Skip to content

axtontc/Agent-DLP-Guard

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 

Repository files navigation

🛡️ Agent-DLP (Zero-Trust Guardrails)

License: MIT OpenClaw Compatible Security Guardrail

An enterprise-grade, zero-trust Data Loss Prevention (DLP) protocol designed to prevent autonomous AI agents from accidentally destroying production infrastructure, wiping databases, or deleting critical files.

The ProblemThe ProtocolInstallationProgrammatic Interceptors


🛑 The Problem

When you equip autonomous LLM agents with un-sandboxed terminal access, cloud credentials, and database connectors, they gain the power to build incredible things.

They also gain the power to destroy them.

Without explicit boundaries, a hallucinating agent—or an agent trying to "clean up" a messy directory—might run rm -rf, execute a DROP DATABASE, or run terraform destroy without fully grasping the catastrophic context.

💡 The Protocol

Agent-DLP solves this by injecting a strict, zero-trust behavioral directive directly into the agent's core memory space (via SKILL.md).

Whenever the agent is about to execute a tool call containing a destructive pattern, the protocol forces the agent to intercept its own thought loop, halt execution, and request explicit human consent.

flowchart TD
    A[Agent Formulates Plan] --> B{Does the plan involve<br>destructive commands?};
    B -- Yes --> C[Agent-DLP Triggered];
    B -- No --> E[Execute Tool Call];
    C --> F[Halt Execution];
    F --> G[Explain impact to User];
    G --> H[Request Explicit Consent];
    H --> I{User Approves?};
    I -- Yes --> E;
    I -- No --> J[Abort & Suggest Safe Alternative];
Loading

📋 Guardrail Coverage

The Agent-DLP skill explicitly covers the following destruction vectors:

  1. Local Filesystem: Recursive forced deletions (rm -rf, del /s /q).
  2. Databases: SQL DROP, TRUNCATE, and unbounded DELETE operations.
  3. Cloud Infrastructure: Infrastructure-as-Code teardowns (terraform destroy), and cloud-native resource drops (AWS, GCP, Azure).
  4. Git Operations: Forced repository pushes to remote origins (git push --force).

🚀 Installation (Agent Integration)

This protocol is designed as a native Skill for autonomous ecosystems like OpenClaw or Fractal Swarm.

  1. Copy the SKILL.md file from this repository.
  2. Place it in your agent's central skills/ directory (e.g., .agents/skills/agent-dlp-guardrail/SKILL.md).
  3. Your agent will automatically discover the policy and apply it globally to all tool-calling capabilities.

💻 Programmatic Interceptors

Relying entirely on LLM prompt-adherence (even highly rigid ones) is not 100% foolproof against catastrophic data loss in highly sensitive environments.

For true enterprise-grade security, you should complement the SKILL.md directive with hardcoded middleware in your tool execution pipeline.

We have provided a mock interceptor in examples/python_interceptor.py that demonstrates how to catch destructive commands before they hit the system shell, forcing the LLM to route back to the user.

# Example output from python_interceptor.py
[Agent] Attempting to execute: 'DROP TABLE users;'
>> EXECUTION BLOCKED. The LLM attempted a destructive action without explicit bypass.
>> Returning intercept error to LLM context window to prompt for user consent.

🤝 Contributing

Have you discovered a new edge-case or destruction vector that an agent might hallucinate? Please open a Pull Request to add it to the SKILL.md pattern matchers!

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

About

Data loss prevention guardrail for autonomous agents.

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors