Guardrails

# guardrails - Interactive Security Guardrails Configuration

Helps users configure comprehensive security guardrails for their OpenClaw workspace through an interactive interview process.

## Commands

### `guardrails setup`
**Interactive setup mode** - Guides user through creating their GUARDRAILS.md file.

**Workflow:**
1. Run environment discovery: `bash scripts/discover.sh`
2. Classify risks: `bash scripts/discover.sh | python3 scripts/classify-risks.py`
3. Generate tailored questions: `bash scripts/discover.sh | python3 scripts/classify-risks.py | python3 scripts/generate_questions.py`
4. **Conduct interactive interview** with the user:
   - Ask questions from the generated question bank (tailored to discovered environment)
   - Present suggestions for each question
   - Allow custom answers
   - Follow up when appropriate
5. Generate GUARDRAILS.md: `echo '<json>' | python3 scripts/generate_guardrails_md.py /path/to/guardrails-config.json`
   - Stdin JSON format: `{"discovery": {...}, "classification": {...}, "answers": {...}}`
6. **Present the generated GUARDRAILS.md for review**
7. Ask for confirmation before writing to workspace
8. Write `GUARDRAILS.md` to workspace root
9. Save `guardrails-config.json` to workspace root

**Important:**
- Be conversational and friendly during the interview
- Explain why each question matters
- Provide context about discovered risks
- Highlight high-risk skills/integrations
- Allow users to skip or customize any answer
- Review the final output with the user before writing

### `guardrails review`
**Review mode** - Check existing configuration against current environment.

**Workflow:**
1. Run discovery and classification
2. Load existing `guardrails-config.json`
3. Compare discovered skills/integrations against config
4. Identify gaps (new skills not covered, removed skills still in config)
5. Ask user about gaps only - don't re-interview everything
6. Update config and GUARDRAILS.md if changes needed

### `guardrails monit...

# Guardrails Skill

Interactive security guardrails configuration for OpenClaw workspaces.

## What It Does

The guardrails skill helps you create a comprehensive `GUARDRAILS.md` file through an interactive interview process. It:

1. **Discovers** your workspace environment (skills, integrations, channels)
2. **Classifies** risk levels based on installed skills
3. **Interviews** you with contextual questions
4. **Generates** a customized GUARDRAILS.md file
5. **Monitors** your workspace for changes that need review

## Prerequisites

- **Python 3** — check with `python3 --version`
- **Bash** — standard on Linux/macOS
- **jq** — check with `jq --version`

If jq is not installed:
```bash
sudo apt-get install jq                  # Debian/Ubuntu
brew install jq                          # macOS
```

Python scripts that call LLM providers require `requests`:
```bash
python3 -m pip install requests
```

No external Node.js packages are used.

## Installation

```bash
# Verify scripts are executable
chmod +x skills/guardrails/scripts/*.sh
chmod +x skills/guardrails/scripts/*.py
```

## Usage

### Setup Mode

Create your guardrails configuration for the first time:

```bash
guardrails setup
```

The agent will:
- Scan your workspace for installed skills
- Classify risk levels (destructive, external_comms, etc.)
- Ask you ~15-30 contextual questions
- Generate a GUARDRAILS.md file
- Save configuration to guardrails-config.json

### Review Mode

Check your existing guardrails against current workspace state:

```bash
guardrails review
```

The agent will:
- Re-scan your workspace
- Compare against existing config
- Ask only about gaps (new skills, removed skills)
- Update GUARDRAILS.md if needed

### Monitor Mode

Check for changes and potential violations:

```bash
guardrails monitor
```

The agent will:
- Run discovery and classification
- Compare against saved config
- Check memory logs for guardrail keywords
- Report status (ok, needs-attention, review-recommended)

## Arc...