Eleven steps execute the operation. Only some of those steps make it into the audit trail.

Imagine asking the same system to run one action seven times, and each time the request stops at a different point: invalid arguments, denied permission, an exhausted rate limit, a confirmation that never arrives. Each path leaves a different trace — and not all of them leave the same trace. That's what you're about to walk through here, now with its technical name: the real invocation plan of ToolRegistry::call(), step by step, including the rules that can't fire today.

Artifact 05audited code

Runtime x-ray

The eleven-step walk is a good entry point. The real implementation adds boundaries that matter for security, cost, confirmation, and interception.

Select a path

Audit coverage changes depending on the return point.

OutputCallbackAudit evidence
Nonexistent toolNono explicit log
Invalid argsNovalidation failure
Policy deniedNoauth failure
Plan / confirmationNono explicit log
Cache short-circuitNotool.executed
Pure vetoNoknown gap
Callback / throwYesexecuted / failed

The guarantee reads per branch

“Everything is audited” doesn't describe every early return today. This artifact makes both the implemented guarantees and the gaps visible.

Evidence and scope

getmilpa-tool-runtime/src/ToolRegistry.php:348-570 · wording in ToolAuditLogger.php:45-57,204-232.