[P2.1-T05] Implement mode-based action execution #42
Description
Task: Implement mode-based action execution
Phase: 2.1 - Core Governance
Estimated: 1 day
File: cch_cli/src/hooks/actions.rs
Depends on: P2.1-T03
Description
Update action execution to respect rule mode (enforce/warn/audit).
Acceptance Criteria
- Update
execute_actionto check rule mode -
Enforce: Current behavior (block/inject/run) -
Warn: Never block, inject warning message instead -
Audit: Skip action, log only - Create warning context injection for warn mode
- Add integration tests for each mode
Mode Behavior Matrix
| Mode | Blocks? | Injects? | Logs? |
|---|---|---|---|
| enforce | Yes | Yes | Yes |
| warn | No | Warning only | Yes |
| audit | No | No | Yes |
Code Reference
fn execute_action(rule: &Rule, action: &Action, event: &Event) -> ActionResult {
let mode = rule.mode.unwrap_or_default();
match mode {
PolicyMode::Enforce => execute_action_impl(action, event),
PolicyMode::Warn => {
if action.is_block() {
ActionResult::Warning(format!("Rule '{}' would block: {}", rule.name, action.reason()))
} else {
execute_action_impl(action, event)
}
}
PolicyMode::Audit => ActionResult::Audited,
}
}