Skip to main content

AuditSink

harness_core::audit

Trait AuditSink 

Source 
pub trait AuditSink: Send + Sync {
    // Required methods
    fn append(&self, entry: AuditEntry);
    fn len(&self) -> usize;

    // Provided methods
    fn try_append(&self, entry: AuditEntry) -> Result<(), String> { ... }
    fn is_empty(&self) -> bool { ... }
}
Expand description

Audit-log writer trait.

Two append paths:

  • append — fire-and-forget, kept for the in-memory sink and callers that explicitly accept silent loss (tests, dry-run probes).
  • try_append — returns an error string when the write FAILS at the storage layer (SQLite locked, file unlinked, trigger-bypass detected, schema-tamper detected). The HTTP handler MUST use try_append and fail the request closed (DENY 503) if the ledger refuses the row, because a caller who sees ALLOW with no ledger entry has an un-governable action. Audit Agent D 2026-05-25.

Required Methods§

Source

fn append(&self, entry: AuditEntry)

Source

fn len(&self) -> usize

Provided Methods§

Source

fn try_append(&self, entry: AuditEntry) -> Result<(), String>

Strict append. Default delegates to append and reports success; real backends override to surface real failures.

Source

fn is_empty(&self) -> bool

Implementors§