generated from coulomb/repo-seed
Implement WP-0022 audit trail and WP-0023 INTENT–SCOPE closeout
Add unified metadata-only audit.jsonl with secret-material guard, instrument sign/access/worker paths, and expose warden activity CLI. Surface broker hint when VAULT_TOKEN is unset, refresh INTENT/SCOPE docs, and add production integration checklists plus catalog lane promotion playbook.
This commit is contained in:
@@ -121,6 +121,23 @@ def write_audit(
|
||||
}
|
||||
with log_path.open("a") as f:
|
||||
f.write(json.dumps(record) + "\n")
|
||||
try:
|
||||
from warden.audit import record_event
|
||||
|
||||
record_event(
|
||||
state_dir,
|
||||
kind="access",
|
||||
action=action,
|
||||
subject=record["subject"],
|
||||
target=need_id,
|
||||
decision_id=decision_id,
|
||||
outcome="ok" if exit_code in (None, 0) else "error",
|
||||
source="access",
|
||||
owner_repo=owner_repo,
|
||||
domain=domain,
|
||||
)
|
||||
except Exception:
|
||||
pass
|
||||
return log_path
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user