Policy Engine

The policy engine intercepts every command before dispatch. Policies can clamp values, override fields, enforce ranges, or veto commands entirely. Rules are evaluated in order and later rules win on conflict.

Policy Struct

Rust Policy
auto-generated 
/// An ordered list of rules governing entities in an assigned group.
pub struct Policy {
    pub id: PolicyId,
    pub name: String,
    pub description: String,
    pub enabled: bool,
    /// Rules evaluated in order; later rules may override earlier ones.
    pub rules: Vec<PolicyRule>,
}

PolicyRule

Rust PolicyRule
auto-generated 
/// One rule within a policy.
pub struct PolicyRule {
    pub id: String,
    pub description: String,
    pub condition: RuleCondition,
    pub action: RuleAction,
}

PolicyEffect

Effect Behavior
SetFieldOverwrite a field assignment to a fixed value
ClampFieldClamp the assigned value to a min/max range
EnforceRangeVeto the entire command if value falls outside the allowed range

Veto Logic

Rust 
/// Returns Some(reason) if a policy vetoes the command.
pub fn check_command_veto(
    policies: &[Policy],
    cmd: &IssuedCommand,
) -> Option<String> {
    for policy in policies.iter().filter(|p| p.enabled) {
        for rule in &policy.rules {
            if let RuleAction::Veto { reason } = &rule.action {
                if rule.condition.matches(cmd) {
                    return Some(reason.clone());
                }
            }
        }
    }
    None
}

ObjectSet Expressions

The ObjectSet condition type uses eval_expr() to match entities by attribute. Expressions support comparison operators and logical combinators.

YAML 
# Match all HVAC units in building A with high CO2
object_set: "type == 'hvac' AND building == 'A' AND co2_ppm > 1000"

# Match entities in a named group
object_set: "group == 'floor-3-units'"

Evaluation Order

evaluate_policies() applies all matching rules in declaration order. When multiple rules target the same field, the later rule wins. Veto rules short-circuit immediately.

  • Policies are iterated in the order they appear in configuration.
  • Within a policy, rules are applied top to bottom.
  • ClampField and SetField modify the command in place before dispatch.
  • EnforceRange triggers a veto — the command is never dispatched.

Questions?

Reach out for help with integration, deployment, or custom domain codecs.

Get Started Request a Demo