Policy Engine v2

14 tests demonstrate template matching, parameter validation, and range checks.

v2 Policy Features

Dual-Hash Fingerprinting: XXHash64 + SipHash128 for collision-resistant query matching
Parameter Type Validation: Enforce types (int, string, uuid) for query parameters
Range Checks: Validate parameter values are within allowed ranges
Learn Mode: Automatically generate policy rules from observed queries

Configuration

# policy-v2.yaml
version: 2
queries:
  - template: "SELECT id, name FROM users WHERE id = $1"
    fingerprint:
      xxhash64: "a1b2c3d4e5f67890"
      siphash128: "1234567890abcdef1234567890abcdef"
    parameters:
      - position: 1
        type: "int"
        min: 1
        max: 1000000

POLICY-001PASS

Parameter Within Range

SELECT id, name FROM users WHERE id = 42

Parameter value 42 is within the allowed range [1, 1000000]. Query is allowed.

POLICY-002BLOCKED

Parameter Out of Range

SELECT id, name FROM users WHERE id = -1

Expected Response

ERROR: Parameter validation failed
DETAIL: Parameter $1 value -1 is outside allowed range [1, 1000000].