Skip to main content

camel_component_exec/
audit.rs

1//! audit.rs — one structured audit event per execution (security-relevant).
2
3use std::time::Duration;
4
5pub struct ExecAuditEvent<'a> {
6    pub route_id: &'a str,
7    pub profile: &'a str,
8    pub canonical_executable: &'a str,
9    pub args: &'a [String],
10    pub env_keys: Vec<&'a str>, // keys only, never values
11    pub cwd: &'a str,
12    pub exit_code: Option<i32>,
13    pub timed_out: bool,
14    pub stdout_truncated: bool,
15    pub stderr_truncated: bool,
16    pub duration: Duration,
17}
18
19pub(crate) fn emit(ev: &ExecAuditEvent<'_>) {
20    // I-3: redacted summary at info! (never leak args — they are a primary injection
21    // vector in the agentic threat model); full command line at debug! only.
22    tracing::info!(
23        route_id = ev.route_id,
24        profile = ev.profile,
25        exe = ev.canonical_executable,
26        arg_count = ev.args.len(),
27        env_keys = ?ev.env_keys,
28        cwd = ev.cwd,
29        exit_code = ?ev.exit_code,
30        timed_out = ev.timed_out,
31        stdout_truncated = ev.stdout_truncated,
32        stderr_truncated = ev.stderr_truncated,
33        dur_ms = ev.duration.as_millis() as u64,
34        "exec audit"
35    );
36    tracing::debug!(
37        route_id = ev.route_id,
38        exe = ev.canonical_executable,
39        args = ?ev.args,
40        "exec command line"
41    );
42}