Docs

Adhoc Mapping

Present

3-min readUpdated May 06, 2026

Copied Raw Markdown!

# Adhoc Mapping

This repository is exploring how Apigee policy bundles can be moved into MuleSoft Flex Gateway. Apigee is the source system: it stores gateway behavior as XML policies and, for some behaviors, JavaScript files. Flex Gateway is the target system: the current target artifacts are YAML policy definitions under `Adhoc/flex-gateway-policies`. This page explains how the Adhoc reference material lines up so a reader can see both the product-level policy mapping and the lower-level source files that feed each target policy.

The important shape is not one file to one file. In Apigee, one business policy can be split across several files: one file may run JavaScript, another may define the failure response, and another may read configuration. In Flex Gateway, the same business policy is represented as one YAML policy definition. That is why this page has two graphs: first the policy-to-policy story, then the detailed source-file-to-policy trace.

Read it both ways:

- Source to target: many Apigee files feed one Flex Gateway YAML.
- Target to source: one Flex Gateway YAML can be traced back to all Apigee files in that policy group.

## How To Read This Page

Start with `Policy To Policy`. That graph answers the business question: "Which Apigee policy concept becomes which Flex Gateway policy?" For example, `Apigee IP Allowlist` maps to `Flex ip-allowlist`.

Then read `Source Files To Policy`. That graph answers the implementation question: "Which files make up the Apigee side of that policy?" For IP allowlist, the Apigee side has JavaScript logic, a JavaScript policy wrapper, and a forbidden-response policy. Those three source files feed one Flex YAML target.

The arrows are expressed with Vyasa `depends` edges. A target node depends on source nodes. Read that as "this target was produced from these source inputs."

## Latest Validation

`make test` output is saved at `build/make-test-results.txt`.

{* ../build/make-test-results.txt ln[1:54] *}

## What The Test Proves

The test proves the current converter can scan the Adhoc Apigee source tree, detect 18 policy groups, copy the matching 18 Flex Gateway YAML targets into `build/flex-gateway-policies`, and compare generated output against the expected Adhoc Flex YAML files. A match means the generated file bytes are identical to the expected file bytes.

> [!note] Current limit
> This is not yet proof of smart semantic conversion. The current Flex YAML path is template-based: it uses the policy group to select an existing YAML target. The useful guarantee today is that the mapping inventory, output routing, and validation loop are wired and visible.

## Why Two Graphs

| View | Why it exists |
|---|---|
| `Policy To Policy` | Shows the migration intent without file noise. This is the view to use when explaining the work to someone who only needs to know what Apigee capability maps to what Flex capability. |
| `Source Files To Policy` | Shows the implementation evidence. This is the view to use when debugging why a target YAML exists, or when checking whether all Apigee files in a policy group are accounted for. |

## Still To Resolve

1. **Semantic extraction** - The code still needs real per-policy parsing that reads values from Apigee XML and JavaScript instead of selecting static Flex YAML templates.
2. **Confidence scoring** - The current mapping score is still mostly stubbed, so the code can validate output files while still reporting many low-confidence source XML mappings.
3. **Generated target ownership** - The repo needs a decision on whether Flex YAMLs under `Adhoc/flex-gateway-policies` are permanent golden files, temporary references, or seed templates for generated output.

## Policy To Policy

```items
---
title: Apigee Policies To Flex Gateway Policies
default_open_depth: -1
---
id apigee-policies-to-flex-policies
group security Security
  item apigee-basic-auth-ldap Apigee Basic Auth LDAP
  item flex-basic-auth-ldap Flex basic-authentication-ldap
    depends apigee-basic-auth-ldap
  item apigee-basic-auth-simple Apigee Basic Auth Simple
  item flex-basic-auth-simple Flex basic-authentication-simple
    depends apigee-basic-auth-simple
  item apigee-client-id Apigee VerifyAPIKey / Client ID Enforcement
  item flex-client-id Flex client-id-enforcement
    depends apigee-client-id
  item apigee-ip-allow Apigee IP Allowlist
  item flex-ip-allow Flex ip-allowlist
    depends apigee-ip-allow
  item apigee-ip-block Apigee IP Blocklist
  item flex-ip-block Flex ip-blocklist
    depends apigee-ip-block
  item apigee-jwt Apigee VerifyJWT / JWT Scope Validation
  item flex-jwt Flex jwt-validation
    depends apigee-jwt
  item apigee-oauth Apigee OAuth2 Token Introspection
  item flex-oauth Flex oauth2-token-introspection
    depends apigee-oauth
group traffic Traffic
  item apigee-rate Apigee SpikeArrest + Quota Rate Limiting
  item flex-rate Flex rate-limiting
    depends apigee-rate
  item apigee-rate-sla Apigee SLA Quota
  item flex-rate-sla Flex rate-limiting-sla
    depends apigee-rate-sla
  item apigee-retry Apigee JavaScript Retry With Backoff
  item flex-retry Flex retry
    depends apigee-retry
  item apigee-spike Apigee SpikeArrest Spike Control
  item flex-spike Flex spike-control
    depends apigee-spike
  item apigee-timeout Apigee TargetEndpoint Timeout
  item flex-timeout Flex timeout
    depends apigee-timeout
group governance Governance
  item apigee-header-injection Apigee AssignMessage Header Injection
  item flex-header-injection Flex header-injection
    depends apigee-header-injection
  item apigee-header-removal Apigee AssignMessage Header Removal
  item flex-header-removal Flex header-removal
    depends apigee-header-removal
  item apigee-json-threat Apigee JSONThreatProtection
  item flex-json-threat Flex json-threat-protection
    depends apigee-json-threat
  item apigee-xml-threat Apigee XMLThreatProtection
  item flex-xml-threat Flex xml-threat-protection
    depends apigee-xml-threat
group transform Transform
  item apigee-cors Apigee CORS
  item flex-cors Flex cors
    depends apigee-cors
  item apigee-message-logging Apigee MessageLogging + StatisticsCollector
  item flex-message-logging Flex message-logging
    depends apigee-message-logging
```

## Source Files To Policy

```items
---
title: Adhoc Source Files To Flex Gateway Targets
default_open_depth: -1
---
id adhoc-source-files-to-flex-targets
group security Security
  group basic-auth-ldap Adhoc/apigee-policies/security/basic-auth-ldap/
    item src-basic-auth-ldap-js JS-Decode-BasicAuth-LDAP.js
    item src-basic-auth-ldap-js-xml JS-Decode-BasicAuth-LDAP.xml
    item src-basic-auth-ldap-kv KV-Get-LDAP-Config.xml
    item src-basic-auth-ldap-sp SP-Call-LDAP-Validator.xml
    item dst-basic-auth-ldap Adhoc/flex-gateway-policies/security/basic-auth-ldap/basic-auth-ldap.yaml
      depends src-basic-auth-ldap-js src-basic-auth-ldap-js-xml src-basic-auth-ldap-kv src-basic-auth-ldap-sp
  group basic-auth-simple Adhoc/apigee-policies/security/basic-auth-simple/
    item src-basic-auth-simple-am AM-Extract-BasicAuth-Credentials.xml
    item src-basic-auth-simple-js JS-Validate-BasicAuth.js
    item src-basic-auth-simple-js-xml JS-Validate-BasicAuth.xml
    item src-basic-auth-simple-kv KV-Get-BasicAuth-Config.xml
    item src-basic-auth-simple-proxy ProxyEndpoint-BasicAuth.xml
    item src-basic-auth-simple-rf RF-BasicAuth-Unauthorized.xml
    item dst-basic-auth-simple Adhoc/flex-gateway-policies/security/basic-auth-simple/basic-auth-simple.yaml
      depends src-basic-auth-simple-am src-basic-auth-simple-js src-basic-auth-simple-js-xml src-basic-auth-simple-kv src-basic-auth-simple-proxy src-basic-auth-simple-rf
  group client-id-enforcement Adhoc/apigee-policies/security/client-id-enforcement/
    item src-client-id-am-inject AM-Inject-App-Info.xml
    item src-client-id-am-remove AM-Remove-Client-Credentials.xml
    item src-client-id-rf RF-ClientID-Unauthorized.xml
    item src-client-id-va VA-Verify-API-Key.xml
    item dst-client-id Adhoc/flex-gateway-policies/security/client-id-enforcement/client-id-enforcement.yaml
      depends src-client-id-am-inject src-client-id-am-remove src-client-id-rf src-client-id-va
  group ip-allowlist Adhoc/apigee-policies/security/ip-allowlist/
    item src-ip-allow-js JS-IP-Allowlist.js
    item src-ip-allow-js-xml JS-IP-Allowlist.xml
    item src-ip-allow-rf RF-IP-Forbidden.xml
    item dst-ip-allow Adhoc/flex-gateway-policies/security/ip-allowlist/ip-allowlist.yaml
      depends src-ip-allow-js src-ip-allow-js-xml src-ip-allow-rf
  group ip-blocklist Adhoc/apigee-policies/security/ip-blocklist/
    item src-ip-block-js JS-IP-Blocklist.js
    item src-ip-block-js-xml JS-IP-Blocklist.xml
    item src-ip-block-rf RF-IP-Blocked.xml
    item dst-ip-block Adhoc/flex-gateway-policies/security/ip-blocklist/ip-blocklist.yaml
      depends src-ip-block-js src-ip-block-js-xml src-ip-block-rf
  group jwt-validation Adhoc/apigee-policies/security/jwt-validation/
    item src-jwt-am AM-Forward-JWT-Claims.xml
    item src-jwt-js JS-Validate-JWT-Scope.xml
    item src-jwt-rf-forbidden RF-JWT-Forbidden.xml
    item src-jwt-rf-unauthorized RF-JWT-Unauthorized.xml
    item src-jwt-vj VJ-Verify-JWT.xml
    item dst-jwt Adhoc/flex-gateway-policies/security/jwt-validation/jwt-validation.yaml
      depends src-jwt-am src-jwt-js src-jwt-rf-forbidden src-jwt-rf-unauthorized src-jwt-vj
  group oauth2-introspection Adhoc/apigee-policies/security/oauth2-introspection/
    item src-oauth-ev EV-Parse-Introspect-Response.xml
    item src-oauth-js JS-Extract-Bearer-Token.js
    item src-oauth-js-xml JS-Extract-Bearer-Token.xml
    item src-oauth-kv KV-Get-OAuth2-Config.xml
    item src-oauth-lc LC-OAuth2-Token-Cache.xml
    item src-oauth-pc PC-OAuth2-Token-Cache.xml
    item src-oauth-proxy ProxyEndpoint-OAuth2.xml
    item src-oauth-rf RF-OAuth2-Unauthorized.xml
    item src-oauth-sp SP-OAuth2-Introspect.xml
    item dst-oauth Adhoc/flex-gateway-policies/security/oauth2-introspection/oauth2-introspection.yaml
      depends src-oauth-ev src-oauth-js src-oauth-js-xml src-oauth-kv src-oauth-lc src-oauth-pc src-oauth-proxy src-oauth-rf src-oauth-sp
group traffic Traffic
  group rate-limiting Adhoc/apigee-policies/traffic/rate-limiting/
    item src-rate-am AM-RateLimit-Response-Headers.xml
    item src-rate-qu QU-Daily-Quota.xml
    item src-rate-rf RF-RateLimit-Exceeded.xml
    item src-rate-sa SA-Rate-Limit.xml
    item dst-rate Adhoc/flex-gateway-policies/traffic/rate-limiting/rate-limiting.yaml
      depends src-rate-am src-rate-qu src-rate-rf src-rate-sa
  group rate-limiting-sla Adhoc/apigee-policies/traffic/rate-limiting-sla/
    item src-rate-sla-am AM-SLA-Quota-Headers.xml
    item src-rate-sla-qu QU-SLA-Quota.xml
    item dst-rate-sla Adhoc/flex-gateway-policies/traffic/rate-limiting-sla/rate-limiting-sla.yaml
      depends src-rate-sla-am src-rate-sla-qu
  group retry Adhoc/apigee-policies/traffic/retry/
    item src-retry-js JS-Retry-With-Backoff.xml
    item src-retry-rf RF-MaxRetries-Exceeded.xml
    item dst-retry Adhoc/flex-gateway-policies/traffic/retry/retry.yaml
      depends src-retry-js src-retry-rf
  group spike-control Adhoc/apigee-policies/traffic/spike-control/
    item src-spike-rf RF-SpikeArrest-Exceeded.xml
    item src-spike-sa SA-Spike-Control.xml
    item dst-spike Adhoc/flex-gateway-policies/traffic/spike-control/spike-control.yaml
      depends src-spike-rf src-spike-sa
  group timeout Adhoc/apigee-policies/traffic/timeout/
    item src-timeout-503 AM-Set-503-Response.xml
    item src-timeout-504 AM-Set-504-Response.xml
    item src-timeout-target TargetEndpoint-Timeout.xml
    item dst-timeout Adhoc/flex-gateway-policies/traffic/timeout/timeout.yaml
      depends src-timeout-503 src-timeout-504 src-timeout-target
group governance Governance
  group header-injection Adhoc/apigee-policies/governance/header-injection/
    item src-header-inbound AM-Inject-Inbound-Headers.xml
    item src-header-outbound AM-Inject-Outbound-Headers.xml
    item dst-header-injection Adhoc/flex-gateway-policies/governance/header-injection/header-injection.yaml
      depends src-header-inbound src-header-outbound
  group header-removal Adhoc/apigee-policies/governance/header-removal/
    item src-remove-inbound AM-Remove-Inbound-Headers.xml
    item src-remove-outbound AM-Remove-Outbound-Headers.xml
    item dst-header-removal Adhoc/flex-gateway-policies/governance/header-removal/header-removal.yaml
      depends src-remove-inbound src-remove-outbound
  group json-threat-protection Adhoc/apigee-policies/governance/json-threat-protection/
    item src-json-threat JP-JSON-Threat-Protection.xml
    item dst-json-threat Adhoc/flex-gateway-policies/governance/json-threat-protection/json-threat-protection.yaml
      depends src-json-threat
  group xml-threat-protection Adhoc/apigee-policies/governance/xml-threat-protection/
    item src-xml-threat XP-XML-Threat-Protection.xml
    item dst-xml-threat Adhoc/flex-gateway-policies/governance/xml-threat-protection/xml-threat-protection.yaml
      depends src-xml-threat
group transform Transform
  group cors Adhoc/apigee-policies/transform/cors/
    item src-cors-preflight AM-CORS-Preflight.xml
    item src-cors-response AM-CORS-Response.xml
    item src-cors-js JS-Validate-CORS-Origin.js
    item src-cors-js-xml JS-Validate-CORS-Origin.xml
    item src-cors-proxy ProxyEndpoint-CORS.xml
    item src-cors-rf RF-Return-204-Preflight.xml
    item dst-cors Adhoc/flex-gateway-policies/transform/cors/cors.yaml
      depends src-cors-preflight src-cors-response src-cors-js src-cors-js-xml src-cors-proxy src-cors-rf
  group message-logging Adhoc/apigee-policies/transform/message-logging/
    item src-log-ml ML-Log-Request.xml
    item src-log-sc SC-Statistics-Collector.xml
    item dst-message-logging Adhoc/flex-gateway-policies/transform/message-logging/message-logging.yaml
      depends src-log-ml src-log-sc
```

This repository is exploring how Apigee policy bundles can be moved into MuleSoft Flex Gateway. Apigee is the source system: it stores gateway behavior as XML policies and, for some behaviors, JavaScript files. Flex Gateway is the target system: the current target artifacts are YAML policy definitions under Adhoc/flex-gateway-policies. This page explains how the Adhoc reference material lines up so a reader can see both the product-level policy mapping and the lower-level source files that feed each target policy.

Read it both ways:

Source to target: many Apigee files feed one Flex Gateway YAML.
Target to source: one Flex Gateway YAML can be traced back to all Apigee files in that policy group.

How To Read This Page URL copied

Start with Policy To Policy. That graph answers the business question: "Which Apigee policy concept becomes which Flex Gateway policy?" For example, Apigee IP Allowlist maps to Flex ip-allowlist.

Then read Source Files To Policy. That graph answers the implementation question: "Which files make up the Apigee side of that policy?" For IP allowlist, the Apigee side has JavaScript logic, a JavaScript policy wrapper, and a forbidden-response policy. Those three source files feed one Flex YAML target.

The arrows are expressed with Vyasa depends edges. A target node depends on source nodes. Read that as "this target was produced from these source inputs."

Latest Validation URL copied

make test output is saved at build/make-test-results.txt.

ApiGeeToMuleSoft/build/make-test-results.txt

/Applications/Xcode.app/Contents/Developer/usr/bin/make validate-adhoc-flex
python -m src.cli Adhoc/apigee-policies --target flex-gateway-yaml --output build/flex-gateway-policies --expected Adhoc/flex-gateway-policies --no-review
18:07:04.568 | INFO    | ingest: scanning source path Adhoc/apigee-policies
18:07:04.576 | INFO    | ingest: found 55 Apigee XML file(s) in 7.4 ms
18:07:04.576 | INFO    | ingest: policy names: AM-Inject-Inbound-Headers, AM-Inject-Outbound-Headers, AM-Remove-Inbound-Headers, AM-Remove-Outbound-Headers, JP-JSON-Threat-Protection, XP-XML-Threat-Protection, JS-Decode-BasicAuth-LDAP, KV-Get-LDAP-Config, SP-Call-LDAP-Validator, AM-Extract-BasicAuth-Credentials, JS-Validate-BasicAuth, KV-Get-BasicAuth-Config, default, RF-BasicAuth-Unauthorized, AM-Inject-App-Info, AM-Remove-Client-Credentials, RF-ClientID-Unauthorized, VA-Verify-API-Key, JS-IP-Allowlist, RF-IP-Forbidden, JS-IP-Blocklist, RF-IP-Blocked, AM-Forward-JWT-Claims, JS-Validate-JWT-Scope, RF-JWT-Forbidden, RF-JWT-Unauthorized, VJ-Verify-JWT, EV-Parse-Introspect-Response, JS-Extract-Bearer-Token, KV-Get-OAuth2-Config, LC-OAuth2-Token-Cache, PC-OAuth2-Token-Cache, default, RF-OAuth2-Unauthorized, SP-OAuth2-Introspect, AM-RateLimit-Response-Headers, QU-Daily-Quota, RF-RateLimit-Exceeded, SA-Rate-Limit, AM-SLA-Quota-Headers, QU-SLA-Quota, JS-Retry-With-Backoff, RF-MaxRetries-Exceeded, RF-SpikeArrest-Exceeded, SA-Spike-Control, AM-Set-503-Response, AM-Set-504-Response, default, AM-CORS-Preflight, AM-CORS-Response, JS-Validate-CORS-Origin, default, RF-Return-204-Preflight, ML-Log-Request, SC-Statistics-Collector
18:07:04.576 | INFO    | lookup: finding target policy for 55 Apigee XML file(s)
18:07:04.576 | INFO    | lookup: detected 18 policy group(s): basic-auth-ldap, basic-auth-simple, client-id-enforcement, cors, header-injection, header-removal, ip-allowlist, ip-blocklist, json-threat-protection, jwt-validation, message-logging, oauth2-introspection, rate-limiting, rate-limiting-sla, retry, spike-control, timeout, xml-threat-protection
18:07:04.576 | INFO    | lookup: produced 55 candidate mapping(s) in 0.0 ms
18:07:04.576 | INFO    | mapping: scoring 55 source-to-target candidate(s)
18:07:04.576 | INFO    | mapping: 1 high-confidence, 54 need review in 0.1 ms
18:07:04.576 | INFO    | execute: target=flex-gateway-yaml, output=build/flex-gateway-policies
18:07:04.579 | INFO    | execute: copying 18 Flex YAML template(s) from Adhoc/flex-gateway-policies
18:07:04.580 | INFO    | execute: governance / header-injection -> build/flex-gateway-policies/governance/header-injection/header-injection.yaml
18:07:04.580 | INFO    | execute: governance / header-removal -> build/flex-gateway-policies/governance/header-removal/header-removal.yaml
18:07:04.580 | INFO    | execute: governance / json-threat-protection -> build/flex-gateway-policies/governance/json-threat-protection/json-threat-protection.yaml
18:07:04.580 | INFO    | execute: governance / xml-threat-protection -> build/flex-gateway-policies/governance/xml-threat-protection/xml-threat-protection.yaml
18:07:04.581 | INFO    | execute: security / basic-auth-ldap -> build/flex-gateway-policies/security/basic-auth-ldap/basic-auth-ldap.yaml
18:07:04.581 | INFO    | execute: security / basic-auth-simple -> build/flex-gateway-policies/security/basic-auth-simple/basic-auth-simple.yaml
18:07:04.581 | INFO    | execute: security / client-id-enforcement -> build/flex-gateway-policies/security/client-id-enforcement/client-id-enforcement.yaml
18:07:04.582 | INFO    | execute: security / ip-allowlist -> build/flex-gateway-policies/security/ip-allowlist/ip-allowlist.yaml
18:07:04.582 | INFO    | execute: security / ip-blocklist -> build/flex-gateway-policies/security/ip-blocklist/ip-blocklist.yaml
18:07:04.583 | INFO    | execute: security / jwt-validation -> build/flex-gateway-policies/security/jwt-validation/jwt-validation.yaml
18:07:04.583 | INFO    | execute: security / oauth2-introspection -> build/flex-gateway-policies/security/oauth2-introspection/oauth2-introspection.yaml
18:07:04.583 | INFO    | execute: traffic / rate-limiting -> build/flex-gateway-policies/traffic/rate-limiting/rate-limiting.yaml
18:07:04.583 | INFO    | execute: traffic / rate-limiting-sla -> build/flex-gateway-policies/traffic/rate-limiting-sla/rate-limiting-sla.yaml
18:07:04.584 | INFO    | execute: traffic / retry -> build/flex-gateway-policies/traffic/retry/retry.yaml
18:07:04.584 | INFO    | execute: traffic / spike-control -> build/flex-gateway-policies/traffic/spike-control/spike-control.yaml
18:07:04.584 | INFO    | execute: traffic / timeout -> build/flex-gateway-policies/traffic/timeout/timeout.yaml
18:07:04.584 | INFO    | execute: transform / cors -> build/flex-gateway-policies/transform/cors/cors.yaml
18:07:04.584 | INFO    | execute: transform / message-logging -> build/flex-gateway-policies/transform/message-logging/message-logging.yaml
18:07:04.584 | INFO    | execute: completed in 8.2 ms
18:07:04.588 | INFO    | validate: comparing generated output with expected output
18:07:04.588 | INFO    | validate: MATCH build/flex-gateway-policies/governance/header-injection/header-injection.yaml == Adhoc/flex-gateway-policies/governance/header-injection/header-injection.yaml
18:07:04.588 | INFO    | validate: MATCH build/flex-gateway-policies/governance/header-removal/header-removal.yaml == Adhoc/flex-gateway-policies/governance/header-removal/header-removal.yaml
18:07:04.588 | INFO    | validate: MATCH build/flex-gateway-policies/governance/json-threat-protection/json-threat-protection.yaml == Adhoc/flex-gateway-policies/governance/json-threat-protection/json-threat-protection.yaml
18:07:04.588 | INFO    | validate: MATCH build/flex-gateway-policies/governance/xml-threat-protection/xml-threat-protection.yaml == Adhoc/flex-gateway-policies/governance/xml-threat-protection/xml-threat-protection.yaml
18:07:04.588 | INFO    | validate: MATCH build/flex-gateway-policies/security/basic-auth-ldap/basic-auth-ldap.yaml == Adhoc/flex-gateway-policies/security/basic-auth-ldap/basic-auth-ldap.yaml
18:07:04.588 | INFO    | validate: MATCH build/flex-gateway-policies/security/basic-auth-simple/basic-auth-simple.yaml == Adhoc/flex-gateway-policies/security/basic-auth-simple/basic-auth-simple.yaml
18:07:04.588 | INFO    | validate: MATCH build/flex-gateway-policies/security/client-id-enforcement/client-id-enforcement.yaml == Adhoc/flex-gateway-policies/security/client-id-enforcement/client-id-enforcement.yaml
18:07:04.588 | INFO    | validate: MATCH build/flex-gateway-policies/security/ip-allowlist/ip-allowlist.yaml == Adhoc/flex-gateway-policies/security/ip-allowlist/ip-allowlist.yaml
18:07:04.588 | INFO    | validate: MATCH build/flex-gateway-policies/security/ip-blocklist/ip-blocklist.yaml == Adhoc/flex-gateway-policies/security/ip-blocklist/ip-blocklist.yaml
18:07:04.588 | INFO    | validate: MATCH build/flex-gateway-policies/security/jwt-validation/jwt-validation.yaml == Adhoc/flex-gateway-policies/security/jwt-validation/jwt-validation.yaml
18:07:04.588 | INFO    | validate: MATCH build/flex-gateway-policies/security/oauth2-introspection/oauth2-introspection.yaml == Adhoc/flex-gateway-policies/security/oauth2-introspection/oauth2-introspection.yaml
18:07:04.588 | INFO    | validate: MATCH build/flex-gateway-policies/traffic/rate-limiting/rate-limiting.yaml == Adhoc/flex-gateway-policies/traffic/rate-limiting/rate-limiting.yaml
18:07:04.588 | INFO    | validate: MATCH build/flex-gateway-policies/traffic/rate-limiting-sla/rate-limiting-sla.yaml == Adhoc/flex-gateway-policies/traffic/rate-limiting-sla/rate-limiting-sla.yaml
18:07:04.588 | INFO    | validate: MATCH build/flex-gateway-policies/traffic/retry/retry.yaml == Adhoc/flex-gateway-policies/traffic/retry/retry.yaml
18:07:04.588 | INFO    | validate: MATCH build/flex-gateway-policies/traffic/spike-control/spike-control.yaml == Adhoc/flex-gateway-policies/traffic/spike-control/spike-control.yaml
18:07:04.588 | INFO    | validate: MATCH build/flex-gateway-policies/traffic/timeout/timeout.yaml == Adhoc/flex-gateway-policies/traffic/timeout/timeout.yaml
18:07:04.588 | INFO    | validate: MATCH build/flex-gateway-policies/transform/cors/cors.yaml == Adhoc/flex-gateway-policies/transform/cors/cors.yaml
18:07:04.588 | INFO    | validate: MATCH build/flex-gateway-policies/transform/message-logging/message-logging.yaml == Adhoc/flex-gateway-policies/transform/message-logging/message-logging.yaml
18:07:04.588 | SUCCESS | validate: 18 file(s) matched
18:07:04.588 | INFO    | validate: completed in 3.5 ms
18:07:04.588 | SUCCESS | done: pipeline completed in 19.6 ms
✓ Validation passed.

What The Test Proves URL copied

The test proves the current converter can scan the Adhoc Apigee source tree, detect 18 policy groups, copy the matching 18 Flex Gateway YAML targets into build/flex-gateway-policies, and compare generated output against the expected Adhoc Flex YAML files. A match means the generated file bytes are identical to the expected file bytes.

Current limit

This is not yet proof of smart semantic conversion. The current Flex YAML path is template-based: it uses the policy group to select an existing YAML target. The useful guarantee today is that the mapping inventory, output routing, and validation loop are wired and visible.

Why Two Graphs URL copied

View	Why it exists
`Policy To Policy`	Shows the migration intent without file noise. This is the view to use when explaining the work to someone who only needs to know what Apigee capability maps to what Flex capability.
`Source Files To Policy`	Shows the implementation evidence. This is the view to use when debugging why a target YAML exists, or when checking whether all Apigee files in a policy group are accounted for.

Still To Resolve URL copied

Semantic extraction - The code still needs real per-policy parsing that reads values from Apigee XML and JavaScript instead of selecting static Flex YAML templates.
Confidence scoring - The current mapping score is still mostly stubbed, so the code can validate output files while still reporting many low-confidence source XML mappings.
Generated target ownership - The repo needs a decision on whether Flex YAMLs under Adhoc/flex-gateway-policies are permanent golden files, temporary references, or seed templates for generated output.

Policy To Policy URL copied

Apigee Policies To Flex Gateway Policies

4 groups, 36 items, 18 edges

Source Files To Policy URL copied

Adhoc Source Files To Flex Gateway Targets

22 groups, 79 items, 61 edges

Spine Architecture Sketch →

Adhoc Mapping

How To Read This PageURL copied

Latest ValidationURL copied

What The Test ProvesURL copied

Why Two GraphsURL copied

Still To ResolveURL copied

Policy To PolicyURL copied

Source Files To PolicyURL copied