Hollow

What's New

Every Operation Through a Single Audited Boundary

Without an audit log, anomaly detection is impossible, accountability is impossible, post-mortems are guesswork.

agents/audit.py — AuditLog

• Append-only: log() never rewrites existing entries. Writes to audit.log as newline-delimited JSON.
• Z-score anomaly detection: After 50 baseline operations per role, checks shell_calls_per_minute, tokens_per_minute, unique_op_types every 10 entries. Z > 3.0 emits security.anomaly to root agent.
• Per-role baseline: Computed from first 50 operations per role, persisted to audit-baselines.json.
• Query: Filter by agent_id, operation, time window, limit. Newest-first.
• Stats: op_counts, total_tokens, entry_count, anomaly_score per agent.

Protected Paths

audit.log and audit-baselines.json are blocklisted in fs_write. Neither root nor any agent can overwrite via API (returns 403).

Audited Operations

agent_register, agent_terminate, agent_spawn, message_send, task_submit, lock_acquire, memory_alloc

New API Endpoints

• GET /audit — query log (filter by agent_id, operation, since, until)
• GET /audit/stats/{agent_id} — op_counts, total_tokens, anomaly_score
• GET /audit/anomalies — recent security.anomaly events (admin only)

New MCP Tools (3)

audit_query, audit_stats, anomaly_history

Total: 60 MCP tools

Events

security.anomaly — emitted to root when z-score exceeds 3.0; payload: agent_id, metric, observed, baseline, z_score

Integration Tests

6 test classes in tests/integration/test_audit.py — coverage completeness, anomaly detection, append-only protection, query precision, overhead, persistence + auth enforcement.