Skip to main content

AuditEntry

zeph_tools::audit

Struct AuditEntry 

Source 
pub struct AuditEntry {
Show 24 fields
    pub timestamp: String,
    pub tool: ToolName,
    pub command: String,
    pub result: AuditResult,
    pub duration_ms: u64,
    pub error_category: Option<String>,
    pub error_domain: Option<String>,
    pub error_phase: Option<String>,
    pub claim_source: Option<ClaimSource>,
    pub mcp_server_id: Option<String>,
    pub injection_flagged: bool,
    pub embedding_anomalous: bool,
    pub cross_boundary_mcp_to_acp: bool,
    pub adversarial_policy_decision: Option<String>,
    pub exit_code: Option<i32>,
    pub truncated: bool,
    pub caller_id: Option<String>,
    pub policy_match: Option<String>,
    pub correlation_id: Option<String>,
    pub vigil_risk: Option<VigilRiskLevel>,
    pub execution_env: Option<String>,
    pub resolved_cwd: Option<String>,
    pub scope_at_definition: Option<String>,
    pub scope_at_dispatch: Option<String>,

}
Expand description

A single tool invocation record written to the audit log.

Serialized as a flat JSON object (newline-terminated). Optional fields are omitted when None or false to keep entries compact.

§Example JSON output

{"timestamp":"1712345678","tool":"shell","command":"ls -la","result":{"type":"success"},
 "duration_ms":12,"exit_code":0,"claim_source":"shell"}

Fields§

§timestamp: String

Unix timestamp (seconds) when the tool invocation started.

§tool: ToolName

Tool identifier (e.g. "shell", "web_scrape", "fetch").

§command: String

Human-readable command or URL being invoked.

§result: AuditResult

Outcome of the invocation.

§duration_ms: u64

Wall-clock duration from invocation start to completion, in milliseconds.

§error_category: Option<String>

Fine-grained error category label from the taxonomy. None for successful executions.

§error_domain: Option<String>

High-level error domain for recovery dispatch. None for successful executions.

§error_phase: Option<String>

Invocation phase in which the error occurred per arXiv:2601.16280 taxonomy. None for successful executions.

§claim_source: Option<ClaimSource>

Provenance of the tool result. None for non-executor audit entries (e.g. policy checks).

§mcp_server_id: Option<String>

MCP server ID for tool calls routed through McpToolExecutor. None for native tools.

§injection_flagged: bool

Tool output was flagged by regex injection detection.

§embedding_anomalous: bool

Tool output was flagged as anomalous by the embedding guard. Raw cosine distance is NOT stored (prevents threshold reverse-engineering).

§cross_boundary_mcp_to_acp: bool

Tool result crossed the MCP-to-ACP trust boundary (MCP tool result served to an ACP client).

§adversarial_policy_decision: Option<String>

Decision recorded by the adversarial policy agent before execution.

Values: "allow", "deny:<reason>", "error:<message>". None when adversarial policy is disabled or not applicable.

§exit_code: Option<i32>

Process exit code for shell tool executions. None for non-shell tools.

§truncated: bool

Whether tool output was truncated before storage. Default false.

§caller_id: Option<String>

Caller identity that initiated this tool call. None for system calls.

§policy_match: Option<String>

Policy rule trace that matched this tool call. Populated from PolicyDecision::trace. None when policy is disabled or this entry is not from a policy check.

§correlation_id: Option<String>

Correlation id shared with any associated EgressEvent emitted during this tool call. Generated at execute_tool_call entry. None for policy-only or rollback entries that do not map to a network-capable tool call.

§vigil_risk: Option<VigilRiskLevel>

VIGIL risk level when the pre-sanitizer gate flagged this tool output. None when VIGIL did not fire (output was clean or tool was exempt).

§execution_env: Option<String>

Name of the resolved execution environment (from [[execution.environments]]). None when no named environment was selected for this invocation.

§resolved_cwd: Option<String>

Canonical absolute working directory actually used for this shell invocation. None for non-shell tools or legacy path without a resolved context.

§scope_at_definition: Option<String>

Name of the capability scope active at tool_definitions() time (for scope-at-definition audit). None when ScopedToolExecutor is not in the chain or the scope is the identity (general).

§scope_at_dispatch: Option<String>

Name of the capability scope active at execute_tool_call() dispatch time. None when ScopedToolExecutor is not in the chain.

Trait Implementations§

Source§

impl Serialize for AuditEntry

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more