Skip to main content

AuditEntry

aa_core::audit

Struct AuditEntry 

Source 
pub struct AuditEntry { /* private fields */ }
Expand description

An immutable, hash-chained record of a single governance event.

§Immutability

All fields are private. The only way to create an AuditEntry is via AuditEntry::new. There are no mutation methods.

§Hash chain

entry_hash is a SHA-256 digest computed over all tamper-meaningful fields in a canonical byte order (see AuditEntry::new for the full sequence). Each entry commits to previous_hash, linking entries into a tamper-evident chain. The genesis entry uses [0u8; 32] as previous_hash.

§Tamper detection

AuditEntry::verify_integrity re-computes the hash from the stored fields and compares it to the stored entry_hash. Any field alteration — including via unsafe code — will cause the re-computed hash to diverge.

Implementations§

Source§

impl AuditEntry

Source

pub fn new( seq: u64, timestamp_ns: u64, event_type: AuditEventType, agent_id: AgentId, session_id: SessionId, payload: String, previous_hash: [u8; 32], ) -> Self

Create a new AuditEntry, computing entry_hash over all fields.

§Parameters
  • seq — monotonic counter within the session; genesis entry is 0.
  • timestamp_ns — nanoseconds since the Unix epoch (caller-supplied; use Timestamp::from(SystemTime::now()).as_nanos() in std environments).
  • event_type — category of the governance event.
  • agent_id — identifier of the agent that produced the event.
  • session_id — identifier of the specific agent run.
  • payload — pre-serialized UTF-8 string (JSON in practice).
  • previous_hashentry_hash of the preceding entry; [0u8; 32] for the genesis entry.
§Canonical hash input (84 fixed bytes + variable payload)
SHA-256(
    seq.to_be_bytes()                  //  8 bytes
    || timestamp_ns.to_be_bytes()      //  8 bytes
    || (event_type as u32).to_be_bytes() // 4 bytes
    || agent_id.as_bytes()             // 16 bytes
    || session_id.as_bytes()           // 16 bytes
    || previous_hash                   // 32 bytes
    || payload.as_bytes()              // variable
)
Source

pub fn new_with_lineage( seq: u64, timestamp_ns: u64, event_type: AuditEventType, agent_id: AgentId, session_id: SessionId, payload: String, previous_hash: [u8; 32], lineage: Lineage, ) -> Self

Create a new AuditEntry with optional lineage fields, computing entry_hash over all fields including the lineage data.

When lineage is Lineage::default() (all fields None), the resulting entry_hash is identical to that produced by AuditEntry::new with the same base fields, preserving backward compatibility.

Source

pub fn new_with_lineage_and_redaction( seq: u64, timestamp_ns: u64, event_type: AuditEventType, agent_id: AgentId, session_id: SessionId, payload: String, previous_hash: [u8; 32], lineage: Lineage, redaction: Redaction, ) -> Self

Create a new AuditEntry carrying both lineage data and credential scanner output, computing entry_hash over all tamper-meaningful fields.

When redaction == Redaction::default() (empty findings + None payload), the resulting entry_hash is identical to AuditEntry::new_with_lineage with the same base fields — so callers that don’t have scanner data can continue using the legacy constructors without any chain divergence.

Gated on std because Redaction holds CredentialFinding values, which live in the std-only scanner module.

Source

pub fn seq(&self) -> u64

Monotonic sequence counter within the session.

Source

pub fn timestamp_ns(&self) -> u64

Nanoseconds since the Unix epoch at the time the entry was created.

Source

pub fn event_type(&self) -> AuditEventType

Category of the governance event.

Source

pub fn agent_id(&self) -> AgentId

Identifier of the agent that produced this entry.

Source

pub fn session_id(&self) -> SessionId

Identifier of the specific agent run (session) that produced this entry.

Source

pub fn payload(&self) -> &str

Pre-serialized UTF-8 payload (JSON in practice).

Source

pub fn previous_hash(&self) -> &[u8; 32]

SHA-256 hash of the preceding entry; [0u8; 32] for the genesis entry.

Source

pub fn entry_hash(&self) -> &[u8; 32]

SHA-256 hash computed over all tamper-meaningful fields at construction.

Source

pub fn root_agent_id(&self) -> Option<AgentId>

Root agent identifier in the delegation chain, if present.

Source

pub fn parent_agent_id(&self) -> Option<AgentId>

Parent agent identifier that directly spawned this agent, if present.

Source

pub fn team_id(&self) -> Option<&str>

Team identifier associated with the agent, if present.

Source

pub fn org_id(&self) -> Option<&str>

AAASM-2008 — organization identifier associated with the agent, if present. Mirrors Self::team_id at the multi-tenancy tier.

Source

pub fn delegation_reason(&self) -> Option<&str>

Reason this agent was delegated the action, if present.

Source

pub fn spawned_by_tool(&self) -> Option<&str>

Name of the tool that spawned this agent, if present.

Source

pub fn depth(&self) -> Option<u32>

Delegation depth from the root agent, if present.

Source

pub fn credential_findings(&self) -> &[CredentialFinding]

Credential / PII findings detected by the policy engine’s scanner pass.

Empty when the scan was clean (or when the entry was constructed via a pre-redaction-aware code path). Each CredentialFinding stores only the kind, byte offset, and [REDACTED:<kind>] label — never the raw secret bytes.

Source

pub fn redacted_payload(&self) -> Option<&str>

Redacted version of the action payload, if the scanner produced findings.

None when the scan was clean. When Some, every detected secret has been replaced with its [REDACTED:<kind>] label so the audit trail itself never leaks the raw secret.

Source

pub fn verify_integrity(&self) -> bool

Returns true if the stored entry_hash matches a fresh re-computation over the stored fields.

Returns false if any field has been altered after construction — including via unsafe code.

Trait Implementations§

Source§

impl Clone for AuditEntry

Source§

fn clone(&self) -> AuditEntry

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for AuditEntry

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Display for AuditEntry

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Human-readable one-line representation suitable for log output.

Format: [seq=N ts=T agent=HEX session=HEX event=TypeName]

payload is omitted from Display — it may be arbitrarily large. Use AuditEntry::payload to access the full payload string.

Source§

impl Eq for AuditEntry

Source§

impl PartialEq for AuditEntry

Source§

fn eq(&self, other: &AuditEntry) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl StructuralPartialEq for AuditEntry

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.