Adds a governance extension that creates verifiable audit trails for agent tool usage using the R6 framework (Rules+Role+Request+Reference+ Resource→Result). Uses the typed after_tool_call hooks wired in #1 to capture every tool invocation with provenance, timing, and hash-linked chain integrity. Includes: - R6 request framework with tool classification - Hash-linked JSONL audit chain with verification - Software-bound session identity tokens (Soft LCT) - Session state tracking with tool/category counts - CLI commands: audit summary, audit verify, audit last - 39 unit tests across all modules Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
23 lines
482 B
JSON
23 lines
482 B
JSON
{
|
|
"id": "web4-governance",
|
|
"configSchema": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"auditLevel": {
|
|
"type": "string",
|
|
"enum": ["minimal", "standard", "verbose"],
|
|
"default": "standard"
|
|
},
|
|
"showR6Status": {
|
|
"type": "boolean",
|
|
"default": true
|
|
},
|
|
"storagePath": {
|
|
"type": "string",
|
|
"description": "Override default ~/.web4/ storage path"
|
|
}
|
|
}
|
|
}
|
|
}
|