원클릭으로
instrument-agent
Integrate DashClaw SDK into any agent using the 4-step governance loop
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Integrate DashClaw SDK into any agent using the 4-step governance loop
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
The single command that gets a DashClaw change ON MAIN AND LIVE — it resolves everything blocking production, never defers, and never hands back a checklist. Lands feature branches on main (rebase, gate, merge, push so Vercel deploys), bumps the unified platform+SDK version, and realigns every *description* of the system with the live code: README, PROJECT_DETAILS, SDK READMEs, /docs, generated artifacts (API inventory, OpenAPI, download bundles), plugins/skills/hooks/MCP, marketing/landing pages, the drift-prone hardcoded counts (routes, SDK methods, MCP tools/resources, guard policies) and stale freshness date-stamps. The one step it can't finish itself is the credential-gated SDK publish (`npm run release:sdks`). Use whenever the user wants to ship, land, or finish a change — get it on main, make it live, cut a release, bump the version, refresh all the docs, make everything accurate, fix wrong counts or old dates. Not for building or debugging the feature itself.
Governance behavior for AI agents governed by DashClaw. Teaches the governance protocol: when to call guard (risk thresholds), how to interpret decisions (allow/warn/block/require_approval), when to record actions, how to wait for approvals, and session lifecycle management. Loads org-specific policies and capabilities from MCP resources at session start. Use with @dashclaw/mcp-server. Trigger on: governed agent, dashclaw governance, guard policy, approval wait, governed capability, risk threshold, action recording, session lifecycle.
Human-in-the-loop approval workflows for governed agent actions
Governance behavior for AI agents governed by DashClaw. Teaches the governance protocol: when to call guard (risk thresholds), how to interpret decisions (allow/warn/block/require_approval), when to record actions, how to wait for approvals, and session lifecycle management. Loads org-specific policies and capabilities from MCP resources at session start. Use with @dashclaw/mcp-server. Trigger on: governed agent, dashclaw governance, guard policy, approval wait, governed capability, risk threshold, action recording, session lifecycle.
Set up a DashClaw instance, install the CLI tool, and configure Claude Code hooks
Use when the user needs to run GitNexus CLI commands like analyze/index a repo, check status, clean the index, generate a wiki, or list indexed repos. Examples: "Index this repo", "Reanalyze the codebase", "Generate a wiki"
| name | instrument-agent |
| description | Integrate DashClaw SDK into any agent using the 4-step governance loop |
| license | MIT |
| metadata | {"author":"ucsandman","version":"1.0.0","category":"integration"} |
Help developers add DashClaw governance to any AI agent. Walk through the 4-step governance loop with working code.
Every governed decision follows this deterministic flow:
1. Guard → "Can I do this?" (POST /api/guard)
2. Record → "I am doing this." (POST /api/actions)
3. Verify → "I believe this is true." (POST /api/assumptions)
4. Outcome → "This was the result." (PATCH /api/actions/:id)
npm install dashclaw
import { DashClaw } from 'dashclaw';
const claw = new DashClaw({
baseUrl: process.env.DASHCLAW_BASE_URL,
apiKey: process.env.DASHCLAW_API_KEY,
agentId: 'my-agent'
});
pip install dashclaw
from dashclaw import DashClaw
claw = DashClaw(
base_url=os.environ["DASHCLAW_BASE_URL"],
api_key=os.environ["DASHCLAW_API_KEY"],
agent_id="my-agent"
)
Create a session to track the full lifecycle of your agent's work. Sessions enable monitoring, recovery, and continuity across restarts.
// Create a session at agent startup
const session = await fetch(`${baseUrl}/api/sessions`, {
method: 'POST',
headers: { 'Authorization': `Bearer ${apiKey}`, 'Content-Type': 'application/json' },
body: JSON.stringify({ agent_id: 'my-agent', metadata: { task: 'deploy-pipeline' } })
}).then(r => r.json());
// Report status during execution
await fetch(`${baseUrl}/api/sessions/${session.id}`, {
method: 'PATCH',
headers: { 'Authorization': `Bearer ${apiKey}`, 'Content-Type': 'application/json' },
body: JSON.stringify({ status: 'running', checkpoint: { step: 'guard-check' } })
});
Session lifecycle is optional — all governance loop steps work without it — but it provides visibility into long-running agent tasks and enables automatic recovery when sessions are interrupted.
const decision = await claw.guard({
action_type: 'deploy',
declared_goal: 'Deploy build #402 to production',
risk_score: 85,
systems_touched: ['production', 'database'],
reversible: false
});
// decision.decision: 'allow' | 'warn' | 'block' | 'require_approval'
if (decision.decision === 'block') {
console.log('Blocked:', decision.reason);
return;
}
decision = claw.guard(
action_type="deploy",
declared_goal="Deploy build #402 to production",
risk_score=85,
systems_touched=["production", "database"],
reversible=False
)
if decision["decision"] == "block":
print(f"Blocked: {decision['reason']}")
return
Guard response shape:
{
"decision": "require_approval",
"action_id": "act_gd_abc123",
"reason": "Risk score exceeds org threshold",
"signals": ["Production access", "High risk score"],
"risk_score": 75,
"agent_risk_score": 85,
"recovery_recipes": [
{ "action": "reduce_scope", "description": "Deploy to staging first" }
]
}
The guard may enforce these policy types — your agent should be prepared to respond to each:
permission_escalation — The action requires a higher permission_level than currently granted. Re-request with elevated permissions or abort.green_contract — The action requires test verification before execution (e.g., tests must pass before deploying). Run tests and include evidence in the guard request.branch_freshness — The action targets a stale branch. Pull latest changes or rebase before retrying.When the guard blocks an action, check the recovery_recipes array in the response for actionable remediation steps.
const action = await claw.createAction({
action_type: 'deploy',
declared_goal: 'Deploy build #402 to production',
risk_score: 85,
reversible: false,
systems_touched: ['production']
});
// action.action_id: 'ar_abc123'
action = claw.create_action(
action_type="deploy",
declared_goal="Deploy build #402 to production",
risk_score=85,
reversible=False,
systems_touched=["production"]
)
await claw.recordAssumption({
action_id: action.action_id,
assumption: 'Staging tests passed successfully',
source: 'ci-pipeline'
});
claw.record_assumption(
action_id=action["action_id"],
assumption="Staging tests passed successfully",
source="ci-pipeline"
)
await claw.updateOutcome(action.action_id, {
status: 'completed', // or 'failed'
output_summary: 'Build #402 deployed successfully to production',
timestamp_end: new Date().toISOString(),
// Optional — populates Analytics cost/token charts. When tokens + model
// are supplied without an explicit cost_estimate, the server derives
// cost from the configured pricing table.
tokens_in: result.usage?.input_tokens,
tokens_out: result.usage?.output_tokens,
model: result.model,
});
claw.update_outcome(action["action_id"],
status="completed",
output_summary="Build #402 deployed successfully to production",
# Optional — populates Analytics cost/token charts.
tokens_in=response.usage.input_tokens,
tokens_out=response.usage.output_tokens,
model=response.model,
)
import { DashClaw } from 'dashclaw';
const claw = new DashClaw({
baseUrl: process.env.DASHCLAW_BASE_URL,
apiKey: process.env.DASHCLAW_API_KEY,
agentId: 'deploy-agent'
});
async function governedDeploy(buildId) {
// 1. Guard
const decision = await claw.guard({
action_type: 'deploy',
declared_goal: `Deploy build #${buildId} to production`,
risk_score: 85,
systems_touched: ['production'],
reversible: false
});
if (decision.decision === 'block') {
console.log('Blocked:', decision.reason);
return;
}
// 2. Record
const action = await claw.createAction({
action_type: 'deploy',
declared_goal: `Deploy build #${buildId} to production`,
risk_score: 85,
reversible: false
});
// 3. Verify assumptions
await claw.recordAssumption({
action_id: action.action_id,
assumption: 'All CI checks passed'
});
// 4. Execute and record outcome
try {
await actualDeploy(buildId);
await claw.updateOutcome(action.action_id, {
status: 'completed',
output_summary: `Build #${buildId} deployed successfully`
});
} catch (err) {
await claw.updateOutcome(action.action_id, {
status: 'failed',
output_summary: err.message
});
}
}
| Action Type | Risk Score | Reversible | Example |
|---|---|---|---|
| deploy | 75-90 | false | Production deployment |
| api_call | 20-40 | true | External API request |
| file_write | 15-30 | true | Local file modification |
| database | 50-80 | false | Schema migration, data deletion |
| security | 80-95 | false | Key rotation, permission changes |
| build | 10-25 | true | npm install, compilation |
| notify | 5-15 | true | Send email, Slack message |
Risk scoring rule: DashClaw uses the HIGHER of computed risk and agent-reported risk. Always report honestly — inflating risk is better than under-reporting.
When guard returns require_approval:
if (decision.decision === 'require_approval') {
console.log('Waiting for human approval...');
await claw.waitForApproval(decision.action_id, {
timeout: 300000 // 5 minutes
});
// Continues after approval, throws ApprovalDeniedError if denied
}
| Variable | Required | Description |
|---|---|---|
DASHCLAW_BASE_URL | Yes | DashClaw instance URL |
DASHCLAW_API_KEY | Yes | API authentication key |
DASHCLAW_AGENT_ID | No | Default agent identifier |
After instrumenting, drive a real end-to-end check against your DashClaw instance with the live SDK smoke test:
# Node SDK round-trip (guard → createAction → updateOutcome)
node scripts/_run-with-env.mjs scripts/test-sdk-live.mjs
# Python equivalent
node scripts/_run-with-env.mjs scripts/run-sdk-live-python.mjs
# Or just confirm the instance is reachable
curl -sf "$DASHCLAW_BASE_URL/api/health" | jq '.status'
Then refresh /decisions on your DashClaw instance — your most recent governed action should appear within seconds.