一键导入
create-policies
Create and test DashClaw guard policies for agent governance
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Create and test DashClaw guard policies for agent governance
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
The single command that gets a DashClaw change ON MAIN AND LIVE — it resolves everything blocking production, never defers, and never hands back a checklist. Lands feature branches on main (rebase, gate, merge, push so Vercel deploys), bumps the unified platform+SDK version, and realigns every *description* of the system with the live code: README, PROJECT_DETAILS, SDK READMEs, /docs, generated artifacts (API inventory, OpenAPI, download bundles), plugins/skills/hooks/MCP, marketing/landing pages, the drift-prone hardcoded counts (routes, SDK methods, MCP tools/resources, guard policies) and stale freshness date-stamps. The one step it can't finish itself is the credential-gated SDK publish (`npm run release:sdks`). Use whenever the user wants to ship, land, or finish a change — get it on main, make it live, cut a release, bump the version, refresh all the docs, make everything accurate, fix wrong counts or old dates. Not for building or debugging the feature itself.
Governance behavior for AI agents governed by DashClaw. Teaches the governance protocol: when to call guard (risk thresholds), how to interpret decisions (allow/warn/block/require_approval), when to record actions, how to wait for approvals, and session lifecycle management. Loads org-specific policies and capabilities from MCP resources at session start. Use with @dashclaw/mcp-server. Trigger on: governed agent, dashclaw governance, guard policy, approval wait, governed capability, risk threshold, action recording, session lifecycle.
Human-in-the-loop approval workflows for governed agent actions
Governance behavior for AI agents governed by DashClaw. Teaches the governance protocol: when to call guard (risk thresholds), how to interpret decisions (allow/warn/block/require_approval), when to record actions, how to wait for approvals, and session lifecycle management. Loads org-specific policies and capabilities from MCP resources at session start. Use with @dashclaw/mcp-server. Trigger on: governed agent, dashclaw governance, guard policy, approval wait, governed capability, risk threshold, action recording, session lifecycle.
Set up a DashClaw instance, install the CLI tool, and configure Claude Code hooks
Use when the user needs to run GitNexus CLI commands like analyze/index a repo, check status, clean the index, generate a wiki, or list indexed repos. Examples: "Index this repo", "Reanalyze the codebase", "Generate a wiki"
| name | create-policies |
| description | Create and test DashClaw guard policies for agent governance |
| license | MIT |
| metadata | {"author":"ucsandman","version":"1.0.0","category":"configuration"} |
Help developers define, import, and test guard policies that control what agents can and cannot do.
| Type | Purpose | Example |
|---|---|---|
risk_threshold | Block/warn when risk score exceeds limit | Block actions with risk > 80 |
action_type_restriction | Allow/deny specific action types | Block security actions without approval |
approval_gate | Require human approval for matching actions | Require approval for deploys |
webhook_check | Call external endpoint for policy decision | Check Jira ticket status before deploy |
semantic_guardrail | LLM-based content analysis | Block PII in action metadata |
off — No policy enforcement (development only)warn — Log policy violations but allow executionenforce — Block policy violations (production recommended)name: high-risk-blocker
type: risk_threshold
mode: enforce
conditions:
risk_score_min: 80
reversible: false
action: block
reason: "Irreversible actions with risk >= 80 require manual execution"
name: no-unattended-deploys
type: action_type_restriction
mode: enforce
conditions:
action_types:
- deploy
- database
action: require_approval
reason: "Deploy and database actions require human approval"
name: production-approval-gate
type: approval_gate
mode: enforce
conditions:
systems_touched:
- production
risk_score_min: 50
action: require_approval
reason: "Production access with risk >= 50 requires approval"
name: cost-ceiling
type: risk_threshold
mode: enforce
conditions:
cost_estimate_max: 100.00
action: block
reason: "Actions exceeding $100 estimated cost are blocked"
name: no-secrets-in-metadata
type: semantic_guardrail
mode: enforce
conditions:
scan_fields:
- declared_goal
- output_summary
patterns:
- "password"
- "api_key"
- "secret"
action: block
reason: "Sensitive data detected in action metadata"
// POST /api/policies
const response = await fetch(`${baseUrl}/api/policies`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'x-api-key': process.env.DASHCLAW_API_KEY
},
body: JSON.stringify({
name: 'high-risk-blocker',
type: 'risk_threshold',
mode: 'enforce',
conditions: { risk_score_min: 80, reversible: false },
action: 'block',
reason: 'Irreversible high-risk actions are blocked'
})
});
import { DashClaw } from 'dashclaw/legacy';
const claw = new DashClaw({ baseUrl, apiKey, agentId });
// Import a preset pack
await claw.importPolicies({ pack: 'enterprise-strict' });
// Available packs: enterprise-strict, smb-safe, startup-growth, development
// POST /api/policies/test
const result = await fetch(`${baseUrl}/api/policies/test`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'x-api-key': process.env.DASHCLAW_API_KEY
},
body: JSON.stringify({
action_type: 'deploy',
risk_score: 85,
reversible: false,
systems_touched: ['production']
})
});
// Response: which policies would trigger and what decisions they'd produce
const results = await claw.testPolicies();
// Returns pass/fail for each policy with explanation
const report = await claw.getProofReport({ format: 'md' });
// Generates compliance-ready report showing all policies and their test results
# Permissive — warn only, don't block
- name: dev-risk-warning
type: risk_threshold
mode: warn
conditions: { risk_score_min: 50 }
action: warn
reason: "High risk action detected (dev mode — not blocked)"
# Strict — enforce everything
- name: prod-risk-gate
type: risk_threshold
mode: enforce
conditions: { risk_score_min: 70 }
action: require_approval
- name: prod-deploy-gate
type: action_type_restriction
mode: enforce
conditions: { action_types: [deploy, database, security] }
action: require_approval
- name: prod-irreversible-block
type: risk_threshold
mode: enforce
conditions: { risk_score_min: 90, reversible: false }
action: block
Policies can be scoped to specific agents or apply org-wide:
{
"name": "deploy-agent-only",
"agent_id": "deploy-agent-1",
"type": "approval_gate",
"conditions": { "action_types": ["deploy"] },
"action": "require_approval"
}
If agent_id is omitted, the policy applies to all agents in the org.
# GET /api/policies
curl -H "x-api-key: $DASHCLAW_API_KEY" $DASHCLAW_BASE_URL/api/policies
Response includes all active policies with their type, mode, conditions, and scope.