From 2bb6e24fe3f5221b6e20f800326668c7005f173a Mon Sep 17 00:00:00 2001
From: Ragnor Comerford <hello@ragnor.co>
Date: Wed, 27 May 2026 13:04:59 +0200
Subject: [PATCH] mr-668: drop vestigial PolicyEngine surface
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* `validate_request` had zero callsites — pure surface for nothing.
* `deny`'s `_actor_id` and `_request` parameters were both unused
  (the underscore prefix gave it away); the message is built by the
  caller before `deny` ever sees the request. Trim both.

Closes the "public API that the type system can't justify" class
for the policy engine. No behavior change; every existing test
stays green because the deletions never had a runtime effect.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 crates/omnigraph-policy/src/lib.rs | 17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

diff --git a/crates/omnigraph-policy/src/lib.rs b/crates/omnigraph-policy/src/lib.rs
index a98830a..84c7c05 100644
--- a/crates/omnigraph-policy/src/lib.rs
+++ b/crates/omnigraph-policy/src/lib.rs
@@ -428,8 +428,6 @@ impl PolicyEngine {
     pub fn authorize(&self, actor_id: &str, request: &PolicyRequest) -> Result<PolicyDecision> {
         if !self.known_actors.contains(actor_id) {
             return Ok(self.deny(
-                actor_id,
-                request,
                 None,
                 format!(
                     "policy denied action '{}' for unknown actor '{}'",
@@ -503,16 +501,11 @@ impl PolicyEngine {
                         .unwrap_or_default(),
                     actor_id
                 );
-                self.deny(actor_id, request, matched_rule_id, message)
+                self.deny(matched_rule_id, message)
             }
         })
     }
 
-    pub fn validate_request(&self, actor_id: &str, request: &PolicyRequest) -> Result<()> {
-        let _ = self.authorize(actor_id, request)?;
-        Ok(())
-    }
-
     pub fn run_tests(&self, tests: &PolicyTestConfig) -> Result<()> {
         if tests.version != 1 {
             bail!("policy test version must be 1");
@@ -548,13 +541,7 @@ impl PolicyEngine {
         self.known_actors.len()
     }
 
-    fn deny(
-        &self,
-        _actor_id: &str,
-        _request: &PolicyRequest,
-        matched_rule_id: Option<String>,
-        message: String,
-    ) -> PolicyDecision {
+    fn deny(&self, matched_rule_id: Option<String>, message: String) -> PolicyDecision {
         PolicyDecision {
             allowed: false,
             matched_rule_id,