Access controlled knowledge gateway functionality

examples/backends/local-sqlite-backend.md

@@ -12,6 +12,7 @@ capabilities:
   - fts
   - sql
   - provenance
+  - policy
   - reference_graph
   - processor_results
 storage:

examples/policy/local-label-policy.yaml

@@ -0,0 +1,16 @@
+id: markitect-local-label-policy
+mode: enforce
+default_labels: [public]
+default_subject: public-agent
+subjects:
+  public-agent:
+    allowed_labels: [public]
+    trust_zones: [public]
+  internal-agent:
+    allowed_labels: [public, internal]
+    trust_zones: [public, internal]
+path_rules:
+  - id: private-path
+    pattern: private/**
+    labels: [internal]
+    trust_zone: internal

examples/policy/private/internal-note.md

@@ -0,0 +1,11 @@
+---
+policy:
+  labels: [internal]
+  trust_zone: internal
+---
+
+# Internal Note
+
+## Decision
+
+Keep implementation-specific security review notes in the internal trust zone.

examples/policy/public-note.md

@@ -0,0 +1,11 @@
+---
+labels: [public]
+policy:
+  trust_zone: public
+---
+
+# Public Note
+
+## Decision
+
+Share the policy gateway overview with every documentation contributor.