home / skills / openclaw / skills / consensus-deployment-guard

consensus-deployment-guard skill

safe

/skills/kaicianflone/consensus-deployment-guard

This skill enforces pre-deployment governance by validating deployment requests, applying policy, and producing auditable ALLOW BLOCK or REQUIRE_REWRITE

npx playbooks add skill openclaw/skills --skill consensus-deployment-guard

Review the files below or copy the command above to add this skill to your agents.

Files (13)

SKILL.md

2.8 KB

---
name: consensus-deployment-guard
description: Pre-deployment governance for release and infrastructure rollout requests. Use when an agent or workflow proposes shipping code/config/infrastructure changes to staging or production and you need deterministic ALLOW/BLOCK/REQUIRE_REWRITE decisions with strict schema validation, idempotency, and board-native audit artifacts.
version: 0.1.9
homepage: https://github.com/kaicianflone/consensus-deployment-guard
source: https://github.com/kaicianflone/consensus-deployment-guard
upstream:
  consensus-guard-core: https://github.com/kaicianflone/consensus-guard-core

requires:
  bins:
    - node
    - tsx
  env:
    - CONSENSUS_STATE_FILE
    - CONSENSUS_STATE_ROOT
metadata:
  openclaw:
    requires:
      bins:
        - node
        - tsx
      env:
        - CONSENSUS_STATE_FILE
        - CONSENSUS_STATE_ROOT
    install:
      - kind: node
        package: consensus-deployment-guard
        bins:
          - node
          - tsx
---

# consensus-deployment-guard

`consensus-deployment-guard` is the final safety gate before deployment execution.

## What this skill does

- validates deployment requests against a strict JSON schema (reject unknown fields)
- evaluates hard-block and rewrite policy flags for release risk patterns
- runs deterministic persona-weighted voting (or aggregates external votes)
- returns one of: `ALLOW | BLOCK | REQUIRE_REWRITE`
- writes decision artifacts for replay/audit

## Decision policy shape

Hard-block examples:
- required tests not passing
- CI status failed
- rollback artifact missing when required
- incompatible schema migration
- error budget already breached

Rewrite examples:
- production rollout not using canary when policy requires it
- initial rollout percentage above policy limit
- production deploy missing explicit human confirmation gate
- CI still pending
- schema compatibility unknown

## Runtime and safety model

- runtime binaries: `node`, `tsx`
- network behavior: none in guard decision logic
- environment config read by this package: `CONSENSUS_STATE_FILE`, `CONSENSUS_STATE_ROOT`
- filesystem writes: consensus board/state artifacts under configured state path

## Invoke contract

- `invoke(input, opts?) -> Promise<OutputJson | ErrorJson>`

Modes:
- `mode="persona"` (default): use local deterministic persona defaults for internal voting
- `mode="external_agent"`: consume `external_votes[]`, aggregate deterministically, and enforce policy

## Install

```bash
npm i consensus-deployment-guard
```

## Quick start

```bash
node --import tsx run.js --input ./examples/input.json
```

## Tests

```bash
npm test
```

Coverage includes schema rejection, hard-block paths, rewrite paths, allow paths, idempotent retries, and external-agent aggregation behavior.

See also: `SECURITY-ASSURANCE.md` for threat model, runtime boundaries, and deployment hardening guidance.

Overview

This skill is a pre-deployment governance gate that produces deterministic ALLOW, BLOCK, or REQUIRE_REWRITE decisions for release and infrastructure rollout requests. It enforces strict JSON schema validation, persona-weighted voting, and produces board-native audit artifacts for replay and compliance. Use it as the final safety check before executing staging or production deployments.

How this skill works

The skill validates incoming deployment requests against a strict JSON schema and rejects any unknown fields to ensure input integrity. It applies policy rules to detect hard-blocks and rewrite conditions, then runs a persona-weighted voting process (or consumes external votes) to reach a deterministic outcome. The skill writes decision and persona artifacts to a configured state path so every decision is auditable and idempotent.

When to use it

Before shipping code, configuration, or infrastructure changes to staging or production.
When you need deterministic allow/block/rewrite outcomes with strict input validation.
When audit trails and replayable board artifacts are required for governance.
When multiple stakeholder perspectives must be aggregated into a single decision.
When idempotent retry behavior and clear failure modes are necessary.

Best practices

Keep deployment request payloads strictly schema-compliant to avoid rejection.
Use persona mode for local deterministic decisions; use external_agent mode only when verified vote inputs are available.
Store and back up decision artifacts in the configured state path for audits and incident postmortems.
Treat hard-block results as deployment stops; automate notification workflows for fast remediation.
Document policy thresholds (canary, rollout percentages, tests required) so rewrite rules are predictable.

Example use cases

A CI pipeline calls the guard to decide whether a production rollout can proceed after tests complete.
A deployment orchestrator queries the guard in external_agent mode to aggregate votes from multiple automated agents.
A security team requires recorded persona votes and decision artifacts for compliance reviews.
A rollback process checks for required rollback artifacts before allowing a high-risk migration.
A release manager uses the guard to enforce canary rollout percentages and explicit human confirmation gates.

FAQ

What outputs does the skill return?

It returns a deterministic decision: ALLOW, BLOCK, or REQUIRE_REWRITE, plus decision artifacts and persona update records for audit.

Does it require network access or credentials to run?

The core decision logic is local and requires no credentials; persona generation backends may optionally call external LLMs depending on configuration.