Skip to content

[5c] Policy reason traces #15

Open
Open
[5c] Policy reason traces#15
Labels
enhancementNew feature or requestmvpCortex MVP scope
@andrmaz

Description

@andrmaz
andrmaz
opened on Jun 4, 2026

What to build

Every policy evaluation (from #14) produces a structured reason trace: which rules matched, what decision was reached (allow / deny / redact), and for denied queries a machine-readable reason code. Traces are attached to the request context and emitted as a typed output for audit log consumption.

Acceptance criteria

  • Policy decision traces include: rule id, matched condition, decision (allow/deny/redact), and reason code for denials.
  • Traces are available on the request context object after evaluation completes.
  • Denied queries include a reason code that is human-readable and machine-parseable.
  • Unit tests assert trace shape for allow, deny, and redact outcomes.

Blocked by

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestmvpCortex MVP scope

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions