Skip to main content

PublicContext

palisade_errors::models

Struct PublicContext 

Source 
pub struct PublicContext(/* private fields */);
Expand description

Type-safe wrapper for public-facing error contexts.

§Trust Boundary Enforcement

This newtype prevents InternalContextField from being accidentally displayed externally. The type system ensures only PublicContextField variants can be wrapped here, and the Display implementation is the sole external rendering path.

§Construction

  • lie(): Always available for deceptive public messages
  • truth(): Only available with external_signaling feature enabled

§Safety Properties

  1. Cannot be constructed from InternalContext
  2. Cannot implicitly convert to string (must use as_str() or Display)
  3. Implements ZeroizeOnDrop for owned string data

§No Clone/Copy Policy

Single-owner semantics prevent duplicate public messages from existing simultaneously, reducing risk of inconsistent external responses.

Implementations§

Source§

impl PublicContext

Source

pub fn lie(message: impl Into<Cow<'static, str>>) -> Self

Create a deceptive public context for external display.

§Use Case

Default constructor for honeypot deployments. Deceptive messages are explicitly labeled and auditable in internal logs.

§Performance

Accepts Cow<'static, str> to allow zero-allocation when passed string literals: PublicContext::lie("error") allocates nothing.

Source

pub fn truth(message: impl Into<Cow<'static, str>>) -> Self

Create a truthful public context for external display.

§Availability

This method only exists when external_signaling feature is enabled. Without this feature, all public contexts must be deceptive, enforcing operational security at compile time rather than runtime configuration.

§Use Case

For honeypots that intentionally signal some authentic errors to appear more legitimate (e.g., benign input validation failures).

Source

pub fn as_str(&self) -> &str

Get the external-safe string representation.

§Returns

Borrowed string slice suitable for HTTP responses, external APIs, or any untrusted display context. This string may be deceptive.

§Lifetime

Returned reference borrows from self, valid until this context is dropped.

Source

pub const fn classification(&self) -> &'static str

Get classification label for internal audit trails.

§Returns

Static string identifying context type without exposing payload. Useful for metrics, SOC dashboards, and audit log indexing.

§Values
  • "PublicTruth": Authentic message (requires feature flag)
  • "DeceptiveLie": Intentionally false message

Trait Implementations§

Source§

impl Debug for PublicContext

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Debug representation for internal logging and diagnostics.

§Redaction Strategy

Deceptive payloads are redacted in debug output to prevent lies from being aggregated as factual data in log analysis systems that may:

  • Export logs to external SIEMs
  • Send logs to cloud providers
  • Aggregate metrics across trust boundaries

This prevents deceptive error messages from polluting statistical analysis.

Source§

impl Display for PublicContext

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Render public context for external display.

This is the primary interface for converting error contexts into externally-visible strings (HTTP responses, external APIs, etc.).

§Security Note

This implementation is intentionally simple and does not check context classification. The type system guarantees only PublicContextField variants can be wrapped in this type, so all outputs are safe by construction.

Source§

impl Zeroize for PublicContext

Source§

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.
Source§

impl ZeroizeOnDrop for PublicContext

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.