Skip to content

Expand policy fixtures to cover remaining rule patterns #4

Description

@Faux16

Context

The spec README targets fixtures/policies/ covering all rule patterns — "10 example policies" (coming). Today there are 5:

  • 01-block-external-email.json
  • 02-block-pii-outbound.json
  • 03-log-database-writes.json
  • 04-vendor-allowlist.json
  • 05-multi-rule-composite.json

Goal

Expand fixtures/policies/ to cover the remaining canonical rule patterns the policy DSL supports, plus matching test-vector entries in test-vectors/v0.1-policy-decisions.json so the SDKs' policy evaluators (both already shipped Phase β) stay byte-aligned.

Scope (checklist)

Rule-pattern combinations still uncovered (audit the DSL surface — the list below is best-effort):

  • Conformance-level gates — policy that requires L2 or higher.
  • Time-of-day / windowed rules.
  • Per-actor allowlist (vs. the existing per-vendor one).
  • Per-tool budget caps (rate / count).
  • Conditional rules — match on prior session state.
  • Decision callbacks — policy that requires Flow C (L3).
  • Negation / NOT operators.
  • Cross-action correlation (e.g., "block if N file_reads in last minute").

Each fixture should:

  1. Validate against schemas/policy.json.
  2. Have a matching entry in test-vectors/v0.1-policy-decisions.json — input event + expected decision.
  3. Pass through both SDKs' policy evaluators with byte-identical results.

Pointers


🚀 Start here

What: add policy fixtures covering rule patterns/matchers not yet exercised. See the matcher set used by the reference evaluator (equals, in/not_in, starts_with/ends_with, contains_pattern, domain_in/domain_not_in, fallback) and the existing files in fixtures/policies/.

Files: add fixtures/policies/NN-<pattern>.json.

How to test locally:

python -m jsonschema -i fixtures/policies/NN-your-policy.json schemas/policy.json

Acceptance criteria:

  • Fixtures cover the remaining matchers + a multi-rule / fallback case.
  • Each validates against schemas/policy.json.
  • DCO sign-off.

Metadata

Metadata

Assignees

No one assigned

    Labels

    good first issueGood entry point for a new contributorstatus:needs-triageNewly opened, not yet assessed by a maintainertype:featureAdditive change — new functionality

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions