Update logging and comments for policy persistence

Sentinel-Gate · web-flow · commit aeaa9439720e · 2026-03-01T17:15:34.000Z
diff --git a/internal/service/policy_admin_service.go b/internal/service/policy_admin_service.go
@@ -119,13 +119,13 @@ func (s *PolicyAdminService) Create(ctx context.Context, p *policy.Policy) (*pol
 		return nil, fmt.Errorf("save policy: %w", err)
 	}
 
-	// Persist to state.json.
+	// Persist to state.json (best-effort: policy is already in memory store).
+	// If persistence fails the policy works for the current session but won't survive a restart.
 	if err := s.persistState(ctx); err != nil {
-		s.logger.Error("failed to persist state after create", "policy_id", p.ID, "error", err)
-		return nil, fmt.Errorf("persist state: %w", err)
+		s.logger.Warn("policy will not survive restart: persist failed", "policy_id", p.ID, "error", err)
 	}
 
-	// Trigger hot-reload of CEL rules.
+	// ALWAYS trigger hot-reload so the CEL engine compiles the new rules.
 	if err := s.policyService.Reload(ctx); err != nil {
 		s.logger.Error("failed to reload policies after create", "policy_id", p.ID, "error", err)
 		return nil, fmt.Errorf("reload policies: %w", err)
@@ -183,13 +183,12 @@ func (s *PolicyAdminService) Update(ctx context.Context, id string, p *policy.Po
 		return nil, fmt.Errorf("save policy: %w", err)
 	}
 
-	// Persist to state.json.
+	// Persist to state.json (best-effort).
 	if err := s.persistState(ctx); err != nil {
-		s.logger.Error("failed to persist state after update", "policy_id", id, "error", err)
-		return nil, fmt.Errorf("persist state: %w", err)
+		s.logger.Warn("policy update will not survive restart: persist failed", "policy_id", id, "error", err)
 	}
 
-	// Trigger hot-reload.
+	// ALWAYS trigger hot-reload.
 	if err := s.policyService.Reload(ctx); err != nil {
 		s.logger.Error("failed to reload policies after update", "policy_id", id, "error", err)
 		return nil, fmt.Errorf("reload policies: %w", err)
@@ -226,13 +225,12 @@ func (s *PolicyAdminService) Delete(ctx context.Context, id string) error {
 		return fmt.Errorf("delete policy: %w", err)
 	}
 
-	// Persist to state.json.
+	// Persist to state.json (best-effort).
 	if err := s.persistState(ctx); err != nil {
-		s.logger.Error("failed to persist state after delete", "policy_id", id, "error", err)
-		return fmt.Errorf("persist state: %w", err)
+		s.logger.Warn("policy deletion will not survive restart: persist failed", "policy_id", id, "error", err)
 	}
 
-	// Trigger hot-reload.
+	// ALWAYS trigger hot-reload.
 	if err := s.policyService.Reload(ctx); err != nil {
 		s.logger.Error("failed to reload policies after delete", "policy_id", id, "error", err)
 		return fmt.Errorf("reload policies: %w", err)
@@ -273,13 +271,12 @@ func (s *PolicyAdminService) DeleteRule(ctx context.Context, policyID, ruleID st
 		return fmt.Errorf("delete rule: %w", err)
 	}
 
-	// Persist to state.json.
+	// Persist to state.json (best-effort).
 	if err := s.persistState(ctx); err != nil {
-		s.logger.Error("failed to persist state after delete rule", "policy_id", policyID, "rule_id", ruleID, "error", err)
-		return fmt.Errorf("persist state: %w", err)
+		s.logger.Warn("rule deletion will not survive restart: persist failed", "policy_id", policyID, "rule_id", ruleID, "error", err)
 	}
 
-	// Trigger hot-reload.
+	// ALWAYS trigger hot-reload.
 	if err := s.policyService.Reload(ctx); err != nil {
 		s.logger.Error("failed to reload policies after delete rule", "policy_id", policyID, "rule_id", ruleID, "error", err)
 		return fmt.Errorf("reload policies: %w", err)
