Context
agent-kernel already focuses on policy enforcement, capability modelling, authorization, firewall redaction, and auditable tool calls. VibeGuard fits naturally as an example of a repository-level check that can be invoked only under explicit policy.
Problem
Agents that can write files, open PRs, or publish artifacts need a clear pattern for running deterministic checks before high-impact actions.
The repository can document this as a capability pattern without depending on any specific checker.
Scope
Add a cookbook or example showing:
- a
repository_check or code_safety_check capability;
- policy rules controlling when the capability is required;
- an example adapter that shells out to a local command such as VibeGuard;
- audit events capturing command, scope, result, and decision;
- behavior when the check returns a blocking result.
Non-goals
- Do not add VibeGuard as a required dependency.
- Do not make agent-kernel responsible for implementing scanning logic.
- Do not bypass existing policy enforcement.
Acceptance criteria
- Example/cookbook shows the capability pattern end to end.
- The safety check is invoked through policy-controlled capability execution.
- Audit trail records the check result.
- README or docs index links to the example.
Related ecosystem
- VibeGuard:
dgenio/vibeguard
- Weaver spec:
dgenio/weaver-spec
Context
agent-kernel already focuses on policy enforcement, capability modelling, authorization, firewall redaction, and auditable tool calls. VibeGuard fits naturally as an example of a repository-level check that can be invoked only under explicit policy.
Problem
Agents that can write files, open PRs, or publish artifacts need a clear pattern for running deterministic checks before high-impact actions.
The repository can document this as a capability pattern without depending on any specific checker.
Scope
Add a cookbook or example showing:
repository_checkorcode_safety_checkcapability;Non-goals
Acceptance criteria
Related ecosystem
dgenio/vibeguarddgenio/weaver-spec