🛡️ title: 'Policy Builder Code Assist with PIP Intelligence' description: 'Use Smart Control Core Agent inside Policy Builder Code Editor for PBAC and PIP-aware Rego authoring.'

🛡️ Policy Builder Code Assist with PIP Intelligence

This guide explains how to use Smart Control Core Agent (SCCA) as an in-editor copilot while authoring Rego policies in the Policy Builder Code Editor.

📌 What this feature does

• Auto-activates SCCA when you are in Controls -> Policy Builder -> Code Editor.
• Uses sanitized editor context (resource, bouncer, effect, rego excerpt, environment).
• Interprets natural language PBAC intent:
  • principal (user/agent/service identity)
  • subject/resource scope
  • action controls
  • PIP context signals (risk, device, location, department, MFA, time)
• Returns explainable guidance in What / Where / Risk / Next Step format.

📌 Prerequisites

• Smart Control Core Agent is enabled in Settings -> Smart Control Core.
• LLM provider is configured and reachable (training/development provider or customer production provider).
• At least one resource and bouncer are available in Control Plane.
• For stronger results, configure Data Sources (PIP) mappings for policy attributes.

📌 How to use

1. Open Controls and start a new or existing policy.
2. Go to Code Editor tab.
3. Open SCCA (auto-available in this mode; use Cmd/Ctrl + K if needed).
4. Ask in plain language, for example:
   • Add principal constraints for contractors and service accounts.
   • Allow read action only when risk score is low and MFA is true.
   • Use PIP department and device trust to gate approval actions.
5. Review response cards and snippet guidance.
6. Apply edits manually in editor, then validate and test in simulator.

📌 Response model

SCCA responses are designed for non-technical policy managers:

• What: Code patch/snippet intent in plain language.
• Where: Resource + bouncer + code editor scope.
• Risk: What remains unchanged and what needs confirmation.
• Next Step: Concrete action (insert snippet, validate, run simulator).

📌 PIP intelligence behavior

• If mapped attributes exist, SCCA references them in guidance.
• If required signals are missing, SCCA suggests what to map next.
• SCCA never injects raw PII values into generated guidance.

🤖 Safety and guardrails

• Code assist is non-mutating by default.
• Save/activate/promote actions still require explicit human confirmation.
• Confirmation payloads remain server-signed for multi-turn safety.

🛠️ Troubleshooting

📌 Related

• Control Core AI Pilot: AI Governance and Use
• AI Pilot Troubleshooting
• PIP Management - Administrator Guide

🛡️ title: "Policy Builder Code Assist" description: "Use Smart Control Core Agent inside Policy Builder Code Editor for PBAC and PIP-aware Rego authoring."

🛡️ Policy Builder Code Assist (PBAC + PIP)

This guide explains how to use Smart Control Core Agent (SCCA) as an in-editor copilot while writing Rego in Policy Builder → Code Editor.

SCCA is optimized for plain-language instructions and translates intent into policy code guidance based on:

• PBAC dimensions: principal, subject/resource, action
• Connected PIP metadata and mapped attributes
• Existing policy draft context in the editor

📌 What this feature does

• Auto-activates SCCA availability when Code Editor mode is active.
• Accepts natural-language instructions for Rego authoring and refactoring.
• Suggests PIP-aware constraints and flags missing attribute mappings.
• Keeps human-in-the-loop safety: no auto-save, no auto-activate.

📌 Dependencies

• Control Plane components: control-plane-ui and control-plane-api
• Smart CC enabled in Settings → Smart Control Core
• Reachable configured model provider (Groq/OpenAI/Azure/etc.)
• Active protected resources + active bouncers
• PIP data sources configured and attribute mappings created
• Rego validation endpoint available (/policies/validate-rego)

🏗️ Recommended workflow

1. Open Controls and launch a draft in Policy Builder.
2. Switch to Code Editor tab.
3. Open SCCA (auto-available in this mode).
4. Give natural-language instructions using PBAC format:
   • Principal: who requests
   • Resource: what is protected
   • Action: what operation is controlled
   • Context: which PIP signals should gate decision
5. Apply returned snippet/patch guidance in the editor.
6. Validate Rego, run conflict/readiness checks, then test in Control Simulator.
7. Save/activate only after human review.

📌 Prompt examples

• “Add principal checks for service accounts and deny unknown agents.”
• “Restrict delete action for non-admin users on payment resources.”
• “Use PIP user.department and context.risk_score before allow.”
• “Refactor to Regal-friendly style and show missing attributes I should map.”

📌 Expected response shape

Each code-assist response should include:

• What / Where / Risk / Next Step cards
• Rego snippet or patch direction
• PIP dependency notes:
  • attributes used
  • missing signals to map
• Plain-language rationale for policy maintainers

📌 Safety and operating model

• Code assist is advisory, not mutating.
• Draft persistence and lifecycle changes remain explicit user actions.
• Context sent to Smart CC is sanitized; avoid placing raw secrets in prompts.

🛠️ Troubleshooting

📌 Related

• Control Core AI Pilot Guide
• AI Pilot Troubleshooting
• PIP Admin Guide
• PBAC Best Practices