1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
//! Audit event emission convenience for SDK operations.
use crateAuthsContext;
/// Emit a structured audit event through the SDK context's event sink.
///
/// Args:
/// * `ctx`: The runtime context providing the event sink.
/// * `actor_did`: The DID of the acting principal.
/// * `action`: The action being performed (e.g. `"sign:commit"`, `"mcp:deploy"`).
/// * `status`: The outcome (e.g. `"Success"`, `"Denied"`).
///
/// Usage:
/// ```ignore
/// emit_audit(&ctx, &agent_did, "sign:commit", "Success");
/// ```
/// Emit an audit event for a policy-enforcement decision (E1 A5).
///
/// Records every enforcement decision — allow **and** deny — so denials are
/// observable and traceability is measurable. The status carries the typed outcome,
/// reason code, and the policy hash (audit pinning). Called by the enforcement
/// callers (commit + request paths); the policy gate itself stays side-effect-free.
///
/// Args:
/// * `ctx`: The runtime context providing the event sink + clock.
/// * `surface`: The enforcement surface (e.g. `"commit"`, `"request"`).
/// * `subject_did`: The principal the decision was made about.
/// * `decision`: The typed policy decision.
///
/// Usage:
/// ```ignore
/// emit_policy_decision(&ctx, "commit", &signer_did, &decision);
/// ```