vm-cloudflare/layer0/preboot_logger.py

import datetime
import json
import os
from typing import Optional

from .shadow_classifier import ShadowEvalResult, Classification


class PrebootLogger:
    LOG_PATH = "anomalies/preboot_shield.jsonl"

    @staticmethod
    def log(event: ShadowEvalResult, query: str, reason_override: Optional[str] = None):
        if event.classification not in (Classification.CATASTROPHIC, Classification.FORBIDDEN):
            return  # Only violations get logged

        record = {
            "timestamp": datetime.datetime.utcnow().isoformat() + "Z",
            "query": query,
            "classification": event.classification.value,
            "reason": reason_override or event.reason,
            "trace_id": event.trace_id,
            "metadata": {
                "risk_score": event.risk_score,
                "flags": event.flags,
                "source": "layer0",
            },
        }

        os.makedirs(os.path.dirname(PrebootLogger.LOG_PATH), exist_ok=True)

        with open(PrebootLogger.LOG_PATH, "a", encoding="utf-8") as f:
            f.write(json.dumps(record) + "\n")