coulomb/flex-auth
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Add local decision log
Some checks failed
CI / Build and Test (push) Has been cancelled
Details
CI / Lint (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Bernd Worsch
2026-05-17 05:51:37 +02:00
parent 4342f98d83
commit 2b103ea70b
6 changed files with 211 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
internal/decision/engine.go
View File

@@ -23,6 +23,12 @@ type Engine struct {
policy *policy.Package
mu sync.RWMutex
history map[string]api.DecisionEnvelope
log DecisionRecorder
}
// DecisionRecorder persists decision envelopes.
type DecisionRecorder interface {
Append(api.DecisionEnvelope) error
}
// ListAllowedRequest describes a deterministic list_allowed call.
@@ -69,6 +75,13 @@ func NewEngine(store *registry.Store, policyPackage *policy.Package) (*Engine, e
}, nil
}
// SetDecisionLog attaches a local decision recorder to the engine.
func (e *Engine) SetDecisionLog(log DecisionRecorder) {
e.mu.Lock()
defer e.mu.Unlock()
e.log = log
}
// Check evaluates one subject/action/resource request.
func (e *Engine) Check(ctx context.Context, request api.CheckRequest) (api.DecisionEnvelope, error) {
normalized, facts := e.normalizeRequest(request)
@@ -79,7 +92,9 @@ func (e *Engine) Check(ctx context.Context, request api.CheckRequest) (api.Decis
}
decision := e.envelope(normalized, expectation, facts)
e.recordDecision(decision)
if err := e.recordDecision(decision); err != nil {
return api.DecisionEnvelope{}, err
}
return decision, nil
}
@@ -286,10 +301,14 @@ func (e *Engine) envelope(request api.CheckRequest, expectation api.DecisionExpe
return envelope
}
func (e *Engine) recordDecision(decision api.DecisionEnvelope) {
func (e *Engine) recordDecision(decision api.DecisionEnvelope) error {
e.mu.Lock()
defer e.mu.Unlock()
e.history[decision.ID] = decision
if e.log != nil {
return e.log.Append(decision)
}
return nil
}
func (e *Engine) caringDecisionMetadata(descriptor *api.CaringAccessDescriptor, findings []api.CaringConformanceFinding) *api.CaringDecisionMetadata {