Skip to content

prisma-airs-tool-audit

Fire-and-forget audit logging of tool execution results through AIRS.

Overview

Field Value
Event after_tool_call
Config field tool_audit_mode
Can Block No
Default mode deterministic
Valid modes deterministic, probabilistic, off

Purpose

Scans tool execution results through AIRS after a tool call completes. Provides a post-execution audit trail that complements the pre-execution scanning done by prisma-airs-tool-guard. Detects threats in tool outputs that may not have been present in the inputs.

How It Works

  1. Reads tool_audit_mode from config (default: deterministic). Returns void if off.
  2. Serializes event.result to a string:
  3. If null/undefined: skips.
  4. If string: uses directly.
  5. Otherwise: JSON.stringify(), falling back to String().
  6. Skips if serialized result is empty after trimming.
  7. Calls scan() with both response and toolEvents: 
    {
  "response": "<resultStr>",
  "profileName": "...",
  "appName": "...",
  "toolEvents": [{
    "metadata": {
      "ecosystem": "mcp",
      "method": "tool_result",
      "serverName": "local",
      "toolInvoked": "<event.toolName>"
    },
    "input": "<resultStr>"
  }]
}
  8. Logs structured JSON to stdout with: toolName, durationMs, action, severity, categories, scanId, reportId, latencyMs, responseDetected.

Error Handling

On scan failure:

  • Logs error to stderr.
  • Returns void (fire-and-forget, no blocking).
  • No fail-closed behavior.

Configuration

plugins:
  entries:
    prisma-airs:
      config:
        tool_audit_mode: "deterministic"  # "deterministic" | "probabilistic" | "off"
        profile_name: "default"
        app_name: "openclaw"

Behavior

Condition Result
tool_audit_mode = off No-op
event.result is null/undefined No-op
Serialized result is empty No-op
Scan succeeds Log audit entry
Scan fails Log error, no-op