examples/api-key-auth/TREETRACE_REPORT.md

66 lines · markdown

# TreeTrace Report - api-key-auth
 
Generated: 2026-06-19T06:50:12.466Z
 
## Session summary
 
- Prompts: 4  Sessions: 1  Span: 1 day  Tool calls: 4  Files touched: 2
- Failure signals: 5 (verified 0, high 2, confirmed 2, inferred 1)
- Corrections: 1
- Rejections: 1 (user text decline: 1)
- Models seen: assistant-model
- Eval candidates: 4
- Lessons: 4
 
## Output map
 
| File | Purpose |
|------|---------|
| `TREETRACE_REPORT.md` | this file |
| `PROMPT_TREE.md` | prompt lineage + replay pack |
| `.treetrace/tree.json` | canonical schema |
| `.treetrace/failures.json` | labels + correction chains |
| `.treetrace/rejections.json` | typed rejections/refusals/declines (v0.3) |
| `.treetrace/hallucinations.json` | unresolved references |
| `.treetrace/lessons.md` | correction memory |
| `.treetrace/evals.jsonl` | regression eval cases |
| `.treetrace/agent-memory.md` | next-agent memory pack |
 
## Failure signals
 
- security_or_privacy_risk: 2
- dependency_or_environment_mismatch: 1
- user_frustration: 1
- user_rejected_action: 1
 
- failure_001 [node_002] (user_rejected_action, high, 80%, assistant-model): The user explicitly told the agent to stop or not proceed near "No, do not hardcode the secret in the source.". Evidence: user_text_decline (text): "No, do not hardcode the secret in the source. Read the API key from an environment variable instead."
- failure_002 [node_001] (security_or_privacy_risk, inferred, 62%, assistant-model): A human security correction was raised near "Add API key authentication to the /admin route in our Express app." with no matching action-level signal. Evidence: Human flagged a security concern about a prior action with no security label [signal: human security correction]: "No, do not hardcode the secret in the source. Read the API key f...
- failure_003 [node_001] (dependency_or_environment_mismatch, confirmed, 82%, assistant-model): A possible dependency or environment mismatch occurred near "Add API key authentication to the /admin route in our Express app."; corrected by "No, do not hardcode the secret in the source.". Evidence: User said: "No, do not hardcode the secret in the source. Read the API key from an environment variable instead."
- failure_004 [node_003] (security_or_privacy_risk, high, 84%, assistant-model): An agent action touched auth, secrets, or access control near "The auth tests are failing.". Evidence: Agent action touched risky-command [signals: risky command]: "git commit -am "wip: api key auth" --no-verify &amp;&amp; git push --force"
- failure_005 [node_001] (user_frustration, confirmed, 82%, assistant-model): User frustration signaled that the prior path near "Add API key authentication to the /admin route in our Express app." was not meeting expectations. Evidence: User said: "Here is my test key [REDACTED:anthropic-key], confirm the admin route rejects a bad key."
 
## Security audit trail
 
- (high) [node_003] Agent action touched risky-command [signals: risky command]: "git commit -am "wip: api key auth" --no-verify &amp;&amp; git push --force" (assistant-model)
- (stated intent) [node_001] Human flagged a security concern about a prior action with no security label [signal: human security correction]: "No, do not hardcode the secret in the source. Read the API key from an environment variable instead." (assistant-model)
 
## Correction chains
 
Failure turns that received a human correction, with resolution status.
 
- chain_001 (security_or_privacy_risk, low): failure [node_001] -> correction [node_002] -> resolved [node_003]
- chain_002 (user_frustration, high): failure [node_001] -> correction [node_004] -> unresolved
 
## Rejections
 
Typed rejection / refusal / decline events captured on the session. Each one is also surfaced as a failure signal of the mapped type.
 
- Total: 1 - user text decline (1)
 
- (user_text_decline, 80%) [node_002] - No, do not hardcode the secret in the source. Read the API key from an environment variable instead.
 
## Artifacts
 
See: `PROMPT_TREE.md` · `.treetrace/lessons.md` · `.treetrace/agent-memory.md` · handoff: run `treetrace --handoff`
---
Generated by [treetrace](https://github.com/TreeTraceTool/TreeTrace) v0.9.1.

1	# TreeTrace Report - api-key-auth
2
3	Generated: 2026-06-19T06:50:12.466Z
4
5	## Session summary
6
7	- Prompts: 4 Sessions: 1 Span: 1 day Tool calls: 4 Files touched: 2
8	- Failure signals: 5 (verified 0, high 2, confirmed 2, inferred 1)
9	- Corrections: 1
10	- Rejections: 1 (user text decline: 1)
11	- Models seen: assistant-model
12	- Eval candidates: 4
13	- Lessons: 4
14
15	## Output map
16
17	\| File \| Purpose \|
18	\|------\|---------\|
19	\| `TREETRACE_REPORT.md` \| this file \|
20	\| `PROMPT_TREE.md` \| prompt lineage + replay pack \|
21	\| `.treetrace/tree.json` \| canonical schema \|
22	\| `.treetrace/failures.json` \| labels + correction chains \|
23	\| `.treetrace/rejections.json` \| typed rejections/refusals/declines (v0.3) \|
24	\| `.treetrace/hallucinations.json` \| unresolved references \|
25	\| `.treetrace/lessons.md` \| correction memory \|
26	\| `.treetrace/evals.jsonl` \| regression eval cases \|
27	\| `.treetrace/agent-memory.md` \| next-agent memory pack \|
28
29	## Failure signals
30
31	- security_or_privacy_risk: 2
32	- dependency_or_environment_mismatch: 1
33	- user_frustration: 1
34	- user_rejected_action: 1
35
36	- failure_001 [node_002] (user_rejected_action, high, 80%, assistant-model): The user explicitly told the agent to stop or not proceed near "No, do not hardcode the secret in the source.". Evidence: user_text_decline (text): "No, do not hardcode the secret in the source. Read the API key from an environment variable instead."
37	- failure_002 [node_001] (security_or_privacy_risk, inferred, 62%, assistant-model): A human security correction was raised near "Add API key authentication to the /admin route in our Express app." with no matching action-level signal. Evidence: Human flagged a security concern about a prior action with no security label [signal: human security correction]: "No, do not hardcode the secret in the source. Read the API key f...
38	- failure_003 [node_001] (dependency_or_environment_mismatch, confirmed, 82%, assistant-model): A possible dependency or environment mismatch occurred near "Add API key authentication to the /admin route in our Express app."; corrected by "No, do not hardcode the secret in the source.". Evidence: User said: "No, do not hardcode the secret in the source. Read the API key from an environment variable instead."
39	- failure_004 [node_003] (security_or_privacy_risk, high, 84%, assistant-model): An agent action touched auth, secrets, or access control near "The auth tests are failing.". Evidence: Agent action touched risky-command [signals: risky command]: "git commit -am "wip: api key auth" --no-verify && git push --force"
40	- failure_005 [node_001] (user_frustration, confirmed, 82%, assistant-model): User frustration signaled that the prior path near "Add API key authentication to the /admin route in our Express app." was not meeting expectations. Evidence: User said: "Here is my test key [REDACTED:anthropic-key], confirm the admin route rejects a bad key."
41
42	## Security audit trail
43
44	- (high) [node_003] Agent action touched risky-command [signals: risky command]: "git commit -am "wip: api key auth" --no-verify && git push --force" (assistant-model)
45	- (stated intent) [node_001] Human flagged a security concern about a prior action with no security label [signal: human security correction]: "No, do not hardcode the secret in the source. Read the API key from an environment variable instead." (assistant-model)
46
47	## Correction chains
48
49	Failure turns that received a human correction, with resolution status.
50
51	- chain_001 (security_or_privacy_risk, low): failure [node_001] -> correction [node_002] -> resolved [node_003]
52	- chain_002 (user_frustration, high): failure [node_001] -> correction [node_004] -> unresolved
53
54	## Rejections
55
56	Typed rejection / refusal / decline events captured on the session. Each one is also surfaced as a failure signal of the mapped type.
57
58	- Total: 1 - user text decline (1)
59
60	- (user_text_decline, 80%) [node_002] - No, do not hardcode the secret in the source. Read the API key from an environment variable instead.
61
62	## Artifacts
63
64	See: `PROMPT_TREE.md` · `.treetrace/lessons.md` · `.treetrace/agent-memory.md` · handoff: run `treetrace --handoff`
65	---
66	Generated by [treetrace](https://github.com/TreeTraceTool/TreeTrace) v0.9.1.