romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d367b6f7a2
openclaw/docs/security/guardrails.md
Sentinel Team d7b0c62ddf fix: correct API references in guardrails docs
2026-01-28 11:17:35 -03:00

2.9 KiB
Raw Blame History

title summary permalink
Guardrails AI safety guardrails with @sentinelseed/moltbot. /security/guardrails/

Guardrails

The @sentinelseed/moltbot package provides AI safety guardrails for Moltbot, including real-time validation, data leak prevention, and threat detection.

npm install @sentinelseed/moltbot

Quick Start

Add to your Moltbot config:

{
  "plugins": {
    "sentinel": {
      "level": "watch"
    }
  }
}

Protection Levels

Level Blocking Alerting Best For
off None None Disable Sentinel
watch None All threats Daily use, full visibility
guard Critical High+ threats Sensitive data environments
shield Maximum All threats High-security workflows

The default watch mode provides full monitoring with zero blocking. Higher levels add protection you can always bypass when needed.

Hook Integration

Sentinel provides a hook factory that integrates with Moltbot's hook system:

import { createSentinelHooks } from '@sentinelseed/moltbot';

const hooks = createSentinelHooks({
  level: 'guard',
  alerts: {
    enabled: true,
    webhook: 'https://your-webhook.com/sentinel'
  }
});

export const moltbot_hooks = {
  message_received: hooks.messageReceived,
  before_agent_start: hooks.beforeAgentStart,
  message_sending: hooks.messageSending,
  before_tool_call: hooks.beforeToolCall,
  agent_end: hooks.agentEnd,
};

Validators

For advanced use cases, validators can be used directly:

import { validateOutput, validateTool, analyzeInput, getLevelConfig } from '@sentinelseed/moltbot';

const levelConfig = getLevelConfig('guard');

const outputResult = await validateOutput(content, levelConfig);
if (outputResult.shouldBlock) {
  console.log('Blocked:', outputResult.issues);
}

const toolResult = await validateTool('bash', { command: 'ls' }, levelConfig);
const inputResult = await analyzeInput(userMessage);

Escape Hatches

When you need to bypass protection:

/sentinel pause 5m          # Pause for 5 minutes
/sentinel allow-once        # Allow next action
/sentinel trust bash        # Trust a tool for the session
/sentinel resume            # Resume protection

Configuration

{
  "plugins": {
    "sentinel": {
      "level": "guard",
      "alerts": {
        "enabled": true,
        "webhook": "https://your-webhook.com/sentinel",
        "minSeverity": "high"
      },
      "ignorePatterns": ["MY_SAFE_TOKEN"],
      "logLevel": "warn"
    }
  }
}

All validation runs locally without external API calls.

Links

See the npm package for installation details, the source repository for implementation, and the Sentinel documentation for additional examples.