An event the egress runtime emits as telemetry per request lifecycle.

The egress sidecar emits an event when a request starts (:request_opened), when policy decides on the request (:request_allowed or :request_denied), when its outcome is known (:request_closed), and when an allowed request never completes cleanly (:request_failed, e.g. the workspace rejected the session CA or the upstream was unreachable).

Most callers only care about :request_closed and :request_failed. The lifecycle separation exists so suspension-point gating (held between :request_opened and the decision) can surface live in-flight requests to a UI or human reviewer.

:matched_rule carries decision provenance on :request_allowed / :request_denied: %{index: non_neg_integer, kind: :allow | :deny | :decide}. It is nil for the default action and for lifecycle-only events.