feat: after_tool_call → POST /audit (success-only evidence) + config resolution#12
Merged
Conversation
…resolution after_tool_call → /audit: - Claim evaluation_id from the correlation registry (miss → no POST; the pending evaluation expires server-side). Map status from event.error, plus duration_ms and result. - Success-only, config-driven evidence: per-tool rules with explicit array-segment paths extracted from event.result (a missing path skips the entry). - Observational/best-effort — never throws across the hook. Payload is serialization-safe (snapshot once → TOCTOU-free) and size-budgeted under the 1 MiB sideband limit (shed result → trim evidence → truncate, then omit, an oversized error), so a call that ran always finalizes its audit + counters. Config resolution: - parseConfig validates api.pluginConfig with zod; defaults mirror the manifest. Operator-configured evidence rules are now reachable in production. - Fail-closed on misconfig: invalid config or a missing adapter token registers blocking before_tool_call/before_install gates (and logs), rather than skipping registration — which would leave the tool surface ungoverned. 162 tests; typecheck and build clean.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements the
after_tool_call → POST /audithook (issue #11 Part B) and wires up operator config resolution so the evidence path is reachable in production.after_tool_call→/auditevaluation_idfrom the correlation registry (claim miss → no POST; the pending evaluation expires server-side as designed).statusfromevent.error(error/success), plusduration_msandresult.["url","host"], not dotted) extracted fromevent.result; a missing path skips the entry.evaluation_expired:JSON.parse(JSON.stringify(...))snapshot (no probe-vs-send TOCTOU; tolerates throwing getters / BigInt / circular refs),result→ trimevidence→ truncate (UTF-8-safe) then omit an oversizederror, keeping the always-serializable core.200 already_finalized(and any 2xx) is treated as success by the client; we audit unconditionally.Config resolution
parseConfigvalidatesapi.pluginConfigwith zod (defaults mirroropenclaw.plugin.json); theevidenceconfig is now consumed at runtime.before_tool_call+before_installgates and logs loudly — it never skips hook registration, which would leave the tool surface ungoverned. Host-independent (does not rely on the gateway aborting on aregister()throw).Tests
after-tool-call.test.ts(claim/status/evidence/serialization/budget/error-truncation),config.test.ts(zod validation + defaults), and an end-to-endindex.test.tsproving configured evidence rules reach the/auditbody through real plugin registration.pnpm verifygreen: 162 tests (vitest runtime + typecheck projects), typecheck clean, build success.Not in this PR
before_install → /install-scanremains a stub (next task); Part C (live e2e + npm publish) follows.