Description

/policy status reports rules: 0 when all policy rules come from an external policy_file, even though the rules are correctly loaded and enforced.

Root cause

handle_policy_command() in policy_commands.rs:30 uses:

let rule_count = policy_config.rules.len();

This counts only inline [[tools.policy.rules]] entries from the TOML config. Rules loaded via policy_file are compiled separately in PolicyEnforcer::compile() and merged, but the raw policy_config.rules vec stays empty.

Reproduction

Config with policy_file only (no inline rules):

[tools.policy]
enabled = true
default_effect = "allow"
policy_file = ".local/testing/test-policy-rules.toml"

/policy status
→ Policy: enabled, default: allow, rules: 0, file: .local/testing/test-policy-rules.toml

Despite rules: 0, /policy check bash {"command":"cat /etc/hostname"} → Deny (file rules ARE applied).

Expected

rules: 2, file: .local/testing/test-policy-rules.toml — count should include file-loaded rules.

Fix

After loading file rules in the status handler (or by storing the compiled rule count on PolicyEnforcer), sum inline + file rule counts for display.

Severity

LOW — display only, enforcement is correct.

Found: session 104 (2026-03-16), v0.15.1.