Add bounded policy conditions#35

Merged

baraajack merged 1 commit into

mainfrom

pr-35-policy-conditions

Jun 9, 2026

baraajack commented Jun 9, 2026

Owner

Summary

Adds bounded policy conditions for authorization decisions.

Included

policy_conditions table with RLS enforcement
Closed condition vocabulary with agent_tool condition
PolicyConditionRepository for policy lookup and updates
Policy condition management API endpoint
Authorization deny path for matched policy conditions
New decision reason: "denied: policy condition matched"
policy_id persisted on decisions
Idempotency preserved through existing decision log path

Not Included

Policy DSL
Scripting
Arbitrary boolean expressions
Prompt-version conditions
UI or dashboards
SDK changes
Changes to ingestion or observability paths

Validation

Authorization service tests
Authorization endpoint tests
Full test suite passes: 130 passed
Policy deny is HTTP 200 with effect="deny"
policy_id persisted on governed decisions
Existing kill switch, budget, and tool governance tests still pass


          Add bounded policy conditions

fa3e96a

baraajack merged commit d9c0802 into main

4 checks passed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet