Expand description
RFC-001 Phase 3 (minimal) — per-org pairing policy persistence.
The receiver’s trusted-org set + inbound mode, stored at
config/wire/org_policies.json. Implements the OrgPolicy trait
(pair_decision) that decide() consumes, so the live pairing wiring
(P1b) can look up “do I auto/notify-pair members of this org?”.
Fail-closed. A missing or malformed policy file loads as the empty
policy → every org is untrusted (None) → decide() returns Manual
(today’s default-deny bilateral flow). A broken policy must never grant
eased pairing, so loading never errors.
This is the minimal subset the wiring needs (org_did → inbound mode). The
full filtering surface from amendment #83 (first-match-wins table, the
org_attestation/project columns, the consent-gated wire_org_set_policy
MCP tool, AC-FILT) layers on top of this store.
Structs§
- File
OrgPolicy - File-backed per-org policy. Maps
org_did→ inbound mode for the orgs the receiver trusts; absence means untrusted (default-deny).