mur_core/policy/

engine.rs

//! Policy engine — evaluates rules and constitution together before actions.
//!
//! The engine combines the constitution's boundary checks with fine-grained
//! policy rules and pattern injection.

use crate::constitution::Constitution;
use crate::types::{Action, ActionDecision};

use super::patterns::PatternStore;
use super::rules::{PolicyRuleSet, RuleAction, RuleContext};
use anyhow::Result;
use std::path::{Path, PathBuf};

/// The policy engine evaluates actions against both the constitution
/// and the policy rule set.
pub struct PolicyEngine {
    constitution: Constitution,
    rules: PolicyRuleSet,
    pattern_store: PatternStore,
    rules_path: PathBuf,
}

impl PolicyEngine {
    /// Create a new policy engine from a constitution and a rules directory.
    pub fn new(constitution: Constitution, rules_dir: &Path, patterns_dir: &Path) -> Self {
        let rules = load_rules_from_dir(rules_dir);
        Self {
            constitution,
            rules,
            pattern_store: PatternStore::new(patterns_dir),
            rules_path: rules_dir.to_path_buf(),
        }
    }

    /// Create a policy engine with an explicit rule set (for testing).
    pub fn with_rules(
        constitution: Constitution,
        rules: PolicyRuleSet,
        patterns_dir: &Path,
    ) -> Self {
        Self {
            constitution,
            rules,
            pattern_store: PatternStore::new(patterns_dir),
            rules_path: PathBuf::new(),
        }
    }

    /// Evaluate an action against the constitution and policy rules.
    ///
    /// Decision priority:
    /// 1. Constitution forbidden → Blocked (always wins)
    /// 2. Policy rules can *downgrade* (block or require approval) but cannot
    ///    *upgrade* a constitution `NeedsApproval` to `Allowed`.
    /// 3. Constitution requires_approval / auto_allowed
    /// 4. Default: NeedsApproval
    pub fn evaluate(&self, action: &Action) -> ActionDecision {
        // 1. Constitution forbidden check first (cannot be overridden)
        let constitution_decision = self.constitution.check_action(action);
        if matches!(constitution_decision, ActionDecision::Blocked { .. }) {
            return constitution_decision;
        }

        // 2. Check policy rules
        let ctx = RuleContext {
            action_type: serde_json::to_value(&action.action_type).ok().and_then(|v| v.as_str().map(String::from)).unwrap_or_default(),
            command: action.command.clone(),
            description: action.description.clone(),
            workflow_id: None,
            estimated_cost: None,
        };

        if let Some(rule_action) = self.rules.evaluate(&ctx) {
            return match rule_action {
                RuleAction::Allow => {
                    // Rules cannot upgrade NeedsApproval → Allowed.
                    // If the constitution requires approval, preserve that.
                    if matches!(constitution_decision, ActionDecision::NeedsApproval { .. }) {
                        constitution_decision
                    } else {
                        ActionDecision::Allowed
                    }
                }
                RuleAction::Deny { reason } => ActionDecision::Blocked { reason },
                RuleAction::RequireApproval { prompt } => {
                    ActionDecision::NeedsApproval { prompt }
                }
            };
        }

        // 3. Fall back to constitution decision
        constitution_decision
    }

    /// Evaluate an action with workflow context.
    pub fn evaluate_with_context(
        &self,
        action: &Action,
        workflow_id: Option<&str>,
        estimated_cost: Option<f64>,
    ) -> ActionDecision {
        // 1. Constitution forbidden check
        let constitution_decision = self.constitution.check_action(action);
        if matches!(constitution_decision, ActionDecision::Blocked { .. }) {
            return constitution_decision;
        }

        // 2. Check cost limits
        if let Some(cost) = estimated_cost {
            if !self.constitution.check_cost_per_run(cost) {
                return ActionDecision::Blocked {
                    reason: format!(
                        "Estimated cost ${:.2} exceeds per-run limit",
                        cost
                    ),
                };
            }
        }

        // 3. Check policy rules with full context
        let ctx = RuleContext {
            action_type: serde_json::to_value(&action.action_type).ok().and_then(|v| v.as_str().map(String::from)).unwrap_or_default(),
            command: action.command.clone(),
            description: action.description.clone(),
            workflow_id: workflow_id.map(|s| s.to_string()),
            estimated_cost,
        };

        if let Some(rule_action) = self.rules.evaluate(&ctx) {
            return match rule_action {
                RuleAction::Allow => {
                    // Rules cannot upgrade NeedsApproval → Allowed.
                    // If the constitution requires approval, preserve that.
                    if matches!(constitution_decision, ActionDecision::NeedsApproval { .. }) {
                        constitution_decision
                    } else {
                        ActionDecision::Allowed
                    }
                }
                RuleAction::Deny { reason } => ActionDecision::Blocked { reason },
                RuleAction::RequireApproval { prompt } => {
                    ActionDecision::NeedsApproval { prompt }
                }
            };
        }

        // 4. Fall back to constitution
        constitution_decision
    }

    /// Get pattern context for an action (for AI model injection).
    pub fn get_pattern_context(
        &self,
        action_type: &str,
        action_command: &str,
    ) -> Result<Option<String>> {
        self.pattern_store.format_context(action_type, action_command)
    }

    /// Get a reference to the current rule set.
    pub fn rules(&self) -> &PolicyRuleSet {
        &self.rules
    }

    /// Get a mutable reference to the current rule set.
    pub fn rules_mut(&mut self) -> &mut PolicyRuleSet {
        &mut self.rules
    }

    /// Save the current rules back to the rules directory.
    pub fn save_rules(&self) -> Result<()> {
        if self.rules_path.as_os_str().is_empty() {
            anyhow::bail!("Cannot save rules: rules path is not set");
        }
        std::fs::create_dir_all(&self.rules_path)?;
        // Remove existing rule files to prevent duplication on reload
        if let Ok(entries) = std::fs::read_dir(&self.rules_path) {
            for entry in entries.flatten() {
                let path = entry.path();
                if let Some(ext) = path.extension() {
                    if ext == "yaml" || ext == "yml" {
                        let _ = std::fs::remove_file(&path);
                    }
                }
            }
        }
        let path = self.rules_path.join("rules.yaml");
        let yaml = serde_yaml::to_string(&self.rules)?;
        std::fs::write(path, yaml)?;
        Ok(())
    }

    /// Reload rules from the rules directory.
    pub fn reload_rules(&mut self) {
        self.rules = load_rules_from_dir(&self.rules_path);
    }

    /// Get a reference to the constitution.
    pub fn constitution(&self) -> &Constitution {
        &self.constitution
    }

    /// Get a reference to the pattern store.
    pub fn pattern_store(&self) -> &PatternStore {
        &self.pattern_store
    }
}

/// Load all rule sets from YAML files in a directory and merge them.
fn load_rules_from_dir(dir: &Path) -> PolicyRuleSet {
    let mut combined = PolicyRuleSet { rules: vec![] };

    if !dir.exists() {
        return combined;
    }

    let patterns = [
        dir.join("*.yaml").to_string_lossy().to_string(),
        dir.join("*.yml").to_string_lossy().to_string(),
    ];

    for pat in &patterns {
        if let Ok(entries) = glob::glob(pat) {
            for entry in entries.flatten() {
                match std::fs::read_to_string(&entry) {
                    Ok(content) => {
                        match PolicyRuleSet::from_yaml(&content) {
                            Ok(rule_set) => {
                                combined.rules.extend(rule_set.rules);
                            }
                            Err(e) => {
                                tracing::warn!("Failed to parse policy rules {:?}: {}", entry, e);
                            }
                        }
                    }
                    Err(e) => {
                        tracing::warn!("Failed to read policy rules {:?}: {}", entry, e);
                    }
                }
            }
        }
    }

    combined
}

/// Default directories for policy engine.
pub fn default_rules_dir() -> PathBuf {
    directories::BaseDirs::new()
        .map(|d| d.home_dir().join(".mur").join("policies"))
        .unwrap_or_else(|| PathBuf::from(".mur/policies"))
}

pub fn default_patterns_dir() -> PathBuf {
    directories::BaseDirs::new()
        .map(|d| d.home_dir().join(".mur").join("patterns"))
        .unwrap_or_else(|| PathBuf::from(".mur/patterns"))
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::types::ActionType;

    fn sample_constitution() -> Constitution {
        let toml_str = r#"
[identity]
version = "1.0.0"
checksum = ""
signed_by = ""
signature = ""

[boundaries]
forbidden = ["rm -rf /", "DROP DATABASE"]
requires_approval = ["git push", "deploy *"]
auto_allowed = ["git status", "run tests", "read files"]

[resource_limits]
max_api_cost_per_run = 5.0
max_api_cost_per_day = 50.0
max_execution_time = 3600
max_concurrent_workflows = 3
max_file_write_size = "10MB"
allowed_directories = ["~/Projects"]
blocked_directories = ["/etc"]

[model_permissions]
thinking_model = { can_execute = false, can_read = true }
coding_model = { can_execute = true, can_read = true }
task_model = { can_execute = true, can_read = true }
"#;
        Constitution::from_toml(toml_str).unwrap()
    }

    fn make_action(command: &str, description: &str) -> Action {
        Action {
            id: uuid::Uuid::new_v4(),
            action_type: ActionType::Execute,
            description: description.to_string(),
            command: command.to_string(),
            working_dir: None,
            created_at: chrono::Utc::now(),
        }
    }

    #[test]
    fn test_constitution_forbidden_wins() {
        let dir = tempfile::TempDir::new().unwrap();
        let engine = PolicyEngine::with_rules(
            sample_constitution(),
            PolicyRuleSet { rules: vec![] },
            dir.path(),
        );

        let action = make_action("rm -rf /", "Delete everything");
        let decision = engine.evaluate(&action);
        assert!(matches!(decision, ActionDecision::Blocked { .. }));
    }

    #[test]
    fn test_policy_rule_cannot_upgrade_needs_approval() {
        use super::super::rules::{PolicyRule, RuleCondition};

        let dir = tempfile::TempDir::new().unwrap();
        let rules = PolicyRuleSet {
            rules: vec![PolicyRule {
                name: "allow-push".into(),
                description: "Allow git push to staging".into(),
                priority: 1,
                condition: RuleCondition {
                    action_type: None,
                    command_pattern: Some("git push origin staging".into()),
                    description_pattern: None,
                    workflow_id: None,
                    time_range: None,
                    cost_above: None,
                },
                action: RuleAction::Allow,
                enabled: true,
            }],
        };

        let engine = PolicyEngine::with_rules(sample_constitution(), rules, dir.path());

        // git push origin staging → constitution requires approval for "git push *",
        // policy rule says Allow, but rules cannot upgrade NeedsApproval → stays NeedsApproval
        let action = make_action("git push origin staging", "Push to staging");
        let decision = engine.evaluate(&action);
        assert!(matches!(decision, ActionDecision::NeedsApproval { .. }));

        // git push origin main → no policy rule matches, falls through to constitution
        let action2 = make_action("git push origin main", "Push to main");
        let decision2 = engine.evaluate(&action2);
        assert!(matches!(decision2, ActionDecision::NeedsApproval { .. }));
    }

    #[test]
    fn test_policy_rule_can_allow_when_constitution_allows() {
        use super::super::rules::{PolicyRule, RuleCondition};

        let dir = tempfile::TempDir::new().unwrap();
        let rules = PolicyRuleSet {
            rules: vec![PolicyRule {
                name: "allow-status".into(),
                description: "Explicitly allow git status".into(),
                priority: 1,
                condition: RuleCondition {
                    action_type: None,
                    command_pattern: Some("git status".into()),
                    description_pattern: None,
                    workflow_id: None,
                    time_range: None,
                    cost_above: None,
                },
                action: RuleAction::Allow,
                enabled: true,
            }],
        };

        let engine = PolicyEngine::with_rules(sample_constitution(), rules, dir.path());

        // git status → constitution auto_allowed, rule also allows → stays Allowed
        let action = make_action("git status", "Check status");
        let decision = engine.evaluate(&action);
        assert!(matches!(decision, ActionDecision::Allowed));
    }

    #[test]
    fn test_policy_rule_can_block_when_constitution_allows() {
        use super::super::rules::{PolicyRule, RuleCondition};

        let dir = tempfile::TempDir::new().unwrap();
        let rules = PolicyRuleSet {
            rules: vec![PolicyRule {
                name: "deny-status".into(),
                description: "Block git status for some reason".into(),
                priority: 1,
                condition: RuleCondition {
                    action_type: None,
                    command_pattern: Some("git status".into()),
                    description_pattern: None,
                    workflow_id: None,
                    time_range: None,
                    cost_above: None,
                },
                action: RuleAction::Deny {
                    reason: "Blocked by policy".into(),
                },
                enabled: true,
            }],
        };

        let engine = PolicyEngine::with_rules(sample_constitution(), rules, dir.path());

        // git status → constitution allows, but policy rule blocks → Blocked
        let action = make_action("git status", "Check status");
        let decision = engine.evaluate(&action);
        assert!(matches!(decision, ActionDecision::Blocked { .. }));
    }

    #[test]
    fn test_fallback_to_constitution() {
        let dir = tempfile::TempDir::new().unwrap();
        let engine = PolicyEngine::with_rules(
            sample_constitution(),
            PolicyRuleSet { rules: vec![] },
            dir.path(),
        );

        let action = make_action("git status", "Check status");
        let decision = engine.evaluate(&action);
        assert!(matches!(decision, ActionDecision::Allowed));
    }

    #[test]
    fn test_cost_limit_enforcement() {
        let dir = tempfile::TempDir::new().unwrap();
        let engine = PolicyEngine::with_rules(
            sample_constitution(),
            PolicyRuleSet { rules: vec![] },
            dir.path(),
        );

        let action = make_action("api call", "Call expensive model");
        let decision = engine.evaluate_with_context(&action, None, Some(10.0));
        assert!(matches!(decision, ActionDecision::Blocked { .. }));

        let decision2 = engine.evaluate_with_context(&action, None, Some(3.0));
        // Under limit, falls through to constitution (unknown action → needs approval)
        assert!(matches!(decision2, ActionDecision::NeedsApproval { .. }));
    }

    #[test]
    fn test_load_rules_from_dir() {
        let dir = tempfile::TempDir::new().unwrap();
        let yaml = r#"
rules:
  - name: test-rule
    priority: 1
    condition:
      command_pattern: "test*"
    action: allow
    enabled: true
"#;
        std::fs::write(dir.path().join("test-rules.yaml"), yaml).unwrap();

        let rules = load_rules_from_dir(dir.path());
        assert_eq!(rules.rules.len(), 1);
        assert_eq!(rules.rules[0].name, "test-rule");
    }

    #[test]
    fn test_pattern_context_integration() {
        let patterns_dir = tempfile::TempDir::new().unwrap();
        let rules_dir = tempfile::TempDir::new().unwrap();

        let yaml = r#"
id: deploy-safety
name: Deploy Safety
description: Always run health checks after deploy
inject: on_match
match_actions: ["deploy*"]
"#;
        std::fs::write(patterns_dir.path().join("deploy-safety.yaml"), yaml).unwrap();

        let engine = PolicyEngine::with_rules(
            sample_constitution(),
            PolicyRuleSet { rules: vec![] },
            patterns_dir.path(),
        );

        let ctx = engine
            .get_pattern_context("execute", "deploy production")
            .unwrap();
        assert!(ctx.is_some());
        assert!(ctx.unwrap().contains("Deploy Safety"));

        let no_ctx = engine.get_pattern_context("read", "git log").unwrap();
        // No patterns match "git log"
        assert!(no_ctx.is_none());
    }

    #[test]
    fn test_save_and_reload_rules() {
        let dir = tempfile::TempDir::new().unwrap();
        let patterns_dir = tempfile::TempDir::new().unwrap();

        let mut engine = PolicyEngine::new(
            sample_constitution(),
            dir.path(),
            patterns_dir.path(),
        );

        use super::super::rules::{PolicyRule, RuleCondition};
        engine.rules_mut().add_rule(PolicyRule {
            name: "saved-rule".into(),
            description: "".into(),
            priority: 50,
            condition: RuleCondition {
                action_type: None,
                command_pattern: Some("*".into()),
                description_pattern: None,
                workflow_id: None,
                time_range: None,
                cost_above: None,
            },
            action: RuleAction::Allow,
            enabled: true,
        });

        engine.save_rules().unwrap();
        engine.reload_rules();
        assert_eq!(engine.rules().rules.len(), 1);
        assert_eq!(engine.rules().rules[0].name, "saved-rule");
    }
}