Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Decision ¶
type Decision struct {
Effect Effect `json:"effect"`
Policy string `json:"policy,omitempty"`
Rule string `json:"rule,omitempty"`
Message string `json:"message,omitempty"`
Matched bool `json:"matched"`
Evaluated int `json:"evaluated_rules"`
Error error `json:"error"`
ErrorMessage string `json:"error_message,omitempty"`
}
Decision captures the result of evaluating a policy set.
type Document ¶
type Document struct {
Version string `json:"version,omitempty" yaml:"version,omitempty"`
DefaultEffect *Effect `json:"default_effect,omitempty" yaml:"default_effect,omitempty"`
Policies []Policy `json:"policies" yaml:"policies"`
}
Document describes a collection of policies that can be serialized as JSON or YAML.
func LoadJSONDocument ¶
LoadJSONDocument reads a JSON document from disk.
type Engine ¶
type Engine struct {
// contains filtered or unexported fields
}
Engine evaluates compiled policies against an input context.
func CompileDocument ¶
func CompileDocument(doc Document, opts ...EngineOption) (*Engine, error)
CompileDocument converts a policy document into an executable engine.
func CompilePolicies ¶
func CompilePolicies(policies []Policy, opts ...EngineOption) (*Engine, error)
CompilePolicies is a convenience helper when you already materialised policies.
func (*Engine) Evaluate ¶
Evaluate runs all compiled policies against the provided context value. The final decision honours DENY over ALLOW, with a configurable default fallback.
When WithEffectPrecedence is configured, all matching rules are evaluated and the decision with the highest-priority effect wins. Otherwise, DENY short-circuits and the first non-deny match wins.
type EngineOption ¶
type EngineOption func(*engineConfig)
EngineOption configures compilation behaviour.
func WithDefaultEffect ¶
func WithDefaultEffect(effect Effect) EngineOption
WithDefaultEffect defines the fallback effect used when no rule matches.
func WithEffectPrecedence ¶ added in v0.0.3
func WithEffectPrecedence(effects ...Effect) EngineOption
WithEffectPrecedence defines the priority order of effects for conflict resolution. Effects listed first have higher priority. When multiple rules match, the effect with the highest priority wins regardless of rule or policy ordering. Any matched effect not in the list is treated as lowest priority (first-match-wins among them).
Example for custody: WithEffectPrecedence(EffectDeny, EffectReview, EffectAllow) This means DENY beats REVIEW beats ALLOW, regardless of rule order.
func WithExprOptions ¶
func WithExprOptions(opts ...expr.Option) EngineOption
WithExprOptions passes expr compilation options for every rule.
func WithSchemaDefinition ¶
func WithSchemaDefinition(schema any) EngineOption
WithSchemaDefinition defines the expected data structure for type validation at compile time. Pass an empty struct to define which fields exist and their types. Unknown fields or type mismatches will be caught during policy compilation. Example: policy.WithSchemaDefinition(TransactionContext{})
type Policy ¶
type Policy struct {
Name string `json:"name" yaml:"name"`
Description string `json:"description,omitempty" yaml:"description,omitempty"`
DefaultEffect *Effect `json:"default_effect,omitempty" yaml:"default_effect,omitempty"`
Rules []Rule `json:"rules" yaml:"rules"`
Tags []string `json:"tags,omitempty" yaml:"tags,omitempty"`
}
Policy groups a list of rules under a logical name.
type Rule ¶
type Rule struct {
ID string `json:"id,omitempty" yaml:"id,omitempty"`
Description string `json:"description,omitempty" yaml:"description,omitempty"`
Effect Effect `json:"effect" yaml:"effect"`
Condition string `json:"condition" yaml:"condition"`
Metadata map[string]string `json:"metadata,omitempty" yaml:"metadata,omitempty"`
}
Rule contains a single expression condition paired with an outcome.
Source Files