feat(audit): real CBOR + EVM-calldata decode for the web audit view (#153)

[hanwencheng]

Summary

Resolves #153. Replaces the parent-control web app's mock audit decode (decodeCalldata) and placeholder — contract addresses with real backend decode, end to end — the follow-up to #187 (which wired onboarding but left the step-9 audit view mocked).

Two things the user asked for: show the contract information and show (decode) the audit.

What landed

agentkeys-core — decode primitives

• audit/calldata.rs — keccak selector() + a minimal head/tail ABI decoder + encoder for the four stage-1 contracts (CredentialAudit, SidecarRegistry, AgentKeysScope, K3EpochCounter). Real selectors (e.g. append = 0xc1bf0e32, registerAgentDevice = 0x9847ca95) pinned to cast ground truth so ABI drift fails CI. Supports bytes32/uint*/address/bool/bytes/bytes32[]; a trailing WebAuthn tuple is noted, not guessed.
• audit/mod.rs — AuditEnvelope::to_json() + decode_envelope_hex(). The agentkeys-core: AuditEnvelope v1 cross-language CBOR vector exporter #137 cross-language CBOR vectors are the decode fixtures (acceptance bullet 4).
• chain_profile.rs + chain-profiles/heima.json — embedded deployed-contract registry (single source of truth, mirrors docs/spec/deployed-contracts.md).

agentkeys-daemon — endpoints

• audit_decode.rs — decode one audit event into its CBOR AuditEnvelope (round-tripped through real canonical CBOR) and the on-chain calldata it commits (ABI-encoded from the action's real values, then decoded against the verified ABI — real bytes, not a fabricated view).
• ui_bridge.rs — GET /v1/chain/info + GET /v1/audit/:id/decode.

apps/parent-control — web UI

• Client seam gains getChainInfo() + decodeAuditEvent().
• ChainPage renders real addresses + explorer links; EventDecodeModal renders the decoded envelope + typed calldata args. Demo data kept as a clearly-labelled offline fallback.

Acceptance (#153)

• Daemon endpoint returns the decoded CBOR envelope for an audit row
• Calldata decoded against the verified ABIs (selector + typed args)
• Web UI step-9 modal renders real decode (mock replaced)
• agentkeys-core: AuditEnvelope v1 cross-language CBOR vector exporter #137 CBOR vectors used as the decode test fixtures

Deliberate deviation

The issue suggested ethabi/alloy. I wrote a small, fully-tested decoder/encoder instead (only sha3 needed — no heavy dep), selectors pinned to cast ground truth + encode/decode round-trip tested. Equivalent correctness, far smaller footprint.

Test plan

• cargo test -p agentkeys-core audit:: — calldata + envelope decode + agentkeys-core: AuditEnvelope v1 cross-language CBOR vector exporter #137 vectors (153+ pass)
• cargo test -p agentkeys-daemon — audit_decode + endpoint wiring (66/15/15 pass)
• cargo clippy -p agentkeys-core -p agentkeys-daemon --all-targets -- -D warnings — clean
• cargo check --workspace — clean
• apps/parent-control: tsc --noEmit — clean

🤖 Generated with Claude Code

[hanwencheng]

Codex adversarial review — applied

Ran /codex challenge (adversarial, high reasoning, ~1.4M tokens) against the diff. Net: one real bug I introduced, one real audit-honesty gap, plus a genuine src↔deploy divergence it surfaced. Two scary-sounding P1s were ruled out with evidence.

Fixed in f82334f1:

• OOM/DoS guard (calldata.rs) — decode_bytes32_array now bounds-checks the array length against the remaining body before Vec::with_capacity, so a crafted length word can't drive a huge alloc. Regression test added (overflow + body-too-short paths).
• Synthesized-decode labeling (audit_decode.rs + UI) — /v1/audit/:id/decode now returns synthesized: true + a provenance note, and the modal shows a preview banner. The CBOR/calldata shape is real (verified-ABI encode↔decode), but the source values are reconstructed from the audit row (no stored envelope/tx yet) — so derived hashes are never mistaken for stored on-chain evidence.
• Forward-compat scope ABI (calldata.rs) — the registry now recognizes both the deployed setScopeWithWebauthn(...,tuple) / revokeScope(...,tuple) (what scripts/heima-scope-{set,revoke}.sh submit today) and the current-source setScope / revokeScope(bytes32,bytes32). codex was right that src/AgentKeysScope.sol has diverged from the deployment; switching outright would've broken live decode, so both are registered with a divergence note.
• No fabricated tx link (UI) — dropped the synthetic txHash() explorer link; the modal links only to the real contract page.
• Loud chain fallback (ui_bridge.rs) — warn! instead of silently serving Heima addresses on a bad $AGENTKEYS_CHAIN.

Real Heima explorer URLs wired (per operator): explorer.heima.network/address/{addr} for accounts, /contract/{addr} for contracts (new contract_url_template in the chain profile). Replaces the stale statescan.io links.

Ruled out (with evidence):

• "Branch removes the master-self scope bypass" (cap.rs/verify.rs) — not in this PR. git diff main swept it in because the local main ref was stale; jj diff + the 15-file PR list confirm those files aren't touched. It's the separately-merged feat(broker,worker): skip scope check for master-self (operator==actor) #195 ("skip scope check for master-self").
• "Live scope txs will fail to decode" — false: the operator scripts submit the tuple form my registry already had; verified against heima-scope-set.sh.

Validation: core 157, daemon 66/15/15, tsc --noEmit clean, clippy -D warnings clean.