heimdall icon indicating copy to clipboard operation
heimdall copied to clipboard

Organize rule steps in a DAG structure

Open dadrus opened this issue 6 months ago • 0 comments

Preflight checklist

  • [x] I agree to follow this project's Code of Conduct.
  • [x] I have read and am following this repository's Contribution Guidelines."
  • [ ] I have discussed this feature request with the community.

Describe the background of your feature request

Heimdall currently parses rules and adds the defined mechanisms (authenticators, authorizers, contextualizers, and finalizers) to a sequential list. Conditional execution is supported for all mechanisms except authenticators, using if clauses that can reference request properties or attributes of the authenticated subject.

For small rules, this sequential execution works well. In larger rules with multiple conditional steps, evaluating conditions sequentially can become cumbersome and prevents parallel execution.

Describe your idea

Introduce a DAG-based representation for rule steps. Instead of a flat list, the mechanisms would be structured as nodes in an acyclic directed graph, with edges representing execution dependencies. This would allow:

  • Precomputing execution order based on dependencies.
  • Parallel execution of independent mechanisms, improving performance.
  • Simplified conditions: if clauses could still refer to request or subject properties but would no longer need to reference whether another mechanism has been executed.
  • Better maintainability and readability of complex rules.

Are there any workarounds or alternatives?

Leave it as it is

Version

0.17.0

Additional Context

No response

dadrus avatar Aug 18 '25 06:08 dadrus