Local-first / agent accountability
demo-block-pr
Human review required before trusting this run.
Goal: Review AI-generated checkout and auth changes before merge
Scope: src,tests,.github
Project: demo/block/repo
4
Critical
0
High
0
Medium
13
Low
What To Review Before Trusting This Run
- Review 4 critical event(s) before trusting this run.
- Inspect 9 write event(s) against the stated goal and scope.
- Review 1 event(s) outside the declared scope.
Human Brief
Human review required before trusting this run.
17 events captured. 9 write events, 0 commands, 0 tool calls.
For a manager-level view, open executive-summary.md.
Redaction Summary
- Demo path handling normalized.
Policy Suggestions
{"match":"src/auth.js","action":"ask","reason":"Sensitive path or scope touched by agent run."}{"match":"tests/auth.test.js","action":"ask","reason":"Sensitive path or scope touched by agent run."}{"match":".env.example","action":"ask","reason":"Sensitive path or scope touched by agent run."}{"match":"src/auth.js to allow a preview bypass header.","action":"ask","reason":"Sensitive path or scope touched by agent run."}
Timeline
| Time | Actor | Source | Type | Risk | Target | Summary |
|---|---|---|---|---|---|---|
| 2026-01-01T00:00:00.000Z | human | cli | note | low |
. |
Session started: demo-block-pr |
| 2026-01-01T00:00:00.000Z | system | snapshot | artifact | low |
workspace-before.json |
Workspace before snapshot captured (7 files). |
| 2026-01-01T00:00:00.000Z | system | git | artifact | low |
git-status-before.csv |
Git dirty baseline captured (0 pre-existing dirty paths). |
| 2026-01-01T00:00:00.000Z | system | snapshot | artifact | low |
workspace-after.json |
Workspace after snapshot captured (8 files). |
| 2026-01-01T00:00:00.000Z | system | git | diff | low |
diff.patch |
Git diff captured (2182 chars). |
| 2026-01-01T00:00:00.000Z | system | git | artifact | low |
files-touched.csv |
Git status captured (6 run-touched paths; 0 pre-existing unchanged dirty paths ignored). |
| 2026-01-01T00:00:00.000Z | system | git | artifact | low |
preexisting-dirty.csv |
Pre-existing unchanged dirty paths ignored (0). |
| 2026-01-01T00:00:00.000Z | agent | git | write | low write |
.github/workflows/ci.yml |
Git status M for .github/workflows/ci.yml Write event |
| 2026-01-01T00:00:00.000Z | agent | git | write | critical write, sensitive_path, sensitive_scope |
src/auth.js |
Git status M for src/auth.js Write event | Sensitive path | Matches sensitive scope: auth |
| 2026-01-01T00:00:00.000Z | agent | git | write | low write |
src/rate-limit.js |
Git status M for src/rate-limit.js Write event |
| 2026-01-01T00:00:00.000Z | agent | git | write | low write |
src/routes/checkout.js |
Git status M for src/routes/checkout.js Write event |
| 2026-01-01T00:00:00.000Z | agent | git | write | critical write, sensitive_path, sensitive_scope |
tests/auth.test.js |
Git status M for tests/auth.test.js Write event | Sensitive path | Matches sensitive scope: auth |
| 2026-01-01T00:00:00.000Z | agent | git | write | critical write, sensitive_path, sensitive_scope, scope_drift |
.env.example |
Git status ?? for .env.example Write event | Sensitive path | Matches sensitive scope: .env | Target is outside declared scope: src,tests,.github |
| 2026-01-01T00:00:00.000Z | human | transcript | artifact | low |
artifacts/agent-transcript.md |
Transcript ingested: agent-transcript.md |
| 2026-01-01T00:00:00.000Z | agent | transcript | write | critical write, sensitive_path, sensitive_scope |
src/auth.js to allow a preview bypass header. |
- Edited src/auth.js to allow a preview bypass header. Write event | Sensitive path | Matches sensitive scope: auth |
| 2026-01-01T00:00:00.000Z | agent | transcript | write | low write |
src/routes/checkout.js to return a preview checkout id. |
- Edited src/routes/checkout.js to return a preview checkout id. Write event |
| 2026-01-01T00:00:00.000Z | agent | transcript | write | low write |
CI reporter output. |
- Updated CI reporter output. Write event |