Module event_log 

Unified kernel OS event log — category taxonomy for observations and session events.

Phase 5: every kernel decision is classifiable as syscall / sched / mm / proc / ipc so SDK session logs can be audited and replayed as a single OS event stream.

Three-primitives lens (M4): every kernel event rolls up to exactly one of the three kernel primitives — P1 syscall (the adjudication trap), P2 sched (the TCB/task table + the scheduler), P3 mm (the handle table + paging). The five wire categories above are retained as finer-grained audit labels (a stable, shipped field), but proc and ipc are facets of the P2 scheduler — the process table is the task table, and signal disposition feeds the scheduler — so they project onto Primitive::Sched. See KernelEventCategory::primitive.

Enums

KernelEventCategory

Agent OS event category (kernel decision plane). Finer-grained than Primitive; retained as a stable wire field. Use KernelEventCategory::primitive for the three-primitives rollup.

Primitive

One of the three kernel primitives every OS event belongs to (the canonical decision planes).

Constants

KERNEL_OBSERVATION_KINDS

All kernel observation kinds that should appear in a unified OS event log.

Functions

category_for_kind

Snake_case observation / session kind string.

primitive_for_kind

The kernel primitive an observation/session kind belongs to (three-primitives rollup).