Currently Decide() of data objects in apis/wsecurity/v1alpha1 return a string

Would it be better to return an error instead of a string?
Take a look at the pattern here for errors... you can define an accumulator for errors like so: knative/pkg/blob/main/apis/field_error.go

Once all data Types are there, discuss the options and what should be done.

Consider using error wrapping as in: https://www.digitalocean.com/community/tutorials/how-to-add-extra-information-to-errors-in-go#wrapping-and-unwrapping-errors

The accumulator pattern I mentioned is for when you want to collect many errors and have all of them available. I'm not suggesting using api.FieldErrors, since that type is specific to Kubernetes APIs.

I'm suggesting that you might want something like:

type RequestDecision {
  //...
}

func (r *RequestDecision) And(rq *RequestDecision...) *RequestDecision {
  if r == nil {
    // Be more efficient here and loop
    return rq[0].And(rq[1:]...)
  }
  for _, item := range rq {
    if item != nil {
      r.additionalDecisions = append(r.additionalDecisions, item)
    }
  }
  return r
}

I don't think you need the field-path tracking that apis.FieldErrors does, but you might also want the multi-level severity that apis.FieldErrors does.

You might also want to return a new *RequestDecision in the non-nil case, rather than mutating r. I sort of wrote that code in less than a minute...

This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Reopen the issue with /reopen. Mark the issue as
fresh by adding the comment /remove-lifecycle stale.

/remove-lifecycle stale