adding decode_unchecked API and refactoring validation#2387
Merged
Conversation
victornicolet
force-pushed
the
victornicolet/protobuf-decode-unchecked
branch
from
3060df4 to
d8eacec
Compare
Signed-off-by: Victor Nicolet <victornl@amazon.com>
Signed-off-by: Victor Nicolet <victornl@amazon.com>
Signed-off-by: Victor Nicolet <victornl@amazon.com>
victornicolet
force-pushed
the
victornicolet/protobuf-decode-unchecked
branch
from
d8eacec to
8c5348b
Compare
Signed-off-by: Victor Nicolet <victornl@amazon.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces an unchecked protobuf decoding API (decode_unchecked) across protobuf-backed public types, and refactors protobuf decoding so that structural validation is performed in a single, more explicit place (the checked decode path), while allowing callers to opt out of validation for trusted/round-tripped data.
Changes:
- Adds
decode_uncheckedto the protobuf decoding interface and centralizes validation in the defaultdecodeimplementation. - Refactors proto model ↔ core/API conversions to avoid performing validation during
TryFrom, enabling truly unchecked decoding. - Updates protobuf decoding behavior for
Entitiesto optionally skip transitive-closure computation on the unchecked path and adds roundtrip tests fordecode_unchecked.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| cedar-policy/src/proto/validator.rs | Stops validating during schema model→core conversion to defer validation to the checked decode path. |
| cedar-policy/src/proto/traits.rs | Introduces TryValidate and refactors Protobuf::decode to validate the decoded value; adds decode_unchecked. |
| cedar-policy/src/proto/policy.rs | Removes validation from proto→AST conversions for templates/policy sets to support unchecked decoding. |
| cedar-policy/src/proto/entities.rs | Factors out entities model conversion with configurable transitive-closure mode (and updates docs). |
| cedar-policy/src/proto/ast.rs | Removes validation from proto→AST entity/expression conversion so checked decoding can own validation. |
| cedar-policy/src/proto/api.rs | Updates Protobuf impls to provide decode_unchecked, adds special handling for Entities, and adds tests. |
| cedar-policy/CHANGELOG.md | Notes the behavior change and introduces decode_unchecked in the unreleased changelog entry. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Victor Nicolet <victornl@amazon.com>
This comment was marked as outdated.
This comment was marked as outdated.
Coverage ReportHead Commit: Base Commit: Download the full coverage report. Coverage of Added or Modified Lines of Rust CodeRequired coverage: 80.00% Actual coverage: 86.84% Status: PASSED ✅ Details
Coverage of All Lines of Rust CodeRequired coverage: 80.00% Actual coverage: 87.87% Status: PASSED ✅ Details
|
john-h-kastner-aws
approved these changes
Jun 9, 2026
lianah
approved these changes
Jun 12, 2026
Signed-off-by: Victor Nicolet <victornl@amazon.com>
lianah
approved these changes
Jun 12, 2026
Coverage ReportHead Commit: Base Commit: Download the full coverage report. Coverage of Added or Modified Lines of Rust CodeRequired coverage: 80.00% Actual coverage: 86.67% Status: PASSED ✅ Details
Coverage of All Lines of Rust CodeRequired coverage: 80.00% Actual coverage: 87.90% Status: PASSED ✅ Details
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of changes
Adds a new
<target type>::decode_uncheckedAPI toprotobufimplems, with a refactoring of where the validation occurs to make it more obvious.This makes a "breaking change" on the experimental
protobufsfeature by sealing theProtobuftrait (and adding methods). As we stabilize this, I think it's a good idea, in order to allow adding methods in the future without breaking.Checklist for requesting a review
The change in this PR is (choose one, and delete the other options):
cedar-policy(e.g., addition of a new API).I confirm that this PR (choose one, and delete the other options):
I confirm that
cedar-spec(choose one, and delete the other options):I confirm that
docs.cedarpolicy.com(choose one, and delete the other options):