Expand description
M48 audit trait + types — re-exported from ppoppo-sdk-core.
Phase A (RFC RFC_2026-05-08_app-credential-collapse.md) lifted the
whole audit module to ppoppo-sdk-core::audit so multiple SDK
crates (pas-external, future pas-plims, pcs-external 0.3.0)
and 1st-party services consume one shared trait + impl set.
Consumer-facing imports stay at pas_external::audit::* and
pas_external::* (top-level re-export) — relocation is invisible.
Audit utilities (MemoryAuditSink, RateLimitedAuditSink,
MemoryRateLimiter, NoopAuditSink) are co-located with the trait
in sdk-core because the audit module is one cohesive unit (utility
impls are not pas-external-domain-specific).
Structs§
- Audit
Event - Single typed event emitted on every
BearerVerifier::verifyrejection. - Memory
Rate Limiter - In-memory token-bucket limiter — Phase 9 default substrate.
- Noop
Audit Sink - Default sink — explicitly does nothing.
- Rate
Limit Key - Opaque per-source bucket key for a
RateLimiter. - Rate
Limited Audit Sink - Wraps any
AuditSinkwith anyRateLimiter.
Enums§
- IdToken
Failure Kind - id_token-specific failure classification (Phase 10.11.B).
- Verify
Error Kind - Failure classification — mirrors the
VerifyErrorandIdVerifyErrorsurfaces but lives at the audit layer.
Traits§
- Audit
Sink - Audit emission port for verify-failure events (M48).
- Rate
Limiter - Per-source rate-limiting port (M49).
Functions§
- compose_
id_ token_ source_ id - Phase 10.11.D δ2 — id_token compound source key from
azp ‖ aud ‖ kid. - compose_
source_ id - Compose a Phase 9 (e) compound source key from optional hints.