Commit Graph

9 Commits

Author SHA1 Message Date
dp-web4
ce704cf95f fix: add eslint-disable for second registerCli block
- Second policy CLI commands also use console.log for output
- Both registerCli blocks now have eslint-disable no-console comments
2026-01-28 14:26:54 -08:00
dp-web4
8fc62cec76 fix: remove unused variable in audit summary loop
- Change 'for (const [sid, entry]' to 'for (const [, entry]'
- sid was never used, only entry
2026-01-28 14:22:28 -08:00
dp-web4
29afd60f11 fix: lint issues in web4-governance extension
- Replace 'as any' with proper 'as ToolCategory' type cast
- Add ToolCategory import to policy-entity.ts
- Add eslint-disable comment for console.log in CLI commands (legitimate output)
2026-01-28 14:18:51 -08:00
dp-web4
c9d0f86db0 fix: remove peerDependencies from web4-governance package.json
- Plugin SDK provided at runtime by moltbot (per extension conventions)
- Update version to match current moltbot beta
- Update lockfile
2026-01-28 13:34:23 -08:00
dp-web4
b1b80bde19 fix: update storage paths to moltbot conventions
- Change default storage from ~/.web4/ to ~/.moltbot/extensions/web4-governance/
- Update documentation (README.md, ARCHITECTURE.md)
- Aligns with moltbot extension directory structure
2026-01-28 13:33:37 -08:00
dennis palatov
93bab62444 feat(web4-governance): add PolicyEntity as first-class trust participant (#5)
Policy is now "society's law" - not just configuration, but a hash-tracked,
witnessable entity in the trust network.

Key changes:
- PolicyEntity class with hash-identified entityId (policy:<name>:<version>:<hash>)
- PolicyRegistry for registration and witnessing
- Policy evaluation with rate limiting integration
- Session witnesses policy at initialization
- Policy witnesses tool decisions in after_tool_call
- R6 records include policyEntityId in rules field
- CLI command: `moltbot policy entities` to list registered policies
- 26 new tests for PolicyEntity (177 total tests passing)

The witnessing flow:
1. Session start → register policy entity → session witnesses policy
2. Tool call → policy evaluates decision → policy witnesses outcome
3. Bidirectional trust accumulation in the witnessing chain

Co-authored-by: dp-web4 <dp@metalinxx.io>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 13:33:36 -08:00
dennis palatov
5d83c337d4 web4-governance: complete Tier 1.5 — presets, rate limiting, audit query & reporter (#4)
Four features to complete the open-source governance tier:

1. Policy Presets (presets.ts): Built-in rule sets (permissive, safety,
   strict, audit-only) users can reference by name. Merge order:
   preset defaults → top-level overrides → additional rules appended.

2. Rate Limiting (rate-limiter.ts): Sliding window counters per key
   (tool or category). RateLimiter integrated into PolicyEngine —
   rate limit rules only match when threshold exceeded within window.
   Memory-only, resets on session restart.

3. Audit Query (audit.ts filter()): Filter audit records by tool,
   category, status, target pattern (glob), time range (ISO or
   relative like "1h"), and limit. CLI: moltbot audit query.

4. Audit Reporter (reporter.ts): Aggregates audit data into tool stats,
   category breakdown, policy decisions, error summaries, and
   per-minute timeline. Text and JSON output formats.

All wired into index.ts with CLI commands (policy presets, audit query,
audit report) and plugin.json schema updated with preset field.

151 tests pass across 9 test files.

Co-authored-by: dp-web4 <dp@metalinxx.io>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 13:33:36 -08:00
dennis palatov
0fd6f72fde Add web4-governance plugin with R6 audit trails and policy engine (#3)
* Add policy engine to web4-governance (Tier 1.5)

Configurable rule-based pre-action gating via before_tool_call hook.
Rules match by tool name, category, and target pattern (glob/regex).
Decisions (allow/deny/warn) enforced or dry-run, recorded in R6 constraints.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* Add policy admin CLI: status, rules, test commands

* Add README and update ARCHITECTURE.md for Tier 1.5 policy engine

---------

Co-authored-by: dp-web4 <dp@metalinxx.io>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 13:33:35 -08:00
dp-web4
f599b4b349 Add web4-governance plugin: R6 audit trails and session identity
Adds a governance extension that creates verifiable audit trails for
agent tool usage using the R6 framework (Rules+Role+Request+Reference+
Resource→Result). Uses the typed after_tool_call hooks wired in #1
to capture every tool invocation with provenance, timing, and
hash-linked chain integrity.

Includes:
- R6 request framework with tool classification
- Hash-linked JSONL audit chain with verification
- Software-bound session identity tokens (Soft LCT)
- Session state tracking with tool/category counts
- CLI commands: audit summary, audit verify, audit last
- 39 unit tests across all modules

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 13:33:35 -08:00