pub struct PreOutcome {
pub action_id: ActionId,
pub manifests_attached: usize,
pub severity: Severity,
pub gaps: Vec<String>,
}Expand description
Outcome summary for logging and, crucially, for the binary’s runtime
warning. gaps holds the loud protection-gap messages (snapshot failures,
truncations) — non-empty means coverage is incomplete. The binary warns
when a destructive+ action has gaps, so “I ran but couldn’t fully protect
you” is never silent (audit round 9).
Fields§
§action_id: ActionId§manifests_attached: usize§severity: Severity§gaps: Vec<String>Implementations§
Source§impl PreOutcome
impl PreOutcome
Sourcepub fn needs_warning(&self) -> bool
pub fn needs_warning(&self) -> bool
True when the binary should emit a loud (but non-blocking) warning: any
protection gap at all. gaps is only ever populated when a snapshot was
ATTEMPTED (a destructive scope, or the defensive cwd snapshot for an
unknown command) and it failed or truncated — so a non-empty gaps
always means “we tried to protect you and couldn’t fully.” Gating this
on severity >= Destructive (as the first cut did) wrongly silenced the
unknown path, which is exactly where we defend BECAUSE the command might
be destructive. Safe/mutating commands never snapshot, so never warn.