up

src/Policy/__Libraries/StellaOps.Policy/Schemas/spl-sample@1.json

@@ -0,0 +1,42 @@
+{
+  "apiVersion": "spl.stellaops/v1",
+  "kind": "Policy",
+  "metadata": {
+    "name": "demo-access",
+    "description": "Sample SPL policy allowing read access to demo resources",
+    "labels": {
+      "env": "demo",
+      "owner": "policy-guild"
+    }
+  },
+  "spec": {
+    "defaultEffect": "deny",
+    "statements": [
+      {
+        "id": "allow-read-demo",
+        "effect": "allow",
+        "description": "Allow read on demo resources",
+        "match": {
+          "resource": "demo/*",
+          "actions": ["read"],
+          "reachability": "direct",
+          "exploitability": {
+            "epss": 0.42,
+            "kev": false
+          },
+          "conditions": [
+            {
+              "field": "request.tenant",
+              "operator": "eq",
+              "value": "demo"
+            }
+          ]
+        },
+        "audit": {
+          "message": "demo read granted",
+          "severity": "info"
+        }
+      }
+    ]
+  }
+}