{ "schemaVersion": "1.0", "item": { "slug": "jz-agent-guardrails", "name": "Agent Guardrails", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/jzOcb/jz-agent-guardrails", "canonicalUrl": "https://clawhub.ai/jzOcb/jz-agent-guardrails", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/jz-agent-guardrails", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=jz-agent-guardrails", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "CHANGELOG.md", "CLAUDE_CODE_INSTALL.md", "GITHUB_TOPICS_GUIDE.md", "PUBLISHING.md", "PUBLISH_NOW.sh", "README.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/jz-agent-guardrails" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/jz-agent-guardrails", "agentPageUrl": "https://openagent3.xyz/skills/jz-agent-guardrails/agent", "manifestUrl": "https://openagent3.xyz/skills/jz-agent-guardrails/agent.json", "briefUrl": "https://openagent3.xyz/skills/jz-agent-guardrails/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Agent Guardrails", "body": "Mechanical enforcement for AI agent project standards. Rules in markdown are suggestions. Code hooks are laws." }, { "title": "Quick Start", "body": "cd your-project/\nbash /path/to/agent-guardrails/scripts/install.sh\n\nThis installs the git pre-commit hook, creates a registry template, and copies check scripts into your project." }, { "title": "Enforcement Hierarchy", "body": "Code hooks (git pre-commit, pre/post-creation checks) — 100% reliable\nArchitectural constraints (registries, import enforcement) — 95% reliable\nSelf-verification loops (agent checks own work) — 80% reliable\nPrompt rules (AGENTS.md, system prompts) — 60-70% reliable\nMarkdown rules — 40-50% reliable, degrades with context length" }, { "title": "Scripts", "body": "ScriptWhen to RunWhat It Doesinstall.shOnce per projectInstalls hooks and scaffoldingpre-create-check.shBefore creating new .py filesLists existing modules/functions to prevent reimplementationpost-create-validate.shAfter creating/editing .py filesDetects duplicates, missing imports, bypass patternscheck-secrets.shBefore commits / on demandScans for hardcoded tokens, keys, passwordscreate-deployment-check.shWhen setting up deployment verificationCreates .deployment-check.sh, checklist, and git hook templateinstall-skill-feedback-loop.shWhen setting up skill update automationCreates detection, auto-commit, and git hook for skill updates" }, { "title": "Assets", "body": "AssetPurposepre-commit-hookReady-to-install git hook blocking bypass patterns and secretsregistry-template.pyTemplate __init__.py for project module registries" }, { "title": "References", "body": "FileContentsenforcement-research.mdResearch on why code > prompts for enforcementagents-md-template.mdTemplate AGENTS.md with mechanical enforcement rulesdeployment-verification-guide.mdFull guide on preventing deployment gapsskill-update-feedback.mdMeta-enforcement: automatic skill update feedback loopSKILL_CN.mdChinese translation of this document" }, { "title": "Setting up a new project", "body": "bash scripts/install.sh /path/to/project" }, { "title": "Before creating any new .py file", "body": "bash scripts/pre-create-check.sh /path/to/project\n\nReview the output. If existing functions cover your needs, import them." }, { "title": "After creating/editing a .py file", "body": "bash scripts/post-create-validate.sh /path/to/new_file.py\n\nFix any warnings before proceeding." }, { "title": "Setting up deployment verification", "body": "bash scripts/create-deployment-check.sh /path/to/project\n\nThis creates:\n\n.deployment-check.sh - Automated verification script\nDEPLOYMENT-CHECKLIST.md - Full deployment workflow\n.git-hooks/pre-commit-deployment - Git hook template\n\nThen customize:\n\nAdd tests to .deployment-check.sh for your integration points\nDocument your flow in DEPLOYMENT-CHECKLIST.md\nInstall the git hook\n\nSee references/deployment-verification-guide.md for full guide." }, { "title": "Adding to AGENTS.md", "body": "Copy the template from references/agents-md-template.md and adapt to your project." }, { "title": "中文文档 / Chinese Documentation", "body": "See references/SKILL_CN.md for the full Chinese translation of this skill." }, { "title": "1. Reimplementation (Bypass Pattern)", "body": "Symptom: Agent creates \"quick version\" instead of importing validated code.\nEnforcement: pre-create-check.sh + post-create-validate.sh + git hook" }, { "title": "2. Hardcoded Secrets", "body": "Symptom: Tokens/keys in code instead of env vars.\nEnforcement: check-secrets.sh + git hook" }, { "title": "3. Deployment Gap", "body": "Symptom: Built feature but forgot to wire it into production. Users don't receive benefit.\nExample: Updated notify.py but cron still calls old version.\nEnforcement: .deployment-check.sh + git hook\n\nThis is the hardest to catch because:\n\nCode runs fine when tested manually\nAgent marks task \"done\" after writing code\nProblem only surfaces when user complains\n\nSolution: Mechanical end-to-end verification before allowing \"done.\"" }, { "title": "4. Skill Update Gap (META - NEW)", "body": "Symptom: Built enforcement improvement in project but forgot to update the skill itself.\nExample: Created deployment verification for Project A, but other projects don't benefit because skill wasn't updated.\nEnforcement: install-skill-feedback-loop.sh → automatic detection + semi-automatic commit\n\nThis is a meta-failure mode because:\n\nIt's about enforcement improvements themselves\nWithout fix: improvements stay siloed\nWith fix: knowledge compounds automatically\n\nSolution: Automatic detection of enforcement improvements with task creation and semi-automatic commits." }, { "title": "Key Principle", "body": "Don't add more markdown rules. Add mechanical enforcement.\nIf an agent keeps bypassing a standard, don't write a stronger rule — write a hook that blocks it.\nCorollary: If an agent keeps forgetting integration, don't remind it — make it mechanically verify before commit." } ], "body": "Agent Guardrails\n\nMechanical enforcement for AI agent project standards. Rules in markdown are suggestions. Code hooks are laws.\n\nQuick Start\ncd your-project/\nbash /path/to/agent-guardrails/scripts/install.sh\n\n\nThis installs the git pre-commit hook, creates a registry template, and copies check scripts into your project.\n\nEnforcement Hierarchy\nCode hooks (git pre-commit, pre/post-creation checks) — 100% reliable\nArchitectural constraints (registries, import enforcement) — 95% reliable\nSelf-verification loops (agent checks own work) — 80% reliable\nPrompt rules (AGENTS.md, system prompts) — 60-70% reliable\nMarkdown rules — 40-50% reliable, degrades with context length\nTools Provided\nScripts\nScript\tWhen to Run\tWhat It Does\ninstall.sh\tOnce per project\tInstalls hooks and scaffolding\npre-create-check.sh\tBefore creating new .py files\tLists existing modules/functions to prevent reimplementation\npost-create-validate.sh\tAfter creating/editing .py files\tDetects duplicates, missing imports, bypass patterns\ncheck-secrets.sh\tBefore commits / on demand\tScans for hardcoded tokens, keys, passwords\ncreate-deployment-check.sh\tWhen setting up deployment verification\tCreates .deployment-check.sh, checklist, and git hook template\ninstall-skill-feedback-loop.sh\tWhen setting up skill update automation\tCreates detection, auto-commit, and git hook for skill updates\nAssets\nAsset\tPurpose\npre-commit-hook\tReady-to-install git hook blocking bypass patterns and secrets\nregistry-template.py\tTemplate __init__.py for project module registries\nReferences\nFile\tContents\nenforcement-research.md\tResearch on why code > prompts for enforcement\nagents-md-template.md\tTemplate AGENTS.md with mechanical enforcement rules\ndeployment-verification-guide.md\tFull guide on preventing deployment gaps\nskill-update-feedback.md\tMeta-enforcement: automatic skill update feedback loop\nSKILL_CN.md\tChinese translation of this document\nUsage Workflow\nSetting up a new project\nbash scripts/install.sh /path/to/project\n\nBefore creating any new .py file\nbash scripts/pre-create-check.sh /path/to/project\n\n\nReview the output. If existing functions cover your needs, import them.\n\nAfter creating/editing a .py file\nbash scripts/post-create-validate.sh /path/to/new_file.py\n\n\nFix any warnings before proceeding.\n\nSetting up deployment verification\nbash scripts/create-deployment-check.sh /path/to/project\n\n\nThis creates:\n\n.deployment-check.sh - Automated verification script\nDEPLOYMENT-CHECKLIST.md - Full deployment workflow\n.git-hooks/pre-commit-deployment - Git hook template\n\nThen customize:\n\nAdd tests to .deployment-check.sh for your integration points\nDocument your flow in DEPLOYMENT-CHECKLIST.md\nInstall the git hook\n\nSee references/deployment-verification-guide.md for full guide.\n\nAdding to AGENTS.md\n\nCopy the template from references/agents-md-template.md and adapt to your project.\n\n中文文档 / Chinese Documentation\n\nSee references/SKILL_CN.md for the full Chinese translation of this skill.\n\nCommon Agent Failure Modes\n1. Reimplementation (Bypass Pattern)\n\nSymptom: Agent creates \"quick version\" instead of importing validated code. Enforcement: pre-create-check.sh + post-create-validate.sh + git hook\n\n2. Hardcoded Secrets\n\nSymptom: Tokens/keys in code instead of env vars. Enforcement: check-secrets.sh + git hook\n\n3. Deployment Gap\n\nSymptom: Built feature but forgot to wire it into production. Users don't receive benefit. Example: Updated notify.py but cron still calls old version. Enforcement: .deployment-check.sh + git hook\n\nThis is the hardest to catch because:\n\nCode runs fine when tested manually\nAgent marks task \"done\" after writing code\nProblem only surfaces when user complains\n\nSolution: Mechanical end-to-end verification before allowing \"done.\"\n\n4. Skill Update Gap (META - NEW)\n\nSymptom: Built enforcement improvement in project but forgot to update the skill itself. Example: Created deployment verification for Project A, but other projects don't benefit because skill wasn't updated. Enforcement: install-skill-feedback-loop.sh → automatic detection + semi-automatic commit\n\nThis is a meta-failure mode because:\n\nIt's about enforcement improvements themselves\nWithout fix: improvements stay siloed\nWith fix: knowledge compounds automatically\n\nSolution: Automatic detection of enforcement improvements with task creation and semi-automatic commits.\n\nKey Principle\n\nDon't add more markdown rules. Add mechanical enforcement. If an agent keeps bypassing a standard, don't write a stronger rule — write a hook that blocks it.\n\nCorollary: If an agent keeps forgetting integration, don't remind it — make it mechanically verify before commit." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/jzOcb/jz-agent-guardrails", "publisherUrl": "https://clawhub.ai/jzOcb/jz-agent-guardrails", "owner": "jzOcb", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/jz-agent-guardrails", "downloadUrl": "https://openagent3.xyz/downloads/jz-agent-guardrails", "agentUrl": "https://openagent3.xyz/skills/jz-agent-guardrails/agent", "manifestUrl": "https://openagent3.xyz/skills/jz-agent-guardrails/agent.json", "briefUrl": "https://openagent3.xyz/skills/jz-agent-guardrails/agent.md" } }