agent-log-verifier 0.3.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- agent_log_verifier-0.3.0/.github/workflows/ci.yml +33 -0
- agent_log_verifier-0.3.0/.github/workflows/release.yml +47 -0
- agent_log_verifier-0.3.0/.gitignore +58 -0
- agent_log_verifier-0.3.0/CHANGELOG.md +168 -0
- agent_log_verifier-0.3.0/CLAUDE.md +67 -0
- agent_log_verifier-0.3.0/LICENSE +21 -0
- agent_log_verifier-0.3.0/PKG-INFO +423 -0
- agent_log_verifier-0.3.0/README.md +394 -0
- agent_log_verifier-0.3.0/docs/BACKLOG.md +82 -0
- agent_log_verifier-0.3.0/docs/DEVELOPMENT.md +124 -0
- agent_log_verifier-0.3.0/docs/images/dashboard-demo.png +0 -0
- agent_log_verifier-0.3.0/docs/zenn-draft.md +251 -0
- agent_log_verifier-0.3.0/pyproject.toml +64 -0
- agent_log_verifier-0.3.0/scripts/agent-monitor.bat +57 -0
- agent_log_verifier-0.3.0/scripts/gate.ps1 +18 -0
- agent_log_verifier-0.3.0/scripts/gen_demo_logs.py +469 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/__init__.py +3 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/cli.py +600 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/detectors/__init__.py +0 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/detectors/base.py +75 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/detectors/completeness.py +157 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/detectors/compliance.py +970 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/detectors/incident.py +117 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/detectors/liveness.py +387 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/detectors/loops.py +315 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/detectors/scope.py +190 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/extraction/__init__.py +0 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/extraction/constraints.py +374 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/models/__init__.py +0 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/models/events.py +140 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/parser/__init__.py +0 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/parser/claude_code.py +265 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/report/__init__.py +0 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/report/breakdown.py +129 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/report/cli_output.py +56 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/report/html_output.py +1640 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/report/json_output.py +41 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/report/markdown_output.py +52 -0
- agent_log_verifier-0.3.0/src/agent_log_verifier/server.py +263 -0
- agent_log_verifier-0.3.0/tests/__init__.py +0 -0
- agent_log_verifier-0.3.0/tests/fixtures/project_layout/sess-parent-001/subagents/agent-stopped.jsonl +2 -0
- agent_log_verifier-0.3.0/tests/fixtures/project_layout/sess-parent-001/subagents/agent-stopped.meta.json +1 -0
- agent_log_verifier-0.3.0/tests/fixtures/project_layout/sess-parent-001.jsonl +2 -0
- agent_log_verifier-0.3.0/tests/fixtures/project_layout/sess-parent-002/subagents/agent-completed.jsonl +2 -0
- agent_log_verifier-0.3.0/tests/fixtures/project_layout/sess-parent-002/subagents/agent-completed.meta.json +1 -0
- agent_log_verifier-0.3.0/tests/fixtures/project_layout/sess-parent-002.jsonl +3 -0
- agent_log_verifier-0.3.0/tests/fixtures/project_layout/sess-parent-003/subagents/workflows/wf-abc/agent-workflow.jsonl +1 -0
- agent_log_verifier-0.3.0/tests/fixtures/project_layout/sess-parent-003/subagents/workflows/wf-abc/agent-workflow.meta.json +1 -0
- agent_log_verifier-0.3.0/tests/fixtures/project_layout/sess-parent-003.jsonl +1 -0
- agent_log_verifier-0.3.0/tests/fixtures/synthetic_logs/illusory_save.jsonl +4 -0
- agent_log_verifier-0.3.0/tests/fixtures/synthetic_logs/mixed_reference_and_artifact.jsonl +7 -0
- agent_log_verifier-0.3.0/tests/fixtures/synthetic_logs/multi_turn_main_session.jsonl +10 -0
- agent_log_verifier-0.3.0/tests/fixtures/synthetic_logs/normal_compliant.jsonl +5 -0
- agent_log_verifier-0.3.0/tests/fixtures/synthetic_logs/parent/stopped_agent_parent.jsonl +2 -0
- agent_log_verifier-0.3.0/tests/fixtures/synthetic_logs/review_style_no_write.jsonl +4 -0
- agent_log_verifier-0.3.0/tests/fixtures/synthetic_logs/subagents/agent3.meta.json +1 -0
- agent_log_verifier-0.3.0/tests/fixtures/synthetic_logs/subagents/stopped_agent.jsonl +2 -0
- agent_log_verifier-0.3.0/tests/test_breakdown.py +190 -0
- agent_log_verifier-0.3.0/tests/test_cli_integration.py +349 -0
- agent_log_verifier-0.3.0/tests/test_completeness.py +194 -0
- agent_log_verifier-0.3.0/tests/test_compliance.py +1652 -0
- agent_log_verifier-0.3.0/tests/test_gen_demo_logs.py +235 -0
- agent_log_verifier-0.3.0/tests/test_html_output.py +398 -0
- agent_log_verifier-0.3.0/tests/test_incident.py +118 -0
- agent_log_verifier-0.3.0/tests/test_liveness.py +518 -0
- agent_log_verifier-0.3.0/tests/test_loops.py +310 -0
- agent_log_verifier-0.3.0/tests/test_models.py +86 -0
- agent_log_verifier-0.3.0/tests/test_parser.py +351 -0
- agent_log_verifier-0.3.0/tests/test_scope.py +170 -0
- agent_log_verifier-0.3.0/tests/test_server.py +147 -0
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
name: CI
|
|
2
|
+
|
|
3
|
+
# Mirrors scripts/gate.ps1 (the local Definition-of-Done gate):
|
|
4
|
+
# pytest, mypy --strict, ruff. Runs on Ubuntu and Windows because path
|
|
5
|
+
# normalization across POSIX/Windows forms is core domain logic here,
|
|
6
|
+
# not an incidental portability concern.
|
|
7
|
+
|
|
8
|
+
on:
|
|
9
|
+
push:
|
|
10
|
+
branches: [master]
|
|
11
|
+
pull_request:
|
|
12
|
+
|
|
13
|
+
jobs:
|
|
14
|
+
gate:
|
|
15
|
+
strategy:
|
|
16
|
+
fail-fast: false
|
|
17
|
+
matrix:
|
|
18
|
+
os: [ubuntu-latest, windows-latest]
|
|
19
|
+
python-version: ["3.12", "3.13"]
|
|
20
|
+
runs-on: ${{ matrix.os }}
|
|
21
|
+
steps:
|
|
22
|
+
- uses: actions/checkout@v4
|
|
23
|
+
- uses: actions/setup-python@v5
|
|
24
|
+
with:
|
|
25
|
+
python-version: ${{ matrix.python-version }}
|
|
26
|
+
- name: Install
|
|
27
|
+
run: python -m pip install -e .[dev]
|
|
28
|
+
- name: pytest
|
|
29
|
+
run: python -m pytest -q
|
|
30
|
+
- name: mypy --strict
|
|
31
|
+
run: python -m mypy --strict src
|
|
32
|
+
- name: ruff
|
|
33
|
+
run: python -m ruff check src tests
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
name: Release to PyPI
|
|
2
|
+
|
|
3
|
+
# Publishes on version tags (vX.Y.Z) via PyPI Trusted Publishing
|
|
4
|
+
# (OIDC) -- no API token is stored anywhere. One-time setup on
|
|
5
|
+
# pypi.org: add this repository as a (pending) trusted publisher for
|
|
6
|
+
# the `agent-log-verifier` project with workflow file
|
|
7
|
+
# `release.yml` and environment `pypi`.
|
|
8
|
+
|
|
9
|
+
on:
|
|
10
|
+
push:
|
|
11
|
+
tags: ["v*"]
|
|
12
|
+
|
|
13
|
+
jobs:
|
|
14
|
+
build:
|
|
15
|
+
runs-on: ubuntu-latest
|
|
16
|
+
steps:
|
|
17
|
+
- uses: actions/checkout@v4
|
|
18
|
+
- uses: actions/setup-python@v5
|
|
19
|
+
with:
|
|
20
|
+
python-version: "3.12"
|
|
21
|
+
- name: Gate before building
|
|
22
|
+
run: |
|
|
23
|
+
python -m pip install -e .[dev]
|
|
24
|
+
python -m pytest -q
|
|
25
|
+
python -m mypy --strict src
|
|
26
|
+
python -m ruff check src tests
|
|
27
|
+
- name: Build sdist and wheel
|
|
28
|
+
run: |
|
|
29
|
+
python -m pip install build
|
|
30
|
+
python -m build
|
|
31
|
+
- uses: actions/upload-artifact@v4
|
|
32
|
+
with:
|
|
33
|
+
name: dist
|
|
34
|
+
path: dist/
|
|
35
|
+
|
|
36
|
+
publish:
|
|
37
|
+
needs: build
|
|
38
|
+
runs-on: ubuntu-latest
|
|
39
|
+
environment: pypi
|
|
40
|
+
permissions:
|
|
41
|
+
id-token: write
|
|
42
|
+
steps:
|
|
43
|
+
- uses: actions/download-artifact@v4
|
|
44
|
+
with:
|
|
45
|
+
name: dist
|
|
46
|
+
path: dist/
|
|
47
|
+
- uses: pypa/gh-action-pypi-publish@release/v1
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
# Python
|
|
2
|
+
__pycache__/
|
|
3
|
+
*.py[cod]
|
|
4
|
+
*$py.class
|
|
5
|
+
*.egg-info/
|
|
6
|
+
.eggs/
|
|
7
|
+
build/
|
|
8
|
+
dist/
|
|
9
|
+
.pytest_cache/
|
|
10
|
+
.coverage
|
|
11
|
+
.coverage.*
|
|
12
|
+
htmlcov/
|
|
13
|
+
.mypy_cache/
|
|
14
|
+
.ruff_cache/
|
|
15
|
+
|
|
16
|
+
# venv
|
|
17
|
+
.venv/
|
|
18
|
+
venv/
|
|
19
|
+
env/
|
|
20
|
+
|
|
21
|
+
# Editors
|
|
22
|
+
.vscode/
|
|
23
|
+
.idea/
|
|
24
|
+
|
|
25
|
+
# OS
|
|
26
|
+
.DS_Store
|
|
27
|
+
Thumbs.db
|
|
28
|
+
|
|
29
|
+
# Real logs / secrets — this tool reads Claude Code transcripts which may
|
|
30
|
+
# contain confidential business data. Never commit real logs, only the
|
|
31
|
+
# synthetic fixtures under tests/fixtures/synthetic_logs/ and
|
|
32
|
+
# tests/fixtures/project_layout/ (both are 100% synthetic, hand-authored
|
|
33
|
+
# JSONL/meta.json used by the test suite -- never copies of real logs).
|
|
34
|
+
*.jsonl
|
|
35
|
+
!tests/fixtures/synthetic_logs/**/*.jsonl
|
|
36
|
+
!tests/fixtures/project_layout/**/*.jsonl
|
|
37
|
+
*.meta.json
|
|
38
|
+
!tests/fixtures/synthetic_logs/**/*.meta.json
|
|
39
|
+
!tests/fixtures/project_layout/**/*.meta.json
|
|
40
|
+
.agent-log-verifier/
|
|
41
|
+
config.toml
|
|
42
|
+
.env
|
|
43
|
+
.env.*
|
|
44
|
+
|
|
45
|
+
# scripts/gen_demo_logs.py output: regenerated on demand (README
|
|
46
|
+
# quickstart step), never committed. Keeping this out of git means the
|
|
47
|
+
# *.jsonl allowlist rules above never need a demo/-specific exception.
|
|
48
|
+
/demo/
|
|
49
|
+
|
|
50
|
+
# `alv dashboard` output: a self-contained HTML report generated from
|
|
51
|
+
# transcript scan results. Finding.message content (including
|
|
52
|
+
# confidential-looking paths) is deliberately rendered as-is for local
|
|
53
|
+
# viewing (see report/html_output.py's docstring) rather than redacted,
|
|
54
|
+
# so the generated file itself must never be committed -- only the
|
|
55
|
+
# renderer code that produces it. Matches the CLI's default output
|
|
56
|
+
# filename anywhere in the tree (an explicit --output path outside the
|
|
57
|
+
# repo is the operator's own responsibility).
|
|
58
|
+
alv-dashboard.html
|
|
@@ -0,0 +1,168 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
All notable changes to agent-log-verifier are documented here.
|
|
4
|
+
|
|
5
|
+
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
|
+
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
|
+
|
|
8
|
+
## [Unreleased]
|
|
9
|
+
|
|
10
|
+
## [0.3.0] - 2026-07-14
|
|
11
|
+
|
|
12
|
+
First public release (GitHub + PyPI).
|
|
13
|
+
|
|
14
|
+
### Changed
|
|
15
|
+
- Demo generator timestamps are generation-relative (anchor: 90
|
|
16
|
+
minutes before run time; the stopped-subagent scenario sits 45
|
|
17
|
+
minutes back), so the quickstart dashboard opens onto a live-looking
|
|
18
|
+
session -- an amber stop-suspicion banner and populated liveness
|
|
19
|
+
rows -- instead of events aged out of the 24h scope. Judgements
|
|
20
|
+
remain time-independent: every offset clears the 15-minute stopped
|
|
21
|
+
threshold from the moment of generation.
|
|
22
|
+
- Version single-sourcing: the CLI banner now reads
|
|
23
|
+
`agent_log_verifier.__version__` instead of a hardcoded "0.2", and
|
|
24
|
+
`__version__` (which had drifted at 0.1.0) now matches
|
|
25
|
+
`pyproject.toml`.
|
|
26
|
+
- Public-release housekeeping: `scripts/agent-monitor.bat` picks the
|
|
27
|
+
most recently modified project directory under
|
|
28
|
+
`%USERPROFILE%\.claude\projects` (or takes one as an argument)
|
|
29
|
+
instead of hardcoding the author's machine path; GitHub Actions CI
|
|
30
|
+
mirrors the local gate (pytest / mypy --strict / ruff) on
|
|
31
|
+
Ubuntu+Windows x Python 3.12/3.13; a tag-triggered release workflow
|
|
32
|
+
publishes to PyPI via Trusted Publishing (no stored token).
|
|
33
|
+
|
|
34
|
+
### Added
|
|
35
|
+
- False-test-report detection (COMPLIANCE-004): flags an assistant
|
|
36
|
+
claim that tests passed when no test-run command appears in the
|
|
37
|
+
prior 8 tool calls. Vocabulary picked from a 277-transcript real-log
|
|
38
|
+
mining pass: 「完了しました」 (290 hits) is a generic done phrase,
|
|
39
|
+
not a test claim, and is excluded to avoid becoming the biggest
|
|
40
|
+
false-positive source; 「verified」/「検証済」 are excluded as
|
|
41
|
+
multi-sense. v1 covers "claimed but never ran"; the "ran but the
|
|
42
|
+
result was a failure" variant is deferred.
|
|
43
|
+
- Data-loss operation detection (INCIDENT-001): surfaces executed
|
|
44
|
+
data-loss commands (rm -rf, git reset --hard, git clean -f, plain
|
|
45
|
+
git push --force, git checkout --, DROP TABLE/DATABASE, terraform
|
|
46
|
+
destroy, Remove-Item -Recurse -Force, rmdir /s). Real-log mining
|
|
47
|
+
drove two carve-outs: taskkill //F (30 hits, dev-server restart, not
|
|
48
|
+
data loss) and git push --force-with-lease (the safe leased form) do
|
|
49
|
+
NOT flag. Reports an executed fact, not a proven violation --
|
|
50
|
+
authorization is left to the operator. Real-log scan: 14 findings,
|
|
51
|
+
zero taskkill false positives.
|
|
52
|
+
- Loop detection (LOOP-001..004): consecutive error streaks, fruitless
|
|
53
|
+
identical retries, no-progress identical repeats, and
|
|
54
|
+
correction-ignored retries. All rules are error/result-anchored so
|
|
55
|
+
progress-making repetition (TDD re-runs, polling) never flags.
|
|
56
|
+
Grounded in a 277-transcript real-log mining pass plus an external
|
|
57
|
+
survey of loop causes.
|
|
58
|
+
- Live dashboard (`alv serve`): 10s auto-refresh with UI-state
|
|
59
|
+
preservation, pause button, health banner, running spinners, task
|
|
60
|
+
labels as row identity (agent id demoted to a sub-line), plain-language
|
|
61
|
+
status tooltips, evidence-labelled completion verdicts.
|
|
62
|
+
- User-adjustable tables: drag-resizable columns (double-click to
|
|
63
|
+
reset, persisted in localStorage across refreshes), rows-per-page
|
|
64
|
+
select (20/50/100/all), one-line ellipsis clipping for stable row
|
|
65
|
+
heights.
|
|
66
|
+
- Zero-token completion auto-correction: background-agent
|
|
67
|
+
task-notification matching (task-id / tool-use-id keys) and
|
|
68
|
+
final-response-shape inference. Real-log impact: stopped_suspected
|
|
69
|
+
244 -> 6, unknown 76 -> 22.
|
|
70
|
+
- Failure-mode capability matrix (internal docs): 20 modes classified
|
|
71
|
+
as implemented / implementable / conditional / impossible, with the
|
|
72
|
+
evidence-first design principles.
|
|
73
|
+
- Scope-drift candidate presentation (COMPLIANCE-006): compares the
|
|
74
|
+
order prompt's mentioned-path set against actually-changed files and
|
|
75
|
+
reports, once per unit, changes falling outside every mentioned
|
|
76
|
+
path's project -- with the structural-approximation limitation stated
|
|
77
|
+
in the finding text itself (true adjacency is semantic). Mining over
|
|
78
|
+
1,850 units decomposed a naive 150-file out-of-scope tail into four
|
|
79
|
+
baked-in carve-outs: reference-only mentions (~70; Japanese puts the
|
|
80
|
+
reference verb AFTER the path, so a bidirectional window with a tight
|
|
81
|
+
save-verb override replaces the preceding-window check), temp/
|
|
82
|
+
scratchpad (24), .claude harness bookkeeping (17), doc rides-along
|
|
83
|
+
(45). No mentioned paths -> no scope basis -> silent. Real-log scan:
|
|
84
|
+
10 findings (demo-build spillover, unrequested infra, plus the
|
|
85
|
+
known prose-directed-bootstrap family recorded for observation).
|
|
86
|
+
- Undisclosed-TODO completion detection (COMPLIANCE-005): a fresh
|
|
87
|
+
TODO/FIXME/NotImplemented marker added to a CODE file, followed in the
|
|
88
|
+
same user-turn window by a completion claim that does not mention the
|
|
89
|
+
leftover. Ships ahead of local evidence (mining: 2,171 Edit/Write
|
|
90
|
+
calls held ZERO such co-occurrences) on external grounding
|
|
91
|
+
(failure-mode matrix #12, fail-plausible study), with two
|
|
92
|
+
locally-evidenced guards: docs carve-out (9/10 real fresh insertions
|
|
93
|
+
were prose task lists) and a strict marker-count-increase requirement
|
|
94
|
+
so moving existing code never flags. TODO alone never fires;
|
|
95
|
+
disclosed leftovers (「TODO を残しています」) never fire. Real-log
|
|
96
|
+
scan: exactly 1 finding -- this feature's own mining script, the
|
|
97
|
+
documented fixture-vocabulary channel proving the wire-up end-to-end.
|
|
98
|
+
- Error-breakdown dashboard tab (内訳): classifies every failed
|
|
99
|
+
tool_result into 10 categories (pre-read edit, missing path,
|
|
100
|
+
infra-guard hook, stale edit context, user rejection, shell syntax,
|
|
101
|
+
auto-mode denial, invalid arguments, old_string mismatch, other) and
|
|
102
|
+
shows category x count x share plus a per-tool table. Analysis, not
|
|
103
|
+
detection: the category keys were seeded from a 281-transcript mining
|
|
104
|
+
pass (601 error results, 231 unique prefixes) and anything
|
|
105
|
+
unrecognized lands in その他 honestly (35.9% at ship time -- the
|
|
106
|
+
visible size of that bucket is the backlog signal for extending the
|
|
107
|
+
dictionary). run_scan() now returns this tally as a third element,
|
|
108
|
+
computed in the same walk with no re-parse.
|
|
109
|
+
|
|
110
|
+
### Fixed
|
|
111
|
+
- Table column rules: with drag-resizable widths there was no visual
|
|
112
|
+
cue for where a column ends (operator request, 2026-07-12) -- cells
|
|
113
|
+
now carry a right border, last column open.
|
|
114
|
+
- Liveness table row order: non-running rows kept discovery order
|
|
115
|
+
(agent-id glob order, effectively random by date), so a 44-day-old
|
|
116
|
+
completed agent could sit directly under the running rows and read
|
|
117
|
+
like the dashboard itself was stale (operator report, 2026-07-12).
|
|
118
|
+
Now running rows pin first, everything else sorts newest-first by
|
|
119
|
+
elapsed minutes; rows with no recency signal go last.
|
|
120
|
+
- Path extraction: forward-slash drive form (`F:/...`) no longer loses
|
|
121
|
+
its drive letter; URLs, mid-word fragments, backtick enumerations and
|
|
122
|
+
single-segment fragments are no longer extracted as paths.
|
|
123
|
+
- Prohibition extraction: keywords inside 「」/() quotes are treated
|
|
124
|
+
as quoted names, not directives; action nouns must be adjacent to the
|
|
125
|
+
keyword; document writes (.md/.txt) under a "no implementation" order
|
|
126
|
+
are recognized as the ordered deliverable. Suspected-deviation count
|
|
127
|
+
on real logs: 194 -> 75.
|
|
128
|
+
- Dashboard rule_id filter was never wired; rows now carry data-rule-id
|
|
129
|
+
and the selection survives fragment refreshes.
|
|
130
|
+
- `/favicon.ico` returns 204 instead of a console-visible 404.
|
|
131
|
+
- UnicodeEncodeError on legacy-codepage consoles: Windows defaults
|
|
132
|
+
stdout to a strict legacy codepage (cp932 on Japanese Windows), and a
|
|
133
|
+
single unencodable character -- first real-world hit: the CLI
|
|
134
|
+
banner's own em dash under a piped stdout -- aborted the whole scan.
|
|
135
|
+
The CLI now reconfigures stdout/stderr to errors="replace" at entry
|
|
136
|
+
(findings text is arbitrary transcript content), and the banner uses
|
|
137
|
+
an ASCII "--". File output was already explicit UTF-8 and is
|
|
138
|
+
unchanged.
|
|
139
|
+
|
|
140
|
+
## [0.2.0] - 2026-07-11
|
|
141
|
+
|
|
142
|
+
### Added
|
|
143
|
+
- COMPLIANCE-002 (prohibited tool usage) and COMPLIANCE-003 (artifact
|
|
144
|
+
path match) detectors on top of v0.1's COMPLIANCE-001.
|
|
145
|
+
- Constraint auto-extraction from order prompts (prohibitions, artifact
|
|
146
|
+
paths, scope boundaries).
|
|
147
|
+
- Main-session turn segmentation: compliance runs per user turn instead
|
|
148
|
+
of first-prompt-only.
|
|
149
|
+
- Static dashboard (`alv dashboard`) and live server (`alv serve`).
|
|
150
|
+
- v1.0 publication kit: synthetic demo-log generator, English README,
|
|
151
|
+
MIT license, pip build verification.
|
|
152
|
+
|
|
153
|
+
### Fixed
|
|
154
|
+
- COMPLIANCE-001 false positives reduced 607 -> 39 (93.6%) via
|
|
155
|
+
confirmation-keyword windows, reference-section stripping, and an
|
|
156
|
+
artifact-extension whitelist.
|
|
157
|
+
|
|
158
|
+
## [0.1.0] - 2026-07-11
|
|
159
|
+
|
|
160
|
+
### Added
|
|
161
|
+
- Crash-tolerant Claude Code JSONL parser with secret-guarding parse
|
|
162
|
+
warnings.
|
|
163
|
+
- COMPLIANCE-001: illusory-save detection (a "saved it" claim with no
|
|
164
|
+
matching Write/Edit call).
|
|
165
|
+
- LIVENESS-001: 4-value subagent liveness inference
|
|
166
|
+
(running/completed/stopped_suspected/unknown) with parent-session
|
|
167
|
+
correlation.
|
|
168
|
+
- CLI: `alv scan | watch | report` with text/JSON/markdown output.
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
# agent-log-verifier — agent instructions
|
|
2
|
+
|
|
3
|
+
Post-hoc, read-only, zero-token log-analysis dashboard for Claude Code
|
|
4
|
+
transcript logs (JSONL). Python 3.12+, pydantic models, stdlib http
|
|
5
|
+
server. This is a log-reading tool for a human maintainer to skim in
|
|
6
|
+
place of re-reading the JSONL by hand -- it is not a security tool,
|
|
7
|
+
not an anomaly monitor, and not a violation catcher. Names like
|
|
8
|
+
`COMPLIANCE-001` and `INCIDENT-001` in this codebase are internal
|
|
9
|
+
category labels for log-event lookups; the `detectors/` directory
|
|
10
|
+
name is kept for import compatibility.
|
|
11
|
+
|
|
12
|
+
## Process (binding)
|
|
13
|
+
|
|
14
|
+
Read [docs/DEVELOPMENT.md](docs/DEVELOPMENT.md) before non-trivial
|
|
15
|
+
work. Short version:
|
|
16
|
+
|
|
17
|
+
- Work starts as a [docs/BACKLOG.md](docs/BACKLOG.md) entry, not from
|
|
18
|
+
chat context alone.
|
|
19
|
+
- New lookup rules need BOTH external grounding (research) AND a
|
|
20
|
+
real-log mining pass proving the pattern occurs locally. Record
|
|
21
|
+
evidence-based rejections too.
|
|
22
|
+
- TDD: red test first. Gate: `powershell -File scripts/gate.ps1`
|
|
23
|
+
(pytest + mypy --strict + ruff; pre-commit hook enforces it).
|
|
24
|
+
- Lookup changes: run `alv scan` on the live project directory and
|
|
25
|
+
put before/after numbers in the commit message.
|
|
26
|
+
- Update CHANGELOG.md `[Unreleased]` in the same commit.
|
|
27
|
+
- Conventional Commits.
|
|
28
|
+
|
|
29
|
+
## Layout
|
|
30
|
+
|
|
31
|
+
- `src/agent_log_verifier/parser/` — crash-tolerant JSONL parsing
|
|
32
|
+
- `src/agent_log_verifier/detectors/` — Lookup plugins (directory
|
|
33
|
+
name kept for import compatibility):
|
|
34
|
+
`compliance.py` (COMPLIANCE-001/002/003/004), `completeness.py`
|
|
35
|
+
(COMPLIANCE-005), `scope.py` (COMPLIANCE-006), `loops.py`
|
|
36
|
+
(LOOP-001..004), `incident.py` (INCIDENT-001), `liveness.py`
|
|
37
|
+
(LIVENESS-001; orchestrated directly by cli.py, not via the
|
|
38
|
+
registry — it needs parent-session context)
|
|
39
|
+
- `src/agent_log_verifier/extraction/constraints.py` — order-prompt
|
|
40
|
+
constraint extraction (do-not / artifact paths / scope)
|
|
41
|
+
- `src/agent_log_verifier/report/html_output.py` — static + live
|
|
42
|
+
dashboard (single-file HTML, all CSS/JS inline, no external
|
|
43
|
+
requests); `report/breakdown.py` — failed-tool_result
|
|
44
|
+
categorization behind the dashboard's 内訳 (breakdown) tab
|
|
45
|
+
- `src/agent_log_verifier/server.py` — `alv serve` (localhost-only)
|
|
46
|
+
|
|
47
|
+
## Design principles (do not violate)
|
|
48
|
+
|
|
49
|
+
- Read-only over the observed system; never call an LLM.
|
|
50
|
+
- Error/result-anchored lookup: only failure and non-progress are
|
|
51
|
+
worth noting; healthy repetition must be structurally unable to
|
|
52
|
+
flag.
|
|
53
|
+
- Structural matching only; no natural-language similarity in
|
|
54
|
+
lookup logic.
|
|
55
|
+
- Honest limits: log patterns the tool cannot spot are documented,
|
|
56
|
+
not approximated.
|
|
57
|
+
|
|
58
|
+
## Local quirks (Windows, this machine)
|
|
59
|
+
|
|
60
|
+
- Restart `alv serve` after edits (Python loads code at start):
|
|
61
|
+
`netstat -ano | grep ":8799.*LISTENING"` → `taskkill //F //PID
|
|
62
|
+
<pid>` → relaunch → sleep ~14s for first scan.
|
|
63
|
+
- Dashboard screenshots: headless Playwright (`node` + any local
|
|
64
|
+
playwright-core install; a sibling project's node_modules works).
|
|
65
|
+
The Claude Browser pane screenshot times out on this page.
|
|
66
|
+
- Bash heredocs mangle backslashes/UTF-8 here — write files with
|
|
67
|
+
the dedicated file tools, not `cat <<EOF`.
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 Skova Digital
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|