Approved payload changed before execution
The reviewer approved one file body; the agent tried to execute another.
Run your own command
Type a shell command an agent might run. Axtary evaluates it through the same runtime-hook path as axtary hook claude-code — the real policy decision, reason, and payload hash. Nothing is executed and no credentials are used.
Decision trail
The normalized action is in scope only after exact payload-bound reviewer approval.
The normalized action is outside the active policy and must not execute.
Normalized payload evidence
2 payloads
Normalized payload evidence
approved
sha256:74d11ba2fa09a…314c3edc86
{
"tool": "github.contents.write",
"resource": "repo:company/web-app",
"payload": {
"path": "auth/session.ts",
"branch": "feature/session-hardening",
"content": "export const sessionCookie = { sameSite: 'strict' };",
"message": "Harden session cookie defaults"
}
}executed
sha256:b320da9ac8821…f91b4b3fa5
{
"tool": "github.contents.write",
"resource": "repo:company/web-app",
"payload": {
"path": "auth/session.ts",
"branch": "feature/session-hardening",
"content": "export const sessionCookie = { sameSite: 'strict', redirect: '/admin' };",
"message": "Harden session cookie defaults and redirect behavior"
}
}Copyable path
axtary run workflow github-pr-review --real --tamper
Governance inspector
approved payload
sha256:74d11ba2fa09a…314c3edc86
executed payload
sha256:b320da9ac8821…f91b4b3fa5
approval artifact
sha256:05481d7383cc0…a8fc640a38
API response
/api/playground
API response
{
"id": "content-tamper-block",
"decisions": [
{
"label": "Step-up",
"decision": "step_up",
"reasons": [
"payload_touches_step_up_path"
],
"summary": "The normalized action is in scope only after exact payload-bound reviewer approval.",
"payloadHash": "sha256:74d11ba2fa09a8ce87680534498028f68d1619e98868b4b6949c74314c3edc86",
"actionHash": "sha256:99496a31dde4d0e69ed492c676cdbdc3727df827d8a3b52c8cead86d9fc4965c",
"ledgerHash": "sha256:1b039dca40fedc574d820d8243b56e4eb69ca0abc45e8be92e7a03b12a6fcbc8",
"execution": "approval_required"
},
{
"label": "Tamper block",
"decision": "deny",
"reasons": [
"approval_payload_hash_mismatch"
],
"summary": "The normalized action is outside the active policy and must not execute.",
"payloadHash": "sha256:b320da9ac8821f6e4659266b2488aa9ae6cd35943a6340f76f6daff91b4b3fa5",
"actionHash": "sha256:02649ffb9d33d2f6853cdb85562dd1adf21bc3440bc3f74f3b35471125d8abd8",
"ledgerHash": "sha256:5ea8b31f23313348a0f752df41f1c245b39ebe00fa36ad4c38f8c99298cf37e2",
"execution": "blocked"
}
],
"inspector": [
{
"label": "approved payload",
"value": "sha256:74d11ba2fa09a8ce87680534498028f68d1619e98868b4b6949c74314c3edc86"
},
{
"label": "executed payload",
"value": "sha256:b320da9ac8821f6e4659266b2488aa9ae6cd35943a6340f76f6daff91b4b3fa5"
},
{
"label": "approval artifact",
"value": "sha256:05481d7383cc08b93fcd19d6c64b12a59d083819c487dec1b05a93a8fc640a38"
}
]
}Runs the real ActionPass approval-artifact hash check. No provider credential is used.