Module monitor 

Layer 8 — Security monitor.

A SecurityMonitor is the vault’s outbound channel for anomaly events: repeated decryption failures, unusual access patterns, and threshold breaches. Monitor calls happen on the failure path only; the success path costs nothing.

Built-in monitors (NoMonitor, LogMonitor, MetricsMonitor, WebhookMonitor, CompositeMonitor) arrive in Phase 0.8. This module currently defines the trait surface and the three event-context structs.

Structs

AccessContext

Context for a successful access that the monitor flagged as anomalous — unusual caller, unusual frequency, off-hours activity.

CompositeMonitor

SecurityMonitor that fans every event out to a list of inner monitors.

FailureContext

Context passed when a decryption attempt fails — wrong key, tampered ciphertext, etc.

LogMonitormonitor-tracing

SecurityMonitor implementation that emits tracing events.

NoMonitor

SecurityMonitor implementation that discards every event.

ThresholdContext

Context for a configured threshold being crossed (e.g. N failures in M seconds).

Traits

SecurityMonitor

Outbound channel for anomaly events.