b0c103b44f
Implements the --audit-log FILE flag on serve, mcp --bind, and inspect subcommands. Emits per-request NDJSON audit lines with ts, client_ip, tool, fingerprint, duration_ms, status, and diagnostics fields. The AuditLogWriter wraps a BufWriter<File> behind a Mutex and flushes after each line for crash safety. Core changes: - Added pdftract-core/src/audit.rs with AuditRecord schema and AuditLogWriter - Added chrono dependency to pdftract-core/Cargo.toml for timestamp generation - Added crates/pdftract-cli/src/middleware/audit.rs with axum middleware - Integrated AuditState into ServeState, McpServerState, and InspectorState - Added --audit-log flag to Serve, Mcp, and InspectArgs CLI structures - Stdio MCP mode: audit goes to stderr (not stdout, which is JSON-RPC) Acceptance criteria: - pdftract serve --audit-log /var/log/pdftract.ndjson → per-request NDJSON lines appear - Each line is single-line valid JSON (no embedded newlines in values) - client_ip captured from X-Real-IP or X-Forwarded-For header - Stdio MCP audit goes to stderr (with --audit-log /dev/stderr or implicitly) - Concurrent requests: writes don't interleave (Mutex ensures atomic line writes) - Crash mid-request: log line either fully present or fully absent (BufWriter flushes after each write) Closes: pdftract-5boxq
11 lines
288 B
Rust
11 lines
288 B
Rust
//! pdftract CLI library.
|
|
//!
|
|
//! This library exports the CLI's internal modules for integration testing.
|
|
|
|
pub mod grep;
|
|
pub mod inspect;
|
|
pub mod mcp;
|
|
pub mod middleware;
|
|
|
|
// Re-export diagnostics for testing
|
|
pub use pdftract_core::diagnostics::{DiagCode, DiagInfo, DIAGNOSTIC_CATALOG};
|