PolicyFlow

PolicyFlow Documentation

Comprehensive guide to PolicyFlow - a powerful authorization language

PolicyFlow Documentation

Welcome to the PolicyFlow documentation! PolicyFlow is a high-level, declarative, and type-safe language designed for expressing modern authorization logic with clarity and precision.

What is PolicyFlow?

PolicyFlow enables you to:

  • 🔐 Define Authorization Rules - Write clear, auditable access control policies
  • 🏗️ Build Scalable Systems - From simple RBAC to complex ABAC and ReBAC models
  • 🧪 Test with Confidence - Comprehensive testing framework for your policies
  • 🚀 Deploy Anywhere - Language-agnostic runtime for any platform

Quick Example

policy DocumentAccess {
    rules {
        rule OwnerAccess {
            when user.id == resource.ownerId
            then ALLOW
            reason: "Document owner has full access"
        }

        rule PublicReadAccess {
            when resource.isPublic AND action == "read"
            then ALLOW
            reason: "Public documents can be read by anyone"
        }
    }
}

Where to Start?

Introduction

Learn about PolicyFlow's design philosophy and ecosystem

Getting Started

Create your first policy in 5 minutes

Writing Policies

Deep dive into policy structure and rules

Reference

Complete API reference and built-in libraries

Core Concepts

📁 File Types

  • .pf - Policy files containing authorization rules
  • .pfs - Schema files defining data models
  • .pftest - Test files for validating policies
  • .env - Environment configuration

🔑 Key Features

  • Type Safety - Catch errors at compile time, not runtime
  • Modular Design - Organize policies with imports and namespaces
  • Rich Standard Library - Built-in functions for common operations
  • Relationship Support - First-class support for graph-based permissions
  • Testing Framework - Property-based and example-based testing

🏗️ Access Control Models

PolicyFlow supports multiple access control paradigms:

  • RBAC - Role-Based Access Control
  • ABAC - Attribute-Based Access Control
  • ReBAC - Relationship-Based Access Control
  • Hybrid - Combine multiple models as needed

Learn by Example

Simple Role Check

rule AdminAccess {
    when "admin" in user.roles
    then ALLOW
    priority: 1000
}

Attribute-Based Control

rule ClearanceCheck {
    when user.clearanceLevel >= resource.requiredClearance
        AND user.department == resource.department
    then ALLOW
}

Relationship-Based Access

rule TeamMemberAccess {
    when Relationships.Has(user, "member_of", resource.team)
    then ALLOW
}

Documentation Structure

This documentation is organized into several sections:

  1. Introduction & Getting Started - Overview and quick start
  2. Core Concepts - Language fundamentals and syntax
  3. Policies - Writing and organizing authorization logic
  4. Reference - Complete API and operator reference
  5. Advanced Topics - Architecture, testing, and best practices

Need Help?

  • 📚 Browse the full documentation using the sidebar
  • 🐛 Report issues on GitHub
  • 💬 Join our community discussions
  • 📧 Contact support for enterprise inquiries

Ready to secure your application with PolicyFlow? Let's get started!

Introduction to PolicyFlow

A high-level, declarative language for modern authorization logic