dashclaw_guard
Evaluate each risky action against governance policies before execution, returning allow, warn, block, or require_approval to prevent unauthorized changes.
Instructions
Evaluate DashClaw governance policies before taking a risky action. Call this BEFORE any action that modifies external systems, deploys code, sends messages, or touches production data. Returns a decision: "allow" (proceed), "warn" (proceed with caution), "block" (stop), or "require_approval" (wait for human in Mission Control). If the decision is "block", do NOT proceed with the action.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| target | No | Primary file path, URL, or resource the action touches (lets protected-path policies match) | |
| content | No | Outbound content excerpt (file content, message body) so secret-scan and content policies can evaluate it | |
| agent_id | No | Fallback identity when no server-level agent id is configured (the configured id wins) | |
| tool_name | No | Name of the tool that will perform the action (e.g., Write, Bash, send_email) | |
| reversible | No | Whether the action can be undone | |
| risk_score | Yes | Estimated risk 0-100. Use 70+ for production systems. | |
| action_type | Yes | Category of action (e.g., deploy, send_email, database_write, api_call) | |
| write_paths | No | File paths the action will write or modify (protected-path policy matching) | |
| declared_goal | Yes | What you intend to do, in plain language | |
| systems_touched | No | Systems affected (e.g., production, database, email) |