Struct Baseline 

pub struct Baseline {
    pub schema_version: String,
    pub pipeline_path: String,
    pub pipeline_content_hash: String,
    pub pipeline_identity_material_hash: Option<String>,
    pub captured_at: DateTime<Utc>,
    pub captured_by: String,
    pub captured_with: CapturedWith,
    pub baseline_findings: Vec<BaselineFinding>,
}

One baseline file = one pipeline. Keyed by pipeline_content_hash so renames preserve state and merge conflicts only touch the affected file.

Fields

schema_version: String

pipeline_path: String

pipeline_content_hash: String

sha256:<hex> of the pipeline file’s bytes at init time.

pipeline_identity_material_hash: Option<String>

Optional additive hardening signal captured at init time.

Hashes parser-emitted dependency-like material (include/template/ repository declarations and delegation edges) so suppression can be disabled if that material drifts even when the baseline file still exists. Absent on legacy baseline files written before v1.1.0.

captured_at: DateTime<Utc>

captured_by: String

captured_with: CapturedWith

baseline_findings: Vec<BaselineFinding>

Sorted by fingerprint ASC for stable git diffs.

Implementations

impl Baseline

pub fn load(path: &Path) -> Result<Option<Self>, BaselineError>

Load and parse a baseline from disk. Returns Ok(None) if path does not exist (the OSS-friendly default — absent baseline is fine).

pub fn save(&self, path: &Path) -> Result<(), BaselineError>

Write self to path as pretty JSON with stable key ordering and fingerprint-sorted entries. Creates parent directories as needed.

pub fn from_findings( pipeline_path: &str, content: &str, graph: &AuthorityGraph, findings: &[Finding], captured_by: &str, taudit_version: &str, rules_version: &str, now: DateTime<Utc>, ) -> Self

Produce a fresh baseline from current_findings against graph. Each entry is a plain pre-existing finding (no waiver fields set). pipeline_path should be the pipeline’s filesystem path as the user sees it; content is the raw bytes used to derive the content hash.

pub fn accept( &mut self, fingerprint: &str, rule_id: &str, severity: Severity, reason: &str, severity_override: Option<Severity>, expires_at: Option<DateTime<Utc>>, now: DateTime<Utc>, ) -> Result<&BaselineFinding, BaselineError>

Append a single waiver entry. Validates reason length and the critical-waiver constraints. Returns the inserted/updated entry. If an entry with the same fingerprint already exists, it is replaced (idempotent re-acceptance with a refreshed reason / expiry).

pub fn identity_material_matches(&self, graph: &AuthorityGraph) -> bool

Returns true when the captured identity material matches the current parsed graph. Legacy baselines that predate this field are considered compatible to preserve backward compatibility.

Trait Implementations

impl Clone for Baseline

fn clone(&self) -> Baseline

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Baseline

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for Baseline

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl PartialEq for Baseline

fn eq(&self, other: &Baseline) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for Baseline

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Eq for Baseline

impl StructuralPartialEq for Baseline