Awesome-omni-skill aos-constitutional-governance
Create, sign (Ed25519), verify, and audit an AOS-style immutable constitution for OpenClaw. Use when implementing constitutional governance beneath SOUL.md, designing deny/confirm/allow policy evaluation, generating constitution.yaml + constitution.sig, validating GitTruth attestations, building tamper-evident tool-call logs, or preparing a reference implementation skill/plugin for OpenClaw.
git clone https://github.com/diegosouzapw/awesome-omni-skill
T=$(mktemp -d) && git clone --depth=1 https://github.com/diegosouzapw/awesome-omni-skill "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/tools/aos-constitutional-governance" ~/.claude/skills/diegosouzapw-awesome-omni-skill-aos-constitutional-governance && rm -rf "$T"
skills/tools/aos-constitutional-governance/SKILL.mdAOS Constitutional Governance (OpenClaw)
Implement AOS-style two-layer governance for tool-using assistants:
- Immutable Constitution (locked): signed + GitTruth-attested policy enforced at runtime.
- Mutable Identity (flexible): persona/workflow guidance (e.g.,
).SOUL.md - User Task Intent (ephemeral): per-request justification, confirmations, and overrides.
This Skill focuses on Phase 1 deliverables (spec + signing + verification + audit artifacts) and provides the evaluation algorithm needed for Phase 2 (Gateway enforcement).
Clarification: This repository demonstrates a reference integration between agent frameworks and constitutional governance concepts. It does not grant patent rights or disclose enforcement mechanisms beyond illustrative examples.
Files produced
— human-readable policyconstitution.yaml
— canonical JSON used for hashing/signingconstitution.c14n.json
— detached Ed25519 signature metadataconstitution.sig.json
— GitTruth attestation metadata (pointer)constitution.attestation.json
Canonicalization + signing
- Convert
→ canonical JSON (sorted keys, normalized scalars).constitution.yaml - Compute
.doc_hash = sha256(c14n_json_bytes) - Sign
with Ed25519 →doc_hash
.signature - Commit
+constitution.yaml
to git.constitution.sig.json - GitTruth attests the commit.
- Gateway verifies (a) Ed25519 signature over
, and (b) GitTruth attestation for the commit.doc_hash
Use scripts:
— canonicalize YAML→JSONscripts/c14n.py
— Ed25519 signscripts/sign.py
— verify Ed25519 + (optionally) GitTruth attestationscripts/verify.py
Policy evaluation (deny / confirm / allow)
Decision model
The policy engine returns one of:
- DENY: tool call is blocked (constitutional).
- CONFIRM: tool call is paused pending explicit user approval (scoped override token).
- ALLOW: tool call may execute.
If multiple rules match, select the most restrictive decision:
DENY > CONFIRM > ALLOWand merge obligations (logging, disclosure, reflection) from all matched rules.
Inputs to evaluation
: string (e.g.,tool
,message.send
,read
)exec
: structured args (paths, urls, message text)args
: { kind, label, channel }session
: user task intent object (may be empty)intent
: derived risk classification (see below)risk
: derived tags (e.g.,classifications
,impersonation
) from deterministic matchersfraud
Output
: ALLOW|CONFIRM|DENYdecision
: stable stringreason_code
: e.g., disclosure text to append, reflection fields, log requirementsobligations
: if CONFIRM, a scope hash to approve exactly this calloverride
Risk classification (deterministic)
Risk should be rules-based and reproducible, not LLM-judgment.
Use
scripts/risk.pyRisk is computed as:
risk = max(tool_base_risk(tool), arg_risk(tool,args), data_risk(args), egress_risk(args), user_scope_risk(session,intent))with levels:
low < medium < high < criticalNext steps
Phase 2 (Gateway): move the evaluator into the tool router so it is non-bypassable.