Enum PolicyDecision 

pub enum PolicyDecision {
    Allow,
    Deny {
        reason: String,
    },
    Mutate {
        headers: Vec<(String, String)>,
        body: Option<Vec<u8>>,
    },
}

Outcome of a single policy evaluation.

See the module docs for why this is a flat enum instead of Result<(), String>. The TL;DR: callers need to branch on three normal outcomes (Allow / Deny / Mutate), and the host must not conflate “policy said no” with “engine exploded”.

Variants

Allow

Proceed with the request, no changes. The default for 99% of successful policy evaluations.

Deny

Refuse the request. The host MUST forward reason to the structured log and should surface it to the client when the engine is trusted (the Cedar and CEL refs produce reasons safe for 403 bodies — custom engines must document their own guarantees).

Fields

reason: String

Human-readable explanation produced by the policy author. Example: "principal lacks scope posts:write on posts/123".

Mutate

Proceed, but apply response-side obligations on the way out.

The host applies these after the handler runs — header injection before headers flush, body substitution before the response hits the wire. Both fields are optional; a Mutate with neither headers nor body is legal (a no-op, but engines may emit it during composition) and the host treats it as Allow.

Fields

headers: Vec<(String, String)>

Headers to append to (not replace) the outbound response. Empty vec = no header changes. Same-key duplicates are permitted — the host appends them in order.

body: Option<Vec<u8>>

Replacement body. Some(bytes) overwrites the handler’s body wholesale; None leaves it untouched. Engines that only redact fields typically emit Some with the rewritten JSON.

Implementations

impl PolicyDecision

pub fn deny(reason: impl Into<String>) -> Self

Convenience: a Deny with the given reason, owning the string.

pub fn is_allowed(&self) -> bool

true for Allow and for Mutate (both proceed). false for Deny. Useful for middleware that only needs the gate decision and handles mutation elsewhere.

Trait Implementations

impl Clone for PolicyDecision

fn clone(&self) -> PolicyDecision

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for PolicyDecision

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl PartialEq for PolicyDecision

fn eq(&self, other: &PolicyDecision) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Eq for PolicyDecision

impl StructuralPartialEq for PolicyDecision