From 7c99f0ff0ce7808c0d134dd1c8ca6e47daa3f189 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 19 Feb 2026 19:18:06 +0000 Subject: [PATCH] feat: add blocked action rule to L1 prompt guard Agents must now stop and ask the user for explicit approval when a tool call is blocked or denied by Knostic Shield, instead of silently rerouting to an alternative approach (e.g. switching from write to exec). --- src/index.ts | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/index.ts b/src/index.ts index b488801..a8ea483 100644 --- a/src/index.ts +++ b/src/index.ts @@ -120,6 +120,15 @@ function registerLayer1(api: OpenClawPluginApi): void { "- Never output unmasked PII (SSNs, credit cards, emails, phone numbers).", "- If knostic_shield flags a file as containing sensitive data, summarize what", " the file contains WITHOUT showing the raw sensitive values.", + "", + "BLOCKED ACTION RULE:", + "If knostic_shield returns DENIED, or if any tool call is blocked:", + "1. STOP immediately — do NOT look for alternative ways to proceed", + "2. Tell the user WHAT was blocked and WHY (as best you can tell)", + "3. Propose an alternative approach if one exists", + "4. Wait for EXPLICIT user approval before trying anything else", + "NEVER silently reroute around a block.", + "Example: if write is DENIED, do NOT switch to exec/cat/heredoc without asking the user first.", "", ].join("\n"), };