# ADR-003: Policy Engine Model (ABAC)

## Status

Accepted.

## Context

Resolution must respect tenant scope and allow/deny rules using an attribute-based model.

## Decision

### Model

- Policies are stored per tenant with rule_json (ABAC attributes), effect (allow/deny), and priority.
- Tenant is enforced by restricting resolution to that tenant when request.tenant is set.

### MVP Rule Shape

- Deny: rule_json.participantId or rule_json.participantIds — exclude those participants.
- Allow (restrictive): if any allow policy exists, rule_json.participantId/participantIds — only include those participants.

### Ordering

- Deny applied first; then allow restriction. Policies loaded by tenant and ordered by priority.

## Consequences

- Simple allow/deny by participant supported; ABAC can be extended via rule_json and filter logic.