coulomb/flex-auth
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement canonical schema foundation
Some checks failed
CI / Build and Test (push) Has been cancelled
Details
CI / Lint (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Bernd Worsch
2026-05-17 04:59:18 +02:00
parent dd0b9663c4
commit 7fdf6d63d5
29 changed files with 1905 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
examples/caring/decision_envelope.json Normal file
View File

@@ -0,0 +1,69 @@
{
"id": "decision:tenant-alpha-internal-note",
"request_id": "check:tenant-alpha-internal-note",
"effect": "allow",
"reason": "reader_relation",
"matched_policy_version": "markitect.documents.v1",
"matched_rule": "allow_document_read",
"resource": {
"id": "document:internal-note",
"type": "document",
"system": "markitect-tool",
"tenant": "tenant:alpha"
},
"subject": {
"id": "user:alice",
"type": "Human",
"tenant": "tenant:alpha"
},
"obligations": [
{
"type": "log_access",
"parameters": {
"level": "standard"
}
}
],
"diagnostics": {
"policy_package": "examples/caring"
},
"provenance": {
"evaluator": "flex-auth",
"mode": "standalone",
"policy_package": "markitect.documents",
"policy_version": "v1",
"decision_time": "2026-05-17T00:00:00Z"
},
"caring": {
"profile": "caring-0.4.0-rc2",
"descriptor": {
"id": "descriptor:tenant-alpha-document-reader",
"profile": "caring-0.4.0-rc2",
"subject_type": "Human",
"organization_relation": "Customer",
"canonical_role": "Doer",
"scope": {
"level": "Resource",
"id": "document:internal-note",
"tenant": "tenant:alpha",
"resource": "document:internal-note"
},
"planes": ["Data"],
"capabilities": ["View"],
"exposure_modes": ["Masked", "Plaintext"],
"conditions": ["PurposeBound", "Logged"],
"lifecycle_state": "Operate",
"restrictions": ["ExportBlocked"],
"access_path": "direct"
},
"restrictions_evaluated": ["ExportBlocked"],
"exposure_modes": ["Masked", "Plaintext"],
"conformance_findings": [
{
"code": "CARING-EXPORT-SEPARATION",
"severity": "info",
"message": "View is allowed, but Exportable exposure remains separately blocked."
}
]
}
}