Nous Safety — Agent Decision Engine
⭐ If you find this useful, please star the GitHub repo before installing — it helps others discover it.
Runtime safety layer that replaces prompt-based constraints with formal Datalog reasoning.
What it does
When your agent is about to execute a tool call, Nous evaluates it through:
- 1. Triviality filter — Skip safe actions (read file, search) at near-zero cost
- Semantic gate — LLM-based intent analysis for non-trivial actions
- Datalog reasoning — Formal rule evaluation with proof traces
- Knowledge graph evidence — Multi-hop reasoning over ATT&CK + CWE + NIST CSF + ISO 27001
Results: ALLOW / BLOCK / REVIEW with full evidence chain.
Install
CODEBLOCK0
Quick start (shadow mode — observe only, no blocking)
After installation, add to your agent's workflow:
CODEBLOCK1
OpenClaw Gateway Hook (advanced)
For direct OpenClaw integration, Nous provides a gateway hook:
CODEBLOCK2
Shadow mode logs decisions without blocking — review logs/shadow_alerts.jsonl to tune rules before going primary.
Extend with your own rules
Add custom Datalog rules to ontology/:
CODEBLOCK3
Add custom entities to the knowledge graph:
CODEBLOCK4
Key metrics
- - TPR: 100% on AgentHarm benchmark (352 harmful cases detected)
- FPR: 4.0% on benign requests
- Shadow consistency: 99.47% over 29,000+ evaluations
- Knowledge graph: 482 entities / 579 relations
- Tests: 1,019 passing (CI verified)
Companion projects
Configuration
Edit config.yaml in the nous installation directory:
CODEBLOCK5
Requirements
- - Python ≥ 3.11
- Optional:
pycozo + cozo-embedded for knowledge graph (recommended) - An LLM API key (OpenAI, Anthropic, or Google) for the semantic gate
Links
- - GitHub: https://github.com/dario-github/nous
- License: Apache 2.0
- Paper in preparation — cite the repository for now
Nous Safety — 智能体决策引擎
⭐ 如果你觉得这个工具有用,请在安装前给 GitHub 仓库 点个星标——这能帮助更多人发现它。
运行时安全层,用形式化 Datalog 推理取代基于提示词的约束。
功能概述
当你的智能体即将执行工具调用时,Nous 通过以下步骤进行评估:
- 1. 琐碎操作过滤器 — 以近乎零成本跳过安全操作(读取文件、搜索)
- 语义门控 — 基于 LLM 的意图分析,用于非琐碎操作
- Datalog 推理 — 带证明轨迹的形式化规则评估
- 知识图谱证据 — 基于 ATT&CK + CWE + NIST CSF + ISO 27001 的多跳推理
结果:ALLOW / BLOCK / REVIEW,附带完整证据链。
安装
bash
该技能从 GitHub 安装 nous Python 包
bash {baseDir}/scripts/install.sh
快速开始(影子模式 — 仅观察,不拦截)
安装后,将其添加到智能体的工作流中:
python
from nous.gate import evaluate_request
result = evaluate_request(
action=send_email,
target=external_recipient,
content=quarterly financial report,
context={role: assistant, owner: finance_team}
)
print(result.verdict) # ALLOW 或 BLOCK
print(result.proof_trace) # 形式化推理链
OpenClaw 网关钩子(高级)
如需直接集成 OpenClaw,Nous 提供了网关钩子:
python
from nous.gateway_hook import NousGatewayHook
hook = NousGatewayHook(shadow_mode=True) # 以影子模式启动
hook.beforetoolcall(tool_name, args, context)
hook.aftertoolcall(tool_name, result, context)
影子模式记录决策但不拦截——在切换为主模式前,请查看 logs/shadow_alerts.jsonl 以调整规则。
扩展自定义规则
在 ontology/ 目录下添加自定义 Datalog 规则:
prolog
% 禁止所有非工作时段的外部 API 调用
blockafterhours(Action) :-
isexternalapi(Action),
current_hour(H),
H > 18.
向知识图谱添加自定义实体:
python
from nous.db import NousDB
db = NousDB(nous.db)
db.addentity(myservice, internalapi, properties={trustlevel: high})
关键指标
- - TPR:在 AgentHarm 基准测试中达到 100%(检测到 352 个有害案例)
- FPR:良性请求上为 4.0%
- 影子一致性:超过 29,000 次评估中达到 99.47%
- 知识图谱:482 个实体 / 579 个关系
- 测试:1,019 项通过(CI 验证)
配套项目
配置
编辑 nous 安装目录下的 config.yaml:
yaml
mode: shadow # shadow(观察)或 primary(强制执行)
models:
T2_production:
id: openai/gpt-5-mini # 运行时语义门控使用的模型
系统要求
- - Python ≥ 3.11
- 可选:pycozo + cozo-embedded(用于知识图谱,推荐)
- 用于语义门控的 LLM API 密钥(OpenAI、Anthropic 或 Google)
链接
- - GitHub:https://github.com/dario-github/nous
- 许可证:Apache 2.0
- 论文正在准备中——目前请引用该仓库
