feat(audit): add arguments_hash, approver_did, policy_version to AuditEntry (#2449)

[sunilp]

Description

Adds three optional verifiability fields to the Agent Mesh AuditEntry
schema (spec §4.3), surfaces them through AuditLog.log() and the
CloudEvents serializer:

• arguments_hash — hex SHA-256 of action arguments (mutation defense)
• approver_did — DID of the approving principal (approval-chain identity)
• policy_version — version id of the policy bundle (downgrade defense)

Driven by the conformance review in #2449 where these three fields were
acknowledged as legitimate gaps. This PR is intentionally additive — the
§4.4 canonical hash field set is not changed, so previously-persisted
audit entries continue to verify unchanged. A new spec subsection §4.3.1
documents the v1.0 caveat (fields recorded but not yet hash-covered) and
flags a planned v1.1 extension to MerkleAuditChain under an explicit
schema-version selector.

This is the first of two PRs from the #2449 conformance review:

1. This PR — additive schema fields, no hash change
2. PR Adding Microsoft SECURITY.MD #2 (to follow) — issued_at / completed_at dual timestamps and
   environment parity into the Agent OS schema

A separate tracking issue will cover the v1.1 hash-coverage extension.

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update
• Maintenance (dependency updates, CI/CD, refactoring)
• Security fix

Package(s) Affected

• agent-os-kernel
• agent-mesh
• agent-runtime
• agent-sre
• agent-governance
• docs / root (spec §4.3 + new §4.3.1)

Checklist

• My code follows the project style guidelines (ruff check)
• I have added tests that prove my fix/feature works
• All new and existing tests pass (pytest)
• I have updated documentation as needed
• I have signed the Microsoft CLA

Attribution & Prior Art

• This contribution does not contain code copied or derived from other projects without attribution
• Any external projects that inspired this design are credited in code comments or documentation
• If this PR implements functionality similar to an existing open-source project, I have listed it below

Prior art / related projects:

• AgentBoundary v0.1 receipt spec (Apache-2.0) —
  the field set added here was derived from AgentBoundary's tamper-evidence
  taxonomy applied against AGT's conformance evaluation in
  adapters/microsoft-agt/.
  Field naming was deliberately aligned with AGT's existing did: /
  agent_did conventions rather than copying AgentBoundary's subject /
  actor naming.

AI Assistance

• I can explain every meaningful change in this PR: what it does, why, and what tradeoffs were considered
• I have run tests and verification appropriate for this change
• No part of this PR was autonomously submitted by an AI agent without my review
• I have not used AI to generate review comments on others' PRs

AI tools materially shaped this change: a Claude (Anthropic) coding assistant
drafted the schema additions, spec edits, and test cases. Every change was
reviewed, edited, and signed off by me; the design tradeoffs (additive-only
vs. schema-version + hash extension) were decided by me before drafting. The
v1.1 hash-coverage path was explicitly chosen as a follow-up PR per the
"smallest correct surface" guidance in CONTRIBUTING.md.

IP, Patents, and Licensing

• This contribution does not implement patent-pending or patent-encumbered techniques
• This contribution does not require an NDA or licensing agreement to understand or use
• Any AI tools used have terms compatible with the MIT License

Related Issues

Refs #2449

[github-actions]

🤖 AI Agent: breaking-change-detector — API Compatibility

API Compatibility

No breaking changes detected.

[github-actions]

🤖 AI Agent: security-scanner — View details

No security issues found.

[github-actions]

🤖 AI Agent: docs-sync-checker — Docs Sync

Docs Sync

• Documentation is in sync.

[github-actions]

🤖 AI Agent: test-generator — `agentmesh/governance/audit.py`

agentmesh/governance/audit.py

• test_audit_log_log_handles_missing_new_fields -- Verify AuditLog.log() handles cases where arguments_hash, approver_did, or policy_version are not provided.
• test_audit_entry_invalid_arguments_hash -- Test that AuditEntry raises validation errors for invalid arguments_hash values (e.g., non-hex strings or incorrect lengths).
• test_audit_entry_invalid_policy_version -- Validate that AuditEntry rejects invalid policy_version formats.
• test_audit_entry_invalid_approver_did -- Ensure AuditEntry raises errors for invalid approver_did formats.

test_governance.py

• test_audit_log_export_with_new_fields -- Confirm that AuditLog.export() includes arguments_hash, approver_did, and policy_version when set.
• test_audit_log_integrity_with_invalid_new_fields -- Test AuditLog.verify_integrity() behavior when new fields contain invalid data.

[github-actions]

🔴 Contributor Check: HIGH

Check	Result
Profile	HIGH
Credential	NONE
Overall	HIGH

Automated check by AGT Contributor Check.

[github-actions]

🤖 AI Agent: contributor-guide — View details

Hi @first-time-contributor, welcome to the project and thank you for your detailed and thoughtful contribution! 🎉

Your PR does a great job of maintaining backward compatibility while introducing new schema fields.

Before merging:

1. Please ensure the new tests cover edge cases for arguments_hash, approver_did, and policy_version.
2. Verify that the documentation updates in AUDIT-COMPLIANCE-1.0.md align with the latest project guidelines in CONTRIBUTING.md.

Let us know if you need any help! 🚀

[github-actions]

🤖 AI Agent: code-reviewer — Action Items:

TL;DR: 0 blockers, 1 warning. The PR is well-implemented and adheres to the project's standards, but one issue could be addressed in a follow-up PR.

#	Sev	Issue	Where
1	Warn	arguments_hash lacks validation to ensure it is a valid SHA-256 hex	agentmesh/governance/audit.py

Action Items:

• None.

Warnings:

#	Issue	Where	Follow-up
1	Add validation for arguments_hash to ensure it is a valid SHA-256 hex string	agentmesh/governance/audit.py	Fine as follow-up PR.

[sunilp]

@microsoft-github-policy-service agree

[github-actions]

PR Review Summary

Check	Status	Details
🔍 Code Review	⚠️ Warning	See details
🛡️ Security Scan	✅ Passed	No issues found
🔄 Breaking Changes	✅ Passed	No issues found
📝 Docs Sync	✅ Passed	No issues found
🧪 Test Coverage	✅ Completed	Analysis complete

Verdict: ⚠️ Ready for human review

[imran-siddique]

LGTM. Backward-compatible audit fields with chain integrity preserved.