Skip to content

feat(fogclaw): add PII access request backlog#2

Merged
sidmohan0 merged 10 commits into
mainfrom
feat/pii-access-request-backlog
Feb 18, 2026
Merged

feat(fogclaw): add PII access request backlog#2
sidmohan0 merged 10 commits into
mainfrom
feat/pii-access-request-backlog

Conversation

@sidmohan0

Copy link
Copy Markdown
Contributor

Summary

  • Add agent-initiated PII access request workflow: agents can request access to redacted data via fogclaw_request_access, users review via fogclaw_requests, and resolve via fogclaw_resolve
  • Session-scoped in-memory backlog with RedactionMapStore (FIFO eviction, max 10k entries) and BacklogStore (configurable maxPendingRequests, default 50)
  • Full lifecycle: pending → approved/denied/follow_up, with batch resolve support and structured audit logging

Artifacts

  • Spec: docs/specs/2026-02-17-feat-pii-access-request-backlog-spec.md
  • Plan: docs/plans/active/2026-02-17-feat-pii-access-request-backlog-plan.md
  • Verify/release decision: GO (2026-02-17)

Changes

File Change
src/backlog.ts New: RedactionMapStore (FIFO eviction) + BacklogStore (request lifecycle)
src/backlog-tools.ts New: 3 tool handler factories (request, list, resolve)
src/types.ts Added RequestStatus, AccessRequest, maxPendingRequests
src/config.ts Added maxPendingRequests default + validation
src/index.ts Wire stores, register 3 new tools, capture mappings in hooks
src/tool-result-handler.ts Accept optional RedactionMapStore, capture mappings
src/message-sending-handler.ts Same pattern as tool-result-handler
tests/backlog.test.ts 27 tests (store + eviction)
tests/backlog-tools.test.ts 23 tests + 2 lifecycle integration tests
tests/plugin-smoke.test.ts Updated: 6 tools registered
openclaw.plugin.json Added maxPendingRequests schema + UI hints
fogclaw.config.example.json Added maxPendingRequests: 50
docs/SECURITY.md Threat model entry for PII in backlog memory
docs/OBSERVABILITY.md Access request audit events documented

Evidence

  • 215/215 tests pass, 0 type errors
  • Review: 5-dimension review completed, 1 HIGH (S-17) resolved, 4 MEDIUM + 10 LOW routed to tech-debt
  • Architecture invariants verified: no PII in audit logs, session-scoped only, original text on approve only

Test plan

  • npm test passes (215 tests)
  • npx tsc --noEmit clean
  • Plugin smoke test registers 6 tools and 3 hooks
  • Backlog lifecycle: request → list → approve → original text returned
  • Max pending enforcement: request #51 returns error with default config
  • Audit events emit on create/resolve without raw PII

🤖 Generated with Claude Code

sidmohan0 and others added 10 commits February 17, 2026 18:12
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add threat model entry for PII held in backlog memory, update data
sensitivity guidance, and document new audit event types for the
access request lifecycle.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Introduces three new tools for managing PII access requests:
- fogclaw_request_access: agent submits request for redacted data
- fogclaw_requests: list/filter backlog by status
- fogclaw_resolve: approve/deny/follow-up with batch support

Adds RedactionMapStore to capture hook redaction mappings and
BacklogStore for session-scoped request lifecycle management.
Includes maxPendingRequests config (default 50), audit logging
for request events, and comprehensive test coverage (48 new tests).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Update plan with completed progress, evidence, and living sections.
All 21 progress items done. 213 tests passing, 0 type errors.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add maxMappings constructor parameter (default 10000) to prevent
unbounded PII accumulation in memory. Oldest entries are evicted
when the cap is exceeded. Review findings consolidated in plan,
medium/low findings routed to tech-debt tracker.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All 5 verification gates pass: 215/215 tests, 0 type errors,
architecture invariants verified, review gate clear, rollback
documented and feasible. Decision: GO.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add missing ## Metrics, ## Traces, ## Health Checks, ## Agent Access
headings required by he-docs-lint. Renamed existing sections to match
the expected heading contract.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…canning spec

Fix pre-existing he-specs-lint failure: spec was missing required
## Rollout and ## Validation and Acceptance Signals headings.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sidmohan0 sidmohan0 merged commit c65bac9 into main Feb 18, 2026
2 checks passed
@sidmohan0 sidmohan0 deleted the feat/pii-access-request-backlog branch July 2, 2026 23:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant