Skip to content

feat(examples): agent provenance sessions + Cloud ingest across examples#11

Merged
EP93 merged 2 commits into
mainfrom
feat/e2e-governed-change-poc
Jun 25, 2026
Merged

feat(examples): agent provenance sessions + Cloud ingest across examples#11
EP93 merged 2 commits into
mainfrom
feat/e2e-governed-change-poc

Conversation

@EP93

@EP93 EP93 commented Jun 25, 2026

Copy link
Copy Markdown
Collaborator

Summary

End-to-end agent provenance sessions in the better-auth examples, plus a reusable HTTP ingest target so governed-change evidence can reach a hosted Veritio ingest endpoint.

Stacked on #10 (codex/evidence-provenance-fabric). This PR's base is that branch, so the diff here is only the agent-session + ingest work; merge #10 first (or this auto-retargets to main once #10 lands).

What's in it

  • storage — new createHttpIngestTarget() bridges the local transactional outbox to the hosted /api/ingest API. It never reads env vars and never embeds a key — the host injects baseUrl + the scoped key at its process boundary, and the cloud re-normalizes/re-redacts every record, so raw AuditEventInput / EvidenceEdgeInput records are posted as-is (rules 03/04). The ingest endpoint owns the per-request record cap and rejects an oversized batch with a typed 413 (mapped to IngestClientError); the client does not duplicate that hosted operational limit, so the server stays the single authority and the two can't silently drift. Exported from the storage entrypoint with tests.
  • examples (Next.js, React, SvelteKit, TanStack Start, Vue) — propagate the governed agent-session feature: startSession() → prompt / tool-call / change-proposal / file-change / review records, every event stamped with one metadata.sessionId, surfaced through a new Agent Sessions UI. The older per-scenario API routes/actions are replaced by consolidated governed-entries + governed-session server modules.
  • examples/_shared/veritio-ui — shared design kit (button, card, badge, input, styles) reused across the example apps.

Verification

  • bun run verify (root) — pass (SDK + adapters + server + storage typecheck/build/tests). Storage ingest-target tests included (45/45).
  • The agent-session flow was driven end-to-end in the hosted Cloud during development: real sessions landed in Evidence → Agent Sessions / Activity Graph grouped by metadata.sessionId.

🤖 Generated with Claude Code

EP93 and others added 2 commits June 25, 2026 08:49
Add an end-to-end agent provenance session workflow to the better-auth
examples and a reusable HTTP ingest target so governed-change evidence can
reach a hosted Veritio ingest endpoint.

- storage: new `createHttpIngestTarget()` bridges the local transactional
  outbox to the hosted `/api/ingest` API. It never reads env vars and never
  embeds a key (host injects baseUrl + scoped key at its process boundary);
  the cloud re-normalizes and re-redacts every record, so raw inputs are
  posted as-is. Exported from the storage entrypoint with tests.
- examples: propagate the governed agent-session feature (startSession ->
  prompt / tool-call / change-proposal / file-change / review records, all
  stamped with one `metadata.sessionId`) to the Next.js, React, SvelteKit,
  TanStack Start, and Vue better-auth examples, with an Agent Sessions UI.
- examples/_shared: add a shared `veritio-ui` design kit (button, card,
  badge, input, styles) reused across the example apps.
- Replace the older per-scenario API routes/actions with consolidated
  `governed-entries` + `governed-session` server modules.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The hosted ingest handler already enforces the per-request record limit and
rejects an oversized batch with a typed 413, which the dispatcher maps to a
non-retryable IngestClientError. Drop the duplicated MAX_INGEST_RECORDS
constant and its pre-flight guard (introduced earlier in this PR, never
released) so the server stays the single authority for that hosted
operational limit and the client can't silently drift from it. The over-cap
test now asserts the 413 -> IngestClientError path instead of a local throw.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@EP93 EP93 changed the base branch from codex/evidence-provenance-fabric to main June 25, 2026 13:58
@EP93 EP93 merged commit 6a4e9f2 into main Jun 25, 2026
1 check passed
@EP93 EP93 deleted the feat/e2e-governed-change-poc branch June 25, 2026 14:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant