Skip to content

fix(tools): write AuditEntry for pre-execution verifier blocks (#2343)#2350

Merged
bug-ops merged 4 commits intomainfrom
2343-pre-execution-audit-log
Mar 28, 2026
Merged

fix(tools): write AuditEntry for pre-execution verifier blocks (#2343)#2350
bug-ops merged 4 commits intomainfrom
2343-pre-execution-audit-log

Conversation

@bug-ops
Copy link
Copy Markdown
Owner

@bug-ops bug-ops commented Mar 28, 2026

Summary

  • Pre-execution verifier blocks (FirewallVerifier, DestructiveCommands, etc.) now write an AuditEntry with AuditResult::Blocked to the audit log
  • Audit entries include tool, command (JSON-serialized args), result, error_category="pre_execution_block", error_domain="security", duration_ms=0
  • Arc<AuditLogger> is now wired into ToolOrchestrator via new Agent::with_audit_logger() builder method; the same logger instance is shared with ShellExecutor and WebScrapeExecutor
  • Deduplicates AuditLogger::from_config calls in daemon.rs and acp.rs by moving logger ownership into ToolSetup

Root Cause

The AuditResult::Blocked path existed only in ShellExecutor::check_permissions(). FirewallVerifier blocks occur earlier in native.rs before any executor is invoked, and Agent had no Arc<AuditLogger> field to write entries from.

Test Plan

  • New test pre_execution_audit_tests::pre_execution_block_writes_audit_entry verifies that a FirewallVerifier block writes a JSONL entry with correct error_category, error_domain, duration_ms, and tool name
  • 6966/6966 tests pass

Closes #2343

@github-actions github-actions bot added documentation Improvements or additions to documentation rust Rust code changes core zeph-core crate bug Something isn't working size/L Large PR (201-500 lines) labels Mar 28, 2026
bug-ops added 3 commits March 28, 2026 13:31
@bug-ops
fix(tools): write AuditEntry with AuditResult::Blocked for pre-execut…
7aee19b 
…ion verifier blocks (#2343)

Previously, when a FirewallVerifier (or any PreExecutionVerifier) blocked a
tool call in handle_native_tool_calls, the block was logged and metered but
never recorded in the audit log. This adds:

- Arc<AuditLogger> field on ToolOrchestrator, wired through with_audit_logger()
  builder method on Agent<C>
- Audit write (tokio::spawn fire-and-forget) at the VerificationResult::Block
  arm in native.rs with error_category=pre_execution_block and
  error_domain=security
- Wiring in agent_setup.rs, runner.rs, daemon.rs, and acp.rs so the same
  AuditLogger instance is shared between executors and the agent
- Test: pre_execution_block_writes_audit_entry verifies the audit file contains
  a blocked entry after FirewallVerifier rejects a file_path=/etc/passwd call
@bug-ops
test(tools): add missing field assertions to pre_execution_block_writ…
eedc4f2 
…es_audit_entry

Assert error_domain and duration_ms fields in audit entry to prevent
silent regression if field values change.
@bug-ops
Merge commit '766d52574d' into 2343-pre-execution-audit-log
80971ab
@bug-ops bug-ops force-pushed the 2343-pre-execution-audit-log branch from 931a542 to 80971ab Compare March 28, 2026 12:33
@bug-ops bug-ops enabled auto-merge (squash) March 28, 2026 12:34
@bug-ops bug-ops merged commit 3f40402 into main Mar 28, 2026
25 checks passed
@bug-ops bug-ops deleted the 2343-pre-execution-audit-log branch March 28, 2026 12:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working core zeph-core crate documentation Improvements or additions to documentation rust Rust code changes size/L Large PR (201-500 lines)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fix(tools): pre-execution verifier blocks (FirewallVerifier, DestructiveCommands) not written to audit log

1 participant

@bug-ops