feat: Foundry unlocks — PolicyRewriter trait, DomainProfile, verb taxonomy seam#281
Conversation
- Added pub mod policy gate behind auth-rls-lite (PolicyRewriter trait + ColumnMaskRewriter from epiphany E1) - Added trajectory-audit feature alias on lance-graph-contract for the forward-stub step_trajectory_hash helper (E4 cross-PR bridge)
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 176566087c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| #[cfg(feature = "auth-rls-lite")] | ||
| pub trait PolicyRewriter: Send + Sync + std::fmt::Debug { |
There was a problem hiding this comment.
lib.rs enables the policy module for auth-rls, auth, and full, but the core API (PolicyRewriter and ColumnMaskRewriter) is compiled only under auth-rls-lite. In builds such as --features full (which currently does not imply auth-rls-lite), downstream code can see policy but cannot import or use the rewriter seam introduced by this change, causing feature-dependent unresolved-item breakage.
Useful? React with 👍 / 👎.
| _step: &UnifiedStep, | ||
| _trajectory: &[u64; 256], | ||
| ) -> u64 { | ||
| unimplemented!("see PR #279 outlook E4") |
There was a problem hiding this comment.
When the trajectory-audit feature is enabled, step_trajectory_hash is a public function that unconditionally calls unimplemented!, so any invocation will panic and can terminate orchestration at runtime. Because the feature is declared in Cargo.toml, consumers can enable it and hit this crash path; until implementation is ready, this should return a typed error or remain unavailable instead of panicking.
Useful? React with 👍 / 👎.
AdaWorldAPI
merged commit 2190eda
into
claude/foundry-fixes-r2-2026-04-29
…26-04-29 Re-land #281 unlocks (PolicyRewriter, DomainProfile) — orphaned by merge order
2 participants
Summary
Implements epiphanies E1 and E5 from PR #278 outlook review. Stacks on top of
claude/foundry-fixes-r2-2026-04-29.PolicyKind(RowFilter / ColumnMask / RowEncryption / DifferentialPrivacy / Audit),PolicyRewritertrait,ColumnMaskRewriteras concrete impl (skeleton — UDF wrap is follow-up).ColumnMaskRegistry+RedactionMode(Null / Constant / Hash / Truncate).RowEncryptionPolicy+DifferentialPrivacyPolicystubs.StepDomain::profile()returns per-domain orchestration profile:audit_retention_days(Medcare 2190 = 6yr HIPAA),auto_action_confidence(Medcare 0.92 > SMB 0.75),Escalation(Llm / Human / Reject),requires_fail_closed,VerbTaxonomyId(Generic / Smb / Medcare).StepDomain(LOW from review).lance-graph-contract(E4 forward-compat gate).Stats
auth-rls-lite)Test plan
cargo check -p lance-graph-callcenter --features auth-rls-lite— greencargo test -p lance-graph-callcenter --features auth-rls-lite --lib— 63 passedfrom_step_typefor all 7 variantshttps://claude.ai/code/session_01SbYsmmbPf9YQuYbHZN52Zh