Skip to content

refactor(bedrock): replace apply_guardrail temp clone with a borrowed view#345

Merged
vieiralucas merged 1 commit intomainfrom
worktree-cleanup-clones-bedrock-kinesis
Apr 13, 2026
Merged

refactor(bedrock): replace apply_guardrail temp clone with a borrowed view#345
vieiralucas merged 1 commit intomainfrom
worktree-cleanup-clones-bedrock-kinesis

Conversation

@vieiralucas
Copy link
Copy Markdown
Member

@vieiralucas vieiralucas commented Apr 13, 2026
edited by cubic-dev-ai Bot
Loading

Summary

`apply_guardrail` used to build a temporary `Guardrail` by field-cloning 13 values off either the DRAFT entry or a `GuardrailVersion`, only so that `evaluate_content` and the blocked-messaging fallback could read them back. Replace that with `GuardrailView<'a>`, a borrowed projection over the subset of fields the evaluator actually needs (`word_policy`, `topic_policy`, `sensitive_information_policy`, `blocked_input_messaging`, `blocked_outputs_messaging`).

  • Add `GuardrailView::from_guardrail` and `GuardrailView::from_version` constructors.
  • Extract a private `evaluate_content_view` that works over the view; the public `evaluate_content` still takes `&Guardrail` and delegates via `GuardrailView::from_guardrail` so its existing callers are unaffected.
  • `apply_guardrail` now builds a view in each branch (DRAFT vs. versioned) and reads the blocked messaging straight from the view instead of a cloned temporary.

Other clone audit notes

  • Kinesis `service.rs`: the `account_id = state.account_id.clone()` / `stream_name.clone()` pattern that shows up around 382 and 712 is load-bearing — the closure passing them into `stream_not_found` has to outlive the subsequent `state.streams.get_mut()` reborrow, so dropping the clones triggers the borrow checker. Left as-is.
  • Cognito `service/misc.rs:648`, `service/users.rs:105`: the `pool_id`/`username`/`region`/`account_id` clones in the refresh-token and admin-create flows are similarly load-bearing — the owning values are read under one borrow and later consumed by token issuance + trigger delivery outside that borrow.

StepFunctions `interpreter.rs`, SecretsManager, and CloudFormation clone audits will be separate PRs.

Test plan

  • `cargo fmt`
  • `cargo clippy --workspace --all-targets -- -D warnings`
  • `cargo test --workspace --exclude fakecloud-e2e --exclude fakecloud-conformance`

Summary by cubic

Replaced the temporary cloned Guardrail in apply_guardrail with a borrowed GuardrailView<'a> for content evaluation. This removes 13 field clones, reduces allocations, and keeps the public API and behavior unchanged.

  • Refactors
    • Added GuardrailView with word_policy, topic_policy, sensitive_information_policy, blocked_input_messaging, blocked_outputs_messaging.
    • Added GuardrailView::from_guardrail and GuardrailView::from_version.
    • Introduced internal evaluate_content_view; evaluate_content(&Guardrail) now delegates to it.
    • Updated apply_guardrail to build a view (DRAFT or versioned) and read blocked messaging directly from it.

Written for commit 5634d5e. Summary will update on new commits.

@vieiralucas
refactor(bedrock): replace apply_guardrail temp clone with a borrowed…
5634d5e 
… view

apply_guardrail used to synthesize a full Guardrail by field-cloning
13 values off either the DRAFT entry or a GuardrailVersion, only to
read the policy config + blocked messaging back out. Introduce
GuardrailView<'a>, a borrowed projection over the subset of fields
content evaluation actually touches, and drop the 13-field clone in
favor of GuardrailView::from_guardrail / from_version. evaluate_content
delegates to a new evaluate_content_view that operates on the view.
cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

@vieiralucas vieiralucas merged commit d9d34f8 into main Apr 13, 2026
22 checks passed
@vieiralucas vieiralucas deleted the worktree-cleanup-clones-bedrock-kinesis branch April 13, 2026 12:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vieiralucas