feat(examples): agent provenance sessions + Cloud ingest across examples#11
Merged
Conversation
Add an end-to-end agent provenance session workflow to the better-auth examples and a reusable HTTP ingest target so governed-change evidence can reach a hosted Veritio ingest endpoint. - storage: new `createHttpIngestTarget()` bridges the local transactional outbox to the hosted `/api/ingest` API. It never reads env vars and never embeds a key (host injects baseUrl + scoped key at its process boundary); the cloud re-normalizes and re-redacts every record, so raw inputs are posted as-is. Exported from the storage entrypoint with tests. - examples: propagate the governed agent-session feature (startSession -> prompt / tool-call / change-proposal / file-change / review records, all stamped with one `metadata.sessionId`) to the Next.js, React, SvelteKit, TanStack Start, and Vue better-auth examples, with an Agent Sessions UI. - examples/_shared: add a shared `veritio-ui` design kit (button, card, badge, input, styles) reused across the example apps. - Replace the older per-scenario API routes/actions with consolidated `governed-entries` + `governed-session` server modules. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The hosted ingest handler already enforces the per-request record limit and rejects an oversized batch with a typed 413, which the dispatcher maps to a non-retryable IngestClientError. Drop the duplicated MAX_INGEST_RECORDS constant and its pre-flight guard (introduced earlier in this PR, never released) so the server stays the single authority for that hosted operational limit and the client can't silently drift from it. The over-cap test now asserts the 413 -> IngestClientError path instead of a local throw. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
End-to-end agent provenance sessions in the better-auth examples, plus a reusable HTTP ingest target so governed-change evidence can reach a hosted Veritio ingest endpoint.
What's in it
storage— newcreateHttpIngestTarget()bridges the local transactional outbox to the hosted/api/ingestAPI. It never reads env vars and never embeds a key — the host injectsbaseUrl+ the scoped key at its process boundary, and the cloud re-normalizes/re-redacts every record, so rawAuditEventInput/EvidenceEdgeInputrecords are posted as-is (rules 03/04). The ingest endpoint owns the per-request record cap and rejects an oversized batch with a typed413(mapped toIngestClientError); the client does not duplicate that hosted operational limit, so the server stays the single authority and the two can't silently drift. Exported from the storage entrypoint with tests.startSession()→ prompt / tool-call / change-proposal / file-change / review records, every event stamped with onemetadata.sessionId, surfaced through a new Agent Sessions UI. The older per-scenario API routes/actions are replaced by consolidatedgoverned-entries+governed-sessionserver modules.examples/_shared/veritio-ui— shared design kit (button, card, badge, input, styles) reused across the example apps.Verification
bun run verify(root) — pass (SDK + adapters + server + storage typecheck/build/tests). Storageingest-targettests included (45/45).metadata.sessionId.🤖 Generated with Claude Code