Skip to main content

GovernanceEngine

clawft_kernel::governance

Struct GovernanceEngine 

Source 
pub struct GovernanceEngine { /* private fields */ }
Expand description

Governance engine.

Evaluates actions against governance rules and the environment’s risk threshold. Without the governance feature gate, all evaluations return Permit.

Implementations§

Source§

impl GovernanceEngine

Source

pub fn new(risk_threshold: f64, human_approval_required: bool) -> Self

Create a governance engine with the given risk threshold.

Source

pub fn open() -> Self

Create an open governance engine that permits everything.

Source

pub fn add_rule(&mut self, rule: GovernanceRule)

Add a governance rule.

Source

pub fn active_rules(&self) -> Vec<&GovernanceRule>

Get all active rules.

Source

pub fn rules_by_branch(&self, branch: &GovernanceBranch) -> Vec<&GovernanceRule>

Get rules by branch.

Source

pub fn evaluate(&self, request: &GovernanceRequest) -> GovernanceResult

Evaluate a governance request.

Decision logic:

  1. If any blocking/critical rule applies, deny.
  2. If effect magnitude exceeds threshold:
    • If human_approval_required, escalate.
    • Otherwise deny.
  3. If any warning rule applies, permit with warning.
  4. Otherwise permit.
Source

pub fn risk_threshold(&self) -> f64

Get the configured risk threshold.

Source

pub fn rule_count(&self) -> usize

Get total rule count.

Source

pub fn evaluate_in_environment( &self, request: &GovernanceRequest, env: &Environment, ) -> GovernanceResult

Evaluate a governance request in the context of a specific environment.

Different environment classes apply different risk thresholds:

  • Development: uses the environment’s own risk_threshold (lenient, typically 0.9).
  • Staging: uses the environment’s own risk_threshold (moderate, typically 0.6).
  • Production: uses half the environment’s risk_threshold (strict, typically 0.15).
  • Custom: uses the custom class’s risk_threshold directly.

After normal rule evaluation, an additional effect-magnitude check is performed against the environment-adjusted threshold. If the magnitude exceeds it, the decision is overridden to Deny.

Source

pub fn evaluate_logged( &self, request: &GovernanceRequest, chain: Option<&ChainManager>, ) -> GovernanceResult

Evaluate a governance request and log the decision to the chain.

This is the recommended entry point when a ChainManager is available. It calls evaluate and records an ipc.dead_letter-style audit event via [ChainLoggable].

If no chain manager is provided, behaves identically to evaluate.

Source

pub fn evaluate_in_environment_logged( &self, request: &GovernanceRequest, env: &Environment, chain: Option<&ChainManager>, ) -> GovernanceResult

Evaluate in an environment and log the decision to the chain.

Source

pub fn chain_log_result( cm: &ChainManager, request: &GovernanceRequest, result: &GovernanceResult, )

Log a governance result to the ExoChain.

Can be called after any evaluate / evaluate_in_environment call to record the decision in the audit trail.

Source§

impl GovernanceEngine

Source

pub fn to_rvf_mode(&self) -> GovernanceMode

Derive the equivalent RVF GovernanceMode from this engine’s config.

  • risk_threshold >= 1.0 (open) → Autonomous
  • human_approval_requiredApproved
  • otherwise → Restricted
Source

pub fn to_rvf_policy(&self) -> GovernancePolicy

Build an RVF GovernancePolicy from this engine’s configuration.

Uses the default tool lists and cost budgets for each mode. Callers can customize the returned policy further if needed.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more