BeamAgent.Policy (beam_agent_ex v0.1.0)

Copy Markdown View Source

Canonical BeamAgent policy profiles and deterministic evaluation.

Policy profiles provide reusable allow/deny decisions for approvals, commands, backend selection, routines, memory writes, compaction, and orchestration.

Profiles are stored documents with a default decision, ordered rules, and optional metadata. Evaluation is deterministic and deny-wins, so multiple domains can share the same policy vocabulary without introducing custom callback trees in each subsystem.

Summary

Types

action()
decision()
key_path()
match_spec()
profile()
profile_rule()

Functions

clear()

See :beam_agent_policy.clear/0.

ensure_tables()

See :beam_agent_policy.ensure_tables/0.

evaluate(profile_id, action, context)

See :beam_agent_policy.evaluate/3.

get_profile(profile_id)

See :beam_agent_policy.get_profile/1.

list_profiles()

See :beam_agent_policy.list_profiles/0.

put_profile(profile_id, profile)

See :beam_agent_policy.put_profile/2.

Types

action()

@type action() :: atom() | binary()

decision()

@type decision() :: :allow | :deny

key_path()

@type key_path() :: atom() | binary() | [atom() | binary()]

match_spec()

@type match_spec() ::
  :*
  | {:exists, key_path()}
  | {:eq, key_path(), term()}
  | {:member, key_path(), [term()]}
  | {:prefix, key_path(), binary()}
  | {:path_prefix, key_path(), binary()}

profile()

@type profile() :: %{
  profile_id: binary(),
  default: decision(),
  metadata: map(),
  rules: [profile_rule()],
  created_at: integer(),
  updated_at: integer()
}

profile_rule()

@type profile_rule() :: %{
  :action => action() | :*,
  :decision => decision(),
  :match => match_spec(),
  optional(:reason) => binary()
}

Functions

clear()

@spec clear() :: :ok

See :beam_agent_policy.clear/0.

ensure_tables()

@spec ensure_tables() :: :ok

See :beam_agent_policy.ensure_tables/0.

evaluate(profile_id, action, context)

@spec evaluate(nil, action(), map()) :: :allow
@spec evaluate(binary(), action(), map()) :: :allow | {:deny, binary()}

See :beam_agent_policy.evaluate/3.

get_profile(profile_id)

@spec get_profile(binary()) :: {:ok, profile()} | {:error, :not_found}

See :beam_agent_policy.get_profile/1.

list_profiles()

@spec list_profiles() :: {:ok, [profile()]}

See :beam_agent_policy.list_profiles/0.

put_profile(profile_id, profile)

@spec put_profile(binary(), map()) ::
  :ok
  | {:error,
     {:invalid_default
      | :invalid_match
      | :invalid_profile
      | :invalid_reason
      | :invalid_rule_action
      | :unsupported_profile_key
      | :unsupported_rule_key, term()}}

See :beam_agent_policy.put_profile/2.