Commit Graph

2 Commits

Author SHA1 Message Date
dennis palatov
0fd6f72fde Add web4-governance plugin with R6 audit trails and policy engine (#3)
* Add policy engine to web4-governance (Tier 1.5)

Configurable rule-based pre-action gating via before_tool_call hook.
Rules match by tool name, category, and target pattern (glob/regex).
Decisions (allow/deny/warn) enforced or dry-run, recorded in R6 constraints.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* Add policy admin CLI: status, rules, test commands

* Add README and update ARCHITECTURE.md for Tier 1.5 policy engine

---------

Co-authored-by: dp-web4 <dp@metalinxx.io>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 13:33:35 -08:00
dp-web4
f599b4b349 Add web4-governance plugin: R6 audit trails and session identity
Adds a governance extension that creates verifiable audit trails for
agent tool usage using the R6 framework (Rules+Role+Request+Reference+
Resource→Result). Uses the typed after_tool_call hooks wired in #1
to capture every tool invocation with provenance, timing, and
hash-linked chain integrity.

Includes:
- R6 request framework with tool classification
- Hash-linked JSONL audit chain with verification
- Software-bound session identity tokens (Soft LCT)
- Session state tracking with tool/category counts
- CLI commands: audit summary, audit verify, audit last
- 39 unit tests across all modules

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 13:33:35 -08:00