audit

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 31, 2026 License: GPL-3.0 Imports: 12 Imported by: 0

Documentation

Overview

Package audit provides a default file-based audit logger for MuxCore. When configured with a non-empty LogPath, writes JSON Lines (one JSON object per line) to the specified file. When LogPath is empty, all operations are no-ops — safe to wire into the Fabric with zero config.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type FileLogger

type FileLogger struct {
	// contains filtered or unexported fields
}

FileLogger writes audit entries as JSONL to a local file. Thread-safe. No-op when LogPath is empty. Maintains a SHA-256 hash chain across entries for tamper detection. The in-memory buffer retains at most maxInMemoryEntries recent entries; older entries must be read directly from the JSONL file.

func NewFileLogger

func NewFileLogger(logPath string) (*FileLogger, error)

NewFileLogger creates an audit logger. If logPath is empty, all operations are no-ops (safe to wire with zero config).

func (*FileLogger) Close

func (fl *FileLogger) Close() error

Close flushes and closes the underlying file.

func (*FileLogger) Export

func (fl *FileLogger) Export(ctx context.Context, format string) (io.ReadCloser, error)

Export writes all entries in the requested format as a stream. Supports "json" (JSON array) and "csv". No-op when LogPath is empty.

func (*FileLogger) Log

func (fl *FileLogger) Log(ctx context.Context, entry contracts.AuditEntry) error

Log writes an audit entry as a single JSON line. No-op when LogPath is empty. Populates PrevEntryHash (SHA-256 chain) and Signature (HMAC-SHA256 if signing key set).

func (*FileLogger) Query

Query returns in-memory entries matching the filter. No-op when LogPath is empty.

func (*FileLogger) SetSigningKey

func (fl *FileLogger) SetSigningKey(key []byte)

SetSigningKey configures an optional HMAC-SHA256 signing key for audit entries. When set, every Log() call produces an HMAC signature in the entry's Signature field. Pass nil to disable signing.

func (*FileLogger) VerifyChainIntegrity

func (fl *FileLogger) VerifyChainIntegrity(ctx context.Context, from, to time.Time) (contracts.ChainVerificationResult, error)

VerifyChainIntegrity performs a standalone integrity check on the audit log hash chain within the given time range. Returns a verification result indicating whether the chain is intact and, if not, where the breaks occurred.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL