;; lib/acl/api.sx — public ACL surface over an implicit current db.
;;
;; Callers load a fact set once, then issue decisions without threading the db
;; through every call. The current db is module state; (acl/load! facts) rebuilds
;; it. This is the boundary the rest of rose-ash imports.

(define acl-current-db nil)

;; Replace the current fact base. Rebuilds the Datalog db under the active
;; ruleset (see lib/acl/engine.sx).
(define
  acl/load!
  (fn
    (facts)
    (do (set! acl-current-db (acl-build-db facts)) acl-current-db)))

;; Ensure a db exists, building an empty one on first use.
(define
  acl-ensure-db!
  (fn
    ()
    (do
      (when
        (= acl-current-db nil)
        (set! acl-current-db (acl-build-db (list))))
      acl-current-db)))

;; Public decision against the current db.
(define
  acl/permit?
  (fn (subj act res) (acl-permit? (acl-ensure-db!) subj act res)))