openagentlock · knhn1004 · May 7, 2026 · May 7, 2026
diff --git a/cli/src/commands/fake-hook.ts b/cli/src/commands/fake-hook.ts
@@ -11,6 +11,7 @@ export interface FakeHookOptions {
   tool: string;
   command?: string;
   filePath?: string;
+  cwd?: string;
   url?: string;
   json: boolean;
   inputJson?: string;
@@ -34,6 +35,7 @@ export async function runFakeHook(opts: FakeHookOptions): Promise<void> {
     source: opts.source,
     tool: opts.tool,
     input,
+    cwd: opts.cwd,
   };
   const client = apiClient(opts.url);
   let res: GateCheckResponse;

diff --git a/cli/src/commands/session.ts b/cli/src/commands/session.ts
@@ -19,6 +19,8 @@ interface Options {
   policyHash?: string;
   code?: string;
   passphrase?: string;
+  userId?: string;
+  groups?: string[];
 }
 
 export async function runSessionEnd(opts: {
@@ -82,6 +84,8 @@ export async function runSessionRotate(opts: Options & { id: string }): Promise<
     signer: payload.signer,
     signer_pubkey: payload.signer_pubkey,
     attestation: `ed25519:${toHex(attestation)}`,
+    user_id: opts.userId,
+    groups: opts.groups,
   };
 
   const client = apiClient(opts.url);
@@ -152,6 +156,8 @@ export async function runSessionCreate(opts: Options): Promise<void> {
     signer: payload.signer,
     signer_pubkey: payload.signer_pubkey,
     attestation: `ed25519:${toHex(attestation)}`,
+    user_id: opts.userId,
+    groups: opts.groups,
   };
 
   const client = apiClient(opts.url);

diff --git a/cli/src/index.ts b/cli/src/index.ts
@@ -163,6 +163,8 @@ session
   .option("--tier <tier>", "Signer tier (software | totp).", "software")
   .option("--url <url>", "Control-plane base URL.")
   .option("--policy-hash <hash>", "Policy hash to bind into the attestation.")
+  .option("--user-id <id>", "User identity used for group-policy overlays.")
+  .option("--group <name...>", "Group memberships used for group-policy overlays.")
   .option("--code <6-digit>", "TOTP code (required for --tier totp).")
   .option("--passphrase <pp>", "TOTP passphrase (required for --tier totp).")
   .option("--json", "Emit JSON instead of human output.", false)
@@ -171,6 +173,8 @@ session
       tier: string;
       url?: string;
       policyHash?: string;
+      userId?: string;
+      group?: string[];
       code?: string;
       passphrase?: string;
       json: boolean;
@@ -197,6 +201,8 @@ session
         url: opts.url,
         json: opts.json,
         policyHash: opts.policyHash,
+        userId: opts.userId,
+        groups: opts.group,
         code: opts.code,
         passphrase: opts.passphrase,
       });
@@ -220,6 +226,8 @@ session
   .option("--tier <tier>", "Signer tier (software | totp).", "software")
   .option("--url <url>", "Control-plane base URL.")
   .option("--policy-hash <hash>", "Policy hash to bind into the rotated attestation.")
+  .option("--user-id <id>", "User identity used for group-policy overlays.")
+  .option("--group <name...>", "Group memberships used for group-policy overlays.")
   .option("--code <6-digit>", "TOTP code (required for --tier totp).")
   .option("--passphrase <pp>", "TOTP passphrase (required for --tier totp).")
   .option("--json", "Emit JSON instead of human output.", false)
@@ -229,6 +237,8 @@ session
       tier: string;
       url?: string;
       policyHash?: string;
+      userId?: string;
+      group?: string[];
       code?: string;
       passphrase?: string;
       json: boolean;
@@ -252,6 +262,8 @@ session
         url: opts.url,
         json: opts.json,
         policyHash: opts.policyHash,
+        userId: opts.userId,
+        groups: opts.group,
         code: opts.code,
         passphrase: opts.passphrase,
       });
@@ -362,6 +374,7 @@ program
   .requiredOption("--tool <name>", "Tool name (Bash, Read, Write, mcp__X__Y).")
   .option("--command <cmd>", "Bash command (shorthand for --input.command).")
   .option("--file-path <path>", "File path (shorthand for --input.file_path).")
+  .option("--cwd <path>", "Working directory for scoped policy resolution.")
   .option("--input <json>", "Raw tool input as JSON.")
   .option("--url <url>", "Control-plane base URL.")
   .option("--json", "Emit JSON instead of human output.", false)
@@ -372,6 +385,7 @@ program
       tool: string;
       command?: string;
       filePath?: string;
+      cwd?: string;
       input?: string;
       url?: string;
       json: boolean;
@@ -382,6 +396,7 @@ program
         tool: opts.tool,
         command: opts.command,
         filePath: opts.filePath,
+        cwd: opts.cwd,
         inputJson: opts.input,
         url: opts.url,
         json: opts.json,

diff --git a/cli/src/util/api.ts b/cli/src/util/api.ts
@@ -132,6 +132,7 @@ export interface PolicyGateView {
   id: string;
   mode?: string;
   disabled?: boolean;
+  source?: string;
   tool?: string;
   tool_prefix?: string;
   any_command_regex?: string[];
@@ -283,6 +284,8 @@ export interface SessionStartRequest {
   signer: string;
   signer_pubkey: string;
   attestation: string;
+  user_id?: string;
+  groups?: string[];
 }
 
 export interface SessionResponse {
@@ -293,6 +296,8 @@ export interface SessionResponse {
   session_pubkey: string;
   signer: string;
   signer_pubkey: string;
+  user_id?: string;
+  groups?: string[];
 }
 
 export function apiClient(baseUrl?: string, initialToken?: string | null): ApiClient {

diff --git a/control-plane/api/group-policy.schema.json b/control-plane/api/group-policy.schema.json
@@ -0,0 +1,69 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://openagentlock.github.io/OpenAgentLock/schema/group-policy.schema.json",
+  "title": "OpenAgentLock group policy bundle",
+  "type": "object",
+  "required": ["version"],
+  "additionalProperties": false,
+  "properties": {
+    "version": { "type": "integer", "const": 1 },
+    "groups": {
+      "type": "object",
+      "additionalProperties": { "$ref": "#/definitions/policyLayer" }
+    },
+    "users": {
+      "type": "object",
+      "additionalProperties": {
+        "type": "object",
+        "additionalProperties": false,
+        "properties": {
+          "groups": {
+            "type": "array",
+            "items": { "type": "string", "minLength": 1 },
+            "uniqueItems": true
+          },
+          "gates": {
+            "type": "array",
+            "items": { "$ref": "#/definitions/gate" }
+          }
+        }
+      }
+    }
+  },
+  "definitions": {
+    "policyLayer": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "inherits": {
+          "type": "array",
+          "items": { "type": "string", "minLength": 1 },
+          "uniqueItems": true
+        },
+        "gates": {
+          "type": "array",
+          "items": { "$ref": "#/definitions/gate" }
+        }
+      }
+    },
+    "gate": {
+      "type": "object",
+      "required": ["id", "match", "evaluate"],
+      "additionalProperties": true,
+      "properties": {
+        "id": { "type": "string", "minLength": 1 },
+        "source": { "type": "string" },
+        "mode": { "type": "string", "enum": ["monitor", "enforce"] },
+        "disabled": { "type": "boolean" },
+        "precedence": { "type": "string", "enum": ["priority"] },
+        "priority": { "type": "integer" },
+        "match": { "type": "object" },
+        "evaluate": {
+          "type": "array",
+          "minItems": 1,
+          "items": { "type": "object" }
+        }
+      }
+    }
+  }
+}
diff --git a/control-plane/api/openapi.yaml b/control-plane/api/openapi.yaml
@@ -268,6 +268,8 @@ components:
         session_pubkey: { type: string }
         signer: { $ref: '#/components/schemas/SignerKind' }
         signer_pubkey: { type: string }
+        user_id: { type: string }
+        groups: { type: array, items: { type: string } }
 
     SessionStartRequest:
       type: object
@@ -278,6 +280,8 @@ components:
         signer: { $ref: '#/components/schemas/SignerKind' }
         signer_pubkey: { type: string }
         attestation: { type: string, description: "ed25519 signature over canonical attestation payload" }
+        user_id: { type: string, description: "Optional identity key used for group-policy overlays." }
+        groups: { type: array, items: { type: string }, description: "Optional ordered group memberships used for group-policy overlays." }
 
     GateCheckRequest:
       type: object

diff --git a/control-plane/dashboard-ui/src/lib/types.ts b/control-plane/dashboard-ui/src/lib/types.ts
@@ -13,12 +13,22 @@ export interface LedgerEntry {
   // mode forced the runtime to allow. UI renders these as "alert"
   // (IDS-style) instead of "deny" (IPS-style) — the call did go through.
   monitor_match?: boolean;
+  policy_trace?: PolicyTraceItem[];
   payload_hash: string;
   sig: string;
   leaf_hash: string;
   prev_leaf: string;
 }
 
+export interface PolicyTraceItem {
+  layer?: string;
+  source?: string;
+  rule_id: string;
+  verdict: string;
+  precedence?: string;
+  priority?: number;
+}
+
 export interface ModeInfo {
   mode: "firewall" | "monitor";
   env: string;

diff --git a/control-plane/dashboard-ui/src/routes/events.tsx b/control-plane/dashboard-ui/src/routes/events.tsx
@@ -452,6 +452,20 @@ function EventDetail({
             value="suppressed deny — runtime allowed; ledger keeps original verdict"
           />
         )}
+        {entry.policy_trace && entry.policy_trace.length > 0 && (
+          <DetailRow
+            label="policy"
+            value={entry.policy_trace
+              .map((t) => {
+                const priority =
+                  t.precedence === "priority" ? ` priority=${t.priority ?? 0}` : "";
+                return `${t.layer || t.source || "policy"}:${t.rule_id}=${t.verdict}${priority}`;
+              })
+              .join(" → ")}
+            mono
+            wrap
+          />
+        )}
         <DetailRow label="signer" value={entry.signer || "—"} mono />
         <DetailRow label="tool_use_id" value={entry.tool_use_id || "—"} mono />
         <DetailRow label="payload_hash" value={entry.payload_hash} mono wrap />

diff --git a/control-plane/internal/api/gate.go b/control-plane/internal/api/gate.go
@@ -8,7 +8,6 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/openagentlock/openagentlock/control-plane/internal/policy"
 	"github.com/openagentlock/openagentlock/control-plane/internal/storage"
 )
 
@@ -66,15 +65,11 @@ func gateCheckHandler(d Deps) http.HandlerFunc {
 
 		// Resolve the policy pinned to this session's hash; falls back to
 		// live when the hash is unknown (e.g. registry not yet seeded).
-		evalPolicy := resolvePolicyForCwd(d, sess.PolicyHash, req.Cwd)
+		evalPolicy, result := evaluatePolicyForSession(d, sess, req.Cwd, req.Tool, req.Input)
 		if evalPolicy == nil {
 			writeError(w, http.StatusServiceUnavailable, "policy_unavailable", "no policy loaded")
 			return
 		}
-		result := evalPolicy.Evaluate(policy.EvalRequest{
-			Tool:  req.Tool,
-			Input: req.Input,
-		})
 
 		var origVerdict string
 		result, _, origVerdict = applyDaemonModeOverride(result)
@@ -107,6 +102,7 @@ func gateCheckHandler(d Deps) http.HandlerFunc {
 			Verdict:      origVerdict,
 			MonitorMatch: result.MonitorMatch,
 			MatcherInput: ledgerMatcherInput(req.Input),
+			PolicyTrace:  storagePolicyTrace(result.Trace),
 			PayloadHash:  payloadHash[:],
 			Sig:          nil,
 		})