Merge branch 'policy-refactor'

Author: thisisalexandercook

checker/src/main/java/io/github/eisop/runtimeframework/checker/nullness/NullnessRuntimeChecker.java

@@ -3,10 +3,9 @@
 import io.github.eisop.runtimeframework.core.RuntimeChecker;
 import io.github.eisop.runtimeframework.core.TypeSystemConfiguration;
 import io.github.eisop.runtimeframework.core.ValidationKind;
-import io.github.eisop.runtimeframework.filter.ClassInfo;
-import io.github.eisop.runtimeframework.filter.Filter;
 import io.github.eisop.runtimeframework.instrumentation.EnforcementInstrumenter;
 import io.github.eisop.runtimeframework.instrumentation.RuntimeInstrumenter;
+import io.github.eisop.runtimeframework.policy.RuntimePolicy;
 import io.github.eisop.runtimeframework.resolution.BytecodeHierarchyResolver;
 import io.github.eisop.runtimeframework.resolution.HierarchyResolver;
 import io.github.eisop.runtimeframework.strategy.InstrumentationStrategy;
@@ -21,7 +20,7 @@ public String getName() {
   }
 
   @Override
-  public RuntimeInstrumenter getInstrumenter(Filter<ClassInfo> filter) {
+  public RuntimeInstrumenter getInstrumenter(RuntimePolicy policy) {
     NullnessCheckGenerator verifier = new NullnessCheckGenerator();
 
     TypeSystemConfiguration config =
@@ -30,12 +29,10 @@ public RuntimeInstrumenter getInstrumenter(Filter<ClassInfo> filter) {
             .onNoop(Nullable.class)
             .withDefault(ValidationKind.ENFORCE, verifier);
 
-    InstrumentationStrategy strategy = createStrategy(config, filter);
+    InstrumentationStrategy strategy = createStrategy(config, policy);
 
-    HierarchyResolver resolver =
-        new BytecodeHierarchyResolver(
-            className -> filter.test(new ClassInfo(className.replace('.', '/'), null, null)));
+    HierarchyResolver resolver = new BytecodeHierarchyResolver(info -> policy.isChecked(info));
 
-    return new EnforcementInstrumenter(strategy, resolver, filter);
+    return new EnforcementInstrumenter(strategy, resolver);
   }
 }

framework/build.gradle

@@ -2,6 +2,12 @@ plugins {
     id 'java'
 }
 
+dependencies {
+    testImplementation platform('org.junit:junit-bom:6.0.2')
+    testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
+    testImplementation 'org.junit.jupiter:junit-jupiter'
+}
+
 jar {
     manifest {
         attributes(

framework/src/main/java/io/github/eisop/runtimeframework/agent/RuntimeAgent.java

@@ -5,6 +5,8 @@
 import io.github.eisop.runtimeframework.filter.ClassListFilter;
 import io.github.eisop.runtimeframework.filter.Filter;
 import io.github.eisop.runtimeframework.filter.FrameworkSafetyFilter;
+import io.github.eisop.runtimeframework.policy.DefaultRuntimePolicy;
+import io.github.eisop.runtimeframework.policy.RuntimePolicy;
 import io.github.eisop.runtimeframework.runtime.RuntimeVerifier;
 import io.github.eisop.runtimeframework.runtime.ViolationHandler;
 import java.lang.instrument.Instrumentation;
@@ -14,42 +16,14 @@ public final class RuntimeAgent {
 
   public static void premain(String args, Instrumentation inst) {
     Filter<ClassInfo> safeFilter = new FrameworkSafetyFilter();
-    Filter<ClassInfo> strategyFilter = safeFilter;
 
     String checkedClasses = System.getProperty("runtime.classes");
     boolean isGlobalMode = Boolean.getBoolean("runtime.global");
     boolean trustAnnotatedFor = Boolean.getBoolean("runtime.trustAnnotatedFor");
-
-    if (checkedClasses != null && !checkedClasses.isBlank()) {
-      System.out.println("[RuntimeAgent] Checked Scope restricted to: " + checkedClasses);
-      Filter<ClassInfo> listFilter = new ClassListFilter(Arrays.asList(checkedClasses.split(",")));
-      strategyFilter = info -> safeFilter.test(info) && listFilter.test(info);
-    } else if (trustAnnotatedFor) {
-      strategyFilter = info -> false;
-    }
-
-    Filter<ClassInfo> scanFilter = strategyFilter;
-    boolean scanAll = false;
-
-    if (trustAnnotatedFor) {
-      System.out.println(
-          "[RuntimeAgent] Auto-Discovery Enabled. Scanning all safe classes for annotations.");
-      scanAll = true;
-    }
-
-    if (isGlobalMode) {
-      System.out.println(
-          "[RuntimeAgent] Global Mode ENABLED. Scanning all safe classes for external writes.");
-      scanAll = true;
-    }
-
-    if (checkedClasses == null && !trustAnnotatedFor) {
-      scanAll = true;
-    }
-
-    if (scanAll) {
-      scanFilter = safeFilter;
-    }
+    Filter<ClassInfo> checkedScopeFilter =
+        (checkedClasses != null && !checkedClasses.isBlank())
+            ? new ClassListFilter(Arrays.asList(checkedClasses.split(",")))
+            : Filter.rejectAll();
 
     // 3. Configure Violation Handler
     String handlerClassName = System.getProperty("runtime.handler");
@@ -83,9 +57,18 @@ public static void premain(String args, Instrumentation inst) {
       return;
     }
 
-    inst.addTransformer(
-        new RuntimeTransformer(
-            scanFilter, strategyFilter, checker, trustAnnotatedFor, isGlobalMode),
-        false);
+    RuntimePolicy policy =
+        new DefaultRuntimePolicy(
+            safeFilter, checkedScopeFilter, isGlobalMode, trustAnnotatedFor, checker.getName());
+
+    System.out.println("[RuntimeAgent] Policy mode: " + (isGlobalMode ? "GLOBAL" : "STANDARD"));
+    if (checkedClasses != null && !checkedClasses.isBlank()) {
+      System.out.println("[RuntimeAgent] Checked scope list: " + checkedClasses);
+    }
+    if (trustAnnotatedFor) {
+      System.out.println("[RuntimeAgent] Checked scope includes @AnnotatedFor classes.");
+    }
+
+    inst.addTransformer(new RuntimeTransformer(policy, checker), false);
   }
 }

framework/src/main/java/io/github/eisop/runtimeframework/agent/RuntimeTransformer.java

@@ -1,36 +1,23 @@
 package io.github.eisop.runtimeframework.agent;
 
 import io.github.eisop.runtimeframework.core.RuntimeChecker;
-import io.github.eisop.runtimeframework.filter.AnnotatedForFilter;
 import io.github.eisop.runtimeframework.filter.ClassInfo;
-import io.github.eisop.runtimeframework.filter.Filter;
 import io.github.eisop.runtimeframework.instrumentation.RuntimeInstrumenter;
+import io.github.eisop.runtimeframework.policy.ClassClassification;
+import io.github.eisop.runtimeframework.policy.RuntimePolicy;
 import java.lang.classfile.ClassFile;
 import java.lang.classfile.ClassModel;
 import java.lang.instrument.ClassFileTransformer;
 import java.security.ProtectionDomain;
 
 public class RuntimeTransformer implements ClassFileTransformer {
 
-  private final Filter<ClassInfo> scanFilter;
-  private final Filter<ClassInfo> strategyFilter;
-  private final RuntimeChecker checker;
-  private final boolean trustAnnotatedFor;
-  private final boolean isGlobalMode;
-  private final AnnotatedForFilter annotatedForFilter;
+  private final RuntimePolicy policy;
+  private final RuntimeInstrumenter instrumenter;
 
-  public RuntimeTransformer(
-      Filter<ClassInfo> scanFilter,
-      Filter<ClassInfo> strategyFilter,
-      RuntimeChecker checker,
-      boolean trustAnnotatedFor,
-      boolean isGlobalMode) {
-    this.scanFilter = scanFilter;
-    this.strategyFilter = strategyFilter;
-    this.checker = checker;
-    this.trustAnnotatedFor = trustAnnotatedFor;
-    this.isGlobalMode = isGlobalMode;
-    this.annotatedForFilter = trustAnnotatedFor ? new AnnotatedForFilter(checker.getName()) : null;
+  public RuntimeTransformer(RuntimePolicy policy, RuntimeChecker checker) {
+    this.policy = policy;
+    this.instrumenter = checker.getInstrumenter(policy);
   }
 
   @Override
@@ -42,63 +29,24 @@ public byte[] transform(
       ProtectionDomain protectionDomain,
       byte[] classfileBuffer) {
 
-    if (className != null
-        && (className.startsWith("java/")
-            || className.startsWith("sun/")
-            || className.startsWith("jdk/")
-            || className.startsWith("org/gradle"))) {
+    if (className == null) {
       return null;
     }
 
     ClassInfo info = new ClassInfo(className, loader, module);
 
-    if (!scanFilter.test(info)) {
-      return null;
-    }
-
-    System.out.println("[RuntimeFramework] Processing: " + className);
-
     try {
       ClassFile cf = ClassFile.of();
       ClassModel classModel = cf.parse(classfileBuffer);
+      ClassClassification classification = policy.classify(info, classModel);
 
-      boolean isChecked = strategyFilter.test(info);
-
-      if (!isChecked && trustAnnotatedFor && annotatedForFilter != null) {
-        if (annotatedForFilter.test(classModel, loader)) {
-          System.out.println(
-              "[RuntimeFramework] Auto-detected Checked Class/Package: " + className);
-          isChecked = true;
-        }
-      }
-
-      if (!isChecked && !isGlobalMode) {
+      if (classification == ClassClassification.SKIP) {
         return null;
       }
 
-      boolean finalIsChecked = isChecked;
-      Filter<ClassInfo> dynamicFilter =
-          ctx -> {
-            ClassLoader effectiveLoader = ctx.loader();
-            if (effectiveLoader == null) {
-              effectiveLoader = loader;
-            }
-            ClassInfo effectiveCtx =
-                new ClassInfo(ctx.internalName(), effectiveLoader, ctx.module());
-
-            if (effectiveCtx.internalName().equals(className)) {
-              return finalIsChecked;
-            }
-            if (trustAnnotatedFor
-                && annotatedForFilter != null
-                && annotatedForFilter.test(effectiveCtx)) {
-              return true;
-            }
-            return strategyFilter.test(effectiveCtx);
-          };
-
-      RuntimeInstrumenter instrumenter = checker.getInstrumenter(dynamicFilter);
-      return cf.transformClass(classModel, instrumenter.asClassTransform(classModel, loader));
+      boolean isCheckedScope = classification == ClassClassification.CHECKED;
+      return cf.transformClass(
+          classModel, instrumenter.asClassTransform(classModel, loader, isCheckedScope));
 
     } catch (Throwable t) {
       System.err.println("[RuntimeFramework] CRASH transforming: " + className);

framework/src/main/java/io/github/eisop/runtimeframework/core/RuntimeChecker.java

@@ -1,11 +1,9 @@
 package io.github.eisop.runtimeframework.core;
 
-import io.github.eisop.runtimeframework.filter.ClassInfo;
-import io.github.eisop.runtimeframework.filter.Filter;
 import io.github.eisop.runtimeframework.instrumentation.RuntimeInstrumenter;
+import io.github.eisop.runtimeframework.policy.RuntimePolicy;
 import io.github.eisop.runtimeframework.strategy.BoundaryStrategy;
 import io.github.eisop.runtimeframework.strategy.InstrumentationStrategy;
-import io.github.eisop.runtimeframework.strategy.StrictBoundaryStrategy;
 
 /**
  * Represents a specific type system or check to be enforced (e.g., Nullness, Immutability). This
@@ -19,29 +17,19 @@ public abstract class RuntimeChecker {
   /**
    * Creates or returns the instrumenter that injects this checker's logic.
    *
-   * @param filter The safety filter currently active in the Agent. The instrumenter should use this
-   *     to determine boundary checks (Checked vs Unchecked).
+   * @param policy The active runtime policy that classifies checked/unchecked scope.
    */
-  public abstract RuntimeInstrumenter getInstrumenter(Filter<ClassInfo> filter);
+  public abstract RuntimeInstrumenter getInstrumenter(RuntimePolicy policy);
 
   /**
-   * Helper method to create the appropriate InstrumentationStrategy based on the framework's
-   * configuration (e.g., -Druntime.global=true).
-   *
-   * <p>Subclasses should use this instead of manually checking system properties.
+   * Helper method to create the instrumentation strategy based on the active policy.
    *
    * @param config The TypeSystemConfiguration for this checker.
-   * @param filter The filter defining the boundary between Checked and Unchecked code.
-   * @return A configured InstrumentationStrategy (Standard or Global).
+   * @param policy The active runtime policy.
+   * @return A configured InstrumentationStrategy.
    */
   protected InstrumentationStrategy createStrategy(
-      TypeSystemConfiguration config, Filter<ClassInfo> filter) {
-
-    boolean isGlobalMode = Boolean.getBoolean("runtime.global");
-    if (isGlobalMode) {
-      return new StrictBoundaryStrategy(config, filter);
-    } else {
-      return new BoundaryStrategy(config, filter);
-    }
+      TypeSystemConfiguration config, RuntimePolicy policy) {
+    return new BoundaryStrategy(config, policy);
   }
 }

framework/src/main/java/io/github/eisop/runtimeframework/filter/AnnotatedForFilter.java

@@ -22,7 +22,7 @@
 public class AnnotatedForFilter implements Filter<ClassInfo> {
 
   private final String targetSystem;
-  private final Map<String, Boolean> cache = new ConcurrentHashMap<>();
+  private final Map<CacheKey, Boolean> cache = new ConcurrentHashMap<>();
   private static final String ANNOTATED_FOR_DESC = AnnotatedFor.class.descriptorString();
 
   public AnnotatedForFilter(String targetSystem) {
@@ -39,27 +39,29 @@ public AnnotatedForFilter(String targetSystem) {
    */
   public boolean test(ClassModel model, ClassLoader loader) {
     String className = model.thisClass().asInternalName();
+    CacheKey cacheKey = new CacheKey(className, loader);
 
-    if (cache.containsKey(className)) {
-      return cache.get(className);
+    if (cache.containsKey(cacheKey)) {
+      return cache.get(cacheKey);
     }
 
     boolean result = hasAnnotatedFor(model);
     if (!result) {
       result = hasPackageLevelAnnotation(className, loader);
     }
 
-    cache.put(className, result);
+    cache.put(cacheKey, result);
     return result;
   }
 
   @Override
   public boolean test(ClassInfo info) {
     String className = info.internalName();
     if (className == null) return false;
+    CacheKey cacheKey = new CacheKey(className, info.loader());
 
-    if (cache.containsKey(className)) {
-      return cache.get(className);
+    if (cache.containsKey(cacheKey)) {
+      return cache.get(cacheKey);
     }
 
     boolean result = false;
@@ -78,7 +80,7 @@ public boolean test(ClassInfo info) {
       System.err.println("[AnnotatedForFilter] Failed to load bytecode for: " + className);
     }
 
-    cache.put(className, result);
+    cache.put(cacheKey, result);
     return result;
   }
 
@@ -117,4 +119,30 @@ private boolean hasAnnotatedFor(ClassModel model) {
             })
         .orElse(false);
   }
+
+  private static final class CacheKey {
+    private final String className;
+    private final ClassLoader loader;
+
+    private CacheKey(String className, ClassLoader loader) {
+      this.className = className;
+      this.loader = loader;
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+      if (this == obj) {
+        return true;
+      }
+      if (!(obj instanceof CacheKey other)) {
+        return false;
+      }
+      return className.equals(other.className) && loader == other.loader;
+    }
+
+    @Override
+    public int hashCode() {
+      return 31 * className.hashCode() + System.identityHashCode(loader);
+    }
+  }
 }

framework/src/main/java/io/github/eisop/runtimeframework/filter/FrameworkSafetyFilter.java

@@ -16,8 +16,8 @@ public boolean test(ClassInfo info) {
       return false;
     }
 
-    // 2. Skip the runtime framework itself
-    if (name.startsWith("io/github/eisop/")) {
+    // 2. Skip the runtime framework internals
+    if (name.startsWith("io/github/eisop/runtimeframework/")) {
       return false;
     }