Adds a governance extension that creates verifiable audit trails for agent tool usage using the R6 framework (Rules+Role+Request+Reference+ Resource→Result). Uses the typed after_tool_call hooks wired in #1 to capture every tool invocation with provenance, timing, and hash-linked chain integrity. Includes: - R6 request framework with tool classification - Hash-linked JSONL audit chain with verification - Software-bound session identity tokens (Soft LCT) - Session state tracking with tool/category counts - CLI commands: audit summary, audit verify, audit last - 39 unit tests across all modules Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
38 lines
1.2 KiB
TypeScript
38 lines
1.2 KiB
TypeScript
import { describe, expect, it, vi } from "vitest";
|
|
import { createSoftLCT } from "./soft-lct.js";
|
|
|
|
vi.mock("node:os", () => ({
|
|
hostname: () => "test-host",
|
|
userInfo: () => ({ username: "test-user" }),
|
|
}));
|
|
|
|
describe("createSoftLCT", () => {
|
|
it("should return a token with the correct structure", () => {
|
|
const token = createSoftLCT("session-123");
|
|
expect(token).toMatchObject({
|
|
sessionId: "session-123",
|
|
bindingType: "software",
|
|
});
|
|
expect(token.tokenId).toMatch(/^web4:session:[a-f0-9]{8}:session-/);
|
|
expect(token.machineHash).toMatch(/^[a-f0-9]{8}$/);
|
|
expect(token.createdAt).toBeTruthy();
|
|
});
|
|
|
|
it("should produce a deterministic machineHash for same host+user", () => {
|
|
const a = createSoftLCT("s1");
|
|
const b = createSoftLCT("s2");
|
|
expect(a.machineHash).toBe(b.machineHash);
|
|
});
|
|
|
|
it("should truncate sessionId to first 8 chars in tokenId", () => {
|
|
const token = createSoftLCT("abcdefghijklmnop");
|
|
expect(token.tokenId).toContain(":abcdefgh");
|
|
expect(token.tokenId).not.toContain("ijklmnop");
|
|
});
|
|
|
|
it("should set createdAt to a valid ISO timestamp", () => {
|
|
const token = createSoftLCT("s1");
|
|
expect(new Date(token.createdAt).toISOString()).toBe(token.createdAt);
|
|
});
|
|
});
|