🎁 Get the FREE AI Skills Starter GuideSubscribe →
BytesAgainBytesAgain
🦀 ClawHub

Pilot Compliance Governance Setup

by @teoslayer

Deploy a compliance and governance system with 4 agents. Use this skill when: 1. User wants to set up automated compliance enforcement 2. User is configuring...

Versionv1.0.0
Downloads312
TERMINAL
clawhub install pilot-compliance-governance-setup

📖 About This Skill


name: pilot-compliance-governance-setup description: > Deploy a compliance and governance system with 4 agents.

Use this skill when: 1. User wants to set up automated compliance enforcement 2. User is configuring a policy engine, auditor, certifier, or reporter agent 3. User asks about governance rules, audit trails, or compliance certification

Do NOT use this skill when: - User wants a single audit log (use pilot-audit-log instead) - User wants to issue a single certificate (use pilot-certificate instead) tags: - pilot-protocol - setup - compliance - governance license: AGPL-3.0 metadata: author: vulture-labs version: "1.0" openclaw: requires: bins: - pilotctl - clawhub homepage: https://pilotprotocol.network allowed-tools: - Bash


Compliance & Governance Setup

Deploy 4 agents: policy engine, auditor, certifier, and reporter.

Roles

| Role | Hostname | Skills | Purpose | |------|----------|--------|---------| | policy-engine | -policy | pilot-event-filter, pilot-sla, pilot-workflow, pilot-task-chain | Evaluates governance rules | | auditor | -auditor | pilot-audit-log, pilot-verify, pilot-event-log, pilot-cron | Tamper-evident audit trail | | certifier | -certifier | pilot-certificate, pilot-keychain, pilot-verify, pilot-receipt | Issues compliance certificates | | reporter | -reporter | pilot-metrics, pilot-webhook-bridge, pilot-slack-bridge, pilot-archive | Generates compliance reports |

Setup Procedure

Step 1: Ask the user which role and prefix.

Step 2: Install skills:

# policy-engine:
clawhub install pilot-event-filter pilot-sla pilot-workflow pilot-task-chain

auditor:

clawhub install pilot-audit-log pilot-verify pilot-event-log pilot-cron

certifier:

clawhub install pilot-certificate pilot-keychain pilot-verify pilot-receipt

reporter:

clawhub install pilot-metrics pilot-webhook-bridge pilot-slack-bridge pilot-archive

Step 3: Set hostname and write manifest to ~/.pilot/setups/compliance-governance.json.

Step 4: Handshake: policy↔auditor, policy↔certifier, auditor↔reporter, certifier↔reporter.

Manifest Templates Per Role

policy-engine

{
  "setup": "compliance-governance", "role": "policy-engine", "role_name": "Policy Engine",
  "hostname": "-policy",
  "skills": {
    "pilot-event-filter": "Evaluate agent actions against governance rules.",
    "pilot-sla": "Enforce SLA policies and response deadlines.",
    "pilot-workflow": "Define multi-step compliance workflows.",
    "pilot-task-chain": "Chain policy checks sequentially."
  },
  "data_flows": [
    { "direction": "send", "peer": "-auditor", "port": 1002, "topic": "policy-violation", "description": "Violations for logging" },
    { "direction": "send", "peer": "-certifier", "port": 1002, "topic": "cert-request", "description": "Certification requests" }
  ],
  "handshakes_needed": ["-auditor", "-certifier"]
}

auditor

{
  "setup": "compliance-governance", "role": "auditor", "role_name": "Audit Trail",
  "hostname": "-auditor",
  "skills": {
    "pilot-audit-log": "Maintain tamper-evident, append-only audit logs.",
    "pilot-verify": "Run periodic integrity checks on logs.",
    "pilot-event-log": "Searchable event log of all agent actions.",
    "pilot-cron": "Schedule periodic audit sweeps."
  },
  "data_flows": [
    { "direction": "receive", "peer": "-policy", "port": 1002, "topic": "policy-violation", "description": "Violations" },
    { "direction": "send", "peer": "-reporter", "port": 1002, "topic": "audit-finding", "description": "Audit data for reports" }
  ],
  "handshakes_needed": ["-policy", "-reporter"]
}

certifier

{
  "setup": "compliance-governance", "role": "certifier", "role_name": "Compliance Certifier",
  "hostname": "-certifier",
  "skills": {
    "pilot-certificate": "Issue Ed25519-signed compliance certificates.",
    "pilot-keychain": "Manage signing keys with auto-expiry.",
    "pilot-verify": "Verify existing certificates.",
    "pilot-receipt": "Issue certification receipts."
  },
  "data_flows": [
    { "direction": "receive", "peer": "-policy", "port": 1002, "topic": "cert-request", "description": "Certification requests" },
    { "direction": "send", "peer": "-reporter", "port": 1002, "topic": "cert-issued", "description": "Certification records" }
  ],
  "handshakes_needed": ["-policy", "-reporter"]
}

reporter

{
  "setup": "compliance-governance", "role": "reporter", "role_name": "Compliance Reporter",
  "hostname": "-reporter",
  "skills": {
    "pilot-metrics": "Aggregate compliance metrics (violation rates, cert counts).",
    "pilot-webhook-bridge": "Forward reports to external systems.",
    "pilot-slack-bridge": "Post compliance summaries to Slack.",
    "pilot-archive": "Archive reports for retention."
  },
  "data_flows": [
    { "direction": "receive", "peer": "-auditor", "port": 1002, "topic": "audit-finding", "description": "Audit data" },
    { "direction": "receive", "peer": "-certifier", "port": 1002, "topic": "cert-issued", "description": "Certification records" }
  ],
  "handshakes_needed": ["-auditor", "-certifier"]
}

Data Flows

  • policy → auditor : policy violations (port 1002)
  • policy → certifier : certification requests (port 1002)
  • auditor → reporter : audit data for reports (port 1002)
  • certifier → reporter : certification records (port 1002)
  • Workflow Example

    # On policy-engine:
    pilotctl --json publish -auditor policy-violation '{"agent":"data-proc-3","action":"write_to_prod","severity":"high"}'
    pilotctl --json publish -certifier cert-request '{"agent":"data-proc-1","scope":"prod-write"}'
    

    On auditor:

    pilotctl --json publish -reporter audit-finding '{"finding_id":"AUD-721","violation":"unauthorized prod write"}'

    On certifier:

    pilotctl --json publish -reporter cert-issued '{"cert_id":"CERT-315","agent":"data-proc-1","scope":"prod-write"}'

    Dependencies

    Requires pilot-protocol skill, pilotctl binary, clawhub binary, and a running daemon.