revert: filter-chain refactor (#1396)

## Description

Reverts filter-chaining from #1333 due to regressions, but keeps
subsequent work.

End to End Test:  <!-- if applicable -->  
(See [Pepr Excellent
Examples](https://github.com/defenseunicorns/pepr-excellent-examples))

## Related Issue

Relates to #1248 
Closes #1389 

## Type of change

- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

## Checklist before merging
- [x] Unit,
[Journey](https://github.com/defenseunicorns/pepr/tree/main/journey),
[E2E Tests](https://github.com/defenseunicorns/pepr-excellent-examples),
[docs](https://github.com/defenseunicorns/pepr/tree/main/docs),
[adr](https://github.com/defenseunicorns/pepr/tree/main/adr) added or
updated as needed
- [x] [Contributor Guide
Steps](https://docs.pepr.dev/main/contribute/#submitting-a-pull-request)
followed

src/lib/filter/filter.ts

@@ -0,0 +1,144 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2023-Present The Pepr Authors
+
+import { AdmissionRequest, Binding } from "../types";
+import { Operation } from "../enums";
+import {
+  carriesIgnoredNamespace,
+  carriedName,
+  definedEvent,
+  declaredOperation,
+  definedName,
+  definedGroup,
+  declaredGroup,
+  definedVersion,
+  declaredVersion,
+  definedKind,
+  declaredKind,
+  definedNamespaces,
+  carriedNamespace,
+  definedLabels,
+  carriedLabels,
+  definedAnnotations,
+  carriedAnnotations,
+  definedNamespaceRegexes,
+  definedNameRegex,
+  misboundDeleteWithDeletionTimestamp,
+  mismatchedDeletionTimestamp,
+  mismatchedAnnotations,
+  mismatchedLabels,
+  mismatchedName,
+  mismatchedNameRegex,
+  mismatchedNamespace,
+  mismatchedNamespaceRegex,
+  mismatchedEvent,
+  mismatchedGroup,
+  mismatchedVersion,
+  mismatchedKind,
+  unbindableNamespaces,
+  uncarryableNamespace,
+} from "./adjudicators";
+
+/**
+ * shouldSkipRequest determines if a request should be skipped based on the binding filters.
+ *
+ * @param binding the action binding
+ * @param req the incoming request
+ * @returns
+ */
+export function shouldSkipRequest(
+  binding: Binding,
+  req: AdmissionRequest,
+  capabilityNamespaces: string[],
+  ignoredNamespaces?: string[],
+): string {
+  const prefix = "Ignoring Admission Callback:";
+  const obj = req.operation === Operation.DELETE ? req.oldObject : req.object;
+
+  // prettier-ignore
+  return (
+    misboundDeleteWithDeletionTimestamp(binding) ?
+      `${prefix} Cannot use deletionTimestamp filter on a DELETE operation.` :
+
+    mismatchedDeletionTimestamp(binding, obj) ?
+      `${prefix} Binding defines deletionTimestamp but Object does not carry it.` :
+
+    mismatchedEvent(binding, req) ?
+      (
+        `${prefix} Binding defines event '${definedEvent(binding)}' but ` +
+        `Request declares '${declaredOperation(req)}'.`
+      ) :
+
+    mismatchedName(binding, obj) ?
+      `${prefix} Binding defines name '${definedName(binding)}' but Object carries '${carriedName(obj)}'.` :
+
+    mismatchedGroup(binding, req) ?
+      (
+        `${prefix} Binding defines group '${definedGroup(binding)}' but ` +
+        `Request declares '${declaredGroup(req)}'.`
+      ) :
+
+    mismatchedVersion(binding, req) ?
+      (
+        `${prefix} Binding defines version '${definedVersion(binding)}' but ` +
+        `Request declares '${declaredVersion(req)}'.`
+      ) :
+
+    mismatchedKind(binding, req) ?
+      (
+        `${prefix} Binding defines kind '${definedKind(binding)}' but ` +
+        `Request declares '${declaredKind(req)}'.`
+      ) :
+
+    unbindableNamespaces(capabilityNamespaces, binding) ?
+      (
+        `${prefix} Binding defines namespaces ${JSON.stringify(definedNamespaces(binding))} ` +
+        `but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.`
+      ) :
+
+    uncarryableNamespace(capabilityNamespaces, obj) ?
+      (
+        `${prefix} Object carries namespace '${carriedNamespace(obj)}' ` +
+        `but namespaces allowed by Capability are '${JSON.stringify(capabilityNamespaces)}'.`
+      ) :
+
+    mismatchedNamespace(binding, obj) ?
+      (
+        `${prefix} Binding defines namespaces '${JSON.stringify(definedNamespaces(binding))}' ` +
+        `but Object carries '${carriedNamespace(obj)}'.`
+      ) :
+
+    mismatchedLabels(binding, obj) ?
+      (
+        `${prefix} Binding defines labels '${JSON.stringify(definedLabels(binding))}' ` +
+        `but Object carries '${JSON.stringify(carriedLabels(obj))}'.`
+      ) :
+
+    mismatchedAnnotations(binding, obj) ?
+      (
+        `${prefix} Binding defines annotations '${JSON.stringify(definedAnnotations(binding))}' ` +
+        `but Object carries '${JSON.stringify(carriedAnnotations(obj))}'.`
+      ) :
+
+    mismatchedNamespaceRegex(binding, obj) ?
+      (
+        `${prefix} Binding defines namespace regexes ` +
+        `'${JSON.stringify(definedNamespaceRegexes(binding))}' ` +
+        `but Object carries '${carriedNamespace(obj)}'.`
+      ) :
+
+    mismatchedNameRegex(binding, obj) ?
+      (
+        `${prefix} Binding defines name regex '${definedNameRegex(binding)}' ` +
+        `but Object carries '${carriedName(obj)}'.`
+      ) :
+
+    carriesIgnoredNamespace(ignoredNamespaces, obj) ?
+      (
+        `${prefix} Object carries namespace '${carriedNamespace(obj)}' ` +
+        `but ignored namespaces include '${JSON.stringify(ignoredNamespaces)}'.`
+      ) :
+
+    ""
+  );
+}