taudit-api 0.4.0

Stable wire types for taudit JSON / SARIF / CloudEvents output. Public contract for downstream consumers (tsign, axiom, custom integrations). 0.x: contract is not frozen — review on every minor bump until 1.0.
Documentation

taudit-api — stable wire types for JSON / SARIF / CloudEvents

This crate owns every Rust type that appears in taudit's emitted output (JSON taudit-report.schema.json, JSON authority-graph.v1.json, SARIF result.message.text and result.ruleId, CloudEvents tauditruleid / tauditfindingfingerprint extension attributes).

Stability promise (0.x)

While at 0.x:

  • Additive changes (new variants, new fields) MAY ship in any minor bump. Consumers should pin a minor (taudit-api = "0.1") and review on each upgrade.
  • Breaking changes (renamed fields, removed variants, changed serde representations) trigger a 0.{N+1} minor bump and a CHANGELOG migration note.

At 1.0, the promise lifts: only 2.0 permits breaking changes; all 1.x minor bumps are additive.

Use in downstream tooling

Downstream consumers (tsign, axiom, custom SIEM integrations, Backstage plugins) should depend on taudit-api directly rather than taudit-core. taudit-core is workspace-internal and may break between minors; taudit-api is the public contract.

See ADR 0001 (graph as product) and ADR 0004 (prereleases publish to crates.io).