Skip to main content

camel_component_exec/
audit.rs

1//! audit.rs — one structured audit event per execution (security-relevant).
2
3use std::time::Duration;
4
5pub struct ExecAuditEvent<'a> {
6    pub route_id: &'a str,
7    pub profile: &'a str,
8    /// Startup-pinned path, NOT symlink-resolved (CONTEXT.md "Canonical executable / pin").
9    pub canonical_executable: &'a str,
10    pub args: &'a [String],
11    pub env_keys: Vec<&'a str>, // keys only, never values
12    pub cwd: &'a str,
13    pub exit_code: Option<i32>,
14    pub timed_out: bool,
15    pub stdout_truncated: bool,
16    pub stderr_truncated: bool,
17    pub duration: Duration,
18}
19
20pub(crate) fn emit(ev: &ExecAuditEvent<'_>) {
21    // I-3: redacted summary at info! (never leak args — they are a primary injection
22    // vector in the agentic threat model); full command line at debug! only.
23    tracing::info!(
24        route_id = ev.route_id,
25        profile = ev.profile,
26        exe = ev.canonical_executable,
27        arg_count = ev.args.len(),
28        env_keys = ?ev.env_keys,
29        cwd = ev.cwd,
30        exit_code = ?ev.exit_code,
31        timed_out = ev.timed_out,
32        stdout_truncated = ev.stdout_truncated,
33        stderr_truncated = ev.stderr_truncated,
34        dur_ms = ev.duration.as_millis() as u64,
35        "exec audit"
36    );
37    tracing::debug!(
38        route_id = ev.route_id,
39        exe = ev.canonical_executable,
40        args = ?ev.args,
41        "exec command line"
42    );
43}