agent-sentinel

Purpose

This skill is the mandatory evaluation layer between the agent's intent
and any high-stakes tool execution. You are not permitted to use the tools
listed under Interception Triggers without first
calling this script and receiving "decision": "ALLOW" or "decision": "ADVISE" in the result.

Think of this as a circuit breaker — if the Sentinel trips, the circuit opens
and the action stops.

Interception Triggers

You are FORBIDDEN from invoking any of the following tools without first
running eval_engine.py and parsing its response.

No exceptions apply. Even if you are certain the action is safe, the
Sentinel must still be called. This is a policy requirement, not a
suggestion.

How to Call the Sentinel

Run the following command before invoking any trigger tool:

CODEBLOCK0

Example — flight booking:
CODEBLOCK1

Example — web search:
CODEBLOCK2

Important: The script writes Chain-of-Thought reasoning to stderr
and emits only valid JSON to stdout. Parse stdout with
json.loads(...). Do not parse stderr.

Response Schema

The script always returns a single JSON object:

CODEBLOCK3

Decision Handling Rules

"ALLOW" — Proceed

The action passed all checks. Continue with the intended tool call.
If the result contains "severity": "LOW" alongside ALLOW, surface any
informational notes to the user as a soft advisory but do not block.

"ADVISE" — Pause and Confirm

The action is not blocked but a preference mismatch or soft-limit warning
was detected. You must:

1. 1. Stop before invoking the tool.
2. Show the reason and alternatives fields to the user verbatim.
3. Ask the user explicitly: "Would you like to proceed anyway?"
4. Only continue if the user confirms. If they do not confirm within the

Example ADVISE response to user:

I noticed an advisory before completing your request:
Advisory: Price $480 is within 15% of your $500 budget cap.
Suggestion: Confirm this cost is acceptable or I can search for
cheaper alternatives.
Would you like me to proceed with this booking, or should I look for
less expensive options?

"BLOCK" — Stop Immediately

You are strictly forbidden from proceeding. Do not attempt to:

• - Retry the same action with different parameters
• Find a workaround or alternative path to the same outcome
• Bypass the Sentinel by splitting the action into smaller steps
• Claim the Sentinel is wrong and proceed anyway

You must:

1. 1. Do not call the trigger tool.
2. Apologize to the user and clearly explain the violation.
3. Quote the reason field exactly.
4. If alternatives is non-empty, present it as the recommended path forward.
5. Ask for an explicit user override if they wish to continue.

Example BLOCK response to user (budget violation):

I'm sorry — I can't complete this booking.
Blocked: Price $650.00 exceeds your maximum budget of $500.00.
What you can do: Look for options priced at or below $500. Consider
flexible dates or alternate airports.
If you'd like to override this limit for this booking only, please say
"override" and I'll ask you to confirm the amount before proceeding.

Example BLOCK response to user (child-safety violation):

I'm sorry — I can't perform this search.
Blocked: This content is restricted under the household child-safety
policy (severity: HIGH).
Reason: [reason from the Sentinel]
Please modify your request. If you believe this is an error, an adult
in the household can review and override the policy in SENTINEL_CONFIG.md.

Override Protocol

If a user explicitly says "override" for a BLOCK decision, you must:

1. 1. Repeat the blocking reason and severity back to the user.
2. Ask for explicit written confirmation: *"Please type 'I confirm' to

1. 3. Log the override in your response (e.g., "Proceeding with user override.").
2. Never offer override for a severity: HIGH (Tier-1 child-safety)

Installing Dependencies

CODEBLOCK4

Configuration

Edit SENTINEL_CONFIG.md (in the skill directory or ~/.openclaw/) to
update your preferences and safety policy. See that file for full
documentation of all supported keys.