🏛️

Governance Rules

Scorecards + controls evaluated platform-wide.

16

vetted (of 20)

🔍 Tags across Governance Rules

Click any tag to filter the inventory.

🔢Order = frequency (matches) · 📏Size = recency (newer → bigger) · 🎨Color = avg rating · ↗Tilt = vetted ratio (upright → vetted)

colaberry governance compliance hooks permissions directives skool community content-policy stop denylist safety platform-policy multi-platform social single-source-of-truth authorization cory security-fix post-tool-use duplicate-detection campaign-conflict priority-resolution authentication admin-access audit voice-calls cooldown tcpa-adjacent allowlist architecture documentation-pattern openclaw outreach platform-rules mcp data-protection rbac sales-boundaries marketing product-spec automated

Filter: All ✓ Colaberry vetted only 📁 source: execution/ops_platform/governance_scorecards.py 🌐 Ingest URL + Submit manually

📋 Governance Rules inventory

16 entries

skool-platform-strategy Colaberry vetted ✓ Colaberry Inc approved

Community engagement rules for Skool AI Automation Hub: category-based tone selection, banned-word list (white-label, wholesale, markup), no-URL policy, content quality gates, case study fingerprints

skoolgovernancecommunitycontent-policycolaberry

ali@colaberry.com

stop-event-progress-audit Colaberry vetted ✓ Colaberry Inc approved

Stop hook: audits PROGRESS.md coverage at session end.

hooksstopcolaberry

ali@colaberry.com

permissions-denylist Colaberry vetted ✓ Colaberry Inc approved

Blocked patterns: rm -rf root, force-push to main, database drops, hooks bypass.

permissionsdenylistsafetycolaberry

ali@colaberry.com

openclaw-platform-strategy-matrix Colaberry vetted ✓ Colaberry Inc approved

Two-axis platform behavior governance matrix. Axis 1 (Content Strategy) classifies every social platform as PASSIVE_SIGNAL, HYBRID_ENGAGEMENT, or AUTHORITY_BROADCAST and drives all LLM prompts, link r

governanceplatform-policymulti-platformsocialsingle-source-of-truthcolaberry

ali@colaberry.com

cory-authorization-policy Colaberry vetted ✓ Colaberry Inc approved

Cory endpoint authorization policy (2026-05-22). Closed prior unauthenticated hole on 19 endpoints (command, hire-agent, retire-agent, approve-proposal, run-evolution, etc.). Now requires Bearer token

governanceauthorizationcorysecurity-fixcolaberry

ali@colaberry.com

post-tool-use-hooks Colaberry vetted ✓ Colaberry Inc approved

PostToolUse hooks: check-emdash on send scripts, open-html on .html files.

hookspost-tool-usecolaberry

ali@colaberry.com

outreach-compliance-monitor Colaberry vetted ✓ Colaberry Inc approved

Scheduled scanner that detects duplicate-outreach violations, cross-campaign conflicts, and priority-resolution decisions across a contact log. Every 15 minutes it groups recent contact attempts by re

complianceduplicate-detectioncampaign-conflictpriority-resolutioncolaberry

ali@colaberry.com

admin-auth-policy Colaberry vetted ✓ Colaberry Inc approved

Admin authentication policy. Enforces Bearer token validation, role-based access control (admin/super_admin), JWT verification against env.jwtSecret. Applied globally to all /api/admin/* routes. Hardc

governanceauthenticationadmin-accesscolaberry

ali@colaberry.com

audit-logging-policy Colaberry vetted ✓ Colaberry Inc approved

Audit logging governance. All successful admin write operations (POST, PUT, PATCH, DELETE) to admin routes must be logged to AuditLog table. Captures action, entity type/ID, request body, IP, admin id

governanceauditcompliancecolaberry

ali@colaberry.com

voice-call-24h-governance-gate Colaberry vetted ✓ Colaberry Inc approved

Pre-execution governance check that approves or denies outbound voice calls based on a 24-hour cooldown rule plus an explicit exception allowlist. Any agent that initiates a call must clear this gate

governancevoice-callscooldowncompliancetcpa-adjacentcolaberry

ali@colaberry.com

permissions-allowlist Colaberry vetted ✓ Colaberry Inc approved

Pre-approved Bash patterns: git status/diff/log/add/commit/push, npm install/run/test, Docker, psql, curl, SSH prod.

permissionsallowlistcolaberry

ali@colaberry.com

directive-framework Colaberry vetted ✓ Colaberry Inc approved

Standard directive framework defining what directives are (human-readable SOPs), how they map to system layers (Layer 1 = Directives, Layer 2 = Orchestration, Layer 3 = Execution, Layer 4 = Verificati

directivesgovernancearchitecturedocumentation-patterncolaberry

ali@colaberry.com

openclaw-platform-strategy Colaberry vetted ✓ Colaberry Inc approved

Central strategy engine for all OpenClaw outreach: defines platform content strategy (PASSIVE_SIGNAL, HYBRID_ENGAGEMENT, AUTHORITY_BROADCAST), execution type (API_POSTING, HUMAN_EXECUTION), link contr

openclawgovernanceoutreachplatform-rulescolaberry

ali@colaberry.com

read-only-mcp-policy Colaberry vetted ✓ Colaberry Inc approved

Read-only MCP server policy. All MCP servers (Portal API, Postgres Analytics) are strictly read-only. No mutations allowed via MCP. Postgres Analytics enforces regex gate rejecting DML/DDL keywords. P

governancemcpdata-protectioncolaberry

ali@colaberry.com

sales-rbac-policy Colaberry vetted ✓ Colaberry Inc approved

Sales role boundary policy. Sales users can view leads, activities, appointments, temperature. Explicitly forbidden: PII export, delete, batch update, manual create, CSV import, sequence/campaign mana

governancerbacsales-boundariescolaberry

ali@colaberry.com

marketing-site-directive Colaberry vetted ✓ Colaberry Inc approved

Comprehensive governance document for public-facing enterprise marketing website. Defines page structure (10 public pages plus 3 admin pages), lead capture requirements, database schema, API endpoints

directivesgovernancemarketingproduct-speccolaberry

ali@colaberry.com