Skip to main content

a3s_box_core/traits/
audit.rs

1//! Audit sink abstraction.
2//!
3//! Decouples audit event recording from the file-based JSON-lines
4//! implementation in `a3s-box-runtime`. Implementations can write to
5//! any backend: files, databases, SIEM systems, cloud logging, etc.
6
7use crate::audit::AuditEvent;
8use crate::error::Result;
9
10/// Abstraction over audit event recording.
11///
12/// The runtime calls `record` whenever a security-relevant action occurs
13/// (box creation, exec commands, image pulls, etc.). Implementations
14/// decide how and where to persist these events.
15///
16/// # Thread Safety
17///
18/// Implementations must be `Send + Sync`. Concurrent `record` calls
19/// must be safe.
20pub trait AuditSink: Send + Sync {
21    /// Record an audit event.
22    ///
23    /// Implementations should be best-effort — a failure to record
24    /// an audit event should not prevent the audited operation from
25    /// proceeding. Callers may log the error but will not propagate it.
26    fn record(&self, event: &AuditEvent) -> Result<()>;
27
28    /// Flush any buffered events to the underlying storage.
29    ///
30    /// Called during graceful shutdown. Default implementation is a no-op.
31    fn flush(&self) -> Result<()> {
32        Ok(())
33    }
34}