buildExplainContext builds the context string for AI explanation.
(rvals []interface{}, result bool, matchedRules []string)
| 95 | |
| 96 | // buildExplainContext builds the context string for AI explanation. |
| 97 | func (e *Enforcer) buildExplainContext(rvals []interface{}, result bool, matchedRules []string) string { |
| 98 | var sb strings.Builder |
| 99 | |
| 100 | // Add request information |
| 101 | sb.WriteString("Authorization Request:\n") |
| 102 | sb.WriteString(fmt.Sprintf("Subject: %v\n", rvals[0])) |
| 103 | if len(rvals) > 1 { |
| 104 | sb.WriteString(fmt.Sprintf("Object: %v\n", rvals[1])) |
| 105 | } |
| 106 | if len(rvals) > 2 { |
| 107 | sb.WriteString(fmt.Sprintf("Action: %v\n", rvals[2])) |
| 108 | } |
| 109 | sb.WriteString(fmt.Sprintf("\nEnforcement Result: %v\n", result)) |
| 110 | |
| 111 | // Add matched rules |
| 112 | if len(matchedRules) > 0 { |
| 113 | sb.WriteString("\nMatched Policy Rules:\n") |
| 114 | for _, rule := range matchedRules { |
| 115 | sb.WriteString(fmt.Sprintf("- %s\n", rule)) |
| 116 | } |
| 117 | } else { |
| 118 | sb.WriteString("\nNo policy rules matched.\n") |
| 119 | } |
| 120 | |
| 121 | // Add model information |
| 122 | sb.WriteString("\nAccess Control Model:\n") |
| 123 | if m, ok := e.model["m"]; ok { |
| 124 | for key, ast := range m { |
| 125 | sb.WriteString(fmt.Sprintf("Matcher (%s): %s\n", key, ast.Value)) |
| 126 | } |
| 127 | } |
| 128 | if eff, ok := e.model["e"]; ok { |
| 129 | for key, ast := range eff { |
| 130 | sb.WriteString(fmt.Sprintf("Effect (%s): %s\n", key, ast.Value)) |
| 131 | } |
| 132 | } |
| 133 | |
| 134 | // Add all policies |
| 135 | policies, _ := e.GetPolicy() |
| 136 | if len(policies) > 0 { |
| 137 | sb.WriteString("\nAll Policy Rules:\n") |
| 138 | for _, policy := range policies { |
| 139 | sb.WriteString(fmt.Sprintf("- %s\n", strings.Join(policy, ", "))) |
| 140 | } |
| 141 | } |
| 142 | |
| 143 | return sb.String() |
| 144 | } |
| 145 | |
| 146 | // callAIAPI calls the configured AI API to get an explanation. |
| 147 | func (e *Enforcer) callAIAPI(explainContext string) (string, error) { |