Module LogEvent

Mountain::IPC::Permission::Audit

Module LogEvent 

Source
Expand description

§Audit

§File: IPC/Permission/Audit/LogEvent.rs

§Role in Mountain Architecture

Provides comprehensive security event logging and audit trail functionality for IPC operations, enabling security compliance monitoring, forensic analysis, and performance tracking.

§Primary Responsibility

Log security events for audit trails including permission checks, access attempts, security violations, and configuration changes.

§Secondary Responsibilities

  • Manage log storage with automatic rotation
  • Export audit logs to JSON format
  • Filter and query events by user, type, severity, or date range
  • Track performance anomalies for optimization
  • Maintain bounded log size to prevent memory exhaustion
  • Provide builder pattern for flexible event creation

§Dependencies

External Crates:

  • std::collections::VecDeque - Bounded log storage with efficient rotation
  • std::sync::Arc - Shared ownership across threads
  • tokio::sync::RwLock - Async-safe concurrent access
  • log - Event logging infrastructure
  • serde - Serialization for JSON export
  • serde_json - JSON formatting
  • chrono - Timestamp management (optional, falls back to std::time)

Internal Modules:

  • Validate::ValidatePermission::{Permission, SecurityContext} - Permission context
  • Role::ManageRole::Role - Role change events

§Dependents

  • Validate::ValidatePermission - Logs permission validation results
  • Role::ManageRole - Logs role management operations
  • TauriIPCServer - Logs all IPC security events
  • Send - Logs message transmission events
  • Receive - Logs message reception events

§VSCode Pattern Reference

Inspired by VSCode’s audit logging in vs/platform/telemetry/common/telemetryService.ts

  • Structured event logging with contextual metadata
  • Severity classification for event filtering
  • Bounded buffer for log rotation
  • Export capabilities for compliance reporting

§Security Considerations

  • All security events logged for compliance auditing
  • PII (Personally Identifiable Information) sanitized by default
  • IpAddresses optionally redacted based on privacy settings
  • Sensitive details masked before log export
  • Log access controlled through RBAC (not implemented in this module)
  • Tamper-evident logging via hash chain (future enhancement)
  • Log injection prevented via input validation
  • Memory bounds prevent log-based denial of service

§Performance Considerations

  • VecDeque provides O(1) push/pop for log rotation
  • RwLock allows concurrent reads, exclusive writes
  • Index-based filtering is O(n) in worst case but acceptable
  • JSON export performed lazily, not on every log event
  • Bounded log size (1000 events) provides constant memory profile
  • Log rotation is amortized O(1) per event
  • Async logging prevents blocking main thread

§Error Handling Strategy

  • Returns Result for explicit error handling
  • Partial log export succeeds even if some events fail serialization
  • Invalid event data sanitized rather than causing failure
  • Log overflow handled via rotation, not error
  • Malformed filter criteria default to empty result
  • JSON export errors logged but don’t crash

§Thread Safety

  • RwLock wrapped in Arc for safe concurrent access
  • Multiple concurrent reads, exclusive writes
  • Lock contention minimized by short critical sections
  • Event struct is Clone for safe sharing

§TODO Items

  • Implement hash chain for tamper-evident logging
  • Add persistent log storage to disk
  • Implement log compression for archival
  • Add anonymization options for PII redaction
  • Support structured queries (SQL-like syntax)
  • Add real-time alerting for critical events
  • Implement log aggregation across multiple instances

Enums§

SecurityEventType
Security event type categorization for audit trail classification

Constants§

LOG_TIMEOUT_MS 🔒
Default timeout for log operations in milliseconds
MAX_LOG_SIZE 🔒
Maximum number of events to store in the audit log bounded to prevent memory exhaustion