governance (治理)
Unified skill for constraint governance state, periodic reviews, index generation,
round-trip verification, and schema migration. Consolidates 6 granular skills.
Trigger: 定期保守 (periodic maintenance) or HEARTBEAT
Source skills: constraint-reviewer, index-generator, round-trip-tester, governance-state, slug-taxonomy, adoption-monitor (from safety)
Installation
CODEBLOCK0
Dependencies:
- -
leegitw/constraint-engine (for constraint data) - INLINECODE1� (for observation data)
CODEBLOCK1
Standalone usage: Index generation and round-trip verification work independently.
Full governance features require constraint-engine and failure-memory integration.
Data handling: This skill operates within your agent's trust boundary. When triggered,
it uses your agent's configured model for governance analysis and review. No external APIs
or third-party services are called. Results are written to output/governance/ in your workspace.
What This Solves
Constraints that never get reviewed become stale. Rules that never get challenged become dogma. This skill manages the lifecycle:
- 1. State tracking — know which constraints are active, suspended, or retired
- Periodic reviews — 90-day gates to re-evaluate constraints against current evidence
- Index generation — dashboards showing constraint health at a glance
The insight: Good governance is proactive. Constraints need maintenance, not just creation.
Usage
CODEBLOCK2
Sub-Commands
| Command | CJK | Logic | Trigger |
|---|
| INLINECODE3 | 状態 | centralstate, event→alert | HEARTBEAT |
| INLINECODE4 |
審査 | constraints.due→reviewqueue | HEARTBEAT |
|
/gov index | 索引 | skills[]→INDEX.md | Explicit |
|
/gov verify | 検証 | round_trip(source↔compiled)→sync✓∨drift✗ | Explicit |
|
/gov migrate | 移行 | schema.v(n)→schema.v(n+1) | Explicit |
Arguments
/gov state
| Argument | Required | Description |
|---|
| --summary | No | Show summary only (default: full state) |
| --alerts |
No | Show pending alerts only |
/gov review
| Argument | Required | Description |
|---|
| --due | No | Show only due reviews (default) |
| --all |
No | Show all constraints with review dates |
| --complete | No | Mark review as complete |
/gov index
| Argument | Required | Description |
|---|
| --path | No | Output path (default: agentic/INDEX.md) |
| --format |
No | Format:
markdown (default),
json |
/gov verify
| Argument | Required | Description |
|---|
| source | Yes | Source file or directory |
| compiled |
Yes | Compiled/generated file or directory |
| --strict | No | Fail on any difference |
/gov migrate
| Argument | Required | Description |
|---|
| --to | Yes | Target schema version |
| --dry-run |
No | Show changes without applying |
Configuration
Configuration is loaded from (in order of precedence):
- 1.
.openclaw/governance.yaml (OpenClaw standard) - INLINECODE12� (Claude Code compatibility)
- Defaults (built-in)
Core Logic
Governance State Model
CODEBLOCK3
Review Cycle
Constraints require periodic review. The review cadence is configurable (default: 90 days):
CODEBLOCK4�
| Days Since Last Review | Status | Action |
|---|
| 0-75 | Current | No action |
| 76-90 |
Approaching | Warning alert |
| 91+ | Overdue | Escalation alert |
⚠️ Advisory Only: This review cycle is not enforced programmatically.
Compliance relies on HEARTBEAT P3 checks and manual diligence.
Automated enforcement (/gov review --automated) is planned for future release.
See HEARTBEAT.md for current verification schedule.
Adoption Monitoring
Track constraint adoption across sessions:
| Metric | Calculation | Target |
|---|
| Adoption rate | Sessions with constraint used / Total sessions | >80% |
| Violation rate |
Violations / Checks | <5% |
| Override rate | Overrides / Violations | <20% |
Slug Taxonomy
Standard slug prefixes for observations and constraints:
| Prefix | Domain | Examples |
|---|
| INLINECODE14 | Version control | git-commit-message, git-branch-naming |
| INLINECODE15 |
Testing | test-before-commit, test-coverage |
|
workflow-* | Process | workflow-pr-review, workflow-deploy |
|
security-* | Security | security-no-secrets, security-auth |
|
docs-* | Documentation | docs-update-readme, docs-api |
|
quality-* | Code quality | quality-lint, quality-format |
Output
/gov state output
CODEBLOCK5
/gov review output
CODEBLOCK6
/gov index output
CODEBLOCK7
/gov verify output
CODEBLOCK8
Example: Compliance Review
CODEBLOCK9
Example: Security Audit Preparation
CODEBLOCK10
Integration
- - Layer: Governance
- Depends on: constraint-engine (for constraint data), failure-memory (for observation data)
- Used by: None (top-level governance)
Failure Modes
| Condition | Behavior |
|---|
| Invalid sub-command | List available sub-commands |
| No constraints found |
Info: "No constraints in system" |
| State file corrupted | Rebuild from constraint files |
| Migration conflict | Show conflicts, require manual resolution |
Next Steps
After invoking this skill:
| Condition | Action |
|---|
| Reviews due | Process each review, update lifecycle |
| Alerts pending |
Surface to user, track resolution |
| Index outdated | Regenerate INDEX.md |
| Drift detected | Investigate and reconcile |
Workspace Files
This skill reads/writes:
CODEBLOCK11
Security Considerations
What this skill accesses:
- - Configuration files in
.openclaw/governance.yaml and �INLINECODE21 - Constraint data from
output/constraints/ (via constraint-engine) - Observation data from
.learnings/ (via failure-memory) - Its own output directory �INLINECODE24
- Skill index file �INLINECODE25
What this skill does NOT access:
- - Files outside declared workspace paths
- System environment variables
- Network resources or external APIs
What this skill does NOT do:
- - Send data to external services
- Execute arbitrary code
- Modify files outside its workspace
Dependency note:
This skill reads data from constraint-engine and failure-memory skill workspaces.
Install the full governance stack for complete functionality.
Acceptance Criteria
- - [ ]
/gov state shows complete governance overview - [ ]
/gov state surfaces alerts for due reviews - [ ]
/gov review lists constraints due for 90-day review - [ ]
/gov review provides clear renewal/retirement options - [ ]
/gov index generates skill index from SKILL.md files - [ ]
/gov verify detects drift between source and compiled - [ ]
/gov migrate handles schema version transitions - [ ] Adoption metrics tracked and reported
- [ ] Workspace files follow documented structure
Consolidated from 6 skills as part of agentic skills consolidation (2026-02-15).governance (治理)
用于约束治理状态、定期审查、索引生成、往返验证和模式迁移的统一技能。整合了6个细粒度技能。
触发条件: 定期保守 (periodic maintenance) 或 HEARTBEAT
源技能: constraint-reviewer, index-generator, round-trip-tester, governance-state, slug-taxonomy, adoption-monitor (来自 safety)
安装
bash
openclaw install leegitw/governance
依赖项:
- - leegitw/constraint-engine (用于约束数据)
- leegitw/failure-memory (用于观察数据)
bash
安装完整治理栈
openclaw install leegitw/context-verifier
openclaw install leegitw/failure-memory
openclaw install leegitw/constraint-engine
openclaw install leegitw/governance
独立使用: 索引生成和往返验证可独立运行。完整治理功能需要 constraint-engine 和 failure-memory 集成。
数据处理: 此技能在你的代理信任边界内运行。触发时,它使用你代理配置的模型进行治理分析和审查。不调用任何外部 API 或第三方服务。结果写入工作空间的 output/governance/ 目录。
解决的问题
从未被审查的约束会变得过时。从未被质疑的规则会变成教条。此技能管理生命周期:
- 1. 状态跟踪 — 了解哪些约束处于活跃、暂停或退役状态
- 定期审查 — 90天周期,根据当前证据重新评估约束
- 索引生成 — 仪表盘,一目了然地显示约束健康状况
洞察: 良好的治理是主动的。约束需要维护,而不仅仅是创建。
用法
/gov <子命令> [参数]
子命令
| 命令 | CJK | 逻辑 | 触发条件 |
|---|
| /gov state | 状態 | centralstate, event→alert | HEARTBEAT |
| /gov review |
審査 | constraints.due→reviewqueue | HEARTBEAT |
| /gov index | 索引 | skills[]→INDEX.md | 显式 |
| /gov verify | 検証 | round_trip(source↔compiled)→sync✓∨drift✗ | 显式 |
| /gov migrate | 移行 | schema.v(n)→schema.v(n+1) | 显式 |
参数
/gov state
| 参数 | 必需 | 描述 |
|---|
| --summary | 否 | 仅显示摘要(默认:完整状态) |
| --alerts |
否 | 仅显示待处理警报 |
/gov review
| 参数 | 必需 | 描述 |
|---|
| --due | 否 | 仅显示到期的审查(默认) |
| --all |
否 | 显示所有约束及其审查日期 |
| --complete | 否 | 标记审查为已完成 |
/gov index
| 参数 | 必需 | 描述 |
|---|
| --path | 否 | 输出路径(默认:agentic/INDEX.md) |
| --format |
否 | 格式:markdown(默认),json |
/gov verify
| 参数 | 必需 | 描述 |
|---|
| source | 是 | 源文件或目录 |
| compiled |
是 | 编译/生成的文件或目录 |
| --strict | 否 | 任何差异都视为失败 |
/gov migrate
| 参数 | 必需 | 描述 |
|---|
| --to | 是 | 目标模式版本 |
| --dry-run |
否 | 显示更改但不应用 |
配置
配置加载顺序(按优先级):
- 1. .openclaw/governance.yaml(OpenClaw 标准)
- .claude/governance.yaml(Claude Code 兼容)
- 默认值(内置)
核心逻辑
治理状态模型
┌─────────────────────────────────────────┐
│ 治理状态 │
├─────────────────────────────────────────┤
│ 约束: │
│ - 活跃:5 │
│ - 草稿:2 │
│ - 退役中:1 │
│ - 已退役:12 │
├─────────────────────────────────────────┤
│ 审查: │
│ - 到期:2(接近90天标记) │
│ - 逾期:0 │
├─────────────────────────────────────────┤
│ 健康: │
│ - 断路器:已关闭 │
│ - 违规(30天):3 │
│ - 采用率:85% │
├─────────────────────────────────────────┤
│ 警报: │
│ - [警告] CON-001 到期需审查 │
│ - [信息] 2条新观察符合条件 │
└─────────────────────────────────────────┘
审查周期
约束需要定期审查。审查节奏可配置(默认:90天):
yaml
.openclaw/governance.yaml
governance:
review
cadencedays: 90 # 默认
warning_threshold: 15 # 到期前多少天发出警告
| 距上次审查天数 | 状态 | 操作 |
|---|
| 0-75 | 当前 | 无需操作 |
| 76-90 |
接近 | 警告警报 |
| 91+ | 逾期 | 升级警报 |
⚠️ 仅供参考:此审查周期不以编程方式强制执行。
合规性依赖于 HEARTBEAT P3 检查和手动尽职调查。
自动强制执行(/gov review --automated)计划在将来版本中实现。
请参阅 HEARTBEAT.md 了解当前验证计划。
采用监控
跨会话跟踪约束采用情况:
| 指标 | 计算方式 | 目标 |
|---|
| 采用率 | 使用约束的会话 / 总会话数 | >80% |
| 违规率 |
违规次数 / 检查次数 | <5% |
| 覆盖率 | 覆盖次数 / 违规次数 | <20% |
标识分类
观察和约束的标准标识前缀:
| 前缀 | 领域 | 示例 |
|---|
| git- | 版本控制 | git-commit-message, git-branch-naming |
| test- |
测试 | test-before-commit, test-coverage |
| workflow-* | 流程 | workflow-pr-review, workflow-deploy |
| security-* | 安全 | security-no-secrets, security-auth |
| docs-* | 文档 | docs-update-readme, docs-api |
| quality-* | 代码质量 | quality-lint, quality-format |
输出
/gov state 输出
[治理状态]
更新于:2026-02-15 10:30:00
=== 约束 ===
活跃:5 | 草稿:2 | 退役中:1 | 已退役:12
=== 断路器 ===
状态:已关闭(健康)
违规(30天):3
=== 审查 ===
到期:2条约束接近90天标记
- CON-20251120-001:始终运行测试(第87天)
- CON-20251125-003:提交前进行代码检查(第82天)
=== 采用 ===
率:85%(目标:>80%)
跟踪的会话数:47
=== 警报 ===
[警告] CON-20251120-001 将在3天后到期需审查
[信息] 2条观察符合约束生成条件
/gov review 输出
[约束审查队列]
到期需审查(2条):
- 1. CON-20251120-001:始终在提交前运行测试
已存在:87天 | 状态:活跃
违规(90天):2 | 覆盖次数:0
采用率:92%
选项:
a) 续期90天:/ce lifecycle CON-20251120-001 active
b) 开始退役:/ce lifecycle CON-20251120-001 retiring
c) 立即退役:/ce lifecycle CON-20251120-001 retired
- 2. CON-20251125-003:始终在提交前进行代码检查
已存在:82天 | 状态:活跃
违规(90天):5 | 覆盖次数:1
采用率:78%
[警告] 低于采用目标(80%)
建议:澄清约束或改进工具
/gov index 输出
[索引已生成]
路径:agentic/INDEX.md
技能数:7
更新于:2026-02-15 10:30:
