27 lines
1.3 KiB
Markdown
27 lines
1.3 KiB
Markdown
# Policy + Exceptions Gateway Contract (draft v0.1)
|
|
|
|
Scope: expose policy evaluation results that include exception metadata, plus simulation endpoints that accept exception overrides for what-if analysis.
|
|
|
|
## Security / headers
|
|
- `Authorization: Bearer <token>` (or `DPoP` where configured)
|
|
- `X-Stella-Tenant: <tenantId>` (required; see `docs/api/gateway/tenant-auth.md`)
|
|
- `X-Stella-Project: <projectId>` (optional)
|
|
- `X-Stella-Trace-Id: <traceId>` (optional; clients SHOULD send one)
|
|
- Scopes:
|
|
- `POST /policy/effective`: `policy:read` AND `exception:read`
|
|
- `POST /policy/simulate`: `policy:simulate` AND `exception:read`
|
|
|
|
## Endpoints
|
|
- `POST /policy/effective` — deterministic effective policy view over a list of findings.
|
|
- `POST /policy/simulate` — simulate policy result changes with exception overrides.
|
|
|
|
## Request/response notes
|
|
- Requests MUST remain deterministic: stable ordering, ISO-8601 UTC timestamps only.
|
|
- Pagination uses `limit` (max `200`) and `continuationToken` (opaque string).
|
|
- Exception metadata SHOULD reuse the Exception schema (`docs/api/console/exception-schema.md`) but MAY omit large fields like audit trails.
|
|
|
|
## Samples
|
|
- `docs/api/gateway/samples/policy-effective-sample.json`
|
|
- `docs/api/gateway/samples/policy-simulate-sample.json`
|
|
|