feat(claude-code): agent-integrity plugin (Agent Manifest + TRACE)#35
Merged
Conversation
Adds a Claude Code integration that, per session, captures what the agent IS (skills, tools, MCP servers, model, permissions, instruction layer) as a signed Agent Manifest and what it DID as a signed TRACE record, and checks nothing was added or subtracted since an approved baseline. - SessionStart hook: stdlib-only snapshot + drift warning (no crypto deps) - /manifest verify|approve and /trace commands - observed-category diff so the disk-only hook never false-flags the live tool roster of a richer baseline - software-only / Level 0; honest Known-gaps section Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
A Claude Code integration that turns agentrust's own governance specs on the coding agent we use daily. Per session it captures:
and answers: is the agent I'm running the one I approved — nothing added, nothing subtracted?
How it works
~/.claude/agentrust/baseline.json, warn in-session on drift./manifest verify|approveand/traceslash commands. Signing runs only on demand.observed-category diff: the disk-only hook compares skills/permissions/instruction-layer and never false-flags the live tool roster of a richer baseline (regression-tested).Verification
pytest tests/— 6 passing (stdlib-only, no network/crypto).trace-tests verify --level 0(PASS 8/8).integration.yamlvalidates againstschema/integration.schema.json.Honest scope (see README "Known gaps")
Software-only Level 0 (no TEE on a dev box); the
system_promptfingerprint is a proxy over CLAUDE.md/memory;policy_languageenum has no host-native value (modelled ascomposite, spec feedback to follow); agent-manifest 0.3.x targeted but PyPI is at 0.2.0.Tier left as
community(set by maintainers, not self-declared).🤖 Generated with Claude Code