W-23392787 docs: add third-party provider governance experience topics#499
Open
luanamulesoft wants to merge 22 commits into
Open
W-23392787 docs: add third-party provider governance experience topics#499luanamulesoft wants to merge 22 commits into
luanamulesoft wants to merge 22 commits into
Conversation
Add six new experience topics for third-party API provider governance: - exp-governance-setup-third-party-providers.adoc: Connect to Provider wizard with connection setup, scanner auto-creation, API discovery, and Akamai correlation policy auto-application - exp-governance-govern-third-party-apis.adoc: End-to-end workflow for connecting providers, verifying discovered APIs, creating governance strategies with Gateway/Provider filter, monitoring conformance, and exporting reports - exp-governance-policy-library-apply.adoc: Policy Library wizard with policy categories (Universal, Access and Security, Performance and Cost, Data Privacy and Integrity, Compliance and Observability) and targeted/supplemental application workflow - exp-governance-create-profiles-gateway-provider-filter.adoc: Gateway/Provider filter for governance scope, with provider selection and All Runtimes option - exp-governance-monitor-cross-gateway-conformance.adoc: Cross-gateway conformance monitoring with provider/gateway column filtering and Read-Only policy status indicator - exp-governance-cross-gateway-policy-audit-export.adoc: CSV export for SOC 2 / GDPR compliance audits with full schema including Organization ID, API ID, Gateway/Provider, Applied policies, Policy Application Status, Conformance status, and Timestamp Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add exp-governance-third-party-policy-drift.adoc to document policy drift detection and remediation for third-party API gateway instances (Kong, Apigee, AWS API Gateway, and Akamai). Content includes: - What policy drift is and common causes (manual gateway changes, credential issues, policy application failures) - How to detect drift via conformance dashboard with drift indicators (Missing Policy, Extra Policy, Configuration Mismatch) - Remediation workflow using Policy Library to apply or update policies - Updating scanner credentials to enable write access and programmatic policy application - Monitoring policy drift over time with CSV exports and trend analysis - Best practices to prevent drift (restrict gateway access, document governance-managed policies, use write-enabled credentials) This topic provides the linkable target for docs-api-governance-documentation repo's "Find Policy Drift on Third-Party API Instances" section. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Restructure the third-party provider governance topics so they match what ships in the code and the Jul 16 Policy Read GA scope: - Remove the policy-drift topic (not in code or PRD scope) - Comment out policy-write (Aug 13) content behind flags: Policy Library apply, read-only/credential-update flows, Policy Application Status - Fix conformance terminology (Conformant/Non-Conformant, not Compliant) - Flag the Gateway/Provider filter topic for PM scope confirmation Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Neither the omni-app code nor the Jul 16 Policy Read PRD includes an "Export to CSV" feature for governance strategies or conformance data. The PRD's "conformance report" is an on-screen evaluation, not a downloadable artifact. - Delete the standalone Export Cross-Gateway Policy Audit Reports topic - Remove the Export Reports step and Export Cross-Gateway Reports section from the govern topic, plus the dangling xref - Remove the Export Conformance Reports section from the monitor topic, plus the dangling xref Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The "Gateway/Provider filter" as a strategy-scoping control isn't in the code, and the Jul 16 PRD strikes through source_gateway (provider-level scoping), scoping strategies by environment and applied_at_level instead. The literal label "Gateway/Provider" doesn't exist in the product; the real labels are "Provider" (column) and the provider view filter. - Delete the gateway/provider filter topic and its xrefs - Remove strategy-scoping-by-provider prose from the govern and monitor topics (including the incorrect "All Runtimes = all providers" claim) - Relabel the real conformance-view column and filter to "Provider" Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- "Portfolio Overview" is a Home-page summary section, not a destination; discovered APIs with the Provider column live under Portfolio > APIs. Correct the three navigation references. - Unbold the descriptive workflow step labels in the govern topic (they aren't UI elements) and trim the duplicated conformance-monitoring section that overlapped the dedicated monitor topic. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The Provider column only appears in the Portfolio > APIs list (table) view; card view shows a provider badge and the API detail header shows a labeled Provider field. Describe the provider as a label rather than a column so the verification step is accurate across views. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Selecting a strategy opens the Configuration tab; conformance results live in the Governed Services tab. Correct the steps and describe the real Conformance / Identified Issues summaries and table columns. - Remove the "Monitor Conformance Over Time" section: no Conformance History chart or conformance-over-time trend exists in the product (conformance is a point-in-time snapshot with a last-evaluated time and a Refresh action). It is not in Jul 16 or Aug 13 scope. - Name the provider filter by its real resting label (Any provider); fix remaining "compliance" wording to "conformance." Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…gory) The Policy Library has four categories (Access and Security, Performance and Cost, Data Privacy and Integrity, Compliance and Observability). "Universal" is not a fifth category — it's a badge marking policies that apply to any service, including scanned and federated APIs. Correct the category list in the commented-out Aug 13 content in both topics so it's accurate when uncommented. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Retitle "Apply Policies via Policy Library" to "Browse the Policy Library" and add an uncommented read/browse introduction describing what the Policy Library is and what users can see (policy cards, search, the four categories, and the Universal badge). The browse intro is gated behind a "Jul 16 publish condition" note pending PM confirmation that the Policy Library feature flag is on in browse mode for Jul 16. The policy-application wizard remains commented behind the Aug 13 write flag, to be folded into the topic when that release is documented. Update the inbound xref label to match the new title. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…ding "What You Can See in the Policy Library" is a vague, question-like lead-in. Use "Browse Policies by Category" — a concise imperative that names what the section covers (search plus the four category filters) and matches the topic title. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
MuleSoft docs use "See Also" for the cross-reference section. Rename the "Related Topics" headings in the setup and monitor topics to match. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Scanner Auto-Creation, API Discovery, and Akamai Correlation Policy are descriptive category lead-ins, not UI element labels, so they shouldn't be bold. Rewrite the connection-results list as plain sentences. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add the four PR 499 topics under Work with Governance Strategies in workflow order: connect providers, govern third-party APIs, monitor cross-gateway conformance, and browse the Policy Library. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
luanamulesoft
commented
Jul 16, 2026
|
|
||
| . Create a xref:exp-governance-create-strategy.adoc[governance strategy] and select the control rules or automated policies to apply. The strategy evaluates conformance for all in-scope APIs, including those discovered from third-party providers. | ||
|
|
||
| . Track conformance status for provider-hosted APIs through the governance strategy dashboard. Use the *Provider* filter to focus on a subset of your cross-gateway environment. |
Contributor
Author
There was a problem hiding this comment.
Add the whole path on how to get to the "Any Provider" filter.
|
|
||
| == See Also | ||
|
|
||
| * xref:exp-governance-setup-third-party-providers.adoc[Connect to Third-Party API Providers] |
Contributor
Author
There was a problem hiding this comment.
Change the link here
|
|
||
| Before monitoring cross-gateway conformance: | ||
|
|
||
| * xref:exp-governance-setup-third-party-providers.adoc[Connect to one or more third-party providers] to enable cross-gateway governance. |
Contributor
Author
There was a problem hiding this comment.
Change the link here
|
|
||
| * A *Conformance* summary: the total number of governed services, broken down into *Conformant*, *Nonconformant*, and *Pending*. | ||
| * An *Identified Issues* summary: counts of violations, warnings, and info-level findings. | ||
| * A table of governed services with *Service*, *Type*, *Provider*, and *Conformance* columns. The *Provider* column shows which platform hosts each API, such as Anypoint Platform, Akamai, or other connected providers. |
Contributor
Author
There was a problem hiding this comment.
Suggested change
| * A table of governed services with *Service*, *Type*, *Provider*, and *Conformance* columns. The *Provider* column shows which platform hosts each API, such as Anypoint Platform, Akamai, or other connected providers. | |
| * A table of governed services with *Service*, *Type*, *Provider*, and *Conformance* columns. The *Provider* column shows which platform hosts each API. |
| == See Also | ||
|
|
||
| * xref:exp-governance-create-strategy.adoc[Create Governance Strategies] | ||
| * xref:exp-governance-setup-third-party-providers.adoc[Connect to Third-Party API Providers] |
Contributor
Author
There was a problem hiding this comment.
Change link here
| == See Also | ||
|
|
||
| * xref:exp-governance-create-strategy.adoc[Create Governance Strategies] | ||
| * xref:exp-governance-setup-third-party-providers.adoc[Connect to Third-Party API Providers] |
Contributor
Author
There was a problem hiding this comment.
Change the link here
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add six new experience topics for third-party API provider governance:
exp-governance-setup-third-party-providers.adoc: Connect to Provider wizard with connection setup, scanner auto-creation, API discovery, and Akamai correlation policy auto-application
exp-governance-govern-third-party-apis.adoc: End-to-end workflow for connecting providers, verifying discovered APIs, creating governance strategies with Gateway/Provider filter, monitoring conformance, and exporting reports
exp-governance-policy-library-apply.adoc: Policy Library wizard with policy categories (Universal, Access and Security, Performance and Cost, Data Privacy and Integrity, Compliance and Observability) and targeted/supplemental application workflow
exp-governance-create-profiles-gateway-provider-filter.adoc: Gateway/Provider filter for governance scope, with provider selection and All Runtimes option
exp-governance-monitor-cross-gateway-conformance.adoc: Cross-gateway conformance monitoring with provider/gateway column filtering and Read-Only policy status indicator
exp-governance-cross-gateway-policy-audit-export.adoc: CSV export for SOC 2 / GDPR compliance audits with full schema including Organization ID, API ID, Gateway/Provider, Applied policies, Policy Application Status, Conformance status, and Timestamp