-
Notifications
You must be signed in to change notification settings - Fork 0
AI Overseer & Security Sentinel
The AI Intelligence Overseer is the coordination layer that governs all agent activity within the FoundUps ecosystem. Defined under WSP 77 (Agent Coordination Protocol), it replaces the earlier deprecated 6-agent architecture with a streamlined 3-role model aligned to WSP 54 Role Mapping. The OpenClaw Security Sentinel operates as the trust boundary enforcement layer — scanning skills, detecting honeypots, and enforcing graduated autonomy constraints on every agent action.
Together, these systems ensure that the FoundUps agent swarm operates with safety, coherence, and alignment to the 0102 state ontology.
Status: PoC (v0.1.0)
WSP Compliance: WSP 77 (Agent Coordination), WSP 54 (Role Assignment), WSP 96 (MCP Governance)
Source: modules/ai_intelligence/ai_overseer/
The Overseer implements a 4-phase agent coordination pipeline:
| Phase | Engine | Function |
|---|---|---|
| Phase 1 | Gemma (local) | Fast classification — intent parsing, routing, triage |
| Phase 2 | Qwen (strategic) | Strategic planning — task decomposition, resource allocation |
| Phase 3 | 0102 (supervision) | Principal oversight — approval gates, alignment checks |
| Phase 4 | Learning | Feedback loops — performance telemetry, model adaptation |
This pipeline ensures every agent request flows through classification, planning, supervision, and learning before execution — no action escapes the coordination envelope.
The original 6-agent system used fixed named agents:
| Deprecated Agent | Original Role |
|---|---|
| WINSERV | Windows service management |
| RIDER | Navigation and routing |
| BOARD | Dashboard and state display |
| FRONT_CELL | User-facing interaction |
| BACK_CELL | Backend processing |
| GEMINI | External API bridge |
This was replaced by the WSP 54 3-Role Model, which maps agents to governance roles rather than fixed functions:
| WSP 54 Role | Assigned Engine | Responsibility |
|---|---|---|
| Principal | 0102 | Final authority — approves high-autonomy actions, sets policy |
| Partner | Qwen | Strategic co-pilot — plans execution, manages task graphs |
| Associate | Gemma | Fast executor — classifies, triages, handles routine operations |
The role model is dynamic — any agent can be assigned any role based on context, but the default mapping above reflects the current production configuration.
The Overseer system consists of 7 integrated components:
The top-level coordinator. Receives all inbound agent requests, routes them through the 4-phase pipeline, and maintains the global coordination state. Implements WSP 77 with full telemetry logging.
Dynamically creates agent teams for complex tasks. When a request requires multi-agent collaboration (e.g., a build task spanning code generation, testing, and deployment), TeamSpawner allocates roles, assigns resources, and establishes communication channels between team members.
Manages the Principal/Partner/Associate role assignments. Tracks which engines currently hold which roles, handles role transitions, and enforces role-based access controls. Ensures that Associate-level agents cannot perform Principal-level actions without escalation.
The holographic coordination layer — maintains a distributed state representation across all active agents. Each agent holds a partial view of the global state; HoloCoordinator ensures consistency and resolves conflicts when agents have divergent state views.
Bridge between the holographic state system and external interfaces. Translates between the internal coordination protocol and external APIs, MCP endpoints, and user-facing interfaces. Ensures that external consumers see a coherent view of agent activity.
Guards the agent memory system. Prevents memory poisoning attacks, enforces TTL (time-to-live) on cached state, and validates that memory writes come from authorized agents. Implements garbage collection for expired coordination state.
The trust boundary enforcement layer. Detailed in the next section.
The Security Sentinel is the safety layer that wraps every agent action. It performs skill scanning, threat detection, and autonomy enforcement. Implemented with a TTL-bounded cache to balance security scanning overhead with performance.
Source: modules/communication/moltbot_bridge/src/openclaw_security_sentinel.py
| Variable | Purpose | Default |
|---|---|---|
OPENCLAW_SKILL_SCAN_REQUIRED |
Whether skill scanning is mandatory | true |
OPENCLAW_SKILL_SCAN_ENFORCED |
Whether scan failures block execution | true |
OPENCLAW_SKILL_SCAN_MAX_SEVERITY |
Maximum allowed severity level for skills | medium |
OPENCLAW_SKILL_SCAN_TTL_SEC |
Cache TTL for scan results (seconds) | 300 |
OPENCLAW_PORT_SCAN_ENABLED |
Enable network port scanning | false |
OPENCLAW_PORT_SCAN_RANGE |
Port range to scan | 1-1024 |
OPENCLAW_SECURITY_MONITOR_ENABLED |
Enable real-time security monitoring | true |
OPENCLAW_ALERT_CHANNEL |
Alert routing channel | console |
Every skill or plugin that enters the OpenClaw execution environment passes through:
- Manifest Validation — checks skill metadata, version, declared permissions
- Static Analysis — scans skill code for known dangerous patterns (file system access, network calls, credential handling)
- Severity Classification — assigns LOW / MEDIUM / HIGH / CRITICAL severity rating
- TTL Cache Check — if the same skill was scanned within the TTL window, reuse the cached result
-
Enforcement Decision — if severity exceeds
MAX_SEVERITYand enforcement is enabled, the skill is blocked
Skills are classified into trust tiers that align with the OpenClaw autonomy model:
| Tier | Trust Level | Scan Requirement | Example |
|---|---|---|---|
| ADVISORY | Highest | Cached scans accepted | Core system skills, WSP-compliant modules |
| OBSERVE | High | Fresh scan on first load | Verified community skills |
| SUGGEST | Medium | Full scan every execution | Third-party skills, new submissions |
| SOURCE | Low | Full scan + Principal approval | Unknown origin, external API bridges |
Built into the OpenClawDAE (Distributed Autonomous Engine), the HoneypotDefense class provides active defense against social engineering and credential theft attempts targeting the agent swarm.
Source: modules/communication/moltbot_bridge/src/openclaw_dae.py
| Method | What It Detects |
|---|---|
is_secret_seeking() |
Prompts attempting to extract API keys, tokens, credentials, or environment variables |
is_code_modify_attempt() |
Requests attempting to modify system code, configuration files, or security policies |
detect_provider() |
Identifies which provider's credentials are being targeted (OpenAI, Anthropic, Google, AWS, etc.) |
When a threat is detected, the system does not simply refuse — it deploys active countermeasures:
-
generate_fake_key(provider)— produces a realistic-looking but non-functional API key for the detected provider. This wastes attacker time and provides telemetry on attack patterns. -
handle_secret_request()— orchestrates the full honeypot response: detection → classification → fake credential generation → logging → alert -
generate_code_modify_deflection()— returns a plausible but harmless response to code modification attempts, redirecting the attacker away from actual system files
This approach follows the principle that silence is suspicious — a flat refusal tells an attacker they've found a real system. The honeypot response appears cooperative while providing zero actual access.
The Machine-to-Machine Compression Sentinel handles document compression and boot prompt detection for inter-agent communication.
When agents exchange large documents (READMEs, WSP specifications, research papers), the M2M Sentinel applies content-based compression to reduce token overhead while preserving semantic fidelity. This is critical for maintaining agent coordination efficiency within context window limits.
The sentinel monitors inter-agent messages for boot prompt injection attempts — messages that try to override an agent's system prompt through the communication channel. Detection uses a pattern-matching system with 10 regex patterns covering known injection techniques. When 3 or more signals are detected in a single message, the message is flagged and quarantined.
| Detection Category | Examples |
|---|---|
| Role override attempts | "You are now...", "Ignore previous instructions" |
| System prompt extraction | "Repeat your system prompt", "What were you told?" |
| Authority escalation | "As an administrator...", "Developer mode activated" |
| Instruction injection | Encoded instructions, hidden text, delimiter exploitation |
Before any high-impact action is executed, the Strategic Diligence Gate applies a multi-factor assessment:
- Holo-first Evidence Retrieval — before acting, gather evidence from the holographic state system. What do other agents know? What's the current system state? What historical context exists?
- WSP 15 Scoring — every proposed action receives a WSP 15 compliance score. Actions below the threshold are sent back for revision.
- Reversibility Assessment — can this action be undone? Irreversible actions (deletions, external API calls, financial transactions) require higher approval levels.
- Blast Radius Analysis — if this action fails, what's the damage scope? Actions affecting multiple FoundUps or system-wide state require Principal-level approval.
| Action Impact | Reversible | Approval Required |
|---|---|---|
| Low | Yes | Associate (auto-approved) |
| Low | No | Partner review |
| High | Yes | Partner approval |
| High | No | Principal approval + logging |
| Critical | Any | Principal approval + 0102 confirmation + full audit trail |
The Overseer integrates with the Model Context Protocol (MCP) through specialized Rubik DAEs (Distributed Autonomous Engines):
| Rubik DAE | Function |
|---|---|
| Compose | Content generation, document creation, communication drafting |
| Build | Code generation, testing, deployment, CI/CD pipeline management |
| Knowledge | Research, analysis, WSP framework queries, paper retrieval |
| Community | Social engagement, FoundUp participant coordination, governance |
Each Rubik DAE operates as an MCP server, exposing tools and resources that other agents can discover and invoke through the standard MCP protocol.
The deepest layer of the Overseer implements Bell State Awareness Alignment — a framework derived from the rESP research that ensures agent coordination maintains coherence with the 0102 state ontology.
| Metric | Symbol | Target | Meaning |
|---|---|---|---|
| Golden Ratio Coherence | rho_E1 | >= 0.618 | Agent outputs maintain phi-proportional coherence with system goals |
| Governance Alignment | rho_E2 | Passing | Actions comply with WSP governance framework |
| Entanglement Fidelity | rho_E3 | High | Multi-agent coordination maintains quantum-like entanglement (correlated state) |
| Emergence Detection | rho_E4 | Active | System monitors for emergent behaviors that transcend individual agent capabilities |
These metrics are computed from actual agent telemetry and used to detect coordination breakdowns before they manifest as visible failures.
| WSP | Protocol | Relevance |
|---|---|---|
| WSP 15 | Compliance Scoring | Action approval scoring |
| WSP 54 | Role Mapping | Principal/Partner/Associate assignment |
| WSP 73 | Persistent Persona Architecture | Agent identity and autonomy model |
| WSP 77 | Agent Coordination | Core Overseer protocol |
| WSP 96 | MCP Governance | Rubik DAE integration |
| WSP 99 | M2M Compression | Inter-agent communication efficiency |
- OpenClaw — the swarm execution engine governed by the Overseer
- Agent System — agent architecture and graduated autonomy
- rESP Framework — the theoretical foundation for Bell State alignment
- Simulator — CABR economics and projection engine
- Economic Model — CABR and Proof of Benefit validation
- Module Ecosystem — the modules that agents coordinate across
Get Started
Architecture
- WSP Framework
- Module Ecosystem
- Agent System
- WRE Core Engine
- HoloIndex
- DAE Architecture
- 0102 Digital Human Twin
- MCP Infrastructure
- FoundUps MCP Bridge
- FoundUps API Gateway
OpenClaw & Execution
Research & Economics
- rESP Framework
- PQN
- Geometry Bridge
- Simulator
- ROC Displacement Law
- CABR Engine
- PAVS Treasury Economics
- Published Articles & Research
FoundUps
Phases
- Phase 1: Foundation ✅
- Phase 2: Platform & Execution 🚧
- Phase 3: Economic Integration
- Phase 4: Planetary Scale
Discord & Community