Documentation
¶
Overview ¶
Package audit provides the audit log interface and NoOp implementation for compliance-grade event recording. It does not own storage backends — the Redis implementation is wired in v0.3. Primary dependency: context for request-scoped operations.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type NoOpAuditStore ¶
type NoOpAuditStore struct{}
NoOpAuditStore is a no-op implementation of the Store interface. All methods return nil safely — suitable for testing and optional audit pipelines.
func NewNoOpAuditStore ¶
func NewNoOpAuditStore() *NoOpAuditStore
NewNoOpAuditStore returns a new NoOpAuditStore.
func (*NoOpAuditStore) Ping ¶
func (s *NoOpAuditStore) Ping(ctx context.Context) error
Ping verifies the store is reachable. Always returns nil.
func (*NoOpAuditStore) RecordRevocation ¶
func (s *NoOpAuditStore) RecordRevocation(ctx context.Context, event RevocationEvent) error
RecordRevocation records a revocation event. Always returns nil.
type RevocationEvent ¶
type RevocationEvent struct {
TenantID string
CallerIdentity string
TokenID string
Scope string // "token", "audience", "user"
OccurredAt time.Time
}
RevocationEvent captures a token revocation event for audit logging.
type Store ¶
type Store interface {
// RecordRevocation writes a durable audit record for a revocation event.
// Returns an error if the record cannot be durably written.
// D2: Revocation operations are gated on Store availability — a Store error aborts revocation.
RecordRevocation(ctx context.Context, event RevocationEvent) error
// Ping verifies the store is reachable. Used by the readiness probe.
Ping(ctx context.Context) error
}
Store provides the audit log interface for recording compliance-grade events.
Source Files