Skip to content

[AAASM-2286] ✨ (scenarios/audit-trace): Add audit-trace scenario with Python and Node examples#24

Merged
Chisanan232 merged 4 commits into
masterfrom
v0.0.1/AAASM-2286/feat/audit_trace_scenario
Jun 1, 2026
Merged

[AAASM-2286] ✨ (scenarios/audit-trace): Add audit-trace scenario with Python and Node examples#24
Chisanan232 merged 4 commits into
masterfrom
v0.0.1/AAASM-2286/feat/audit_trace_scenario

Conversation

@Chisanan232
Copy link
Copy Markdown
Contributor

@Chisanan232 Chisanan232 commented May 31, 2026

What changed

Added scenarios/audit-trace/ with a full runnable example demonstrating how Agent Assembly records audit events for every governed tool call. Includes a README, expected output reference, and standalone Python and Node.js agent scripts showing allow, deny, and approval_required decisions — all runnable offline without API keys or a live gateway.

Related ticket

Closes #AAASM-2286

How to verify

# Python
python scenarios/audit-trace/python/agent.py

# Node.js
node scenarios/audit-trace/node/agent.js

Both should print 3 audit records (one per tool call) matching the structure in expected-output.txt.

Checklist

  • PR title follows [AAASM-XXXX] <GitEmoji> (<scope>): <summary>
  • No secrets, API keys, or .env files committed
  • Example sub-projects include their own README.md with prerequisites and run instructions
  • SDK/runtime version dependencies are documented or pinned

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 31, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
C Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

@Chisanan232 Chisanan232 mentioned this pull request May 31, 2026
Merged
4 tasks
@Chisanan232
Copy link
Copy Markdown
Contributor Author

Chisanan232 commented Jun 1, 2026

Code Review — Claude Code

Scope review result: ✅ Ready to merge

CI status

Check Result
build ✅ pass
run ✅ pass
SonarCloud ⚠️ fail (quality gate — ignored per project policy)

Coverage against AAASM-2286 / AAASM-2197 AC-1

Requirement Status
scenarios/audit-trace/README.md — concept, flow, setup/run, troubleshooting ✅ present
expected-output.txt — reference output documented ✅ present
Python agent showing allow, deny, approval_required decisions ✅ all three decision types demonstrated
Node.js agent — equivalent behavior ✅ structurally identical output
Audit records include event_id, timestamp, agent_id, tool, decision, reason, inputs, outputs ✅ all fields present
No secrets / API keys committed .env.example only; no real credentials
Runnable offline without a live gateway ✅ stdlib only, no pip install required

Observations

  • send_email correctly raises approval_required (not just deny), demonstrating three distinct decision paths in one run.
  • The Python and Node examples produce structurally identical output, making them easy to compare across language stacks.
  • expected-output.txt uses <uuid> and <timestamp> placeholders for variable fields — clean for CI comparison if we ever add exact-match tests.

No issues found. Approved from scope and correctness standpoint.

@Chisanan232 Chisanan232 mentioned this pull request Jun 1, 2026
Merged
4 tasks
@Chisanan232 Chisanan232 merged commit e90e6ef into master Jun 1, 2026
2 of 3 checks passed
@Chisanan232 Chisanan232 deleted the v0.0.1/AAASM-2286/feat/audit_trace_scenario branch June 1, 2026 02:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Chisanan232 Chisanan232

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Chisanan232