Struct ActorManager 

pub struct ActorManager { /* private fields */ }

Thread-safe implementation using DashMap for lock-free concurrent access.

Implementations

impl ActorManager

pub fn new(config: ActorConfig) -> Self

Create a new actor manager with the given configuration.

pub fn config(&self) -> &ActorConfig

Get the configuration.

pub fn is_enabled(&self) -> bool

Check if actor tracking is enabled.

pub fn len(&self) -> usize

Get the number of tracked actors.

pub fn is_empty(&self) -> bool

Check if the store is empty.

pub fn get_or_create_actor( &self, ip: IpAddr, fingerprint: Option<&str>, ) -> String

Get or create an actor for the given IP and optional fingerprint.

Correlation Logic

1. Check if IP is already mapped to an actor
2. Check if fingerprint is already mapped to an actor
3. If both match different actors, prefer fingerprint (more stable)
4. If no match, create a new actor

Returns

The actor_id for the correlated or newly created actor.

pub fn record_rule_match( &self, actor_id: &str, rule_id: &str, risk_contribution: f64, category: &str, )

Record a rule match for an actor.

Arguments

• actor_id - The actor ID to record the match for
• rule_id - The rule that matched
• risk_contribution - Risk points to add
• category - Category of the rule (e.g., “sqli”, “xss”)

pub fn touch_actor(&self, actor_id: &str)

Touch an actor to update last seen timestamp.

pub fn get_actor(&self, actor_id: &str) -> Option<ActorState>

Get actor state by ID.

pub fn get_actor_by_ip(&self, ip: IpAddr) -> Option<ActorState>

Get actor by IP address.

pub fn get_actor_by_fingerprint(&self, fingerprint: &str) -> Option<ActorState>

Get actor by fingerprint.

pub fn block_actor(&self, actor_id: &str, reason: &str) -> bool

Block an actor.

Returns

true if the actor was blocked, false if not found.

pub fn unblock_actor(&self, actor_id: &str) -> bool

Unblock an actor.

Returns

true if the actor was unblocked, false if not found.

pub fn is_blocked(&self, actor_id: &str) -> bool

Check if an actor is blocked.

pub fn bind_session(&self, actor_id: &str, session_id: &str)

Associate a session with an actor. Session IDs are bounded by max_session_ids to prevent memory exhaustion.

pub fn list_actors(&self, limit: usize, offset: usize) -> Vec<ActorState>

List actors with pagination.

Arguments

• limit - Maximum number of actors to return
• offset - Number of actors to skip

Returns

Vector of actor states sorted by last_seen (most recent first).

pub fn list_by_min_risk( &self, min_risk: f64, limit: usize, offset: usize, ) -> Vec<ActorState>

List actors above a minimum risk score.

Results are sorted by risk score (desc), then last_seen (desc).

pub fn list_blocked_actors(&self) -> Vec<ActorState>

List blocked actors.

pub fn get_fingerprint_groups( &self, limit: usize, ) -> Vec<(String, Vec<String>, f64)>

Returns groups of actors sharing the same fingerprints. Used for identifying botnet clusters in the TUI.

Optimized with a 1-second cache to avoid full table scans on every TUI tick.

pub fn start_background_tasks(self: Arc<Self>)

Start background tasks (decay, cleanup).

Spawns a background task that periodically:

1. Decays risk scores by the decay factor
2. Evicts stale actors if over capacity

pub fn shutdown(&self)

Signal shutdown for background tasks.

pub fn stats(&self) -> &ActorStats

Get statistics.

pub fn clear(&self)

Clear all actors (primarily for testing).

pub fn snapshot(&self) -> Vec<ActorState>

Create a snapshot of all actors for persistence.

Returns all actors regardless of status.

pub fn restore(&self, actors: Vec<ActorState>)

Restore actors from a snapshot.

Clears existing state and loads the provided actors.

Trait Implementations

impl Debug for ActorManager

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for ActorManager

fn default() -> Self

Returns the “default value” for a type.