1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
//! Astrid Audit - Chain-linked cryptographic audit logging.
//!
//! This crate provides:
//! - Cryptographically signed audit entries
//! - Chain-linked entries (each contains hash of previous)
//! - Persistent storage with `SurrealKV`
//! - Chain integrity verification
//!
//! # Security Model
//!
//! Every audit entry is:
//! - Signed by the runtime's ed25519 key
//! - Linked to the previous entry via content hash
//! - Timestamped
//! - Indexed by session
//!
//! The chain linking provides tamper evidence - any modification
//! to historical entries breaks the chain and is detectable.
//!
//! # Example
//!
//! ```
//! use astrid_audit::{AuditLog, AuditAction, AuditOutcome, AuthorizationProof};
//! use astrid_core::SessionId;
//! use astrid_crypto::KeyPair;
//!
//! // Create an in-memory audit log
//! let runtime_key = KeyPair::generate();
//! let user_id = runtime_key.key_id();
//! let log = AuditLog::in_memory(runtime_key);
//!
//! // Start a session
//! let session_id = SessionId::new();
//!
//! // Record an action
//! let entry_id = log.append(
//! session_id.clone(),
//! AuditAction::SessionStarted {
//! user_id,
//! platform: "cli".to_string(),
//! },
//! AuthorizationProof::System {
//! reason: "session start".to_string(),
//! },
//! AuditOutcome::success(),
//! ).unwrap();
//!
//! // Verify chain integrity
//! let result = log.verify_chain(&session_id).unwrap();
//! assert!(result.valid);
//! ```
pub use ;
pub use ;
pub use ;
// Re-export AuditEntryId from capabilities for convenience
pub use AuditEntryId;