Skip to content

fix(dotnet): support numeric equality and inequality in PolicyRule.EvaluateAtomic#3236

Open
DhineshPonnarasan wants to merge 2 commits into
microsoft:mainfrom
DhineshPonnarasan:fix/3205-dotnet-numeric-equality
Open

fix(dotnet): support numeric equality and inequality in PolicyRule.EvaluateAtomic#3236
DhineshPonnarasan wants to merge 2 commits into
microsoft:mainfrom
DhineshPonnarasan:fix/3205-dotnet-numeric-equality

Conversation

@DhineshPonnarasan

@DhineshPonnarasan DhineshPonnarasan commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Summary

Resolves #3205.

The .NET PolicyRule.EvaluateAtomic previously required the right-hand side of == / != to be a quoted string literal, so numeric forms such as count == 5, count != 6, score == 3.14, and temperature == -5 always fell through to false even when the value matched. Only the ordered comparisons (>, >=, <, <=) accepted numeric literals.

Approach

Two new sibling regex patterns (NumericEqualityPattern and NumericInequalityPattern) and two matching evaluation branches in EvaluateAtomic, placed between the string-inequality branch and the ordered-numeric branch so the existing operator precedence reads cleanly.

The new branches:

  • Reuse ResolveField (so dot-notation keeps working through ResolveField's nested-walk + flat-fallback behaviour)
  • Reuse the same 2-arg double.TryParse overload already used by NumericComparisonPattern, so they parse identically and inherit the same culture conventions as the existing branch

Regex shape is -?\d+(?:\.\d+)? — matches the existing ordered-comparison branch's fragment and adds an optional leading sign for negative literals (required by the issue's positive-case matrix).

Scope discipline

  • BooleanEqualityPattern (field == true|false, supported by the TypeScript SDK) is deliberately not added in this PR. Same operator surface as the existing BooleanFieldPattern truthy check; will file a follow-up.
  • The same defect exists in agent-governance-python/agent-mesh/src/agentmesh/governance/policy.py (and the near-duplicate in federation.py). Out of scope for this .NET-only PR; will file follow-up parity issues.
  • The NumericComparisonPattern branch's culture-parsing behaviour is unchanged. All three numeric branches now parse identically, which is what the issue explicitly required (consistency with existing numeric comparison operators).

Tests

14 new [Fact] methods in PolicyRuleTests.cs, mirroring the existing naming convention (Evaluate_<Concern>_<Scenario>):

  • Positive: integer, decimal, negative, zero
  • Positive: numeric inequality (integer, negative)
  • Negative: wrong integer, wrong decimal, missing field, non-parseable string ("five")
  • Compound: count == 5 and risk < 0.5; count != 5 or count == 5
  • Dot-notation: data.count == 5
  • Regression: ordered comparison (count >= 'high') still cleanly returns false without throwing

All 14 new tests pass. All 778 pre-existing tests in the AgentGovernance solution remain green (792/792 total).


Hi @imran-siddique, Could you please review this whenever you have some time, I'd really appreciate your feedback.
Thanks in advance!

…aluateAtomic

PolicyRule.EvaluateAtomic previously only matched quoted string literals in
the equality and inequality branches, so numeric forms like count == 5,
count != 6, score == 3.14, and temperature == -5 always fell through to
false even when the value matched.

Add two sibling regex patterns (NumericEqualityPattern and
NumericInequalityPattern) using the same (-?\d+(?:\.\d+)?) numeric shape
as the existing ordered-comparison branch, and two corresponding
evaluation branches placed between the string inequality and the ordered
numeric branches in EvaluateAtomic. The new branches reuse ResolveField
and the same double.TryParse path already used by NumericComparisonPattern
so they parse identically.

Closes microsoft#3205

Signed-off-by: Dhinesh Ponnarasan <dhineshponnarasan@gmail.com>
@github-actions github-actions Bot added tests size/L Large PR (< 500 lines) labels Jun 30, 2026
@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown
🤖 AI Agent: breaking-change-detector — API Compatibility

AI-generated review output. Treat it as untrusted analysis and verify before acting.

API Compatibility

Severity Change Impact
High Added new regex patterns (NumericEqualityPattern and NumericInequalityPattern) and corresponding evaluation branches in PolicyRule.EvaluateAtomic. Existing behavior of PolicyRule.EvaluateAtomic may change if previously unsupported numeric equality/inequality expressions (e.g., count == 5, count != 6) were used in conditions. These expressions now return results instead of always evaluating to false. This could affect existing applications relying on the previous behavior.

@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown
🤖 AI Agent: code-reviewer — View details

AI-generated review output. Treat it as untrusted analysis and verify before acting.

TL;DR: 0 blockers, 1 warning. The PR improves numeric equality and inequality handling in PolicyRule.EvaluateAtomic for .NET, but similar issues in Python code are deferred to future work.

# Sev Issue Where
1 Warn Similar numeric equality/inequality issues exist in Python code but are deferred. agent-governance-python/agent-mesh/src/agentmesh/governance/policy.py and federation.py

Action items:

  1. None.

Warnings:

# Issue Where
1 Similar numeric equality/inequality issues exist in Python code but are deferred. agent-governance-python/agent-mesh/src/agentmesh/governance/policy.py and federation.py (fine as follow-up PRs)

@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown
🤖 AI Agent: test-generator — View details

AI-generated review output. Treat it as untrusted analysis and verify before acting.

Test coverage looks good. No gaps identified.

@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown
🤖 AI Agent: docs-sync-checker — Docs Sync

AI-generated review output. Treat it as untrusted analysis and verify before acting.

Docs Sync

  • EvaluateAtomic() in PolicyRule.cs -- missing docstring
  • README.md -- no updates detected, but confirm if the new numeric equality/inequality behavior should be documented.
  • CHANGELOG.md -- missing entry for the new numeric equality/inequality support in PolicyRule.EvaluateAtomic.

@github-actions

github-actions Bot commented Jun 30, 2026

Copy link
Copy Markdown
🤖 AI Agent: security-scanner — View details

AI-generated review output. Treat it as untrusted analysis and verify before acting.

No security issues found.

@github-actions

Copy link
Copy Markdown

PR Review Summary

Check Status Details
🔍 Code Review ⚠️ Missing No current-run comment
🛡️ Security Scan ⚠️ Missing No current-run comment
🔄 Breaking Changes ⚠️ Missing No current-run comment
📝 Docs Sync ⚠️ Missing No current-run comment
🧪 Test Coverage ⚠️ Missing No current-run comment

Verdict: ⚠️ AI review incomplete; ready for human review

AI review comments are untrusted advisory output. The summary reports workflow-generated completion status only, not model-authored pass/fail claims.

@github-actions

Copy link
Copy Markdown

🟡 Contributor Check: MEDIUM

Check Result
Profile MEDIUM
Credential LOW
Overall MEDIUM

Automated check by AGT Contributor Check.

@github-actions github-actions Bot added the needs-review:MEDIUM Contributor check flagged MEDIUM risk label Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

needs-review:MEDIUM Contributor check flagged MEDIUM risk size/L Large PR (< 500 lines) tests

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Bug]: .NET PolicyRule.EvaluateAtomic does not support numeric equality (==) and inequality (!=)

2 participants