Struct ObserverQuarantine 

pub struct ObserverQuarantine {
    pub schema_version: u16,
    pub observer_module_digest: [u8; 32],
    pub quarantine_tick: Tick,
    pub trap_class: ObserverTrapClass,
    pub attestation_class: RuntimeSignatureClass,
}

ObserverQuarantine — chain-anchored Observer host v2 trap- quarantine receipt (E15 axiom).

Emitted by the runtime supervisor when an observer wasm execution trips a sandbox-boundary failure (panic / budget / capability denial / other trap). The receipt anchors the operator’s audit trail without observer wasm authorship — chain-non-affecting clause 3: the host supervises emission.

Trigger boundary: only ObserverError variants from the host trip Quarantine emission. CapabilityExecutionError (PG unreachable etc.) is operational, NOT chain-anchored — those surface via metric / runtime_doctor_journal instead.

Replay-side verification: replay re-checks the observer_module_digest against the bytes the manifest pinned at registration time (mirrors HookModuleRegister’s replay verification). Mismatch indicates manifest tampering or operator mis-deployment.

3-tier ingestion mirror: attestation_class records the observer module’s ingestion attestation tier (Tier 1 BLAKE3 digest pin active by default; Tier 2 sigstore + Tier 3 cargo-vet scaffolded). Per-Quarantine the attestation_class reflects the state at registration time so audit logs distinguish “trapped after Tier-1-only ingestion” from Tier-2/3 paths.

Fields

schema_version: u16

Wire schema version.

observer_module_digest: [u8; 32]

BLAKE3 digest of the registered observer module bytes that trapped. Equals the expected_digest the operator pinned at registration; recorded so replay can re-verify the module bytes against the same hash.

quarantine_tick: Tick

Tick at which the trap occurred + Quarantine was emitted by the host supervisor.

trap_class: ObserverTrapClass

Trap classification — distinguishes panic / budget / cap- deny / other for forensic + operator triage.

attestation_class: RuntimeSignatureClass

Attestation class signalling the Tier 2/3 ingestion state at registration time. The default path is RuntimeSignatureClass::None (Tier 1 BLAKE3 digest pin only); Tier 2/3 paths set Ed25519 / MlDsa65 / Hybrid.

Semantics distinction: in this ObserverQuarantine context the value records the observer module ingestion attestation tier — NOT the event-signing class. The Quarantine event itself is chain-anchored under the runtime’s standard signing path (E13 shell-per-tick SignatureClassPolicy), independent of this field.

Trait Implementations

impl ArkheEvent for ObserverQuarantine

const TYPE_CODE: u32 = 200460u32

Runtime TypeCode registry pin — Core Events live in 0x0003_0F00..=0x0003_FFFF (TypeCode sub-range split).

const SCHEMA_VERSION: u16 = 1u16

Monotone schema version — same rules as ArkheComponent.

fn type_code() -> TypeCode

Convenience TypeCode accessor.

impl Clone for ObserverQuarantine

fn clone(&self) -> ObserverQuarantine

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for ObserverQuarantine

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for ObserverQuarantine

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl PartialEq for ObserverQuarantine

fn eq(&self, other: &ObserverQuarantine) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for ObserverQuarantine

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Eq for ObserverQuarantine

impl StructuralPartialEq for ObserverQuarantine