Commit Graph

2 Commits

Author SHA1 Message Date
dennis palatov
93bab62444 feat(web4-governance): add PolicyEntity as first-class trust participant (#5)
Policy is now "society's law" - not just configuration, but a hash-tracked,
witnessable entity in the trust network.

Key changes:
- PolicyEntity class with hash-identified entityId (policy:<name>:<version>:<hash>)
- PolicyRegistry for registration and witnessing
- Policy evaluation with rate limiting integration
- Session witnesses policy at initialization
- Policy witnesses tool decisions in after_tool_call
- R6 records include policyEntityId in rules field
- CLI command: `moltbot policy entities` to list registered policies
- 26 new tests for PolicyEntity (177 total tests passing)

The witnessing flow:
1. Session start → register policy entity → session witnesses policy
2. Tool call → policy evaluates decision → policy witnesses outcome
3. Bidirectional trust accumulation in the witnessing chain

Co-authored-by: dp-web4 <dp@metalinxx.io>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 13:33:36 -08:00
dp-web4
f599b4b349 Add web4-governance plugin: R6 audit trails and session identity
Adds a governance extension that creates verifiable audit trails for
agent tool usage using the R6 framework (Rules+Role+Request+Reference+
Resource→Result). Uses the typed after_tool_call hooks wired in #1
to capture every tool invocation with provenance, timing, and
hash-linked chain integrity.

Includes:
- R6 request framework with tool classification
- Hash-linked JSONL audit chain with verification
- Software-bound session identity tokens (Soft LCT)
- Session state tracking with tool/category counts
- CLI commands: audit summary, audit verify, audit last
- 39 unit tests across all modules

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 13:33:35 -08:00