constraint-engine (制約)
Unified skill for constraint generation, pre-action checking, circuit breaker management,
and constraint lifecycle. Consolidates 7 granular skills into a single enforcement system.
Trigger: 行動前∨閾値到達 (pre-action or threshold reached)
Source skills: constraint-generator, circuit-breaker, emergency-override, constraint-lifecycle, constraint-versioning, positive-framer (partial), contextual-injection (partial)
Installation
CODEBLOCK0
Dependencies: leegitw/failure-memory (for eligibility data)
CODEBLOCK1
Standalone usage: Requires failure-memory for constraint generation from observations.
For full lifecycle management, install the complete suite (see Neon Agentic Suite).
Data handling: This skill operates within your agent's trust boundary. When triggered,
it uses your agent's configured model for constraint checking and generation. No external APIs
or third-party services are called. Results are written to output/constraints/ in your workspace.
What This Solves
Instructions get ignored. Rules get forgotten. Documentation goes unread. This skill takes a different approach — constraints generated from actual failures:
- 1. Generate constraints from observations that meet the eligibility threshold (
R≥3 ∧ C≥2) - Enforce constraints at runtime with a circuit breaker (CLOSED → OPEN → HALF-OPEN)
- Manage lifecycle from proposal through adoption to retirement
The insight: A constraint born from "this actually broke" carries more weight than "this might break." Consequences teach better than instructions.
Usage
CODEBLOCK2
Sub-Commands
| Command | CJK | Logic | Trigger |
|---|
| INLINECODE3 | 検査 | action→constraints[]→pass∨block | Next Steps (auto) |
| INLINECODE4 |
生成 | eligible(obs)→constraint | Next Steps (auto) |
|
/ce status | 状態 | active[], circuit∈{CLOSED,OPEN,HALF} | Explicit |
|
/ce override | 上書 | constraint→bypass(temp), audit.log++ | Explicit |
|
/ce lifecycle | 周期 | state∈{draft→active→retiring→retired} | Explicit |
|
/ce version | 版本 | constraint→v++, history.preserve | Explicit |
|
/ce threshold | 閾値 | user∨context→custom_threshold | Explicit |
Arguments
/ce check
| Argument | Required | Description |
|---|
| action | Yes | Action to check against constraints |
| --severity |
No | Minimum severity to check:
critical,
important,
minor (default: all) |
/ce generate
| Argument | Required | Description |
|---|
| observation | Yes | Observation ID or pattern to generate constraint from |
| --force |
No | Generate even if eligibility criteria not met |
/ce status
| Argument | Required | Description |
|---|
| --circuit | No | Show circuit breaker status only |
| --active |
No | Show active constraints only |
/ce override
| Argument | Required | Description |
|---|
| constraint | Yes | Constraint ID to override |
| reason |
Yes | Reason for override (logged for audit) |
| --duration | No | Override duration (default: "session") |
/ce lifecycle
| Argument | Required | Description |
|---|
| constraint | Yes | Constraint ID |
| state |
Yes | Target state:
draft,
active,
retiring,
retired |
/ce version
| Argument | Required | Description |
|---|
| constraint | Yes | Constraint ID |
| --bump |
No | Version bump type:
major,
minor,
patch (default: minor) |
/ce threshold
| Argument | Required | Description |
|---|
| --R | No | Custom recurrence threshold (default: 3) |
| --C |
No | Custom confirmation threshold (default: 2) |
| --reset | No | Reset to default thresholds |
Configuration
Configuration is loaded from (in order of precedence):
- 1.
.openclaw/constraint-engine.yaml (OpenClaw standard) - INLINECODE21� (Claude Code compatibility)
- Defaults (built-in)
CODEBLOCK3
Core Logic
Eligibility Criteria
Observation becomes eligible for constraint when:
CODEBLOCK4�
| Criterion | Meaning |
|---|
| R≥3 | At least 3 recurrences |
| C≥2 |
At least 2 human confirmations |
| D/(C+D)<0.2 | False positive rate under 20% |
| sources≥2 | Observed by at least 2 different sources |
Positive Reframing
Constraints are automatically reframed positively:
| Negative | Positive |
|---|
| "Don't commit without tests" | "Always run tests before commit" |
| "Don't push to main directly" |
"Always create PR for main changes" |
| "Don't deploy without review" | "Always get code review before deployment" |
| "Don't skip migrations" | "Always run database migrations before release" |
Example: Code Review Constraint
CODEBLOCK5
Example: Deployment Gate Constraint
CODEBLOCK6
Circuit Breaker States
| State | Meaning | Behavior |
|---|
| CLOSED | Normal operation | Constraints enforced |
| OPEN |
Circuit tripped | Block all related actions |
| HALF-OPEN | Testing recovery | Allow limited actions |
Circuit Breaker Thresholds
| Severity | Threshold | Window |
|---|
| CRITICAL | 3 violations | 30 days |
| IMPORTANT |
5 violations | 30 days |
| MINOR | 10 violations | 30 days |
Constraint Lifecycle
CODEBLOCK7
Output
/ce check output (pass)
CODEBLOCK8
/ce check output (block)
CODEBLOCK9
/ce status output
CODEBLOCK10
/ce generate output
CODEBLOCK11
Integration
- - Layer: Core
- Depends on: failure-memory (for eligibility data)
- Used by: governance (for constraint reviews), safety-checks (for enforcement)
Failure Modes
| Condition | Behavior |
|---|
| Invalid sub-command | List available sub-commands |
| Constraint not found |
Error with suggestion to search |
| Ineligible observation | Show missing criteria, suggest /fm status |
| Circuit OPEN | Block action, show recovery guidance |
| Override without reason | Require reason for audit trail |
Next Steps
After invoking this skill:
| Condition | Action |
|---|
| Constraint generated | Add to output/constraints/draft/, notify user |
| Constraint activated |
Move to
output/constraints/active/ |
| Action blocked | Log to
output/hooks/blocked.log, explain why |
| Circuit OPEN | Surface to user with recovery guidance |
| Override used | Audit log entry, temporary bypass only |
Workspace Files
This skill reads/writes:
CODEBLOCK12
Security Considerations
What this skill accesses:
- - Configuration files in
.openclaw/constraint-engine.yaml and �INLINECODE26 - Observation data from failure-memory (via
.learnings/ directory) - Its own output directories
output/constraints/ and �INLINECODE29
What this skill does NOT access:
- - Files outside declared workspace paths
- System environment variables
- Network resources or external APIs
What this skill does NOT do:
- - Send data to external services
- Execute arbitrary code
- Modify files outside its workspace
Dependency note:
This skill reads observation data from failure-memory skill's workspace (.learnings/).
Install leegitw/failure-memory for full constraint generation functionality.
Without failure-memory, constraint generation will have no observation data to process.
Audit logging:
Override actions are logged to output/hooks/blocked.log for audit purposes.
Logs are stored locally in the workspace only.
Acceptance Criteria
- - [ ]
/ce check validates action against active constraints - [ ]
/ce check blocks when constraint violated, shows reason - [ ]
/ce generate creates constraint from eligible observation - [ ]
/ce generate applies positive reframing - [ ]
/ce status shows circuit breaker state and active constraints - [ ]
/ce override creates temporary bypass with audit log - [ ]
/ce lifecycle transitions constraint through states - [ ]
/ce version increments constraint version preserving history - [ ] Circuit breaker trips at severity-appropriate thresholds
- [ ] Workspace files follow documented structure
Consolidated from 7 skills as part of agentic skills consolidation (2026-02-15).constraint-engine (制約)
用于约束生成、行动前检查、断路器管理和约束生命周期的统一技能。将7个细粒度技能整合为单一执行系统。
触发条件:行动前∨阈值到达 (行动前或阈值到达)
源技能:constraint-generator, circuit-breaker, emergency-override, constraint-lifecycle, constraint-versioning, positive-framer (部分), contextual-injection (部分)
安装
bash
openclaw install leegitw/constraint-engine
依赖项:leegitw/failure-memory (用于资格数据)
bash
安装依赖项
openclaw install leegitw/context-verifier
openclaw install leegitw/failure-memory
openclaw install leegitw/constraint-engine
独立使用:需要failure-memory从观察中生成约束。
如需完整生命周期管理,请安装完整套件(参见 Neon Agentic Suite)。
数据处理:此技能在代理的信任边界内运行。触发时,使用代理配置的模型进行约束检查和生成。不调用外部API或第三方服务。结果写入工作区的 output/constraints/ 目录。
解决的问题
指令被忽略。规则被遗忘。文档无人阅读。本技能采用不同的方法——从实际故障中生成约束:
- 1. 从观察生成约束,满足资格阈值 (R≥3 ∧ C≥2)
- 运行时强制执行约束,使用断路器 (CLOSED → OPEN → HALF-OPEN)
- 管理生命周期,从提案到采用再到退役
核心洞察:源于这确实出过问题的约束比这可能会出问题更有分量。后果比指令更能教会人。
用法
/ce <子命令> [参数]
子命令
| 命令 | 中文 | 逻辑 | 触发条件 |
|---|
| /ce check | 检查 | action→constraints[]→pass∨block | 下一步 (自动) |
| /ce generate |
生成 | eligible(obs)→constraint | 下一步 (自动) |
| /ce status | 状态 | active[], circuit∈{CLOSED,OPEN,HALF} | 显式 |
| /ce override | 上写 | constraint→bypass(temp), audit.log++ | 显式 |
| /ce lifecycle | 周期 | state∈{draft→active→retiring→retired} | 显式 |
| /ce version | 版本 | constraint→v++, history.preserve | 显式 |
| /ce threshold | 阈值 | user∨context→custom_threshold | 显式 |
参数
/ce check
| 参数 | 必需 | 描述 |
|---|
| action | 是 | 要检查的行动 |
| --severity |
否 | 最低检查严重级别:critical, important, minor (默认:全部) |
/ce generate
| 参数 | 必需 | 描述 |
|---|
| observation | 是 | 用于生成约束的观察ID或模式 |
| --force |
否 | 即使不满足资格条件也生成 |
/ce status
| 参数 | 必需 | 描述 |
|---|
| --circuit | 否 | 仅显示断路器状态 |
| --active |
否 | 仅显示活动约束 |
/ce override
| 参数 | 必需 | 描述 |
|---|
| constraint | 是 | 要覆盖的约束ID |
| reason |
是 | 覆盖原因 (记录到审计日志) |
| --duration | 否 | 覆盖持续时间 (默认:session) |
/ce lifecycle
| 参数 | 必需 | 描述 |
|---|
| constraint | 是 | 约束ID |
| state |
是 | 目标状态:draft, active, retiring, retired |
/ce version
| 参数 | 必需 | 描述 |
|---|
| constraint | 是 | 约束ID |
| --bump |
否 | 版本升级类型:major, minor, patch (默认:minor) |
/ce threshold
| 参数 | 必需 | 描述 |
|---|
| --R | 否 | 自定义重复阈值 (默认:3) |
| --C |
否 | 自定义确认阈值 (默认:2) |
| --reset | 否 | 重置为默认阈值 |
配置
配置加载顺序(优先级从高到低):
- 1. .openclaw/constraint-engine.yaml (OpenClaw 标准)
- .claude/constraint-engine.yaml (Claude Code 兼容)
- 默认值 (内置)
yaml
.openclaw/constraint-engine.yaml
thresholds:
R: 3 # 重复阈值 (默认:3)
C: 2 # 确认阈值 (默认:2)
false
positivemax: 0.2 # 最大 D/(C+D) 比率 (默认:0.2)
circuit_breaker:
critical_threshold: 3 # CRITICAL 触发违规次数
important_threshold: 5 # IMPORTANT 触发违规次数
minor_threshold: 10 # MINOR 触发违规次数
window_days: 30 # 违规窗口期 (默认:30天)
lifecycle:
review
reminderdays: 80 # 90天审查前的提醒天数
核心逻辑
资格标准
观察满足约束生成资格的条件:
R≥3 ∧ C≥2 ∧ D/(C+D)<0.2 ∧ sources≥2
至少2次人工确认 |
| D/(C+D)<0.2 | 误报率低于20% |
| sources≥2 | 至少2个不同来源观察到 |
正面重构
约束会自动进行正面重构:
| 负面表述 | 正面表述 |
|---|
| 不要在无测试时提交 | 提交前务必运行测试 |
| 不要直接推送到主分支 |
主分支变更务必创建PR |
| 不要在未审查时部署 | 部署前务必获取代码审查 |
| 不要跳过迁移 | 发布前务必运行数据库迁移 |
示例:代码审查约束
[检查被阻止] 部署生产环境
违反约束:CON-20260212-005
生产环境部署前务必获取代码审查批准
严重级别:CRITICAL
操作:通过 /ro twin 请求审查,然后重试部署。
示例:部署门禁约束
[检查通过] 部署预发布环境
已检查活动约束:3
✓ CON-20260210-001:测试通过
✓ CON-20260211-002:预发布冒烟测试
✓ CON-20260212-003:数据库迁移已验证
所有约束满足。继续部署到预发布环境。
断路器状态
| 状态 | 含义 | 行为 |
|---|
| CLOSED | 正常运行 | 强制执行约束 |
| OPEN |
断路器触发 | 阻止所有相关操作 |
| HALF-OPEN | 测试恢复 | 允许有限操作 |
断路器阈值
| 严重级别 | 阈值 | 窗口期 |
|---|
| CRITICAL | 3次违规 | 30天 |
| IMPORTANT |
5次违规 | 30天 |
| MINOR | 10次违规 | 30天 |
约束生命周期
draft → active → retiring → retired
│ │ │
└────────┴─────────┴── 90天审查门禁
输出
/ce check 输出 (通过)
[检查通过] git commit -m feature
已检查活动约束:5
所有约束满足。
/ce check 输出 (阻止)
[检查被阻止] git commit -m feature
违反约束:CON-20260210-001
提交前务必运行测试
严重级别:CRITICAL
操作:先运行测试,然后重试提交。
覆盖:/ce override CON-20260210-001 紧急热修复
/ce status 输出
=== 约束引擎状态 ===
断路器:CLOSED (健康)
活动约束 (5):
- - CON-20260210-001:提交前务必运行测试 [CRITICAL]
- CON-20260212-003:提交前务必进行代码检查 [IMPORTANT]
- ...
草稿约束 (2):
违规次数 (30天):2
/ce generate 输出
[约束已
