feat(mediation): implement RFC-011 runtime events#89
Merged
Conversation
- Add events.go with RFC-011 event types and envelope format - Add emitter.go with async EventEmitter and sink abstractions - Add aggregator.go with server-side collection interface - Support all RFC-011 event categories: Identity, Authority, Tool, Resource, Trust - Non-blocking event emission (verification locality invariant) - Comprehensive test coverage for events, emitter, and aggregator
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
Contributor
There was a problem hiding this comment.
Pull request overview
Adds RFC-011 runtime event emission infrastructure to the pkg/mediation package: typed event constants, an envelope structure, an async non-blocking emitter, several built-in sinks (channel, JSON, batch, HTTP) and an in-memory aggregator for collecting events. The new code complements the existing mediation hook framework introduced in PR #88 but does not yet wire emitter usage into the hooks themselves.
Changes:
- New
Event/EventTypeenvelope and payload types covering identity/authority/runtime/tool/resource/trust categories (RFC-011 §5–§6). - New
AsyncEmitterwith channel-buffered delivery andEventSinkimplementations (ChannelSink,JSONSink,BatchSink,HTTPSink). - New
EventAggregatorinterface andMemoryAggregatorwith query/subscribe/stats, plus unit tests for events, emitter and aggregator behavior.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/mediation/events.go | Defines event type constants, Event envelope, payload structs, and helpers (HashForEvent, ClassifyPath, ClassifyCommand). |
| pkg/mediation/emitter.go | Implements AsyncEmitter, sink interface, and built-in ChannelSink/JSONSink/BatchSink. |
| pkg/mediation/aggregator.go | Implements EventAggregator interface, MemoryAggregator, query/filter logic, and HTTPSink. |
| pkg/mediation/events_test.go | Tests for event types, envelope, async emitter, channel/JSON/batch sinks. |
| pkg/mediation/aggregator_test.go | Tests for aggregator ingest/query/subscribe/stats and time-range queries. |
| pkg/mediation/doc.go | Expands package docs to describe the new event taxonomy, sinks, and aggregator. |
Addresses Copilot review comments: - emitter.go: Fix nil pointer panic in EmitIdentityVerified - emitter.go: Document synchronous fallback caveat for RFC-011 compliance - emitter.go: Handle sink.Close() error (gosec G104) - aggregator.go: Return io.EOF instead of nil in nopCloser.Read - aggregator.go: Store FlushInterval and use it in flushAsync - aggregator.go: Check response status code in sendBatchSync - aggregator.go: Fix SubjectDID filter to exclude events without field - aggregator.go: Document OrganizationID filter is not yet implemented
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements Phase 0.5 of the verification locality plan: RFC-011 Runtime Events.
Changes
New Files
pkg/mediation/events.go— RFC-011 event types and envelope formatpkg/mediation/emitter.go— async event emission with sink abstractionpkg/mediation/aggregator.go— server-side event collection interfacepkg/mediation/events_test.go— event type and emitter testspkg/mediation/aggregator_test.go— aggregator testsUpdated Files
pkg/mediation/doc.go— expanded documentation for event systemEvent Types (RFC-011 §5)
Implements all 6 event categories (~25 event types):
identity.verified,identity.invalid,identity.expiredauthority.granted,authority.denied,authority.delegatedtool.requested,tool.permitted,tool.denied,tool.executedresource.filesystem.*,resource.network.*,resource.shell.*trust.signature.*,trust.revocation.checkedEvent Emission Architecture
Verification Locality Compliance
Per RFC-011 §4.2 and §7.3, event emission:
Testing
Related