Class: RosettAi::Policy::TierHierarchy

Inherits:

Object

• Object
• RosettAi::Policy::TierHierarchy

Defined in:

lib/rosett_ai/policy/tier_hierarchy.rb

Overview

Enforces tighten-only policy inheritance across organisational tiers.

Policy hierarchy: org > team > project. Child tiers can add patterns or restrictions but can never remove patterns set by parent tiers.

Constant Summary

TIERS =

['mandatory', 'advisory', 'informational'].freeze

SCOPES =

['org', 'team', 'project'].freeze

Instance Method Summary

• #valid_scope?(scope) ⇒ Boolean

  Validates that a scope is valid.

• #valid_tier?(tier) ⇒ Boolean

  Validates that a policy tier is valid.

• #validate_tighten_only(parent:, child:) ⇒ Hash

  Validates that a child policy does not loosen a parent policy.

Instance Method Details

#valid_scope?(scope) ⇒ Boolean

Validates that a scope is valid.

Parameters:

• scope (String) —

  scope name

Returns:

• (Boolean) —

  true if valid

# File 'lib/rosett_ai/policy/tier_hierarchy.rb', line 43

def valid_scope?(scope)
  SCOPES.include?(scope)
end

#valid_tier?(tier) ⇒ Boolean

Validates that a policy tier is valid.

Parameters:

• tier (String) —

  policy tier name

Returns:

• (Boolean) —

  true if valid

# File 'lib/rosett_ai/policy/tier_hierarchy.rb', line 35

def valid_tier?(tier)
  TIERS.include?(tier)
end

#validate_tighten_only(parent:, child:) ⇒ Hash

Validates that a child policy does not loosen a parent policy.

Parameters:

• parent (DenyList) —

  parent deny list

• child (DenyList) —

  child deny list

Returns:

• (Hash) —

  with +:valid+ (Boolean) and +:violations+ (Array)

# File 'lib/rosett_ai/policy/tier_hierarchy.rb', line 21

def validate_tighten_only(parent:, child:)
  removed = parent.patterns - child.patterns
  return { valid: true, violations: [] } if removed.empty?

  violations = removed.map do |pattern|
    "Cannot remove deny-list pattern from parent policy: #{pattern}"
  end
  { valid: false, violations: violations }
end