Documentation
¶
Overview ¶
Package audit records an append-only log of every authorized (and denied) operation. Params arrive already redacted; the writer never mutates audit rows after insert.
Package audit provides the audit log and session recording.
Index ¶
Constants ¶
const ( SourceHTTP = "http" SourceAI = "ai" )
Operation sources recorded on every audit event.
Variables ¶
This section is empty.
Functions ¶
func WithRemoteAddr ¶
WithRemoteAddr stashes the request's client address on the context so every audit event recorded during the request inherits it without each call site having to thread it through.
Types ¶
type Event ¶
type Event struct {
User models.User
Event string // route AuditEvent
ConnectionID string
RouteID string
Risk string
Result models.AuditResult
Params map[string]string
Err error
RemoteAddr string
// Source is "http" or "ai"; TurnID correlates AI tool calls to a turn. Both
// fall back to the request context when left empty (see WithSource).
Source string
TurnID string
}
Event is one auditable operation, assembled by the route wrapper. Params must already have secret values redacted before they reach Record.
type Noop ¶
type Noop struct{}
Noop discards events — used by the route wrapper until the real writer is wired.
type Sink ¶
Sink receives audit events. The route wrapper depends on this interface; the store-backed writer and a noop sink both implement it.