UC-001
UC-001: PEP Allow — Safe Tool Execution
Scenario
A user's AI application calls a calculator tool through the HELM proxy. The tool is on the Guardian allowlist. Execution is approved and a signed receipt is generated.
Preconditions
- HELM proxy running with
--upstream https://api.openai.com/v1 - Guardian allowlist includes
calculator - Ed25519 signing enabled (
--sign)
Steps
- Application sends chat completion with
tool_call: calculator({"a": 2, "b": 3}) - Proxy intercepts the response, extracts
tool_call - Args validated and canonicalized (JCS → SHA-256 hash)
- Guardian checks allowlist → ALLOW
- ProofGraph node appended
- Signed receipt emitted to JSONL store
Assertions
- Receipt has
status: "PROXY_ALLOW" - Receipt has
reason_code: "TOOL_ALLOWED" - Receipt
args_hashis deterministic (same input → same hash) - Receipt
signatureis valid Ed25519 - Receipt
prev_hashlinks to previous receipt (causal chain) - ProofGraph node contains receipt hash as node ID
Expected Output
{
"receipt_id": "rcpt_...",
"tool_name": "calculator",
"args_hash": "sha256:abcdef...",
"status": "PROXY_ALLOW",
"reason_code": "TOOL_ALLOWED",
"prev_hash": "sha256:000000...",
"lamport": 1,
"signature": "ed25519:..."
}