Skip to content

Policy Editor Guide

The Observer UI includes a three-tab policy editor that makes Cedar policies accessible to users at every skill level. All three modes produce the same Cedar output and stay in sync.

Overview

Tab Audience Description
IFTTT Business users, compliance teams Point-and-click rule builder using IF/THEN statements
Visual Technical leads, security engineers Drag-and-drop policy graph with claim autocomplete
Cedar Developers, policy engineers Direct Cedar syntax editing with highlighting and validation

Changes made in any tab are reflected in the other two. The source of truth is always Cedar -- the IFTTT and Visual modes are projections of the underlying Cedar policy.

IFTTT Mode

IFTTT (If This Then That) mode presents policies as plain-language rules. Each rule has:

  • IF: A condition based on auditor claims
  • THEN: An action (block, warn, escalate, log)

Creating a Rule

  1. Click Add Rule
  2. Select a claim from the dropdown (populated from auditor vocabularies)
  3. Choose an operator (equals, greater than, contains, etc.)
  4. Set the value
  5. Choose the action (Block, Warn, Escalate, Log)
  6. Optionally add a compliance tag

Example Rules

IF toxic_content > 0.8                     THEN Block
IF injection_risk > 0.7                    THEN Block
IF pii_types contains "US_SSN"             THEN Escalate
IF detected_regions not contains "EU"      THEN Block
IF demographic_parity_diff > 0.1           THEN Warn

Generated Cedar

The IFTTT rules above generate:

forbid(principal, action == Action::"invoke", resource)
when { context.claims.toxic_content > 0.8 };

forbid(principal, action == Action::"invoke", resource)
when { context.claims.injection_risk > 0.7 };

@annotation("decision", "escalate")
forbid(principal, action == Action::"invoke", resource)
when { "US_SSN" in context.claims.pii_types };

forbid(principal, action == Action::"invoke", resource)
when { !("EU" in context.claims.detected_regions) };

@annotation("decision", "warn")
forbid(principal, action == Action::"invoke", resource)
when { context.claims.demographic_parity_diff > 0.1 };

permit(principal, action == Action::"invoke", resource);

Limitations of IFTTT Mode

  • Cannot express multi-claim conditions (use Visual or Cedar mode)
  • Cannot use unless clauses
  • Cannot reference principal or resource attributes
  • Cannot add compliance annotations (use Cedar mode)

Visual Mode

Visual mode presents the policy as a node graph. Claims flow from auditors into condition nodes that connect to decision nodes.

Components

  • Claim Nodes: Represent auditor claims (auto-populated from vocabularies)
  • Condition Nodes: Operators that compare claim values
  • Logic Nodes: AND/OR combinators for multi-claim conditions
  • Decision Nodes: Block, Warn, Escalate, Log, Allow
  • Scope Nodes: Org, Workspace, Agent scope boundaries

Building a Policy

  1. Drag a Claim Node onto the canvas (e.g., toxic_content)
  2. Connect it to a Condition Node (e.g., > 0.8)
  3. Connect the condition to a Decision Node (e.g., Block)
  4. For multi-claim rules, use a Logic Node (AND/OR) between conditions and decisions

Autocomplete

Claim nodes offer autocomplete based on the auditor vocabularies registered with the platform. As you type, matching claim names appear with their types and descriptions.

Visual-to-Cedar Mapping

Visual Element Cedar Output
Claim Node + Condition + Block forbid(...) when { context.claims.X > Y };
Claim Node + Condition + Warn @annotation("decision", "warn") forbid(...) when { ... };
AND Logic Node Multiple conditions joined with &&
OR Logic Node Separate forbid rules
Unless connector unless { ... } clause

Cedar Mode

Cedar mode provides a full-featured code editor with:

  • Syntax highlighting for Cedar keywords (permit, forbid, when, unless)
  • Claim autocomplete from auditor vocabularies (type context.claims. to trigger)
  • Real-time validation against the Lucid Cedar schema
  • Error markers for syntax errors and unknown claim references
  • Undo/Redo support

Editor Features

Feature Shortcut
Autocomplete Ctrl+Space
Validate Ctrl+Shift+V
Format Ctrl+Shift+F
Undo Ctrl+Z
Redo Ctrl+Shift+Z

Validation Rules

The editor validates:

  1. Syntax: Valid Cedar grammar
  2. Entity types: Principal, Action, Resource types match the Lucid schema
  3. Claim references: context.claims.* paths match known auditor vocabulary
  4. Type safety: Operators match claim value types (no > 0.8 on a boolean claim)

Scope Selector

All three modes include a scope selector at the top of the editor:

Scope What It Affects Who Can Edit
Organization All workspaces and agents in the org Org admins
Workspace All agents in the workspace Workspace admins
Agent Single agent Agent owners

The editor shows the effective policy (merged from all scopes) with visual indicators for inherited vs direct rules. Inherited rules from higher scopes are displayed as read-only with a lock icon.

Policy Preview

Before saving, the editor provides a preview panel showing:

  • Effective policy: The merged Cedar output
  • Test results: Evaluate the policy against sample claims
  • Diff view: Changes compared to the currently deployed policy
  • Compliance map: Which regulatory controls are covered

Deployment

Click Save & Deploy to push the policy to the Gateway. The Gateway picks up new policies on its next refresh interval (default: 60 seconds). No auditor restarts required.

Workflow

A typical policy authoring workflow:

  1. Start in IFTTT mode to capture business requirements as simple rules
  2. Switch to Visual mode to compose multi-claim conditions
  3. Switch to Cedar mode to add annotations, scoping, and advanced logic
  4. Use Preview to test against sample data
  5. Deploy with Save & Deploy
  6. Monitor in the Observer dashboard to verify behavior

All three modes stay in sync throughout this process.