Detect and Process Policy Files into SemConv Registry + Generic Diagnostic Reporting

Cargo.toml

@@ -38,6 +38,8 @@ ordered-float = { version = "4.2.0", features = ["serde"] }
 walkdir = "2.5.0"
 anyhow = "1.0.83"
 itertools = "0.12.1"
+globset = { version = "0.4.14", features = ["serde1"] }
+miette = { version = "7.2.0", features = ["fancy", "serde"] }
 
 # Features definition =========================================================
 [features]
@@ -67,6 +69,7 @@ serde.workspace = true
 serde_yaml.workspace = true
 serde_json.workspace = true
 walkdir.workspace = true
+
 rayon = "1.10.0"
 
 [profile.release]

crates/weaver_cache/Cargo.toml

@@ -23,4 +23,5 @@ gix = { version = "0.62.0", default-features = false, features = [
 ] }
 
 thiserror.workspace = true
+serde.workspace = true
 

crates/weaver_cache/allowed-external-types.toml

@@ -3,4 +3,5 @@
 # This is used with cargo-check-external-types to reduce the surface area of downstream crates from
 # the public API. Ideally this can have a few exceptions as possible.
 allowed_external_types = [
+    "serde::ser::Serialize",
 ]

crates/weaver_cache/src/lib.rs

@@ -17,10 +17,11 @@ use gix::clone::PrepareFetch;
 use gix::create::Kind;
 use gix::remote::fetch::Shallow;
 use gix::{create, open, progress};
+use serde::Serialize;
 use tempdir::TempDir;
 
 /// An error that can occur while creating or using a cache.
-#[derive(thiserror::Error, Debug)]
+#[derive(thiserror::Error, Debug, Serialize)]
 #[non_exhaustive]
 pub enum Error {
     /// Home directory not found.

crates/weaver_checker/Cargo.toml

@@ -20,6 +20,9 @@ thiserror.workspace = true
 serde.workspace = true
 serde_json.workspace = true
 serde_yaml.workspace = true
+walkdir.workspace = true
+globset.workspace = true
+miette.workspace = true
 
 regorus = { version = "0.1.4", default-features = false, features = [
     "arc",

crates/weaver_checker/allowed-external-types.toml

@@ -5,5 +5,6 @@
 allowed_external_types = [
     "serde::ser::Serialize",
     "serde::de::Deserialize",
-    "weaver_common::error::WeaverError"
+    "weaver_common::error::WeaverError",
+    "miette::protocol::Diagnostic",
 ]

crates/weaver_checker/data/policies/invalid_policies.rego

@@ -1,4 +1,4 @@
-package otel
+package before_resolution
 
 # Conventions for OTel:
 # - `data` holds the current released semconv, which is known to be valid.

crates/weaver_checker/data/policies/invalid_rego_file_1.rego

@@ -0,0 +1 @@
+This is not a rego file (use for test purposes only).

crates/weaver_checker/data/policies/invalid_rego_file_2.rego

@@ -0,0 +1 @@
+This is another invalid rego file! (use for test purposes only)

crates/weaver_checker/data/policies/invalid_violation_object.rego

@@ -1,4 +1,4 @@
-package otel
+package before_resolution
 
 # Conventions for OTel:
 # - `data` holds the current released semconv, which is known to be valid.

crates/weaver_checker/data/policies/otel_policies.rego

@@ -1,4 +1,4 @@
-package otel
+package before_resolution
 
 # Conventions for OTel:
 # - `data` holds the current released semconv, which is known to be valid.

crates/weaver_checker/data/registries/otel_policies.rego

@@ -0,0 +1,79 @@
+package before_resolution
+
+# Conventions for OTel:
+# - `data` holds the current released semconv, which is known to be valid.
+# - `input` holds the new candidate semconv version, whose validity is unknown.
+#
+# Note: `data` and `input` are predefined variables in Rego.
+
+# ========= Violation rules applied on unresolved semconv files =========
+
+# A registry `attribute_group` containing at least one `ref` attribute is
+# considered invalid.
+deny[attr_registry_violation("registry_with_ref_attr", group.id, attr.ref)] {
+    group := input.groups[_]
+    startswith(group.id, "registry.")
+    attr := group.attributes[_]
+    attr.ref != null
+}
+
+# An attribute whose stability is not `deprecated` but has the deprecated field
+# set to true is invalid.
+deny[attr_violation("attr_stability_deprecated", group.id, attr.id)] {
+    group := input.groups[_]
+    attr := group.attributes[_]
+    attr.stability != "deprecaded"
+    attr.deprecated
+}
+
+# An attribute cannot be removed from a group that has already been released.
+deny[schema_evolution_violation("attr_removed", old_group.id, old_attr.id)] {
+    old_group := data.groups[_]
+    old_attr := old_group.attributes[_]
+    not attr_exists_in_new_group(old_group.id, old_attr.id)
+}
+
+
+# ========= Helper functions =========
+
+# Check if an attribute from the old group exists in the new
+# group's attributes
+attr_exists_in_new_group(group_id, attr_id) {
+    new_group := input.groups[_]
+    new_group.id == group_id
+    attr := new_group.attributes[_]
+    attr.id == attr_id
+}
+
+# Build an attribute registry violation
+attr_registry_violation(violation_id, group_id, attr_id) = violation {
+    violation := {
+        "id": violation_id,
+        "type": "semconv_attribute",
+        "category": "attrigute_registry",
+        "group": group_id,
+        "attr": attr_id,
+    }
+}
+
+# Build an attribute violation
+attr_violation(violation_id, group_id, attr_id) = violation {
+    violation := {
+        "id": violation_id,
+        "type": "semconv_attribute",
+        "category": "attrigute",
+        "group": group_id,
+        "attr": attr_id,
+    }
+}
+
+# Build a schema evolution violation
+schema_evolution_violation(violation_id, group_id, attr_id) = violation {
+    violation := {
+        "id": violation_id,
+        "type": "semconv_attribute",
+        "category": "schema_evolution",
+        "group": group_id,
+        "attr": attr_id,
+    }
+}