From 6ba653819199dd047f468481a28f964326e8cd38 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 5 Feb 2026 02:13:06 +0000
Subject: [PATCH 1/5] Initial plan


From 733bf1b57fb082014ff511b107773a33c0540c65 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 5 Feb 2026 02:16:48 +0000
Subject: [PATCH 2/5] Fix enforce error when using keyMatch4 - handle both
 string and table errors

Co-authored-by: hsluoyz <3787410+hsluoyz@users.noreply.github.com>
---
 examples/keymatch4_model.conf | 14 ++++++++++++++
 examples/keymatch4_policy.csv |  4 ++++
 src/main/CoreEnforcer.lua     |  6 ++++--
 tests/main/enforcer_spec.lua  | 15 +++++++++++++++
 4 files changed, 37 insertions(+), 2 deletions(-)
 create mode 100644 examples/keymatch4_model.conf
 create mode 100644 examples/keymatch4_policy.csv

diff --git a/examples/keymatch4_model.conf b/examples/keymatch4_model.conf
new file mode 100644
index 0000000..da39667
--- /dev/null
+++ b/examples/keymatch4_model.conf
@@ -0,0 +1,14 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = g(r.sub, p.sub) && keyMatch4(r.obj, p.obj) && regexMatch(r.act, p.act)
diff --git a/examples/keymatch4_policy.csv b/examples/keymatch4_policy.csv
new file mode 100644
index 0000000..d6839a6
--- /dev/null
+++ b/examples/keymatch4_policy.csv
@@ -0,0 +1,4 @@
+p, alice, /parent/{id}/child/{id}, (GET)|(POST)
+p, bob, /parent/{id}/child/{another_id}, (GET)|(POST)
+g, alice, alice
+g, bob, bob
diff --git a/src/main/CoreEnforcer.lua b/src/main/CoreEnforcer.lua
index c8b5aa8..c77c65c 100644
--- a/src/main/CoreEnforcer.lua
+++ b/src/main/CoreEnforcer.lua
@@ -446,7 +446,8 @@ function CoreEnforcer:enforceEx(...)
                 res, err = luaxp.evaluate(tExpString, context)
             end
             if err then
-                error("evaluation error: " .. err.message)
+                local errMsg = type(err) == "table" and err.message or tostring(err)
+                error("evaluation error: " .. errMsg)
             end
 
             local c = true
@@ -491,7 +492,8 @@ function CoreEnforcer:enforceEx(...)
             
         local res, err = luaxp.run(compiledExpression, context)
         if err then
-            error("evaluation error: " .. err.message)
+            local errMsg = type(err) == "table" and err.message or tostring(err)
+            error("evaluation error: " .. errMsg)
         end
 
         if res then
diff --git a/tests/main/enforcer_spec.lua b/tests/main/enforcer_spec.lua
index 122d226..082f705 100644
--- a/tests/main/enforcer_spec.lua
+++ b/tests/main/enforcer_spec.lua
@@ -94,6 +94,21 @@ describe("Enforcer tests", function ()
         assert.is.True(e:enforce("alice", "/alice_data2/123/using/456", "GET"))
     end)
 
+    it("keyMatch4 test", function ()
+        local model  = path .. "/examples/keymatch4_model.conf"
+        local policy  = path .. "/examples/keymatch4_policy.csv"
+
+        local e = Enforcer:new(model, policy)
+        -- Test alice with matching IDs (same placeholder value)
+        assert.is.True(e:enforce("alice", "/parent/123/child/123", "GET"))
+        assert.is.True(e:enforce("alice", "/parent/456/child/456", "POST"))
+        -- Test alice with non-matching IDs (different placeholder values)
+        assert.is.False(e:enforce("alice", "/parent/123/child/456", "GET"))
+        -- Test bob with different IDs (different placeholders, should work)
+        assert.is.True(e:enforce("bob", "/parent/123/child/456", "GET"))
+        assert.is.True(e:enforce("bob", "/parent/789/child/012", "POST"))
+    end)
+
     it("priority test", function ()
         local model  = path .. "/examples/priority_model.conf"
         local policy  = path .. "/examples/priority_policy.csv"

From 33549f55f04a48497b98b8d0e7e23bf585d8880b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 5 Feb 2026 02:22:01 +0000
Subject: [PATCH 3/5] Update progress after successful test run

Co-authored-by: hsluoyz <3787410+hsluoyz@users.noreply.github.com>
---
 examples/keymatch4_policy.csv | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/keymatch4_policy.csv b/examples/keymatch4_policy.csv
index d6839a6..7a80dbc 100644
--- a/examples/keymatch4_policy.csv
+++ b/examples/keymatch4_policy.csv
@@ -1,4 +1,4 @@
-p, alice, /parent/{id}/child/{id}, (GET)|(POST)
-p, bob, /parent/{id}/child/{another_id}, (GET)|(POST)
+p, alice, /parent/{id}/child/{id}, GET|POST
+p, bob, /parent/{id}/child/{another_id}, GET|POST
 g, alice, alice
 g, bob, bob

From c7777ebacc8645b10c0f41f59232eb28693ef2c8 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 5 Feb 2026 02:22:56 +0000
Subject: [PATCH 4/5] Remove trailing newline from keymatch4_policy.csv

Co-authored-by: hsluoyz <3787410+hsluoyz@users.noreply.github.com>
---
 examples/keymatch4_policy.csv | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/keymatch4_policy.csv b/examples/keymatch4_policy.csv
index 7a80dbc..35e99df 100644
--- a/examples/keymatch4_policy.csv
+++ b/examples/keymatch4_policy.csv
@@ -1,4 +1,4 @@
 p, alice, /parent/{id}/child/{id}, GET|POST
 p, bob, /parent/{id}/child/{another_id}, GET|POST
 g, alice, alice
-g, bob, bob
+g, bob, bob
\ No newline at end of file

From 6550a94ba775f50b8c56bcba45fbc3d5ecd5c75e Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 5 Feb 2026 03:13:27 +0000
Subject: [PATCH 5/5] Add retry logic to benchmark job dependency installation

Co-authored-by: hsluoyz <3787410+hsluoyz@users.noreply.github.com>
---
 .github/workflows/build.yml | 30 ++++++++++++++++++++++++------
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 54cea7e..fe52d75 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -108,12 +108,30 @@ jobs:
 
     - name: Install dependencies
       run: |
-        luarocks install lualogging
-        luarocks install lrexlib-pcre2
-        luarocks install luaposix
-        luarocks install luasocket
-        luarocks install busted
-        luarocks install busted-htest
+        until luarocks install lualogging
+        do
+          sleep 1
+        done
+        until luarocks install lrexlib-pcre2
+        do
+          sleep 1
+        done
+        until luarocks install luaposix
+        do
+          sleep 1
+        done
+        until luarocks install luasocket
+        do
+          sleep 1
+        done
+        until luarocks install busted
+        do
+          sleep 1
+        done
+        until luarocks install busted-htest
+        do
+          sleep 1
+        done
       
     - name: Run Benchmark
       run: |