Axtary
live package pathmatching doc

Approved payload changed before execution

The reviewer approved one file body; the agent tried to execute another.

1 step-up1 deny
No secret or provider credential required

Run your own command

real policy decision

Type a shell command an agent might run. Axtary evaluates it through the same runtime-hook path as axtary hook claude-code — the real policy decision, reason, and payload hash. Nothing is executed and no credentials are used.

$

Decision trail

scenario output
Step-up
step_up

The normalized action is in scope only after exact payload-bound reviewer approval.

payloadsha256:74d11ba2fa09a…314c3edc86
actionsha256:99496a31dde4d…6d9fc4965c
ledgersha256:1b039dca40fed…b12a6fcbc8
executionapproval_required
payload_touches_step_up_path
Tamper block
deny

The normalized action is outside the active policy and must not execute.

payloadsha256:b320da9ac8821…f91b4b3fa5
actionsha256:02649ffb9d33d…1125d8abd8
ledgersha256:5ea8b31f23313…9298cf37e2
executionblocked
approval_payload_hash_mismatch

Normalized payload evidence

2 payloads

approved

sha256:74d11ba2fa09a…314c3edc86

{
  "tool": "github.contents.write",
  "resource": "repo:company/web-app",
  "payload": {
    "path": "auth/session.ts",
    "branch": "feature/session-hardening",
    "content": "export const sessionCookie = { sameSite: 'strict' };",
    "message": "Harden session cookie defaults"
  }
}

executed

sha256:b320da9ac8821…f91b4b3fa5

{
  "tool": "github.contents.write",
  "resource": "repo:company/web-app",
  "payload": {
    "path": "auth/session.ts",
    "branch": "feature/session-hardening",
    "content": "export const sessionCookie = { sameSite: 'strict', redirect: '/admin' };",
    "message": "Harden session cookie defaults and redirect behavior"
  }
}

Copyable path

cli
axtary run workflow github-pr-review --real --tamper

Governance inspector

evidence

approved payload

sha256:74d11ba2fa09a…314c3edc86

executed payload

sha256:b320da9ac8821…f91b4b3fa5

approval artifact

sha256:05481d7383cc0…a8fc640a38

API response

/api/playground
{
  "id": "content-tamper-block",
  "decisions": [
    {
      "label": "Step-up",
      "decision": "step_up",
      "reasons": [
        "payload_touches_step_up_path"
      ],
      "summary": "The normalized action is in scope only after exact payload-bound reviewer approval.",
      "payloadHash": "sha256:74d11ba2fa09a8ce87680534498028f68d1619e98868b4b6949c74314c3edc86",
      "actionHash": "sha256:99496a31dde4d0e69ed492c676cdbdc3727df827d8a3b52c8cead86d9fc4965c",
      "ledgerHash": "sha256:1b039dca40fedc574d820d8243b56e4eb69ca0abc45e8be92e7a03b12a6fcbc8",
      "execution": "approval_required"
    },
    {
      "label": "Tamper block",
      "decision": "deny",
      "reasons": [
        "approval_payload_hash_mismatch"
      ],
      "summary": "The normalized action is outside the active policy and must not execute.",
      "payloadHash": "sha256:b320da9ac8821f6e4659266b2488aa9ae6cd35943a6340f76f6daff91b4b3fa5",
      "actionHash": "sha256:02649ffb9d33d2f6853cdb85562dd1adf21bc3440bc3f74f3b35471125d8abd8",
      "ledgerHash": "sha256:5ea8b31f23313348a0f752df41f1c245b39ebe00fa36ad4c38f8c99298cf37e2",
      "execution": "blocked"
    }
  ],
  "inspector": [
    {
      "label": "approved payload",
      "value": "sha256:74d11ba2fa09a8ce87680534498028f68d1619e98868b4b6949c74314c3edc86"
    },
    {
      "label": "executed payload",
      "value": "sha256:b320da9ac8821f6e4659266b2488aa9ae6cd35943a6340f76f6daff91b4b3fa5"
    },
    {
      "label": "approval artifact",
      "value": "sha256:05481d7383cc08b93fcd19d6c64b12a59d083819c487dec1b05a93a8fc640a38"
    }
  ]
}

Runs the real ActionPass approval-artifact hash check. No provider credential is used.