Access controlled knowledge gateway functionality

2026-05-04 15:00:16 +02:00
parent e87406ac9e
commit d923661852
20 changed files with 1486 additions and 14 deletions
--- a/src/markitect_tool/extension/builtins.py
+++ b/src/markitect_tool/extension/builtins.py
@@ -17,6 +17,7 @@ def builtin_extension_registry() -> ExtensionRegistry:
        _runtime_context_descriptor(),
        _runtime_form_state_descriptor(),
        _runtime_assessment_descriptor(),
+        _local_label_policy_descriptor(),
    ]:
        registry.register(descriptor)
    return registry
@@ -86,6 +87,7 @@ def _local_sqlite_backend_descriptor() -> ExtensionDescriptor:
            ProcessingCapability(id="fts", kind="backend"),
            ProcessingCapability(id="sql", kind="backend"),
            ProcessingCapability(id="provenance", kind="backend"),
+            ProcessingCapability(id="policy_filter", kind="backend"),
        ],
        safety={"reads_files": True, "writes_local_cache": True, "network": False},
        input_contract="Markdown files/directories",
@@ -188,3 +190,37 @@ def _runtime_assessment_descriptor() -> ExtensionDescriptor:
        examples=["examples/runtime/concept-note-assessment.contract.md"],
        metadata={"provider_implementation": "external adapter required"},
    )
+
+
+def _local_label_policy_descriptor() -> ExtensionDescriptor:
+    return ExtensionDescriptor(
+        id="policy.local-label",
+        kind="policy-gateway",
+        summary="Local label, trust-zone, and path policy gateway.",
+        capabilities=[
+            ProcessingCapability(id="policy", kind="authorize"),
+            ProcessingCapability(id="policy_filter", kind="filter"),
+            ProcessingCapability(id="diagnostics", kind="emit"),
+            ProcessingCapability(id="provenance", kind="emit"),
+        ],
+        safety={"network": False, "external_policy_engine": False},
+        input_contract="PolicySubject + PolicyObject + local label policy",
+        output_contract="PolicyDecision | PolicyFilterResult",
+        diagnostics_namespace="policy",
+        provenance_prefix="policy.local_label",
+        cli={
+            "commands": [
+                "mkt policy check",
+                "mkt cache query --policy",
+                "mkt search --policy",
+            ]
+        },
+        docs=["docs/access-control-policy-gateway.md"],
+        examples=["examples/policy/local-label-policy.yaml"],
+        metadata={
+            "external_adapters": [
+                "RelationshipPolicyAdapter",
+                "RulePolicyAdapter",
+            ]
+        },
+    )