Skip to content

[AAASM-2301] ✨ (scenarios): Add policy-enforcement/go/ implementation#32

Closed
Chisanan232 wants to merge 7 commits into
masterfrom
v0.0.1/AAASM-2301/feat/policy_enforcement_go
Closed

[AAASM-2301] ✨ (scenarios): Add policy-enforcement/go/ implementation#32
Chisanan232 wants to merge 7 commits into
masterfrom
v0.0.1/AAASM-2301/feat/policy_enforcement_go

Conversation

@Chisanan232

Copy link
Copy Markdown
Contributor

What changed

Adds the Go sub-project for the scenarios/policy-enforcement/ scenario. Reads the shared policy.yaml using gopkg.in/yaml.v3, builds a policyClient implementing assembly.GovernanceClient, and wraps four tools with assembly.WrapTools() — matching the pattern from go/tool-policy.

Files added (scenarios/policy-enforcement/go/):

  • policy.go — loads ../policy.yaml, builds policyClient with per-tool allow/deny rules and fail-closed default
  • tools.go — four tools: read-config, list-agents (ALLOWED), delete-agent, send-email (DENIED)
  • main.go — prints policy summary, runs all 4 wrapped tools, shows ALLOW/DENY with reasons
  • main_test.go — 6 tests: 2 allowed, 2 denied, default-deny, policy config load

Related ticket

Closes AAASM-2301

How to verify

cd scenarios/policy-enforcement/go
go run .          # prints ALLOW/DENY output
go test ./...     # 6 tests pass

Checklist

  • PR title follows [AAASM-XXXX] <GitEmoji> (<scope>): <summary>
  • No secrets, API keys, or .env files committed
  • Example sub-projects include their own README via the scenario-level README
  • SDK/runtime version dependencies are documented or pinned

@Chisanan232

Copy link
Copy Markdown
Contributor Author

Code Review — Claude Code

CI status

Check Result
build ✅ pass
run ✅ pass
SonarCloud ✅ pass

All checks green.

Scope completeness

Verified against AAASM-2301 ticket requirements. All 6 expected Go files are present:

  • scenarios/policy-enforcement/go/go.modmodule example.com/policy-enforcement, go 1.26.0
  • scenarios/policy-enforcement/go/go.sum
  • scenarios/policy-enforcement/go/tools.go — 4 tools: read-config, list-agents (ALLOWED), delete-agent, send-email (DENIED) ✅
  • scenarios/policy-enforcement/go/policy.gopolicyClient implementing assembly.GovernanceClient, loads ../policy.yaml via gopkg.in/yaml.v3
  • scenarios/policy-enforcement/go/main.go
  • scenarios/policy-enforcement/go/main_test.go — 6 tests ✅

Note on diff size: The PR diff currently shows Python and Node.js files from PRs #26 and #29 because this branch was stacked on top of them. The extra files will drop out once those PRs merge to master. The net-new scope is solely the go/ directory.

Code quality notes

  • Pattern is consistent with existing go/tool-policy example (assembly.WrapTools, policyClient.Check, assembly.PolicyViolationError) ✅
  • Tool names use underscores (read_config, delete_agent) matching policy.yaml keys — prevents silent default-deny fallthrough ✅
  • TestUnknownToolIsDeniedByDefault explicitly verifies fail-closed behaviour for unlisted tools ✅
  • TestLoadPolicyConfigRules validates the YAML file loads and has expected shape ✅

Verdict

✅ Ready to merge (after PRs #26 and #29 merge first). All CI green, AAASM-2301 scope fully covered.

@Chisanan232
Chisanan232 force-pushed the v0.0.1/AAASM-2301/feat/policy_enforcement_go branch from f606a97 to 6cdc2b8 Compare June 1, 2026 03:56
@sonarqubecloud

sonarqubecloud Bot commented Jun 1, 2026

Copy link
Copy Markdown

@Chisanan232 Chisanan232 closed this Jun 1, 2026
@Chisanan232
Chisanan232 deleted the v0.0.1/AAASM-2301/feat/policy_enforcement_go branch June 1, 2026 04:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant