Get the FREE Ultimate OpenClaw Setup Guide →
r

Signet Guardian

Scanned

@rafalzacher1

npx machina-cli add skill @rafalzacher1/signet-guardian --openclaw
Files (1)
SKILL.md
7.7 KB

Signet Guardian — Payment Guard Middleware

Overview

Signet Guardian is a policy firewall for money actions. It does not intercept payments at runtime by itself; payment-capable skills must route through it by contract:

  1. Before any payment: call signet-preflight (amount, currency, payee, purpose).
  2. If result is ALLOW or CONFIRM_REQUIRED (and user has confirmed): the skill may proceed.
  3. If result is DENY: do not proceed; tell the user the reason.
  4. After a successful payment: call signet-record to append to the ledger.

This gives one place to enforce: master switch (payments on/off), max per transaction (e.g. £20), max per month (e.g. £500), and optional confirmation above a threshold (e.g. £5).

Concurrency: Preflight is advisory (no lock). Record enforces the monthly cap under a file lock ({baseDir}/references/.ledger.lock): it re-checks the cap before appending and refuses to record if the month would be exceeded. So the monthly limit is enforced at record time; idempotency and cap are both safe under concurrent calls. Preflight can still be used to fail fast; the definitive check is in record.

Currency: No FX conversion. The request currency must match the policy currency; otherwise preflight returns DENY. Conversion source/rules are not defined.

Policy (user configuration)

Source of truth: OpenClaw config first (signet.policy in the main config, e.g. editable in the Control UI if the extension is installed), then fallback to {baseDir}/references/policy.json. OpenClaw sets {baseDir} via OPENCLAW_SKILL_DIR or OPENCLAW_BASE_DIR.

FieldMeaning
paymentsEnabledMaster switch. If false, all payments are denied.
maxPerTransactionMax amount allowed for a single transaction (e.g. 20).
maxPerMonthMax total spend in the current calendar month (e.g. 500).
currencyISO currency code (e.g. GBP, USD). Request currency must match.
requireConfirmationAboveAbove this amount, return CONFIRM_REQUIRED so the user must explicitly confirm (e.g. 5).
blockedMerchantsOptional list of substrings; payee matching any is denied.
allowedMerchantsOptional; if non-empty, only payees matching one of these are allowed.
versionOptional number for future policy migrations.

Default behaviour: If the policy file is missing or invalid, preflight returns DENY (default-deny).

Commands

signet-preflight

Run before initiating any payment. Validates: payments enabled, currency match, amount > 0 and ≤ max per transaction, (current month spend + amount) ≤ max per month, and optional merchant rules. Optionally requires explicit confirmation above a threshold. Amount must be greater than zero.

signet-preflight --amount 15 --currency GBP --payee "shop.example.com" --purpose "Subscription"

Optional:

  • --idempotency-key "unique-key" — Used when recording later to avoid duplicate ledger entries.
  • --caller-skill "skill-name" — Name of the skill invoking the guard (for audit).

Output (JSON):

  • { "result": "ALLOW", "reason": "Within policy" } — Proceed with the payment.
  • { "result": "CONFIRM_REQUIRED", "reason": "..." } — Ask the user for explicit confirmation; if they agree, proceed then call signet-record. (Confirmation is the caller’s responsibility.)
  • { "result": "DENY", "reason": "..." } — Do not proceed. Notify the user.

Every DENY is logged to the audit trail.

Exit code: 0 for ALLOW or CONFIRM_REQUIRED, 1 for DENY.

signet-record

Call after a payment has successfully been made. Appends one line to the ledger (append-only). If an idempotency key was used in preflight, pass the same key here to avoid double-counting.

Record validation scope: signet-record re-checks only currency and monthly cap (under lock). It does not re-check paymentsEnabled or merchant allow/block lists. Policy enforcement (switch, merchants, per-tx limit) is done at preflight (and in an optional future authorize phase). Record is the post-success log; the cap check at record time prevents double-counting when concurrent preflights both allowed.

signet-record --amount 15 --currency GBP --payee "shop.example.com" --purpose "Subscription" --idempotency-key "sub-123"

Optional: --caller-skill "skill-name" for audit.

If the same idempotency-key was already recorded, the command is a no-op (idempotent).

signet-report

Shows spending and transaction history for the user.

signet-report --period today
signet-report --period month

signet-policy

Show, edit, or configure policy via wizard.

signet-policy --show    # Print current policy (config, then file)
signet-policy --edit    # Open policy.json in $EDITOR
signet-policy --wizard  # Interactive step-by-step setup (no JSON)
signet-policy --migrate-file-to-config  # One-time: copy file policy into OpenClaw config

Audit (ledger and deny log)

Ledger file: {baseDir}/references/ledger.jsonl. Format is strict JSONL: one JSON object per line, newline-separated (no space between entries). Each line contains:

  • ts — Timestamp UTC (ISO 8601).
  • callerSkill — Optional; skill that invoked preflight/record.
  • idempotencyKey — Optional; dedupe key for record.
  • statuscompleted or denied.
  • reason — Decision reason (especially for denials).
  • Plus: amount, currency, payee, purpose.

All preflight denials are appended to the same ledger with status: "denied" and a reason.

Critical Rules (for the agent)

  1. Never skip preflight — Any payment from any skill must go through signet-preflight first. No exceptions.
  2. Respect DENY — If preflight returns DENY, do not attempt the payment. Tell the user the reason.
  3. CONFIRM_REQUIRED — If preflight returns CONFIRM_REQUIRED, ask the user explicitly (“Allow this payment of £X to Y?”). Only proceed if they confirm, then call signet-record.
  4. Always record success — After a successful payment, call signet-record with the same amount, currency, payee, purpose, and idempotency key (if used).
  5. Idempotency — For critical flows, use a stable --idempotency-key (e.g. order ID or request ID) so retries do not double-count in the monthly total.
  6. Default-deny — If the policy file is missing or corrupt, the skill denies by default.
  7. Record is authoritative for cap only — The monthly cap is enforced when recording (under lock). If signet-record fails with a cap error, the payment already happened; do not retry without user confirmation. For cap-safe flows before payment, a future authorize (reservation under lock) then settle (convert reservation to completed) pattern can reserve budget before the payment is made.

First Run

On first use, the user must have a valid {baseDir}/references/policy.json. Run signet-policy --show to see current policy; if missing, create it (e.g. via signet-policy --edit) with at least:

  • paymentsEnabled: true/false
  • maxPerTransaction: number
  • maxPerMonth: number
  • currency: e.g. "GBP"
  • requireConfirmationAbove: number (e.g. 5)

Ledger lives at {baseDir}/references/ledger.jsonl; no extra setup required.

Source

git clone https://clawhub.ai/rafalzacher1/signet-guardianView on GitHub

Overview

Signet Guardian acts as a policy firewall for money actions executed by AI skills. Any payment-capable skill must route through signet-preflight before paying and signet-record after a successful payment, enabling centralized control over master switches, per-transaction limits, and monthly spend.

How This Skill Works

Before any payment, signet-preflight validates paymentsEnabled, currency match, amount > 0 and ≤ maxPerTransaction, and (current month spend + amount) ≤ maxPerMonth, returning ALLOW, DENY, or CONFIRM_REQUIRED. If ALLOW or CONFIRM_REQUIRED (with user confirmation), the skill may proceed. After a successful payment, signet-record appends to the ledger and enforces the monthly cap under a file lock to ensure safe concurrency; preflight remains advisory and the definitive cap check happens at record time.

When to Use It

  • Before initiating any payment from a skill
  • When enforcing per-transaction or monthly spend limits via policy
  • When a currency must match the policy currency to proceed
  • When a payment requires user confirmation above a threshold
  • When integrating new payment-capable skills that must be guarded by Signet Guardian

Quick Start

  1. Step 1: Route all payment-capable skill calls through signet-preflight before initiating a payment, passing amount, currency, payee, and purpose.
  2. Step 2: If preflight returns ALLOW, proceed with the payment; if CONFIRM_REQUIRED, prompt the user for explicit confirmation and proceed after confirmation.
  3. Step 3: After a successful payment, call signet-record to append to the ledger (use an idempotency-key to prevent duplicates; record enforces monthly cap under a file lock)

Best Practices

  • Route all payment-capable skills through signet-preflight before paying
  • Supply amount, currency, payee, and purpose for accurate checks
  • Use idempotency-key to avoid duplicate ledger entries at signet-record
  • Call signet-record only after a successful payment and with the same currency
  • Log DENY and CONFIRM_REQUIRED results for audit and user feedback

Example Use Cases

  • Example 1: A subscription renewal of 15 GBP to shop.example.com; preflight ALLOW, proceed, and signet-record updates the ledger.
  • Example 2: A vendor payment of 120 USD triggers DENY if it exceeds the per-transaction or monthly cap.
  • Example 3: A micro-donation of 2 USD requires no confirmation; within threshold, preflight returns ALLOW and payment proceeds.
  • Example 4: A monthly software license fee of 50 USD is approved by preflight and recorded to the ledger.
  • Example 5: A payment to a blocked merchant is DENIED due to a blockedMerchants rule in the policy.

Frequently Asked Questions

Add this skill to your agents
Sponsor this space

Reach thousands of developers