Skip to main content

Product documentation

Approval argument match event

Inspectable evidence record

Claim ref: approval-argument-binding | Status: partial | Verification method: manual

Source ref: product-repo:internal/canonicalization/fingerprint.go@b0c9dc604a6fed33ac7403ac9d0939a8df68b6e9 | Verified at: 2026-03-19

Verified by: security-engineering | Reproducible: yes

Product version: 0.5.0

Verification procedure: Reviewed redacted control-plane event envelope and matched normalized_args_hash against approval_args_hash semantics.

Verification confidence: medium

Verification command: node scripts/verify-proof.mjs approval-argument-match-event

Expected signal: hash-match=true

Output validation: contains (lenient) | hash-match=true

Normalize: trim

Verification artifact ref: approval-binding-evidence

Verification artifact hash: sha256:example-approval-binding-record

Command type: deterministic

Determinism assumptions: Verification command reads static redacted fixture and does not call external services.

Replay fidelity: approximate

Execution constraints: timeout=20s, noNetwork=true, readOnly=true

Reproduction steps:

  1. Open control-plane approval event export in docs/public-artifacts.
  2. Confirm normalized_args_hash equals approval_args_hash for allow decision.
  3. Confirm approval_id and decision fields exist in same event envelope.

Environment context:

Repo state: product-repo@redacted

Checkout command: git checkout <commit-from-proof-record>

  • Access to sanitized event export from control-plane approvals pipeline
  • Node.js 20+

Artifact refs: approval-binding-evidence

Scope: This record demonstrates the expected event envelope structure for an approved action. The JSON example is illustrative and redacted — it shows what a matching-hash event would look like, not a verified production trace. verificationConfidence: medium reflects structural verification of the hash field schema and matching logic, not end-to-end behavioral confirmation. The mechanism exists in the code path, but production event samples have not been published or verified. This proof does not establish that hash matching prevents drift between approved arguments and executed arguments in all cases — only that the field and logic exist.

{
  "event_id": "evt_01HTP5H8EYAX6KQ8M8RNGF8D90",
  "approval_id": "apr_01HTP5G7Q3Y3Q70G1BT22K8HZE",
  "action": "tool.exec.bash",
  "normalized_args_hash": "sha256:81d7f4...",
  "approval_args_hash": "sha256:81d7f4...",
  "decision": "allow",
  "reason": "approval_hash_match"
}

Disclaimer: Full replay transcript with verified production event samples is pending publication. This record does not constitute a production guarantee. failureMode entries (digest computation misses relevant state, normalization drift, tool behavior divergence) describe real risks not fully mitigated by this proof alone.