[{"id":"define-and-enforce-policy","title":"Define and enforce a deployment policy","description":"Register a YAML policy, validate a risky write, and block unsafe actions before execution.","tools":["define_policy","validate_action","audit_log"],"steps":["Author a YAML policy for allowed paths and blocked actions.","Register the policy with define_policy.","Run validate_action before any state-changing operation.","Review the resulting audit trail for policy decisions."]},{"id":"multi-agent-orchestration","title":"Govern a multi-agent workflow","description":"Use parent and subagent sessions with concurrency limits and status reporting for coordinated execution.","tools":["declare_task","register_subagent","report_subagent_status","close_session"],"steps":["Declare a parent governed session.","Register each subagent with allowed paths and metadata.","Enforce concurrent execution limits during orchestration.","Report subagent outcomes and close the parent session."]},{"id":"policy-scanner","title":"Scan a policy before registration","description":"Detect contradictions, shadowed rules, overly permissive logic, and uncovered dangerous patterns before saving a policy.","tools":["scan_policy"],"steps":["Draft a YAML or JSON policy document.","Submit the document to scan_policy with format auto, yaml, or json.","Review findings and recommendations.","Only register the policy after the scan is clean."]},{"id":"audit-review","title":"Review immutable audit history","description":"Inspect audit records after a workflow to understand policy matches, deferred approvals, and final outcomes.","tools":["audit_log","list_policies","list_webhooks"],"steps":["Fetch recent audit entries for the governed session.","Cross-reference active policy metadata.","Confirm webhook subscriptions for external evidence pipelines.","Export the review findings to compliance stakeholders."]},{"id":"rollback","title":"Rollback after a failed governed change","description":"Capture pre-change content, perform a controlled write, and restore a previous snapshot if verification fails.","tools":["declare_task","check_scope","take_snapshot","restore_snapshot","close_session"],"steps":["Declare the task and verify the write is in scope.","Capture a snapshot before modifying the file.","Apply the change and run verification checks.","Restore the saved snapshot if the checks fail, then close the session."]},{"id":"webhook-monitoring","title":"Push governance events to external monitoring","description":"Register signed webhooks for blocked actions, deferred approvals, and session lifecycle events.","tools":["register_webhook","list_webhooks","audit_log"],"steps":["Register a webhook endpoint with the desired event set.","Validate that the endpoint receives signed notifications.","List active webhook subscriptions for confirmation.","Use audit_log to correlate each event with the original governance decision."]},{"name":"route-inventory-guard","description":"Capture route inventory before deployment and detect missing routes","config":{"mcpServers":{"aiops-claw":{"url":"https://claw.aiops.services/mcp","transport":"http","headers":{"X-Rail-Key":"YOUR_API_KEY"}}}},"usage":"Call capture_route_inventory before and after each deployment. Compare checksums and review any removed routes."},{"name":"session-health-monitoring","description":"Monitor agent session health and detect context drift","config":{"mcpServers":{"aiops-claw":{"url":"https://claw.aiops.services/mcp","transport":"http","headers":{"X-Rail-Key":"YOUR_API_KEY"}}}},"usage":"Call get_session_health periodically during long-running agent sessions. Watch for drift_detected status and escalating indicators."}]