Skip to main content

rust_supervisor/config/
audit.rs

1//! Command audit configuration model.
2//!
3//! This module owns the single public audit configuration used by the
4//! supervisor root configuration and by IPC security audit persistence.
5
6use confique::Config;
7use schemars::JsonSchema;
8use serde::{Deserialize, Serialize};
9
10/// Audit persistence configuration.
11#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Config, JsonSchema)]
12pub struct AuditConfig {
13    /// Whether audit logging is enabled. Default: true.
14    #[config(default = true)]
15    #[serde(default = "default_true")]
16    pub enabled: bool,
17
18    /// Audit storage backend. Default: "memory".
19    /// - "memory": ring buffer only, not persisted.
20    /// - "file": append-only JSON lines file.
21    #[config(default = "memory")]
22    #[serde(default = "default_audit_backend")]
23    pub backend: String,
24
25    /// File path for file backend. Required when backend is "file".
26    #[serde(default)]
27    pub file_path: Option<String>,
28
29    /// Failure strategy when audit backend is unavailable.
30    /// - "fail_closed": reject write commands when audit cannot be written.
31    /// - "defer_bounded": defer audit writes with bounded queue.
32    ///   Default: "fail_closed".
33    #[config(default = "fail_closed")]
34    #[serde(default = "default_fail_closed")]
35    pub failure_strategy: String,
36
37    /// Max queue size for "defer_bounded" strategy. Default: 1000.
38    #[config(default = 1000)]
39    #[serde(default = "default_1000")]
40    pub max_defer_queue: usize,
41}
42
43impl Default for AuditConfig {
44    /// Returns default audit config: memory backend, fail_closed strategy.
45    fn default() -> Self {
46        Self {
47            enabled: true,
48            backend: "memory".into(),
49            file_path: None,
50            failure_strategy: "fail_closed".into(),
51            max_defer_queue: 1000,
52        }
53    }
54}
55
56/// Serde default helper: returns true.
57fn default_true() -> bool {
58    true
59}
60
61/// Serde default helper: returns "memory".
62fn default_audit_backend() -> String {
63    "memory".into()
64}
65
66/// Serde default helper: returns "fail_closed".
67fn default_fail_closed() -> String {
68    "fail_closed".into()
69}
70
71/// Serde default helper: returns 1000.
72fn default_1000() -> usize {
73    1000
74}