--- id: capability.authorization.policy-evaluate name: Authorization Policy Evaluation summary: Evaluate access decisions from policy-as-code rules for subjects, resources, and actions. owner: flex-auth status: draft domain: helix_forge tags: [authorization, policy, flex-auth] maturity: discovery: current: D4 target: D6 confidence: medium rationale: flex-auth INTENT defines policy-as-code boundary and enterprise growth path. availability: current: A2 target: A5 confidence: low rationale: Policy registry and evaluation logic exist in repo; service packaging evolving. external_evidence: completeness: level: C2 name: Partial confidence: low basis: scope_vs_intent_and_consumer_expectations satisfied_expectations: - policy-as-code intent documented broken_expectations: - not yet indexed from flex-auth native registry out_of_scope_expectations: - identity proofing reliability: level: R1 confidence: low basis: consumer_quality_signals known_reliability_risks: - early implementation phase discovery: intent: > Provide inspectable authorization decisions between verified identity and protected resources using policy-as-code. includes: - policy evaluation - authorization registry - decision explainability excludes: - identity issuance - authentication protocols use_cases: [] availability: current_level: A2 target_level: A5 current_artifacts: - flex-auth/ consumption_modes: - source module relations: depends_on: - capability.identity.subject-resolution related_to: - capability.feature-control.evaluate consumer_guidance: recommended_for: - planning authorization layer between identity and resources not_recommended_for: - feature visibility toggles without policy intent known_limitations: - maturity evidence is registry-external today --- # Authorization Policy Evaluation Policy evaluation from flex-auth sits between identity resolution and protected systems.