consensus-deployment-guard
Pre-deployment governance for release and infrastructure rollout requests. Use when an agent or workflow proposes shipping code/config/infrastructure changes to staging or production and you need deterministic ALLOW/BLOCK/REQUIRE_REWRITE decisions with strict schema validation, idempotency, and board-native audit artifacts.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/kaicianflone/consensus-deployment-guardconsensus-deployment-guard
consensus-deployment-guard is the final safety gate before deployment execution.
What this skill does
- validates deployment requests against a strict JSON schema (reject unknown fields)
- evaluates hard-block and rewrite policy flags for release risk patterns
- runs deterministic persona-weighted voting (or aggregates external votes)
- returns one of:
ALLOW | BLOCK | REQUIRE_REWRITE - writes decision artifacts for replay/audit
Decision policy shape
Hard-block examples:
- required tests not passing
- CI status failed
- rollback artifact missing when required
- incompatible schema migration
- error budget already breached
Rewrite examples:
- production rollout not using canary when policy requires it
- initial rollout percentage above policy limit
- production deploy missing explicit human confirmation gate
- CI still pending
- schema compatibility unknown
Runtime and safety model
- runtime binaries:
node,tsx - credentials: none required
- network behavior: none in guard decision logic
- environment config read by this package:
CONSENSUS_STATE_FILE,CONSENSUS_STATE_ROOT - filesystem writes: consensus board/state artifacts under configured state path
Invoke contract
invoke(input, opts?) -> Promise<OutputJson | ErrorJson>
Modes:
mode="persona"(default): use local deterministic persona defaults for internal votingmode="external_agent": consumeexternal_votes[], aggregate deterministically, and enforce policy
Install
npm i consensus-deployment-guard
Quick start
node --import tsx run.js --input ./examples/input.json
Tests
npm test
Coverage includes schema rejection, hard-block paths, rewrite paths, allow paths, idempotent retries, and external-agent aggregation behavior.
See also: SECURITY-ASSURANCE.md for threat model, runtime boundaries, and deployment hardening guidance.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-kaicianflone-consensus-deployment-guard": {
"enabled": true,
"auto_update": true
}
}
}Related Skills
consensus-persona-generator
Generate and persist reusable persona panels (persona_set artifacts) for consensus decision workflows. This skill initializes evaluator diversity for downstream guards; ongoing reputation updates are owned by consensus-persona-engine.
Consensus Interact
Skill by kaicianflone
consensus-send-email-guard
Persona-weighted pre-send email governance for AI systems. Produces APPROVE/BLOCK/REWRITE decisions, writes decision artifacts to the board ledger, updates persona reputation over time, and returns strict machine-parseable JSON.
consensus-publish-guard
Persona-weighted governance for outbound publishing (blog, social, announcements). Prevents unsafe public claims via hard-block checks, weighted consensus, rewrite paths, and board-native audit artifacts.
consensus-persona-respawn
Ledger-informed persona lifecycle management. Replaces low-performing personas with successor personas derived from mistake patterns in board decision history, preserving adaptive governance over long-running automation. Reputation updates are computed by consensus-persona-engine.