Skip to content

Add local PolicyAdmission resolver v3#29

Merged
mdheller merged 9 commits intomainfrom
policy/policy-admission-resolver-v3
May 7, 2026
Merged

Add local PolicyAdmission resolver v3#29
mdheller merged 9 commits intomainfrom
policy/policy-admission-resolver-v3

Conversation

@mdheller
Copy link
Copy Markdown
Contributor

@mdheller mdheller commented May 7, 2026

Summary

Adds a clean, current-main local PolicyAdmission resolver for bootstrap dry-run flows.

Changes:

  • Adds src/agent_machine/policy_fabric.py.
  • Adds scripts/resolve-policy-admission.py.
  • Adds scripts/validate-policy-fabric.py.
  • Adds agent-machine policy resolve through Python and bootstrap CLI delegation.
  • Allows activation evaluation to use a resolved local policy from --policy-dir / --policy-file.
  • Adds validate-policy-fabric to make validate, while preserving validate-sourceos-projections from current main.
  • Updates package validation to import agent_machine.policy_fabric.
  • Adds docs/architecture/policy-admission-resolution.md.
  • Links PolicyAdmission resolution from docs/index.md.

Validation

Canonical validation remains:

make validate

Supersedes

This supersedes stale PR #22, which was based on an older main branch.

Production note

This is a deterministic local-store resolver only. A real Policy Fabric endpoint/client remains a later production-hardening task.

@mdheller mdheller merged commit c306852 into main May 7, 2026
2 checks passed
@mdheller mdheller mentioned this pull request May 7, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mdheller