controlaudit

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 28, 2026 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation

Overview

Package controlaudit defines the append-only audit trail for control-plane configuration mutations. It is separate from the runtime decision audit (internal/audit), which is a hash-chained evaluation audit trail.

A ControlAuditRecord captures who changed what, when, and which version of which resource was affected. Records are written on successful persistence of a resource, not on attempted operations.

Index

Constants

View Source 
const (
	ResourceKindSurface = "surface"
	ResourceKindProfile = "profile"
	ResourceKindAgent   = "agent"
	ResourceKindGrant   = "grant"
)

ResourceKind mirrors the control-plane document kinds to avoid a circular import.

View Source 
const DefaultListLimit = 50

DefaultListLimit is the number of records returned when Limit is zero.

View Source 
const MaxListLimit = 500

MaxListLimit is the upper bound enforced by all repository implementations.

Variables

This section is empty.

Functions

This section is empty.

Types

type Action 

type Action string

Action is a typed constant for the kind of control-plane mutation recorded. 

const (
	// ActionSurfaceCreated is emitted when a new surface version is applied.
	ActionSurfaceCreated Action = "surface.created"

	// ActionProfileCreated is emitted when a profile is applied for the first time (version 1).
	ActionProfileCreated Action = "profile.created"

	// ActionProfileVersioned is emitted when a subsequent profile version (>1) is applied.
	ActionProfileVersioned Action = "profile.versioned"

	// ActionAgentCreated is emitted when an agent is applied.
	ActionAgentCreated Action = "agent.created"

	// ActionGrantCreated is emitted when a grant is applied.
	ActionGrantCreated Action = "grant.created"

	// ActionSurfaceApproved is emitted when a surface is approved and transitions to active.
	ActionSurfaceApproved Action = "surface.approved"

	// ActionSurfaceDeprecated is emitted when a surface is deprecated.
	ActionSurfaceDeprecated Action = "surface.deprecated"

	// ActionProfileApproved is emitted when a profile is approved and transitions to active.
	ActionProfileApproved Action = "profile.approved"

	// ActionProfileDeprecated is emitted when a profile is deprecated.
	ActionProfileDeprecated Action = "profile.deprecated"

	// ActionGrantSuspended is emitted when a grant is temporarily suspended.
	ActionGrantSuspended Action = "grant.suspended"

	// ActionGrantRevoked is emitted when a grant is permanently revoked.
	ActionGrantRevoked Action = "grant.revoked"

	// ActionGrantReinstated is emitted when a suspended grant is reinstated to active.
	ActionGrantReinstated Action = "grant.reinstated"
)

type ControlAuditRecord 

type ControlAuditRecord struct {
	ID              string    `json:"id"`
	OccurredAt      time.Time `json:"occurred_at"`
	Actor           string    `json:"actor"`
	Action          Action    `json:"action"`
	ResourceKind    string    `json:"resource_kind"`
	ResourceID      string    `json:"resource_id"`
	ResourceVersion *int      `json:"resource_version,omitempty"`
	Summary         string    `json:"summary"`
	Metadata        *Metadata `json:"metadata,omitempty"`
}

ControlAuditRecord is an immutable control-plane governance event. Once appended, it must not be modified. The ID is a UUID assigned at construction.

func NewAgentCreatedRecord 

func NewAgentCreatedRecord(actor, agentID string) *ControlAuditRecord

NewAgentCreatedRecord builds a record for an agent being applied.

func NewGrantCreatedRecord 

func NewGrantCreatedRecord(actor, grantID string) *ControlAuditRecord

NewGrantCreatedRecord builds a record for a grant being applied.

func NewGrantReinstatedRecord 

func NewGrantReinstatedRecord(actor, grantID string) *ControlAuditRecord

NewGrantReinstatedRecord builds a record for a grant reinstatement.

func NewGrantRevokedRecord 

func NewGrantRevokedRecord(actor, grantID, reason string) *ControlAuditRecord

NewGrantRevokedRecord builds a record for a grant revocation.

func NewGrantSuspendedRecord 

func NewGrantSuspendedRecord(actor, grantID, reason string) *ControlAuditRecord

NewGrantSuspendedRecord builds a record for a grant suspension.

func NewProfileApprovedRecord 

func NewProfileApprovedRecord(actor, profileID string, version int) *ControlAuditRecord

NewProfileApprovedRecord builds a record for a profile approval.

func NewProfileCreatedRecord 

func NewProfileCreatedRecord(actor, profileID, surfaceID string, version int) *ControlAuditRecord

NewProfileCreatedRecord builds a record for a first-time profile creation (version 1).

func NewProfileDeprecatedRecord 

func NewProfileDeprecatedRecord(actor, profileID string, version int) *ControlAuditRecord

NewProfileDeprecatedRecord builds a record for a profile deprecation.

func NewProfileVersionedRecord 

func NewProfileVersionedRecord(actor, profileID, surfaceID string, version int) *ControlAuditRecord

NewProfileVersionedRecord builds a record for a subsequent profile version (>1).

func NewSurfaceApprovedRecord 

func NewSurfaceApprovedRecord(actor, surfaceID string, version int) *ControlAuditRecord

NewSurfaceApprovedRecord builds a record for a surface approval.

func NewSurfaceCreatedRecord 

func NewSurfaceCreatedRecord(actor, surfaceID string, version int) *ControlAuditRecord

NewSurfaceCreatedRecord builds a record for a new surface version being applied.

func NewSurfaceDeprecatedRecord 

func NewSurfaceDeprecatedRecord(actor, surfaceID string, version int, reason, successorID string) *ControlAuditRecord

NewSurfaceDeprecatedRecord builds a record for a surface deprecation.

type ListFilter 

type ListFilter struct {
	// ResourceKind constrains results to a specific resource kind
	// (e.g. "surface", "profile").
	ResourceKind string

	// ResourceID constrains results to a specific resource logical ID.
	ResourceID string

	// Actor constrains results to records emitted by a specific actor.
	Actor string

	// Action constrains results to a specific action constant.
	Action Action

	// Limit caps the number of records returned. Zero means "use default".
	// Values above MaxListLimit are clamped to MaxListLimit by the repository.
	Limit int
}

ListFilter specifies zero or more constraints for listing control-plane audit records. Unset (zero-value) fields are treated as "no constraint".

type Metadata 

type Metadata struct {
	// SurfaceID is the logical surface ID referenced by the mutated resource,
	// populated for profile records to capture the owning surface.
	SurfaceID string `json:"surface_id,omitempty"`

	// DeprecationReason is the operator-supplied reason for deprecation.
	DeprecationReason string `json:"deprecation_reason,omitempty"`

	// SuccessorSurfaceID is the successor surface ID recorded on deprecation.
	SuccessorSurfaceID string `json:"successor_surface_id,omitempty"`

	// Reason is a generic operator-supplied reason, used for grant lifecycle actions.
	Reason string `json:"reason,omitempty"`
}

Metadata carries structured context attached to a ControlAuditRecord. Fields are nullable — only the fields relevant to the action are populated.

type Repository 

type Repository interface {
	// Append persists a single audit record. The record is immutable after append.
	Append(ctx context.Context, rec *ControlAuditRecord) error

	// List returns audit records in descending occurred_at order (newest first).
	// The filter may constrain results; a zero-value filter returns all records
	// up to the effective limit.
	List(ctx context.Context, f ListFilter) ([]*ControlAuditRecord, error)
}

Repository is the append-only persistence interface for control-plane audit records. Implementations must not support update or delete operations.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.