|
| 1 | +{ |
| 2 | + "schema_version": "sourceos.event.v0.1", |
| 3 | + "event_id": "evt_policy_expected_metadata_boundary_20260504_192158", |
| 4 | + "event_class": "policy.decision", |
| 5 | + "lane": "policy", |
| 6 | + "severity": "notice", |
| 7 | + "outcome": "blocked_expected", |
| 8 | + "created_at": "2026-05-04T19:21:58.394000-04:00", |
| 9 | + "observed_at_monotonic_ns": 1635333177614, |
| 10 | + "host": { |
| 11 | + "host_id": "host_local_pseudonym", |
| 12 | + "platform": "sourceos-darwin-compatible", |
| 13 | + "kernel": "darwin-family", |
| 14 | + "privacy_zone": "user_private" |
| 15 | + }, |
| 16 | + "actor": { |
| 17 | + "actor_id": "actor_internal_telemetry_component", |
| 18 | + "actor_type": "service", |
| 19 | + "display_name": "internal telemetry component", |
| 20 | + "uid": "system-service", |
| 21 | + "session_id": null |
| 22 | + }, |
| 23 | + "causality": { |
| 24 | + "parent_event_id": "evt_shell_launch_20260504_192158", |
| 25 | + "root_event_id": "evt_shell_launch_20260504_192158", |
| 26 | + "span_id": "span_policy_metadata_boundary", |
| 27 | + "trace_id": "trace_shell_launch_20260504_192158" |
| 28 | + }, |
| 29 | + "subject": { |
| 30 | + "type": "file", |
| 31 | + "id": "target_package_binary_directory", |
| 32 | + "display": "package-managed executable directory" |
| 33 | + }, |
| 34 | + "decision": { |
| 35 | + "decision_id": "dec_expected_metadata_boundary", |
| 36 | + "policy_bundle": "sourceos.baseline.telemetry", |
| 37 | + "policy_rule": "telemetry-agent.filesystem.executable-metadata-only", |
| 38 | + "operation": "file-read-data", |
| 39 | + "target_class": "package_binary_directory", |
| 40 | + "result": "deny", |
| 41 | + "semantic_outcome": "blocked_expected", |
| 42 | + "explanation_code": "POLICY_EXPECTED_METADATA_BOUNDARY" |
| 43 | + }, |
| 44 | + "privacy": { |
| 45 | + "tier": "user_private", |
| 46 | + "redaction_policy": "preserve_causality", |
| 47 | + "secret_fields": ["exact_target_path"] |
| 48 | + }, |
| 49 | + "evidence": [ |
| 50 | + { |
| 51 | + "evidence_id": "ev_kernel_sandbox_deny_metadata", |
| 52 | + "source": "kernel", |
| 53 | + "raw_ref": "rawlog:console-export:19:21:58.394", |
| 54 | + "summary": "Internal component was denied direct file data reads against a package-managed executable path." |
| 55 | + }, |
| 56 | + { |
| 57 | + "evidence_id": "ev_policy_expected_boundary", |
| 58 | + "source": "policy-engine", |
| 59 | + "raw_ref": null, |
| 60 | + "summary": "The block matched the expected metadata-boundary rule for telemetry components." |
| 61 | + } |
| 62 | + ], |
| 63 | + "operator_narrative": { |
| 64 | + "summary": "Internal telemetry component was denied direct executable-directory reads as expected.", |
| 65 | + "risk": "low", |
| 66 | + "why": "The component may classify package metadata but does not need direct file-data access to executable directories.", |
| 67 | + "next_action": "No action required; this is a successful policy boundary.", |
| 68 | + "drilldown_refs": ["ev_kernel_sandbox_deny_metadata", "ev_policy_expected_boundary"] |
| 69 | + }, |
| 70 | + "sync": { |
| 71 | + "replication_policy": "local_only", |
| 72 | + "retention_class": "standard", |
| 73 | + "exportable": false |
| 74 | + } |
| 75 | +} |
0 commit comments