Skip to content

feat: add evidence receipt hash chain prototype #279

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
mason5052 wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat: add evidence receipt hash chain prototype #279

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,9 @@ EXECUTION_MONITOR_ENABLED=
EXECUTION_MONITOR_SAME_TOOL_LIMIT=
EXECUTION_MONITOR_TOTAL_TOOL_LIMIT=

## Evidence receipt hash chain
EVIDENCE_RECEIPTS_ENABLED=false

## Agent execution tool calls limit
MAX_GENERAL_AGENT_TOOL_CALLS=
MAX_LIMITED_AGENT_TOOL_CALLS=
Expand Down
21 changes: 13 additions & 8 deletions backend/docs/config.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,14 +105,15 @@ This function automatically loads environment variables from a `.env` file if pr

These settings control basic application behavior and are foundational for the system's operation.

| Option | Environment Variable | Default Value | Description |
| -------------- | -------------------- | ---------------------------------------------------------------------------- | ------------------------------------------------------------------------ |
| DatabaseURL | `DATABASE_URL` | `postgres://pentagiuser:pentagipass@pgvector:5432/pentagidb?sslmode=disable` | Connection string for the PostgreSQL database with pgvector extension |
| Debug | `DEBUG` | `false` | Enables debug mode with additional logging |
| DataDir | `DATA_DIR` | `./data` | Directory for storing persistent data |
| AskUser | `ASK_USER` | `false` | When enabled, requires explicit user confirmation for certain operations |
| InstallationID | `INSTALLATION_ID` | *(none)* | Unique installation identifier for PentAGI Cloud API communication |
| LicenseKey | `LICENSE_KEY` | *(none)* | License key for PentAGI Cloud API authentication and feature activation |
| Option | Environment Variable | Default Value | Description |
| ------------------------ | ----------------------------- | ---------------------------------------------------------------------------- | ------------------------------------------------------------------------ |
| DatabaseURL | `DATABASE_URL` | `postgres://pentagiuser:pentagipass@pgvector:5432/pentagidb?sslmode=disable` | Connection string for the PostgreSQL database with pgvector extension |
| Debug | `DEBUG` | `false` | Enables debug mode with additional logging |
| DataDir | `DATA_DIR` | `./data` | Directory for storing persistent data |
| AskUser | `ASK_USER` | `false` | When enabled, requires explicit user confirmation for certain operations |
| EvidenceReceiptsEnabled | `EVIDENCE_RECEIPTS_ENABLED` | `false` | Enables export-only toolcall evidence receipts |
| InstallationID | `INSTALLATION_ID` | *(none)* | Unique installation identifier for PentAGI Cloud API communication |
| LicenseKey | `LICENSE_KEY` | *(none)* | License key for PentAGI Cloud API authentication and feature activation |

### Usage Details

Expand Down Expand Up @@ -1749,6 +1750,10 @@ The supervision settings work together as a comprehensive system:
```
Disabled supervision for debugging to observe natural agent behavior.

## Evidence Receipt Settings

When `EVIDENCE_RECEIPTS_ENABLED=true`, PentAGI writes hash-chain-only JSONL receipts for finished and failed tool calls to `<DATA_DIR>/flow-<flow_id>/evidence/receipts.jsonl`. Receipts include toolcall provenance metadata plus hashes of arguments and results, not raw argument or result content. Ed25519 signing and report bundle export are deferred to a later evidence-chain milestone.

## Observability Settings

These settings control the observability and monitoring capabilities, including telemetry and trace collection for system performance and debugging.
Expand Down
3 changes: 3 additions & 0 deletions backend/pkg/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,9 @@ type Config struct {
DataDir string `env:"DATA_DIR" envDefault:"./data"`
AskUser bool `env:"ASK_USER" envDefault:"false"`

// === Evidence Receipt Prototype ===
EvidenceReceiptsEnabled bool `env:"EVIDENCE_RECEIPTS_ENABLED" envDefault:"false"`

// === PentAGI Cloud Service Integration ===
InstallationID string `env:"INSTALLATION_ID"`
LicenseKey string `env:"LICENSE_KEY"`
Expand Down
17 changes: 16 additions & 1 deletion backend/pkg/config/config_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -269,7 +269,7 @@ func clearConfigEnv(t *testing.T) {
t.Helper()

envVars := []string{
"DATABASE_URL", "DEBUG", "DATA_DIR", "ASK_USER", "INSTALLATION_ID", "LICENSE_KEY",
"DATABASE_URL", "DEBUG", "DATA_DIR", "ASK_USER", "EVIDENCE_RECEIPTS_ENABLED", "INSTALLATION_ID", "LICENSE_KEY",
"DOCKER_INSIDE", "DOCKER_NET_ADMIN", "DOCKER_SOCKET", "DOCKER_NETWORK",
"DOCKER_PUBLIC_IP", "DOCKER_WORK_DIR", "DOCKER_DEFAULT_IMAGE", "DOCKER_DEFAULT_IMAGE_FOR_PENTEST",
"SERVER_PORT", "SERVER_HOST", "SERVER_USE_SSL", "SERVER_SSL_KEY", "SERVER_SSL_CRT",
Expand Down Expand Up @@ -331,6 +331,7 @@ func TestNewConfig_Defaults(t *testing.T) {
assert.Equal(t, "0.0.0.0", config.ServerHost)
assert.Equal(t, false, config.Debug)
assert.Equal(t, "./data", config.DataDir)
assert.Equal(t, false, config.EvidenceReceiptsEnabled)
assert.Equal(t, false, config.ServerUseSSL)
assert.Equal(t, "openai", config.EmbeddingProvider)
assert.Equal(t, 512, config.EmbeddingBatchSize)
Expand Down Expand Up @@ -511,6 +512,20 @@ func TestNewConfig_CorsOrigins(t *testing.T) {
assert.Equal(t, []string{"*"}, config.CorsOrigins)
}

func TestNewConfig_EvidenceReceipts(t *testing.T) {
clearConfigEnv(t)
t.Chdir(t.TempDir())

config, err := NewConfig()
require.NoError(t, err)
assert.Equal(t, false, config.EvidenceReceiptsEnabled)

t.Setenv("EVIDENCE_RECEIPTS_ENABLED", "true")
config, err = NewConfig()
require.NoError(t, err)
assert.Equal(t, true, config.EvidenceReceiptsEnabled)
}

func TestNewConfig_OllamaDefaults(t *testing.T) {
clearConfigEnv(t)
t.Chdir(t.TempDir())
Expand Down
Loading