Skip to content

feat(security): wire AuditLogger into shell tool execution #2342

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
senamakel merged 4 commits into from
May 21, 2026
Merged

feat(security): wire AuditLogger into shell tool execution #2342

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ded457f
feat(security): wire AuditLogger into shell tool execution
jimmershere May 19, 2026
03c908d
fix(security): share audit logger per workspace, log audit write fail…
jimmershere May 20, 2026
bc24c0b
fix(security): canonicalize workspace audit-logger registry key
jimmershere May 20, 2026
b8dd66c
fix(security): distinguish canonicalize NotFound from real errors
jimmershere May 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions src/openhuman/agent/harness/session/builder.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -768,6 +768,11 @@ impl Agent {
&config.autonomy,
&config.workspace_dir,
));
// Phase 1 of #1401: see comment in channels/runtime/startup.rs.
let audit = Arc::new(crate::openhuman::security::AuditLogger::new(
crate::openhuman::config::AuditConfig::default(),
config.workspace_dir.clone(),
)?);
Comment thread
coderabbitai[bot] marked this conversation as resolved.
Outdated

let local_embedding = config.workload_local_model("embeddings");
let memory: Arc<dyn Memory> = Arc::from(memory::create_memory_with_local_ai(
Expand All @@ -782,6 +787,7 @@ impl Agent {
Arc::new(config.clone()),
&security,
runtime,
audit,
memory.clone(),
&config.browser,
&config.http_request,
Expand Down
9 changes: 9 additions & 0 deletions src/openhuman/channels/runtime/startup.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,14 @@ pub async fn start_channels(config: Config) -> Result<()> {
&config.autonomy,
&config.workspace_dir,
));
// Phase 1 of #1401: audit logger is wired with defaults so emission paths
// are exercised at runtime. A follow-up promotes `SecurityConfig` (and
// therefore the `audit` knob) onto the runtime `Config` schema so users
// can override `enabled`, `log_path`, and `max_size_mb` via TOML.
let audit = Arc::new(crate::openhuman::security::AuditLogger::new(
crate::openhuman::config::AuditConfig::default(),
config.workspace_dir.clone(),
)?);
let model = config
.default_model
.clone()
Expand All @@ -199,6 +207,7 @@ pub async fn start_channels(config: Config) -> Result<()> {
Arc::new(config.clone()),
&security,
runtime,
audit,
Arc::clone(&mem),
&config.browser,
&config.http_request,
Expand Down
9 changes: 9 additions & 0 deletions src/openhuman/runtime_node/ops.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,14 @@ fn build_runtime_tools(config: &Config) -> Result<Vec<Box<dyn Tool>>, String> {
&config.autonomy,
&config.workspace_dir,
));
// Phase 1 of #1401: see comment in channels/runtime/startup.rs.
let audit = Arc::new(
crate::openhuman::security::AuditLogger::new(
crate::openhuman::config::AuditConfig::default(),
config.workspace_dir.clone(),
)
.map_err(|e| e.to_string())?,
);
let runtime: Arc<dyn RuntimeAdapter> = Arc::new(NativeRuntime::new());
let local_embedding = config.workload_local_model("embeddings");
trace!("[runtime_node::ops] build_runtime_tools: create_memory_with_local_ai");
Expand All @@ -63,6 +71,7 @@ fn build_runtime_tools(config: &Config) -> Result<Vec<Box<dyn Tool>>, String> {
Arc::new(config.clone()),
&security,
runtime,
audit,
memory,
&config.browser,
&config.http_request,
Expand Down
26 changes: 26 additions & 0 deletions src/openhuman/security/audit.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ use serde::{Deserialize, Serialize};
use std::fs::OpenOptions;
use std::io::Write;
use std::path::PathBuf;
use std::sync::Arc;
use uuid::Uuid;

/// Audit event types
Expand Down Expand Up @@ -163,6 +164,22 @@ pub struct CommandExecutionLog<'a> {
}

impl AuditLogger {
/// Build a disabled `Arc<AuditLogger>` for tests and contexts that need a
/// handle but should not write to disk. The `enabled = false` flag
/// short-circuits `log()` before any filesystem I/O, so the sentinel
/// `log_path` is never touched.
pub fn disabled() -> Arc<Self> {
Arc::new(Self {
log_path: PathBuf::new(),
config: AuditConfig {
enabled: false,
log_path: String::new(),
max_size_mb: 0,
},
buffer: Mutex::new(Vec::new()),
})
}

/// Create a new audit logger
pub fn new(config: AuditConfig, openhuman_dir: PathBuf) -> Result<Self> {
let log_path = openhuman_dir.join(&config.log_path);
Expand Down Expand Up @@ -331,6 +348,15 @@ mod tests {
assert!(parsed.result.is_some());
}

#[test]
fn audit_logger_disabled_helper_is_noop() -> Result<()> {
let logger = AuditLogger::disabled();
let event = AuditEvent::new(AuditEventType::CommandExecution);
logger.log(&event)?;
assert!(!logger.config.enabled);
Ok(())
}

#[test]
fn audit_logger_disabled_does_not_create_file() -> Result<()> {
let tmp = TempDir::new()?;
Expand Down
2 changes: 1 addition & 1 deletion src/openhuman/security/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ pub mod secrets;
pub mod traits;

#[allow(unused_imports)]
pub use audit::{AuditEvent, AuditEventType, AuditLogger};
pub use audit::{AuditEvent, AuditEventType, AuditLogger, CommandExecutionLog};
pub use core::*;
#[allow(unused_imports)]
pub use detect::create_sandbox;
Expand Down
Loading
Loading