Expand description
Security audit events and the AuditSink trait (RFC-012).
CodeAuthEvent represents every notable security event codlet can emit.
All variants are redacted by construction: no plaintext code, token,
session secret, raw lookup key, HMAC key, or raw IP address appears in any
variant (RFC-012 §10.3).
The host application provides an AuditSink implementation and maps
codlet events into its own audit schema, logging backend, or metrics
pipeline. codlet never makes logging decisions for the host.
§Forbidden content
The following must never appear in any event field:
- plaintext code, token, or session secret;
- raw HMAC lookup key or key bytes;
- display name, email, or other personally identifiable free text;
- raw IP address (use a stable fingerprint / hashed value instead).
Structs§
- Noop
Audit Sink - A no-op audit sink that discards every event. Useful as a default when the host has not configured a sink, and for unit tests that do not care about events.
Enums§
- Code
Auth Event - A notable security event emitted by codlet (RFC-012 §10.2).
Traits§
- Audit
Sink - A recipient of security audit events (RFC-012 §3).