[New Plugin] Asqav - Quantum-safe audit trails#1580
[New Plugin] Asqav - Quantum-safe audit trails#1580jagmarques wants to merge 1 commit intoPortkey-AI:mainfrom
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 815613599f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| const agentId = | ||
| parameters.agentId || context.metadata?.agentId || 'portkey-gateway'; |
There was a problem hiding this comment.
When parameters.agentId is not set, this falls back to context.metadata?.agentId, but context.metadata is populated from the caller-provided x-portkey-metadata header (RequestContext.metadata). That lets any client spoof the X-Agent-Id used for signing, so audit records can be attributed to arbitrary agents and lose integrity guarantees.
Useful? React with 👍 / 👎.
| const agentId = | ||
| parameters.agentId || context.metadata?.agentId || 'portkey-gateway'; | ||
|
|
||
| const text = getText(context, eventType); |
There was a problem hiding this comment.
Using getText(context, eventType) hashes only the “current content part” rather than the complete payload (for chat requests this is just the last message, and for chat responses only the first choice). In multi-turn chats or n>1 responses, changes outside that slice won’t affect the signature, so the plugin can report a valid audit signature for partially tampered traffic.
Useful? React with 👍 / 👎.
1 participant
Closes #1577
What this does
Adds an asqav guardrail plugin that signs every request and response with quantum-safe ML-DSA-65 signatures (NIST FIPS 204), creating tamper-proof audit trails with public verification URLs.
How it works
beforeRequestHook: signs the outgoing request with the agent's keyafterRequestHook: signs the incoming responseFiles
plugins/asqav/auditLog.ts- guardrail handlerplugins/asqav/manifest.json- plugin metadataplugins/asqav/auditLog.test.ts- testsplugins/index.ts- registrationParameters
agentIdportkey-gatewayincludeContentfalsefailOpentruetimeout5000Test results