Skip to content

refactor(sdk): slim PolicyEngine to check-only, add policy evaluation#199

Draft
RhysSullivan wants to merge 1 commit intomainfrom
rs/policy-engine-core
Draft

refactor(sdk): slim PolicyEngine to check-only, add policy evaluation#199
RhysSullivan wants to merge 1 commit intomainfrom
rs/policy-engine-core

Conversation

@RhysSullivan
Copy link
Copy Markdown
Owner

@RhysSullivan RhysSullivan commented Apr 11, 2026

PolicyEngine core interface now only exposes check which returns a
PolicyDecision (allow/deny/require_interaction/fallback). All CRUD
operations (list/get/add/update/remove) are removed from core and will
be provided by the policies plugin.

  • Add PolicyDecision, PolicyEffect, PolicyApprovalMode schemas
  • Add PolicyNotFoundError
  • Add policy-eval.ts with pattern matching and precedence logic
  • Update executor enforcement to handle all decision kinds
  • Add approval context to ElicitationContext
  • Update storage-file and storage-postgres to check-only engines
  • Add postgres migration for new policy schema shape

@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages bot commented Apr 11, 2026
edited
Loading

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs		 executor-cloud d0bfff8 Apr 11 2026, 09:36 PM

@RhysSullivan Graphite App
Copy link
Copy Markdown
Owner Author

RhysSullivan commented Apr 11, 2026

This stack of pull requests is managed by Graphite. Learn more about stacking.

@RhysSullivan RhysSullivan mentioned this pull request Apr 11, 2026
Draft
@RhysSullivan
refactor(sdk): upgrade PolicyEngine with evaluation logic and full CRUD
d0bfff8 
Reworks the PolicyEngine from a stub to a fully functional service:

- New Policy schema: toolPattern, effect (allow/deny), approvalMode
  (auto/required), enabled, priority, updatedAt
- PolicyDecision type with kinds: allow, deny, require_interaction, fallback
- policy-eval.ts: pattern matching, precedence sorting, decision evaluation
- Executor enforcement handles all decision kinds with elicitation support
- Full CRUD on PolicyEngine (list/get/add/update/remove) and Executor.policies
- In-memory, KV, and Postgres implementations updated
- Postgres migration for new schema shape
- ElicitationContext gains approval field for policy/annotation tracking
@RhysSullivan RhysSullivan force-pushed the rs/policy-engine-core branch from 188e605 to d0bfff8 Compare April 11, 2026 21:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@RhysSullivan