功能描述

Stop AI agents from secretly bypassing your rules. Mechanical enforcement with git hooks, secret detection, deployment verification, and import registries. B...

使用说明 (SKILL.md)

Agent Guardrails

Name: Agent Guardrails
Author: jzocb

Mechanical enforcement for AI agent project standards. Rules in markdown are suggestions. Code hooks are laws.

Quick Start

cd your-project/
bash /path/to/agent-guardrails/scripts/install.sh

This installs the git pre-commit hook, creates a registry template, and copies check scripts into your project.

Enforcement Hierarchy

Code hooks (git pre-commit, pre/post-creation checks) — 100% reliable
Architectural constraints (registries, import enforcement) — 95% reliable
Self-verification loops (agent checks own work) — 80% reliable
Prompt rules (AGENTS.md, system prompts) — 60-70% reliable
Markdown rules — 40-50% reliable, degrades with context length

Tools Provided

Scripts

Script	When to Run	What It Does
`install.sh`	Once per project	Installs hooks and scaffolding
`pre-create-check.sh`	Before creating new `.py` files	Lists existing modules/functions to prevent reimplementation
`post-create-validate.sh`	After creating/editing `.py` files	Detects duplicates, missing imports, bypass patterns
`check-secrets.sh`	Before commits / on demand	Scans for hardcoded tokens, keys, passwords
`create-deployment-check.sh`	When setting up deployment verification	Creates .deployment-check.sh, checklist, and git hook template
`install-skill-feedback-loop.sh`	When setting up skill update automation	Creates detection, auto-commit, and git hook for skill updates

Assets

Asset	Purpose
`pre-commit-hook`	Ready-to-install git hook blocking bypass patterns and secrets
`registry-template.py`	Template `__init__.py` for project module registries

References

File	Contents
`enforcement-research.md`	Research on why code > prompts for enforcement
`agents-md-template.md`	Template AGENTS.md with mechanical enforcement rules
`deployment-verification-guide.md`	Full guide on preventing deployment gaps
`skill-update-feedback.md`	Meta-enforcement: automatic skill update feedback loop
`SKILL_CN.md`	Chinese translation of this document

Usage Workflow

Setting up a new project

bash scripts/install.sh /path/to/project

Before creating any new .py file

bash scripts/pre-create-check.sh /path/to/project

Review the output. If existing functions cover your needs, import them.

After creating/editing a .py file

bash scripts/post-create-validate.sh /path/to/new_file.py

Fix any warnings before proceeding.

Setting up deployment verification

bash scripts/create-deployment-check.sh /path/to/project

This creates:

.deployment-check.sh - Automated verification script
DEPLOYMENT-CHECKLIST.md - Full deployment workflow
.git-hooks/pre-commit-deployment - Git hook template

Then customize:

Add tests to .deployment-check.sh for your integration points
Document your flow in DEPLOYMENT-CHECKLIST.md
Install the git hook

See references/deployment-verification-guide.md for full guide.

Adding to AGENTS.md

Copy the template from references/agents-md-template.md and adapt to your project.

中文文档 / Chinese Documentation

See references/SKILL_CN.md for the full Chinese translation of this skill.

Common Agent Failure Modes

1. Reimplementation (Bypass Pattern)

Symptom: Agent creates "quick version" instead of importing validated code. Enforcement: pre-create-check.sh + post-create-validate.sh + git hook

2. Hardcoded Secrets

Symptom: Tokens/keys in code instead of env vars. Enforcement: check-secrets.sh + git hook

3. Deployment Gap

Symptom: Built feature but forgot to wire it into production. Users don't receive benefit. Example: Updated notify.py but cron still calls old version. Enforcement: .deployment-check.sh + git hook

This is the hardest to catch because:

Code runs fine when tested manually
Agent marks task "done" after writing code
Problem only surfaces when user complains

Solution: Mechanical end-to-end verification before allowing "done."

4. Skill Update Gap (META - NEW)

Symptom: Built enforcement improvement in project but forgot to update the skill itself. Example: Created deployment verification for Project A, but other projects don't benefit because skill wasn't updated. Enforcement: install-skill-feedback-loop.sh → automatic detection + semi-automatic commit

This is a meta-failure mode because:

It's about enforcement improvements themselves
Without fix: improvements stay siloed
With fix: knowledge compounds automatically

Solution: Automatic detection of enforcement improvements with task creation and semi-automatic commits.

Key Principle

Don't add more markdown rules. Add mechanical enforcement. If an agent keeps bypassing a standard, don't write a stronger rule — write a hook that blocks it.

Corollary: If an agent keeps forgetting integration, don't remind it — make it mechanically verify before commit.

安全使用建议

This skill appears to do what it claims: install git hooks, secret scanners, deployment checks, and a feedback loop to surface enforcement improvements. Before installing: 1) Inspect scripts (install.sh, pre/post-create hooks, check-secrets.sh, install-skill-feedback-loop.sh, and any post-commit/auto-commit scripts) to understand what they modify and when they run. 2) Test installation in an isolated or disposable repository first (not in production) so you can safely observe hooks running on commits. 3) Pay attention to the feedback-loop: it creates task files and includes semi-automatic commit helpers — ensure those require explicit confirmation and will not push changes without your approval. 4) If you won’t use publishing helpers, avoid running PUBLISH_NOW.sh (it assumes a Clawdhub CLI and a hardcoded path). 5) Back up your repo or ensure you can revert hooks (.git/hooks) before enabling; consider manually installing hooks or adding an extra manual gate to auto-commit scripts. 6) If you have sensitive credentials, verify the scripts do not transmit them externally (they appear local, but any script that interacts with CLIs or remote services will run under your credentials).

功能分析

Type: OpenClaw Skill Name: jz-agent-guardrails Version: 1.0.0 This skill bundle, 'Agent Guardrails', is designed to enhance security and code quality for AI agent projects. It provides mechanical enforcement through git hooks and shell scripts (`scripts/check-secrets.sh`, `scripts/post-create-validate.sh`, `assets/pre-commit-hook`) to prevent common issues like hardcoded secrets, code reimplementation, and deployment gaps. The scripts perform static analysis, dependency audits, and block commits based on detected patterns, all aimed at improving project integrity. There is no evidence of malicious intent, data exfiltration, unauthorized execution, or prompt injection against the analyzing agent; instead, the skill actively works to prevent such issues within the user's projects.

能力评估

✓ Purpose & Capability

The name/description (git hooks, secret detection, deployment verification, import registries) match the included artifacts: install.sh, pre-/post-create validators, check-secrets.sh, registry templates, deployment-check scaffolding, and a feedback-loop. There are no requested environment variables or unrelated binaries that would be surprising for this purpose.

ℹ Instruction Scope

SKILL.md instructs the user to copy and run the provided scripts and to install git hooks into projects. That is consistent with the purpose. The skill also documents a feedback loop (post-commit detection + semi-automatic commit) and includes helper scripts (e.g., PUBLISH_NOW.sh) that call external CLIs; these can modify repository state and produce tasks. Inspect the feedback-loop and publish scripts before enabling them.

✓ Install Mechanism

This is instruction-only in the registry (no automatic installer). The code files are plain shell and Python scripts that get copied into a project when you run install.sh. There are no high-risk network downloads or obscure install hosts in the provided artifacts. The publish helper expects the Clawdhub CLI and a local path but is optional.

ℹ Credentials

The skill declares no required environment variables, which aligns with its local, repo-centric operation. However, many scripts operate with the user's git identity and may invoke the Clawdhub CLI (which requires login/credentials) if you run the publish helper. The feedback-loop and auto-commit scripts will act with whatever git credentials are available — review and understand that implicit credential use before running.

ℹ Persistence & Privilege

The skill does not set always:true and is user-invocable. It installs git hooks and copies scripts into projects, thereby changing repo-local state (.git/hooks, .pending-skill-updates.txt, etc.). That is expected for a guardrails tool but is a persistent modification to the repository and will run on lifecycle events (commits) until removed — review hooks and auto-commit behavior before enabling.

版本历史

v1.0.0

Mechanical enforcement with git hooks, secret detection, deployment verification. Stop AI from bypassing rules.

元数据

Slug jz-agent-guardrails

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题