Skip to content

fix(plugin): create audit DB on session start#161

Merged
vaaraio merged 1 commit into
mainfrom
fix/session-start-audit-db-create
May 28, 2026
Merged

fix(plugin): create audit DB on session start#161
vaaraio merged 1 commit into
mainfrom
fix/session-start-audit-db-create

Conversation

@vaaraio
Copy link
Copy Markdown
Owner

@vaaraio vaaraio commented May 28, 2026
edited by coderabbitai Bot
Loading

Summary

  • SessionStart previously printed [new] based on db_path.exists() without ever creating the file, so the documented default audit DB path stayed empty for any session that produced no mcp__* calls or deny-pattern hits.
  • SessionStart now does mkdir -p on the parent and opens SQLiteAuditBackend(db_path), which runs the schema DDL and persists the file. Label reads [created] on first run, [existing] on subsequent runs, [unavailable (...)] if the import or open fails.
  • Pre/Post hooks already mkdir + open; this brings SessionStart in line with the rest of the plugin.

Test plan

  • python3 -m py_compile and ruff check clean on the modified hook.
  • Manual: echo '{}' | python3 hooks/session_start.py materialises the DB at VAARA_PLUGIN_AUDIT_DB and prints [created].
  • Manual re-run prints [existing].
  • 5 required status checks green.

Summary by CodeRabbit

  • Bug Fixes
    • Improved audit database status reporting during session initialization to verify actual database availability rather than relying solely on file existence checks. Enhanced status messages now reflect successful initialization (created or existing) or report unavailability with specific error details.

Review Change Stack

@vaaraio
fix(plugin): create audit DB on session start so [created] label is t…
d0574be 
…ruthful

Previously SessionStart only inspected db_path.exists() and printed [new]
when the file was absent. The DB was created lazily by PreToolUse on
the first mcp__ call or deny-pattern hit, so a [new] label often
persisted across an entire session that produced no governed events
and the file at the documented default path never materialised.

SessionStart now does mkdir -p on the parent and opens
SQLiteAuditBackend(db_path), which runs the schema DDL and persists
the file. The label reads [created] on first run, [existing] on
subsequent runs, and [unavailable (...)] if the import or open fails.
Pre/Post hooks already mkdir + open, so this is consistent with the
rest of the plugin.
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 28, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 5199c045-1d7c-4d6f-91f6-1325b64fa6a4

📥 Commits

Reviewing files that changed from the base of the PR and between b66a601 and d0574be.

📒 Files selected for processing (1)
  • plugins/claude-code-vaara-governance/hooks/session_start.py
📝 Walkthrough

Walkthrough

The session-start hook's audit DB status determination is enhanced to verify actual SQLiteAuditBackend initialization rather than relying solely on file existence. The parent directory is created if needed, initialization is attempted, and db_state captures either success (created/existing) or failure details.

Changes

Audit DB Status Reporting

Layer / File(s) Summary
DB initialization status verification
plugins/claude-code-vaara-governance/hooks/session_start.py		 Hook now checks DB file existence, creates parent directory, attempts SQLiteAuditBackend import and instantiation. db_state reports created or existing on success, or unavailable with exception representation on any initialization failure.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

  • vaaraio/vaara#93: This PR probes SQLiteAuditBackend initialization for audit DB status, which depends on the backend's schema and migration initialization safety changes introduced in that PR.

Poem

🐰 The audit trail now checks with care,
Not just if files exist out there—
We import, we instantiate, we test the way,
And capture errors come what may! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: updating the session-start hook to create the audit DB on session start, which is the primary objective of this PR.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/session-start-audit-db-create

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 28, 2026

Actionable comments posted: 0

@vaaraio vaaraio merged commit 31d44ed into main May 28, 2026
10 checks passed
@vaaraio vaaraio deleted the fix/session-start-audit-db-create branch May 28, 2026 12:27
@vaaraio vaaraio mentioned this pull request May 28, 2026
Merged
6 tasks
vaaraio added a commit that referenced this pull request May 28, 2026
@vaaraio
release(v0.40.4): policy mode presets + plugin shakedown fix delivery (
d6ca31e 
…#162)

Adds `vaara mode` CLI subcommand with three actions:

- `vaara mode list` prints the four built-in preset operating points
  (eco, balanced, performance, strict) with thresholds and one-line
  descriptions.
- `vaara mode show NAME` prints thresholds, description, and watt
  profile for a single preset.
- `vaara mode emit NAME [--format json|yaml] [--output PATH]` emits a
  minimal valid Vaara policy document for the chosen preset, ready
  for the deployer to add action classes, sequences, and escalation
  routes.

The new `vaara.policy.modes` module exposes `Mode`, `available_modes`,
`get_mode`, `to_policy_dict`, `emit_json`, and `emit_yaml`. Presets
are shaped like CPU power profiles. Emitted documents round-trip
through `vaara.policy.from_dict`, `from_json`, and `from_yaml`.

Bundles plugin shakedown fix delivery:

- `plugins/claude-code-vaara-governance/.claude-plugin/plugin.json`
  bumped 0.1.0 to 0.1.1, picking up the session_start audit-DB
  creation fix from PR #161.
- `.claude-plugin/marketplace.json` ref bumped v0.40.3 to v0.40.4 so
  marketplace users receive the plugin update.
- `server.json` and `server-vaara-server.json` versioned to 0.40.4.

25 new tests in `tests/test_policy_modes.py` cover the preset
registry, round-trip through all three loaders, and CLI dispatch.

Co-authored-by: vaaraio <267591518+vaaraio@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vaaraio