Expand description
Policy loading, resolution, and authorization.
agent-policy is the governance core for Ferrify. It loads declarative mode
and approval-profile files from .agent/, merges them into an
EffectivePolicy, and decides whether a capability or mode transition is
allowed for the current run.
The crate deliberately separates repository configuration from application orchestration. That keeps policy versionable, reviewable, and testable without hardwiring repository-specific rules into the runtime itself.
§Examples
use agent_domain::ApprovalProfileSlug;
use agent_policy::{PolicyEngine, PolicyRepository};
let repository = PolicyRepository::load_from_root(std::path::Path::new("."))?;
let engine = PolicyEngine::new(repository);
let resolved = engine.resolve("architect", &ApprovalProfileSlug::new("default")?)?;
assert!(resolved
.effective_policy
.allowed_capabilities
.contains(&agent_domain::Capability::ReadWorkspace));Structs§
- Approval
Profile - A named approval profile loaded from
.agent/approvals/*.yaml. - Mode
Spec - A declarative execution mode loaded from
.agent/modes/*.yaml. - Policy
Engine - Resolves declarative policy into an effective policy and enforces approvals.
- Policy
Repository - In-memory policy data loaded from the repository.
- Resolved
Mode - A resolved mode paired with its effective policy.
Enums§
- Policy
Error - Errors produced while loading or enforcing policy.