Result returned by evaluate() — the complete output of one firewall check.
The caller uses decision to determine what to do:
decision
'pass'
'flag'
'reject'
'prompt'
Primary disposition for the caller.
The matched rule's exceed-action (informational for 'pass').
Identifier of the rule that made the decision (or 'default').
Human-readable reason string for logging/audit.
The updated FirewallState after this observation (original unchanged).
Readonly
Result returned by evaluate() — the complete output of one firewall check.
The caller uses
decisionto determine what to do:'pass'→ dispatch (action may be'flag'→ also emit audit event).'reject'→ drop + return error.'prompt'→ reject now + fire consent prompt.Param: decision
Primary disposition for the caller.
Param: action
The matched rule's exceed-action (informational for
'pass').Param: ruleId
Identifier of the rule that made the decision (or 'default').
Param: reason
Human-readable reason string for logging/audit.
Param: newState
The updated FirewallState after this observation (original unchanged).