Skills governance controls which declared agent skills can be invoked. It applies Arsenal-style policy to SKILLS.md files and runtime skill calls.

What it gates

DimensionWhat it controls
allow / denyWhether the skill can be invoked at all
rate limitMaximum invocations per sliding window
argument constraintsJSON Schema validation of invocation arguments
time windowsUTC hours and weekdays when invocation is allowed
consentHuman approval requirements for high-risk skills
audit levelNo audit, hash-only audit, or full payload audit

Policy example

version: 1
agent: did:oas:l1fe:agent:frontend-bot
skills:
  frontend-design:
    allow: true
    rate_limit:
      window: 1h
      max: 10
    audit_level: hash
  deploy-production:
    allow: true
    require_consent: true
    audit_level: full
default:
  allow: false

Runtime use

const skills = agent.skillsPolicy();

if (skills.canInvoke('frontend-design')) {
  await runFrontendDesign();
}

skills.assertCanInvoke('deploy-production');

Audit receipts

Recorded invocations append immutable receipts to a BLAKE3 hash chain. hash audit mode records safe metadata and a payload hash. full audit mode records the argument payload for high-sensitivity forensic workflows.

Relationship to Arsenal

Skills governance is not a separate security primitive. It is an Arsenal policy specialization for “which skill may this agent invoke right now?”