Remove Action type from rules package, simplify to boolean logic

- Remove Action enum (Allow/Deny) from rules package
- Update rules engine to return bool instead of Action
- Update EvaluationResult to use Allowed bool field
- Update audit package to use boolean logic instead of Action
- Update proxy to use boolean conditions (!result.Allowed)
- Update all tests to use true/false instead of Allow/Deny
- Remove unnecessary dependencies between packages

Simplifies codebase by using intuitive boolean logic throughout

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>

Author: f0ssel

audit/audit.go

@@ -3,17 +3,15 @@ package audit
 import (
 	"log/slog"
 	"net/http"
-
-	"github.com/coder/jail/rules"
 )
 
 // Request represents information about an HTTP request for auditing
 type Request struct {
-	Method string
-	URL    string
-	Action rules.Action
-	Rule   string // The rule that matched (if any)
-	Reason string // Reason for the action (e.g., "no matching allow rules")
+	Method  string
+	URL     string
+	Allowed bool
+	Rule    string // The rule that matched (if any)
+	Reason  string // Reason for the action (e.g., "no matching allow rules")
 }
 
 // Auditor handles audit logging for HTTP requests
@@ -36,13 +34,12 @@ func NewLoggingAuditor(logger *slog.Logger) *LoggingAuditor {
 
 // AuditRequest logs the request using structured logging
 func (a *LoggingAuditor) AuditRequest(req *Request) {
-	switch req.Action {
-	case rules.Allow:
+	if req.Allowed {
 		a.logger.Info("ALLOW", 
 			"method", req.Method, 
 			"url", req.URL, 
 			"rule", req.Rule)
-	case rules.Deny:
+	} else {
 		a.logger.Warn("DENY", 
 			"method", req.Method, 
 			"url", req.URL, 

audit/audit_test.go

@@ -4,8 +4,6 @@ import (
 	"log/slog"
 	"net/http"
 	"testing"
-
-	"github.com/coder/jail/rules"
 )
 
 func TestLoggingAuditor(t *testing.T) {
@@ -23,19 +21,19 @@ func TestLoggingAuditor(t *testing.T) {
 		{
 			name: "allow request",
 			request: &Request{
-				Method: "GET",
-				URL:    "https://github.com",
-				Action: rules.Allow,
-				Rule:   "allow github.com",
+				Method:  "GET",
+				URL:     "https://github.com",
+				Allowed: true,
+				Rule:    "allow github.com",
 			},
 		},
 		{
 			name: "deny request",
 			request: &Request{
-				Method: "POST",
-				URL:    "https://example.com",
-				Action: rules.Deny,
-				Reason: "no matching allow rules",
+				Method:  "POST",
+				URL:     "https://example.com",
+				Allowed: false,
+				Reason:  "no matching allow rules",
 			},
 		},
 	}

proxy/proxy.go

@@ -110,11 +110,11 @@ func (p *ProxyServer) handleHTTP(w http.ResponseWriter, r *http.Request) {
 
 	// Audit the request
 	auditReq := audit.HTTPRequestToAuditRequest(r)
-	auditReq.Action = result.Action
+	auditReq.Allowed = result.Allowed
 	auditReq.Rule = result.Rule
 	p.auditRequest(auditReq)
 
-	if result.Action == rules.Deny {
+	if !result.Allowed {
 		p.writeBlockedResponse(w, r)
 		return
 	}
@@ -136,14 +136,14 @@ func (p *ProxyServer) handleHTTPS(w http.ResponseWriter, r *http.Request) {
 
 	// Audit the request
 	auditReq := &audit.Request{
-		Method: r.Method,
-		URL:    fullURL,
-		Action: result.Action,
-		Rule:   result.Rule,
+		Method:  r.Method,
+		URL:     fullURL,
+		Allowed: result.Allowed,
+		Rule:    result.Rule,
 	}
 	p.auditRequest(auditReq)
 
-	if result.Action == rules.Deny {
+	if !result.Allowed {
 		p.writeBlockedResponse(w, r)
 		return
 	}
@@ -292,7 +292,7 @@ For more help: https://github.com/coder/jail
 
 // auditRequest handles auditing of requests
 func (p *ProxyServer) auditRequest(req *audit.Request) {
-	if req.Action == rules.Deny {
+	if !req.Allowed {
 		req.Reason = "no matching allow rules"
 	}
 	p.auditor.AuditRequest(req)

rules/rules.go

@@ -6,22 +6,6 @@ import (
 	"strings"
 )
 
-// Action represents whether to allow a request
-type Action int
-
-const (
-	Allow Action = iota
-	Deny  // Default deny when no allow rules match
-)
-
-func (a Action) String() string {
-	switch a {
-	case Allow:
-		return "ALLOW"
-	default:
-		return "DENY"
-	}
-}
 
 // Rule represents an allow rule with optional HTTP method restrictions
 type Rule struct {
@@ -139,39 +123,39 @@ func NewRuleEngine(rules []*Rule, logger *slog.Logger) *RuleEngine {
 
 // EvaluationResult contains the result of rule evaluation
 type EvaluationResult struct {
-	Action Action
-	Rule   string // The rule that matched (if any)
+	Allowed bool
+	Rule    string // The rule that matched (if any)
 }
 
-// Evaluate evaluates a request against all allow rules and returns the action to take
-func (re *RuleEngine) Evaluate(method, url string) Action {
+// Evaluate evaluates a request against all allow rules and returns true if allowed
+func (re *RuleEngine) Evaluate(method, url string) bool {
 	// Check if any allow rule matches
 	for _, rule := range re.rules {
 		if rule.Matches(method, url) {
-			return Allow
+			return true
 		}
 	}
 
 	// Default deny if no allow rules match
-	return Deny
+	return false
 }
 
-// EvaluateWithRule evaluates a request and returns both action and matching rule
+// EvaluateWithRule evaluates a request and returns both result and matching rule
 func (re *RuleEngine) EvaluateWithRule(method, url string) EvaluationResult {
 	// Check if any allow rule matches
 	for _, rule := range re.rules {
 		if rule.Matches(method, url) {
 			return EvaluationResult{
-				Action: Allow,
-				Rule:   rule.Raw,
+				Allowed: true,
+				Rule:    rule.Raw,
 			}
 		}
 	}
 
 	// Default deny if no allow rules match
 	return EvaluationResult{
-		Action: Deny,
-		Rule:   "",
+		Allowed: false,
+		Rule:    "",
 	}
 }
 

rules/rules_test.go

@@ -240,12 +240,12 @@ func TestRuleEngine(t *testing.T) {
 		name     string
 		method   string
 		url      string
-		expected Action
+		expected bool
 	}{
-		{"allow github", "GET", "https://github.com/user/repo", Allow},
-		{"allow api GET", "GET", "https://api.example.com", Allow},
-		{"deny api POST", "POST", "https://api.example.com", Deny},
-		{"deny other", "GET", "https://example.com", Deny},
+		{"allow github", "GET", "https://github.com/user/repo", true},
+		{"allow api GET", "GET", "https://api.example.com", true},
+		{"deny api POST", "POST", "https://api.example.com", false},
+		{"deny other", "GET", "https://example.com", false},
 	}
 
 	for _, tt := range tests {
@@ -275,13 +275,13 @@ func TestRuleEngineWildcardRules(t *testing.T) {
 		name     string
 		method   string
 		url      string
-		expected Action
+		expected bool
 	}{
-		{"allow github", "GET", "https://github.com", Allow},
-		{"allow github subdomain", "POST", "https://github.io", Allow},
-		{"allow api GET", "GET", "https://api.example.com", Allow},
-		{"deny api POST", "POST", "https://api.example.com", Deny},
-		{"deny unmatched", "GET", "https://example.org", Deny},
+		{"allow github", "GET", "https://github.com", true},
+		{"allow github subdomain", "POST", "https://github.io", true},
+		{"allow api GET", "GET", "https://api.example.com", true},
+		{"deny api POST", "POST", "https://api.example.com", false},
+		{"deny unmatched", "GET", "https://example.org", false},
 	}
 
 	for _, tt := range tests {