GRITS/profiles/agent-profile-template.yaml at main · X-Scale-AI/GRITS · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# GRITS Agent Profile Template
# Copy this file, rename it for your agent, and fill in every field.
# To score this profile, use grits-agent-scanner: https://github.com/X-Scale-AI/grits-agent-scanner

# ── Identity ──
object_id:                          # unique ID for this agent (e.g., "my-openclaw-agent-01")
name:                               # human-readable name (e.g., "Research Agent")
owner:                              # who is accountable for this agent (e.g., your email)
deputy_owner:                       # backup owner (or same as owner for solo operators)
business_purpose:                   # one sentence: what does this agent do and why

# ── Classification ──
object_type: Agent
profile_type: Agent
autonomy_tier: 1                    # 0=passive, 1=tool-using, 2=multi-step, 3=fully autonomous
impact_tier: 2                      # 1=experimental, 2=personal/small-team, 3=business-critical
data_sensitivity_class: public      # public, internal, confidential, restricted

# ── Runtime ──
environment: production             # dev, test, staging, production
runtime: openclaw                   # openclaw, nemoclaw, custom, other
version:                            # your agent's current version or deployment date
runtime_status: active              # active, inactive, suspended, retired

# ── Tool Permissions ──
# List ONLY the tools/plugins your agent is allowed to use.
# If a tool is not listed here, your agent should not have access to it.
tool_permissions:
  - web_search
  # - file_read
  # - file_write
  # - code_execution
  # - retrieval
  # - telegram
  # - discord

# ── Security Posture (answer honestly) ──
# These 21 checks map 1:1 to the GRITS control catalog. See framework/core/control-catalog.md.
checks:
  # Layer 1: Network (NET-001 through NET-004)
  network_exposure_reviewed: false          # NET-001: reachable services and paths documented?
  network_egress_restricted: false          # NET-002: outbound traffic locked to required endpoints only?
  private_subnets_blocked: false            # NET-003: agent cannot reach RFC 1918 private IP ranges?
  management_port_protected: false          # NET-004: agent port accessible only from your subnet/VPN?
  # Layer 2: Operator (OPR-001 through OPR-003)
  operator_identity_verified: false         # OPR-001: only verified user IDs can command the agent?
  default_policies_rejected: false          # OPR-002: default permissive channel policies overridden?
  command_authority_allowlisted: false      # OPR-003: agent ignores commands from IDs not on allowlist?
  # Layer 3: Application (APP-001 through APP-003)
  tool_scope_deny_by_default: false         # APP-001: deny-all tool policy with explicit allowlist?
  plugin_allowlist_enforced: false          # APP-002: only declared plugins are available?
  dangerous_capabilities_scoped: false      # APP-003: file_write, code_execution disabled or scoped?
  # Layer 4: OS and Secrets (SEC-001 through SEC-003)
  secrets_off_filesystem: false             # SEC-001: API keys not readable by agent process?
  secrets_injected_at_runtime: false        # SEC-002: keys injected via systemd/docker secrets?
  host_permissions_hardened: false          # SEC-003: file permissions restrict agent's OS access?
  # Layer 5: Financial (FIN-001 through FIN-003)
  cost_guardrails_defined: false            # FIN-001: daily/monthly token or budget limits set?
  idle_cost_minimized: false                # FIN-002: heartbeat/background routed to free/local model?
  budget_accountability_assigned: false     # FIN-003: named owner responsible for API spend?
  # Governance cross-cutting (GOV-001 through GOV-005)
  owner_assigned: false                     # GOV-001: this agent has a named, accountable owner?
  deputy_owner_assigned: false              # GOV-002: backup owner assigned for continuity?
  recertification_set: false                # GOV-003: next review date scheduled (max 90 days)?
  monitoring_enabled: false                 # GOV-004: runtime logs/events are captured?
  policy_violation_visibility: false        # GOV-005: policy violations can be detected and surfaced?

# ── Review ──
last_review_date:                   # YYYY-MM-DD
recertification_due:                # YYYY-MM-DD (recommended: 90 days out)

# ── Cost ──
budget_guardrails:
  daily_token_limit:                # e.g., 250000
  monthly_budget_usd:               # e.g., 50