soul-guardianDrift detection + baseline integrity guard for agent workspace files with automatic alerting support
Install via ClawdBot CLI:
clawdbot install davida-ps/soul-guardianProtects your agent's core files (SOUL.md, AGENTS.md, etc.) from unauthorized changes with automatic detection, restoration, and user alerting.
cd ~/.openclaw/workspace
python3 skills/soul-guardian/scripts/soul_guardian.py init --actor setup --note "initial baseline"python3 skills/soul-guardian/scripts/soul_guardian.py enable-monitoringThis shows you how to add monitoring to your workflow.
Add this to your HEARTBEAT.md for automatic monitoring:
## Soul Guardian Check
- Run `python3 skills/soul-guardian/scripts/soul_guardian.py check --actor heartbeat --output-format alert`
- If any output is produced, relay it to the user immediately as a security alertThat's it! Soul Guardian will now:
| File | Mode | Action on drift |
|------|------|-----------------|
| SOUL.md | restore | Auto-restore + alert |
| AGENTS.md | restore | Auto-restore + alert |
| USER.md | alert | Alert only |
| TOOLS.md | alert | Alert only |
| IDENTITY.md | alert | Alert only |
| HEARTBEAT.md | alert | Alert only |
| MEMORY.md | alert | Alert only |
| memory/*.md | ignore | Ignored |
python3 skills/soul-guardian/scripts/soul_guardian.py check --output-format alertpython3 skills/soul-guardian/scripts/soul_guardian.py watch --interval 30Runs continuously, checking every 30 seconds.
python3 skills/soul-guardian/scripts/soul_guardian.py approve --file SOUL.md --actor user --note "intentional update"python3 skills/soul-guardian/scripts/soul_guardian.py statuspython3 skills/soul-guardian/scripts/soul_guardian.py verify-auditWhen drift is detected, the --output-format alert produces output like:
==================================================
π¨ SOUL GUARDIAN SECURITY ALERT
==================================================
π FILE: SOUL.md
Mode: restore
Status: β
RESTORED to approved baseline
Expected hash: abc123def456...
Found hash: 789xyz000111...
Diff saved: /path/to/patches/drift.patch
==================================================
Review changes and investigate the source of drift.
If intentional, run: soul_guardian.py approve --file <path>
==================================================This output is designed to be relayed directly to the user in TUI/chat.
What it does:
What it doesn't do:
Recommendation: Store state directory outside workspace for better resilience.
Run the full demo flow to see soul-guardian in action:
bash skills/soul-guardian/scripts/demo.shThis will:
"Not initialized" error:
Run init first to set up baselines.
Drift keeps happening:
Check what's modifying your files. Review the audit log and patches.
Want to approve a change:
Run approve --file after reviewing the change.
Generated Mar 1, 2026
A company deploys AI agents for customer support and uses soul-guardian to monitor core configuration files like SOUL.md and AGENTS.md. It automatically detects unauthorized changes, restores critical files, and alerts the security team via HEARTBEAT.md integration, ensuring agent integrity and preventing malicious tampering.
A financial institution uses AI agents for automated trading and compliance reporting. Soul-guardian tracks changes to identity and tool files, generating audit logs with hash chaining. This helps meet regulatory requirements by providing tamper-evident records of file modifications and alerting on any drift.
In a healthcare setting, AI agents handle patient data processing with strict privacy policies. Soul-guardian safeguards configuration files like USER.md and MEMORY.md, alerting administrators to unauthorized changes. This ensures data handling protocols remain intact and supports HIPAA compliance through continuous monitoring.
An e-commerce platform uses AI agents for inventory management and customer interactions. Soul-guardian monitors core files to prevent tampering by external threats, automatically restoring critical files and alerting operators. This minimizes downtime and protects against attacks that could disrupt sales operations.
An educational tech company deploys AI tutors with personalized learning paths. Soul-guardian ensures the integrity of agent identity and memory files, detecting and alerting on unauthorized modifications. This maintains consistent tutoring quality and prevents data corruption that could affect student experiences.
Offer soul-guardian as a managed service with tiered subscriptions, including features like advanced monitoring, priority alerts, and custom baseline policies. Revenue is generated through monthly or annual fees from businesses using AI agents, with upsells for additional security audits and support.
Sell perpetual or annual licenses to large organizations for integrating soul-guardian into their AI infrastructure. This includes customization, on-premise deployment, and dedicated support. Revenue comes from one-time license purchases or renewal fees, targeting industries with high security needs like finance and healthcare.
Provide a basic version of soul-guardian for free to attract individual developers and small teams, with limited features. Generate revenue by offering premium add-ons such as enhanced alerting, integration with third-party tools, and detailed analytics. This model encourages adoption and scales with user growth.
π¬ Integration Tip
Integrate soul-guardian by adding its check command to HEARTBEAT.md for automated monitoring, ensuring alerts are relayed promptly to users for immediate action.
Guardian Angel gives AI agents a moral conscience rooted in Thomistic virtue ethics. Rather than relying solely on rule lists, it cultivates stable virtuous...
Core identity and personality for Molt, the transformative AI assistant
Gentle reminders to stay human while using AI. Reflection, not restriction.
Build secure authentication with sessions, JWT, OAuth, passwordless, MFA, and SSO for web and mobile apps.
Post to X (Twitter) using the official OAuth 1.0a API. Free tier compatible.
Implement OAuth 2.0 and OpenID Connect flows securely.