Skip to content

feat: policy schema versioning + file-backed trust persistence#89

Merged
imran-siddique merged 1 commit intomainfrom
feat/policy-schema-trust-persistence
Mar 7, 2026
Merged

feat: policy schema versioning + file-backed trust persistence#89
imran-siddique merged 1 commit intomainfrom
feat/policy-schema-trust-persistence

Conversation

@imran-siddique
Copy link
Copy Markdown
Member

@imran-siddique imran-siddique commented Mar 7, 2026

Summary

Addresses two enterprise-readiness gaps:

Policy Schema Versioning (Closes #87)

The policy schema had a cosmetic \�ersion\ field that was never validated. Now:

  • apiVersion field: \governance.toolkit/v1\ in Policy model
  • Deprecation warnings: Legacy \1.0\ policies emit \DeprecationWarning\
  • Validation: Unsupported versions raise \ValueError\
  • Migration: \migrate_policy()\ converts v1.0 → governance.toolkit/v1
  • Schema validator: \�alidate_policy_schema()\ checks structure before load

File-Backed Trust Persistence (Closes #86)

Trust scores defaulted to in-memory (lost on restart). Now:

  • FileTrustStore: JSON file-backed, zero external deps
  • Atomic writes: Write-to-temp then rename (crash-safe)
  • Thread-safe: RLock for concurrent access
  • Corruption recovery: Gracefully starts fresh on corrupt files
  • Auto-creates dirs: Parent directories created on first write

Tests: 31 new, all passing

  • 18 schema versioning (validation, migration, deprecation, engine integration)
  • 13 trust store (CRUD, persistence across instances, corruption, auto-save)

@imran-siddique
feat: add policy schema versioning and file-backed trust persistence
15378b2 
- Policy schema versioning (#87):
  - Add apiVersion field (governance.toolkit/v1) to Policy model
  - Deprecation warnings for legacy version '1.0' policies
  - ValueError for unsupported apiVersion values
  - migrate_policy() for v1.0 → governance.toolkit/v1 migration
  - validate_policy_schema() for structural validation
  - 18 tests covering validation, migration, and engine integration

- File-backed trust persistence (#86):
  - FileTrustStore: JSON file-backed storage with atomic writes
  - Thread-safe via RLock, crash-safe via write-to-temp-then-rename
  - Auto-creates parent directories, handles corrupt files gracefully
  - Zero external dependencies (no Redis required)
  - 13 tests covering CRUD, persistence, corruption recovery

All 31 new tests pass.

Closes #86
Closes #87

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@imran-siddique imran-siddique merged commit 9f3419f into main Mar 7, 2026
23 of 24 checks passed
@imran-siddique imran-siddique deleted the feat/policy-schema-trust-persistence branch March 7, 2026 22:02
@github-actions github-actions bot added the tests label Mar 7, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 7, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@github-actions github-actions bot added agent-mesh agent-mesh package size/XL Extra large PR (500+ lines) labels Mar 7, 2026
@imran-siddique imran-siddique mentioned this pull request Mar 8, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

agent-mesh agent-mesh package size/XL Extra large PR (500+ lines) tests

Projects

None yet

Milestone

No milestone

1 participant

@imran-siddique