Skip to main content

zeph_common/
security_event.rs

1// SPDX-FileCopyrightText: 2026 Andrei G <bug-ops>
2// SPDX-License-Identifier: MIT OR Apache-2.0
3
4//! Security event category shared across Zeph crates.
5//!
6//! Moved from `zeph-core::metrics` so that `zeph-agent-context` can define a
7//! `SecurityEventSink` trait without depending on `zeph-core`.
8
9/// Category of a security event used for TUI display and audit logging.
10///
11/// Each variant maps to a short string key via [`SecurityEventCategory::as_str`].
12#[derive(Debug, Clone, Copy, PartialEq, Eq)]
13pub enum SecurityEventCategory {
14    /// Prompt-injection flag raised by the sanitizer.
15    InjectionFlag,
16    /// ML classifier hard-blocked tool output (`enforcement_mode=block` only).
17    InjectionBlocked,
18    /// Potential data exfiltration blocked by the sanitizer.
19    ExfiltrationBlock,
20    /// Content quarantined for human review.
21    Quarantine,
22    /// Output truncated due to length or injection risk.
23    Truncation,
24    /// Request rate-limited.
25    RateLimit,
26    /// Memory write validation rejected the content.
27    MemoryValidation,
28    /// Tool call blocked before execution.
29    PreExecutionBlock,
30    /// Tool call flagged as suspicious before execution.
31    PreExecutionWarn,
32    /// LLM response failed post-generation verification.
33    ResponseVerification,
34    /// `TurnCausalAnalyzer` flagged behavioral deviation at tool-return boundary.
35    CausalIpiFlag,
36    /// MCP tool result crossing into an ACP-serving session boundary.
37    CrossBoundaryMcpToAcp,
38    /// VIGIL pre-sanitizer gate flagged a tool output.
39    VigilFlag,
40}
41
42impl SecurityEventCategory {
43    /// Returns a short ASCII string key for this category.
44    ///
45    /// Used as the `category` column in audit logs and TUI display.
46    #[must_use]
47    pub fn as_str(self) -> &'static str {
48        match self {
49            Self::InjectionFlag => "injection",
50            Self::InjectionBlocked => "injection_blocked",
51            Self::ExfiltrationBlock => "exfil",
52            Self::Quarantine => "quarantine",
53            Self::Truncation => "truncation",
54            Self::RateLimit => "rate_limit",
55            Self::MemoryValidation => "memory_validation",
56            Self::PreExecutionBlock => "pre_exec_block",
57            Self::PreExecutionWarn => "pre_exec_warn",
58            Self::ResponseVerification => "response_verify",
59            Self::CausalIpiFlag => "causal_ipi",
60            Self::CrossBoundaryMcpToAcp => "cross_boundary_mcp_to_acp",
61            Self::VigilFlag => "vigil",
62        }
63    }
64}