use crate::context::AuthsContext;
pub fn emit_audit(ctx: &AuthsContext, actor_did: &str, action: &str, status: &str) {
let now = ctx.clock.now().timestamp();
let event = auths_telemetry::build_audit_event(actor_did, action, status, now);
let payload = serde_json::to_string(&event).unwrap_or_else(|e| {
serde_json::json!({
"event": "audit_serialization_failure",
"actor": actor_did,
"action": action,
"status": status,
"ts": now,
"error": e.to_string(),
})
.to_string()
});
ctx.event_sink.emit(&payload);
}
pub fn emit_policy_decision(
ctx: &AuthsContext,
surface: &str,
subject_did: &str,
decision: &auths_id::policy::Decision,
) {
let hash = decision
.policy_hash
.map(hex::encode)
.unwrap_or_else(|| "none".to_string());
let status = format!("{}:{} policy={}", decision.outcome, decision.reason, hash);
emit_audit(ctx, subject_did, &format!("policy:{surface}"), &status);
}