[pitboss/grind] deferred session-0002 (20260516T052512Z-20f8)

2026-06-09 19:45:13 +02:00 · 2026-05-16 01:46:35 -05:00 · 2026-05-16 01:46:35 -05:00 · 282acddbbf
commit 282acddbbf
parent 7a2f82c2ab
11 changed files with 214 additions and 45 deletions
--- a/src/evidence.rs
+++ b/src/evidence.rs
@ -337,6 +337,12 @@ pub enum InconclusiveReason {
    /// `production-endpoint`) and an evidence excerpt for triage.
    PolicyDeniedDynamic {
        rule: String,
+        /// Logical name of the diag field that matched the deny rule
+        /// (e.g. `path`, `evidence.notes[2]`, `flow_steps[1].snippet`).
+        /// Empty string for verdicts loaded from older telemetry that
+        /// did not capture this field.
+        #[serde(default)]
+        field: String,
        excerpt: String,
    },
 }
@ -399,10 +405,23 @@ impl fmt::Display for InconclusiveReason {
                f,
                "{backend} backend cannot enforce isolation for {oracle_kind} oracle"
            ),
-            Self::PolicyDeniedDynamic { rule, excerpt } => write!(
-                f,
-                "dynamic execution refused by policy rule {rule} (matched: {excerpt})"
-            ),
+            Self::PolicyDeniedDynamic {
+                rule,
+                field,
+                excerpt,
+            } => {
+                if field.is_empty() {
+                    write!(
+                        f,
+                        "dynamic execution refused by policy rule {rule} (matched: {excerpt})"
+                    )
+                } else {
+                    write!(
+                        f,
+                        "dynamic execution refused by policy rule {rule} (matched {field}: {excerpt})"
+                    )
+                }
+            }
        }
    }
 }