Skip to main content

AuditEvent

ap_client::traits

Enum AuditEvent 

Source 
#[non_exhaustive]
pub enum AuditEvent<'a> {
    ConnectionEstablished {
        remote_identity: &'a IdentityFingerprint,
        remote_name: Option<&'a str>,
        connection_type: AuditConnectionType,
    },
    SessionRefreshed {
        remote_identity: &'a IdentityFingerprint,
    },
    ConnectionRejected {
        remote_identity: &'a IdentityFingerprint,
    },
    CredentialRequested {
        query: &'a CredentialQuery,
        remote_identity: &'a IdentityFingerprint,
        request_id: &'a str,
    },
    CredentialApproved {
        query: &'a CredentialQuery,
        domain: Option<&'a str>,
        remote_identity: &'a IdentityFingerprint,
        request_id: &'a str,
        credential_id: Option<&'a str>,
        fields: CredentialFieldSet,
    },
    CredentialDenied {
        query: &'a CredentialQuery,
        domain: Option<&'a str>,
        remote_identity: &'a IdentityFingerprint,
        request_id: &'a str,
        credential_id: Option<&'a str>,
    },
}
Expand description

Audit events emitted by the [UserClient] (trusted device) for security-relevant actions.

Each variant represents a discrete, auditable action in the access protocol. Implementations of AuditLog receive these events and can persist them to files, databases, or external services.

§Field conventions

  • remote_identity — the IdentityFingerprint of the remote (untrusted) device. This is a stable 32-byte identifier derived from the device’s persistent public key.
  • remote_name — optional human-friendly label assigned by the user when pairing (e.g., “Work Laptop”). Only available on connection events.
  • request_id — unique per-request correlation token generated by the remote client. Use this to correlate CredentialRequestedCredentialApproved/CredentialDenied.
  • query — the CredentialQuery that triggered the lookup.
  • domain — the credential’s domain (from the matched vault item), if available.

This enum is #[non_exhaustive] — new variants may be added in future versions. Implementations should include a _ => {} catch-all arm when matching.

Variants (Non-exhaustive)§

This enum is marked as non-exhaustive
Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.
§

ConnectionEstablished

A new remote device completed the Noise handshake and was accepted as trusted.

Emitted once per new pairing, after the session is cached. For rendezvous connections, this fires only after the user has explicitly approved the fingerprint verification. For PSK connections, trust is implicit via the shared secret.

Fields

§remote_identity: &'a IdentityFingerprint
§remote_name: Option<&'a str>
§connection_type: AuditConnectionType
§

SessionRefreshed

A previously-paired device reconnected and refreshed its transport keys.

This is a routine reconnection of an already-trusted device — no user approval is needed. The Noise handshake runs again to derive fresh encryption keys, but the device was already verified during the original pairing.

Fields

§remote_identity: &'a IdentityFingerprint
§

ConnectionRejected

A new connection attempt was rejected during fingerprint verification.

The user was shown the handshake fingerprint and chose to reject it, meaning the remote device was not added to the trusted session cache. Only applies to rendezvous connections (PSK connections skip verification).

Fields

§remote_identity: &'a IdentityFingerprint
§

CredentialRequested

A remote device sent a request for credentials.

Emitted when the encrypted request is received and decrypted. At this point the request is pending user approval — no credential data has been shared yet.

Fields

§query: &'a CredentialQuery
§remote_identity: &'a IdentityFingerprint
§request_id: &'a str
§

CredentialApproved

A credential request was approved and the credential was sent to the remote device.

The fields indicate which credential fields were included (e.g., username, password, TOTP) without revealing the actual values.

Fields

§query: &'a CredentialQuery
§domain: Option<&'a str>
§remote_identity: &'a IdentityFingerprint
§request_id: &'a str
§credential_id: Option<&'a str>
§fields: CredentialFieldSet
§

CredentialDenied

A credential request was denied by the user.

No credential data was sent to the remote device.

Fields

§query: &'a CredentialQuery
§domain: Option<&'a str>
§remote_identity: &'a IdentityFingerprint
§request_id: &'a str
§credential_id: Option<&'a str>

Trait Implementations§

Source§

impl<'a> Clone for AuditEvent<'a>

Source§

fn clone(&self) -> AuditEvent<'a>

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<'a> Debug for AuditEvent<'a>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl<'a> Freeze for AuditEvent<'a>

§

impl<'a> RefUnwindSafe for AuditEvent<'a>

§

impl<'a> Send for AuditEvent<'a>

§

impl<'a> Sync for AuditEvent<'a>

§

impl<'a> Unpin for AuditEvent<'a>

§

impl<'a> UnsafeUnpin for AuditEvent<'a>

§

impl<'a> UnwindSafe for AuditEvent<'a>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more