Normandy.Behaviours.PolicyEngine behaviour (normandy v1.0.0)

View Source

Contract for per-tool-call policy decisions, consulted at the dispatch chokepoint via Normandy.Behaviours.Config.to_pipeline/1.

check/2 returns one of:

  • {:allow, meta} — proceed; meta is opaque allow-context.
  • {:deny, info} — block; info may carry :reason, :rule_id, :rationale. The rationale is fed back into the model context by the chokepoint, so the model learns why a constraint exists.
  • {:needs_approval, info} — park for human approval (interim-tagged in Phase 1; real parking lands in Phase 4).

The default impl AllowAll preserves current (allow-everything) behavior.

Summary

Types

call()
ctx()
decision()

Callbacks

check(call, ctx)

Types

call()

@type call() :: term()

ctx()

@type ctx() :: map()

decision()

@type decision() :: {:allow, map()} | {:deny, map()} | {:needs_approval, map()}

Callbacks

check(call, ctx)

@callback check(call(), ctx()) :: decision()