{"overview":"# Policy Service Overview\n\nThe **Policy Service** in the Vivified platform is designed to provide a robust, trait-based policy engine that enforces hierarchical access control, data classification, and plugin interaction policies. This service plays a critical role in maintaining compliance with HIPAA regulations by ensuring that access to sensitive data is closely monitored and controlled.\n\n!!! note\n The Policy Service is an integral part of the Vivified platform's security infrastructure, providing fine-grained access control and data protection.\n\n## Key Features\n- **Hierarchical Trait-Based Access Control**: Enforces access policies based on user roles and capabilities.\n- **Data Classification Enforcement**: Ensures compliance with data access policies.\n- **Plugin Interaction Policies**: Manages how plugins can interact with the system.\n- **UI Feature Gating**: Controls access to specific UI features based on user roles.\n- **Comprehensive Audit Logging**: Logs all policy decisions for audit and compliance purposes.\n\n## Architecture\n\n```mermaid\ngraph TD\n A[Policy Request] -->|Evaluates| B[Policy Engine]\n B -->|Decision| C[Policy Decision]\n B -->|Logs| D[Audit Log]\n B -->|Enforces| E[Data Classification]\n B -->|Controls| F[UI Features]\n```\n\n## Security Considerations\nThe Policy Service is designed with security at its core, aligning with HIPAA requirements:\n\n- **Audit Logging**: Every decision made by the policy engine is logged for audit purposes.\n- **Access Control**: Implements strict access control measures to prevent unauthorized data access.\n- **Data Sanitization**: Provides mechanisms to sanitize sensitive data before exposure.\n\n!!! warning\n Ensure that all API requests to the Policy Service are authenticated and encrypted to prevent unauthorized access or data breaches.\n\n## Troubleshooting\n\nIf you encounter issues with the Policy Service:\n\n- **Check Logs**: Review the audit logs to identify any unauthorized access attempts or errors in policy evaluation.\n- **Verify Configuration**: Ensure that the trait registry and policy configurations are correctly set up and loaded.\n\n!!! tip\n Regularly update the trait definitions and policy rules to adapt to new security requirements and compliance regulations.\n","api":"# Policy API Reference\n\nThe Policy Service API provides endpoints for evaluating access control policies and managing trait-based rules.\n\n## Endpoints\n\n### Evaluate Policy\n- **Endpoint**: `/api/policy/evaluate`\n- **Method**: `POST`\n- **Description**: Evaluates a policy request based on provided traits and context.\n\n#### Request Parameters\n\n| Parameter | Type | Description |\n|-----------|--------|-------------|\n| `user_id` | string | Unique identifier for the user making the request. |\n| `context` | string | Context for policy evaluation (e.g., `USER_ACTION`). |\n| `traits` | list | List of traits associated with the request. |\n\n#### Response\n\n- **200 OK**: Returns the policy decision (`allow`, `deny`, `sanitize`).\n\n!!! example \"Python\"\n ```python\n import requests\n response = requests.post('https://api.vivified.com/policy/evaluate', json={\n 'user_id': '12345',\n 'context': 'USER_ACTION',\n 'traits': ['role:admin', 'capability:read']\n })\n print(response.json())\n ```\n\n!!! example \"curl\"\n ```bash\n curl -X POST https://api.vivified.com/policy/evaluate \\\n -H \"Content-Type: application/json\" \\\n -d '{\"user_id\": \"12345\", \"context\": \"USER_ACTION\", \"traits\": [\"role:admin\", \"capability:read\"]}'\n ```\n","config":"# Configuration Guide\n\nThe Policy Service configuration involves setting up the trait registry and defining policy rules.\n\n## Trait Registry\n\nThe trait registry classifies and validates traits used in policy evaluation.\n\n| Option | Description |\n|-----------------|--------------------------------------------|\n| `ROLE` | Defines user roles and permissions. |\n| `CAPABILITY` | Specifies user or plugin capabilities. |\n| `DATA_ACCESS` | Manages access to classified data. |\n| `UI_FEATURE` | Controls UI elements and feature access. |\n| `PLUGIN_TYPE` | Categorizes plugins for interaction policies. |\n| `SECURITY` | Security-related traits and enforcement. |\n| `COMPLIANCE` | Compliance requirements for data access. |\n\n## Policy Rules\n\nDefine rules based on traits to enforce access control and data compliance.\n\n- **Rule Format**: JSON objects specifying trait conditions and resulting policy decisions.\n\n## Logging Configuration\n\nEnsure logging is enabled to maintain an audit trail of policy decisions.\n\n```yaml\nlogging:\n level: DEBUG\n handlers: [console, file]\n```\n\n!!! note\n Regularly review and update the trait registry and policy rules to maintain compliance with evolving regulations.\n","examples":"# Usage Examples\n\n## Evaluating Policy Requests\n\nThe following examples demonstrate how to evaluate policy requests using the Policy Service API.\n\n=== \"Python\"\n ```python\n import requests\n \n def evaluate_policy(user_id, context, traits):\n url = 'https://api.vivified.com/policy/evaluate'\n payload = {\n 'user_id': user_id,\n 'context': context,\n 'traits': traits\n }\n response = requests.post(url, json=payload)\n return response.json()\n\n decision = evaluate_policy('12345', 'USER_ACTION', ['role:admin', 'data_access:confidential'])\n print('Policy Decision:', decision)\n ```\n\n=== \"curl\"\n ```bash\n curl -X POST https://api.vivified.com/policy/evaluate \\\n -H \"Content-Type: application/json\" \\\n -d '{\"user_id\": \"12345\", \"context\": \"USER_ACTION\", \"traits\": [\"role:admin\", \"data_access:confidential\"]}'\n ```\n\n!!! tip\n Use the `SANITIZE` decision to allow access while ensuring sensitive data is removed from responses.\n"}