Skip to content

fix(policy): propagate skill trust level to PolicyContext in PolicyGateExecutor#2123

Merged
bug-ops merged 1 commit intomainfrom
fix/2112-policy-trust-level
Mar 22, 2026
Merged

fix(policy): propagate skill trust level to PolicyContext in PolicyGateExecutor#2123
bug-ops merged 1 commit intomainfrom
fix/2112-policy-trust-level

Conversation

@bug-ops
Copy link
Owner

@bug-ops bug-ops commented Mar 22, 2026

Summary

  • PolicyGateExecutor::set_effective_trust delegated to the inner executor but never updated self.context.trust_level, which was hardcoded to TrustLevel::Trusted at construction in src/runner.rs:746
  • Trust-level conditions in policy rules (trust_level = "verified" etc.) were always evaluated against Trusted, making trust-level-based access control non-functional
  • Fix: update context.trust_level inside set_effective_trust before delegating, using the same RwLock poisoning-safe pattern as update_context()

Changes

  • crates/zeph-tools/src/policy_gate.rs: set_effective_trust now writes level to self.context.trust_level before delegating to the inner executor
  • Two new unit tests: set_effective_trust_quarantined_blocks_verified_threshold_rule and set_effective_trust_trusted_satisfies_verified_threshold_rule
  • CHANGELOG.md: added fix entry

Test plan

  • cargo +nightly fmt --check passes
  • cargo clippy --workspace --features full -- -D warnings passes (0 warnings)
  • cargo nextest run --workspace --features full --lib --bins passes (6368 tests, +2 from baseline)
  • New tests directly verify trust propagation end-to-end through PolicyGateExecutor

Closes #2112

@github-actions github-actions bot added documentation Improvements or additions to documentation rust Rust code changes bug Something isn't working size/M Medium PR (51-200 lines) labels Mar 22, 2026
@bug-ops
fix(policy): propagate skill trust level to PolicyContext in PolicyGa…
f65e6bb 
…teExecutor

PolicyGateExecutor::set_effective_trust delegated to the inner executor
but never updated self.context.trust_level, which was hardcoded to
TrustLevel::Trusted at construction time. Trust-level conditions in
policy rules were therefore always evaluated against Trusted, making
trust_level-based access control non-functional.

Fix: update context.trust_level inside set_effective_trust before
delegating, using the same RwLock poisoning-safe pattern as the
existing update_context() method.

Two new unit tests verify end-to-end trust propagation through
PolicyGateExecutor: Quarantined context is denied by a Verified
threshold allow rule, and Trusted context satisfies it.

Closes #2112
@bug-ops bug-ops force-pushed the fix/2112-policy-trust-level branch from aa17f87 to f65e6bb Compare March 22, 2026 13:36
@bug-ops bug-ops enabled auto-merge (squash) March 22, 2026 13:36
@bug-ops bug-ops merged commit 2738e3c into main Mar 22, 2026
25 checks passed
@bug-ops bug-ops deleted the fix/2112-policy-trust-level branch March 22, 2026 13:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working documentation Improvements or additions to documentation rust Rust code changes size/M Medium PR (51-200 lines)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fix(policy): PolicyContext.trust_level hardcoded to Trusted — trust_level rule condition non-functional

1 participant

@bug-ops