Expand description
Control Event Ledger — skeleton (issue #652).
Cross-cutting types + the ControlEventLedger trait that the
policy / config / user-lifecycle producer slices (issues 665/666/
667) will call into. Ships ONE implementor — RuntimeLedger —
which writes one row per emit() to the red.control_events
collection via the unified entity API.
This module deliberately does NOT wire emit() into any producer
call site (AuthStore::*, ConfigRegistry::*, etc.); that is the
scope of 652b/c/d. It also does not decide what counts as
sensitive — producers call Sensitivity::hashed /
Sensitivity::redacted at their own emit sites.
Structs§
- Control
Event - Control
Event Config - Runtime knob for the ledger. Lives on
RedDBOptions::control_eventsand is read at boot fromREDDB_COMPLIANCE_MODE. - Control
Event Ctx - Request-scoped context attached to every emit. Producer call-sites
fill what they have; missing fields land as
Nullin the row. - EventId
- Opaque id of a persisted event. Producers may store this to chain a follow-up audit entry to the original.
- Runtime
Ledger - Writes one row per
emit()tored.control_eventsvia the unified entity API. The collection is created on construction if it doesn’t already exist (idempotent across re-opens).
Enums§
- Actor
Ref - Who attempted the mutation. Borrowed so producer call-sites don’t allocate at every emit; the ledger copies into the persisted row.
- Control
Event Error - Event
Kind - Strong enum of every control-plane mutation the ledger records.
Mirrors the
kindcolumn inred.control_events. - Outcome
- Sensitivity
- How a payload value is rendered when it lands in
fields_json. Producer slices choose per-field; the skeleton does not decide what counts as sensitive.
Constants§
- CONTROL_
EVENTS_ COLLECTION - Canonical name of the managed control-event collection.
Traits§
- Control
Event Ledger - Persistence sink for control events.