Policy · v1.0.1 · last updated 2026-05-01
KeeperHub workflow strict guard
by sbo3l.eth
★ 0.89 medium reputation
KH live workflow m4t4cnpmhv8qquce3bv3c — 8/8 adversarial inputs fail-closed
- Framework
- keeperhub
- Risk class
- medium
- Rules
- 5
- Downloads
- 67
Description
Production-shaped policy for KeeperHub workflow execution. Allows only the agent's own pre-registered workflows; rejects unknown executionId prefixes. Used by the bounty submission live evidence.
Budget summary
10 workflow executions/day per-agent
Tags
keeperhubworkflowproductionbounty-submission
Adopt this policy
Pin the policy ID in your daemon's policy.toml:
[policy]
source = "sbo3l-marketplace"
id = "kh-workflow-strict"
version = "1.0.1"
trust = "by-reputation" # or "pinned-hash" for stricter integrity
Reload the daemon. On next request the runtime fetches the policy, verifies the
issuer signature, computes policy_snapshot_hash, and starts using
it. Every Passport capsule from that point on embeds the marketplace ID
+ version so consumers can re-derive the source.