Now that #141 (AgentGovernancePlugin) is merged, the pre-execution governance loop is closed: policy load → tool-call decision → allow/review/block.
The natural next question is post-execution: once the tool call is allowed and executed, is there a standard pattern for recording what actually happened in a tamper-evident way?
The gap: AgentGovernancePlugin captures the decision. Nothing currently captures the outcome — tool name, args hash, output hash, timestamp — in a form that an external auditor can verify independently.
Proposed pattern: an optional audit_backend parameter on AgentGovernancePlugin (or a companion hook) that receives a structured post-execution record after each allowed tool call. Implementations could range from local JSONL to on-chain anchoring (e.g. Mycelium Trails).
This would complete the loop: pre-execution policy check → execution → post-execution evidence. Both sides independently verifiable.
Happy to contribute a spec or draft implementation if there's interest.
Now that #141 (AgentGovernancePlugin) is merged, the pre-execution governance loop is closed: policy load → tool-call decision → allow/review/block.
The natural next question is post-execution: once the tool call is allowed and executed, is there a standard pattern for recording what actually happened in a tamper-evident way?
The gap: AgentGovernancePlugin captures the decision. Nothing currently captures the outcome — tool name, args hash, output hash, timestamp — in a form that an external auditor can verify independently.
Proposed pattern: an optional
audit_backendparameter onAgentGovernancePlugin(or a companion hook) that receives a structured post-execution record after each allowed tool call. Implementations could range from local JSONL to on-chain anchoring (e.g. Mycelium Trails).This would complete the loop: pre-execution policy check → execution → post-execution evidence. Both sides independently verifiable.
Happy to contribute a spec or draft implementation if there's interest.