Path matching

app/models/event.rb

@@ -9,11 +9,13 @@ class Event < ApplicationRecord
   has_one :waf_policy, through: :rule
 
   # Enums for fixed value sets
+  # Canonical WAF action order - aligned with Rule and Agent models
   enum :waf_action, {
-    allow: 0,       # allow/pass
-    deny: 1,        # deny/block
+    deny: 0,        # deny/block
+    allow: 1,       # allow/pass
     redirect: 2,    # redirect
-    challenge: 3    # challenge (future implementation)
+    challenge: 3,   # challenge (CAPTCHA, JS challenge, etc.)
+    log: 4          # log only, no action (monitoring mode)
   }, default: :allow, scopes: false
 
   enum :request_method, {
@@ -42,7 +44,7 @@ class Event < ApplicationRecord
   scope :by_waf_action, ->(waf_action) { where(waf_action: waf_action) }
   scope :blocked, -> { where(waf_action: :deny) }
   scope :allowed, -> { where(waf_action: :allow) }
-  scope :rate_limited, -> { where(waf_action: 'rate_limit') }
+  scope :logged, -> { where(waf_action: :log) }
 
   # Tag-based filtering scopes using PostgreSQL array operators
   scope :with_tag, ->(tag) { where("tags @> ARRAY[?]", tag.to_s) }
@@ -346,8 +348,8 @@ class Event < ApplicationRecord
     waf_action.in?(['allow', 'pass'])
   end
 
-  def rate_limited?
-    waf_action == 'rate_limit'
+  def logged?
+    waf_action == 'log'
   end
 
   def challenged?