#8855: feat(hooks): add configurable compliance logging plugin
docs
gateway
agents
stale
## Summary
This PR adds a configurable compliance logging hook that automatically tracks agent activity without requiring agents to manually log their work.
Related to #8209
## Motivation
- **Zero agent involvement** — Agents can't forget to log; it happens at the gateway level
- **Complete audit trail** — Every agent action has gateway-level evidence
- **Configurable** — Choose which events to log and where to send them
- **Privacy controls** — Optional content redaction for human messages
## Changes
### New Files
```
src/hooks/bundled/compliance/
├── HOOK.md # Documentation
├── index.ts # Module exports
├── types.ts # TypeScript types for config & events
├── emitter.ts # Emitter factory
├── handler.ts # Hook handler + exported convenience functions
└── destinations/
├── webhook.ts # HTTP POST destination
├── file.ts # JSONL file destination
├── cli.ts # External CLI destination
└── telemetry.ts # Telemetry plugin integration
```
### Modified Files
- `src/plugins/hooks.ts` — Removed hardcoded MC logging, added notes pointing to compliance hook
- `src/gateway/server-cron.ts` — Use compliance handler functions
- `src/agents/tools/sessions-spawn-tool.ts` — Use compliance handler functions
- `src/agents/tools/sessions-send-tool.ts` — Use compliance handler functions
- `src/agents/subagent-announce.ts` — Use compliance handler functions
## Configuration
```json
{
"hooks": {
"internal": {
"entries": {
"compliance": {
"enabled": true,
"events": ["agent_start", "agent_end", "cron_start", "cron_complete"],
"destination": {
"type": "webhook",
"url": "https://your-backend.com/api/compliance"
}
}
}
}
}
}
```
## Destination Types
| Type | Description |
|------|-------------|
| `webhook` | POST to HTTP endpoint |
| `file` | Append to JSONL file |
| `cli` | Execute external command |
| `telemetry` | Use telemetry plugin |
## Events
- `agent_start` / `agent_end` — Session lifecycle
- `cron_start` / `cron_complete` — Cron jobs
- `spawn_start` / `spawn_complete` — Subagent tasks
- `dm_sent` — Agent-to-agent messages
- `message_received` — Human messages (optional, redacted by default)
## Breaking Changes
None. The compliance hook is opt-in and disabled by default.
## Testing
- [x] Build passes
- [x] TypeScript compiles without errors
- [ ] Manual testing with webhook destination
- [ ] Manual testing with file destination
<!-- greptile_comment -->
<h2>Greptile Overview</h2>
<h3>Greptile Summary</h3>
Adds a new bundled `compliance` hook plugin that can log agent lifecycle, cron, spawn, DM, and (optionally) human message events to configurable destinations (webhook/file/CLI/telemetry). Updates several gateway/agent tools to call the compliance handler’s convenience logging functions and removes the previously hardcoded Mission Control logging references from the core hook runner.
The hook works by resolving `hooks.internal.entries.compliance` config at runtime, creating an emitter based on destination type, and emitting structured `ComplianceEvent` objects. Tool integrations (`server-cron`, sessions spawn/send, subagent announce) call `logCron*`/`logSpawn*`/`logDmSent` so the audit trail is captured even outside the standard plugin event stream.
<h3>Confidence Score: 2/5</h3>
- Not safe to merge as-is due to unintended cron-side effects and performance regressions.
- The new compliance hook itself is mostly additive, but `src/gateway/server-cron.ts` now includes extra webhook behavior, sync file reads/JSON parsing, and redundant config reloads on every cron event, plus an unused import. These changes can affect runtime behavior/performance even when the compliance hook is disabled.
- src/gateway/server-cron.ts
<!-- greptile_other_comments_section -->
<sub>(2/5) Greptile learns from your feedback when you react with thumbs up/down!</sub>
<!-- /greptile_comment -->
Most Similar PRs
#19565: feat: add agent lifecycle hook events (session, message, error)
by tag-assistant · 2026-02-17
78.9%
#7771: Hooks: wire lifecycle events and tests
by rabsef-bicrym · 2026-02-03
77.4%
#19922: feat(hooks): add message:received and message:sent hook events
by NOVA-Openclaw · 2026-02-18
76.0%
#3392: fix(hooks): remove debug console.log statements from session-memory...
by WinJayX · 2026-01-28
75.7%
#6630: feat(hooks): add agent:turn_start and agent:turn_end lifecycle events
by drdigital13 · 2026-02-01
75.6%
#20268: feat(hooks): emit subagent:complete internal hook event
by AytuncYildizli · 2026-02-18
75.1%
#16915: fix: await compaction hooks with timeout to prevent cross-session d...
by maximalmargin · 2026-02-15
75.0%
#11597: feat(hooks): implement message:received hook
by gnufoo · 2026-02-08
75.0%
#11153: refactor(hooks): replace console.warn/error with subsystem logger
by hclsys · 2026-02-07
75.0%
#15877: fix(hooks): add debug logging to triggerInternalHook
by Shuai-DaiDai · 2026-02-14
74.8%