From 7e9a00ee30895f852c2b0410258b1b39de8694d3 Mon Sep 17 00:00:00 2001 From: Mary Dickson Date: Wed, 22 Apr 2026 10:35:19 -0700 Subject: [PATCH 1/8] fix(docs): Go setup compilability and manual EntityIdentifier example Add `_, _ = client, context.Background()` to Go setup blocks so they compile without unused variable/import errors. Add "Without helpers" collapsible section to Go EntityIdentifier tab matching Java and JS. Co-Authored-By: Claude Opus 4.6 (1M context) --- docs/sdks/authorization.mdx | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/docs/sdks/authorization.mdx b/docs/sdks/authorization.mdx index 72640fb5..4c230952 100644 --- a/docs/sdks/authorization.mdx +++ b/docs/sdks/authorization.mdx @@ -137,6 +137,36 @@ req := &authorizationv2.GetDecisionRequest{ +
+Without helpers (manual proto construction) + +```go +import ( + "github.com/opentdf/platform/protocol/go/entity" + authorizationv2 "github.com/opentdf/platform/protocol/go/authorization/v2" +) + +req := &authorizationv2.GetDecisionRequest{ + EntityIdentifier: &authorizationv2.EntityIdentifier{ + Identifier: &authorizationv2.EntityIdentifier_EntityChain{ + EntityChain: &entity.EntityChain{ + Entities: []*entity.Entity{ + { + EntityType: &entity.Entity_EmailAddress{EmailAddress: "alice@example.com"}, + // or &entity.Entity_ClientId{ClientId: "..."} + // or &entity.Entity_UserName{UserName: "..."} + Category: entity.Entity_CATEGORY_SUBJECT, + }, + }, + }, + }, + }, + // ... +} +``` + +
+ From 08c0d186d392b36ccf10ed987ca51a4943ac4264 Mon Sep 17 00:00:00 2001 From: Mary Dickson Date: Tue, 21 Apr 2026 08:45:14 -0700 Subject: [PATCH 2/8] chore(docs): add Resource constructor helpers and update examples Document the new Resource helper functions (ForAttributeValues, ForRegisteredResourceValueFqn) for Go, Java, and JavaScript SDKs. Update GetDecision examples to use the helpers instead of verbose manual proto construction. Co-Authored-By: Claude Opus 4.6 (1M context) Signed-off-by: Mary Dickson --- docs/sdks/authorization.mdx | 226 +++++++++++++++++++++++++++--------- 1 file changed, 171 insertions(+), 55 deletions(-) diff --git a/docs/sdks/authorization.mdx b/docs/sdks/authorization.mdx index 4c230952..0aa20a92 100644 --- a/docs/sdks/authorization.mdx +++ b/docs/sdks/authorization.mdx @@ -270,6 +270,134 @@ const response = await platform.v2.authorization.getDecision({ - **Claims** are used by the Entity Resolution Service (ERS) for custom claim-based entity resolution. - **Registered Resource** identifies an entity by a [registered resource](/components/policy/registered_resources) value FQN stored in platform policy, where the resource acts as a single entity for authorization decisions. +### Resource + +A `Resource` identifies the data being accessed in [GetDecision](#getdecision) and [GetDecisionBulk](#getdecisionbulk) calls. It can be specified as a set of attribute value FQNs (most common — e.g. the attributes on a TDF) or as a [registered resource](/components/policy/registered_resources) value FQN stored in platform policy. + + + + +| Helper | Description | +|--------|-------------| +| `authorizationv2.ForAttributeValues(fqns...)` | Resource from attribute value FQNs (e.g. those on a TDF) | +| `authorizationv2.ForRegisteredResourceValueFqn(fqn)` | Resource from a registered resource value FQN in policy | + +```go +import authorizationv2 "github.com/opentdf/platform/protocol/go/authorization/v2" + +req := &authorizationv2.GetDecisionRequest{ + Resource: authorizationv2.ForAttributeValues( + "https://example.com/attr/classification/value/confidential", + "https://example.com/attr/department/value/finance", + ), + // ... +} +``` + +
+Without helpers (manual proto construction) + +```go +&authorizationv2.Resource{ + Resource: &authorizationv2.Resource_AttributeValues_{ + AttributeValues: &authorizationv2.Resource_AttributeValues{ + Fqns: []string{ + "https://example.com/attr/classification/value/confidential", + "https://example.com/attr/department/value/finance", + }, + }, + }, +} +``` + +
+ + + + +| Helper | Description | +|--------|-------------| +| `Resources.forAttributeValues(fqns...)` | Resource from attribute value FQNs (e.g. those on a TDF) | +| `Resources.forRegisteredResourceValueFqn(fqn)` | Resource from a registered resource value FQN in policy | + +```java +import io.opentdf.platform.sdk.Resources; + +GetDecisionRequest request = GetDecisionRequest.newBuilder() + .setResource(Resources.forAttributeValues( + "https://example.com/attr/classification/value/confidential", + "https://example.com/attr/department/value/finance")) + // ... + .build(); +``` + +
+Without helpers (manual proto construction) + +```java +Resource.newBuilder() + .setAttributeValues( + Resource.AttributeValues.newBuilder() + .addFqns("https://example.com/attr/classification/value/confidential") + .addFqns("https://example.com/attr/department/value/finance")) + .build() +``` + +
+ + + + +| Helper | Description | +|--------|-------------| +| `Resources.forAttributeValues(...fqns)` | Resource from attribute value FQNs (e.g. those on a TDF) | +| `Resources.forRegisteredResourceValueFqn(fqn)` | Resource from a registered resource value FQN in policy | + +```typescript +import { Resources } from '@opentdf/sdk'; + +const response = await platformClient.v2.authorization.getDecision({ + resource: Resources.forAttributeValues( + 'https://example.com/attr/classification/value/confidential', + 'https://example.com/attr/department/value/finance', + ), + // ... +}); +``` + +
+Without helpers (manual object construction) + +```typescript +{ + resource: { + case: 'attributeValues', + value: { + fqns: [ + 'https://example.com/attr/classification/value/confidential', + 'https://example.com/attr/department/value/finance', + ], + }, + }, +} +``` + +
+ + + + +**Resource variants:** + +| Variant | Go | Java | JavaScript | +|---------|-----|------|------------| +| Attribute values | `ForAttributeValues(fqns...)` | `Resources.forAttributeValues(fqns...)` | `Resources.forAttributeValues(...fqns)` | +| Registered resource | `ForRegisteredResourceValueFqn(fqn)` | `Resources.forRegisteredResourceValueFqn(fqn)` | `Resources.forRegisteredResourceValueFqn(fqn)` | + +:::note +The helpers do not set `ephemeralId`. For [GetDecisionBulk](#getdecisionbulk) where you need to correlate requests with responses, set `ephemeralId` separately after construction or use manual construction. +::: + --- ## GetEntitlements @@ -499,7 +627,7 @@ await platform.v2.authorization.getDecision({ ... }) |-----------|------|----------|-------------| | `entityIdentifier` | `EntityIdentifier` | Yes | The entity requesting access. Use [helpers](#entityidentifier) like `ForEmail(...)` (Go) or `EntityIdentifiers.forEmail(...)` (Java/JS). | | `action` | `Action` | Yes | The action being performed (e.g., `decrypt`, `read`). | -| `resource` | `Resource` | Yes | The resource being accessed, identified by attribute value FQNs. | +| `resource` | `Resource` | Yes | The resource being accessed. Use [helpers](#resource) like `ForAttributeValues(...)` (Go) or `Resources.forAttributeValues(...)` (Java/JS). | **Example** @@ -517,16 +645,10 @@ decisionReq := &authorizationv2.GetDecisionRequest{ Action: &policy.Action{ Name: "decrypt", }, - Resource: &authorizationv2.Resource{ - Resource: &authorizationv2.Resource_AttributeValues_{ - AttributeValues: &authorizationv2.Resource_AttributeValues{ - Fqns: []string{ - "https://company.com/attr/clearance/value/confidential", - "https://company.com/attr/department/value/finance", - }, - }, - }, - }, + Resource: authorizationv2.ForAttributeValues( + "https://company.com/attr/clearance/value/confidential", + "https://company.com/attr/department/value/finance", + ), } decision, err := client.AuthorizationV2.GetDecision( @@ -559,13 +681,9 @@ import ( decisionReq := &authorizationv2.GetDecisionRequest{ EntityIdentifier: authorizationv2.ForToken(jwtToken), Action: &policy.Action{Name: "decrypt"}, - Resource: &authorizationv2.Resource{ - Resource: &authorizationv2.Resource_AttributeValues_{ - AttributeValues: &authorizationv2.Resource_AttributeValues{ - Fqns: []string{"https://company.com/attr/clearance/value/public"}, - }, - }, - }, + Resource: authorizationv2.ForAttributeValues( + "https://company.com/attr/clearance/value/public", + ), } decision, err := client.AuthorizationV2.GetDecision( @@ -634,6 +752,7 @@ for _, dr := range decisionResponse.GetDecisionResponses() { ```java import io.opentdf.platform.sdk.EntityIdentifiers; +import io.opentdf.platform.sdk.Resources; GetDecisionRequest request = GetDecisionRequest.newBuilder() .setEntityIdentifier(EntityIdentifiers.forEmail("user@company.com")) @@ -641,14 +760,9 @@ GetDecisionRequest request = GetDecisionRequest.newBuilder() Action.newBuilder() .setName("decrypt") ) - .setResource( - Resource.newBuilder() - .setAttributeValues( - Resource.AttributeValues.newBuilder() - .addFqns("https://company.com/attr/clearance/value/confidential") - .addFqns("https://company.com/attr/department/value/finance") - ) - ) + .setResource(Resources.forAttributeValues( + "https://company.com/attr/clearance/value/confidential", + "https://company.com/attr/department/value/finance")) .build(); GetDecisionResponse resp = sdk.getServices() @@ -671,23 +785,16 @@ if (decision.getDecision() == Decision.DECISION_PERMIT) { ```typescript -import { EntityIdentifiers } from '@opentdf/sdk'; +import { EntityIdentifiers, Resources } from '@opentdf/sdk'; import { Decision } from '@opentdf/sdk/platform/authorization/v2/authorization_pb.js'; const response = await platform.v2.authorization.getDecision({ entityIdentifier: EntityIdentifiers.forEmail('user@company.com'), action: { name: 'decrypt' }, - resource: { - resource: { - case: 'attributeValues', - value: { - fqns: [ - 'https://company.com/attr/clearance/value/confidential', - 'https://company.com/attr/department/value/finance', - ], - }, - }, - }, + resource: Resources.forAttributeValues( + 'https://company.com/attr/clearance/value/confidential', + 'https://company.com/attr/department/value/finance', + ), }); const decision = response.decision; @@ -992,29 +1099,38 @@ Identifies the data being accessed. A resource can be specified in two ways: | `attributeValues.fqns` | `[]string` | Attribute value FQNs on the resource (1–20). Use this for TDF payloads or any resource identified by attribute values. | | `registeredResourceValueFqn` | `string` (URI) | A [registered resource](/components/policy/registered_resources) value FQN stored in platform policy. Alternative to `attributeValues`. | +Use the [Resource helpers](#resource) for concise construction: + + + + ```go -// Go -&authorizationv2.Resource{ - EphemeralId: "resource-1", - Resource: &authorizationv2.Resource_AttributeValues_{ - AttributeValues: &authorizationv2.Resource_AttributeValues{ - Fqns: []string{"https://example.com/attr/classification/value/secret"}, - }, - }, -} +// With helpers +authorizationv2.ForAttributeValues("https://example.com/attr/classification/value/secret") +authorizationv2.ForRegisteredResourceValueFqn("https://example.com/registered/value/my-resource") +``` + + + + +```java +// With helpers +Resources.forAttributeValues("https://example.com/attr/classification/value/secret") +Resources.forRegisteredResourceValueFqn("https://example.com/registered/value/my-resource") ``` + + + ```typescript -// JavaScript -{ - ephemeralId: 'resource-1', - resource: { - case: 'attributeValues', - value: { fqns: ['https://example.com/attr/classification/value/secret'] }, - }, -} +// With helpers +Resources.forAttributeValues('https://example.com/attr/classification/value/secret') +Resources.forRegisteredResourceValueFqn('https://example.com/registered/value/my-resource') ``` + + + ### EntityEntitlements Returned by [GetEntitlements](#getentitlements). One per entity, mapping attribute value FQNs to the actions that entity can perform. From 45ae9d5827feab7ac01aacd59e7ebe32a3a027f3 Mon Sep 17 00:00:00 2001 From: Mary Dickson Date: Tue, 21 Apr 2026 10:25:02 -0700 Subject: [PATCH 3/8] chore(docs): address review feedback on Resource helpers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Fix Java varargs notation in helper tables (fqns... → String... fqns) - Add authorizationv2 package prefix to Go entries in summary table - Clarify ephemeralId note for Java's immutable protos (.toBuilder()) - Update code_samples/authorization/get_decision.mdx to use helpers Co-Authored-By: Claude Opus 4.6 (1M context) Signed-off-by: Mary Dickson --- code_samples/authorization/get_decision.mdx | 68 +++++---------------- docs/sdks/authorization.mdx | 10 +-- 2 files changed, 19 insertions(+), 59 deletions(-) diff --git a/code_samples/authorization/get_decision.mdx b/code_samples/authorization/get_decision.mdx index 04276737..0475f6b3 100644 --- a/code_samples/authorization/get_decision.mdx +++ b/code_samples/authorization/get_decision.mdx @@ -34,19 +34,16 @@ func main() { // Get Decision using v2 API // Convenience constructors live in the authorization/v2 package: - // ForClientID, ForEmail, ForUserName, ForToken, WithRequestToken + // Entity: ForClientID, ForEmail, ForUserName, ForToken, WithRequestToken + // Resource: ForAttributeValues, ForRegisteredResourceValueFqn decisionReq := &authorization.GetDecisionRequest{ EntityIdentifier: authorization.ForClientID("opentdf"), Action: &policy.Action{ Name: "decrypt", }, - Resource: &authorization.Resource{ - Resource: &authorization.Resource_AttributeValues_{ - AttributeValues: &authorization.Resource_AttributeValues{ - Fqns: []string{"https://opentdf.io/attr/role/value/developer"}, - }, - }, - }, + Resource: authorization.ForAttributeValues( + "https://opentdf.io/attr/role/value/developer", + ), } decision, err := client.AuthorizationV2.GetDecision(context.Background(), decisionReq) @@ -141,7 +138,6 @@ import io.opentdf.platform.sdk.*; import java.util.concurrent.ExecutionException; import io.opentdf.platform.authorization.*; -import io.opentdf.platform.entity.*; import io.opentdf.platform.policy.*; public class GetDecision { @@ -158,28 +154,13 @@ public class GetDecision { // Get Decision using v2 API GetDecisionRequest request = GetDecisionRequest.newBuilder() - .setEntityIdentifier( - EntityIdentifier.newBuilder() - .setEntityChain( - EntityChain.newBuilder() - .addEntities( - Entity.newBuilder() - .setId("entity-1") - .setClientId("opentdf") - ) - ) - ) + .setEntityIdentifier(EntityIdentifiers.forClientId("opentdf")) .setAction( Action.newBuilder() .setName("decrypt") ) - .setResource( - Resource.newBuilder() - .setAttributeValues( - Resource.AttributeValues.newBuilder() - .addFqns("https://opentdf.io/attr/role/value/developer") - ) - ) + .setResource(Resources.forAttributeValues( + "https://opentdf.io/attr/role/value/developer")) .build(); GetDecisionResponse resp = sdk.getServices().authorization().getDecision(request).get(); @@ -202,6 +183,7 @@ public class GetDecision { import { Decision, } from "@opentdf/sdk/platform/authorization/v2/authorization_pb.js"; +import { EntityIdentifiers, Resources } from "@opentdf/sdk"; import { platformConnect, PlatformClient } from "@opentdf/sdk/platform"; async function main() { @@ -223,33 +205,11 @@ async function main() { // Get Decision using v2 API try { const response = await platformClient.v2.authorization.getDecision({ - entityIdentifier: { - identifier: { - case: "entityChain", - value: { - entities: [ - { - ephemeralId: "entity-1", - entityType: { - case: "clientId", - value: "opentdf", - }, - }, - ], - }, - }, - }, - action: { - name: "decrypt", - }, - resource: { - resource: { - case: "attributeValues", - value: { - fqns: ["https://opentdf.io/attr/role/value/developer"], - }, - }, - }, + entityIdentifier: EntityIdentifiers.forClientId("opentdf"), + action: { name: "decrypt" }, + resource: Resources.forAttributeValues( + "https://opentdf.io/attr/role/value/developer", + ), }); const decision = response.decision; diff --git a/docs/sdks/authorization.mdx b/docs/sdks/authorization.mdx index 0aa20a92..eb43df6b 100644 --- a/docs/sdks/authorization.mdx +++ b/docs/sdks/authorization.mdx @@ -317,8 +317,8 @@ req := &authorizationv2.GetDecisionRequest{ | Helper | Description | |--------|-------------| -| `Resources.forAttributeValues(fqns...)` | Resource from attribute value FQNs (e.g. those on a TDF) | -| `Resources.forRegisteredResourceValueFqn(fqn)` | Resource from a registered resource value FQN in policy | +| `Resources.forAttributeValues(String... fqns)` | Resource from attribute value FQNs (e.g. those on a TDF) | +| `Resources.forRegisteredResourceValueFqn(String fqn)` | Resource from a registered resource value FQN in policy | ```java import io.opentdf.platform.sdk.Resources; @@ -391,11 +391,11 @@ const response = await platformClient.v2.authorization.getDecision({ | Variant | Go | Java | JavaScript | |---------|-----|------|------------| -| Attribute values | `ForAttributeValues(fqns...)` | `Resources.forAttributeValues(fqns...)` | `Resources.forAttributeValues(...fqns)` | -| Registered resource | `ForRegisteredResourceValueFqn(fqn)` | `Resources.forRegisteredResourceValueFqn(fqn)` | `Resources.forRegisteredResourceValueFqn(fqn)` | +| Attribute values | `authorizationv2.ForAttributeValues(fqns...)` | `Resources.forAttributeValues(String... fqns)` | `Resources.forAttributeValues(...fqns)` | +| Registered resource | `authorizationv2.ForRegisteredResourceValueFqn(fqn)` | `Resources.forRegisteredResourceValueFqn(fqn)` | `Resources.forRegisteredResourceValueFqn(fqn)` | :::note -The helpers do not set `ephemeralId`. For [GetDecisionBulk](#getdecisionbulk) where you need to correlate requests with responses, set `ephemeralId` separately after construction or use manual construction. +The helpers do not set `ephemeralId`. For [GetDecisionBulk](#getdecisionbulk) where you need to correlate requests with responses, set `ephemeralId` separately after construction (in Go, assign the field directly; in Java, use `.toBuilder().setEphemeralId(...).build()`) or use manual construction. ::: --- From af074e28e32fae44d26496c5e0ce427ad28721c7 Mon Sep 17 00:00:00 2001 From: Mary Dickson Date: Wed, 22 Apr 2026 11:17:56 -0700 Subject: [PATCH 4/8] chore(docs): add SdkVersion annotations to Resource helpers Go SDK v0.17.0, Java SDK v0.14.0, JS SDK v0.15.0. Co-Authored-By: Claude Opus 4.6 (1M context) --- docs/sdks/authorization.mdx | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/sdks/authorization.mdx b/docs/sdks/authorization.mdx index eb43df6b..36e39188 100644 --- a/docs/sdks/authorization.mdx +++ b/docs/sdks/authorization.mdx @@ -277,6 +277,8 @@ A `Resource` identifies the data being accessed in [GetDecision](#getdecision) a + + | Helper | Description | |--------|-------------| | `authorizationv2.ForAttributeValues(fqns...)` | Resource from attribute value FQNs (e.g. those on a TDF) | @@ -315,6 +317,8 @@ req := &authorizationv2.GetDecisionRequest{ + + | Helper | Description | |--------|-------------| | `Resources.forAttributeValues(String... fqns)` | Resource from attribute value FQNs (e.g. those on a TDF) | @@ -348,6 +352,8 @@ Resource.newBuilder() + + | Helper | Description | |--------|-------------| | `Resources.forAttributeValues(...fqns)` | Resource from attribute value FQNs (e.g. those on a TDF) | From c15945a3de2570bf160e1039786f7c5e1d612a31 Mon Sep 17 00:00:00 2001 From: Mary Dickson Date: Wed, 22 Apr 2026 13:41:58 -0700 Subject: [PATCH 5/8] chore(docs): add TDFObject type reference and link from CreateTDF Returns Co-Authored-By: Claude Opus 4.6 (1M context) --- docs/sdks/tdf.mdx | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/docs/sdks/tdf.mdx b/docs/sdks/tdf.mdx index 0364aa94..e939e884 100644 --- a/docs/sdks/tdf.mdx +++ b/docs/sdks/tdf.mdx @@ -280,7 +280,7 @@ See [Encrypt Options](#encrypt-options) for the full list of configuration optio -`(*TDFObject, error)` — On success, a `TDFObject` with a `.Manifest()` method returning the [Manifest](#manifest-object) and a `.Size()` method returning the encrypted byte count. Returns a non-nil `error` on failure. +[`(*TDFObject, error)`](#tdfobject) — On success, a `TDFObject` with a `.Manifest()` method returning the [Manifest](#manifest-object) and a `.Size()` method returning the encrypted byte count. Returns a non-nil `error` on failure. @@ -1269,6 +1269,23 @@ See the [Encrypt Options](#encrypt-options) and [Decrypt Options](#decrypt-optio The following types are returned by or passed to the methods above. +### TDFObject + +**Go only.** Returned by [`CreateTDF`](#createtdf). Contains the manifest and size of the encrypted TDF. + +**Methods** + +| Method | Return type | Description | +|--------|-------------|-------------| +| `Manifest()` | [`Manifest`](#manifest-object) | The TDF manifest, including encryption info, key access objects, and assertions. | +| `Size()` | `int64` | Total byte count of the encrypted TDF written to the output. | + +:::note +Java's `CreateTDF` returns a [`Manifest`](#manifest-object) directly. JavaScript's returns a `DecoratedStream`. +::: + +--- + ### KASInfo `KASInfo` is the input type passed to `WithKasInformation` (Go) or used to build a `Config.KASInfo` (Java). It identifies a KAS endpoint and the key configuration to use when wrapping the data encryption key. From e1f2f90381985a0bce7b8e41d38ce44ae991a69b Mon Sep 17 00:00:00 2001 From: Mary Dickson Date: Wed, 22 Apr 2026 14:08:30 -0700 Subject: [PATCH 6/8] chore(docs): link EntityIdentifier and Resource types in parameter tables Co-Authored-By: Claude Opus 4.6 (1M context) --- docs/sdks/authorization.mdx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/sdks/authorization.mdx b/docs/sdks/authorization.mdx index 36e39188..e4e7f183 100644 --- a/docs/sdks/authorization.mdx +++ b/docs/sdks/authorization.mdx @@ -440,7 +440,7 @@ await platform.v2.authorization.getEntitlements({ ... }) | Parameter | Type | Required | Description | |-----------|------|----------|-------------| -| `entityIdentifier` | `EntityIdentifier` | Yes | The entity to query. Use [helpers](#entityidentifier) like `ForEmail(...)` (Go) or `EntityIdentifiers.forEmail(...)` (Java/JS). | +| `entityIdentifier` | [`EntityIdentifier`](#entityidentifier) | Yes | The entity to query. Use [helpers](#entityidentifier) like `ForEmail(...)` (Go) or `EntityIdentifiers.forEmail(...)` (Java/JS). | | `withComprehensiveHierarchy` | `bool` | No | When true, returns all entitled values for attributes with hierarchy rules, propagating down from the entitled value. | **Example** @@ -631,9 +631,9 @@ await platform.v2.authorization.getDecision({ ... }) | Parameter | Type | Required | Description | |-----------|------|----------|-------------| -| `entityIdentifier` | `EntityIdentifier` | Yes | The entity requesting access. Use [helpers](#entityidentifier) like `ForEmail(...)` (Go) or `EntityIdentifiers.forEmail(...)` (Java/JS). | +| `entityIdentifier` | [`EntityIdentifier`](#entityidentifier) | Yes | The entity requesting access. Use [helpers](#entityidentifier) like `ForEmail(...)` (Go) or `EntityIdentifiers.forEmail(...)` (Java/JS). | | `action` | `Action` | Yes | The action being performed (e.g., `decrypt`, `read`). | -| `resource` | `Resource` | Yes | The resource being accessed. Use [helpers](#resource) like `ForAttributeValues(...)` (Go) or `Resources.forAttributeValues(...)` (Java/JS). | +| `resource` | [`Resource`](#resource) | Yes | The resource being accessed. Use [helpers](#resource) like `ForAttributeValues(...)` (Go) or `Resources.forAttributeValues(...)` (Java/JS). | **Example** @@ -863,9 +863,9 @@ Each `GetDecisionMultiResourceRequest` contains: | Field | Type | Required | Description | |-------|------|----------|-------------| -| `entityIdentifier` | `EntityIdentifier` | Yes | The entity requesting access. | +| `entityIdentifier` | [`EntityIdentifier`](#entityidentifier) | Yes | The entity requesting access. | | `action` | `Action` | Yes | The action being performed. | -| `resources` | `[]Resource` | Yes | Resources to evaluate, each with an `ephemeralId` for correlation. | +| `resources` | [`[]Resource`](#resource) | Yes | Resources to evaluate, each with an `ephemeralId` for correlation. | **Example** From a6c255be54a35f40b693506228d4eda7cc7bb2c2 Mon Sep 17 00:00:00 2001 From: Mary Dickson Date: Wed, 22 Apr 2026 15:50:55 -0700 Subject: [PATCH 7/8] fix(docs): define ctx in Go setup blocks instead of blank assignment Replace `_, _ = client, context.Background()` with `ctx := context.Background()` so the setup block defines the `ctx` variable used by all subsequent Go snippets. Co-Authored-By: Claude Opus 4.6 (1M context) --- docs/sdks/authorization.mdx | 4 ++-- docs/sdks/discovery.mdx | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sdks/authorization.mdx b/docs/sdks/authorization.mdx index e4e7f183..3d0649a4 100644 --- a/docs/sdks/authorization.mdx +++ b/docs/sdks/authorization.mdx @@ -37,8 +37,8 @@ func main() { log.Fatal(err) } - // All Go snippets below use `client` and `context.Background()`. - _, _ = client, context.Background() + // All Go snippets below use `client` and `ctx`. + ctx := context.Background() } ``` diff --git a/docs/sdks/discovery.mdx b/docs/sdks/discovery.mdx index f47ed8bd..faeb532e 100644 --- a/docs/sdks/discovery.mdx +++ b/docs/sdks/discovery.mdx @@ -39,8 +39,8 @@ func main() { log.Fatal(err) } - // All Go snippets below use `client` and `context.Background()`. - _, _ = client, context.Background() + // All Go snippets below use `client` and `ctx`. + ctx := context.Background() } ``` From 4634556d79789857fbf82a8e6ad73edd81364a99 Mon Sep 17 00:00:00 2001 From: Mary Dickson Date: Fri, 24 Apr 2026 08:03:51 -0700 Subject: [PATCH 8/8] chore(docs): fix duplicate details block, client variable, and type overview - Remove duplicate "Without helpers" details block in Go EntityIdentifier section - Fix JS Resource example to use `platform` instead of `platformClient` - Add TDFObject to Type Reference overview in tdf.mdx Co-Authored-By: Claude Opus 4.6 (1M context) --- docs/sdks/authorization.mdx | 32 +------------------------------- docs/sdks/tdf.mdx | 2 +- 2 files changed, 2 insertions(+), 32 deletions(-) diff --git a/docs/sdks/authorization.mdx b/docs/sdks/authorization.mdx index 3d0649a4..0b600d36 100644 --- a/docs/sdks/authorization.mdx +++ b/docs/sdks/authorization.mdx @@ -137,36 +137,6 @@ req := &authorizationv2.GetDecisionRequest{ -
-Without helpers (manual proto construction) - -```go -import ( - "github.com/opentdf/platform/protocol/go/entity" - authorizationv2 "github.com/opentdf/platform/protocol/go/authorization/v2" -) - -req := &authorizationv2.GetDecisionRequest{ - EntityIdentifier: &authorizationv2.EntityIdentifier{ - Identifier: &authorizationv2.EntityIdentifier_EntityChain{ - EntityChain: &entity.EntityChain{ - Entities: []*entity.Entity{ - { - EntityType: &entity.Entity_EmailAddress{EmailAddress: "alice@example.com"}, - // or &entity.Entity_ClientId{ClientId: "..."} - // or &entity.Entity_UserName{UserName: "..."} - Category: entity.Entity_CATEGORY_SUBJECT, - }, - }, - }, - }, - }, - // ... -} -``` - -
- @@ -362,7 +332,7 @@ Resource.newBuilder() ```typescript import { Resources } from '@opentdf/sdk'; -const response = await platformClient.v2.authorization.getDecision({ +const response = await platform.v2.authorization.getDecision({ resource: Resources.forAttributeValues( 'https://example.com/attr/classification/value/confidential', 'https://example.com/attr/department/value/finance', diff --git a/docs/sdks/tdf.mdx b/docs/sdks/tdf.mdx index e939e884..592be43e 100644 --- a/docs/sdks/tdf.mdx +++ b/docs/sdks/tdf.mdx @@ -25,7 +25,7 @@ This page covers the core TDF operations: - **[Decrypt Options](#decrypt-options)** — full option reference for `LoadTDF` - **[Assertions](#assertions)** — signed metadata: types, scopes, signing, and verification - **[Session Encryption](#session-encryption)** — provide your own RSA key for KAS response encryption -- **[Type Reference](#type-reference)** — `KASInfo`, `PolicyObject`, `Manifest`, `AssertionConfig` +- **[Type Reference](#type-reference)** — `TDFObject`, `KASInfo`, `PolicyObject`, `Manifest`, `AssertionConfig` - **[Experimental: Streaming Writer](#experimental-streaming-writer)** — segment-based API for large files and out-of-order assembly ---