw install leegitw/context-verifier
openclaw install leegitw/failure-memory
openclaw install leegitw/constraint-engine
Standalone usage: Requires failure-memory for constraint generation from observations. For full lifecycle management, install the complete suite (see Neon Agentic Suite).
Data handling: This skill operates within your agent's trust boundary. When triggered,
it uses your agent's configured model for constraint checking and generation. No external APIs
or third-party services are called. Results are written to output/constraints/ in your workspace.
What This Solves
Instructions get ignored. Rules get forgotten. Documentation goes unread. This skill takes a different approach — constraints generated from actual failures:
- Generate constraints from observations that meet the eligibility threshold (
R≥3 ∧ C≥2) - Enforce constraints at runtime with a circuit breaker (CLOSED → OPEN → HALF-OPEN)
- Manage lifecycle from proposal through adoption to retirement
The insight: A constraint born from "this actually broke" carries more weight than "this might break." Consequences teach better than instructions.
Usage
/ce \x3Csub-command> [arguments]
Sub-Commands
| Command | CJK | Logic | Trigger |
|---|---|---|---|
/ce check |
検査 | action→constraints[]→pass∨block | Next Steps (auto) |
/ce generate |
生成 | eligible(obs)→constraint | Next Steps (auto) |
/ce status |
状態 | active[], circuit∈{CLOSED,OPEN,HALF} | Explicit |
/ce override |
上書 | constraint→bypass(temp), audit.log++ | Explicit |
/ce lifecycle |
周期 | state∈{draft→active→retiring→retired} | Explicit |
/ce version |
版本 | constraint→v++, history.preserve | Explicit |
/ce threshold |
閾値 | user∨context→custom_threshold | Explicit |
Arguments
/ce check
| Argument | Required | Description |
|---|---|---|
| action | Yes | Action to check against constraints |
| --severity | No | Minimum severity to check: critical, important, minor (default: all) |
/ce generate
| Argument | Required | Description |
|---|---|---|
| observation | Yes | Observation ID or pattern to generate constraint from |
| --force | No | Generate even if eligibility criteria not met |
/ce status
| Argument | Required | Description |
|---|---|---|
| --circuit | No | Show circuit breaker status only |
| --active | No | Show active constraints only |
/ce override
| Argument | Required | Description |
|---|---|---|
| constraint | Yes | Constraint ID to override |
| reason | Yes | Reason for override (logged for audit) |
| --duration | No | Override duration (default: "session") |
/ce lifecycle
| Argument | Required | Description |
|---|---|---|
| constraint | Yes | Constraint ID |
| state | Yes | Target state: draft, active, retiring, retired |
/ce version
| Argument | Required | Description |
|---|---|---|
| constraint | Yes | Constraint ID |
| --bump | No | Version bump type: major, minor, patch (default: minor) |
/ce threshold
| Argument | Required | Description |
|---|---|---|
| --R | No | Custom recurrence threshold (default: 3) |
| --C | No | Custom confirmation threshold (default: 2) |
| --reset | No | Reset to default thresholds |
Configuration
Configuration is loaded from (in order of precedence):
.openclaw/constraint-engine.yaml(OpenClaw standard).claude/constraint-engine.yaml(Claude Code compatibility)- Defaults (built-in)
# .openclaw/constraint-engine.yaml
thresholds:
R: 3 # Recurrence threshold (default: 3)
C: 2 # Confirmation threshold (default: 2)
false_positive_max: 0.2 # Max D/(C+D) ratio (default: 0.2)
circuit_breaker:
critical_threshold: 3 # Violations to trip for CRITICAL
important_threshold: 5 # Violations to trip for IMPORTANT
minor_threshold: 10 # Violations to trip for MINOR
window_days: 30 # Violation window (default: 30 days)
lifecycle:
review_reminder_days: 80 # Days before 90-day review to remind
Core Logic
Eligibility Criteria
Observation becomes eligible for constraint when:
R≥3 ∧ C≥2 ∧ D/(C+D)\x3C0.2 ∧ sources≥2
| Criterion | Meaning |
|---|---|
| R≥3 | At least 3 recurrences |
| C≥2 | At least 2 human confirmations |
| D/(C+D)\x3C0.2 | False positive rate under 20% |
| sources≥2 | Observed by at least 2 different sources |
Positive Reframing
Constraints are automatically reframed positively:
| Negative | Positive |
|---|---|
| "Don't commit without tests" | "Always run tests before commit" |
| "Don't push to main directly" | "Always create PR for main changes" |
| "Don't deploy without review" | "Always get code review before deployment" |
| "Don't skip migrations" | "Always run database migrations before release" |
Example: Code Review Constraint
[CHECK BLOCKED] deploy production
Constraint violated: CON-20260212-005
"Always get code review approval before production deployment"
Severity: CRITICAL
Action: Request review via /ro twin, then retry deployment.
Example: Deployment Gate Constraint
[CHECK PASSED] deploy staging
Active constraints checked: 3
✓ CON-20260210-001: Tests pass
✓ CON-20260211-002: Staging smoke test
✓ CON-20260212-003: Database migration verified
All constraints satisfied. Proceeding to staging.
Circuit Breaker States
| State | Meaning | Behavior |
|---|---|---|
| CLOSED | Normal operation | Constraints enforced |
| OPEN | Circuit tripped | Block all related actions |
| HALF-OPEN | Testing recovery | Allow limited actions |
Circuit Breaker Thresholds
| Severity | Threshold | Window |
|---|---|---|
| CRITICAL | 3 violations | 30 days |
| IMPORTANT | 5 violations | 30 days |
| MINOR | 10 violations | 30 days |
Constraint Lifecycle
draft → active → retiring → retired
│ │ │
└────────┴─────────┴── 90-day review gates
Output
/ce check output (pass)
[CHECK PASSED] git commit -m "feature"
Active constraints checked: 5
All constraints satisfied.
/ce check output (block)
[CHECK BLOCKED] git commit -m "feature"
Constraint violated: CON-20260210-001
"Always run tests before commit"
Severity: CRITICAL
Action: Run tests first, then retry commit.
Override: /ce override CON-20260210-001 "emergency hotfix"
/ce status output
=== Constraint Engine Status ===
Circuit Breaker: CLOSED (healthy)
Active Constraints (5):
- CON-20260210-001: Always run tests before commit [CRITICAL]
- CON-20260212-003: Always lint before commit [IMPORTANT]
- ...
Draft Constraints (2):
- CON-20260215-001: Pending approval
Violations (30d): 2
/ce generate output
[CONSTRAINT GENERATED]
From: OBS-20260210-003 (lint-before-commit)
ID: CON-20260215-001
Text: "Always run lint before commit"
Severity: IMPORTANT
Status: draft
Next: Review and approve with /ce lifecycle CON-20260215-001 active
Integration
- Layer: Core
- Depends on: failure-memory (for eligibility data)
- Used by: governance (for constraint reviews), safety-checks (for enforcement)
Failure Modes
| Condition | Behavior |
|---|---|
| Invalid sub-command | List available sub-commands |
| Constraint not found | Error with suggestion to search |
| Ineligible observation | Show missing criteria, suggest /fm status |
| Circuit OPEN | Block action, show recovery guidance |
| Override without reason | Require reason for audit trail |
Next Steps
After invoking this skill:
| Condition | Action |
|---|---|
| Constraint generated | Add to output/constraints/draft/, notify user |
| Constraint activated | Move to output/constraints/active/ |
| Action blocked | Log to output/hooks/blocked.log, explain why |
| Circuit OPEN | Surface to user with recovery guidance |
| Override used | Audit log entry, temporary bypass only |
Workspace Files
This skill reads/writes:
output/
├── constraints/
│ ├── draft/ # Pending constraints
│ │ └── CON-YYYYMMDD-XXX.md
│ ├── active/ # Enforced constraints
│ │ └── CON-YYYYMMDD-XXX.md
│ ├── retired/ # Historical constraints
│ │ └── CON-YYYYMMDD-XXX.md
│ └── metadata.json # VFM scoring data
└── hooks/
└── blocked.log # Actions blocked by constraints
Security Considerations
What this skill accesses:
- Configuration files in
.openclaw/constraint-engine.yamland.claude/constraint-engine.yaml - Observation data from failure-memory (via
.learnings/directory) - Its own output directories
output/constraints/andoutput/hooks/
What this skill does NOT access:
- Files outside declared workspace paths
- System environment variables
- Network resources or external APIs
What this skill does NOT do:
- Send data to external services
- Execute arbitrary code
- Modify files outside its workspace
Dependency note:
This skill reads observation data from failure-memory skill's workspace (.learnings/).
Install leegitw/failure-memory for full constraint generation functionality.
Without failure-memory, constraint generation will have no observation data to process.
Audit logging:
Override actions are logged to output/hooks/blocked.log for audit purposes.
Logs are stored locally in the workspace only.
Acceptance Criteria
-
/ce checkvalidates action against active constraints -
/ce checkblocks when constraint violated, shows reason -
/ce generatecreates constraint from eligible observation -
/ce generateapplies positive reframing -
/ce statusshows circuit breaker state and active constraints -
/ce overridecreates temporary bypass with audit log -
/ce lifecycletransitions constraint through states -
/ce versionincrements constraint version preserving history - Circuit breaker trips at severity-appropriate thresholds
- Workspace files follow documented structure
Consolidated from 7 skills as part of agentic skills consolidation (2026-02-15).
安全使用建议
This skill appears internally consistent, but review these practical points before installing: 1) It will read the local config files (.openclaw/constraint-engine.yaml and .claude/constraint-engine.yaml) and will write constraints to output/constraints/ and output/hooks/ — inspect those configs and ensure you are comfortable with the skill modifying your workspace. 2) The SKILL.md references installing auxiliary skills (failure-memory, context-verifier); those are separate and could have their own requirements — review them before installing. 3) Although the skill states it does not call external APIs, it relies on your agent's model and internal trust boundary; if you want to limit autonomous changes, restrict agent-autonomy or require explicit user confirmation for enforcement/overrides. 4) If you plan to run openclaw install commands, be mindful that they fetch third-party skill code; review source repositories for any install-time behavior you might not want.
功能分析
Type: OpenClaw Skill
Name: constraint-engine
Version: 1.3.1
The constraint-engine skill is a framework for managing agentic guardrails by generating and enforcing rules based on past failures. It operates entirely within the local workspace (output/constraints/ and output/hooks/), lacks network access, and focuses on safety-oriented logic such as circuit breakers and audit-logged overrides. No indicators of data exfiltration, malicious execution, or prompt injection were found in SKILL.md or _meta.json.
能力评估
Purpose & Capability
Name/description (constraint generation/enforcement) align with what the skill requests and does: it reads local config, uses the agent model for checking/generation, and writes results to output/constraints/ and output/hooks/. The listed dependency on a failure-memory skill is consistent with generating constraints from observed failures.
Instruction Scope
SKILL.md is instruction-only and describes pre-action checks, generation, lifecycle, and circuit-breaker behavior. It explicitly restricts operations to the agent's trust boundary and workspace. The instructions reference only workspace paths and local config files (.openclaw/.claude); there are no directives to read unrelated system files or to transmit data to third-party services.
Install Mechanism
No install spec or code files are present; the SKILL.md shows example openclaw install commands but the skill itself is instruction-only. This is low-risk because nothing in the package will be written to disk or executed automatically by an installer.
Credentials
The skill requires no environment variables or external credentials. The only required config paths are project-local (.openclaw/constraint-engine.yaml and .claude/constraint-engine.yaml), which are proportionate to a behavior-enforcement skill.
Persistence & Privilege
always is false and autonomous invocation is allowed (platform default). The skill writes to its own workspace paths (output/constraints/, output/hooks/) which is expected. It does not request system-wide configuration changes or other skills' credentials.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install constraint-engine - 安装完成后,直接呼叫该 Skill 的名称或使用
/constraint-engine触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.1
- Author email updated from [email protected] to [email protected]
- No functional or logic changes; documentation only (SKILL.md edit)
v1.3.0
constraint-engine 1.3.0
- Data handling model updated: now operates within the agent’s trust boundary, using the agent’s configured model for constraint checking/generation (no external calls).
- Removed: `disable-model-invocation` flag and related instruction-only messaging.
- Tags updated for clarity and broader discoverability.
- Documentation clarified for new agent-centric operation and security boundaries.
v1.2.0
- Added explicit OpenClaw metadata defining required config and workspace paths for better environment integration.
- Updated internal metadata section to specify `.openclaw/constraint-engine.yaml`, `.claude/constraint-engine.yaml`, `output/constraints/`, and `output/hooks/` as required.
- No logic or feature changes—documentation and metadata enhancement only.
v1.1.0
constraint-engine 1.1.0
- Clarified data handling in documentation: the skill is now explicitly marked as "instruction-only" (disable-model-invocation: true).
- Updated description to emphasize that no AI models are invoked and no external APIs/services are called.
- Specified that the skill only accesses paths declared in its metadata.
- No functional/logical changes to commands or core logic; all changes are in documentation.
v1.0.0
constraint-engine 1.0.0
- Initial release consolidating 7 granular skills into a unified constraint enforcement system.
- Supports generation, enforcement, overrides, and full lifecycle management of constraints based on observed failures.
- Circuit breaker mechanism handles runtime constraint violations with dynamic state (CLOSED, OPEN, HALF-OPEN).
- Positive reframing of constraints for actionable enforcement (e.g., "Always run tests before commit").
- Configurable eligibility and circuit breaker thresholds, with built-in YAML configuration support.
- All results and constraint artifacts are output to the agent workspace, no external API calls required.
元数据
常见问题
Constraint Engine 是什么?
Learn from consequences, not instructions — generate and enforce constraints from experience. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 362 次。
如何安装 Constraint Engine?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install constraint-engine」即可一键安装,无需额外配置。
Constraint Engine 是免费的吗?
是的,Constraint Engine 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Constraint Engine 支持哪些平台?
Constraint Engine 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Constraint Engine?
由 Lee Brown(@leegitw)开发并维护,当前版本 v1.3.1。
推荐 Skills