Module audit 

The audit sink. Every decision hackamore makes — allow or deny — is recorded. The trait lets the data plane stay oblivious to where records go; v1 ships an in-memory sink (used by tests and introspection) and a tracing sink for operations.

Structs

FileAudit

A durable, queryable audit sink: appends each event as one JSON line (JSONL) to a file, flushed per record so a crash loses at most the in-flight event. The file is a stable append-only log a SIEM or jq can tail and query, unlike the ephemeral tracing stream. A write failure is logged (the request path must not fail because audit I/O did) — operators should alarm on the audit write failed event.

InMemoryAudit

Collects events in memory. Used by tests and for local introspection.

TracingAudit

Emits each event as a structured tracing record.

Traits

AuditSink

Receives one immutable AuditEvent per decision. Implementations must be cheap and non-blocking; the data plane records on the request path.