openvet-policy 0.3.0

Requirement language and Kleene evaluator for OpenVet audit policies.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

//! Claim catalog, requirement language, and Kleene evaluator.
//!
//! Pipeline: `parse_str(toml)` → [`Policy`], then for each subject
//! call [`evaluate`] with the audits you've collected from your
//! configured logs to get a [`Verdict`]. The verdict's `Display`
//! impl produces the human-readable explanation `openvet check`
//! prints; programmatic consumers can walk the `Fail` variant's
//! `FailureReason`s directly.
//!
//! ```rust,ignore
//! use openvet_policy::{parse_str, evaluate};
//!
//! let policy = parse_str(r#"
//!     [requirement]
//!     safe-to-deploy = "(not memory-unsafe-code) or reviewed-unsafe"
//! "#)?;
//! let verdict = evaluate(&policy, &subject, &[("alice", &audit)]);
//! println!("{verdict}");
//! # Ok::<(), openvet_policy::PolicyError>(())
//! ```

pub mod config;
pub mod error;
pub mod eval;
pub mod expr;

pub use config::{
    Alias, Override, OverrideOp, Policy, Requirement, SubjectMatcher, parse, parse_str,
};
pub use error::{PolicyError, Result};
pub use eval::{
    AuditContradiction, FailureKind, FailureReason, Verdict, effective_requirements, evaluate,
};
pub use expr::{Expr, Tri};