Governance Console

A real-time dashboard with SSE event streaming that visualizes your governance posture, audit chain, cost tracking, and pending approvals. Clicking Halt blocks the agent across every enforcement path — scope.check(), cost.check_or_raise(), gates.request(), and both LLM wrappers (wrap_openai, wrap_anthropic) fail-close with AgentHaltedError within 5 seconds of the click. Talks to the same Postgres the SDK writes to. Zero new infrastructure.

Internals (for developers): halting writes a halt marker to governance_agent_presence.metadata_json; every SDK enforcement path reads that marker via a 5-second TTL cache and fail-closes with AgentHaltedError (a RuntimeError subclass — NOT under GovernanceError). The agent process itself keeps running after a halt; process termination remains the host application's responsibility.

v0.5.3 → v0.5.4 regression note (collapsed)

On v0.5.3, the console Halt button wrote the halt marker and emitted an audit event but the SDK enforcement path never read the marker — operators saw a status badge change while the agent kept running. v0.5.4 shipped an emergency hotfix that wired scope.check() into the halt marker. If any deployment is still on v0.5.3, upgrade to the latest release — see the changelog. On v0.5.4–v0.6.1, halt covered scope.check() only; cost, gates, and LLM wrappers silently succeeded against halted agents. v0.6.2 (current release) closes the remaining three paths.

Installation

pip install "code-atelier-governance[console]"

# Required env vars:
export GOVERNANCE_DATABASE_URL=$DATABASE_URL  # your existing Postgres
export GOVERNANCE_AUDIT_SECRET=...  # same secret the SDK uses

# Apply the schema (includes console auth tables):
governance migrate --database-url $DATABASE_URL

# Create your first admin user:
governance console add-user --username admin --role admin

# Optional:
export GOVERNANCE_CONSOLE_PORT=8766  # default: 8766

# Start:
python -m codeatelier_governance.console

The console backend is a thin FastAPI server. For the full experience, also run the Next.js frontend from the console/ directory in the repo.

Pages

Governance Posture

shipped

Per-agent pass/warn/fail cards for all eight enforcement modules with inline violation details. Stats bar with total events, today's spend, and pending approvals. Real-time Live/Idle/Unresponsive status badge per agent via the presence module. Loop detection status visible per agent. The CEO demo page — one glance, one screenshot.

Audit Log Explorer

shipped

Filterable, paginated table of every audit event (25/50/100 per page). Click a session ID to see the chain. Click 'Verify chain integrity' to cryptographically prove no row was tampered with. Click any row to open the event detail slide-out panel with full HMAC, prev_hash links, and a one-click verify button.

Cost Dashboard

shipped

Per-agent daily spend and per-session cost breakdown with per-model cost aggregation. USD and token counts. Budget caps visible when policies are registered (persisted to Postgres by the SDK).

Approval Gates

shipped

Pending approvals with Grant/Deny buttons for one-click resolution. Recent resolutions with timestamps. Copy grant command for CLI workflows. Each approval is a signed, single-use token.

Chain Verification

The killer feature for compliance officers. On the Audit Log page, filter to any session and click Verify chain integrity. The server re-computes the HMAC of every row from scratch using the audit secret (which never leaves the server). If any row was modified — even one byte of metadata — the verification fails and tells you exactly which event was tampered with.

Verified (1,234 events) — chain integrity intact. No tampered rows detected.

TAMPERED at event 847 — metadata was modified after the original HMAC was computed. The chain is broken from this point forward.

Authentication

The console ships with a built-in auth system. PBKDF2-HMAC-SHA256 password hashing (600k iterations, OWASP recommendation), Postgres-backed sessions with httpOnly cookies (8-hour TTL with revocation), and role-based access control.

Roles

viewer — read-only access to all console pages. Can view audit logs, cost dashboards, and approval status.

admin — full access including user management, session revocation, and grant/deny on approval gates.

API Endpoints

POST /api/auth/login — authenticate with username + password

POST /api/auth/logout — revoke the current session

GET /api/auth/me — current user info and role

GET/POST /api/auth/users — list or create users (admin)

User management via CLIbash

# Add the first admin user:
governance console add-user --username alice --role admin

# List users:
governance console list-users

# Disable a user (revokes all sessions):
governance console disable-user --username alice

# Reset a password:
governance console reset-password --username alice

SSE Live Event Stream

v0.5.0

The console uses Server-Sent Events for real-time updates instead of polling. Connect to GET /api/stream/events with a session cookie or x-governance-token header. Events are pushed as they happen — audit rows, presence changes, approval resolutions, and cost threshold alerts.

Connect to the event streamjavascript

const source = new EventSource("/api/stream/events", {
  withCredentials: true,  // sends the session cookie
});

source.addEventListener("audit", (e) => {
  const event = JSON.parse(e.data);
  console.log("New audit event:", event.kind, event.agent_id);
});

source.addEventListener("presence", (e) => {
  const status = JSON.parse(e.data);
  console.log("Agent status:", status.agent_id, status.status);
});

Self-Approval Prevention

v0.5.0

The console enforces self-approval prevention on HITL gates. When a console user attempts to grant an approval for an agent, the system checks the agent's operator_id (set via presence.heartbeat()) against the authenticated user. If they match, the approval is blocked with HTTP 403. If operator_id is NULL (not set), the approval is also blocked — fail-closed by default.

API Endpoints

Agent Presence: GET /api/agents/presence — returns all agents with their current status (Live, Idle, Unresponsive) and last_seen timestamp. Powers the status badges on the posture page.

Per-Model Cost Breakdown: GET /api/cost/models — returns per-model cost aggregation for each agent, showing which models drive the most spend.

SSE Stream: GET /api/stream/events — Server-Sent Events stream for real-time console updates. Requires authentication.

Security

Login rate limiting: 5 login attempts per IP address per 60 seconds. Prevents brute-force attacks without external dependencies.

Password hashing: PBKDF2-HMAC-SHA256 with 600,000 iterations and a 32-byte random salt per user. Constant-time comparison to prevent timing attacks. No external dependencies — stdlib only.

Sessions: Postgres-backed with httpOnly cookies. 8-hour TTL. Admins can revoke individual sessions via DELETE /api/auth/sessions/{id}.

HMAC secret: Used server-side only for chain verification. The frontend receives a boolean (verified: true/false) per event — the secret itself never reaches the browser.

PII redaction: Metadata fields like password, secret, token, api_key are automatically redacted before serving. Redaction is recursive — nested objects are stripped too. Extend via GOVERNANCE_CONSOLE_REDACT_KEYS.

CORS: Restricted to GOVERNANCE_CONSOLE_CORS_ORIGINS (default: localhost:3000). Wildcard origins are rejected in production.

First-time experience

The console includes a built-in walkthrough for first-time users. On your first visit, a welcome banner offers a 6-step guided tour explaining each page and feature. The tour state persists in localStorage. A small ? button in the bottom-right corner lets anyone restart it at any time.