From e394d53a94b71339e46920609759b6c663bf2d14 Mon Sep 17 00:00:00 2001
From: Mary Dickson <mary.dickson@virtru.com>
Date: Thu, 14 May 2026 11:24:41 -0700
Subject: [PATCH] feat(docs): document WithPolicyFrom re-wrap helper
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds a tdf.mdx section for sdk.WithPolicyFrom, the option-builder helper
landing as part of DSPX-2603. The function returns a TDFOption that
binds the source TDF's policy (attribute FQNs) to a new TDF being
created — useful in re-wrap pipelines where the policy should carry
forward without callers handling base64+JSON manifest encoding.

Demo output of the /docs-drift skill — example block is mined verbatim
from the function's godoc, no inference. Section placed after IsValidTdf
since both are re-wrap-flavored helpers. Skill's name-only sniff
proposed a new with-policy-from.mdx file; placement overridden manually
to match the existing tdf.mdx structure.

Not for merge until the underlying sdk.WithPolicyFrom function lands in
opentdf/platform.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Mary Dickson <mary.dickson@virtru.com>
---
 docs/sdks/tdf.mdx | 49 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/docs/sdks/tdf.mdx b/docs/sdks/tdf.mdx
index 9baa9727..7c64150b 100644
--- a/docs/sdks/tdf.mdx
+++ b/docs/sdks/tdf.mdx
@@ -600,6 +600,55 @@ A non-nil error (Go) or `IOException` (Java) indicates an I/O failure reading th
 
 ---
 
+## WithPolicyFrom
+
+Returns a `TDFOption` that binds the source TDF's policy — its attribute value FQNs — to the new TDF being created. Use this in re-wrap pipelines to preserve the source policy without having to know about the manifest's base64 + JSON encoding.
+
+**Signature**
+
+<Tabs>
+<TabItem value="go" label="Go">
+
+<SdkVersion language="go" version="0.21.0" source="opentdf" />
+
+```go
+func WithPolicyFrom(r *Reader) TDFOption
+```
+
+This is a package-level function in the `sdk` package, not a method on the client.
+
+</TabItem>
+</Tabs>
+
+**Parameters**
+
+| Parameter | Required | Description |
+|-----------|----------|-------------|
+| `r` | Required | An initialized `*sdk.Reader`, typically returned by [`LoadTDF`](#loadtdf). Must have `Init(ctx)` called before being passed here — `Reader.DataAttributes` requires the policy field to be parsed. |
+
+**Example**
+
+<Tabs>
+<TabItem value="go" label="Go">
+
+```go
+if ok, _ := sdk.IsValidTdf(file); !ok {
+    // pass through unchanged
+}
+reader, _ := s.LoadTDF(file)
+_ = reader.Init(ctx)
+_, _ = s.CreateTDF(out, transformed, sdk.WithPolicyFrom(reader))
+```
+
+</TabItem>
+</Tabs>
+
+**Returns**
+
+A `TDFOption` that, when applied to a `TDFConfig` via [`CreateTDF`](#createtdf), binds all attribute value FQNs from the source TDF's policy to the new TDF. Returns an error during config application if the source `Reader` is nil or its `DataAttributes` cannot be read.
+
+---
+
 ## BulkDecrypt
 
 Decrypts multiple TDFs in a single operation, batching KAS key rewrap requests to reduce round-trip overhead.