From a806af32285e88ec1a78d0f7b067a091aefe9ebc Mon Sep 17 00:00:00 2001
From: Ayush Rawat <ayush.rawat@thewitslab.com>
Date: Tue, 3 Mar 2026 15:02:04 +0530
Subject: [PATCH] Update Policy Enforcer Configuration Keys

- Changed configuration key from `policyDir` to `policyPaths` across multiple YAML files and related code to standardize the naming convention.
- Updated documentation to reflect the new key name and its usage for specifying local directories containing `.rego` policy files.
- Adjusted tests to ensure compatibility with the updated configuration structure.
---
 config/local-beckn-one-bap.yaml               |  2 +-
 config/local-beckn-one-bpp.yaml               |  2 +-
 config/local-simple.yaml                      |  4 +--
 config/onix/adapter.yaml                      |  8 ++---
 .../implementation/policyenforcer/README.md   |  2 +-
 .../implementation/policyenforcer/config.go   | 18 +++++-----
 .../implementation/policyenforcer/enforcer.go |  2 +-
 .../policyenforcer/enforcer_test.go           | 34 +++++++++----------
 .../policyenforcer/evaluator.go               | 10 +++---
 9 files changed, 41 insertions(+), 41 deletions(-)

diff --git a/config/local-beckn-one-bap.yaml b/config/local-beckn-one-bap.yaml
index 84f6090..f9b12b9 100644
--- a/config/local-beckn-one-bap.yaml
+++ b/config/local-beckn-one-bap.yaml
@@ -89,7 +89,7 @@ modules:
         policyEnforcer:
           id: policyenforcer
           config:
-            policyDir: "./policies"
+            policyPaths: "./policies"
         middleware:
           - id: reqpreprocessor
             config:
diff --git a/config/local-beckn-one-bpp.yaml b/config/local-beckn-one-bpp.yaml
index 812c588..956b893 100644
--- a/config/local-beckn-one-bpp.yaml
+++ b/config/local-beckn-one-bpp.yaml
@@ -87,7 +87,7 @@ modules:
         policyEnforcer:
           id: policyenforcer
           config:
-            policyDir: "./policies"
+            policyPaths: "./policies"
       steps:
         - validateSign
         - policyEnforcer
diff --git a/config/local-simple.yaml b/config/local-simple.yaml
index 270d046..2888a27 100644
--- a/config/local-simple.yaml
+++ b/config/local-simple.yaml
@@ -69,7 +69,7 @@ modules:
         policyEnforcer:
           id: policyenforcer
           config:
-            policyDir: "./policies"
+            policyPaths: "./policies"
         middleware:
           - id: reqpreprocessor
             config:
@@ -170,7 +170,7 @@ modules:
         policyEnforcer:
           id: policyenforcer
           config:
-            policyDir: "./policies"
+            policyPaths: "./policies"
       steps:
         - validateSign
         - policyEnforcer
diff --git a/config/onix/adapter.yaml b/config/onix/adapter.yaml
index 77485af..d838f64 100644
--- a/config/onix/adapter.yaml
+++ b/config/onix/adapter.yaml
@@ -51,7 +51,7 @@ modules:
         policyEnforcer:
           id: policyenforcer
           config:
-            policyDir: "./policies"
+            policyPaths: "./policies"
         signValidator:
           id: signvalidator
         publisher:
@@ -106,7 +106,7 @@ modules:
         policyEnforcer:
           id: policyenforcer
           config:
-            policyDir: "./policies"
+            policyPaths: "./policies"
         signer:
           id: signer
         publisher:
@@ -162,7 +162,7 @@ modules:
         policyEnforcer:
           id: policyenforcer
           config:
-            policyDir: "./policies"
+            policyPaths: "./policies"
         signValidator:
           id: signvalidator
         publisher:
@@ -217,7 +217,7 @@ modules:
         policyEnforcer:
           id: policyenforcer
           config:
-            policyDir: "./policies"
+            policyPaths: "./policies"
         signer:
           id: signer
         publisher:
diff --git a/pkg/plugin/implementation/policyenforcer/README.md b/pkg/plugin/implementation/policyenforcer/README.md
index df77fab..dd94f45 100644
--- a/pkg/plugin/implementation/policyenforcer/README.md
+++ b/pkg/plugin/implementation/policyenforcer/README.md
@@ -18,7 +18,7 @@ All config keys are passed via `map[string]string` in the adapter YAML config.
 | Key | Required | Default | Description |
 |-----|----------|---------|-------------|
 | `policyUrls` | At least one of `policyUrls`, `policyDir`, or `policyFile` required | — | Comma-separated list of URLs, local file paths, or directory paths to `.rego` files |
-| `policyDir` | | `./policies` | Local directory containing `.rego` files |
+| `policyPaths` | | `./policies` | Local directory or path containing `.rego` files |
 | `policyFile` | | — | Single local `.rego` file path |
 | `query` | No | `data.policy.violations` | Rego query returning violation strings |
 | `actions` | No | *(empty — all actions)* | Comma-separated beckn actions to enforce. When omitted, all actions are evaluated and the Rego policy itself decides which to gate. |
diff --git a/pkg/plugin/implementation/policyenforcer/config.go b/pkg/plugin/implementation/policyenforcer/config.go
index 1bdeca7..52351f5 100644
--- a/pkg/plugin/implementation/policyenforcer/config.go
+++ b/pkg/plugin/implementation/policyenforcer/config.go
@@ -8,9 +8,9 @@ import (
 
 // Config holds the configuration for the Policy Enforcer plugin.
 type Config struct {
-	// PolicyDir is a local directory containing .rego policy files (all loaded).
-	// At least one policy source (PolicyDir, PolicyFile, or PolicyUrls) is required.
-	PolicyDir string
+	// PolicyPaths is a local directory containing .rego policy files (all loaded).
+	// At least one policy source (PolicyPaths, PolicyFile, or PolicyUrls) is required.
+	PolicyPaths string
 
 	// PolicyFile is a single local .rego file path.
 	PolicyFile string
@@ -42,7 +42,7 @@ type Config struct {
 
 // Known config keys that are handled directly (not forwarded to RuntimeConfig).
 var knownKeys = map[string]bool{
-	"policyDir":    true,
+	"policyPaths":  true,
 	"policyFile":   true,
 	"policyUrls":   true,
 	"query":        true,
@@ -65,8 +65,8 @@ func DefaultConfig() *Config {
 func ParseConfig(cfg map[string]string) (*Config, error) {
 	config := DefaultConfig()
 
-	if dir, ok := cfg["policyDir"]; ok && dir != "" {
-		config.PolicyDir = dir
+	if dir, ok := cfg["policyPaths"]; ok && dir != "" {
+		config.PolicyPaths = dir
 	}
 	if file, ok := cfg["policyFile"]; ok && file != "" {
 		config.PolicyFile = file
@@ -82,12 +82,12 @@ func ParseConfig(cfg map[string]string) (*Config, error) {
 		}
 	}
 
-	if config.PolicyDir == "" && config.PolicyFile == "" && len(config.PolicyUrls) == 0 {
+	if config.PolicyPaths == "" && config.PolicyFile == "" && len(config.PolicyUrls) == 0 {
 		// Fall back to the default ./policies directory if it exists on disk.
 		if info, err := os.Stat("./policies"); err == nil && info.IsDir() {
-			config.PolicyDir = "./policies"
+			config.PolicyPaths = "./policies"
 		} else {
-			return nil, fmt.Errorf("at least one policy source is required (policyDir, policyFile, or policyUrls)")
+			return nil, fmt.Errorf("at least one policy source is required (policyPaths, policyFile, or policyUrls)")
 		}
 	}
 
diff --git a/pkg/plugin/implementation/policyenforcer/enforcer.go b/pkg/plugin/implementation/policyenforcer/enforcer.go
index 194c72f..4826acd 100644
--- a/pkg/plugin/implementation/policyenforcer/enforcer.go
+++ b/pkg/plugin/implementation/policyenforcer/enforcer.go
@@ -24,7 +24,7 @@ func New(cfg map[string]string) (*PolicyEnforcer, error) {
 		return nil, fmt.Errorf("policyenforcer: config error: %w", err)
 	}
 
-	evaluator, err := NewEvaluator(config.PolicyDir, config.PolicyFile, config.PolicyUrls, config.Query, config.RuntimeConfig)
+	evaluator, err := NewEvaluator(config.PolicyPaths, config.PolicyFile, config.PolicyUrls, config.Query, config.RuntimeConfig)
 	if err != nil {
 		return nil, fmt.Errorf("policyenforcer: failed to initialize OPA evaluator: %w", err)
 	}
diff --git a/pkg/plugin/implementation/policyenforcer/enforcer_test.go b/pkg/plugin/implementation/policyenforcer/enforcer_test.go
index e8ff4d0..4afd8cb 100644
--- a/pkg/plugin/implementation/policyenforcer/enforcer_test.go
+++ b/pkg/plugin/implementation/policyenforcer/enforcer_test.go
@@ -37,12 +37,12 @@ func writePolicyDir(t *testing.T, filename, content string) string {
 func TestParseConfig_RequiresPolicySource(t *testing.T) {
 	_, err := ParseConfig(map[string]string{})
 	if err == nil {
-		t.Fatal("expected error when no policyDir, policyFile, or policyUrls given")
+		t.Fatal("expected error when no policyPaths, policyFile, or policyUrls given")
 	}
 }
 
 func TestParseConfig_Defaults(t *testing.T) {
-	cfg, err := ParseConfig(map[string]string{"policyDir": "/tmp"})
+	cfg, err := ParseConfig(map[string]string{"policyPaths": "/tmp"})
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
@@ -59,7 +59,7 @@ func TestParseConfig_Defaults(t *testing.T) {
 
 func TestParseConfig_RuntimeConfigForwarding(t *testing.T) {
 	cfg, err := ParseConfig(map[string]string{
-		"policyDir":            "/tmp",
+		"policyPaths":          "/tmp",
 		"minDeliveryLeadHours": "6",
 		"customParam":          "value",
 	})
@@ -76,8 +76,8 @@ func TestParseConfig_RuntimeConfigForwarding(t *testing.T) {
 
 func TestParseConfig_CustomActions(t *testing.T) {
 	cfg, err := ParseConfig(map[string]string{
-		"policyDir": "/tmp",
-		"actions":   "confirm, select, init",
+		"policyPaths": "/tmp",
+		"actions":     "confirm, select, init",
 	})
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
@@ -380,9 +380,9 @@ violations contains "blocked" if { input.context.action == "confirm"; input.bloc
 	dir := writePolicyDir(t, "test.rego", policy)
 
 	enforcer, err := New(map[string]string{
-		"policyDir": dir,
-		"query":     "data.policy.violations",
-		"actions":   "confirm",
+		"policyPaths": dir,
+		"query":       "data.policy.violations",
+		"actions":     "confirm",
 	})
 	if err != nil {
 		t.Fatalf("New failed: %v", err)
@@ -404,9 +404,9 @@ violations contains "blocked" if { input.context.action == "confirm" }
 	dir := writePolicyDir(t, "test.rego", policy)
 
 	enforcer, err := New(map[string]string{
-		"policyDir": dir,
-		"query":     "data.policy.violations",
-		"actions":   "confirm",
+		"policyPaths": dir,
+		"query":       "data.policy.violations",
+		"actions":     "confirm",
 	})
 	if err != nil {
 		t.Fatalf("New failed: %v", err)
@@ -433,9 +433,9 @@ violations contains "blocked" if { true }
 	dir := writePolicyDir(t, "test.rego", policy)
 
 	enforcer, err := New(map[string]string{
-		"policyDir": dir,
-		"query":     "data.policy.violations",
-		"actions":   "confirm",
+		"policyPaths": dir,
+		"query":       "data.policy.violations",
+		"actions":     "confirm",
 	})
 	if err != nil {
 		t.Fatalf("New failed: %v", err)
@@ -458,9 +458,9 @@ violations contains "blocked" if { true }
 	dir := writePolicyDir(t, "test.rego", policy)
 
 	enforcer, err := New(map[string]string{
-		"policyDir": dir,
-		"query":     "data.policy.violations",
-		"enabled":   "false",
+		"policyPaths": dir,
+		"query":       "data.policy.violations",
+		"enabled":     "false",
 	})
 	if err != nil {
 		t.Fatalf("New failed: %v", err)
diff --git a/pkg/plugin/implementation/policyenforcer/evaluator.go b/pkg/plugin/implementation/policyenforcer/evaluator.go
index f6e4807..7905c6f 100644
--- a/pkg/plugin/implementation/policyenforcer/evaluator.go
+++ b/pkg/plugin/implementation/policyenforcer/evaluator.go
@@ -40,14 +40,14 @@ const maxPolicySize = 1 << 20
 
 // NewEvaluator creates an Evaluator by loading .rego files from local paths
 // and/or URLs, then compiling them. runtimeConfig is passed to Rego as data.config.
-func NewEvaluator(policyDir, policyFile string, policyUrls []string, query string, runtimeConfig map[string]string) (*Evaluator, error) {
+func NewEvaluator(policyPaths, policyFile string, policyUrls []string, query string, runtimeConfig map[string]string) (*Evaluator, error) {
 	modules := make(map[string]string)
 
 	// Load from local directory
-	if policyDir != "" {
-		entries, err := os.ReadDir(policyDir)
+	if policyPaths != "" {
+		entries, err := os.ReadDir(policyPaths)
 		if err != nil {
-			return nil, fmt.Errorf("failed to read policy directory %s: %w", policyDir, err)
+			return nil, fmt.Errorf("failed to read policy directory %s: %w", policyPaths, err)
 		}
 		for _, entry := range entries {
 			if entry.IsDir() {
@@ -60,7 +60,7 @@ func NewEvaluator(policyDir, policyFile string, policyUrls []string, query strin
 			if strings.HasSuffix(entry.Name(), "_test.rego") {
 				continue
 			}
-			fpath := filepath.Join(policyDir, entry.Name())
+			fpath := filepath.Join(policyPaths, entry.Name())
 			data, err := os.ReadFile(fpath)
 			if err != nil {
 				return nil, fmt.Errorf("failed to read policy file %s: %w", fpath, err)