Module audit 

Structured per-call audit events + pluggable sinks.

AuditSink is the observation hook called at dispatch return points. It sits OUTSIDE Middleware (a wire-reply rewriter) because audit observes metadata about every outcome — including failures — and never carries the result/error body (no PHI exit). Middleware rewrites the body the LLM sees (on_result for success / ExecutionFailed, on_error for Response::Error); AuditSink records who/what/when.

JsonLinesAuditSink writes one JSON object per line via a dedicated std thread drain over a bounded std::sync::mpsc::sync_channel. SP-concurrency-baseline §5.4 introduced the queue to decouple the dispatch hot path from synchronous file I/O; SP-observability- completeness-v1 Axis B made the queue-full policy selectable (BackpressureStrategy: Drop default / Block / FallbackSink) and moved the drain to a std thread, so construction no longer requires a tokio runtime context.

Structs

CallEvent

One per-call audit event. Emitted at every Request::RunTool return point (success, invalid_args, execution_failed, cap_denied, rate_limited, tool_not_found). Ping / Hello / ToolList / ToolSchema do NOT emit events in v1.

CapProvenance

SP-observability-completeness-v1 Axis C — one capability + how it was granted. The granted_capabilities field on CallEvent records the result set; this records the source of each.

JsonLinesAuditSink

SP-concurrency-baseline §5.4 + SP-observability-completeness-v1 Axis B. Writes one JSON object per line to the wrapped writer via a dedicated std thread drain. Behaviour when the bounded channel is full is selectable via BackpressureStrategy:

Enums

BackpressureStrategy

SP-observability-completeness-v1 Axis B. How a sink behaves when its internal queue is full at on_call time.

Outcome

Outcome variants cover the full dispatch-return space for RunTool.

ProvSource

Where a granted capability came from (architecture §5.2 — the two composing mechanisms whose union forms granted_capabilities).

Constants

DEFAULT_AUDIT_QUEUE_CAPACITY

Default channel capacity. 1024 events × ~500 bytes ≈ 512 KB peak buffer; drains at the rate the wrapped writer can absorb (typical disk write rate: 10k events/s sustained, transient bursts much higher).

SCHEMA_VERSION

Audit schema version. Consumers should branch on this if future breaking changes land.

Traits

AuditSink

Observer hook. on_call is invoked synchronously on the dispatch path; its behaviour under queue pressure is the sink’s backpressure_strategy. Must not panic.

Functions

now_rfc3339

Produce an RFC 3339 UTC timestamp string suitable for CallEvent::ts. Dispatch sites use this rather than calling chrono directly so the format stays consistent.