Skip to main content

AuditRecord

plexus_auth_core::audit

Struct AuditRecord 

Source 
pub struct AuditRecord {
Show 16 fields
    pub timestamp: DateTime<Utc>,
    pub kind: AuditRecordKind,
    pub originator: Option<UserId>,
    pub session_id: Option<SessionId>,
    pub invocation_chain: Vec<Principal>,
    pub roles: Vec<RoleName>,
    pub method: MethodPath,
    pub scope_required: Vec<Scope>,
    pub decision: AuditDecision,
    pub latency_us: u64,
    pub origin: Option<Origin>,
    pub client_ip: Option<IpAddr>,
    pub correlation_id: Uuid,
    pub policy_name: Option<ForwardPolicyName>,
    pub derivation: Option<ForwardDerivation>,
    pub caller_ns: Option<String>,

}
Expand description

One audit observation: a scope check or a forward-policy application.

Shape is pinned by:

  • AUTHZ-S01-output §1: base fields (timestamp, roles, method, scope_required, decision, latency_us, origin, client_ip, correlation_id).
  • AUTHZ-S01-output §“AUTHZ-0 ratification revisions” §2: typed originator: Option<UserId>, session_id: Option<SessionId>, and the forensic invocation_chain: Vec<Principal> for confused-deputy reconstruction.
  • AUTHLANG-S01-output §4: the kind discriminant (default ScopeCheck for serde) plus three optional fields populated only by ForwardPolicyApplied records: policy_name, derivation, caller_ns.

§Defaults

kind defaults to AuditRecordKind::ScopeCheck when omitted from a deserialize payload — existing AUTHZ-side producers don’t need to set it. policy_name, derivation, caller_ns default to None — they are populated only by AUTHLANG-3’s forward-policy producer.

§Sealing

Not sealed. The record is observational; constructibility is the point. See module-level docs.

Fields§

§timestamp: DateTime<Utc>

When the check ran (UTC).

§kind: AuditRecordKind

Which kind of record this is — drives field-presence expectations. Defaults to ScopeCheck for legacy / AUTHZ-side producers that omit the field on deserialize.

§originator: Option<UserId>

IdP-verified originator (the sub claim). None for anonymous / unauthenticated checks.

§session_id: Option<SessionId>

IdP-issued session ID. None for anonymous / sessionless checks.

§invocation_chain: Vec<Principal>

The chain of immediate-callers leading to this dispatch. Empty for a direct (originator-to-backend) call. Forensic reconstruction of confused-deputy escalations reads this field.

Deserialize routes via the crate-private mint paths (Principal::*_sealed) — see the module-level comment on the PrincipalWire types. The wire shape matches Principal’s derived Serialize.

§roles: Vec<RoleName>

The roles the principal carried at decision time.

§method: MethodPath

The method being invoked at decision time.

§scope_required: Vec<Scope>

The scope set required by method. Empty if no scope is gated.

§decision: AuditDecision

Allow or Deny { reason }.

§latency_us: u64

Dispatch latency in microseconds.

§origin: Option<Origin>

The backend Origin (URL-shaped, per CLIENTS-S01).

§client_ip: Option<IpAddr>

Network-layer source IP, when knowable.

§correlation_id: Uuid

Per-call correlation ID; ties this record to traces and metrics.

§policy_name: Option<ForwardPolicyName>

ForwardPolicyApplied only: name of the policy that ran.

ForwardPolicyName wraps &'static str per AUTHLANG-2; the deserializer interns the JSON value into a 'static slot — see the module-level deserialize_policy_name doc.

§derivation: Option<ForwardDerivation>

ForwardPolicyApplied only: the derivation the policy returned.

§caller_ns: Option<String>

ForwardPolicyApplied only: the calling activation namespace.

Trait Implementations§

Source§

impl Clone for AuditRecord

Source§

fn clone(&self) -> AuditRecord

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for AuditRecord

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for AuditRecord

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for AuditRecord

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,