up

docs/modules/policy/samples/deterministic-evaluator/config-sample.yaml

@@ -0,0 +1,103 @@
+# Deterministic Evaluator Sample Configuration
+# This file demonstrates the configuration options for the policy evaluator
+# Version: 1.0
+
+evaluator:
+  # Determinism settings
+  determinism:
+    # Enforce strict determinism checks at runtime
+    enforceStrict: true
+
+    # Log warnings for potential non-deterministic operations
+    logWarnings: true
+
+    # Fail evaluation if non-deterministic operation detected
+    failOnViolation: true
+
+  # Rule evaluation settings
+  rules:
+    # First-match semantics: stop on first matching rule
+    firstMatchOnly: true
+
+    # Default status when no rules match
+    defaultStatus: "affected"
+
+    # Enable priority-based ordering (lower priority evaluates first)
+    priorityOrdering: true
+
+  # Exception handling settings
+  exceptions:
+    # Enable exception application after rule evaluation
+    enabled: true
+
+    # Specificity weights for exception scope matching
+    specificity:
+      ruleNameBase: 1000
+      ruleNamePerItem: 25
+      severityBase: 500
+      severityPerItem: 10
+      sourceBase: 250
+      sourcePerItem: 10
+      tagBase: 100
+      tagPerItem: 5
+
+    # Tie-breaker order: later CreatedAt wins, then lower Id wins
+    tieBreaker:
+      preferLaterCreatedAt: true
+      preferLowerIdOnTie: true
+
+  # Value type settings
+  values:
+    # Use decimal for all numeric comparisons (no floating-point)
+    useDecimalArithmetic: true
+
+    # Severity string-to-decimal mapping
+    severityOrder:
+      critical: 5
+      high: 4
+      medium: 3
+      moderate: 3
+      low: 2
+      informational: 1
+      info: 1
+      none: 0
+      unknown: -1
+
+  # Timestamp settings
+  timestamps:
+    # Format for all timestamp outputs
+    format: "yyyy-MM-ddTHH:mm:ss.fffZ"
+
+    # Timezone for all timestamps (must be UTC for determinism)
+    timezone: "UTC"
+
+  # Collection settings
+  collections:
+    # Use immutable collections for all internal state
+    useImmutable: true
+
+    # String comparison mode for keys/lookups
+    stringComparison: "OrdinalIgnoreCase"
+
+# Content hashing settings for verification
+hashing:
+  # Algorithm for content addressing
+  algorithm: "SHA256"
+
+  # Include in output for audit trail
+  includeInOutput: true
+
+  # Hash both input and output
+  hashInputs: true
+  hashOutputs: true
+
+# Logging settings for determinism auditing
+logging:
+  # Log rule evaluation order for debugging
+  logRuleOrder: false
+
+  # Log exception selection for debugging
+  logExceptionSelection: false
+
+  # Log final decision rationale
+  logDecisionRationale: true