harness_core/

pack.rs

// SPDX-License-Identifier: Apache-2.0 OR MIT
//! Policy-pack types + loader.
//!
//! Ports `load_pack` from `harness.py`. Keeps the loose serde shape (extra
//! fields tolerated; unknown rule fields ignored) so example packs that ship
//! `_note` / future fields still load.

use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};
use serde_json::Value;
use std::fs;
use std::path::Path;

use crate::SPEC_VERSION;

#[derive(Debug)]
pub enum PackError {
    Io(String),
    Json(String),
    MissingField(String),
    SpecMismatch { got: String, want: &'static str },
    ExpiresAtUnparseable(String),
    Expired(String),
    SignatureAlgUnsupported(String),
}

impl std::fmt::Display for PackError {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            PackError::Io(s) => write!(f, "pack_load_failed:{s}"),
            PackError::Json(s) => write!(f, "pack_load_failed:json:{s}"),
            PackError::MissingField(s) => write!(f, "pack_missing_fields: {s}"),
            PackError::SpecMismatch { got, want } => {
                write!(f, "pack_spec_version_mismatch: got {got:?}, daemon supports {want:?}")
            }
            PackError::ExpiresAtUnparseable(s) => write!(f, "pack_expires_at_unparseable:{s}"),
            PackError::Expired(s) => write!(f, "pack_expired: {s}"),
            PackError::SignatureAlgUnsupported(s) => {
                write!(f, "pack_signature_alg_unsupported: {s:?}")
            }
        }
    }
}

impl std::error::Error for PackError {}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PolicyPack {
    pub spec_version: String,
    pub pack_id: String,
    pub pack_name: String,
    pub issuer: String,
    pub issued_at: String,
    pub expires_at: String,
    pub jurisdictions: Vec<String>,
    pub rules: Vec<Rule>,
    pub default_decision: String,
    pub signature: Signature,
    /// Anything else (e.g. forward-compat fields) is preserved here.
    #[serde(flatten)]
    pub extra: serde_json::Map<String, Value>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Rule {
    pub rule_id: String,
    pub r#match: Match,
    pub policy: Policy,
    #[serde(default)]
    pub deny_reason: Option<String>,
    #[serde(default)]
    pub layer: Option<String>,
    #[serde(default)]
    pub warn_only: bool,
    #[serde(flatten)]
    pub extra: serde_json::Map<String, Value>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Match {
    /// Either a single action string or a list of action strings; the daemon
    /// treats both shapes identically (see `_match_action` in the Python ref).
    #[serde(default)]
    pub action: Value,
    #[serde(default)]
    pub fields: Option<Vec<String>>,
    #[serde(flatten)]
    pub extra: serde_json::Map<String, Value>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Policy {
    pub language: String,
    pub module: String,
    #[serde(flatten)]
    pub extra: serde_json::Map<String, Value>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Signature {
    pub alg: String,
    #[serde(default)]
    pub kid: Option<String>,
    #[serde(default)]
    pub value: Option<String>,
}

/// Load + validate a policy pack from disk.
///
/// Ports `load_pack` from `harness.py` line-for-line:
/// - JSON parse
/// - required top-level fields present
/// - spec_version matches `ahp-policy-pack/0.1`
/// - `expires_at` parses + is in the future
/// - signature.alg is EdDSA; the sentinel `REFERENCE_PACK_NOT_SIGNED_LOCAL_DEV_ONLY`
///   value is allowed (caller may emit a warning).
pub fn load_pack(path: &Path) -> Result<PolicyPack, PackError> {
    let bytes = fs::read(path).map_err(|e| PackError::Io(format!("{e}")))?;
    // Validate-shape first via Value, then re-parse to the typed struct. This lets
    // us produce the same "pack_missing_fields: [...]" error shape as the Python
    // ref (sorted list of missing required keys), regardless of struct order.
    let raw: Value =
        serde_json::from_slice(&bytes).map_err(|e| PackError::Json(format!("{e}")))?;
    let obj = raw
        .as_object()
        .ok_or_else(|| PackError::Json("top-level not an object".into()))?;

    const REQUIRED: &[&str] = &[
        "spec_version",
        "pack_id",
        "pack_name",
        "issuer",
        "issued_at",
        "expires_at",
        "jurisdictions",
        "rules",
        "default_decision",
        "signature",
    ];
    let mut missing: Vec<&str> = REQUIRED.iter().copied().filter(|k| !obj.contains_key(*k)).collect();
    if !missing.is_empty() {
        missing.sort();
        let formatted = format!(
            "[{}]",
            missing.iter().map(|s| format!("'{s}'")).collect::<Vec<_>>().join(", ")
        );
        return Err(PackError::MissingField(formatted));
    }

    let pack: PolicyPack = serde_json::from_value(raw).map_err(|e| PackError::Json(format!("{e}")))?;

    if pack.spec_version != SPEC_VERSION {
        return Err(PackError::SpecMismatch {
            got: pack.spec_version.clone(),
            want: SPEC_VERSION,
        });
    }

    // Expiry. Accept trailing 'Z' the same way the Python ref does.
    let expires_normalized = pack.expires_at.replace('Z', "+00:00");
    let exp: DateTime<Utc> = DateTime::parse_from_rfc3339(&expires_normalized)
        .map_err(|e| PackError::ExpiresAtUnparseable(format!("{e}")))?
        .with_timezone(&Utc);
    if exp < Utc::now() {
        return Err(PackError::Expired(pack.expires_at.clone()));
    }

    if pack.signature.alg != "EdDSA" {
        return Err(PackError::SignatureAlgUnsupported(pack.signature.alg.clone()));
    }
    // The `REFERENCE_PACK_NOT_SIGNED_LOCAL_DEV_ONLY` sentinel is accepted; the
    // CLI layer warns. Production must verify against the issuer JWKS.

    Ok(pack)
}