Policy Authoring Guide

Note: This guide is currently under active development.

Overview

Fulcrum uses Rego (from Open Policy Agent) for defining governance policies. This guide covers the syntax, best practices, and checking mechanisms for Fulcrum policies.

Policy Structure

A standard Fulcrum policy looks like this:

package fulcrum.policy

default allow = false

# Allow if the action is read-only
allow {
    input.action == "read"
}

# Allow if user has admin role
allow {
    input.user.role == "admin"
}

Testing Policies

Usage of the fulcrum test CLI command to verify policies locally before deploying.

[Coming Soon: Detailed syntax reference and examples]