feat(ui): show DefenseClaw enforcement spans in Monitor#249
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
yashsheth46
left a comment
There was a problem hiding this comment.
-
Are we already logging some metadata from defenseclaw execution to be surfaced through agent-control monitoring?
-
Will that metadata be similar to what we populate in control spans, so splunk can pick it up as well?
| trace/span/request correlation, control and rule identity, action, and duration. | ||
| When the DefenseClaw integration is enabled, it includes exact blocked input, | ||
| raw request body, and enforcement reason by default. Monitor labels those spans | ||
| `UNREDACTED` and renders the content in the execution drill-down. DefenseClaw |
There was a problem hiding this comment.
Why "UNREDACTED"? Is redaction the only action we usually take? How about UNCHANGED or ALLOWED?
There was a problem hiding this comment.
Good question. UNREDACTED is not the control action; it describes only the disclosure state of the event payload. DefenseClaw sets metadata.content_unredacted=true when the prompt, raw request body, and reason arrive without redaction. The separate action badge remains DENY. This feed reports final blocks, so ALLOWED would be incorrect, and UNCHANGED could be read as an enforcement decision.
There are actually three useful content states: FULL CONTENT, REDACTED CONTENT, and METADATA ONLY (include_content=false). Those labels are clearer than UNREDACTED, and the README should describe this as a content/privacy label rather than an action.
|
Thanks — answers to both questions:
The current DefenseClaw integration selects the SDK's default server sink so these events populate Agent Control Monitor. The built-in |
Problem
Agent Control's Monitor tab currently shows aggregate execution, trigger, and error statistics, but an operator cannot inspect the DefenseClaw enforcement event that caused a request to be blocked. That makes it difficult to verify the integration end to end or correlate a denial with its trace, span, request, rule, and blocked input.
Solution
Query recent observability events for the selected agent and render them below the aggregate charts. The latest event is expanded automatically while still respecting a user's explicit accordion selection.
For DefenseClaw enforcement events, the view shows:
UNREDACTEDorMETADATA ONLYbadge so the privacy mode is explicit;The query recomputes its relative start time on every refetch and does not retain a prior agent's event data while a new agent query is loading.
What Changed
ui/src/core/api/client.tsui/src/core/hooks/query-hooks/use-agent-events.tsui/src/core/page-components/agent-detail/monitor/index.tsxui/src/core/page-components/agent-detail/monitor/recent-executions.tsxui/tests/agent-stats.spec.tsui/tests/fixtures.tsevaluators/contrib/defenseclaw/README.mdSecurity and Privacy
Review Feedback Addressed
nullbranches and cannot leak falsey numeric values into the DOM.Test Plan
npm run lint— passed with no warnings or errors.npm run typecheck— passed.npm run prettify:check— passed.npx playwright test tests/agent-stats.spec.ts tests/auth.spec.ts --reporter=line --workers=2— 17 passed.