Add AI policy type support

[Copilot]

AI Policy Support Implementation

• Add "a" section to sectionNameMap in model/model.go for "ai_definition"
• Handle "a" section like "p" section for token parsing
• Add special handling to load "ai" key in addition to "a"
• Update HasPolicyEx to validate "a" section policies
• Update ClearPolicy to clear AI policies
• Update file adapter to save/load AI policies with proper CSV escaping
• Update string adapter to save/load AI policies with proper CSV escaping
• Update filtered adapter Filter struct to include AI field
• Add AI case to filterLine function
• Create test examples (ai_policy_model.conf, ai_policy.csv)
• Create comprehensive tests (TestAIPolicyLoad, TestAIPolicySave)
• Run full test suite - all tests passing
• Address code review feedback
• Run security check - no vulnerabilities found
• Fix goimports linting errors

Summary

This implementation adds support for AI-based access control policies in Casbin. Users can now define AI policy rules using natural language in their policy files, such as:

ai, "if the request object contains anything like credential/secret leak, then deny"

The feature properly handles:

• Model definition for AI policies
• Loading/saving AI policies from/to CSV files with proper escaping
• Filtering AI policies
• Integration with existing Casbin infrastructure

All existing tests pass, new tests validate the AI policy functionality, and all linting checks pass.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[feature] support AI policy</issue_title>
<issue_description>see: https://editor.casbin.org/#E55N7DSKX

need to support the new "ai" type policy, like:

ai, "if the request object contains anything like credential/secret leak, then deny"

Casbin Policy Configuration

Model

[request_definition]
r = sub, obj, act, time

[policy_definition]
p = sub, obj, act, time_start, time_end

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act && r.time >= p.time_start && r.time <= p.time_end

Policy

p, alice, data1, read, 09:00, 18:00
p, bob, data2, write, 13:00, 16:00

g, cathy, alice

ai, "if the request object contains anything like credential/secret leak, then deny"

Request

cathy, data1, read, 10:00
cathy, data1, read, 08:00
cathy, data1, read, 19:00
bob, data2, write, 14:00
bob, data2, write, 12:00

Enforcement Result

true Reason: ["alice","data1","read","09:00","18:00"]
false
false
true Reason: ["bob","data2","write","13:00","16:00"]
false
```</issue_description>

## Comments on the Issue (you are @copilot in this section)

<comments>
</comments>

• Fixes [feature] support the new "a" type policies (aka LLM AI policy) #1692

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[hsluoyz]

@copilot fix:

Annotations
2 errors and 2 warnings
[golangci](https://github.com/casbin/casbin/actions/runs/21326469283/job/61385432706#step:4:27)
issues found
[golangci: ai_policy_test.go#L85](https://github.com/casbin/casbin/pull/1693/files#annotation_44639742180)
File is not `goimports`-ed (goimports)

[Copilot]

@copilot fix:

...

Fixed in commit 0f30770. The file is now properly formatted with goimports.