by 详细分析 ▾
运行时依赖
版本
**Expanded features and compliance for agent constitutional guardrails** - Description and keywords updated for clarity, adding emphasis on escalation, audit, and compliance. - Skill metadata now includes author, license, and enriched detail about protection against prompt injection and social engineering. - Added architectural overview, illustrating multi-layered checks (immutable, policy, escalation, audit). - Usage instructions are more detailed, covering initialization, rule creation, permission checks, escalation flows, and audit review. - Explained rule levels (Immutable, Owner-only, Mutable, Advisory) in a clear comparison table. - Introduced real-world example rule configurations for production safety, cost control, and data privacy/GDPR. - Config reference and practical integration patterns for middleware and OpenClaw provided.
安装命令
点击复制技能文档
# agent-constitution-guard > AI 代理的宪法级护栏——定义不可更改的行为规则、权限边界、升级策略和安全互锁,使代理在任何上下文或用户压力下都无法逾越授权范围。 ## 技能元数据 - Slug: agent-constitution-guard - Version: 1.1.0 - Author: SKY-lv - Description: 生产级的 AI 代理宪法护栏系统。定义不可变行为规则、多级权限边界、人工升级策略、安全互锁与完整审计日志。无论上下文、提示注入或社会工程攻击,代理都必须遵守这些规则。 - Category: safety - License: MIT - Trigger Keywords: constitution, guardrail, permission guard, safety rule, behavioral constraint, boundary check, escalation policy, agent safety, immutable rule, compliance guard, red line, permission boundary --- ## 为什么重要 能够访问文件、API 与外部系统的 AI 代理必须具备可强制执行的边界。没有宪法护栏时: - 代理可能在误导提示下删除生产数据库 - 代理可能将敏感数据外泄到外部端点 - 代理可能在无监管情况下花费数千美元调用 API - 代理可能修改系统文件,破坏宿主环境 本技能提供可强制执行、可审计、多层次的保护。 --- ## 架构 \\\ ┌─────────────────────────────────────┐ │ AGENT ACTION REQUEST │ └──────────────────┬──────────────────┘ │ ▼ ┌─────────────────────────────────────┐ │ Layer 1: IMMUTABLE CHECK │ ← Cannot be overridden by anyone │ (Hard safety boundaries) │ └──────────────────┬──────────────────┘ │ PASS ▼ ┌─────────────────────────────────────┐ │ Layer 2: POLICY ENGINE │ ← Rule-based permission checks │ (Context-aware rules) │ └──────────────────┬──────────────────┘ │ PASS ▼ ┌─────────────────────────────────────┐ │ Layer 3: ESCALATION │ ← Human approval for sensitive ops │ (Owner confirmation) │ └──────────────────┬──────────────────┘ │ APPROVED ▼ ┌─────────────────────────────────────┐ │ Layer 4: AUDIT LOG │ ← Every check is recorded │ (Immutable audit trail) │ └─────────────────────────────────────┘ \\\ --- ## 分步使用指南 ### 步骤 1:初始化宪法 \\\bash node constitution.js init --name "my-agent" --owner "admin@company.com" \\\ 创建 .constitution/ 目录,包含默认规则与审计日志。 ### 步骤 2:添加规则 \\\bash # Immutable rule: never call external APIs without confirmation node constitution.js rule add \ --level immutable \ --action deny \ --scope "external_write" \ --description "Never write to external APIs without owner confirmation" \ --escalation owner # Owner-only rule: can modify workspace files node constitution.js rule add \ --level owner-only \ --action allow \ --scope "workspace_write" \ --description "Can write files within workspace directory" # Mutable rule: can read any file node constitution.js rule add \ --level mutable \ --action allow \ --scope "file_read" \ --description "Read any local file" \\\ ### 步骤 3:行动前检查权限 \\\javascript const guard = require('./constitution.js'); // Check if an action is allowed const decision = guard.check('external_write', { target: 'https://api.stripe.com/charges', payload: { amount: 9999 }, userId: 'user-123' }); console.log(decision); // { // allowed: false, // layer: 'immutable', // rule: 'R001', // reason: 'External write requires owner confirmation', // escalation: 'owner', // escalationMessage: 'Agent wants to POST to https://api.stripe.com/charges. Approve?' // } \\\ ### 步骤 4:处理升级 \\\javascript if (!decision.allowed && decision.escalation) { // Send escalation request to owner const approved = await guard.escalate(decision, { channel: 'webhook', // or 'email', 'slack', 'console' timeout: 300000, // 5 min timeout details: decision.escalationMessage }); if (approved) { await executeAction(); } } \\\ ### 步骤 5:审查审计日志 \\\bash # View all decisions in last 24 hours node constitution.js audit --last 24h # View only denied actions node constitution.js audit --status denied # View audit for specific scope node constitution.js audit --scope external_write # Export for compliance reporting node constitution.js audit --export csv --output audit_2024_Q1.csv \\\ --- ## 规则级别说明 | Level | 谁可修改 | 能否 Override | 使用场景 | |-------|---------------|----------|----------| | Immutable | 无人 | 永不 | 删除生产库、外部网络访问、凭据访问 | | Owner-only | 仅代理所有者 | 永不 | 部署到生产、修改计费、发送邮件 | | Mutable | 代理(在边界内) | 自行调整 | 文件读取路径、日志级别、缓存设置 | | Advisory | 任何人 | 始终 | 性能提示、优化建议 | --- ## 真实案例 ### 示例 1:生产数据库保护 \\\json { "id": "DB-PROTECT", "level": "immutable", "action": "deny", "scope": ["database_delete", "database_drop", "database_truncate"], "description": "Never delete, drop, or truncate any production database", "conditions": { "environment": ["production", "prod"] } } \\\ ### 示例 2:成本控制(每日 API 预算 100 美元) \\\json { "id": "COST-GUARD", "level": "owner-only", "action": "allow", "scope": "external_api_call", "description": "Allow external API calls within daily budget", "limits": { "maxDailyCost": 100, "maxCostPerCall": 10 }, "escalation": "owner" } \\\ ### 示例 3:数据隐私(GDPR 合规) \\\json { "id": "GDPR-GUARD", "level": "immutable", "action": "deny", "scope": ["data_export", "data_share"], "description": "Never export or share PII data without legal approval", "conditions": { "dataTypes": ["email", "phone", "ssn", "address", "financial"] } } \\\ --- ## 配置参考 \\\json { "constitution": { "version": "1.0", "agent": "my-agent", "owner": "admin@company.com", "defaults": { "denyAction": "block", "logLevel": "all", "escalationTimeout": 300000 }, "layers": { "immutable": { "enabled": true, "log": true }, "policy": { "enabled": true, "log": true }, "escalation": { "enabled": true, "channels": ["console"] }, "audit": { "enabled": true, "retention": "90d" } } } } \\\ --- ## 集成模式 ### 模式 1:Express/Fastify 中间件 \\\javascript app.use(async (req, res, next) => { const decision = guard.check('external_write', { method: req.method, url: req.url }); if (!decision.allowed) return res.status(403).json(decision); next(); }); \\\ ### 模式 2:OpenClaw 技能包装器 \\\javascript // Before executing any tool call: const toolGuard = guard.checkForTool(toolName, toolParams); if (!toolGuard.allowed) { if (toolGuard.escalation === 'owner') { // Ask OpenClaw to prompt user for approval } return { blocked: true, reason: toolGuard.reason }; } \\\ ### 模式 3:CI/CD 流水线门禁 \\\bash # In your deployment pipeline: node constitution.js ci-check --env production --strict # Exit code 0 = safe to deploy, 1 = violations found \\\