Skip to main content

EnforcementEvent

Struct EnforcementEvent 

Source
pub struct EnforcementEvent {
Show 17 fields pub event_id: String, pub schema_version: u8, pub seq_no: u64, pub recorded_at_ms: u64, pub event_type: EnforcementEventType, pub event_hash: String, pub prev_hash: String, pub installation_id: String, pub actor_local: Option<ActorLocal>, pub agent_type: String, pub subject_kind: SubjectKind, pub subject_key: String, pub canonical_subject_hash: Option<String>, pub receipt_id: Option<String>, pub decision_reason_code: String, pub decision_basis_hash: Option<String>, pub agent_session: Option<String>,
}
Expand description

The canonical enforcement event envelope.

Every enforcement decision (deny, allow-after-receipt, bypass detection, control changes) is recorded as one of these events. They form a hash-chained, sequenced stream for tamper-evident audit.

Fields§

§event_id: String

Globally unique event identifier. UUIDv7 (time-ordered).

§schema_version: u8

Schema version. Always SCHEMA_VERSION for v1.

§seq_no: u64

Global durable monotonic sequence number within this store. Allocated atomically. Never reused. Never gaps except after crash (which produces a RecordingGap event on recovery).

§recorded_at_ms: u64

Unix milliseconds UTC when this event was recorded.

§event_type: EnforcementEventType

The type of event. Determines which optional fields are populated.

§event_hash: String

SHA-256 hash of this event’s canonical serialization (see hash contract). Computed AFTER all other fields are set, stored as lowercase hex.

§prev_hash: String

SHA-256 hash of the previous event in the stream. Empty string for the first event in the store. Forms a hash chain for tamper detection.

§installation_id: String

Stable installation identifier. UUID generated once at first init, persisted in the store, never changes. NOT derived from hostname.

§actor_local: Option<ActorLocal>

Local OS identity of the actor. Structured, explicitly labeled as unverified. None if identity cannot be determined.

§agent_type: String

The AI agent type that triggered this event.

§subject_kind: SubjectKind

What kind of subject this event pertains to.

§subject_key: String

Canonical identifier of the subject. For files: the canonical file key (normalized, symlink-resolved, case-folded where applicable). For controls: the gotcha or config key.

§canonical_subject_hash: Option<String>

Hash of the canonical file path for file-backed subjects. Allows cross-referencing even if paths are later renamed.

§receipt_id: Option<String>

Links events back to the receipt that authorized them.

§decision_reason_code: String

Stable enum string for the reason. NOT freeform prose. Examples: “gotcha_above_threshold”, “receipt_valid”, “receipt_expired”, “daemon_unreachable”, “control_created”, “control_deleted”

§decision_basis_hash: Option<String>

Hash of the gotcha/config state that was used to make this decision. Proves which rule text and thresholds were in force at decision time.

§agent_session: Option<String>

The AI agent SESSION that triggered this event (Claude Code session_id). Enables per-actor audit attribution — proving the same session that consulted a file also acted on it. None for events with no session (Codex, config changes, gaps). Added in schema_version 2; hashed only for v2+ events (see compute_hash).

Implementations§

Source§

impl EnforcementEvent

Source

pub fn compute_hash(&self) -> String

Compute the canonical hash of this event.

The hash covers all fields EXCEPT event_hash itself. This function is frozen for schema_version 1 — do not modify without incrementing SCHEMA_VERSION.

Trait Implementations§

Source§

impl Clone for EnforcementEvent

Source§

fn clone(&self) -> EnforcementEvent

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for EnforcementEvent

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for EnforcementEvent

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for EnforcementEvent

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<T> Downcast for T
where T: Any,

Source§

fn into_any(self: Box<T>) -> Box<dyn Any>

Converts Box<dyn Trait> (where Trait: Downcast) to Box<dyn Any>, which can then be downcast into Box<dyn ConcreteType> where ConcreteType implements Trait.
Source§

fn into_any_rc(self: Rc<T>) -> Rc<dyn Any>

Converts Rc<Trait> (where Trait: Downcast) to Rc<Any>, which can then be further downcast into Rc<ConcreteType> where ConcreteType implements Trait.
Source§

fn as_any(&self) -> &(dyn Any + 'static)

Converts &Trait (where Trait: Downcast) to &Any. This is needed since Rust cannot generate &Any’s vtable from &Trait’s.
Source§

fn as_any_mut(&mut self) -> &mut (dyn Any + 'static)

Converts &mut Trait (where Trait: Downcast) to &Any. This is needed since Rust cannot generate &mut Any’s vtable from &mut Trait’s.
Source§

impl<T> DowncastSend for T
where T: Any + Send,

Source§

fn into_any_send(self: Box<T>) -> Box<dyn Any + Send>

Converts Box<Trait> (where Trait: DowncastSend) to Box<dyn Any + Send>, which can then be downcast into Box<ConcreteType> where ConcreteType implements Trait.
Source§

impl<T> DowncastSync for T
where T: Any + Send + Sync,

Source§

fn into_any_sync(self: Box<T>) -> Box<dyn Any + Send + Sync>

Converts Box<Trait> (where Trait: DowncastSync) to Box<dyn Any + Send + Sync>, which can then be downcast into Box<ConcreteType> where ConcreteType implements Trait.
Source§

fn into_any_arc(self: Arc<T>) -> Arc<dyn Any + Send + Sync>

Converts Arc<Trait> (where Trait: DowncastSync) to Arc<Any>, which can then be downcast into Arc<ConcreteType> where ConcreteType implements Trait.
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Fruit for T
where T: Send + Downcast,

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more