jbr870/claude-permit
1
0
Fork 0
Code Issues 17 Pull requests Projects Releases Packages Wiki Activity Actions

Log deny_promote blocks as audit entries #6

New issue
Open
opened 2026-04-09 13:39:15 +00:00 by jbr870 · 0 comments
jbr870 commented 2026-04-09 13:39:15 +00:00
Owner
Copy link

Summary

When a deny_promote rule prevents auto-promotion of an LLM-suggested rule, this is currently silent — no audit log entry, no user notification. The user has no way to know that a rule suggestion was suppressed.

User Stories Served

  • US-12: Near misses — understand what almost happened
  • General transparency: users should know when the system suppresses its own behavior

Current Behavior

In auto_promote.rs, when a deny_promote rule matches:

  • The suggested rule is silently discarded
  • No audit entry is written
  • The LLM decision (GREEN/YELLOW) is still logged, but without noting that promotion was blocked

Proposed Change

Log a new audit entry when deny_promote fires:

{
  "timestamp": "2026-04-09T12:00:00Z",
  "event": "PreToolUse",
  "session_id": "abc-123",
  "tool_name": "Bash",
  "tier": "deny_promote",
  "decision": "promotion_blocked",
  "rule_matched": "deny_promote[0]: tool=Bash, command=^docker",
  "llm_score": "GREEN",
  "llm_reasoning": "docker build is a standard dev operation..."
}

This is a low-effort change (one additional audit log call) with good transparency payoff.

## Summary When a `deny_promote` rule prevents auto-promotion of an LLM-suggested rule, this is currently silent — no audit log entry, no user notification. The user has no way to know that a rule suggestion was suppressed. ## User Stories Served - **US-12:** Near misses — understand what almost happened - General transparency: users should know when the system suppresses its own behavior ## Current Behavior In `auto_promote.rs`, when a deny_promote rule matches: - The suggested rule is silently discarded - No audit entry is written - The LLM decision (GREEN/YELLOW) is still logged, but without noting that promotion was blocked ## Proposed Change Log a new audit entry when deny_promote fires: ```json { "timestamp": "2026-04-09T12:00:00Z", "event": "PreToolUse", "session_id": "abc-123", "tool_name": "Bash", "tier": "deny_promote", "decision": "promotion_blocked", "rule_matched": "deny_promote[0]: tool=Bash, command=^docker", "llm_score": "GREEN", "llm_reasoning": "docker build is a standard dev operation..." } ``` This is a low-effort change (one additional audit log call) with good transparency payoff.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
12-auto-promote-quote-escaping
No results found.
Labels
Clear labels   
enhancement
New feature or improvement

  
observability
Insights, stats, and transparency features

  
research
Research and analysis

No labels
enhancement
observability
research
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
jbr870/claude-permit#6
No description provided.