Policy loading, resolution, and authorization.

agent-policy is the governance core for Ferrify. It loads declarative mode and approval-profile files from .agent/, merges them into an [EffectivePolicy], and decides whether a capability or mode transition is allowed for the current run.

The crate deliberately separates repository configuration from application orchestration. That keeps policy versionable, reviewable, and testable without hardwiring repository-specific rules into the runtime itself.

Examples

use agent_domain::ApprovalProfileSlug;
use agent_policy::{PolicyEngine, PolicyRepository};

# fn main() -> Result<(), Box<dyn std::error::Error>> {
let repository = PolicyRepository::load_from_root(std::path::Path::new("."))?;
let engine = PolicyEngine::new(repository);
let resolved = engine.resolve("architect", &ApprovalProfileSlug::new("default")?)?;

assert!(resolved
    .effective_policy
    .allowed_capabilities
    .contains(&agent_domain::Capability::ReadWorkspace));
# Ok(())
# }