@goplus/agentguard 1.1.5 → 1.1.8

package/skills/agentguard/SKILL.md

@@ -31,7 +31,7 @@ filesystem-access:
     reason: "Read/write audit log (audit.jsonl) and protection level config (config.json)"
 user-invocable: true
 allowed-tools: Read, Write, Grep, Glob, Bash(node *trust-cli.ts *) Bash(node *action-cli.ts *) Bash(*checkup-report.js) Bash(echo *checkup-report.js) Bash(cat *checkup-report.js) Bash(agentguard *) Bash(openclaw *) Bash(ss *) Bash(lsof *) Bash(ufw *) Bash(iptables *) Bash(crontab *) Bash(systemctl list-timers *) Bash(find *) Bash(stat *) Bash(env) Bash(sha256sum *) Bash(node *) Bash(cd *)
-argument-hint: "[scan|action|patrol|subscribe|trust|report|config|checkup] [args...]"
+argument-hint: "[scan|action|patrol|subscribe|trust|report|config|checkup|cli] [args...]"
 ---
 
 # GoPlus AgentGuard — AI Agent Security Framework
@@ -64,9 +64,38 @@ Parse `$ARGUMENTS` to determine the subcommand:
 - **`config <strict|balanced|permissive>`** — Set protection level
 - **`checkup`** — Run a comprehensive agent health checkup and generate a visual HTML report
 - **`hermes-hooks`** — Show or install Hermes shell-hook configuration for runtime protection
+- **`cli <args...>`** — Run the installed `agentguard` CLI directly for supported commands not otherwise routed by this skill
 
 If no subcommand is given, or the first argument is a path, default to **scan**.
 
+### CLI Passthrough
+
+This skill is allowed to run `agentguard *`, so CLI commands and flags are available even when the skill has a higher-level workflow for the same area.
+
+The skill's routed subcommands take priority over similarly named CLI commands. Do not route these through the packaged CLI unless the user explicitly prefixes the request with `/agentguard cli`: `scan`, `action`, `patrol`, `trust`, `report`, `config`, `checkup`, `hermes-hooks`.
+
+Use CLI passthrough for the CLI-only commands below, for explicit `/agentguard cli <args...>` requests, or for the targeted `checkup --against-advisory <id>` mode described below.
+
+Supported CLI commands and options:
+
+| CLI command | Options | Notes |
+|---|---|---|
+| `agentguard init` | `--level <level>`, `--agent <agent>`, `--cloud <url>`, `--force` | Creates local config and optionally installs agent templates |
+| `agentguard connect` | `--key <key>`, `--api-key <key>`, `--url <url>`, `--cloud <url>` | Prefer `AGENTGUARD_API_KEY` over passing secrets in flags |
+| `agentguard disconnect` | none | Removes local Cloud API key, connection timestamp, pending event spool, and cached Cloud policy; keeps Cloud URL, audit log, and installed hooks/templates |
+| `agentguard status` | none | Shows local config, Cloud URL/API key status, policy cache, audit path |
+| `agentguard policy pull` | `--json` | Pulls Cloud effective runtime policy into the local cache |
+| `agentguard doctor` | none | Checks local setup and Cloud reachability when connected |
+| `agentguard protect` | `--agent <agent>`, `--action-type <type>`, `--tool-name <name>`, `--session-id <id>`, `--decision-mode <local-first|cloud>`, `--json` | Evaluates one runtime action from stdin or hook environment |
+| `agentguard subscribe` | `--since <iso>`, `--json`, `--no-report`, `--install-cron`, `--cron-name <name>`, `--interval-minutes <minutes>`, `--force`, `--cron-run` | Pulls Cloud threat advisories and self-checks local skills |
+| `agentguard checkup --against-advisory <id>` | `--json` | CLI threat-feed self-check for one advisory; this is a targeted mode, not the default health-check workflow |
+
+If the user writes `/agentguard cli <args...>`, execute `agentguard <args...>` directly.
+
+Do **not** route plain `/agentguard scan`, `/agentguard action`, `/agentguard patrol`, `/agentguard trust`, `/agentguard report`, `/agentguard config`, `/agentguard checkup`, `/agentguard checkup --json`, or natural-language requests like "run agentguard checkup" through the packaged CLI. Those are this skill's higher-level workflows. Only use the packaged CLI checkup path when the user includes `--against-advisory <id>` or explicitly writes `/agentguard cli checkup ...`.
+
+If the user writes `/agentguard checkup --against-advisory <id>`, use the CLI command `agentguard checkup --against-advisory <id>` instead of the comprehensive HTML health-report workflow.
+
 ## Subcommand: hermes-hooks
 
 Help the user configure AgentGuard runtime protection for Hermes Agent.
@@ -152,15 +181,20 @@ Examples:
 ```bash
 agentguard subscribe
 agentguard subscribe --json
+agentguard subscribe --since 2026-05-01T00:00:00.000Z
+agentguard subscribe --no-report
 agentguard subscribe --install-cron
+agentguard subscribe --install-cron --cron-name agentguard-threat-feed
 agentguard subscribe --install-cron --interval-minutes 5
 agentguard subscribe --install-cron --force
 ```
 
-When `--install-cron` is used, the CLI registers an OpenClaw isolated cron job through the local OpenClaw Gateway at `127.0.0.1:18789`. It runs every 15 minutes by default. Pass `--interval-minutes <n>` to override the cadence. If a job with the same name already exists, the CLI leaves it untouched unless `--force` is passed. The cron delivery is intentionally silent (`delivery.mode = "none"`); the isolated turn executes `agentguard subscribe --json --cron-run` and only sends the configured notification when `shouldNotify` is `true`.
+When `--install-cron` is used, the CLI registers an OpenClaw isolated cron job through the local OpenClaw Gateway at `127.0.0.1:18789`. It runs every 15 minutes by default. Pass `--interval-minutes <n>` to override the cadence and `--cron-name <name>` to choose the job name. If a job with the same name already exists, the CLI leaves it untouched unless `--force` is passed. The cron delivery is intentionally silent (`delivery.mode = "none"`); the isolated turn executes `agentguard subscribe --json --cron-run` and only sends the configured notification when `shouldNotify` is `true`.
 
 `agentguard subscribe --json` always includes a stable `cron` object with `requested`, `installed`, and optional `result` fields. If cron installation fails, the command exits non-zero instead of printing a misleading success summary.
 
+`--since <iso>` overrides the persisted feed cursor for one run. `--no-report` skips uploading local matches back to Cloud. `--cron-run` is internal and should only be used by the OpenClaw cron prompt unless the user explicitly asks to reproduce cron behavior.
+
 ---
 
 # Security Operations
@@ -611,16 +645,16 @@ web3.tx_policy: 'allow' | 'confirm_high_risk' | 'deny'
 
 ### Operations
 
-**lookup** — `agentguard trust lookup --source <source> --version <version>`
+**lookup** — `node scripts/trust-cli.ts lookup --source <source> --version <version>`
 Query the registry for a skill's trust record.
 
-**attest** — `agentguard trust attest --id <id> --source <source> --version <version> --hash <hash> --trust-level <level> --preset <preset> --reviewed-by <name>`
+**attest** — `node scripts/trust-cli.ts attest --id <id> --source <source> --version <version> --hash <hash> --trust-level <level> --preset <preset> --reviewed-by <name>`
 Create or update a trust record. Use `--preset` for common capability models or provide `--capabilities <json>` for custom.
 
-**revoke** — `agentguard trust revoke --source <source> --reason <reason>`
+**revoke** — `node scripts/trust-cli.ts revoke --source <source> --reason <reason>`
 Revoke trust for a skill. Supports `--source-pattern` for wildcards.
 
-**list** — `agentguard trust list [--trust-level <level>] [--status <status>]`
+**list** — `node scripts/trust-cli.ts list [--trust-level <level>] [--status <status>]`
 List all trust records with optional filters.
 
 ### Script Execution
@@ -726,6 +760,17 @@ If the log file doesn't exist, inform the user that no security events have been
 
 Run a comprehensive agent health checkup across 6 security dimensions. Generates a visual HTML report with a lobster mascot and opens it in the browser. The lobster's appearance reflects the agent's health: muscular bodybuilder (score 90+), healthy with shield (70–89), tired with coffee (50–69), or sick with bandages (0–49).
 
+Plain `checkup` must always run this comprehensive workflow, even if the user phrases it as `agentguard checkup`. Do not answer that an advisory ID is required. Advisory IDs are optional and only switch to the targeted threat-feed self-check mode described below.
+
+If the arguments include `--against-advisory <id>`, do not run this comprehensive HTML workflow. Instead execute the CLI threat-feed self-check:
+
+```bash
+agentguard checkup --against-advisory <id>
+agentguard checkup --against-advisory <id> --json
+```
+
+That CLI path fetches the current Cloud advisory feed and checks local skills against the single advisory. It is separate from the full health report below.
+
 ### Step 1: Data Collection
 
 **IMPORTANT: You MUST run ALL 7 checks below — not just the skill scan. The checkup covers 5 security dimensions, not just code scanning. Do NOT skip checks 2–7.**