Skip to main content

Module codes

palisade_errors

Module codes 

Source
Expand description

Error code namespace - enables error tracking without information disclosure.

When an attacker triggers an error, they see: “Configuration operation failed (E-CFG-100)” Internally, we log full context. Externally, we reveal only category and code.

§Namespace Structure

  • CORE: Fundamental system errors (init, shutdown, panic recovery)
  • CFG: Configuration parsing and validation
  • DCP: Deception artifact management
  • TEL: Telemetry collection subsystem
  • COR: Correlation engine
  • RSP: Response execution
  • LOG: Logging subsystem
  • PLT: Platform-specific operations
  • IO: Filesystem and network operations

§Governance

Namespaces are enforced at compile-time via the ErrorNamespace type with private fields. This prevents ad-hoc namespace creation and runtime construction, ensuring taxonomy stability.

See error-governance.md for the complete governance contract.

§Security Properties

§No-Copy/No-Clone Semantics

Error identity is non-Copy and non-movable; contextual metadata is Copy by design.

  • Identity (ErrorCode, ErrorNamespace): Frozen at compile time

    • Namespaces cannot be constructed or moved at runtime
    • Error codes are defined once as const statics
    • Makes data flow explicit and auditable
    • Enforces governance through type system, not discipline

  • Metadata (OperationCategory, ErrorImpact, ImpactScore): Copy-enabled

    • Small enums that benefit from pass-by-value
    • Defensive code can extract and propagate metadata cheaply
    • No governance risk from duplication of classification data

This is a policy choice for code hygiene, not a cryptographic mitigation.

§Zero-Allocation Guarantee

All operations in this module are guaranteed zero-allocation:

  • Error code construction: compile-time const evaluation
  • Display formatting: writes directly to provided formatter (no intermediate buffers)
  • Namespace validation: compile-time const assertions
  • Category checking: pure computation, no heap use

Note: Display itself is allocation-free; to_string() allocates in user code.

This ensures error handling remains fast and predictable even under memory pressure or DoS conditions where allocators may be stressed.

§Example Usage

use palisade_errors::{ErrorCode, OperationCategory, ImpactScore, define_error_codes, namespaces};

// Define error codes as const statics (zero allocation)
define_error_codes! {
    &namespaces::CFG, OperationCategory::Configuration => {
        CFG_PARSE_FAILED = (100, 350),
        CFG_INVALID_SCHEMA = (101, 250),
    }
}

// Use by reference (no copies, no moves)
fn handle_error(code: &ErrorCode) {
    println!("Error: {}", code); // Zero allocation display
}

handle_error(&CFG_PARSE_FAILED);

Modules§

namespaces
Canonical namespace instances.

Structs§

ErrorCode
An error code with namespace, numeric code, and operation category.
ErrorNamespace
Error namespace type - enforces frozen taxonomy.
ImpactScore
Validated impact score representing error severity (0-1000).

Enums§

ErrorImpact
Error impact enum - derives impact mapping
ImpactScoreError
Error type for impact score validation failures.
InternalErrorCodeViolation
Internal error code violation with detailed taxonomy information.

Functions§

permits_category
Validate that a namespace permits the given operation category.
permits_impact
Validate that a namespace permits the given impact level.