Class: RosettAi::Policy::TierHierarchy
- Inherits:
-
Object
- Object
- RosettAi::Policy::TierHierarchy
- Defined in:
- lib/rosett_ai/policy/tier_hierarchy.rb
Overview
Enforces tighten-only policy inheritance across organisational tiers.
Policy hierarchy: org > team > project. Child tiers can add patterns or restrictions but can never remove patterns set by parent tiers.
Constant Summary collapse
- TIERS =
Returns Defined tier levels.
['mandatory', 'advisory', 'informational'].freeze
- SCOPES =
Returns Supported configuration scope names.
['org', 'team', 'project'].freeze
Instance Method Summary collapse
-
#valid_scope?(scope) ⇒ Boolean
Validates that a scope is valid.
-
#valid_tier?(tier) ⇒ Boolean
Validates that a policy tier is valid.
-
#validate_tighten_only(parent:, child:) ⇒ Hash
Validates that a child policy does not loosen a parent policy.
Instance Method Details
#valid_scope?(scope) ⇒ Boolean
Validates that a scope is valid.
45 46 47 |
# File 'lib/rosett_ai/policy/tier_hierarchy.rb', line 45 def valid_scope?(scope) SCOPES.include?(scope) end |
#valid_tier?(tier) ⇒ Boolean
Validates that a policy tier is valid.
37 38 39 |
# File 'lib/rosett_ai/policy/tier_hierarchy.rb', line 37 def valid_tier?(tier) TIERS.include?(tier) end |
#validate_tighten_only(parent:, child:) ⇒ Hash
Validates that a child policy does not loosen a parent policy.
23 24 25 26 27 28 29 30 31 |
# File 'lib/rosett_ai/policy/tier_hierarchy.rb', line 23 def validate_tighten_only(parent:, child:) removed = parent.patterns - child.patterns return { valid: true, violations: [] } if removed.empty? violations = removed.map do |pattern| "Cannot remove deny-list pattern from parent policy: #{pattern}" end { valid: false, violations: violations } end |