ClawHub

Isolated Multi-Agent Control Plane

v0.1.2

Production-ready multi-agent architecture kit for OpenClaw. Provides isolated per-agent workspaces, control-plane orchestration, structured task lifecycle, c...

0· 315·0 current·0 all-time
by@delibrately-cmyk
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe a local multi-agent control plane and the bundle contains templates and local CLI tooling (mailboxctl.py, taskctl.py, install script) that operate on a control-plane directory — this aligns with the stated purpose.
Instruction Scope
Runtime instructions only ask the user to copy the blueprint to a target path and run local Python scripts. The scripts operate solely on files under the installed control-plane tree and write audit events to events.jsonl. Important caveat: role/auth enforcement is convention-based (CLI arguments like --actor) and not cryptographically enforced — anyone with filesystem access or the ability to run the scripts can supply arbitrary actor values and modify files. The blueprint expects OS-level permissions / operational controls to enforce the policy.
Install Mechanism
No external downloads or package installs; install_blueprint.sh copies bundled assets into a user-specified target directory and makes scripts executable. This is low-risk from a supply-chain perspective, but the install script will write into whatever target path you provide (so installing into system directories could overwrite files if misused).
Credentials
The skill declares no environment variables or secrets and the code does not access external credentials. All operations are local filesystem reads/writes under the control-plane root; requested access is proportionate to the stated local control-plane functionality.
Persistence & Privilege
always:false and normal autonomous invocation defaults apply. The skill does not attempt to modify other skills or system-wide agent settings. Its persistence is limited to files it installs/creates under the chosen target directory.
Assessment
This blueprint appears coherent and local-only, but review these points before installing: - Installation writes the blueprint into whatever path you pass to scripts/install_blueprint.sh; do not run it as root or point it at system directories unless you intend to overwrite files. - Security is enforced by file-system layout and operational rules, not by cryptographic authentication: mailboxctl and taskctl accept an --actor parameter and will trust it. Ensure the control-plane directory has strict OS-level permissions and is only writable/executable by authorized accounts or run the tools under a confined service account. - The event log (control-plane/logs/events.jsonl) is append-only in design, but the scripts assume the logs directory exists and that directory permissions prevent tampering; create and protect it before use. - Test the blueprint in an isolated environment first to verify behavior (task/mailbox transitions, GC, archive behavior) and to confirm the access controls meet your needs. - If you need stronger guarantees (non-repudiation, authenticated actions), add process-level checks (e.g., verify invoking user UID, require signed request tokens, or run services behind an authenticated daemon) rather than relying on the --actor CLI argument. If you want, I can point out specific code lines where actor/identity is only string-checked and suggest concrete hardening changes.

Like a lobster shell, security has layers — review code before you run it.

latestvk974kh83nbxhnhkab5n5hxwvf5820zk9
315downloads
0stars
3versions
Updated 1mo ago
v0.1.2
MIT-0
@delibrately-cmyk
latest
Download

Cerberus Multi-Agent Control Plane

A professional blueprint for building, operating, and governing local multi-agent teams in OpenClaw. It ships a hardened protocol stack for role isolation, task orchestration, asynchronous handoffs, and auditability.

Quick Start

  1. Install blueprint into target path:
    • bash scripts/install_blueprint.sh /path/to/your/system
  2. Verify task board:
    • python3 /path/to/your/system/scripts/taskctl.py list
  3. Verify mailbox:
    • send: python3 /path/to/your/system/scripts/mailboxctl.py send --task-id TSK-000 --sender team-lead --receiver coder --correlation-id CORR-001 --body "ACK protocol"
    • ack: python3 /path/to/your/system/scripts/mailboxctl.py status --message-id MSG-0001 --to ACK --actor coder

What This Blueprint Provides

  • Strict workspace isolation per agent (agents/*/workspace)
  • Unified control plane (control-plane/tasks, control-plane/mailbox, control-plane/logs)
  • Task state machine tooling (taskctl.py)
  • Mailbox protocol tooling with checksum and GC (mailboxctl.py)
  • Shared memory layer under control plane (control-plane/shared-memory)

Core Rules (must enforce)

  1. Never use shared agent workspaces.
  2. Use only control-plane/mailbox for agent-to-agent messaging.
  3. Team Lead is sole mailbox garbage-collection authority.
  4. Deploy actions require explicit human approval artifacts.

References

  • Read references/operations-checklist.md for rollout and audit checks.
  • Read assets/blueprint/docs/protocol-v1.md for protocol details.

Comments

Loading comments...