Conversation
Mark Phase 1 site-policy/read-tier items shipped (v0.3.0, #15), leaving audit log, SECURITY.md, and skill hardening. Add the approved audit-log design: extension stamps host/tier/tabId on response meta, daemon writes redacted JSONL, reins audit views it, 30-day retention. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Spec fixes found while planning: policy denials already carry the policy_denied error code (no new code needed), and the CLI flag parser only supports --flag forms, so the viewer count flag is --last <n>. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…nial Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…abId fallback
- Redact promptText (handle_dialog) — agent-typed dialog text no longer hits disk in plaintext.
- Denial/error audit records now carry the browser id that was actually reached, sourced from
the rejection error (bridge #settle and requestFull timeout stamp .browserId).
- tabId falls back to params when response meta lacks it, per spec.
- finish()'s roster lookup moved inside its try/catch so no part of the audit path can throw
into the RPC.
- audit-cli viewer now guards against JSON-parseable but shape-invalid lines (e.g. `5`, `{}`)
instead of crashing on r.ts.slice.
- createAuditor test added for a not-yet-existing nested log directory.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Phase 1 (Trust) audit-log slice, per
docs/superpowers/specs/2026-07-11-audit-log-design.md:meta— on successes and policy denials (denials show what was blocked, not just what ran)./rpcattempt (success /policy_denied/ daemon-side failure) in~/.reins/logs/audit-YYYY-MM-DD.jsonl. Value-bearing params (text,value,expression,promptText, upload paths, CDP payloads) are redacted before write — plaintext never reaches disk. Writes are best-effort (a full disk never breaks a command); files prune after 30 days.reins auditviews it. Table by default,--last <n>across day files,--denied,--json. Reads files directly — no daemon needed.Also: security-page docs section, changeset (minor: cli + extension), roadmap tick.
Notes
ResponseFrame.metais optional — older extensions stay compatible; their records just lack host/tier.reins policy-style containment guarantee holds end-to-end: audit hook exceptions can never affect an RPC result (regression-tested).metavalidation for extension-newer-than-daemon skew,browserIdon mid-flight-disconnect rejections.Test plan
pnpm lint && pnpm typecheck && pnpm build && pnpm test— full workspace green (171 cli tests; 414 total)integration.test.tsreins audit,--denied --jsoncomposition, help line🤖 Generated with Claude Code