Skip to main content

Crate aex_audit

Crate aex_audit 

Source
Expand description

Tamper-evident audit log.

Every business-meaningful action in the Agent Exchange Protocol (AEX) — agent registration, transfer initiation, scanner verdict, policy decision, delivery, revocation — writes an Event to an AuditLog.

§Integrity model

Events are hash-chained: each event stores the hash of the previous event. This means any retroactive modification of an event breaks the chain for every event that followed — you cannot rewrite history without producing a visibly different chain head.

Chain-head hashes are the basis for future Merkle-batching and Sigstore Rekor submission (Phase G1). When that lands, the interface here does not change — AuditLog::current_head just starts being submitted to Rekor periodically.

§Implementations

  • MemoryAuditLog — in-memory, used by tests and M1 demo.
  • FileAuditLog — append-only JSONL file, one line per event. Used by the dev-tier control plane.
  • (Phase 2) PostgresAuditLog — events in Postgres with a maintained chain_head table for fast reads.
  • (Phase G1) RekorAnchoredAuditLog<Inner> — wraps any inner log and periodically submits chain heads to the Sigstore Rekor transparency log.

Re-exports§

pub use error::AuditError;
pub use error::AuditResult;
pub use event::Event;
pub use event::EventKind;
pub use event::EventReceipt;
pub use file_log::FileAuditLog;
pub use memory_log::MemoryAuditLog;
pub use rekor::LoggingRekorSubmitter;
pub use rekor::RekorAnchoredAuditLog;
pub use rekor::RekorReceipt;
pub use rekor::RekorSubmitter;
pub use rekor::StubRekorSubmitter;

Modules§

error
event
Event types, canonical serialization, and hash computation.
file_log
File-backed AuditLog: append-only JSONL with a chain head cached in memory for fast append/current_head.
memory_log
In-memory AuditLog used by tests and the M1 demo.
rekor
Sigstore Rekor transparency-log anchoring.

Constants§

GENESIS_HEAD
Sentinel value used as the prev_hash of the first event in a fresh chain. Chosen as the all-zeros 32-byte hash encoded as hex — sha256 of the empty string would also work, but all-zeros is unambiguous and does not accidentally match any real event.

Traits§

AuditLog
Core audit log trait.