npm - predicate-claw - Versions diffs - 0.1.0 - Mend

predicate-claw 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (136) hide show

package/.github/workflows/release.yml +76 -0
package/.github/workflows/tests.yml +34 -0
package/.markdownlint.yaml +5 -0
package/.pre-commit-config.yaml +100 -0
package/README.md +405 -0
package/dist/src/adapter.d.ts +17 -0
package/dist/src/adapter.js +36 -0
package/dist/src/authority-client.d.ts +21 -0
package/dist/src/authority-client.js +22 -0
package/dist/src/circuit-breaker.d.ts +86 -0
package/dist/src/circuit-breaker.js +174 -0
package/dist/src/config.d.ts +8 -0
package/dist/src/config.js +7 -0
package/dist/src/control-plane-sync.d.ts +57 -0
package/dist/src/control-plane-sync.js +99 -0
package/dist/src/errors.d.ts +6 -0
package/dist/src/errors.js +6 -0
package/dist/src/index.d.ts +12 -0
package/dist/src/index.js +12 -0
package/dist/src/non-web-evidence.d.ts +46 -0
package/dist/src/non-web-evidence.js +54 -0
package/dist/src/openclaw-hooks.d.ts +27 -0
package/dist/src/openclaw-hooks.js +54 -0
package/dist/src/openclaw-plugin-api.d.ts +18 -0
package/dist/src/openclaw-plugin-api.js +17 -0
package/dist/src/provider.d.ts +48 -0
package/dist/src/provider.js +154 -0
package/dist/src/runtime-integration.d.ts +20 -0
package/dist/src/runtime-integration.js +43 -0
package/dist/src/web-evidence.d.ts +48 -0
package/dist/src/web-evidence.js +49 -0
package/dist/tests/adapter.test.d.ts +1 -0
package/dist/tests/adapter.test.js +63 -0
package/dist/tests/audit-event-e2e.test.d.ts +1 -0
package/dist/tests/audit-event-e2e.test.js +209 -0
package/dist/tests/authority-client.test.d.ts +1 -0
package/dist/tests/authority-client.test.js +46 -0
package/dist/tests/circuit-breaker.test.d.ts +1 -0
package/dist/tests/circuit-breaker.test.js +200 -0
package/dist/tests/control-plane-sync.test.d.ts +1 -0
package/dist/tests/control-plane-sync.test.js +90 -0
package/dist/tests/hack-vs-fix-demo.test.d.ts +1 -0
package/dist/tests/hack-vs-fix-demo.test.js +36 -0
package/dist/tests/jwks-rotation.test.d.ts +1 -0
package/dist/tests/jwks-rotation.test.js +232 -0
package/dist/tests/load-latency.test.d.ts +1 -0
package/dist/tests/load-latency.test.js +175 -0
package/dist/tests/multi-tenant-isolation.test.d.ts +1 -0
package/dist/tests/multi-tenant-isolation.test.js +146 -0
package/dist/tests/non-web-evidence.test.d.ts +1 -0
package/dist/tests/non-web-evidence.test.js +139 -0
package/dist/tests/openclaw-hooks.test.d.ts +1 -0
package/dist/tests/openclaw-hooks.test.js +38 -0
package/dist/tests/openclaw-plugin-api.test.d.ts +1 -0
package/dist/tests/openclaw-plugin-api.test.js +40 -0
package/dist/tests/provider.test.d.ts +1 -0
package/dist/tests/provider.test.js +190 -0
package/dist/tests/runtime-integration.test.d.ts +1 -0
package/dist/tests/runtime-integration.test.js +57 -0
package/dist/tests/web-evidence.test.d.ts +1 -0
package/dist/tests/web-evidence.test.js +89 -0
package/docs/MIGRATION_GUIDE.md +405 -0
package/docs/OPERATIONAL_RUNBOOK.md +389 -0
package/docs/PRODUCTION_READINESS.md +134 -0
package/docs/SLO_THRESHOLDS.md +193 -0
package/examples/README.md +171 -0
package/examples/docker/Dockerfile.test +16 -0
package/examples/docker/README.md +48 -0
package/examples/docker/docker-compose.test.yml +16 -0
package/examples/non-web-evidence-demo.ts +184 -0
package/examples/openclaw-plugin-smoke/index.ts +30 -0
package/examples/openclaw-plugin-smoke/openclaw.plugin.json +11 -0
package/examples/openclaw-plugin-smoke/package.json +9 -0
package/examples/openclaw_integration_example.py +41 -0
package/examples/policy/README.md +165 -0
package/examples/policy/approved-hosts.yaml +137 -0
package/examples/policy/dev-workflow.yaml +206 -0
package/examples/policy/policy.example.yaml +17 -0
package/examples/policy/production-strict.yaml +97 -0
package/examples/policy/sensitive-paths.yaml +114 -0
package/examples/policy/source-trust.yaml +129 -0
package/examples/policy/workspace-isolation.yaml +51 -0
package/examples/runtime_registry_example.py +75 -0
package/package.json +27 -0
package/pyproject.toml +41 -0
package/src/adapter.ts +45 -0
package/src/authority-client.ts +50 -0
package/src/circuit-breaker.ts +245 -0
package/src/config.ts +15 -0
package/src/control-plane-sync.ts +159 -0
package/src/errors.ts +5 -0
package/src/index.ts +12 -0
package/src/non-web-evidence.ts +116 -0
package/src/openclaw-hooks.ts +76 -0
package/src/openclaw-plugin-api.ts +51 -0
package/src/openclaw_predicate_provider/__init__.py +16 -0
package/src/openclaw_predicate_provider/__main__.py +5 -0
package/src/openclaw_predicate_provider/adapter.py +84 -0
package/src/openclaw_predicate_provider/agentidentity_backend.py +78 -0
package/src/openclaw_predicate_provider/cli.py +160 -0
package/src/openclaw_predicate_provider/config.py +42 -0
package/src/openclaw_predicate_provider/errors.py +13 -0
package/src/openclaw_predicate_provider/integrations/__init__.py +5 -0
package/src/openclaw_predicate_provider/integrations/openclaw_runtime.py +74 -0
package/src/openclaw_predicate_provider/models.py +19 -0
package/src/openclaw_predicate_provider/openclaw_hooks.py +75 -0
package/src/openclaw_predicate_provider/provider.py +69 -0
package/src/openclaw_predicate_provider/py.typed +1 -0
package/src/openclaw_predicate_provider/sidecar.py +59 -0
package/src/provider.ts +220 -0
package/src/runtime-integration.ts +68 -0
package/src/web-evidence.ts +95 -0
package/tests/adapter.test.ts +76 -0
package/tests/audit-event-e2e.test.ts +258 -0
package/tests/authority-client.test.ts +52 -0
package/tests/circuit-breaker.test.ts +266 -0
package/tests/conftest.py +9 -0
package/tests/control-plane-sync.test.ts +114 -0
package/tests/hack-vs-fix-demo.test.ts +44 -0
package/tests/jwks-rotation.test.ts +274 -0
package/tests/load-latency.test.ts +214 -0
package/tests/multi-tenant-isolation.test.ts +183 -0
package/tests/non-web-evidence.test.ts +168 -0
package/tests/openclaw-hooks.test.ts +46 -0
package/tests/openclaw-plugin-api.test.ts +50 -0
package/tests/provider.test.ts +227 -0
package/tests/runtime-integration.test.ts +70 -0
package/tests/test_adapter.py +46 -0
package/tests/test_cli.py +26 -0
package/tests/test_openclaw_hooks.py +53 -0
package/tests/test_provider.py +59 -0
package/tests/test_runtime_integration.py +77 -0
package/tests/test_sidecar_client.py +198 -0
package/tests/web-evidence.test.ts +113 -0
package/tsconfig.json +14 -0
package/vitest.config.ts +7 -0

package/tests/multi-tenant-isolation.test.ts ADDED Viewed

@@ -0,0 +1,183 @@
+import { describe, expect, it, vi } from "vitest";
+import type { AuthorizationRequest } from "@predicatesystems/authority";
+import {
+  type DecisionAuditExporter,
+  type DecisionTelemetryEvent,
+  GuardedProvider,
+} from "../src/provider.js";
+describe("multi-tenant isolation", () => {
+  it("propagates tenant_id through authorization request", async () => {
+    const capturedRequests: AuthorizationRequest[] = [];
+    const mockClient = {
+      authorize: vi.fn().mockImplementation((req: AuthorizationRequest) => {
+        capturedRequests.push(req);
+        return Promise.resolve({ allow: true, reason: "policy_pass" });
+      }),
+    };
+    const provider = new GuardedProvider({
+      principal: "agent:test-agent",
+      authorityClient: mockClient,
+    });
+    await provider.authorize({
+      action: "fs.read",
+      resource: "/workspace/file.txt",
+      args: { path: "/workspace/file.txt" },
+      context: {
+        tenant_id: "tenant-alpha",
+        session_id: "session-123",
+        source: "trusted_ui",
+      },
+    });
+    expect(capturedRequests).toHaveLength(1);
+    expect(capturedRequests[0].labels).toContain("source:trusted_ui");
+  });
+  it("isolates decisions by tenant in telemetry events", async () => {
+    const events: DecisionTelemetryEvent[] = [];
+    const mockClient = {
+      authorize: vi
+        .fn()
+        .mockResolvedValue({ allow: true, reason: "tenant_policy" }),
+    };
+    const telemetry = {
+      onDecision: (event: DecisionTelemetryEvent) => events.push(event),
+    };
+    const provider = new GuardedProvider({
+      principal: "agent:multi-tenant-agent",
+      authorityClient: mockClient,
+      telemetry,
+    });
+    // Authorize as tenant A
+    await provider.authorize({
+      action: "shell.execute",
+      resource: "echo hello",
+      args: { cmd: "echo hello" },
+      context: { tenant_id: "tenant-a", user_id: "user-a1" },
+    });
+    // Authorize as tenant B
+    await provider.authorize({
+      action: "shell.execute",
+      resource: "echo world",
+      args: { cmd: "echo world" },
+      context: { tenant_id: "tenant-b", user_id: "user-b1" },
+    });
+    expect(events).toHaveLength(2);
+    expect(events[0].tenantId).toBe("tenant-a");
+    expect(events[0].userId).toBe("user-a1");
+    expect(events[1].tenantId).toBe("tenant-b");
+    expect(events[1].userId).toBe("user-b1");
+  });
+  it("audit exports include tenant isolation context", async () => {
+    const exportedEvents: DecisionTelemetryEvent[] = [];
+    const mockClient = {
+      authorize: vi.fn().mockResolvedValue({ allow: true }),
+    };
+    const auditExporter: DecisionAuditExporter = {
+      exportDecision: async (event) => {
+        exportedEvents.push(event);
+      },
+    };
+    const provider = new GuardedProvider({
+      principal: "agent:audited-agent",
+      authorityClient: mockClient,
+      auditExporter,
+    });
+    await provider.authorize({
+      action: "net.http",
+      resource: "https://api.example.com/data",
+      args: { method: "GET", url: "https://api.example.com/data" },
+      context: {
+        tenant_id: "tenant-enterprise",
+        session_id: "sess-456",
+        trace_id: "trace-abc",
+        source: "trusted_ui",
+      },
+    });
+    expect(exportedEvents).toHaveLength(1);
+    expect(exportedEvents[0].tenantId).toBe("tenant-enterprise");
+    expect(exportedEvents[0].sessionId).toBe("sess-456");
+    expect(exportedEvents[0].traceId).toBe("trace-abc");
+    expect(exportedEvents[0].source).toBe("trusted_ui");
+  });
+  it("denials preserve tenant context in error events", async () => {
+    const events: DecisionTelemetryEvent[] = [];
+    const mockClient = {
+      authorize: vi.fn().mockResolvedValue({
+        allow: false,
+        reason: "tenant_quota_exceeded",
+      }),
+    };
+    const telemetry = {
+      onDecision: (event: DecisionTelemetryEvent) => events.push(event),
+    };
+    const provider = new GuardedProvider({
+      principal: "agent:quota-agent",
+      authorityClient: mockClient,
+      telemetry,
+    });
+    await expect(
+      provider.authorize({
+        action: "shell.execute",
+        resource: "rm -rf /",
+        args: { cmd: "rm -rf /" },
+        context: { tenant_id: "tenant-restricted" },
+      }),
+    ).rejects.toThrow();
+    expect(events).toHaveLength(1);
+    expect(events[0].outcome).toBe("deny");
+    expect(events[0].tenantId).toBe("tenant-restricted");
+    expect(events[0].reason).toBe("tenant_quota_exceeded");
+  });
+  it("handles missing tenant context gracefully", async () => {
+    const events: DecisionTelemetryEvent[] = [];
+    const mockClient = {
+      authorize: vi.fn().mockResolvedValue({ allow: true }),
+    };
+    const telemetry = {
+      onDecision: (event: DecisionTelemetryEvent) => events.push(event),
+    };
+    const provider = new GuardedProvider({
+      principal: "agent:no-tenant",
+      authorityClient: mockClient,
+      telemetry,
+    });
+    await provider.authorize({
+      action: "fs.read",
+      resource: "/tmp/file.txt",
+      args: { path: "/tmp/file.txt" },
+      // No context provided
+    });
+    expect(events).toHaveLength(1);
+    expect(events[0].tenantId).toBeUndefined();
+    expect(events[0].sessionId).toBeUndefined();
+  });
+});

package/tests/non-web-evidence.test.ts ADDED Viewed

@@ -0,0 +1,168 @@
+import { describe, expect, it } from "vitest";
+import {
+  OpenClawDesktopAccessibilityEvidenceProvider,
+  OpenClawTerminalEvidenceProvider,
+  buildDesktopEvidenceFromProvider,
+  buildTerminalEvidenceFromProvider,
+} from "../src/non-web-evidence.js";
+describe("non-web evidence providers", () => {
+  describe("legacy mode (useCanonicalHash=false)", () => {
+    it("builds terminal session state evidence", async () => {
+      const provider = new OpenClawTerminalEvidenceProvider(() => ({
+        sessionId: "s-1",
+        terminalId: "t-1",
+        cwd: "/workspace",
+        command: "cat secrets.txt",
+        transcript: "line1\nline2\n",
+        observedAt: "2026-02-20T08:00:00.000Z",
+        confidence: 0.92,
+      }));
+      const snapshot = await provider.captureTerminalSnapshot();
+      const evidence = await buildTerminalEvidenceFromProvider(provider, {
+        useCanonicalHash: false,
+      });
+      expect(snapshot.session_id).toBe("s-1");
+      expect(snapshot.transcript_hash).toEqual(expect.any(String));
+      expect(evidence).toMatchObject({
+        source: "terminal",
+        schema_version: "terminal-v1",
+        confidence: 0.92,
+      });
+      expect(evidence.state_hash).toEqual(expect.any(String));
+    });
+    it("builds desktop accessibility state evidence", async () => {
+      const provider = new OpenClawDesktopAccessibilityEvidenceProvider(() => ({
+        appName: "Terminal",
+        windowTitle: "Deploy Prod",
+        focusedRole: "button",
+        focusedName: "Confirm",
+        uiTreeText: "root > dialog > button:Confirm",
+        observedAt: "2026-02-20T08:01:00.000Z",
+        confidence: 0.88,
+      }));
+      const snapshot = await provider.captureAccessibilitySnapshot();
+      const evidence = await buildDesktopEvidenceFromProvider(provider, {
+        useCanonicalHash: false,
+      });
+      expect(snapshot.ui_tree_hash).toEqual(expect.any(String));
+      expect(evidence).toMatchObject({
+        source: "desktop_accessibility",
+        schema_version: "desktop-a11y-v1",
+        confidence: 0.88,
+      });
+      expect(evidence.state_hash).toEqual(expect.any(String));
+    });
+  });
+  describe("canonical mode (default)", () => {
+    it("builds terminal evidence with canonical schema version", async () => {
+      const provider = new OpenClawTerminalEvidenceProvider(() => ({
+        sessionId: "s-1",
+        terminalId: "t-1",
+        cwd: "/workspace",
+        command: "npm test",
+        transcript: "\x1b[32mPASS\x1b[0m all tests",
+        observedAt: "2026-02-20T08:00:00.000Z",
+        confidence: 0.95,
+      }));
+      const evidence = await buildTerminalEvidenceFromProvider(provider);
+      expect(evidence).toMatchObject({
+        source: "terminal",
+        schema_version: "terminal:v1.0",
+        confidence: 0.95,
+      });
+      expect(evidence.state_hash).toMatch(/^sha256:[a-f0-9]{64}$/);
+    });
+    it("builds desktop evidence with canonical schema version", async () => {
+      const provider = new OpenClawDesktopAccessibilityEvidenceProvider(() => ({
+        appName: "Firefox",
+        windowTitle: "GitHub",
+        focusedRole: "button",
+        focusedName: "Submit",
+        uiTreeText: "window > form > button:Submit",
+        observedAt: "2026-02-20T08:01:00.000Z",
+        confidence: 0.9,
+      }));
+      const evidence = await buildDesktopEvidenceFromProvider(provider);
+      expect(evidence).toMatchObject({
+        source: "desktop_accessibility",
+        schema_version: "desktop:v1.0",
+        confidence: 0.9,
+      });
+      expect(evidence.state_hash).toMatch(/^sha256:[a-f0-9]{64}$/);
+    });
+    it("produces stable hashes for equivalent terminal inputs", async () => {
+      // Same content with different whitespace/ANSI codes
+      const provider1 = new OpenClawTerminalEvidenceProvider(() => ({
+        sessionId: "s-1",
+        command: "  npm   test  ",
+        transcript: "\x1b[32mOK\x1b[0m",
+      }));
+      const provider2 = new OpenClawTerminalEvidenceProvider(() => ({
+        sessionId: "s-1",
+        command: "npm test",
+        transcript: "OK",
+      }));
+      const evidence1 = await buildTerminalEvidenceFromProvider(provider1);
+      const evidence2 = await buildTerminalEvidenceFromProvider(provider2);
+      // Canonical hashing should produce identical hashes
+      expect(evidence1.state_hash).toBe(evidence2.state_hash);
+    });
+    it("produces stable hashes for equivalent desktop inputs", async () => {
+      // Same content with different whitespace
+      const provider1 = new OpenClawDesktopAccessibilityEvidenceProvider(() => ({
+        appName: "  Firefox  ",
+        windowTitle: "  GitHub  ",
+        focusedRole: "BUTTON",
+        focusedName: "  Submit  ",
+      }));
+      const provider2 = new OpenClawDesktopAccessibilityEvidenceProvider(() => ({
+        appName: "Firefox",
+        windowTitle: "GitHub",
+        focusedRole: "button",
+        focusedName: "Submit",
+      }));
+      const evidence1 = await buildDesktopEvidenceFromProvider(provider1);
+      const evidence2 = await buildDesktopEvidenceFromProvider(provider2);
+      // Canonical hashing should produce identical hashes
+      expect(evidence1.state_hash).toBe(evidence2.state_hash);
+    });
+    it("passes raw transcript for canonical hashing in SDK", async () => {
+      const provider = new OpenClawTerminalEvidenceProvider(() => ({
+        sessionId: "s-1",
+        transcript: "\x1b[31mERROR\x1b[0m: something went wrong",
+      }));
+      const snapshot = await provider.captureTerminalSnapshot();
+      // transcript_hash now contains raw text (hashing is done by SDK when useCanonicalHash=true)
+      expect(snapshot.transcript_hash).toEqual(expect.any(String));
+      // Raw transcript with ANSI codes is 36 chars
+      expect(snapshot.transcript_hash).toBe("\x1b[31mERROR\x1b[0m: something went wrong");
+      // Verify the final evidence hash is canonical (sha256-prefixed)
+      const evidence = await buildTerminalEvidenceFromProvider(provider);
+      expect(evidence.state_hash).toMatch(/^sha256:[a-f0-9]{64}$/);
+    });
+  });
+});

package/tests/openclaw-hooks.test.ts ADDED Viewed

@@ -0,0 +1,46 @@
+import { describe, expect, it } from "vitest";
+import { HookEnvelope, OpenClawHooks } from "../src/openclaw-hooks.js";
+describe("OpenClawHooks", () => {
+  it("renders hook context shape", () => {
+    const env = new HookEnvelope({
+      toolName: "cmd.run",
+      args: { command: "echo hi" },
+      sessionId: "s1",
+      source: "trusted_ui",
+      tenantId: "t1",
+      userId: "u1",
+      traceId: "tr1",
+    });
+    expect(env.context()).toMatchObject({
+      source: "trusted_ui",
+      tenant_id: "t1",
+    });
+  });
+  it("routes cmd hooks through the shell guard", async () => {
+    const calls: string[] = [];
+    const hooks = new OpenClawHooks({
+      runShell: async ({ execute, args }) => {
+        calls.push("shell");
+        return execute(args);
+      },
+      readFile: async ({ execute, args }) => execute(args),
+      httpRequest: async ({ execute, args }) => execute(args),
+    });
+    const result = await hooks.onCmdRun(
+      new HookEnvelope({
+        toolName: "cmd.run",
+        args: { command: "echo hi" },
+        sessionId: "s1",
+        source: "trusted_ui",
+      }),
+      async (args) => args,
+    );
+    expect(result).toEqual({ command: "echo hi" });
+    expect(calls).toEqual(["shell"]);
+  });
+});

package/tests/openclaw-plugin-api.test.ts ADDED Viewed

@@ -0,0 +1,50 @@
+import { describe, expect, it } from "vitest";
+import { registerOpenClawPredicateTools } from "../src/openclaw-plugin-api.js";
+interface RegisteredTool {
+  name: string;
+  execute: (id: string, params: Record<string, unknown>) => Promise<unknown>;
+}
+describe("registerOpenClawPredicateTools", () => {
+  it("registers cmd/fs/http tools via registerTool API", async () => {
+    const registered: RegisteredTool[] = [];
+    const api = {
+      registerTool: (tool: RegisteredTool) => {
+        registered.push(tool);
+      },
+    };
+    const calls: string[] = [];
+    registerOpenClawPredicateTools(api, {
+      executeCmdRun: async (args) => {
+        calls.push(`cmd:${String(args.command ?? "")}`);
+        return { ok: true };
+      },
+      executeFsReadFile: async (args) => {
+        calls.push(`fs:${String(args.path ?? "")}`);
+        return { ok: true };
+      },
+      executeHttpRequest: async (args) => {
+        calls.push(`http:${String(args.url ?? "")}`);
+        return { ok: true };
+      },
+    });
+    expect(registered.map((tool) => tool.name)).toEqual([
+      "predicate_cmd_run",
+      "predicate_fs_read_file",
+      "predicate_http_request",
+    ]);
+    await registered[0].execute("run-1", { command: "echo hi" });
+    await registered[1].execute("run-2", { path: "/tmp/demo" });
+    await registered[2].execute("run-3", { url: "https://example.com" });
+    expect(calls).toEqual([
+      "cmd:echo hi",
+      "fs:/tmp/demo",
+      "http:https://example.com",
+    ]);
+  });
+});

package/tests/provider.test.ts ADDED Viewed

@@ -0,0 +1,227 @@
+import { describe, expect, it } from "vitest";
+import {
+  ActionDeniedError,
+  GuardedProvider,
+  SidecarUnavailableError,
+} from "../src/provider.js";
+describe("GuardedProvider", () => {
+  it("builds deterministic intent hash", () => {
+    const first = GuardedProvider.intentHash({ cmd: "ls", flags: ["-la"] });
+    const second = GuardedProvider.intentHash({ flags: ["-la"], cmd: "ls" });
+    expect(first).toBe(second);
+  });
+  it("fails closed when sidecar is unavailable", async () => {
+    const provider = new GuardedProvider({
+      principal: "p1",
+      config: { failClosed: true },
+      authorityClient: {
+        authorize: async () => {
+          throw new SidecarUnavailableError("down");
+        },
+      },
+    });
+    await expect(
+      provider.guardOrThrow({
+        action: "shell.execute",
+        resource: "echo hi",
+        args: { command: "echo hi" },
+      }),
+    ).rejects.toBeInstanceOf(SidecarUnavailableError);
+  });
+  it("returns null in fail-open mode when sidecar is unavailable", async () => {
+    const provider = new GuardedProvider({
+      principal: "p1",
+      config: { failClosed: false },
+      authorityClient: {
+        authorize: async () => {
+          throw new SidecarUnavailableError("down");
+        },
+      },
+    });
+    await expect(
+      provider.guardOrThrow({
+        action: "shell.execute",
+        resource: "echo hi",
+        args: { command: "echo hi" },
+      }),
+    ).resolves.toBeNull();
+  });
+  it("emits decision telemetry for allow and deny", async () => {
+    const events: Array<{ outcome: string; reason?: string }> = [];
+    const provider = new GuardedProvider({
+      principal: "p1",
+      telemetry: {
+        onDecision: (event) => {
+          events.push({ outcome: event.outcome, reason: event.reason });
+        },
+      },
+      authorityClient: {
+        authorize: async (request) => ({
+          allow: request.action !== "fs.read",
+          reason: request.action === "fs.read" ? "explicit_deny" : "allowed",
+          mandateId: request.action === "fs.read" ? undefined : "mnd_ok",
+        }),
+      },
+    });
+    await expect(
+      provider.guardOrThrow({
+        action: "shell.execute",
+        resource: "echo hi",
+        args: { command: "echo hi" },
+        context: { source: "trusted_ui" },
+      }),
+    ).resolves.toBe("mnd_ok");
+    await expect(
+      provider.guardOrThrow({
+        action: "fs.read",
+        resource: "/etc/passwd",
+        args: { path: "/etc/passwd" },
+        context: { source: "untrusted_dm" },
+      }),
+    ).rejects.toBeInstanceOf(ActionDeniedError);
+    expect(events).toEqual([
+      { outcome: "allow", reason: "allowed" },
+      { outcome: "deny", reason: "explicit_deny" },
+    ]);
+  });
+  it("sends canonical wire request fields to authority client", async () => {
+    let captured: Record<string, unknown> | undefined;
+    const provider = new GuardedProvider({
+      principal: "agent:openclaw-local",
+      authorityClient: {
+        authorize: async (request) => {
+          captured = request as unknown as Record<string, unknown>;
+          return { allow: true, reason: "allowed", mandateId: "mnd_ok" };
+        },
+      },
+    });
+    await provider.guardOrThrow({
+      action: "shell.execute",
+      resource: "echo hi",
+      args: { command: "echo hi", flags: ["-n"] },
+      context: { source: "trusted_ui", session_id: "s1" },
+    });
+    expect(captured).toBeDefined();
+    expect(captured?.principal).toBe("agent:openclaw-local");
+    expect(captured?.action).toBe("shell.execute");
+    expect(captured?.resource).toBe("echo hi");
+    expect(captured?.intent_hash).toEqual(expect.any(String));
+    expect(captured?.labels).toEqual(["source:trusted_ui"]);
+  });
+  it("exports decision audit events with correlation context", async () => {
+    const exported: Array<Record<string, unknown>> = [];
+    const provider = new GuardedProvider({
+      principal: "agent:openclaw-local",
+      auditExporter: {
+        exportDecision: async (event) => {
+          exported.push(event as unknown as Record<string, unknown>);
+        },
+      },
+      authorityClient: {
+        authorize: async () => ({
+          allow: true,
+          reason: "allowed",
+          mandateId: "mnd_123",
+        }),
+      },
+    });
+    await provider.guardOrThrow({
+      action: "shell.execute",
+      resource: "echo hi",
+      args: { command: "echo hi" },
+      context: {
+        source: "trusted_ui",
+        session_id: "session-1",
+        tenant_id: "tenant-1",
+        trace_id: "trace-1",
+      },
+    });
+    expect(exported).toHaveLength(1);
+    expect(exported[0]).toMatchObject({
+      principal: "agent:openclaw-local",
+      action: "shell.execute",
+      outcome: "allow",
+      mandateId: "mnd_123",
+      sessionId: "session-1",
+      tenantId: "tenant-1",
+      traceId: "trace-1",
+    });
+  });
+  it("does not block authorization if audit export fails", async () => {
+    const provider = new GuardedProvider({
+      principal: "agent:openclaw-local",
+      auditExporter: {
+        exportDecision: async () => {
+          throw new Error("audit export unavailable");
+        },
+      },
+      authorityClient: {
+        authorize: async () => ({
+          allow: true,
+          reason: "allowed",
+          mandateId: "mnd_456",
+        }),
+      },
+    });
+    await expect(
+      provider.guardOrThrow({
+        action: "shell.execute",
+        resource: "echo ok",
+        args: { command: "echo ok" },
+        context: { source: "trusted_ui" },
+      }),
+    ).resolves.toBe("mnd_456");
+  });
+  it("preserves deny reason and redacts sensitive resource in audit export", async () => {
+    const exported: Array<Record<string, unknown>> = [];
+    const provider = new GuardedProvider({
+      principal: "agent:openclaw-local",
+      auditExporter: {
+        exportDecision: async (event) => {
+          exported.push(event as unknown as Record<string, unknown>);
+        },
+      },
+      authorityClient: {
+        authorize: async () => ({
+          allow: false,
+          reason: "deny_sensitive_read_from_untrusted_context",
+        }),
+      },
+    });
+    await expect(
+      provider.guardOrThrow({
+        action: "fs.read",
+        resource: "/Users/demo/.ssh/id_rsa",
+        args: { path: "/Users/demo/.ssh/id_rsa" },
+        context: { source: "untrusted_dm" },
+      }),
+    ).rejects.toBeInstanceOf(ActionDeniedError);
+    expect(exported).toHaveLength(1);
+    expect(exported[0]).toMatchObject({
+      outcome: "deny",
+      reason: "deny_sensitive_read_from_untrusted_context",
+      resource: "[REDACTED]",
+    });
+  });
+});