Struct AuditEntry 

pub struct AuditEntry { /* private fields */ }

An immutable, hash-chained record of a single governance event.

Immutability

All fields are private. The only way to create an AuditEntry is via AuditEntry::new. There are no mutation methods.

Hash chain

entry_hash is a SHA-256 digest computed over all tamper-meaningful fields in a canonical byte order (see AuditEntry::new for the full sequence). Each entry commits to previous_hash, linking entries into a tamper-evident chain. The genesis entry uses [0u8; 32] as previous_hash.

Tamper detection

AuditEntry::verify_integrity re-computes the hash from the stored fields and compares it to the stored entry_hash. Any field alteration — including via unsafe code — will cause the re-computed hash to diverge.

Implementations

impl AuditEntry

pub fn new( seq: u64, timestamp_ns: u64, event_type: AuditEventType, agent_id: AgentId, session_id: SessionId, payload: String, previous_hash: [u8; 32], ) -> AuditEntry

Create a new AuditEntry, computing entry_hash over all fields.

Parameters

• seq — monotonic counter within the session; genesis entry is 0.
• timestamp_ns — nanoseconds since the Unix epoch (caller-supplied; use Timestamp::from(SystemTime::now()).as_nanos() in std environments).
• event_type — category of the governance event.
• agent_id — identifier of the agent that produced the event.
• session_id — identifier of the specific agent run.
• payload — pre-serialized UTF-8 string (JSON in practice).
• previous_hash — entry_hash of the preceding entry; [0u8; 32] for the genesis entry.

Canonical hash input (84 fixed bytes + variable payload)

SHA-256(
    seq.to_be_bytes()                  //  8 bytes
    || timestamp_ns.to_be_bytes()      //  8 bytes
    || (event_type as u32).to_be_bytes() // 4 bytes
    || agent_id.as_bytes()             // 16 bytes
    || session_id.as_bytes()           // 16 bytes
    || previous_hash                   // 32 bytes
    || payload.as_bytes()              // variable
)

pub fn new_with_lineage( seq: u64, timestamp_ns: u64, event_type: AuditEventType, agent_id: AgentId, session_id: SessionId, payload: String, previous_hash: [u8; 32], lineage: Lineage, ) -> AuditEntry

Create a new AuditEntry with optional lineage fields, computing entry_hash over all fields including the lineage data.

When lineage is Lineage::default() (all fields None), the resulting entry_hash is identical to that produced by AuditEntry::new with the same base fields, preserving backward compatibility.

pub fn new_with_lineage_and_redaction( seq: u64, timestamp_ns: u64, event_type: AuditEventType, agent_id: AgentId, session_id: SessionId, payload: String, previous_hash: [u8; 32], lineage: Lineage, redaction: Redaction, ) -> AuditEntry

Create a new AuditEntry carrying both lineage data and credential scanner output, computing entry_hash over all tamper-meaningful fields.

When redaction == Redaction::default() (empty findings + None payload), the resulting entry_hash is identical to AuditEntry::new_with_lineage with the same base fields — so callers that don’t have scanner data can continue using the legacy constructors without any chain divergence.

Gated on std because Redaction holds CredentialFinding values, which live in the std-only scanner module.

pub fn seq(&self) -> u64

Monotonic sequence counter within the session.

pub fn timestamp_ns(&self) -> u64

Nanoseconds since the Unix epoch at the time the entry was created.

pub fn event_type(&self) -> AuditEventType

Category of the governance event.

pub fn agent_id(&self) -> AgentId

Identifier of the agent that produced this entry.

pub fn session_id(&self) -> SessionId

Identifier of the specific agent run (session) that produced this entry.

pub fn payload(&self) -> &str

Pre-serialized UTF-8 payload (JSON in practice).

pub fn previous_hash(&self) -> &[u8; 32]

SHA-256 hash of the preceding entry; [0u8; 32] for the genesis entry.

pub fn entry_hash(&self) -> &[u8; 32]

SHA-256 hash computed over all tamper-meaningful fields at construction.

pub fn root_agent_id(&self) -> Option<AgentId>

Root agent identifier in the delegation chain, if present.

pub fn parent_agent_id(&self) -> Option<AgentId>

Parent agent identifier that directly spawned this agent, if present.

pub fn team_id(&self) -> Option<&str>

Team identifier associated with the agent, if present.

pub fn org_id(&self) -> Option<&str>

AAASM-2008 — organization identifier associated with the agent, if present. Mirrors Self::team_id at the multi-tenancy tier.

pub fn delegation_reason(&self) -> Option<&str>

Reason this agent was delegated the action, if present.

pub fn spawned_by_tool(&self) -> Option<&str>

Name of the tool that spawned this agent, if present.

pub fn depth(&self) -> Option<u32>

Delegation depth from the root agent, if present.

pub fn credential_findings(&self) -> &[CredentialFinding]

Credential / PII findings detected by the policy engine’s scanner pass.

Empty when the scan was clean (or when the entry was constructed via a pre-redaction-aware code path). Each CredentialFinding stores only the kind, byte offset, and [REDACTED:<kind>] label — never the raw secret bytes.

pub fn redacted_payload(&self) -> Option<&str>

Redacted version of the action payload, if the scanner produced findings.

None when the scan was clean. When Some, every detected secret has been replaced with its [REDACTED:<kind>] label so the audit trail itself never leaks the raw secret.

pub fn verify_integrity(&self) -> bool

Returns true if the stored entry_hash matches a fresh re-computation over the stored fields.

Returns false if any field has been altered after construction — including via unsafe code.

Trait Implementations

impl Clone for AuditEntry

fn clone(&self) -> AuditEntry

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for AuditEntry

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for AuditEntry

fn deserialize<__D>( __deserializer: __D, ) -> Result<AuditEntry, <__D as Deserializer<'de>>::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Display for AuditEntry

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Human-readable one-line representation suitable for log output.

Format: [seq=N ts=T agent=HEX session=HEX event=TypeName]

payload is omitted from Display — it may be arbitrarily large. Use AuditEntry::payload to access the full payload string.

impl Eq for AuditEntry

impl PartialEq for AuditEntry

fn eq(&self, other: &AuditEntry) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for AuditEntry

fn serialize<__S>( &self, __serializer: __S, ) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl StructuralPartialEq for AuditEntry