Class: Aidp::Execute::GuardPolicy

Inherits:

Object

• Object
• Aidp::Execute::GuardPolicy

Defined in:

lib/aidp/execute/guard_policy.rb

Overview

Enforces safety constraints during work loops Responsibilities:

• Check file patterns (include/exclude globs)

• Enforce max lines changed per commit

• Track files requiring confirmation

• Validate changes against policy before execution

Instance Attribute Summary

• #config ⇒ Object readonly

  Returns the value of attribute config.

• #project_dir ⇒ Object readonly

  Returns the value of attribute project_dir.

Instance Method Summary

• #bypass? ⇒ Boolean

  Bypass guards (for specific use cases like testing).

• #can_modify_file?(file_path) ⇒ Boolean

  Validate if a file can be modified Returns { allowed: true/false, reason: string }.

• #confirm_file(file_path) ⇒ Object

  Confirm a file for modification (one-time confirmation).

• #confirmed?(file_path) ⇒ Boolean

  Check if file has been confirmed.

• #disable! ⇒ Object

  Disable guards.

• #enable! ⇒ Object

  Enable guards (override bypass).

• #enabled? ⇒ Boolean

  Check if guards are enabled.

• #files_requiring_confirmation ⇒ Object

  Get list of files requiring confirmation.

• #initialize(project_dir, config) ⇒ GuardPolicy constructor

  A new instance of GuardPolicy.

• #requires_confirmation?(file_path) ⇒ Boolean

  Check if file requires confirmation.

• #summary ⇒ Object

  Get summary of guard policy configuration.

• #validate_changes(diff_stats) ⇒ Object

  Check if total lines changed exceeds limit diff_stats: { file_path => { additions: n, deletions: n } }.

Constructor Details

#initialize(project_dir, config) ⇒ GuardPolicy

Returns a new instance of GuardPolicy.

# File 'lib/aidp/execute/guard_policy.rb', line 16

def initialize(project_dir, config)
  @project_dir = project_dir
  @config = config
  @confirmed_files = Set.new
end

Instance Attribute Details

#config ⇒ Object (readonly)

Returns the value of attribute config.

# File 'lib/aidp/execute/guard_policy.rb', line 14

def config
  @config
end

#project_dir ⇒ Object (readonly)

Returns the value of attribute project_dir.

# File 'lib/aidp/execute/guard_policy.rb', line 14

def project_dir
  @project_dir
end

Instance Method Details

#bypass? ⇒ Boolean

Bypass guards (for specific use cases like testing)

Returns:

• (Boolean)

# File 'lib/aidp/execute/guard_policy.rb', line 139

def bypass?
  ENV["AIDP_BYPASS_GUARDS"] == "1" || config.dig(:bypass) == true
end

#can_modify_file?(file_path) ⇒ Boolean

Validate if a file can be modified Returns { allowed: true/false, reason: string }

Returns:

• (Boolean)

# File 'lib/aidp/execute/guard_policy.rb', line 29

def can_modify_file?(file_path)
  return {allowed: true} unless enabled?

  normalized_path = normalize_path(file_path)

  # Check exclude patterns first
  if excluded?(normalized_path)
    return {
      allowed: false,
      reason: "File matches exclude pattern in guards configuration"
    }
  end

  # Check include patterns (if specified, file must match at least one)
  if has_include_patterns? && !included?(normalized_path)
    return {
      allowed: false,
      reason: "File does not match any include pattern in guards configuration"
    }
  end

  # Check if file requires confirmation
  if requires_confirmation?(normalized_path) && !confirmed?(normalized_path)
    return {
      allowed: false,
      reason: "File requires one-time confirmation before modification",
      requires_confirmation: true,
      file_path: normalized_path
    }
  end

  {allowed: true}
end

#confirm_file(file_path) ⇒ Object

Confirm a file for modification (one-time confirmation)

# File 'lib/aidp/execute/guard_policy.rb', line 64

def confirm_file(file_path)
  normalized_path = normalize_path(file_path)
  @confirmed_files.add(normalized_path)
end

#confirmed?(file_path) ⇒ Boolean

Check if file has been confirmed

Returns:

• (Boolean)

# File 'lib/aidp/execute/guard_policy.rb', line 119

def confirmed?(file_path)
  normalized_path = normalize_path(file_path)
  @confirmed_files.include?(normalized_path)
end

#disable! ⇒ Object

Disable guards

# File 'lib/aidp/execute/guard_policy.rb', line 149

def disable!
  config[:enabled] = false
end

#enable! ⇒ Object

Enable guards (override bypass)

# File 'lib/aidp/execute/guard_policy.rb', line 144

def enable!
  config[:enabled] = true
end

#enabled? ⇒ Boolean

Check if guards are enabled

Returns:

• (Boolean)

# File 'lib/aidp/execute/guard_policy.rb', line 23

def enabled?
  config.dig(:enabled) == true
end

#files_requiring_confirmation ⇒ Object

Get list of files requiring confirmation

# File 'lib/aidp/execute/guard_policy.rb', line 101

def files_requiring_confirmation
  return [] unless enabled?

  patterns = config.dig(:confirm_files) || []
  patterns.map { |pattern| expand_glob_pattern(pattern) }.flatten.compact
end

#requires_confirmation?(file_path) ⇒ Boolean

Check if file requires confirmation

Returns:

• (Boolean)

# File 'lib/aidp/execute/guard_policy.rb', line 109

def requires_confirmation?(file_path)
  return false unless enabled?

  patterns = config.dig(:confirm_files) || []
  normalized_path = normalize_path(file_path)

  patterns.any? { |pattern| matches_pattern?(normalized_path, pattern) }
end

#summary ⇒ Object

Get summary of guard policy configuration

# File 'lib/aidp/execute/guard_policy.rb', line 125

def summary
  return {enabled: false} unless enabled?

  {
    enabled: true,
    include_patterns: config.dig(:include_files) || [],
    exclude_patterns: config.dig(:exclude_files) || [],
    confirm_patterns: config.dig(:confirm_files) || [],
    max_lines_per_commit: config.dig(:max_lines_per_commit),
    confirmed_files: @confirmed_files.to_a
  }
end

#validate_changes(diff_stats) ⇒ Object

Check if total lines changed exceeds limit diff_stats: { file_path => { additions: n, deletions: n } }

# File 'lib/aidp/execute/guard_policy.rb', line 71

def validate_changes(diff_stats)
  return {valid: true} unless enabled?

  errors = []

  # Check max lines per commit
  if (max_lines = config.dig(:max_lines_per_commit))
    total_changes = calculate_total_changes(diff_stats)

    if total_changes > max_lines
      errors << "Total lines changed (#{total_changes}) exceeds limit (#{max_lines})"
    end
  end

  # Check each file against policy
  diff_stats.each do |file_path, stats|
    result = can_modify_file?(file_path)
    unless result[:allowed]
      errors << "#{file_path}: #{result[:reason]}"
    end
  end

  if errors.any?
    {valid: false, errors: errors}
  else
    {valid: true}
  end
end