# Constraint Native Sample Replay Audit

Artifact status: sample evidence based on the deterministic Agent Firewall demo shape.

Replay status: inspection-ready

## Replay Purpose

The replay audit explains what a platform or security reviewer should be able to inspect after a governed local agent run: what happened, what policy decided, what was blocked or quarantined, and whether the recorded proof path can be verified later.

## Replay Sequence

1. Session opened under Constraint Native policy.
2. The agent received a scoped `file.read` capability grant for a fixture path.
3. A clean read completed through the broker.
4. Hostile tool output was marked tainted and quarantined.
5. Tainted output was kept out of durable memory and context replay.
6. An unsafe workspace write was denied before execution.
7. An unapproved network attempt was denied.
8. A canary-secret exposure attempt was blocked.
9. An elevated action requested approval.
10. The approval was not granted, so the action did not execute.
11. The proof path verified with a valid sample signature chain.

## Buyer-Relevant Interpretation

Constraint Native is not positioned as broad traction or compliance certification. It is positioned as runtime governance evidence: a local Agent Firewall and MCP Gateway can produce replayable audit trails for coding-agent action before execution.

## Next Live Export

For grant, fellowship, or external security review, generate a fresh proof path from a current scoped workflow and replace this sample with the exported path, blast-radius report, and replay audit.