Summary
Ship FileSystemSource as the first concrete ConfigSource, so policy reloads without a restart.
The hot-reload seam already exists: ConfigSource::watch() returns a stream, the evaluator rebuilds the compiled IR and swaps it via ArcSwap (in-flight requests finish on the old policy, new requests pick up the new one). But it's a trait with no shipped impl. Add a FileSystemSource backed by a notify-crate file watch as the reference implementation.
User Story 1
- As an: operator running CPEX
- I want: policy changes picked up from disk without restarting
- So that: I can update rules in production with no downtime
Acceptance Criteria
Scenario: Edited policy file is reloaded
Given a FileSystemSource watching a policy file
When the file is edited on disk
Then the evaluator rebuilds the IR and swaps it atomically
Scenario: In-flight requests are unaffected
Given a request is mid-evaluation when a reload occurs
When the swap happens
Then that request finishes on the old policy
And subsequent requests use the new policy
Scenario: Invalid policy file does not break serving
Given a FileSystemSource watching a policy file
When the file is edited to an invalid policy
Then the swap is rejected and the previous policy stays active
Additional Context
Scoped in the Praxis epic #678 alignment work (policy evaluation engine, praxis sub-issue #681). The ConfigSource::watch() seam exists today; this is the first concrete impl.
Summary
Ship
FileSystemSourceas the first concreteConfigSource, so policy reloads without a restart.The hot-reload seam already exists:
ConfigSource::watch()returns a stream, the evaluator rebuilds the compiled IR and swaps it viaArcSwap(in-flight requests finish on the old policy, new requests pick up the new one). But it's a trait with no shipped impl. Add aFileSystemSourcebacked by a notify-crate file watch as the reference implementation.User Story 1
Acceptance Criteria
Additional Context
Scoped in the Praxis epic #678 alignment work (policy evaluation engine, praxis sub-issue #681). The
ConfigSource::watch()seam exists today; this is the first concrete impl.