Skip to content

Implement Phase 12: Policy Engine#15

Merged
richardkiene merged 1 commit into
mainfrom
feature/phase-12-policy-engine
Jan 18, 2026
Merged

Implement Phase 12: Policy Engine#15
richardkiene merged 1 commit into
mainfrom
feature/phase-12-policy-engine

Conversation

@richardkiene
Copy link
Copy Markdown
Contributor

@richardkiene richardkiene commented Jan 18, 2026

Summary

  • Add policy evaluation engine for deny/require/warn rules from mortar files
  • Integrate policy check into connection validation pipeline with audit logging
  • Add API endpoints for policy inspection

Changes

  • Policy Types: PolicyDecision enum (Allow/Deny/Warn), PolicyEvaluationContext, EvaluatedPolicy, PolicyInfo
  • Policy Engine: Core evaluation logic for deny rules (with exceptions), require rules, and warn rules (cross-network detection)
  • Policy Manager: Lifecycle management per mortar project with service-to-mortar mapping
  • Events: PolicyEvaluated and PolicyViolation event types for audit logging
  • API: GET /v1/policies and GET /v1/policies/{mortar_id} endpoints
  • Integration: Policy check added to validate_connection() in network validation

Test plan

  • 8 unit tests for PolicyEngine rule matching
  • 6 unit tests for PolicyManager lifecycle
  • 6 unit tests for PolicyDecision and types
  • 11 E2E tests covering:
    • Policy load/unload lifecycle
    • Deny rules blocking connections
    • Deny rules with exceptions
    • Warn rules for cross-network communication
    • Multiple deny rules (first match wins)
    • Wildcard deny rules
    • Mortar project isolation
    • Policy events emitted
    • Serialization

@richardkiene
Implement Phase 12: Policy Engine
f592553 
Add policy evaluation engine for deny/require/warn rules from mortar files.

- Add PolicyDecision enum (Allow/Deny/Warn) with serialization support
- Add PolicyEngine for evaluating deny, require, and warn rules
- Add PolicyManager for policy lifecycle per mortar project
- Integrate policy check into connection validation pipeline
- Add PolicyEvaluated and PolicyViolation event types for audit logging
- Add API endpoints GET /v1/policies and GET /v1/policies/{mortar_id}
- Add 11 E2E tests covering deny rules, exceptions, warnings, and isolation
@richardkiene richardkiene merged commit cef76cd into main Jan 18, 2026
0 of 3 checks passed
@richardkiene richardkiene deleted the feature/phase-12-policy-engine branch January 18, 2026 19:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@richardkiene