git.stella-ops.org/src/Policy/StellaOps.Policy.Registry/Services/IPolicyPackCompiler.cs

using StellaOps.Policy.Registry.Contracts;
using StellaOps.Policy.Registry.Storage;

namespace StellaOps.Policy.Registry.Services;

/// <summary>
/// Service for compiling and validating policy packs.
/// Implements REGISTRY-API-27-003: Compile endpoint integration.
/// </summary>
public interface IPolicyPackCompiler
{
    /// <summary>
    /// Compiles a policy pack, validating all rules and computing a digest.
    /// </summary>
    Task<PolicyPackCompilationResult> CompileAsync(
        Guid tenantId,
        Guid packId,
        CancellationToken cancellationToken = default);

    /// <summary>
    /// Validates a single Rego rule without persisting.
    /// </summary>
    Task<RuleValidationResult> ValidateRuleAsync(
        string ruleId,
        string? rego,
        CancellationToken cancellationToken = default);

    /// <summary>
    /// Validates all rules in a policy pack without persisting.
    /// </summary>
    Task<PolicyPackCompilationResult> ValidatePackAsync(
        CreatePolicyPackRequest request,
        CancellationToken cancellationToken = default);
}

/// <summary>
/// Result of policy pack compilation.
/// </summary>
public sealed record PolicyPackCompilationResult
{
    public required bool Success { get; init; }
    public string? Digest { get; init; }
    public IReadOnlyList<CompilationError>? Errors { get; init; }
    public IReadOnlyList<CompilationWarning>? Warnings { get; init; }
    public PolicyPackCompilationStatistics? Statistics { get; init; }
    public long DurationMilliseconds { get; init; }

    public static PolicyPackCompilationResult FromSuccess(
        string digest,
        PolicyPackCompilationStatistics statistics,
        IReadOnlyList<CompilationWarning>? warnings,
        long durationMs) => new()
    {
        Success = true,
        Digest = digest,
        Statistics = statistics,
        Warnings = warnings,
        DurationMilliseconds = durationMs
    };

    public static PolicyPackCompilationResult FromFailure(
        IReadOnlyList<CompilationError> errors,
        IReadOnlyList<CompilationWarning>? warnings,
        long durationMs) => new()
    {
        Success = false,
        Errors = errors,
        Warnings = warnings,
        DurationMilliseconds = durationMs
    };
}

/// <summary>
/// Result of single rule validation.
/// </summary>
public sealed record RuleValidationResult
{
    public required bool Success { get; init; }
    public string? RuleId { get; init; }
    public IReadOnlyList<CompilationError>? Errors { get; init; }
    public IReadOnlyList<CompilationWarning>? Warnings { get; init; }

    public static RuleValidationResult FromSuccess(
        string ruleId,
        IReadOnlyList<CompilationWarning>? warnings = null) => new()
    {
        Success = true,
        RuleId = ruleId,
        Warnings = warnings
    };

    public static RuleValidationResult FromFailure(
        string ruleId,
        IReadOnlyList<CompilationError> errors,
        IReadOnlyList<CompilationWarning>? warnings = null) => new()
    {
        Success = false,
        RuleId = ruleId,
        Errors = errors,
        Warnings = warnings
    };
}

/// <summary>
/// Statistics from policy pack compilation.
/// </summary>
public sealed record PolicyPackCompilationStatistics
{
    public required int TotalRules { get; init; }
    public required int EnabledRules { get; init; }
    public required int DisabledRules { get; init; }
    public required int RulesWithRego { get; init; }
    public required int RulesWithoutRego { get; init; }
    public required IReadOnlyDictionary<string, int> SeverityCounts { get; init; }
}