From 3247f5d357571a1c1bb21217b9b7de05a0418db0 Mon Sep 17 00:00:00 2001
From: tegwick <bernd.worsch@gmail.com>
Date: Tue, 16 Jun 2026 01:46:54 +0200
Subject: [PATCH] Add capability registry with seed entry from reuse-surface

Bootstrap registry layout and migrate helix_forge capability owned by
this repository (REUSE-WP-0014-T02).
---
 registry/README.md                            | 12 +++
 registry/capabilities/.gitkeep                |  0
 ...apability.authorization.policy-evaluate.md | 80 +++++++++++++++++++
 registry/indexes/capabilities.yaml            | 19 +++++
 4 files changed, 111 insertions(+)
 create mode 100644 registry/README.md
 create mode 100644 registry/capabilities/.gitkeep
 create mode 100644 registry/capabilities/capability.authorization.policy-evaluate.md
 create mode 100644 registry/indexes/capabilities.yaml

diff --git a/registry/README.md b/registry/README.md
new file mode 100644
index 0000000..569abe9
--- /dev/null
+++ b/registry/README.md
@@ -0,0 +1,12 @@
+# Capability Registry
+
+Markdown-first capability index for federation and reuse planning.
+
+## Authoring
+
+1. Copy a capability entry template (see reuse-surface `templates/capability-entry.template.md`).
+2. Add the row to `indexes/capabilities.yaml`.
+3. Run `reuse-surface validate` from a checkout with the CLI installed.
+4. Merge to `main` and verify publish with `reuse-surface establish --publish-check`.
+
+Federation contract: reuse-surface `docs/RegistryFederation.md`.
diff --git a/registry/capabilities/.gitkeep b/registry/capabilities/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/registry/capabilities/capability.authorization.policy-evaluate.md b/registry/capabilities/capability.authorization.policy-evaluate.md
new file mode 100644
index 0000000..be22db6
--- /dev/null
+++ b/registry/capabilities/capability.authorization.policy-evaluate.md
@@ -0,0 +1,80 @@
+---
+id: capability.authorization.policy-evaluate
+name: Authorization Policy Evaluation
+summary: Evaluate access decisions from policy-as-code rules for subjects, resources, and actions.
+owner: flex-auth
+status: draft
+domain: helix_forge
+tags: [authorization, policy, flex-auth]
+
+maturity:
+  discovery:
+    current: D4
+    target: D6
+    confidence: medium
+    rationale: flex-auth INTENT defines policy-as-code boundary and enterprise growth path.
+  availability:
+    current: A2
+    target: A5
+    confidence: low
+    rationale: Policy registry and evaluation logic exist in repo; service packaging evolving.
+
+external_evidence:
+  completeness:
+    level: C2
+    name: Partial
+    confidence: low
+    basis: scope_vs_intent_and_consumer_expectations
+    satisfied_expectations:
+      - policy-as-code intent documented
+    broken_expectations:
+      - not yet indexed from flex-auth native registry
+    out_of_scope_expectations:
+      - identity proofing
+  reliability:
+    level: R1
+    confidence: low
+    basis: consumer_quality_signals
+    known_reliability_risks:
+      - early implementation phase
+
+discovery:
+  intent: >
+    Provide inspectable authorization decisions between verified identity and
+    protected resources using policy-as-code.
+  includes:
+    - policy evaluation
+    - authorization registry
+    - decision explainability
+  excludes:
+    - identity issuance
+    - authentication protocols
+  use_cases: []
+
+availability:
+  current_level: A2
+  target_level: A5
+  current_artifacts:
+    - flex-auth/
+  consumption_modes:
+    - source module
+
+relations:
+  depends_on:
+    - capability.identity.subject-resolution
+  related_to:
+    - capability.feature-control.evaluate
+
+consumer_guidance:
+  recommended_for:
+    - planning authorization layer between identity and resources
+  not_recommended_for:
+    - feature visibility toggles without policy intent
+  known_limitations:
+    - maturity evidence is registry-external today
+---
+
+# Authorization Policy Evaluation
+
+Policy evaluation from flex-auth sits between identity resolution and protected
+systems.
\ No newline at end of file
diff --git a/registry/indexes/capabilities.yaml b/registry/indexes/capabilities.yaml
new file mode 100644
index 0000000..6784c9b
--- /dev/null
+++ b/registry/indexes/capabilities.yaml
@@ -0,0 +1,19 @@
+version: 1
+updated: '2026-06-16'
+domain: helix_forge
+capabilities:
+- id: capability.authorization.policy-evaluate
+  name: Authorization Policy Evaluation
+  summary: Evaluate access decisions from policy-as-code rules for subjects, resources,
+    and actions.
+  vector: D4 / A2 / C2 / R1
+  domain: helix_forge
+  status: draft
+  owner: flex-auth
+  path: registry/capabilities/capability.authorization.policy-evaluate.md
+  tags:
+  - authorization
+  - policy
+  - flex-auth
+  consumption_modes:
+  - source module