salus-agent-guardrailslisted

# Workflow When this skill triggers, follow these steps in order. ## Step 1 — Locate the policy file Check whether the user has specified a policy file path. - If a path is provided, confirm the file exists and is readable. - If no path is provided, ask: "Please provide the path to your policy JSON file. It should be an array of `{ effect, tool, args?, reason }` rules. See `examples/policy.json` for a working example." - If the user has no policy, offer to generate a starter policy based on their described use-case before proceeding. ## Step 2 — Capture the proposed tool-call Capture the tool-call the agent is about to execute. It must be valid JSON matching: ```json { "tool": "<name>", "args": { "<argName>": "<value>", ... } } ``` Wrap it in a JSON array if it is a single object (the engine accepts an array of calls). If the user provides multiple calls at once, evaluate them all together. ## Step 3 — Run the engine Execute the rule matcher from the skill root: ```bash node scripts/policy-eval.mjs <policyFile> <callsFile> ``` The engine outputs a JSON array of `{ tool, decision, reason }` — one entry per call. Capture stdout. If the process exits non-zero, surface the stderr message to the user and stop. ## Step 4 — Report the decision For each result: - **allow** — report the tool name, decision, and reason. The call may proceed. - **deny** — report the tool name, decision, and the rule that fired. Explain what the agent attempted and why the policy blocked