Function evaluate 

pub fn evaluate(
    policies: &[PolicyDocument],
    request: &EvalRequest<'_>,
) -> Decision

Evaluate a request against a set of policy documents.

Implements AWS’s standard identity-policy evaluation logic for Phase 1 features only. See the module-level docstring for the exhaustive list of what is and isn’t covered.

Algorithm

1. Walk every statement in every policy.
2. For each statement that matches the request’s action and resource:
   • If the statement has a Condition block, evaluate it against EvalRequest::context; skip the statement if the condition does not match.
   • If Effect: Deny → return Decision::ExplicitDeny immediately.
   • If Effect: Allow → record that we saw an allow.
3. After all statements are scanned: return Decision::Allow if any allow matched, otherwise Decision::ImplicitDeny.