Skip to main content

zeph_common/
security_event.rs

1// SPDX-FileCopyrightText: 2026 Andrei G <bug-ops>
2// SPDX-License-Identifier: MIT OR Apache-2.0
3
4//! Security event category shared across Zeph crates.
5//!
6//! Moved from `zeph-core::metrics` so that `zeph-agent-context` can define a
7//! `SecurityEventSink` trait without depending on `zeph-core`.
8
9/// Category of a security event used for TUI display and audit logging.
10///
11/// Each variant maps to a short string key via [`SecurityEventCategory::as_str`].
12#[non_exhaustive]
13#[derive(Debug, Clone, Copy, PartialEq, Eq)]
14pub enum SecurityEventCategory {
15    /// Prompt-injection flag raised by the sanitizer.
16    InjectionFlag,
17    /// ML classifier hard-blocked tool output (`enforcement_mode=block` only).
18    InjectionBlocked,
19    /// Potential data exfiltration blocked by the sanitizer.
20    ExfiltrationBlock,
21    /// Content quarantined for human review.
22    Quarantine,
23    /// Output truncated due to length or injection risk.
24    Truncation,
25    /// Request rate-limited.
26    RateLimit,
27    /// Memory write validation rejected the content.
28    MemoryValidation,
29    /// Tool call blocked before execution.
30    PreExecutionBlock,
31    /// Tool call flagged as suspicious before execution.
32    PreExecutionWarn,
33    /// LLM response failed post-generation verification.
34    ResponseVerification,
35    /// `TurnCausalAnalyzer` flagged behavioral deviation at tool-return boundary.
36    CausalIpiFlag,
37    /// MCP tool result crossing into an ACP-serving session boundary.
38    CrossBoundaryMcpToAcp,
39    /// VIGIL pre-sanitizer gate flagged a tool output.
40    VigilFlag,
41    /// Shadow memory detected goal drift above threshold across recent turns.
42    GoalDrift,
43}
44
45impl SecurityEventCategory {
46    /// Returns a short ASCII string key for this category.
47    ///
48    /// Used as the `category` column in audit logs and TUI display.
49    #[must_use]
50    pub const fn as_str(self) -> &'static str {
51        match self {
52            Self::InjectionFlag => "injection",
53            Self::InjectionBlocked => "injection_blocked",
54            Self::ExfiltrationBlock => "exfil",
55            Self::Quarantine => "quarantine",
56            Self::Truncation => "truncation",
57            Self::RateLimit => "rate_limit",
58            Self::MemoryValidation => "memory_validation",
59            Self::PreExecutionBlock => "pre_exec_block",
60            Self::PreExecutionWarn => "pre_exec_warn",
61            Self::ResponseVerification => "response_verify",
62            Self::CausalIpiFlag => "causal_ipi",
63            Self::CrossBoundaryMcpToAcp => "cross_boundary_mcp_to_acp",
64            Self::VigilFlag => "vigil",
65            Self::GoalDrift => "goal_drift",
66        }
67    }
68}