diff --git a/.github/workflows/hexa-test-suite.yml b/.github/workflows/hexa-test-suite.yml
index e3a19e5d..e63fdfc8 100644
--- a/.github/workflows/hexa-test-suite.yml
+++ b/.github/workflows/hexa-test-suite.yml
@@ -42,7 +42,7 @@ jobs:
           sudo mv migrate.linux-amd64 /usr/bin/migrate
       - name: migrate
         run: |
-          migrate -verbose -path ./databases/orchestrator -database postgres://orchestrator:orchestrator@localhost:5432/orchestrator_test?sslmode=disable up
+          migrate -verbose -path ./demo/databases/orchestrator -database postgres://orchestrator:orchestrator@localhost:5432/orchestrator_test?sslmode=disable up
       - name: opa
         run: |
           curl -L -o opa https://github.com/open-policy-agent/opa/releases/download/v0.38.1/opa_linux_amd64
@@ -50,6 +50,8 @@ jobs:
           sudo mv opa /usr/bin/opa
       - name: test
         run: |
-          go test -tags integration -coverprofile coverage.out  ./.../
+          ./test_workspace.sh
+          #cd demo
+          #go test -tags integration -coverprofile coverage.out  ./.../
       - name: Upload coverage to Codecov
         run: bash <(curl -s https://codecov.io/bash)
\ No newline at end of file
diff --git a/Brewfile b/demo/Brewfile
similarity index 100%
rename from Brewfile
rename to demo/Brewfile
diff --git a/Procfile b/demo/Procfile
similarity index 100%
rename from Procfile
rename to demo/Procfile
diff --git a/bin/dev b/demo/bin/dev
similarity index 100%
rename from bin/dev
rename to demo/bin/dev
diff --git a/bin/dev.d/Procfile b/demo/bin/dev.d/Procfile
similarity index 100%
rename from bin/dev.d/Procfile
rename to demo/bin/dev.d/Procfile
diff --git a/bin/dev.d/migrate.sh b/demo/bin/dev.d/migrate.sh
similarity index 100%
rename from bin/dev.d/migrate.sh
rename to demo/bin/dev.d/migrate.sh
diff --git a/bin/dev.d/serve.sh b/demo/bin/dev.d/serve.sh
similarity index 100%
rename from bin/dev.d/serve.sh
rename to demo/bin/dev.d/serve.sh
diff --git a/bin/dev.d/setup.sh b/demo/bin/dev.d/setup.sh
similarity index 100%
rename from bin/dev.d/setup.sh
rename to demo/bin/dev.d/setup.sh
diff --git a/bin/dev.d/test.sh b/demo/bin/dev.d/test.sh
similarity index 100%
rename from bin/dev.d/test.sh
rename to demo/bin/dev.d/test.sh
diff --git a/bin/pkg b/demo/bin/pkg
similarity index 100%
rename from bin/pkg
rename to demo/bin/pkg
diff --git a/bin/pkg.d/build.sh b/demo/bin/pkg.d/build.sh
similarity index 100%
rename from bin/pkg.d/build.sh
rename to demo/bin/pkg.d/build.sh
diff --git a/bin/pkg.d/setup.sh b/demo/bin/pkg.d/setup.sh
similarity index 100%
rename from bin/pkg.d/setup.sh
rename to demo/bin/pkg.d/setup.sh
diff --git a/bin/support.d/arg.sh b/demo/bin/support.d/arg.sh
similarity index 100%
rename from bin/support.d/arg.sh
rename to demo/bin/support.d/arg.sh
diff --git a/bin/support.d/cmd.sh b/demo/bin/support.d/cmd.sh
similarity index 100%
rename from bin/support.d/cmd.sh
rename to demo/bin/support.d/cmd.sh
diff --git a/bin/support.d/echo.sh b/demo/bin/support.d/echo.sh
similarity index 100%
rename from bin/support.d/echo.sh
rename to demo/bin/support.d/echo.sh
diff --git a/bin/support.d/exec.sh b/demo/bin/support.d/exec.sh
similarity index 100%
rename from bin/support.d/exec.sh
rename to demo/bin/support.d/exec.sh
diff --git a/bin/support.d/fmt.sh b/demo/bin/support.d/fmt.sh
similarity index 100%
rename from bin/support.d/fmt.sh
rename to demo/bin/support.d/fmt.sh
diff --git a/bin/support.sh b/demo/bin/support.sh
similarity index 100%
rename from bin/support.sh
rename to demo/bin/support.sh
diff --git a/cmd/admin/admin.go b/demo/cmd/admin/admin.go
similarity index 87%
rename from cmd/admin/admin.go
rename to demo/cmd/admin/admin.go
index 381b8012..7db221de 100644
--- a/cmd/admin/admin.go
+++ b/demo/cmd/admin/admin.go
@@ -2,13 +2,13 @@ package main
 
 import (
 	"fmt"
-	"github.com/hexa-org/policy-orchestrator/internal/admin"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/admin"
 	"log"
 	"net"
 	"net/http"
 	"os"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 )
 
 func App(addr string, orchestratorUrl string, orchestratorKey string) *http.Server {
diff --git a/cmd/admin/admin_test.go b/demo/cmd/admin/admin_test.go
similarity index 82%
rename from cmd/admin/admin_test.go
rename to demo/cmd/admin/admin_test.go
index dc8f7a8d..4ab7b1a5 100644
--- a/cmd/admin/admin_test.go
+++ b/demo/cmd/admin/admin_test.go
@@ -6,8 +6,8 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/cmd/demo/amazonsupport/amazon_support.go b/demo/cmd/demo/amazonsupport/amazon_support.go
similarity index 100%
rename from cmd/demo/amazonsupport/amazon_support.go
rename to demo/cmd/demo/amazonsupport/amazon_support.go
diff --git a/cmd/demo/amazonsupport/amazon_support_test.go b/demo/cmd/demo/amazonsupport/amazon_support_test.go
similarity index 94%
rename from cmd/demo/amazonsupport/amazon_support_test.go
rename to demo/cmd/demo/amazonsupport/amazon_support_test.go
index 3634097e..3a1adf33 100644
--- a/cmd/demo/amazonsupport/amazon_support_test.go
+++ b/demo/cmd/demo/amazonsupport/amazon_support_test.go
@@ -16,9 +16,9 @@ import (
 	"github.com/golang-jwt/jwt"
 	"github.com/gorilla/mux"
 	"github.com/gorilla/sessions"
-	"github.com/hexa-org/policy-orchestrator/cmd/demo/amazonsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/cmd/demo/amazonsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 )
diff --git a/cmd/demo/azuresupport/azure_support.go b/demo/cmd/demo/azuresupport/azure_support.go
similarity index 100%
rename from cmd/demo/azuresupport/azure_support.go
rename to demo/cmd/demo/azuresupport/azure_support.go
diff --git a/cmd/demo/azuresupport/azure_support_test.go b/demo/cmd/demo/azuresupport/azure_support_test.go
similarity index 86%
rename from cmd/demo/azuresupport/azure_support_test.go
rename to demo/cmd/demo/azuresupport/azure_support_test.go
index b7af426b..dabac3e5 100644
--- a/cmd/demo/azuresupport/azure_support_test.go
+++ b/demo/cmd/demo/azuresupport/azure_support_test.go
@@ -9,9 +9,9 @@ import (
 
 	"github.com/gorilla/mux"
 	"github.com/gorilla/sessions"
-	"github.com/hexa-org/policy-orchestrator/cmd/demo/azuresupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/cmd/demo/azuresupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/cmd/demo/demo.go b/demo/cmd/demo/demo.go
similarity index 92%
rename from cmd/demo/demo.go
rename to demo/cmd/demo/demo.go
index 19818a37..e93217a2 100644
--- a/cmd/demo/demo.go
+++ b/demo/cmd/demo/demo.go
@@ -10,15 +10,15 @@ import (
 	"path/filepath"
 	"runtime"
 
-	"github.com/hexa-org/policy-orchestrator/internal/decisionsupport"
-	"github.com/hexa-org/policy-orchestrator/internal/decisionsupportproviders"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/decisionsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/decisionsupportproviders"
 
 	"github.com/gorilla/mux"
 	"github.com/gorilla/sessions"
-	"github.com/hexa-org/policy-orchestrator/cmd/demo/amazonsupport"
-	"github.com/hexa-org/policy-orchestrator/cmd/demo/azuresupport"
-	"github.com/hexa-org/policy-orchestrator/cmd/demo/googlesupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/cmd/demo/amazonsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/cmd/demo/azuresupport"
+	"github.com/hexa-org/policy-orchestrator/demo/cmd/demo/googlesupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 )
 
 //go:embed resources/static
diff --git a/cmd/demo/demo_test.go b/demo/cmd/demo/demo_test.go
similarity index 98%
rename from cmd/demo/demo_test.go
rename to demo/cmd/demo/demo_test.go
index cb822c95..9c292f91 100644
--- a/cmd/demo/demo_test.go
+++ b/demo/cmd/demo/demo_test.go
@@ -18,8 +18,8 @@ import (
 	"testing"
 	"time"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/databasesupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/hawksupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/databasesupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/hawksupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/cmd/demo/googlesupport/google_support.go b/demo/cmd/demo/googlesupport/google_support.go
similarity index 100%
rename from cmd/demo/googlesupport/google_support.go
rename to demo/cmd/demo/googlesupport/google_support.go
diff --git a/cmd/demo/googlesupport/google_support_test.go b/demo/cmd/demo/googlesupport/google_support_test.go
similarity index 86%
rename from cmd/demo/googlesupport/google_support_test.go
rename to demo/cmd/demo/googlesupport/google_support_test.go
index 4ebcb1ae..a05fb916 100644
--- a/cmd/demo/googlesupport/google_support_test.go
+++ b/demo/cmd/demo/googlesupport/google_support_test.go
@@ -9,9 +9,9 @@ import (
 
 	"github.com/gorilla/mux"
 	"github.com/gorilla/sessions"
-	"github.com/hexa-org/policy-orchestrator/cmd/demo/googlesupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/cmd/demo/googlesupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/cmd/demo/resources/static/images/hexa.svg b/demo/cmd/demo/resources/static/images/hexa.svg
similarity index 100%
rename from cmd/demo/resources/static/images/hexa.svg
rename to demo/cmd/demo/resources/static/images/hexa.svg
diff --git a/cmd/demo/resources/static/images/menu_white.svg b/demo/cmd/demo/resources/static/images/menu_white.svg
similarity index 100%
rename from cmd/demo/resources/static/images/menu_white.svg
rename to demo/cmd/demo/resources/static/images/menu_white.svg
diff --git a/cmd/demo/resources/static/styles/app.css b/demo/cmd/demo/resources/static/styles/app.css
similarity index 100%
rename from cmd/demo/resources/static/styles/app.css
rename to demo/cmd/demo/resources/static/styles/app.css
diff --git a/cmd/demo/resources/static/styles/reset.css b/demo/cmd/demo/resources/static/styles/reset.css
similarity index 100%
rename from cmd/demo/resources/static/styles/reset.css
rename to demo/cmd/demo/resources/static/styles/reset.css
diff --git a/cmd/demo/resources/templates/accounting.gohtml b/demo/cmd/demo/resources/templates/accounting.gohtml
similarity index 100%
rename from cmd/demo/resources/templates/accounting.gohtml
rename to demo/cmd/demo/resources/templates/accounting.gohtml
diff --git a/cmd/demo/resources/templates/dashboard.gohtml b/demo/cmd/demo/resources/templates/dashboard.gohtml
similarity index 100%
rename from cmd/demo/resources/templates/dashboard.gohtml
rename to demo/cmd/demo/resources/templates/dashboard.gohtml
diff --git a/cmd/demo/resources/templates/humanresources.gohtml b/demo/cmd/demo/resources/templates/humanresources.gohtml
similarity index 100%
rename from cmd/demo/resources/templates/humanresources.gohtml
rename to demo/cmd/demo/resources/templates/humanresources.gohtml
diff --git a/cmd/demo/resources/templates/sales.gohtml b/demo/cmd/demo/resources/templates/sales.gohtml
similarity index 100%
rename from cmd/demo/resources/templates/sales.gohtml
rename to demo/cmd/demo/resources/templates/sales.gohtml
diff --git a/cmd/demo/resources/templates/template.gohtml b/demo/cmd/demo/resources/templates/template.gohtml
similarity index 100%
rename from cmd/demo/resources/templates/template.gohtml
rename to demo/cmd/demo/resources/templates/template.gohtml
diff --git a/cmd/demo/resources/templates/unauthorized.gohtml b/demo/cmd/demo/resources/templates/unauthorized.gohtml
similarity index 100%
rename from cmd/demo/resources/templates/unauthorized.gohtml
rename to demo/cmd/demo/resources/templates/unauthorized.gohtml
diff --git a/cmd/demo/test/resources/config.yaml b/demo/cmd/demo/test/resources/config.yaml
similarity index 100%
rename from cmd/demo/test/resources/config.yaml
rename to demo/cmd/demo/test/resources/config.yaml
diff --git a/cmd/democonfig/democonfig.go b/demo/cmd/democonfig/democonfig.go
similarity index 96%
rename from cmd/democonfig/democonfig.go
rename to demo/cmd/democonfig/democonfig.go
index 3b364b0e..20a4834b 100644
--- a/cmd/democonfig/democonfig.go
+++ b/demo/cmd/democonfig/democonfig.go
@@ -5,7 +5,7 @@ import (
 	"crypto/tls"
 	"fmt"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/compressionsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/compressionsupport"
 
 	"io/fs"
 	"log"
@@ -20,7 +20,7 @@ import (
 	"time"
 
 	"github.com/gorilla/mux"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 )
 
 func App(addr string) *http.Server {
diff --git a/cmd/democonfig/democonfig_test.go b/demo/cmd/democonfig/democonfig_test.go
similarity index 95%
rename from cmd/democonfig/democonfig_test.go
rename to demo/cmd/democonfig/democonfig_test.go
index 43477c5a..1ec376fd 100644
--- a/cmd/democonfig/democonfig_test.go
+++ b/demo/cmd/democonfig/democonfig_test.go
@@ -6,7 +6,7 @@ import (
 	"crypto/x509"
 	"fmt"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/compressionsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/compressionsupport"
 
 	"mime/multipart"
 	"net"
@@ -17,8 +17,8 @@ import (
 	"testing"
 	"time"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/cmd/democonfig/resources/bundles/default/bundle/.manifest b/demo/cmd/democonfig/resources/bundles/default/bundle/.manifest
similarity index 100%
rename from cmd/democonfig/resources/bundles/default/bundle/.manifest
rename to demo/cmd/democonfig/resources/bundles/default/bundle/.manifest
diff --git a/cmd/democonfig/resources/bundles/default/bundle/data.json b/demo/cmd/democonfig/resources/bundles/default/bundle/data.json
similarity index 100%
rename from cmd/democonfig/resources/bundles/default/bundle/data.json
rename to demo/cmd/democonfig/resources/bundles/default/bundle/data.json
diff --git a/cmd/democonfig/resources/bundles/default/bundle/policy.rego b/demo/cmd/democonfig/resources/bundles/default/bundle/policy.rego
similarity index 100%
rename from cmd/democonfig/resources/bundles/default/bundle/policy.rego
rename to demo/cmd/democonfig/resources/bundles/default/bundle/policy.rego
diff --git a/cmd/democonfig/suite_test.go b/demo/cmd/democonfig/suite_test.go
similarity index 100%
rename from cmd/democonfig/suite_test.go
rename to demo/cmd/democonfig/suite_test.go
diff --git a/cmd/democonfig/test/README.md b/demo/cmd/democonfig/test/README.md
similarity index 100%
rename from cmd/democonfig/test/README.md
rename to demo/cmd/democonfig/test/README.md
diff --git a/cmd/democonfig/test/ca-cert.pem b/demo/cmd/democonfig/test/ca-cert.pem
similarity index 100%
rename from cmd/democonfig/test/ca-cert.pem
rename to demo/cmd/democonfig/test/ca-cert.pem
diff --git a/cmd/democonfig/test/client-cert.pem b/demo/cmd/democonfig/test/client-cert.pem
similarity index 100%
rename from cmd/democonfig/test/client-cert.pem
rename to demo/cmd/democonfig/test/client-cert.pem
diff --git a/cmd/democonfig/test/client-key.pem b/demo/cmd/democonfig/test/client-key.pem
similarity index 100%
rename from cmd/democonfig/test/client-key.pem
rename to demo/cmd/democonfig/test/client-key.pem
diff --git a/cmd/democonfig/test/server-cert.pem b/demo/cmd/democonfig/test/server-cert.pem
similarity index 100%
rename from cmd/democonfig/test/server-cert.pem
rename to demo/cmd/democonfig/test/server-cert.pem
diff --git a/cmd/democonfig/test/server-key.pem b/demo/cmd/democonfig/test/server-key.pem
similarity index 100%
rename from cmd/democonfig/test/server-key.pem
rename to demo/cmd/democonfig/test/server-key.pem
diff --git a/cmd/orchestrator/orchestrator.go b/demo/cmd/orchestrator/orchestrator.go
similarity index 75%
rename from cmd/orchestrator/orchestrator.go
rename to demo/cmd/orchestrator/orchestrator.go
index a3d72d88..5f3dbff4 100644
--- a/cmd/orchestrator/orchestrator.go
+++ b/demo/cmd/orchestrator/orchestrator.go
@@ -3,21 +3,21 @@ package main
 import (
 	"database/sql"
 	"fmt"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awsapigw"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/googlecloud"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/openpolicyagent"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awsapigw"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/googlecloud"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/openpolicyagent"
 	log "golang.org/x/exp/slog"
 	"net"
 	"net/http"
 	"os"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/databasesupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/hawksupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/workflowsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/databasesupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/hawksupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/workflowsupport"
 )
 
 type DatabaseHealthCheck struct {
diff --git a/cmd/orchestrator/orchestrator_test.go b/demo/cmd/orchestrator/orchestrator_test.go
similarity index 95%
rename from cmd/orchestrator/orchestrator_test.go
rename to demo/cmd/orchestrator/orchestrator_test.go
index 15aec6fd..91aca88a 100644
--- a/cmd/orchestrator/orchestrator_test.go
+++ b/demo/cmd/orchestrator/orchestrator_test.go
@@ -12,8 +12,8 @@ import (
 	"runtime"
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/cmd/orchestrator/test/README.md b/demo/cmd/orchestrator/test/README.md
similarity index 100%
rename from cmd/orchestrator/test/README.md
rename to demo/cmd/orchestrator/test/README.md
diff --git a/cmd/orchestrator/test/ca-cert.pem b/demo/cmd/orchestrator/test/ca-cert.pem
similarity index 100%
rename from cmd/orchestrator/test/ca-cert.pem
rename to demo/cmd/orchestrator/test/ca-cert.pem
diff --git a/cmd/orchestrator/test/client-cert.pem b/demo/cmd/orchestrator/test/client-cert.pem
similarity index 100%
rename from cmd/orchestrator/test/client-cert.pem
rename to demo/cmd/orchestrator/test/client-cert.pem
diff --git a/cmd/orchestrator/test/client-key.pem b/demo/cmd/orchestrator/test/client-key.pem
similarity index 100%
rename from cmd/orchestrator/test/client-key.pem
rename to demo/cmd/orchestrator/test/client-key.pem
diff --git a/cmd/orchestrator/test/server-cert.pem b/demo/cmd/orchestrator/test/server-cert.pem
similarity index 100%
rename from cmd/orchestrator/test/server-cert.pem
rename to demo/cmd/orchestrator/test/server-cert.pem
diff --git a/cmd/orchestrator/test/server-key.pem b/demo/cmd/orchestrator/test/server-key.pem
similarity index 100%
rename from cmd/orchestrator/test/server-key.pem
rename to demo/cmd/orchestrator/test/server-key.pem
diff --git a/databases/docker_support/ca-cert.pem b/demo/databases/docker_support/ca-cert.pem
similarity index 100%
rename from databases/docker_support/ca-cert.pem
rename to demo/databases/docker_support/ca-cert.pem
diff --git a/databases/docker_support/client-cert.pem b/demo/databases/docker_support/client-cert.pem
similarity index 100%
rename from databases/docker_support/client-cert.pem
rename to demo/databases/docker_support/client-cert.pem
diff --git a/databases/docker_support/client-key.pem b/demo/databases/docker_support/client-key.pem
similarity index 100%
rename from databases/docker_support/client-key.pem
rename to demo/databases/docker_support/client-key.pem
diff --git a/databases/docker_support/initdb.d/ca-cert.pem b/demo/databases/docker_support/initdb.d/ca-cert.pem
similarity index 100%
rename from databases/docker_support/initdb.d/ca-cert.pem
rename to demo/databases/docker_support/initdb.d/ca-cert.pem
diff --git a/databases/docker_support/initdb.d/create-databases.sh b/demo/databases/docker_support/initdb.d/create-databases.sh
similarity index 100%
rename from databases/docker_support/initdb.d/create-databases.sh
rename to demo/databases/docker_support/initdb.d/create-databases.sh
diff --git a/databases/docker_support/initdb.d/server-cert.pem b/demo/databases/docker_support/initdb.d/server-cert.pem
similarity index 100%
rename from databases/docker_support/initdb.d/server-cert.pem
rename to demo/databases/docker_support/initdb.d/server-cert.pem
diff --git a/databases/docker_support/initdb.d/server-key.pem b/demo/databases/docker_support/initdb.d/server-key.pem
similarity index 100%
rename from databases/docker_support/initdb.d/server-key.pem
rename to demo/databases/docker_support/initdb.d/server-key.pem
diff --git a/databases/docker_support/migrate-databases.sh b/demo/databases/docker_support/migrate-databases.sh
similarity index 100%
rename from databases/docker_support/migrate-databases.sh
rename to demo/databases/docker_support/migrate-databases.sh
diff --git a/databases/docker_support/test/initdb.d/create-test-database.sh b/demo/databases/docker_support/test/initdb.d/create-test-database.sh
similarity index 100%
rename from databases/docker_support/test/initdb.d/create-test-database.sh
rename to demo/databases/docker_support/test/initdb.d/create-test-database.sh
diff --git a/databases/orchestrator/001_initial_schema.down.sql b/demo/databases/orchestrator/001_initial_schema.down.sql
similarity index 100%
rename from databases/orchestrator/001_initial_schema.down.sql
rename to demo/databases/orchestrator/001_initial_schema.down.sql
diff --git a/databases/orchestrator/001_initial_schema.up.sql b/demo/databases/orchestrator/001_initial_schema.up.sql
similarity index 100%
rename from databases/orchestrator/001_initial_schema.up.sql
rename to demo/databases/orchestrator/001_initial_schema.up.sql
diff --git a/databases/orchestrator/002_add_service_type_to_applications.down.sql b/demo/databases/orchestrator/002_add_service_type_to_applications.down.sql
similarity index 100%
rename from databases/orchestrator/002_add_service_type_to_applications.down.sql
rename to demo/databases/orchestrator/002_add_service_type_to_applications.down.sql
diff --git a/databases/orchestrator/002_add_service_type_to_applications.up.sql b/demo/databases/orchestrator/002_add_service_type_to_applications.up.sql
similarity index 100%
rename from databases/orchestrator/002_add_service_type_to_applications.up.sql
rename to demo/databases/orchestrator/002_add_service_type_to_applications.up.sql
diff --git a/deployments/README.md b/demo/deployments/README.md
similarity index 100%
rename from deployments/README.md
rename to demo/deployments/README.md
diff --git a/deployments/amazon-web-services/README.md b/demo/deployments/amazon-web-services/README.md
similarity index 100%
rename from deployments/amazon-web-services/README.md
rename to demo/deployments/amazon-web-services/README.md
diff --git a/deployments/amazon-web-services/cluster-config.yaml b/demo/deployments/amazon-web-services/cluster-config.yaml
similarity index 100%
rename from deployments/amazon-web-services/cluster-config.yaml
rename to demo/deployments/amazon-web-services/cluster-config.yaml
diff --git a/deployments/amazon-web-services/hexa-demo-amazon-pipeline-configuration.yaml b/demo/deployments/amazon-web-services/hexa-demo-amazon-pipeline-configuration.yaml
similarity index 100%
rename from deployments/amazon-web-services/hexa-demo-amazon-pipeline-configuration.yaml
rename to demo/deployments/amazon-web-services/hexa-demo-amazon-pipeline-configuration.yaml
diff --git a/deployments/amazon-web-services/hexa-demo-amazon-pipeline.yaml b/demo/deployments/amazon-web-services/hexa-demo-amazon-pipeline.yaml
similarity index 100%
rename from deployments/amazon-web-services/hexa-demo-amazon-pipeline.yaml
rename to demo/deployments/amazon-web-services/hexa-demo-amazon-pipeline.yaml
diff --git a/deployments/amazon-web-services/hexa-demo-amazon.yaml b/demo/deployments/amazon-web-services/hexa-demo-amazon.yaml
similarity index 100%
rename from deployments/amazon-web-services/hexa-demo-amazon.yaml
rename to demo/deployments/amazon-web-services/hexa-demo-amazon.yaml
diff --git a/deployments/amazon-web-services/v2_3_1_full.yaml b/demo/deployments/amazon-web-services/v2_3_1_full.yaml
similarity index 100%
rename from deployments/amazon-web-services/v2_3_1_full.yaml
rename to demo/deployments/amazon-web-services/v2_3_1_full.yaml
diff --git a/deployments/azure/README.md b/demo/deployments/azure/README.md
similarity index 100%
rename from deployments/azure/README.md
rename to demo/deployments/azure/README.md
diff --git a/deployments/azure/hexa-demo.yaml b/demo/deployments/azure/hexa-demo.yaml
similarity index 100%
rename from deployments/azure/hexa-demo.yaml
rename to demo/deployments/azure/hexa-demo.yaml
diff --git a/deployments/azure/required-resource-accesses.json.txt b/demo/deployments/azure/required-resource-accesses.json.txt
similarity index 100%
rename from deployments/azure/required-resource-accesses.json.txt
rename to demo/deployments/azure/required-resource-accesses.json.txt
diff --git a/deployments/bundle-server/config/server-cert.pem b/demo/deployments/bundle-server/config/server-cert.pem
similarity index 100%
rename from deployments/bundle-server/config/server-cert.pem
rename to demo/deployments/bundle-server/config/server-cert.pem
diff --git a/deployments/bundle-server/config/server-key.pem b/demo/deployments/bundle-server/config/server-key.pem
similarity index 100%
rename from deployments/bundle-server/config/server-key.pem
rename to demo/deployments/bundle-server/config/server-key.pem
diff --git a/deployments/google-cloud/hexa-admin-pipeline-configuration.yaml b/demo/deployments/google-cloud/hexa-admin-pipeline-configuration.yaml
similarity index 100%
rename from deployments/google-cloud/hexa-admin-pipeline-configuration.yaml
rename to demo/deployments/google-cloud/hexa-admin-pipeline-configuration.yaml
diff --git a/deployments/google-cloud/hexa-admin-pipeline.yaml b/demo/deployments/google-cloud/hexa-admin-pipeline.yaml
similarity index 100%
rename from deployments/google-cloud/hexa-admin-pipeline.yaml
rename to demo/deployments/google-cloud/hexa-admin-pipeline.yaml
diff --git a/deployments/google-cloud/hexa-admin.yaml b/demo/deployments/google-cloud/hexa-admin.yaml
similarity index 100%
rename from deployments/google-cloud/hexa-admin.yaml
rename to demo/deployments/google-cloud/hexa-admin.yaml
diff --git a/deployments/google-cloud/hexa-demo-pipeline-configuration.yaml b/demo/deployments/google-cloud/hexa-demo-pipeline-configuration.yaml
similarity index 100%
rename from deployments/google-cloud/hexa-demo-pipeline-configuration.yaml
rename to demo/deployments/google-cloud/hexa-demo-pipeline-configuration.yaml
diff --git a/deployments/google-cloud/hexa-demo-pipeline.yaml b/demo/deployments/google-cloud/hexa-demo-pipeline.yaml
similarity index 100%
rename from deployments/google-cloud/hexa-demo-pipeline.yaml
rename to demo/deployments/google-cloud/hexa-demo-pipeline.yaml
diff --git a/deployments/google-cloud/hexa-demo.yaml b/demo/deployments/google-cloud/hexa-demo.yaml
similarity index 100%
rename from deployments/google-cloud/hexa-demo.yaml
rename to demo/deployments/google-cloud/hexa-demo.yaml
diff --git a/deployments/opa-server/.opa/.gitignore b/demo/deployments/opa-server/.opa/.gitignore
similarity index 100%
rename from deployments/opa-server/.opa/.gitignore
rename to demo/deployments/opa-server/.opa/.gitignore
diff --git a/deployments/opa-server/Dockerfile b/demo/deployments/opa-server/Dockerfile
similarity index 100%
rename from deployments/opa-server/Dockerfile
rename to demo/deployments/opa-server/Dockerfile
diff --git a/deployments/opa-server/config/aws-s3-opa-config.yaml b/demo/deployments/opa-server/config/aws-s3-opa-config.yaml
similarity index 100%
rename from deployments/opa-server/config/aws-s3-opa-config.yaml
rename to demo/deployments/opa-server/config/aws-s3-opa-config.yaml
diff --git a/deployments/opa-server/config/ca-cert.pem b/demo/deployments/opa-server/config/ca-cert.pem
similarity index 100%
rename from deployments/opa-server/config/ca-cert.pem
rename to demo/deployments/opa-server/config/ca-cert.pem
diff --git a/deployments/opa-server/config/config.yaml b/demo/deployments/opa-server/config/config.yaml
similarity index 100%
rename from deployments/opa-server/config/config.yaml
rename to demo/deployments/opa-server/config/config.yaml
diff --git a/deployments/opa-server/config/gcp-opa-config.yaml b/demo/deployments/opa-server/config/gcp-opa-config.yaml
similarity index 100%
rename from deployments/opa-server/config/gcp-opa-config.yaml
rename to demo/deployments/opa-server/config/gcp-opa-config.yaml
diff --git a/deployments/opa-server/config/github-opa-config.yaml b/demo/deployments/opa-server/config/github-opa-config.yaml
similarity index 100%
rename from deployments/opa-server/config/github-opa-config.yaml
rename to demo/deployments/opa-server/config/github-opa-config.yaml
diff --git a/deployments/opa-server/example/integration.json b/demo/deployments/opa-server/example/integration.json
similarity index 100%
rename from deployments/opa-server/example/integration.json
rename to demo/deployments/opa-server/example/integration.json
diff --git a/docker-compose.yml b/demo/docker-compose.yml
similarity index 100%
rename from docker-compose.yml
rename to demo/docker-compose.yml
diff --git a/demo/go.mod b/demo/go.mod
new file mode 100644
index 00000000..996fcd3f
--- /dev/null
+++ b/demo/go.mod
@@ -0,0 +1,107 @@
+module github.com/hexa-org/policy-orchestrator/demo
+
+go 1.20
+
+// +heroku goVersion go1.20
+
+// SAURABH TEMP REPACE FOR LOCAL DEV
+//replace github.com/hexa-org/policy-orchestrator/sdk/core => ../sdk/core
+//replace github.com/hexa-org/policy-orchestrator/sdk/provideraws/cognitoidp => ../sdk/provideraws/cognitoidp
+//replace github.com/hexa-org/policy-orchestrator/sdk/provideraws/policystore/dynamodbpolicystore => ../sdk/provideraws/policystore/dynamodbpolicystore
+
+require (
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.2
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement v1.1.1
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.1.1
+	github.com/aws/aws-sdk-go-v2 v1.21.2
+	github.com/aws/aws-sdk-go-v2/config v1.18.45
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.43
+	github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.10.42
+	github.com/aws/aws-sdk-go-v2/service/apigatewayv2 v1.13.14
+	github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.27.0
+	github.com/aws/aws-sdk-go-v2/service/dynamodb v1.22.2
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.30.0
+	github.com/envoyproxy/go-control-plane v0.11.1 // indirect
+	github.com/go-playground/validator/v10 v10.11.2
+	github.com/golang-jwt/jwt v3.2.2+incompatible
+	github.com/google/cel-go v0.18.0 // indirect
+	github.com/google/uuid v1.3.1
+	github.com/gorilla/mux v1.8.0
+	github.com/gorilla/sessions v1.2.1
+	github.com/hiyosi/hawk v1.0.1
+	github.com/lib/pq v1.10.7
+	github.com/stretchr/testify v1.8.4
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
+	google.golang.org/api v0.139.0
+	gopkg.in/square/go-jose.v2 v2.6.0
+)
+
+require (
+	github.com/hexa-org/policy-mapper/hexaIdql v0.6.0-alpha.3
+	github.com/hexa-org/policy-mapper/mapper/formats/gcpBind v0.6.0-alpha.3
+	github.com/hexa-org/policy-orchestrator/sdk/core v0.6.0-alpha.8
+	github.com/hexa-org/policy-orchestrator/sdk/provideraws/cognitoidp v0.6.0-alpha.8
+	github.com/hexa-org/policy-orchestrator/sdk/provideraws/policystore/dynamodbpolicystore v0.6.0-alpha.8
+)
+
+require (
+	github.com/hexa-org/policy-orchestrator/sdk/provideraws/awscommon v0.6.0-alpha.8 // indirect
+	golang.org/x/sync v0.4.0 // indirect
+)
+
+require (
+	cloud.google.com/go/compute v1.23.0 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.2.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v0.9.0 // indirect
+	github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.18 // indirect
+	github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.15.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.15 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.22 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.37 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.21 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect
+	github.com/aws/smithy-go v1.15.0 // indirect
+	github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
+	github.com/gorilla/securecookie v1.1.1 // indirect
+	github.com/hexa-org/policy-mapper/mapper/conditionLangs/gcpcel v0.6.0-alpha.3 // indirect
+	//github.com/hexa-org/policy-orchestrator/sdk/provideraws/awscommon v0.6.0-alpha.8 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
+	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/stoewer/go-strcase v1.3.0 // indirect
+	github.com/stretchr/objx v0.5.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	golang.org/x/crypto v0.14.0 // indirect
+	golang.org/x/net v0.16.0 // indirect
+	golang.org/x/oauth2 v0.12.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
+	google.golang.org/grpc v1.58.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
diff --git a/go.sum b/demo/go.sum
similarity index 61%
rename from go.sum
rename to demo/go.sum
index 1cbbaf5e..31f459ad 100644
--- a/go.sum
+++ b/demo/go.sum
@@ -1,10 +1,8 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys=
-cloud.google.com/go/compute v1.19.1 h1:am86mquDUgjGNWxiGn+5PGLbmgiWXlE/yNWpIpNvuXY=
-cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE=
+cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY=
+cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
-cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0 h1:rTnT/Jrcm+figWlYz4Ixzt0SJVR2cMC8lvZcimipiEY=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0/go.mod h1:ON4tFdPTwRcgWEaVDrN3584Ef+b7GgSJaXxe5fW9t4M=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.2 h1:uqM+VoHjVH6zdlkLF2b6O0ZANcHoj3rO0PoQ3jglUJA=
@@ -20,72 +18,74 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.
 github.com/AzureAD/microsoft-authentication-library-for-go v0.9.0 h1:UE9n9rkJF62ArLb1F3DEjRt8O3jLwMWdSoypKV4f3MU=
 github.com/AzureAD/microsoft-authentication-library-for-go v0.9.0/go.mod h1:kgDmCTgBzIEPFElEF+FK0SdjAor06dRq2Go927dnQ6o=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/alecthomas/assert/v2 v2.0.3 h1:WKqJODfOiQG0nEJKFKzDIG3E29CN2/4zR9XGJzKIkbg=
-github.com/alecthomas/assert/v2 v2.0.3/go.mod h1:b/+1DI2Q6NckYi+3mXyH3wFb8qG37K/DuK80n7WefXA=
-github.com/alecthomas/participle/v2 v2.0.0-beta.5 h1:y6dsSYVb1G5eK6mgmy+BgI3Mw35a3WghArZ/Hbebrjo=
-github.com/alecthomas/participle/v2 v2.0.0-beta.5/go.mod h1:RC764t6n4L8D8ITAJv0qdokritYSNR3wV5cVwmIEaMM=
-github.com/alecthomas/repr v0.1.0 h1:ENn2e1+J3k09gyj2shc0dHr/yjaWSHRlrJ4DPMevDqE=
-github.com/alecthomas/repr v0.1.0/go.mod h1:2kn6fqh/zIyPLmm3ugklbEi5hg5wS435eygvNfaDQL8=
-github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 h1:yL7+Jz0jTC6yykIK/Wh74gnTJnrGr5AyrNMXuA0gves=
-github.com/antlr/antlr4/runtime/Go/antlr v1.4.10/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
-github.com/aws/aws-sdk-go-v2 v1.14.0/go.mod h1:ZA3Y8V0LrlWj63MQAnRHgKf/5QB//LSZCPNWlWrNGLU=
+github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18=
+github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM=
 github.com/aws/aws-sdk-go-v2 v1.17.3/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2 v1.19.0 h1:klAT+y3pGFBU/qVf1uzwttpBbiuozJYWzNLHioyDJ+k=
 github.com/aws/aws-sdk-go-v2 v1.19.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
+github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
+github.com/aws/aws-sdk-go-v2 v1.21.2 h1:+LXZ0sgo8quN9UOKXXzAWRT3FWd4NxeXWOZom9pE7GA=
+github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 h1:dK82zF6kkPeCo8J1e+tGx4JdvDIQzj7ygIoLg8WMuGs=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10/go.mod h1:VeTZetY5KRJLuD/7fkQXMU6Mw7H5m/KP2J5Iy9osMno=
-github.com/aws/aws-sdk-go-v2/config v1.14.0 h1:Yr8/7R6H8nqqfqgLATrcB83ax6FE2HcDXEB54XPhE98=
-github.com/aws/aws-sdk-go-v2/config v1.14.0/go.mod h1:GKDRrvsq/PTaOYc9252u8Uah1hsIdtor4oIrFvUNPNM=
-github.com/aws/aws-sdk-go-v2/credentials v1.9.0 h1:R3Q5s1uGLUg0aUzi+oRaUqRXhd17G/9+PiVnAwXp4sY=
-github.com/aws/aws-sdk-go-v2/credentials v1.9.0/go.mod h1:PyHKqk/+tJuDY7T8R580S1j/AcSD+ODeUZ99CAUKLqQ=
-github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.10.31 h1:E8dD+ybAgXQDoXzFdosX8nKBG78yZLZLY83JGtuvyx8=
-github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.10.31/go.mod h1:KBfz/i2tcY+0H3IOOOMVk9Olw8GRmgFPlKamh4Ro0ts=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.11.0 h1:CkM4d3lNeMXMZ0BDX3BtCktnKA1Ftud84Hb6d+Ix4Rk=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.11.0/go.mod h1:rwdUKJV5rm+vHu1ncD1iGDqahBEL8O0tBjVqo9eO2N0=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.5/go.mod h1:2hXc8ooJqF2nAznsbJQIn+7h851/bu8GVC80OVTTqf8=
+github.com/aws/aws-sdk-go-v2/config v1.18.45 h1:Aka9bI7n8ysuwPeFdm77nfbyHCAKQ3z9ghB3S/38zes=
+github.com/aws/aws-sdk-go-v2/config v1.18.45/go.mod h1:ZwDUgFnQgsazQTnWfeLWk5GjeqTQTL8lMkoE1UXzxdE=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.43 h1:LU8vo40zBlo3R7bAvBVy/ku4nxGEyZe9N8MqAeFTzF8=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.43/go.mod h1:zWJBz1Yf1ZtX5NGax9ZdNjhhI4rgjfgsyk6vTY1yfVg=
+github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.10.42 h1:taACSYOzbwyrJPvzX0ucCkB9gxkIkcYkuXkUhNRsnJ0=
+github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.10.42/go.mod h1:y4dbQK/yjYJ2HXqx57/G8FvLckKtN61s/IWNVvP5k9E=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 h1:PIktER+hwIG286DqXyvVENjgLTAwGgoeriLDD5C+YlQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13/go.mod h1:f/Ib/qYjhV2/qdsf79H3QP/eRE4AkVyEf6sk7XfZ1tg=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27/go.mod h1:a1/UpzeyBBerajpnP5nGZa9mGzsBn5cOKxm6NWQsvoI=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35 h1:hMUCiE3Zi5AHrRNGf5j985u0WyqI6r2NULhUfo0N/No=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35/go.mod h1:ipR5PvpSPqIqL5Mi82BxLnfMkHVbmco8kUwO2xrCi0M=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.3.0/go.mod h1:miRSv9l093jX/t/j+mBCaLqFHo9xKYzJ7DGm1BsGoJM=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41/go.mod h1:CrObHAuPneJBlfEJ5T3szXOUkLEThaGfvnhTf33buas=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 h1:nFBQlGtkbPzp/NjZLuFxRqmT91rLJkgvsEQs68h962Y=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21/go.mod h1:+Gxn8jYn5k9ebfHEqlhrMirFjSW0v0C9fI+KN5vk2kE=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29 h1:yOpYx+FTBdpk/g+sBU6Cb1H0U/TLEcYYp66mYqsPpcc=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29/go.mod h1:M/eUABlDbw2uVrdAn+UsI6M727qp2fxkp8K0ejcBDUY=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.6 h1:c8s9EhIPVFMFS+R1+rtEghGrf7v83gSUWbcCYX/OPes=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.6/go.mod h1:o1ippSg3yJx5EuT4AOGXJCUcmt5vrcxla1cg6K1Q8Iw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35/go.mod h1:SJC1nEVVva1g3pHAIdCp7QsRIkMmLAgoDquQ9Rr8kYw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 h1:JRVhO25+r3ar2mKGP7E0LDl8K9/G36gjlqca5iQbaqc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 h1:hze8YsjSh8Wl1rYa1CJpRmXP21BvOBuc76YhW0HsuQ4=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45/go.mod h1:lD5M20o09/LCuQ2mE62Mb/iSdSlCNuj6H5ci7tW7OsE=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.18 h1:H/mF2LNWwX00lD6FlYfKpLLZgUW7oIzCBkig78x4Xok=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.18/go.mod h1:T2Ku+STrYQ1zIkL1wMvj8P3wWQaaCMKNdz70MT2FLfE=
-github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.13.0 h1:VWsgp/I1FW+UIJAYQ2rJeWGBeZ/HfNASPFVf7n9PYFU=
-github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.13.0/go.mod h1:4py6AdYqveywH69+7AklwJoG10nN6oSBHRE2B94S118=
-github.com/aws/aws-sdk-go-v2/service/dynamodb v1.20.1 h1:gknY3OHEGXaLamootb1VaJSohtHwcIMGvm23VnZVIzE=
-github.com/aws/aws-sdk-go-v2/service/dynamodb v1.20.1/go.mod h1:iA/evsHrPWhDyMj6cuMa6qlFTqSqYXoKs8LSvIFauTA=
-github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.14.15 h1:yonnEISVD77M77F813Va41d8wl3A1W6HhfEmrVOcqfM=
-github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.14.15/go.mod h1:3zUTVwCixtSfFyNFK0P0x92IMkfTZQpuXH7Lk/WbW9g=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 h1:y2+VQzC6Zh2ojtV2LoC0MNwHWc6qXv/j2vrQtlftkdA=
+github.com/aws/aws-sdk-go-v2/service/apigatewayv2 v1.13.14 h1:2jRKwxT+e40l1vepcIIenlrZBXrCWnx1Z2JkoUUqWrU=
+github.com/aws/aws-sdk-go-v2/service/apigatewayv2 v1.13.14/go.mod h1:lg/1D90DDo2//C84mvygysHF4JRo+Vf/W5YbkHoeUk8=
+github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.27.0 h1:f5Pwi2WroVsN6Qd3eS2MdBqxHRjT8V2tOkoy/JDQUcI=
+github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.27.0/go.mod h1:y1KD4pOtJebA4NsZPuT7+FnLqhilsCxjZtXkWZm2pBE=
+github.com/aws/aws-sdk-go-v2/service/dynamodb v1.22.2 h1:s7oacej7gZm+Bcq5BxZIlm5HWjEyKiWtOt405QZ+WOA=
+github.com/aws/aws-sdk-go-v2/service/dynamodb v1.22.2/go.mod h1:1HkLh8vaL4obF95fne7ZOu7sxomS/+vkBt3/+gqqwE4=
+github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.15.7 h1:WCeS9WZbIqEKCbgIkrHB5jw/9mO2QMYTLPF8wee3v4Y=
+github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.15.7/go.mod h1:uT1paW42RVCVEoAEbWKu98gEI0GMBWUsT/H+pI4ODJQ=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11/go.mod h1:iV4q2hsqtNECrfmlXyord9u4zyuFEJX9eLgLpSPzWA8=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.15 h1:7R8uRYyXzdD71KWVCL78lJZltah6VVznXBazvKjfH58=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.15/go.mod h1:26SQUPcTNgV1Tapwdt4a1rOsYRsnBsJHLMPoxK2b0d8=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.22 h1:kv5vRAl00tozRxSnI0IszPWGXsJOyA7hmEUHFYqsyvw=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.22/go.mod h1:Od+GU5+Yx41gryN/ZGZzAJMZ9R1yn6lgA0fD5Lo5SkQ=
-github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.29 h1:gajv/wALzb2KgK9YKq1jW+y2ZgL5o4A+UZmFfZi8lSY=
-github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.29/go.mod h1:SYEgYIjFeLoPSOCIqdFr44QiBwGlnsUIHqMD5OZnsgg=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.8.0/go.mod h1:rBDLgXDAwHOfxZKLRDl8OGTPzFDC+a2pLqNNj8+QwfI=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 h1:5C6XgTViSb0bunmU57b3CT+MhxULqHH2721FVA+/kDM=
+github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.37 h1:4LoizcvPT9A0tiAFhepxn0bGZXkzvN0pG0epydY3Pno=
+github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.37/go.mod h1:7xBUZyP6LeLc+5Ym9PG7atqw4sR28sBtYcHETik+bPE=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21/go.mod h1:lRToEJsn+DRA9lW4O9L9+/3hjTkUzlzyzHqn8MTds5k=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 h1:WWZA/I2K4ptBS1kg0kV1JbBtG/umed0vwHRrmcr9z7k=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37/go.mod h1:vBmDnwWXWxNPFRMmG2m/3MKOe+xEcMDo1tanpaWCcck=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.21 h1:vY5siRXvW5TrOKm2qKEf9tliBfdLxdfy0i02LOcmqUo=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.21/go.mod h1:WZvNXT1XuH8dnJM0HvOlvk+RNn7NbAPvA/ACO0QarSc=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.30.0 h1:wddsyuESfviaiXk3w9N6/4iRwTg/a3gktjODY6jYQBo=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.30.0/go.mod h1:L2l2/q76teehcW7YEsgsDjqdsDTERJeX3nOMIFlgGUE=
-github.com/aws/aws-sdk-go-v2/service/sso v1.10.0 h1:qCuSRiQhsPU46NH79HUyPQEn5AcpMj+2gsqMYwtzdw8=
-github.com/aws/aws-sdk-go-v2/service/sso v1.10.0/go.mod h1:m1CRRFX7eH3EE6w0ntdu+lo+Ph9VS7y8qRV/vdym0ZY=
-github.com/aws/aws-sdk-go-v2/service/sts v1.15.0 h1:zC/vHxWTlqZ0tIPJItg0zWHsa25cH7tXsUknSGcH39o=
-github.com/aws/aws-sdk-go-v2/service/sts v1.15.0/go.mod h1:E264g2Gl5U9KTGzmd8ypGEAoh75VmqyuA/Ox5O1eRE4=
-github.com/aws/smithy-go v1.11.0/go.mod h1:3xHYmszWVx2c0kIwQeEVf9uSm4fYZt67FBJnwub1bgM=
-github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 h1:JuPGc7IkOP4AaqcZSIcyqLpFSqBWK32rM9+a1g6u73k=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.2/go.mod h1:gsL4keucRCgW+xA85ALBpRFfdSLH4kHOVSnLMSuBECo=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 h1:HFiiRkf1SdaAmV3/BHOFZ9DjFynPHj8G/UIO1lQS+fk=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3/go.mod h1:a7bHA82fyUXOm+ZSWKU6PIoBxrjSprdLoM8xPYvzYVg=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 h1:0BkLfgeDjfZnZ+MhB3ONb01u9pwFYTCZVhlsSSBvlbU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.2/go.mod h1:Eows6e1uQEsc4ZaHANmsPRzAKcVDrcmjjWiih2+HUUQ=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/aws/smithy-go v1.15.0 h1:PS/durmlzvAFpQHDs4wi4sNNP9ExsqZh6IlfdHXgKK8=
+github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k=
 github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -93,8 +93,8 @@ github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f h1:7T++XKzy4xg7PKy+bM+Sa9/oe1OC88yz2hXQUISoXfA=
-github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f/go.mod h1:sfYdkwUW4BA3PbKjySwjJy+O4Pu0h62rlqCMHNk+K+Q=
+github.com/envoyproxy/go-control-plane v0.11.1 h1:wSUXTlLfiAQRWs2F+p+EKOY9rUyis1MyGqJ2DIk5HpM=
+github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQLaTEw+YhGluxZkrTmD0g=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
@@ -108,11 +108,11 @@ github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzq
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
@@ -122,10 +122,11 @@ github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvq
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/google/cel-go v0.13.0 h1:z+8OBOcmh7IeKyqwT/6IlnMvy621fYUqnTVPEdegGlU=
-github.com/google/cel-go v0.13.0/go.mod h1:K2hpQgEjDp18J76a2DKFRlPBPpgRZgi6EbnpDgIhJ8s=
+github.com/google/cel-go v0.18.0 h1:u74MPiEC8mejBrkXqrTWT102g5IFEUjxOngzQIijMzU=
+github.com/google/cel-go v0.18.0/go.mod h1:PVAybmSnWkNMUZR/tEWFUiJ1Np4Hz0MHsZJcgC4zln4=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -133,33 +134,45 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
+github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k=
-github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
-github.com/googleapis/gax-go/v2 v2.7.1 h1:gF4c0zjUP2H/s/hEGyLA3I0fA2ZWjzYiONAD6cvPr8A=
-github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI=
+github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
+github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.2.5 h1:UR4rDjcgpgEnqpIEvkiqTYKBCKLNmlge2eVjoZfySzM=
+github.com/googleapis/enterprise-certificate-proxy v0.2.5/go.mod h1:RxW0N9901Cko1VOCW3SXCpWP+mlIEkk2tP7jnHy9a3w=
+github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
+github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
 github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
 github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=
 github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
-github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
-github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
+github.com/hexa-org/policy-mapper/hexaIdql v0.6.0-alpha.3 h1:kApPuTEC8bVualHsj0CA5avqk7DgU2ZiJOpLG5EiKTM=
+github.com/hexa-org/policy-mapper/hexaIdql v0.6.0-alpha.3/go.mod h1:mqzC3LjDSVimn8u7s98JWJjrYUm4fCR7ZlMsqI/7ABM=
+github.com/hexa-org/policy-mapper/mapper/conditionLangs/gcpcel v0.6.0-alpha.3 h1:OEKDeQ99XEuY8geaC7BcO4ZutrV7r91jz+o83d3zuhs=
+github.com/hexa-org/policy-mapper/mapper/conditionLangs/gcpcel v0.6.0-alpha.3/go.mod h1:lztDcLCkQr006lK6C87o/Bfwz2Ko3Fd6hoBlFL2WGaA=
+github.com/hexa-org/policy-mapper/mapper/formats/gcpBind v0.6.0-alpha.3 h1:bFuZPe+3U9yv2PpbdlO/F1zAqTxs2m0qDQFllM8Wuq0=
+github.com/hexa-org/policy-mapper/mapper/formats/gcpBind v0.6.0-alpha.3/go.mod h1:jCrRXeHLQwT/JK3Kwd2B+xLsALRLKcu2BUuPCgtzyLs=
+github.com/hexa-org/policy-orchestrator/sdk/core v0.6.0-alpha.8 h1:rGqQOR5KjMl4+sBQxGzOwK5Qz63nbMjDBeuV2aeBWsk=
+github.com/hexa-org/policy-orchestrator/sdk/core v0.6.0-alpha.8/go.mod h1:rK63pk8W/+VJnj08hmgo9kVXd8gpNRqo7z1h/Ecrtw0=
+github.com/hexa-org/policy-orchestrator/sdk/provideraws/awscommon v0.6.0-alpha.8 h1:iEx5oLRkYKr9ST9RGyw8E2nZAxJvAx0EiJiMxZVkETc=
+github.com/hexa-org/policy-orchestrator/sdk/provideraws/awscommon v0.6.0-alpha.8/go.mod h1:/X5vEXgKOddu3KBNP2pT8lgBsVksoRa32xaQIkLs6ZU=
+github.com/hexa-org/policy-orchestrator/sdk/provideraws/cognitoidp v0.6.0-alpha.8 h1:awQRB5Jb5y+Gvv1ZiTIqbZrBG/1lb84cZSIboaQeVXs=
+github.com/hexa-org/policy-orchestrator/sdk/provideraws/cognitoidp v0.6.0-alpha.8/go.mod h1:P21/U7GTyeWfcHDA9C4rGwHlSi3OCF4nBR75qHCkbaY=
+github.com/hexa-org/policy-orchestrator/sdk/provideraws/policystore/dynamodbpolicystore v0.6.0-alpha.8 h1:iZE3q33oqaUwi0jrOppx2QybRuX6FRzy6fIdX2saW18=
+github.com/hexa-org/policy-orchestrator/sdk/provideraws/policystore/dynamodbpolicystore v0.6.0-alpha.8/go.mod h1:NlSSZMjcyX2UhNzzw3xrYu7m2eRaw+/X+Mkpwvu0R/w=
 github.com/hiyosi/hawk v1.0.1 h1:GEas6goQiKcaqfY2CwbBrmeG9Nc7EueAg5DIt8fs8cY=
 github.com/hiyosi/hawk v1.0.1/go.mod h1:8L5D3lQ2sM7DCb659XLxhILgzoJa8aZlmOqLHOz3kVM=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
@@ -171,57 +184,71 @@ github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzL
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
-github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU=
-github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs=
+github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
-github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc=
-golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.16.0 h1:7eBu7KsSvFDtSXUIDbh3aqlK4DPsZ1rByC8PFfBThos=
+golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g=
-golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4=
+golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4=
+golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
+golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -229,25 +256,31 @@ golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGm
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.114.0 h1:1xQPji6cO2E2vLiI+C/XiFAnsn1WV3mjaEwGLhi3grE=
-google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg=
+google.golang.org/api v0.139.0 h1:A1TrCPgMmOiYu0AiNkvQIpIx+D8blHTDcJ5EogkP7LI=
+google.golang.org/api v0.139.0/go.mod h1:CVagp6Eekz9CjGZ718Z+sloknzkDJE7Vc1Ckj9+viBk=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
-google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
+google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 h1:L6iMMGrtzgHsWofoFcihmDEMYeDR9KN/ThbPWGrh++g=
+google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d h1:DoPTO70H+bcDXcd39vOqb2viZxgqeBeSGtZ55yZU4/Q=
+google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc=
-google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
+google.golang.org/grpc v1.58.0 h1:32JY8YpPMSR45K+c3o6b8VL73V+rR8k+DeMIr4vRH8o=
+google.golang.org/grpc v1.58.0/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -259,13 +292,12 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
-google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
 gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/internal/admin/admin.go b/demo/internal/admin/admin.go
similarity index 100%
rename from internal/admin/admin.go
rename to demo/internal/admin/admin.go
diff --git a/internal/admin/admin_test.go b/demo/internal/admin/admin_test.go
similarity index 78%
rename from internal/admin/admin_test.go
rename to demo/internal/admin/admin_test.go
index 8cd6d263..2b545f86 100644
--- a/internal/admin/admin_test.go
+++ b/demo/internal/admin/admin_test.go
@@ -6,11 +6,11 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/internal/admin"
-	"github.com/hexa-org/policy-orchestrator/internal/admin/test"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/admin"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/admin/test"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/internal/admin/applications.go b/demo/internal/admin/applications.go
similarity index 98%
rename from internal/admin/applications.go
rename to demo/internal/admin/applications.go
index 28f06f11..a8001ceb 100644
--- a/internal/admin/applications.go
+++ b/demo/internal/admin/applications.go
@@ -8,7 +8,7 @@ import (
 	"net/http"
 
 	"github.com/gorilla/mux"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 )
 
 type Application struct {
diff --git a/internal/admin/applications_test.go b/demo/internal/admin/applications_test.go
similarity index 97%
rename from internal/admin/applications_test.go
rename to demo/internal/admin/applications_test.go
index 7c534435..25a0c722 100644
--- a/internal/admin/applications_test.go
+++ b/demo/internal/admin/applications_test.go
@@ -8,11 +8,11 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/internal/admin"
-	"github.com/hexa-org/policy-orchestrator/internal/admin/test"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/admin"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/admin/test"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 )
diff --git a/internal/admin/integrations.go b/demo/internal/admin/integrations.go
similarity index 98%
rename from internal/admin/integrations.go
rename to demo/internal/admin/integrations.go
index 7e8c7bc4..802e982e 100644
--- a/internal/admin/integrations.go
+++ b/demo/internal/admin/integrations.go
@@ -8,7 +8,7 @@ import (
 
 	"github.com/gorilla/mux"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 )
 
 type IntegrationProviderInterface interface {
diff --git a/internal/admin/integrations_amazon.go b/demo/internal/admin/integrations_amazon.go
similarity index 100%
rename from internal/admin/integrations_amazon.go
rename to demo/internal/admin/integrations_amazon.go
diff --git a/internal/admin/integrations_azure.go b/demo/internal/admin/integrations_azure.go
similarity index 100%
rename from internal/admin/integrations_azure.go
rename to demo/internal/admin/integrations_azure.go
diff --git a/internal/admin/integrations_google.go b/demo/internal/admin/integrations_google.go
similarity index 100%
rename from internal/admin/integrations_google.go
rename to demo/internal/admin/integrations_google.go
diff --git a/internal/admin/integrations_open_policy.go b/demo/internal/admin/integrations_open_policy.go
similarity index 100%
rename from internal/admin/integrations_open_policy.go
rename to demo/internal/admin/integrations_open_policy.go
diff --git a/internal/admin/integrations_test.go b/demo/internal/admin/integrations_test.go
similarity index 97%
rename from internal/admin/integrations_test.go
rename to demo/internal/admin/integrations_test.go
index 6bdd6cf0..2095902e 100644
--- a/internal/admin/integrations_test.go
+++ b/demo/internal/admin/integrations_test.go
@@ -12,11 +12,11 @@ import (
 	"net/url"
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/internal/admin"
-	"github.com/hexa-org/policy-orchestrator/internal/admin/test"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/admin"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/admin/test"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 )
diff --git a/internal/admin/orchestration.go b/demo/internal/admin/orchestration.go
similarity index 96%
rename from internal/admin/orchestration.go
rename to demo/internal/admin/orchestration.go
index 63239ce4..6ce11da6 100644
--- a/internal/admin/orchestration.go
+++ b/demo/internal/admin/orchestration.go
@@ -4,7 +4,7 @@ import (
 	"log"
 	"net/http"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 )
 
 type OrchestrationHandler interface {
diff --git a/internal/admin/orchestration_test.go b/demo/internal/admin/orchestration_test.go
similarity index 91%
rename from internal/admin/orchestration_test.go
rename to demo/internal/admin/orchestration_test.go
index ac17ad56..a5fbff3f 100644
--- a/internal/admin/orchestration_test.go
+++ b/demo/internal/admin/orchestration_test.go
@@ -8,11 +8,11 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/internal/admin"
-	"github.com/hexa-org/policy-orchestrator/internal/admin/test"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/admin"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/admin/test"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 )
diff --git a/internal/admin/orchestrator_client.go b/demo/internal/admin/orchestrator_client.go
similarity index 99%
rename from internal/admin/orchestrator_client.go
rename to demo/internal/admin/orchestrator_client.go
index 3ce23c57..f4d62504 100644
--- a/internal/admin/orchestrator_client.go
+++ b/demo/internal/admin/orchestrator_client.go
@@ -10,7 +10,7 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/hawksupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/hawksupport"
 )
 
 type HTTPClient interface {
diff --git a/internal/admin/orchestrator_client_test.go b/demo/internal/admin/orchestrator_client_test.go
similarity index 99%
rename from internal/admin/orchestrator_client_test.go
rename to demo/internal/admin/orchestrator_client_test.go
index 9bf5dcce..0a8b14a0 100644
--- a/internal/admin/orchestrator_client_test.go
+++ b/demo/internal/admin/orchestrator_client_test.go
@@ -9,7 +9,7 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/internal/admin"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/admin"
 
 	"github.com/go-playground/validator/v10"
 	"github.com/stretchr/testify/assert"
diff --git a/internal/admin/resources/static/images/add_white.svg b/demo/internal/admin/resources/static/images/add_white.svg
similarity index 100%
rename from internal/admin/resources/static/images/add_white.svg
rename to demo/internal/admin/resources/static/images/add_white.svg
diff --git a/internal/admin/resources/static/images/edit_white.svg b/demo/internal/admin/resources/static/images/edit_white.svg
similarity index 100%
rename from internal/admin/resources/static/images/edit_white.svg
rename to demo/internal/admin/resources/static/images/edit_white.svg
diff --git a/internal/admin/resources/static/images/favicon.png b/demo/internal/admin/resources/static/images/favicon.png
similarity index 100%
rename from internal/admin/resources/static/images/favicon.png
rename to demo/internal/admin/resources/static/images/favicon.png
diff --git a/internal/admin/resources/static/images/hexa.svg b/demo/internal/admin/resources/static/images/hexa.svg
similarity index 100%
rename from internal/admin/resources/static/images/hexa.svg
rename to demo/internal/admin/resources/static/images/hexa.svg
diff --git a/internal/admin/resources/static/images/menu_white.svg b/demo/internal/admin/resources/static/images/menu_white.svg
similarity index 100%
rename from internal/admin/resources/static/images/menu_white.svg
rename to demo/internal/admin/resources/static/images/menu_white.svg
diff --git a/internal/admin/resources/static/styles/app.css b/demo/internal/admin/resources/static/styles/app.css
similarity index 100%
rename from internal/admin/resources/static/styles/app.css
rename to demo/internal/admin/resources/static/styles/app.css
diff --git a/internal/admin/resources/static/styles/reset.css b/demo/internal/admin/resources/static/styles/reset.css
similarity index 100%
rename from internal/admin/resources/static/styles/reset.css
rename to demo/internal/admin/resources/static/styles/reset.css
diff --git a/internal/admin/resources/templates/applications.gohtml b/demo/internal/admin/resources/templates/applications.gohtml
similarity index 100%
rename from internal/admin/resources/templates/applications.gohtml
rename to demo/internal/admin/resources/templates/applications.gohtml
diff --git a/internal/admin/resources/templates/applications_edit.gohtml b/demo/internal/admin/resources/templates/applications_edit.gohtml
similarity index 100%
rename from internal/admin/resources/templates/applications_edit.gohtml
rename to demo/internal/admin/resources/templates/applications_edit.gohtml
diff --git a/internal/admin/resources/templates/applications_show.gohtml b/demo/internal/admin/resources/templates/applications_show.gohtml
similarity index 100%
rename from internal/admin/resources/templates/applications_show.gohtml
rename to demo/internal/admin/resources/templates/applications_show.gohtml
diff --git a/internal/admin/resources/templates/integrations.gohtml b/demo/internal/admin/resources/templates/integrations.gohtml
similarity index 100%
rename from internal/admin/resources/templates/integrations.gohtml
rename to demo/internal/admin/resources/templates/integrations.gohtml
diff --git a/internal/admin/resources/templates/integrations_new_amazon.gohtml b/demo/internal/admin/resources/templates/integrations_new_amazon.gohtml
similarity index 100%
rename from internal/admin/resources/templates/integrations_new_amazon.gohtml
rename to demo/internal/admin/resources/templates/integrations_new_amazon.gohtml
diff --git a/internal/admin/resources/templates/integrations_new_azure.gohtml b/demo/internal/admin/resources/templates/integrations_new_azure.gohtml
similarity index 100%
rename from internal/admin/resources/templates/integrations_new_azure.gohtml
rename to demo/internal/admin/resources/templates/integrations_new_azure.gohtml
diff --git a/internal/admin/resources/templates/integrations_new_google_cloud.gohtml b/demo/internal/admin/resources/templates/integrations_new_google_cloud.gohtml
similarity index 100%
rename from internal/admin/resources/templates/integrations_new_google_cloud.gohtml
rename to demo/internal/admin/resources/templates/integrations_new_google_cloud.gohtml
diff --git a/internal/admin/resources/templates/integrations_new_open_policy.gohtml b/demo/internal/admin/resources/templates/integrations_new_open_policy.gohtml
similarity index 100%
rename from internal/admin/resources/templates/integrations_new_open_policy.gohtml
rename to demo/internal/admin/resources/templates/integrations_new_open_policy.gohtml
diff --git a/internal/admin/resources/templates/orchestration_new.gohtml b/demo/internal/admin/resources/templates/orchestration_new.gohtml
similarity index 100%
rename from internal/admin/resources/templates/orchestration_new.gohtml
rename to demo/internal/admin/resources/templates/orchestration_new.gohtml
diff --git a/internal/admin/resources/templates/status.gohtml b/demo/internal/admin/resources/templates/status.gohtml
similarity index 100%
rename from internal/admin/resources/templates/status.gohtml
rename to demo/internal/admin/resources/templates/status.gohtml
diff --git a/internal/admin/resources/templates/template.gohtml b/demo/internal/admin/resources/templates/template.gohtml
similarity index 100%
rename from internal/admin/resources/templates/template.gohtml
rename to demo/internal/admin/resources/templates/template.gohtml
diff --git a/internal/admin/status.go b/demo/internal/admin/status.go
similarity index 94%
rename from internal/admin/status.go
rename to demo/internal/admin/status.go
index 80721343..95352864 100644
--- a/internal/admin/status.go
+++ b/demo/internal/admin/status.go
@@ -7,7 +7,7 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 )
 
 type Status struct {
diff --git a/internal/admin/status_test.go b/demo/internal/admin/status_test.go
similarity index 83%
rename from internal/admin/status_test.go
rename to demo/internal/admin/status_test.go
index 679359f5..2b821d5b 100644
--- a/internal/admin/status_test.go
+++ b/demo/internal/admin/status_test.go
@@ -7,13 +7,13 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/internal/admin"
-	"github.com/hexa-org/policy-orchestrator/internal/admin/test"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/admin"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/admin/test"
 
 	"github.com/gorilla/mux"
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/internal/admin/test/mock_client.go b/demo/internal/admin/test/mock_client.go
similarity index 97%
rename from internal/admin/test/mock_client.go
rename to demo/internal/admin/test/mock_client.go
index 50188702..aa6252f6 100644
--- a/internal/admin/test/mock_client.go
+++ b/demo/internal/admin/test/mock_client.go
@@ -3,7 +3,7 @@ package admin_test
 import (
 	"fmt"
 
-	"github.com/hexa-org/policy-orchestrator/internal/admin"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/admin"
 
 	"github.com/stretchr/testify/mock"
 )
diff --git a/internal/decisionsupport/decision_support.go b/demo/internal/decisionsupport/decision_support.go
similarity index 100%
rename from internal/decisionsupport/decision_support.go
rename to demo/internal/decisionsupport/decision_support.go
diff --git a/internal/decisionsupport/decision_support_provider.go b/demo/internal/decisionsupport/decision_support_provider.go
similarity index 100%
rename from internal/decisionsupport/decision_support_provider.go
rename to demo/internal/decisionsupport/decision_support_provider.go
diff --git a/internal/decisionsupport/decision_support_test.go b/demo/internal/decisionsupport/decision_support_test.go
similarity index 93%
rename from internal/decisionsupport/decision_support_test.go
rename to demo/internal/decisionsupport/decision_support_test.go
index 7e737a74..1a708326 100644
--- a/internal/decisionsupport/decision_support_test.go
+++ b/demo/internal/decisionsupport/decision_support_test.go
@@ -3,16 +3,16 @@ package decisionsupport_test
 import (
 	"errors"
 	"fmt"
-	"github.com/hexa-org/policy-orchestrator/internal/decisionsupport"
-	"github.com/hexa-org/policy-orchestrator/internal/decisionsupportproviders"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/decisionsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/decisionsupportproviders"
 	"io"
 	"net"
 	"net/http"
 	"testing"
 
 	"github.com/gorilla/mux"
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/internal/decisionsupportproviders/default_provider.go b/demo/internal/decisionsupportproviders/default_provider.go
similarity index 100%
rename from internal/decisionsupportproviders/default_provider.go
rename to demo/internal/decisionsupportproviders/default_provider.go
diff --git a/internal/decisionsupportproviders/default_provider_test.go b/demo/internal/decisionsupportproviders/default_provider_test.go
similarity index 83%
rename from internal/decisionsupportproviders/default_provider_test.go
rename to demo/internal/decisionsupportproviders/default_provider_test.go
index e025974f..b799e8ad 100644
--- a/internal/decisionsupportproviders/default_provider_test.go
+++ b/demo/internal/decisionsupportproviders/default_provider_test.go
@@ -1,7 +1,7 @@
 package decisionsupportproviders_test
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/decisionsupportproviders"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/decisionsupportproviders"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
diff --git a/internal/decisionsupportproviders/mock_provider.go b/demo/internal/decisionsupportproviders/mock_provider.go
similarity index 100%
rename from internal/decisionsupportproviders/mock_provider.go
rename to demo/internal/decisionsupportproviders/mock_provider.go
diff --git a/internal/decisionsupportproviders/mock_provider_test.go b/demo/internal/decisionsupportproviders/mock_provider_test.go
similarity index 93%
rename from internal/decisionsupportproviders/mock_provider_test.go
rename to demo/internal/decisionsupportproviders/mock_provider_test.go
index 024bb1ec..cfe08b6b 100644
--- a/internal/decisionsupportproviders/mock_provider_test.go
+++ b/demo/internal/decisionsupportproviders/mock_provider_test.go
@@ -1,7 +1,7 @@
 package decisionsupportproviders_test
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/decisionsupportproviders"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/decisionsupportproviders"
 	"net/http"
 	"testing"
 
diff --git a/internal/decisionsupportproviders/opa_provider.go b/demo/internal/decisionsupportproviders/opa_provider.go
similarity index 100%
rename from internal/decisionsupportproviders/opa_provider.go
rename to demo/internal/decisionsupportproviders/opa_provider.go
diff --git a/internal/decisionsupportproviders/opa_provider_test.go b/demo/internal/decisionsupportproviders/opa_provider_test.go
similarity index 97%
rename from internal/decisionsupportproviders/opa_provider_test.go
rename to demo/internal/decisionsupportproviders/opa_provider_test.go
index bf4d388b..9b3476db 100644
--- a/internal/decisionsupportproviders/opa_provider_test.go
+++ b/demo/internal/decisionsupportproviders/opa_provider_test.go
@@ -3,7 +3,7 @@ package decisionsupportproviders_test
 import (
 	"bytes"
 	"errors"
-	"github.com/hexa-org/policy-orchestrator/internal/decisionsupportproviders"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/decisionsupportproviders"
 	"io/ioutil"
 	"net/http"
 	"testing"
diff --git a/internal/orchestrator/applications_gateway.go b/demo/internal/orchestrator/applications_gateway.go
similarity index 100%
rename from internal/orchestrator/applications_gateway.go
rename to demo/internal/orchestrator/applications_gateway.go
diff --git a/internal/orchestrator/applications_gateway_test.go b/demo/internal/orchestrator/applications_gateway_test.go
similarity index 95%
rename from internal/orchestrator/applications_gateway_test.go
rename to demo/internal/orchestrator/applications_gateway_test.go
index 95fdbd92..670bcc9c 100644
--- a/internal/orchestrator/applications_gateway_test.go
+++ b/demo/internal/orchestrator/applications_gateway_test.go
@@ -1,11 +1,11 @@
 package orchestrator_test
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/databasesupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/databasesupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
 	assert "github.com/stretchr/testify/assert"
 )
 
diff --git a/internal/orchestrator/applications_handler.go b/demo/internal/orchestrator/applications_handler.go
similarity index 94%
rename from internal/orchestrator/applications_handler.go
rename to demo/internal/orchestrator/applications_handler.go
index 05685639..ceeb6494 100644
--- a/internal/orchestrator/applications_handler.go
+++ b/demo/internal/orchestrator/applications_handler.go
@@ -7,7 +7,7 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
 
 	"github.com/go-playground/validator/v10"
 	"github.com/gorilla/mux"
@@ -177,21 +177,21 @@ func (handler ApplicationsHandler) SetPolicies(w http.ResponseWriter, r *http.Re
 		return
 	}
 
-	var policyInfos []policysupport.PolicyInfo
+	var policyInfos []hexapolicy.PolicyInfo
 	for _, policy := range policies.Policies {
-		var actionInfos []policysupport.ActionInfo
+		var actionInfos []hexapolicy.ActionInfo
 		for _, a := range policy.Actions {
-			actionInfos = append(actionInfos, policysupport.ActionInfo{ActionUri: a.ActionUri})
+			actionInfos = append(actionInfos, hexapolicy.ActionInfo{ActionUri: a.ActionUri})
 		}
-		info := policysupport.PolicyInfo{
-			Meta: policysupport.MetaInfo{
+		info := hexapolicy.PolicyInfo{
+			Meta: hexapolicy.MetaInfo{
 				Version: policy.Meta.Version,
 			},
 			Actions: actionInfos,
-			Subject: policysupport.SubjectInfo{
+			Subject: hexapolicy.SubjectInfo{
 				Members: policy.Subject.Members,
 			},
-			Object: policysupport.ObjectInfo{
+			Object: hexapolicy.ObjectInfo{
 				ResourceID: policy.Object.ResourceID,
 			},
 		}
diff --git a/internal/orchestrator/applications_handler_test.go b/demo/internal/orchestrator/applications_handler_test.go
similarity index 95%
rename from internal/orchestrator/applications_handler_test.go
rename to demo/internal/orchestrator/applications_handler_test.go
index b5addd46..59e912ba 100644
--- a/internal/orchestrator/applications_handler_test.go
+++ b/demo/internal/orchestrator/applications_handler_test.go
@@ -12,16 +12,16 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator/test"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator/test"
 
 	"github.com/stretchr/testify/assert"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/databasesupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/hawksupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/databasesupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/hawksupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 )
 
 type applicationsHandlerData struct {
diff --git a/internal/orchestrator/applications_service.go b/demo/internal/orchestrator/applications_service.go
similarity index 80%
rename from internal/orchestrator/applications_service.go
rename to demo/internal/orchestrator/applications_service.go
index f52e3537..6b0803ef 100644
--- a/internal/orchestrator/applications_service.go
+++ b/demo/internal/orchestrator/applications_service.go
@@ -2,7 +2,8 @@ package orchestrator
 
 import (
 	"errors"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	log "golang.org/x/exp/slog"
 	"net/http"
 	"strings"
 )
@@ -26,7 +27,19 @@ func (service ApplicationsService) GatherRecords(identifier string) (Application
 	}
 	integration := IntegrationInfo{Name: integrationRecord.Name, Key: integrationRecord.Key}
 
-	return application, integration, service.Providers[strings.ToLower(integrationRecord.Provider)], err // todo - test for lower?
+	// SAURABH - temporary workaround until we implement an app onboarding flow
+	var aProvider Provider
+	if integrationRecord.Provider == "amazon" {
+		aProvider, _ = NewOrchestrationProvider(integration.Key, integration.Key)
+	} else {
+		aProvider = service.Providers[strings.ToLower(integrationRecord.Provider)]
+	}
+
+	if err != nil {
+		log.Error("GatherRecords", "msg", "error creating Provdider", "provider", integrationRecord.Provider, "error", err)
+		return ApplicationInfo{}, IntegrationInfo{}, nil, err
+	}
+	return application, integration, aProvider, err // todo - test for lower?
 }
 
 func (service ApplicationsService) Apply(jsonRequest Orchestration) error {
@@ -87,7 +100,7 @@ func (service ApplicationsService) Apply(jsonRequest Orchestration) error {
 	return nil
 }
 
-func (service ApplicationsService) RetainResource(fromPolicies, toPolicies []policysupport.PolicyInfo) ([]policysupport.PolicyInfo, error) {
+func (service ApplicationsService) RetainResource(fromPolicies, toPolicies []hexapolicy.PolicyInfo) ([]hexapolicy.PolicyInfo, error) {
 	var firstResourceId string
 
 	resourceIds := make([]string, 0)
@@ -100,11 +113,11 @@ func (service ApplicationsService) RetainResource(fromPolicies, toPolicies []pol
 
 	for _, foundResourceId := range resourceIds {
 		if firstResourceId != foundResourceId {
-			return []policysupport.PolicyInfo{}, errors.New("sorry, found more than one resource id within policies")
+			return []hexapolicy.PolicyInfo{}, errors.New("sorry, found more than one resource id within policies")
 		}
 	}
 
-	modified := make([]policysupport.PolicyInfo, 0)
+	modified := make([]hexapolicy.PolicyInfo, 0)
 	for _, policy := range fromPolicies {
 		policy.Object.ResourceID = firstResourceId
 		modified = append(modified, policy)
@@ -112,19 +125,19 @@ func (service ApplicationsService) RetainResource(fromPolicies, toPolicies []pol
 	return modified, nil
 }
 
-func (service ApplicationsService) RetainAction(fromPolicies, toPolicies []policysupport.PolicyInfo) ([]policysupport.PolicyInfo, error) {
+func (service ApplicationsService) RetainAction(fromPolicies, toPolicies []hexapolicy.PolicyInfo) ([]hexapolicy.PolicyInfo, error) {
 	firstActionUri := toPolicies[0].Actions[0].ActionUri // todo update to handle all action uris from toProvider
 
-	modified := make([]policysupport.PolicyInfo, 0)
+	modified := make([]hexapolicy.PolicyInfo, 0)
 	for _, policy := range fromPolicies {
-		policy.Actions = make([]policysupport.ActionInfo, 1)
+		policy.Actions = make([]hexapolicy.ActionInfo, 1)
 		policy.Actions[0].ActionUri = firstActionUri
 		modified = append(modified, policy)
 	}
 	return modified, nil
 }
 
-func verifyAllMembersAreUsers(policies []policysupport.PolicyInfo) bool {
+func verifyAllMembersAreUsers(policies []hexapolicy.PolicyInfo) bool {
 	var areMembersUsers bool
 	for _, policy := range policies {
 		for _, member := range policy.Subject.Members {
diff --git a/internal/orchestrator/applications_service_test.go b/demo/internal/orchestrator/applications_service_test.go
similarity index 69%
rename from internal/orchestrator/applications_service_test.go
rename to demo/internal/orchestrator/applications_service_test.go
index d970f5b6..3ccbbc87 100644
--- a/internal/orchestrator/applications_service_test.go
+++ b/demo/internal/orchestrator/applications_service_test.go
@@ -3,14 +3,14 @@ package orchestrator_test
 import (
 	"database/sql"
 	"errors"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator/test"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator/test"
 	"log"
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/databasesupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/databasesupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
 	assert "github.com/stretchr/testify/require"
 )
 
@@ -92,20 +92,20 @@ func TestApplicationsService_RetainResource(t *testing.T) {
 		integrationsGateway := orchestrator.IntegrationsDataGateway{DB: data.db}
 		applicationsService := orchestrator.ApplicationsService{ApplicationsGateway: applicationsGateway, IntegrationsGateway: integrationsGateway, Providers: data.providers}
 
-		from := []policysupport.PolicyInfo{
-			{policysupport.MetaInfo{Version: "aVersion"}, []policysupport.ActionInfo{{"fromAnAction"}}, policysupport.SubjectInfo{Members: []string{"fromAUser"}}, policysupport.ObjectInfo{
+		from := []hexapolicy.PolicyInfo{
+			{Meta: hexapolicy.MetaInfo{Version: "aVersion"}, Actions: []hexapolicy.ActionInfo{{"fromAnAction"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"fromAUser"}}, Object: hexapolicy.ObjectInfo{
 				ResourceID: "fromAnId",
 			}},
-			{policysupport.MetaInfo{Version: "aVersion"}, []policysupport.ActionInfo{{"fromAnotherAction"}}, policysupport.SubjectInfo{Members: []string{"fromAnotherUser"}}, policysupport.ObjectInfo{
+			{Meta: hexapolicy.MetaInfo{Version: "aVersion"}, Actions: []hexapolicy.ActionInfo{{"fromAnotherAction"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"fromAnotherUser"}}, Object: hexapolicy.ObjectInfo{
 				ResourceID: "fromAnId",
 			}},
 		}
 
-		to := []policysupport.PolicyInfo{
-			{policysupport.MetaInfo{Version: "aVersion"}, []policysupport.ActionInfo{{"toAnAction"}}, policysupport.SubjectInfo{Members: []string{"toAUser"}}, policysupport.ObjectInfo{
+		to := []hexapolicy.PolicyInfo{
+			{Meta: hexapolicy.MetaInfo{Version: "aVersion"}, Actions: []hexapolicy.ActionInfo{{"toAnAction"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"toAUser"}}, Object: hexapolicy.ObjectInfo{
 				ResourceID: "toAnId",
 			}},
-			{policysupport.MetaInfo{Version: "aVersion"}, []policysupport.ActionInfo{{"toAnotherAction"}}, policysupport.SubjectInfo{Members: []string{"toAnotherUser"}}, policysupport.ObjectInfo{
+			{Meta: hexapolicy.MetaInfo{Version: "aVersion"}, Actions: []hexapolicy.ActionInfo{{"toAnotherAction"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"toAnotherUser"}}, Object: hexapolicy.ObjectInfo{
 				ResourceID: "toAnId",
 			}},
 		}
@@ -117,11 +117,11 @@ func TestApplicationsService_RetainResource(t *testing.T) {
 		assert.Equal(t, "toAnId", modified[1].Object.ResourceID)
 		assert.Equal(t, "fromAnotherUser", modified[1].Subject.Members[0])
 
-		toWithDifferentResources := []policysupport.PolicyInfo{
-			{policysupport.MetaInfo{Version: "aVersion"}, []policysupport.ActionInfo{{"anotherAction"}}, policysupport.SubjectInfo{Members: []string{"anotherUser"}}, policysupport.ObjectInfo{
+		toWithDifferentResources := []hexapolicy.PolicyInfo{
+			{Meta: hexapolicy.MetaInfo{Version: "aVersion"}, Actions: []hexapolicy.ActionInfo{{"anotherAction"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"anotherUser"}}, Object: hexapolicy.ObjectInfo{
 				ResourceID: "anotherId",
 			}},
-			{policysupport.MetaInfo{Version: "aVersion"}, []policysupport.ActionInfo{{"anotherAction"}}, policysupport.SubjectInfo{Members: []string{"anotherUser"}}, policysupport.ObjectInfo{
+			{Meta: hexapolicy.MetaInfo{Version: "aVersion"}, Actions: []hexapolicy.ActionInfo{{"anotherAction"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"anotherUser"}}, Object: hexapolicy.ObjectInfo{
 				ResourceID: "andAnotherId",
 			}},
 		}
@@ -136,20 +136,20 @@ func TestApplicationsService_RetainAction(t *testing.T) {
 		integrationsGateway := orchestrator.IntegrationsDataGateway{DB: data.db}
 		applicationsService := orchestrator.ApplicationsService{ApplicationsGateway: applicationsGateway, IntegrationsGateway: integrationsGateway, Providers: data.providers}
 
-		from := []policysupport.PolicyInfo{
-			{policysupport.MetaInfo{Version: "aVersion"}, []policysupport.ActionInfo{{"fromAnAction"}}, policysupport.SubjectInfo{Members: []string{"fromAUser"}}, policysupport.ObjectInfo{
+		from := []hexapolicy.PolicyInfo{
+			{Meta: hexapolicy.MetaInfo{Version: "aVersion"}, Actions: []hexapolicy.ActionInfo{{"fromAnAction"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"fromAUser"}}, Object: hexapolicy.ObjectInfo{
 				ResourceID: "fromAnId",
 			}},
-			{policysupport.MetaInfo{Version: "aVersion"}, []policysupport.ActionInfo{{"fromAnotherAction"}}, policysupport.SubjectInfo{Members: []string{"fromAnotherUser"}}, policysupport.ObjectInfo{
+			{Meta: hexapolicy.MetaInfo{Version: "aVersion"}, Actions: []hexapolicy.ActionInfo{{"fromAnotherAction"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"fromAnotherUser"}}, Object: hexapolicy.ObjectInfo{
 				ResourceID: "fromAnId",
 			}},
 		}
 
-		to := []policysupport.PolicyInfo{
-			{policysupport.MetaInfo{Version: "aVersion"}, []policysupport.ActionInfo{{"toAnAction"}}, policysupport.SubjectInfo{Members: []string{"toAUser"}}, policysupport.ObjectInfo{
+		to := []hexapolicy.PolicyInfo{
+			{Meta: hexapolicy.MetaInfo{Version: "aVersion"}, Actions: []hexapolicy.ActionInfo{{"toAnAction"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"toAUser"}}, Object: hexapolicy.ObjectInfo{
 				ResourceID: "toAnId",
 			}},
-			{policysupport.MetaInfo{Version: "aVersion"}, []policysupport.ActionInfo{{"toAnotherAction"}}, policysupport.SubjectInfo{Members: []string{"toAnotherUser"}}, policysupport.ObjectInfo{
+			{Meta: hexapolicy.MetaInfo{Version: "aVersion"}, Actions: []hexapolicy.ActionInfo{{"toAnotherAction"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"toAnotherUser"}}, Object: hexapolicy.ObjectInfo{
 				ResourceID: "toAnId",
 			}},
 		}
diff --git a/internal/orchestrator/discovery_worker.go b/demo/internal/orchestrator/discovery_worker.go
similarity index 87%
rename from internal/orchestrator/discovery_worker.go
rename to demo/internal/orchestrator/discovery_worker.go
index d92e35b2..87d574fd 100644
--- a/internal/orchestrator/discovery_worker.go
+++ b/demo/internal/orchestrator/discovery_worker.go
@@ -12,17 +12,17 @@ type DiscoveryWorker struct {
 func (n *DiscoveryWorker) Run(work interface{}) error {
 	discoveredApps := make(map[string]struct{})
 	for _, p := range n.Providers {
-		log.Printf("Found discovery provider %s.", p.Name())
+		//log.Printf("Found discovery provider %s.", p.Name())
 
 		for _, record := range work.([]IntegrationRecord) {
-			log.Printf("Finding applications for integration provider %s.", p.Name())
+			//log.Printf("Finding applications for integration provider %s.", p.Name())
 			applications, _ := p.DiscoverApplications(IntegrationInfo{Name: record.Provider, Key: record.Key})
 
-			log.Printf("Found %d applications for integration provider %s.", len(applications), p.Name())
+			//log.Printf("Found %d applications for integration provider %s.", len(applications), p.Name())
 			for _, app := range applications {
 				id, err := n.Gateway.CreateIfAbsent(record.ID, app.ObjectID, app.Name, app.Description, app.Service) // idempotent work
 				if err != nil {
-					log.Printf("Failed to create application: %s", err)
+					//log.Printf("Failed to create application: %s", err)
 					continue
 				}
 				discoveredApps[id] = struct{}{}
diff --git a/internal/orchestrator/discovery_worker_test.go b/demo/internal/orchestrator/discovery_worker_test.go
similarity index 87%
rename from internal/orchestrator/discovery_worker_test.go
rename to demo/internal/orchestrator/discovery_worker_test.go
index 45cd65ab..efa6777e 100644
--- a/internal/orchestrator/discovery_worker_test.go
+++ b/demo/internal/orchestrator/discovery_worker_test.go
@@ -2,14 +2,14 @@ package orchestrator_test
 
 import (
 	"errors"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator/test"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator/test"
 	"testing"
 	"time"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/databasesupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/workflowsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/databasesupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/workflowsupport"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -123,10 +123,10 @@ func (f fakeProvider) DiscoverApplications(info orchestrator.IntegrationInfo) ([
 	return f.discoveredApplications, nil
 }
 
-func (f fakeProvider) GetPolicyInfo(info orchestrator.IntegrationInfo, info2 orchestrator.ApplicationInfo) ([]policysupport.PolicyInfo, error) {
+func (f fakeProvider) GetPolicyInfo(info orchestrator.IntegrationInfo, info2 orchestrator.ApplicationInfo) ([]hexapolicy.PolicyInfo, error) {
 	panic("implement me")
 }
 
-func (f fakeProvider) SetPolicyInfo(info orchestrator.IntegrationInfo, info2 orchestrator.ApplicationInfo, infos []policysupport.PolicyInfo) (status int, foundErr error) {
+func (f fakeProvider) SetPolicyInfo(info orchestrator.IntegrationInfo, info2 orchestrator.ApplicationInfo, infos []hexapolicy.PolicyInfo) (status int, foundErr error) {
 	panic("implement me")
 }
diff --git a/internal/orchestrator/integrations_gateway.go b/demo/internal/orchestrator/integrations_gateway.go
similarity index 100%
rename from internal/orchestrator/integrations_gateway.go
rename to demo/internal/orchestrator/integrations_gateway.go
diff --git a/internal/orchestrator/integrations_gateway_test.go b/demo/internal/orchestrator/integrations_gateway_test.go
similarity index 91%
rename from internal/orchestrator/integrations_gateway_test.go
rename to demo/internal/orchestrator/integrations_gateway_test.go
index ac56574c..e93fda93 100644
--- a/internal/orchestrator/integrations_gateway_test.go
+++ b/demo/internal/orchestrator/integrations_gateway_test.go
@@ -1,11 +1,11 @@
 package orchestrator_test
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/databasesupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/databasesupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/internal/orchestrator/integrations_handler.go b/demo/internal/orchestrator/integrations_handler.go
similarity index 100%
rename from internal/orchestrator/integrations_handler.go
rename to demo/internal/orchestrator/integrations_handler.go
diff --git a/internal/orchestrator/integrations_handler_test.go b/demo/internal/orchestrator/integrations_handler_test.go
similarity index 90%
rename from internal/orchestrator/integrations_handler_test.go
rename to demo/internal/orchestrator/integrations_handler_test.go
index 7c3d6e1b..c6bfe243 100644
--- a/internal/orchestrator/integrations_handler_test.go
+++ b/demo/internal/orchestrator/integrations_handler_test.go
@@ -7,15 +7,15 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
 	"net"
 	"net/http"
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/databasesupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/hawksupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/databasesupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/hawksupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 )
diff --git a/internal/orchestrator/orchestration_handler.go b/demo/internal/orchestrator/orchestration_handler.go
similarity index 100%
rename from internal/orchestrator/orchestration_handler.go
rename to demo/internal/orchestrator/orchestration_handler.go
diff --git a/internal/orchestrator/orchestration_handler_test.go b/demo/internal/orchestrator/orchestration_handler_test.go
similarity index 85%
rename from internal/orchestrator/orchestration_handler_test.go
rename to demo/internal/orchestrator/orchestration_handler_test.go
index 2f8a9021..129dd3b0 100644
--- a/internal/orchestrator/orchestration_handler_test.go
+++ b/demo/internal/orchestrator/orchestration_handler_test.go
@@ -7,18 +7,18 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator/test"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator/test"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure"
 	"net"
 	"net/http"
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/databasesupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/hawksupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/databasesupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/hawksupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/internal/orchestrator/orchestrator.go b/demo/internal/orchestrator/orchestrator.go
similarity index 94%
rename from internal/orchestrator/orchestrator.go
rename to demo/internal/orchestrator/orchestrator.go
index ca3a3468..d03e6f15 100644
--- a/internal/orchestrator/orchestrator.go
+++ b/demo/internal/orchestrator/orchestrator.go
@@ -4,8 +4,8 @@ import (
 	"database/sql"
 
 	"github.com/gorilla/mux"
-	"github.com/hexa-org/policy-orchestrator/pkg/hawksupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/workflowsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/hawksupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/workflowsupport"
 	"github.com/hiyosi/hawk"
 )
 
diff --git a/demo/internal/orchestrator/orchestrator_provider.go b/demo/internal/orchestrator/orchestrator_provider.go
new file mode 100644
index 00000000..af52f4e2
--- /dev/null
+++ b/demo/internal/orchestrator/orchestrator_provider.go
@@ -0,0 +1,221 @@
+package orchestrator
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/idp"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/policyprovider"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/rar"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/cognitoidp"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/policystore/dynamodbpolicystore"
+	log "golang.org/x/exp/slog"
+	"net/http"
+)
+
+type attributeDefinition struct {
+	nameOrPath string
+	valType    string
+	pk         bool
+	sk         bool
+}
+
+type tableDefinition struct {
+	resource *attributeDefinition
+	actions  *attributeDefinition
+	members  *attributeDefinition
+}
+
+type TableDefinitionOpt func(t *tableDefinition)
+
+func WithResourceAttrDefinition(nameOrPath string, valType string, pk bool, sk bool) TableDefinitionOpt {
+	return func(t *tableDefinition) {
+		t.resource = &attributeDefinition{
+			nameOrPath: nameOrPath,
+			valType:    valType,
+			pk:         pk,
+			sk:         sk,
+		}
+	}
+}
+
+func WithActionsAttrDefinition(nameOrPath string, valType string, pk bool, sk bool) TableDefinitionOpt {
+	return func(t *tableDefinition) {
+		t.actions = &attributeDefinition{
+			nameOrPath: nameOrPath,
+			valType:    valType,
+			pk:         pk,
+			sk:         sk,
+		}
+	}
+}
+
+func WithMembersAttrDefinition(nameOrPath string, valType string) TableDefinitionOpt {
+	return func(t *tableDefinition) {
+		t.members = &attributeDefinition{
+			nameOrPath: nameOrPath,
+			valType:    valType,
+			pk:         false,
+			sk:         false,
+		}
+	}
+}
+
+type OrchestrationProvider struct {
+	service policyprovider.ProviderService
+}
+
+const awsPolicyStoreTableName = "ResourcePolicies"
+
+type resourcePolicyItem struct {
+	Resource string `json:"Resource" meta:"resource,pk"`
+	Action   string `json:"Action" meta:"actions,sk"`
+	Members  string `json:"Members" meta:"members"`
+}
+
+func (t resourcePolicyItem) MapTo() (rar.ResourceActionRoles, error) {
+	log.Info("resourcePolicyItem.MapTo", "msg", "Mapping", "rar", fmt.Sprintf("%v", t))
+	members := make([]string, 0)
+	err := json.Unmarshal([]byte(t.Members), &members)
+	if err != nil {
+		log.Error("resourcePolicyItem.MapTo", "msg", "Failed to unmarshal members string",
+			"members", t.Members,
+			"Err", err)
+		return rar.ResourceActionRoles{}, err
+	}
+	return rar.NewResourceActionRoles(t.Resource, []string{t.Action}, members)
+}
+
+const tableDefinitionV2Json = `
+			{
+				"metadata": {
+					"pk": { "attribute": "resource" },
+					"sk": { "attribute": "actions" }
+				},
+				"attributes": {
+					"resource": { "nameOrPath": "Resource", "valType": "string", "pk": true },
+					"actions": { "nameOrPath": "Action", "valType": "string", "sk": true },
+					"members": { "nameOrPath": "Members", "valType": "string" }
+				}  
+			}`
+
+func NewOrchestrationProviderWithDynamicTableInfo(idpCredentials []byte, policyStoreCredentials []byte, tableOpts ...TableDefinitionOpt) (*OrchestrationProvider, error) {
+
+	log.Info("NewOrchestrationProviderWithDynamicTableInfo", "msg", "New")
+	tableDef := &tableDefinition{}
+	for _, aOpt := range tableOpts {
+		aOpt(tableDef)
+	}
+
+	attrDef := tableDef.resource
+	resDef := dynamodbpolicystore.NewAttributeDefinition(attrDef.nameOrPath, attrDef.valType, attrDef.pk, attrDef.sk)
+
+	attrDef = tableDef.actions
+	actionsDef := dynamodbpolicystore.NewAttributeDefinition(attrDef.nameOrPath, attrDef.valType, attrDef.pk, attrDef.sk)
+
+	attrDef = tableDef.members
+	membersDef := dynamodbpolicystore.NewAttributeDefinition(attrDef.nameOrPath, attrDef.valType, attrDef.pk, attrDef.sk)
+
+	tableInfo, err := dynamodbpolicystore.NewDynamicTableInfo(awsPolicyStoreTableName, resDef, actionsDef, membersDef)
+	policyStoreSvc, err := dynamodbpolicystore.NewPolicyStoreSvc(tableInfo, policyStoreCredentials)
+	if err != nil {
+		log.Error("NewOrchestrationProviderWithDynamicTableInfo",
+			"msg", "failed to create dynamodbpolicystore.PolicyStoreSvc",
+			"error", err)
+		return nil, err
+	}
+
+	appInfoSvc, err := cognitoidp.NewAppInfoSvc(idpCredentials)
+	if err != nil {
+		log.Error("NewAwsApiGatewayProviderV2",
+			"msg", "failed to create cognitoidp.AppInfoSvc",
+			"error", err)
+		return nil, err
+	}
+
+	service := policyprovider.NewProviderService[resourcePolicyItem](appInfoSvc, policyStoreSvc)
+	provider := &OrchestrationProvider{
+		service: service,
+	}
+	return provider, nil
+}
+func NewOrchestrationProvider(idpCredentials []byte, policyStoreCredentials []byte) (*OrchestrationProvider, error) {
+	tableInfo, err := dynamodbpolicystore.NewSimpleTableInfo(awsPolicyStoreTableName, resourcePolicyItem{})
+	policyStoreSvc, err := dynamodbpolicystore.NewPolicyStoreSvc(tableInfo, policyStoreCredentials)
+	if err != nil {
+		log.Error("NewOrchestrationProvider",
+			"msg", "failed to create dynamodbpolicystore.PolicyStoreSvc",
+			"error", err)
+		return nil, err
+	}
+
+	appInfoSvc, err := cognitoidp.NewAppInfoSvc(idpCredentials)
+	if err != nil {
+		log.Error("NewAwsApiGatewayProviderV2",
+			"msg", "failed to create cognitoidp.AppInfoSvc",
+			"error", err)
+		return nil, err
+	}
+
+	service := policyprovider.NewProviderService[resourcePolicyItem](appInfoSvc, policyStoreSvc)
+	provider := &OrchestrationProvider{
+		service: service,
+	}
+	return provider, nil
+}
+
+func (a *OrchestrationProvider) Name() string {
+	return "amazon"
+}
+
+func (a *OrchestrationProvider) DiscoverApplications(integrationInfo IntegrationInfo) ([]ApplicationInfo, error) {
+	apps, err := a.service.DiscoverApplications()
+	if err != nil {
+		return nil, err
+	}
+
+	retApps := make([]ApplicationInfo, 0)
+	for _, oneApp := range apps {
+		retApps = append(retApps, toApplicationInfo(oneApp))
+	}
+
+	return retApps, nil
+
+}
+
+func (a *OrchestrationProvider) GetPolicyInfo(info IntegrationInfo, applicationInfo ApplicationInfo) ([]hexapolicy.PolicyInfo, error) {
+	idpAppInfo := toIdpAppInfo(applicationInfo)
+	return a.service.GetPolicyInfo(idpAppInfo)
+}
+
+func (a *OrchestrationProvider) SetPolicyInfo(info IntegrationInfo, applicationInfo ApplicationInfo, policyInfos []hexapolicy.PolicyInfo) (status int, foundErr error) {
+	log.Info("SetPolicyInfo", "msg", "BEGIN",
+		"applicationInfo.ObjectID", applicationInfo.ObjectID,
+		"Name", applicationInfo.Name,
+		"Description", applicationInfo.Description,
+		"Service", applicationInfo.Service)
+
+	idpAppInfo := toIdpAppInfo(applicationInfo)
+	err := a.service.SetPolicyInfo(idpAppInfo, policyInfos)
+	log.Info("SetPolicyInfo", "msg", "Finished calling service.SetPolicyInfo")
+
+	if err != nil {
+		log.Error("SetPolicyInfo", "msg", "error calling service.SetPolicyInfo", "error", err)
+		return http.StatusInternalServerError, err
+	}
+	return http.StatusCreated, nil
+}
+
+func toApplicationInfo(anApp idp.AppInfo) ApplicationInfo {
+	rsApp := (anApp).(cognitoidp.ResourceServerAppInfo)
+	return ApplicationInfo{
+		ObjectID:    rsApp.Id(),
+		Name:        rsApp.Name(),
+		Description: rsApp.DisplayName(),
+		Service:     rsApp.Identifier(),
+	}
+}
+
+func toIdpAppInfo(applicationInfo ApplicationInfo) idp.AppInfo {
+	return cognitoidp.NewResourceServerAppInfo(applicationInfo.ObjectID, applicationInfo.Name, applicationInfo.Description, applicationInfo.Service)
+}
diff --git a/internal/orchestrator/orchestrator_provider_interface.go b/demo/internal/orchestrator/orchestrator_provider_interface.go
similarity index 56%
rename from internal/orchestrator/orchestrator_provider_interface.go
rename to demo/internal/orchestrator/orchestrator_provider_interface.go
index 0c1e20b9..a969b1bb 100644
--- a/internal/orchestrator/orchestrator_provider_interface.go
+++ b/demo/internal/orchestrator/orchestrator_provider_interface.go
@@ -1,14 +1,14 @@
 package orchestrator
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
 )
 
 type Provider interface {
 	Name() string
 	DiscoverApplications(IntegrationInfo) ([]ApplicationInfo, error)
-	GetPolicyInfo(IntegrationInfo, ApplicationInfo) ([]policysupport.PolicyInfo, error)
-	SetPolicyInfo(IntegrationInfo, ApplicationInfo, []policysupport.PolicyInfo) (status int, foundErr error)
+	GetPolicyInfo(IntegrationInfo, ApplicationInfo) ([]hexapolicy.PolicyInfo, error)
+	SetPolicyInfo(IntegrationInfo, ApplicationInfo, []hexapolicy.PolicyInfo) (status int, foundErr error)
 }
 
 type IntegrationInfo struct {
diff --git a/demo/internal/orchestrator/orchestrator_provider_test.go b/demo/internal/orchestrator/orchestrator_provider_test.go
new file mode 100644
index 00000000..62696ab3
--- /dev/null
+++ b/demo/internal/orchestrator/orchestrator_provider_test.go
@@ -0,0 +1,25 @@
+package orchestrator_test
+
+import (
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/awstestsupport"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestWithSimpleTableInfo(t *testing.T) {
+	creds := awstestsupport.AwsCredentialsForTest()
+	p, err := orchestrator.NewOrchestrationProvider(creds, creds)
+	assert.NoError(t, err)
+	assert.NotNil(t, p)
+}
+
+func TestDynamicTableInfo(t *testing.T) {
+	creds := awstestsupport.AwsCredentialsForTest()
+	resOpt := orchestrator.WithResourceAttrDefinition("ResourceX", "string", true, false)
+	actionsOpt := orchestrator.WithActionsAttrDefinition("ActionsX", "string", false, true)
+	membersOpt := orchestrator.WithMembersAttrDefinition("MembersX", "string")
+	p, err := orchestrator.NewOrchestrationProviderWithDynamicTableInfo(creds, creds, resOpt, actionsOpt, membersOpt)
+	assert.NoError(t, err)
+	assert.NotNil(t, p)
+}
diff --git a/internal/orchestrator/orchestrator_test.go b/demo/internal/orchestrator/orchestrator_test.go
similarity index 71%
rename from internal/orchestrator/orchestrator_test.go
rename to demo/internal/orchestrator/orchestrator_test.go
index 8e0cedb5..cddc52be 100644
--- a/internal/orchestrator/orchestrator_test.go
+++ b/demo/internal/orchestrator/orchestrator_test.go
@@ -4,16 +4,16 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator/test"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator/test"
 	"net"
 	"net/http"
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/databasesupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/hawksupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/databasesupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/hawksupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/internal/orchestrator/test/noop_provider.go b/demo/internal/orchestrator/test/noop_provider.go
similarity index 55%
rename from internal/orchestrator/test/noop_provider.go
rename to demo/internal/orchestrator/test/noop_provider.go
index db1ccea5..08b067ed 100644
--- a/internal/orchestrator/test/noop_provider.go
+++ b/demo/internal/orchestrator/test/noop_provider.go
@@ -3,8 +3,8 @@ package orchestrator_test
 import (
 	"net/http"
 
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
 )
 
 type NoopProvider struct {
@@ -29,17 +29,18 @@ func (n *NoopProvider) DiscoverApplications(info orchestrator.IntegrationInfo) (
 	return apps, n.Err
 }
 
-func (n *NoopProvider) GetPolicyInfo(_ orchestrator.IntegrationInfo, _ orchestrator.ApplicationInfo) ([]policysupport.PolicyInfo, error) {
-	return []policysupport.PolicyInfo{
-		{policysupport.MetaInfo{Version: "aVersion"}, []policysupport.ActionInfo{{"anAction"}}, policysupport.SubjectInfo{Members: []string{"user:aUser"}}, policysupport.ObjectInfo{
+func (n *NoopProvider) GetPolicyInfo(_ orchestrator.IntegrationInfo, _ orchestrator.ApplicationInfo) ([]hexapolicy.PolicyInfo, error) {
+
+	return []hexapolicy.PolicyInfo{
+		{Meta: hexapolicy.MetaInfo{Version: "aVersion"}, Actions: []hexapolicy.ActionInfo{{"anAction"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"user:aUser"}}, Object: hexapolicy.ObjectInfo{
 			ResourceID: "anId",
 		}},
-		{policysupport.MetaInfo{Version: "aVersion"}, []policysupport.ActionInfo{{"anotherAction"}}, policysupport.SubjectInfo{Members: []string{"user:anotherUser"}}, policysupport.ObjectInfo{
+		{Meta: hexapolicy.MetaInfo{Version: "aVersion"}, Actions: []hexapolicy.ActionInfo{{"anotherAction"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"user:anotherUser"}}, Object: hexapolicy.ObjectInfo{
 			ResourceID: "anId",
 		}},
 	}, n.Err
 }
 
-func (n *NoopProvider) SetPolicyInfo(_ orchestrator.IntegrationInfo, _ orchestrator.ApplicationInfo, _ []policysupport.PolicyInfo) (int, error) {
+func (n *NoopProvider) SetPolicyInfo(_ orchestrator.IntegrationInfo, _ orchestrator.ApplicationInfo, _ []hexapolicy.PolicyInfo) (int, error) {
 	return http.StatusCreated, n.Err
 }
diff --git a/internal/orchestratorproviders/amazonwebservices/amazon_provider.go b/demo/internal/orchestratorproviders/amazonwebservices/amazon_provider.go
similarity index 73%
rename from internal/orchestratorproviders/amazonwebservices/amazon_provider.go
rename to demo/internal/orchestratorproviders/amazonwebservices/amazon_provider.go
index 93cee0a2..9a65f3ff 100644
--- a/internal/orchestratorproviders/amazonwebservices/amazon_provider.go
+++ b/demo/internal/orchestratorproviders/amazonwebservices/amazon_provider.go
@@ -1,10 +1,10 @@
 package amazonwebservices
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awscognito"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awscommon"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awscognito"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awscommon"
 	"net/http"
 	"strings"
 
@@ -31,7 +31,7 @@ func (a *AmazonProvider) DiscoverApplications(info orchestrator.IntegrationInfo)
 	return client.ListUserPools()
 }
 
-func (a *AmazonProvider) GetPolicyInfo(info orchestrator.IntegrationInfo, applicationInfo orchestrator.ApplicationInfo) ([]policysupport.PolicyInfo, error) {
+func (a *AmazonProvider) GetPolicyInfo(info orchestrator.IntegrationInfo, applicationInfo orchestrator.ApplicationInfo) ([]hexapolicy.PolicyInfo, error) {
 	client, err := awscognito.NewCognitoClient(info.Key, a.AwsClientOpts)
 	if err != nil {
 		return nil, err
@@ -42,17 +42,17 @@ func (a *AmazonProvider) GetPolicyInfo(info orchestrator.IntegrationInfo, applic
 		return nil, err
 	}
 
-	var policies []policysupport.PolicyInfo
+	var policies []hexapolicy.PolicyInfo
 	for groupName := range groups {
 		members, err := client.GetMembersAssignedTo(applicationInfo, groupName)
 		if err != nil {
 			return nil, err
 		}
-		policies = append(policies, policysupport.PolicyInfo{
-			Meta:    policysupport.MetaInfo{Version: "0.5"},
-			Actions: []policysupport.ActionInfo{{groupName}},
-			Subject: policysupport.SubjectInfo{Members: members},
-			Object: policysupport.ObjectInfo{
+		policies = append(policies, hexapolicy.PolicyInfo{
+			Meta:    hexapolicy.MetaInfo{Version: "0.5"},
+			Actions: []hexapolicy.ActionInfo{{groupName}},
+			Subject: hexapolicy.SubjectInfo{Members: members},
+			Object: hexapolicy.ObjectInfo{
 				ResourceID: applicationInfo.Name,
 			},
 		})
@@ -61,7 +61,7 @@ func (a *AmazonProvider) GetPolicyInfo(info orchestrator.IntegrationInfo, applic
 	return policies, nil
 }
 
-func (a *AmazonProvider) SetPolicyInfo(info orchestrator.IntegrationInfo, applicationInfo orchestrator.ApplicationInfo, policyInfos []policysupport.PolicyInfo) (int, error) {
+func (a *AmazonProvider) SetPolicyInfo(info orchestrator.IntegrationInfo, applicationInfo orchestrator.ApplicationInfo, policyInfos []hexapolicy.PolicyInfo) (int, error) {
 	validate := validator.New() // todo - move this up?
 	err := validate.Struct(applicationInfo)
 	if err != nil {
diff --git a/internal/orchestratorproviders/amazonwebservices/amazon_provider_test.go b/demo/internal/orchestratorproviders/amazonwebservices/amazon_provider_test.go
similarity index 90%
rename from internal/orchestratorproviders/amazonwebservices/amazon_provider_test.go
rename to demo/internal/orchestratorproviders/amazonwebservices/amazon_provider_test.go
index 8e0f5e6e..34b52288 100644
--- a/internal/orchestratorproviders/amazonwebservices/amazon_provider_test.go
+++ b/demo/internal/orchestratorproviders/amazonwebservices/amazon_provider_test.go
@@ -2,13 +2,13 @@ package amazonwebservices_test
 
 import (
 	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awscommon"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/awstestsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/cognitotestsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/policytestsupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/awstestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/cognitotestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/policytestsupport"
 	"net/http"
 	"testing"
 
@@ -151,11 +151,11 @@ func TestSetPolicy_withInvalidArguments(t *testing.T) {
 	status, err := p.SetPolicyInfo(
 		orchestrator.IntegrationInfo{Name: "azure", Key: key},
 		orchestrator.ApplicationInfo{Name: "anAppName", Description: "anAppId"},
-		[]policysupport.PolicyInfo{{
-			Meta:    policysupport.MetaInfo{Version: "0"},
-			Actions: []policysupport.ActionInfo{{"azure:anAppRoleId"}},
-			Subject: policysupport.SubjectInfo{Members: []string{"aPrincipalId:aPrincipalDisplayName", "yetAnotherPrincipalId:yetAnotherPrincipalDisplayName", "andAnotherPrincipalId:andAnotherPrincipalDisplayName"}},
-			Object: policysupport.ObjectInfo{
+		[]hexapolicy.PolicyInfo{{
+			Meta:    hexapolicy.MetaInfo{Version: "0"},
+			Actions: []hexapolicy.ActionInfo{{"azure:anAppRoleId"}},
+			Subject: hexapolicy.SubjectInfo{Members: []string{"aPrincipalId:aPrincipalDisplayName", "yetAnotherPrincipalId:yetAnotherPrincipalDisplayName", "andAnotherPrincipalId:andAnotherPrincipalDisplayName"}},
+			Object: hexapolicy.ObjectInfo{
 				ResourceID: "anObjectId",
 			},
 		}})
@@ -166,11 +166,11 @@ func TestSetPolicy_withInvalidArguments(t *testing.T) {
 	status, err = p.SetPolicyInfo(
 		orchestrator.IntegrationInfo{Name: "azure", Key: key},
 		orchestrator.ApplicationInfo{ObjectID: "anObjectId", Name: "anAppName", Description: "aDescription"},
-		[]policysupport.PolicyInfo{{
-			Meta:    policysupport.MetaInfo{Version: "0"},
-			Actions: []policysupport.ActionInfo{{"azure:anAppRoleId"}},
-			Subject: policysupport.SubjectInfo{Members: []string{"aPrincipalId:aPrincipalDisplayName", "yetAnotherPrincipalId:yetAnotherPrincipalDisplayName", "andAnotherPrincipalId:andAnotherPrincipalDisplayName"}},
-			Object:  policysupport.ObjectInfo{},
+		[]hexapolicy.PolicyInfo{{
+			Meta:    hexapolicy.MetaInfo{Version: "0"},
+			Actions: []hexapolicy.ActionInfo{{"azure:anAppRoleId"}},
+			Subject: hexapolicy.SubjectInfo{Members: []string{"aPrincipalId:aPrincipalDisplayName", "yetAnotherPrincipalId:yetAnotherPrincipalDisplayName", "andAnotherPrincipalId:andAnotherPrincipalDisplayName"}},
+			Object:  hexapolicy.ObjectInfo{},
 		}})
 
 	assert.Equal(t, http.StatusInternalServerError, status)
@@ -182,7 +182,7 @@ func TestSetPolicyInfo_CognitoClientError(t *testing.T) {
 	info := awstestsupport.IntegrationInfo()
 	info.Key = []byte("!!!!")
 	appInfo := awstestsupport.AppInfo()
-	_, err := p.SetPolicyInfo(info, appInfo, []policysupport.PolicyInfo{})
+	_, err := p.SetPolicyInfo(info, appInfo, []hexapolicy.PolicyInfo{})
 	assert.Error(t, err)
 	assert.ErrorContains(t, err, "invalid character '!'")
 }
@@ -197,7 +197,7 @@ func TestSetPolicyInfo_ListGroupsError(t *testing.T) {
 
 	info := awstestsupport.IntegrationInfo()
 	appInfo := awstestsupport.AppInfo()
-	_, err := p.SetPolicyInfo(info, appInfo, []policysupport.PolicyInfo{})
+	_, err := p.SetPolicyInfo(info, appInfo, []hexapolicy.PolicyInfo{})
 	assert.Error(t, err)
 	assert.ErrorContains(t, err, "ListGroups")
 	assert.ErrorContains(t, err, "error StatusCode: 400")
@@ -215,7 +215,7 @@ func TestSetPolicyInfo_NoPoliciesInput(t *testing.T) {
 
 	info := awstestsupport.IntegrationInfo()
 	appInfo := awstestsupport.AppInfo()
-	status, err := p.SetPolicyInfo(info, appInfo, []policysupport.PolicyInfo{})
+	status, err := p.SetPolicyInfo(info, appInfo, []hexapolicy.PolicyInfo{})
 	assert.NoError(t, err)
 	assert.Equal(t, http.StatusCreated, status)
 }
diff --git a/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider.go b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider.go
similarity index 83%
rename from internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider.go
rename to demo/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider.go
index d20bf990..f4836fd6 100644
--- a/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider.go
+++ b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider.go
@@ -2,11 +2,11 @@ package awsapigw
 
 import (
 	"github.com/go-playground/validator/v10"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awscognito"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awscommon"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awscognito"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awscommon"
 	log "golang.org/x/exp/slog"
 	"net/http"
 	"strings"
@@ -59,16 +59,16 @@ func (a *AwsApiGatewayProvider) DiscoverApplications(integrationInfo orchestrato
 	return service.DiscoverApplications(integrationInfo)
 }
 
-func (a *AwsApiGatewayProvider) GetPolicyInfo(info orchestrator.IntegrationInfo, appInfo orchestrator.ApplicationInfo) ([]policysupport.PolicyInfo, error) {
+func (a *AwsApiGatewayProvider) GetPolicyInfo(info orchestrator.IntegrationInfo, appInfo orchestrator.ApplicationInfo) ([]hexapolicy.PolicyInfo, error) {
 	service, err := a.getProviderService(info.Key)
 	if err != nil {
 		log.Error("AwsApiGatewayProvider.GetPolicyInfo", "getProviderService err", err)
-		return []policysupport.PolicyInfo{}, err
+		return []hexapolicy.PolicyInfo{}, err
 	}
 	return service.GetPolicyInfo(appInfo)
 }
 
-func (a *AwsApiGatewayProvider) SetPolicyInfo(info orchestrator.IntegrationInfo, applicationInfo orchestrator.ApplicationInfo, policyInfos []policysupport.PolicyInfo) (status int, foundErr error) {
+func (a *AwsApiGatewayProvider) SetPolicyInfo(info orchestrator.IntegrationInfo, applicationInfo orchestrator.ApplicationInfo, policyInfos []hexapolicy.PolicyInfo) (status int, foundErr error) {
 	validate := validator.New()
 	err := validate.Struct(applicationInfo)
 	if err != nil {
diff --git a/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_service.go b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_service.go
similarity index 75%
rename from internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_service.go
rename to demo/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_service.go
index e082b840..eb19f882 100644
--- a/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_service.go
+++ b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_service.go
@@ -1,11 +1,11 @@
 package awsapigw
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awscognito"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/providerscommon"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awscognito"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/providerscommon"
 	log "golang.org/x/exp/slog"
 	"net/http"
 )
@@ -23,16 +23,16 @@ func (s *AwsApiGatewayProviderService) DiscoverApplications(_ orchestrator.Integ
 	return s.cognitoClient.ListUserPools()
 }
 
-func (s *AwsApiGatewayProviderService) GetPolicyInfo(appInfo orchestrator.ApplicationInfo) ([]policysupport.PolicyInfo, error) {
+func (s *AwsApiGatewayProviderService) GetPolicyInfo(appInfo orchestrator.ApplicationInfo) ([]hexapolicy.PolicyInfo, error) {
 	rarList, err := s.policySvc.GetResourceRoles()
 	if err != nil {
 		log.Error("AwsApiGatewayProviderService.GetPolicyInfo", "error calling GetResourceRoles App.Name", appInfo.Name, "identifierUrl[0]", appInfo.Service, "err=", err)
-		return []policysupport.PolicyInfo{}, err
+		return []hexapolicy.PolicyInfo{}, err
 	}
 	return providerscommon.BuildPolicies(rarList), nil
 }
 
-func (s *AwsApiGatewayProviderService) SetPolicyInfo(appInfo orchestrator.ApplicationInfo, policyInfos []policysupport.PolicyInfo) (int, error) {
+func (s *AwsApiGatewayProviderService) SetPolicyInfo(appInfo orchestrator.ApplicationInfo, policyInfos []hexapolicy.PolicyInfo) (int, error) {
 	rarList, err := s.policySvc.GetResourceRoles()
 	if err != nil {
 		log.Error("AwsApiGatewayProviderService.SetPolicyInfo", "error calling GetResourceRoles App.Name", appInfo.Name, "identifierUrl[0]", appInfo.Service, "err=", err)
@@ -49,7 +49,7 @@ func (s *AwsApiGatewayProviderService) SetPolicyInfo(appInfo orchestrator.Applic
 	return http.StatusCreated, nil
 }
 
-func (s *AwsApiGatewayProviderService) setPolicyInfoOld(appInfo orchestrator.ApplicationInfo, policyInfos []policysupport.PolicyInfo) (int, error) {
+func (s *AwsApiGatewayProviderService) setPolicyInfoOld(appInfo orchestrator.ApplicationInfo, policyInfos []hexapolicy.PolicyInfo) (int, error) {
 	allGroups, err := s.cognitoClient.GetGroups(appInfo.ObjectID)
 	if err != nil {
 		return http.StatusInternalServerError, err
diff --git a/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_service_test.go b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_service_test.go
similarity index 95%
rename from internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_service_test.go
rename to demo/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_service_test.go
index 7b5a44b1..cf6bb380 100644
--- a/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_service_test.go
+++ b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_service_test.go
@@ -2,12 +2,12 @@ package awsapigw_test
 
 import (
 	"errors"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awsapigw"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/providerscommon"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/awstestsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/policytestsupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awsapigw"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/providerscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/awstestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/policytestsupport"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"net/http"
@@ -116,7 +116,7 @@ func TestSetPolicyInfo_GetResourcesError(t *testing.T) {
 	policyStoreSvc.expectGetResourceRoles(nil, errors.New("some-error"))
 	service := awsapigw.NewAwsApiGatewayProviderService(nil, policyStoreSvc)
 	appInfo := orchestrator.ApplicationInfo{}
-	status, err := service.SetPolicyInfo(appInfo, []policysupport.PolicyInfo{})
+	status, err := service.SetPolicyInfo(appInfo, []hexapolicy.PolicyInfo{})
 	assert.ErrorContains(t, err, "some-error")
 	assert.Equal(t, http.StatusBadGateway, status)
 }
diff --git a/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_test.go b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_test.go
similarity index 92%
rename from internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_test.go
rename to demo/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_test.go
index 28a5083f..15a986fa 100644
--- a/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_test.go
+++ b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_test.go
@@ -2,10 +2,10 @@ package awsapigw_test
 
 import (
 	"errors"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awsapigw"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/awstestsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/policytestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awsapigw"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/awstestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/policytestsupport"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
diff --git a/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_v2.go b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_v2.go
new file mode 100644
index 00000000..4381187b
--- /dev/null
+++ b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_v2.go
@@ -0,0 +1 @@
+package awsapigw
diff --git a/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_v2_test.go b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_v2_test.go
new file mode 100644
index 00000000..4381187b
--- /dev/null
+++ b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/aws_apigw_provider_v2_test.go
@@ -0,0 +1 @@
+package awsapigw
diff --git a/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dyanmodb_client.go b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dyanmodb_client.go
similarity index 91%
rename from internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dyanmodb_client.go
rename to demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dyanmodb_client.go
index b34eeb49..9972e438 100644
--- a/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dyanmodb_client.go
+++ b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dyanmodb_client.go
@@ -3,7 +3,7 @@ package dynamodbpolicy
 import (
 	"context"
 	ddb "github.com/aws/aws-sdk-go-v2/service/dynamodb"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awscommon"
 	log "golang.org/x/exp/slog"
 )
 
diff --git a/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dyanmodb_client_test.go b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dyanmodb_client_test.go
similarity index 85%
rename from internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dyanmodb_client_test.go
rename to demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dyanmodb_client_test.go
index 522d93d1..39e826d4 100644
--- a/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dyanmodb_client_test.go
+++ b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dyanmodb_client_test.go
@@ -5,9 +5,9 @@ import (
 	"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
 	ddb "github.com/aws/aws-sdk-go-v2/service/dynamodb"
 	"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awscommon"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/awstestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/awstestsupport"
 	"github.com/stretchr/testify/assert"
 	"net/http"
 	"testing"
diff --git a/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_client_model.go b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_client_model.go
similarity index 94%
rename from internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_client_model.go
rename to demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_client_model.go
index 6c811907..e93fe66f 100644
--- a/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_client_model.go
+++ b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_client_model.go
@@ -6,7 +6,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
 	"github.com/aws/aws-sdk-go-v2/service/dynamodb"
 	"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/providerscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/providerscommon"
 	log "golang.org/x/exp/slog"
 	"strings"
 )
diff --git a/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_client_model_test.go b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_client_model_test.go
similarity index 89%
rename from internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_client_model_test.go
rename to demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_client_model_test.go
index 95a7128f..3a030897 100644
--- a/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_client_model_test.go
+++ b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_client_model_test.go
@@ -2,8 +2,8 @@ package dynamodbpolicy_test
 
 import (
 	"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/providerscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/providerscommon"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
diff --git a/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_policy_svc.go b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_policy_svc.go
similarity index 96%
rename from internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_policy_svc.go
rename to demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_policy_svc.go
index f6e5b5bc..b4ae660e 100644
--- a/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_policy_svc.go
+++ b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_policy_svc.go
@@ -6,7 +6,7 @@ import (
 	"errors"
 	"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
 	"github.com/aws/aws-sdk-go-v2/service/dynamodb"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/providerscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/providerscommon"
 	log "golang.org/x/exp/slog"
 )
 
diff --git a/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_policy_svc_test.go b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_policy_svc_test.go
similarity index 94%
rename from internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_policy_svc_test.go
rename to demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_policy_svc_test.go
index 26268809..b29bbff8 100644
--- a/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_policy_svc_test.go
+++ b/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy/dynamodb_policy_svc_test.go
@@ -6,9 +6,9 @@ import (
 	"errors"
 	ddb "github.com/aws/aws-sdk-go-v2/service/dynamodb"
 	"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/providerscommon"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/policytestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awsapigw/dynamodbpolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/providerscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/policytestsupport"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"golang.org/x/exp/slices"
@@ -37,7 +37,7 @@ func TestGetResourceRoles_UnmarshallError(t *testing.T) {
 	client := newMockDynamodbClient()
 	anItem := map[string]types.AttributeValue{
 		"ResourceX": &types.AttributeValueMemberS{Value: "something"},
-		"ActionX":   &types.AttributeValueMemberS{Value: "GET"},
+		"ActionsX":  &types.AttributeValueMemberS{Value: "GET"},
 		"MembersX":  &types.AttributeValueMemberS{Value: `["some-role"]`},
 	}
 
diff --git a/internal/orchestratorproviders/amazonwebservices/awscognito/cognito_client.go b/demo/internal/orchestratorproviders/amazonwebservices/awscognito/cognito_client.go
similarity index 96%
rename from internal/orchestratorproviders/amazonwebservices/awscognito/cognito_client.go
rename to demo/internal/orchestratorproviders/amazonwebservices/awscognito/cognito_client.go
index 4f281f4d..fa710e17 100644
--- a/internal/orchestratorproviders/amazonwebservices/awscognito/cognito_client.go
+++ b/demo/internal/orchestratorproviders/amazonwebservices/awscognito/cognito_client.go
@@ -7,9 +7,9 @@ import (
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
 	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awscommon"
-	"github.com/hexa-org/policy-orchestrator/pkg/workflowsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/workflowsupport"
 	"log"
 	"strings"
 )
diff --git a/internal/orchestratorproviders/amazonwebservices/awscognito/cognito_client_test.go b/demo/internal/orchestratorproviders/amazonwebservices/awscognito/cognito_client_test.go
similarity index 86%
rename from internal/orchestratorproviders/amazonwebservices/awscognito/cognito_client_test.go
rename to demo/internal/orchestratorproviders/amazonwebservices/awscognito/cognito_client_test.go
index a35ff98a..d77a4c4a 100644
--- a/internal/orchestratorproviders/amazonwebservices/awscognito/cognito_client_test.go
+++ b/demo/internal/orchestratorproviders/amazonwebservices/awscognito/cognito_client_test.go
@@ -2,10 +2,10 @@ package awscognito_test
 
 import (
 	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awscognito"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awscommon"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/awstestsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/cognitotestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awscognito"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/awstestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/cognitotestsupport"
 	"github.com/stretchr/testify/assert"
 	"net/http"
 	"testing"
diff --git a/internal/orchestratorproviders/amazonwebservices/awscommon/amazon_http_client.go b/demo/internal/orchestratorproviders/amazonwebservices/awscommon/amazon_http_client.go
similarity index 100%
rename from internal/orchestratorproviders/amazonwebservices/awscommon/amazon_http_client.go
rename to demo/internal/orchestratorproviders/amazonwebservices/awscommon/amazon_http_client.go
diff --git a/internal/orchestratorproviders/amazonwebservices/test/doubles.go b/demo/internal/orchestratorproviders/amazonwebservices/test/doubles.go
similarity index 100%
rename from internal/orchestratorproviders/amazonwebservices/test/doubles.go
rename to demo/internal/orchestratorproviders/amazonwebservices/test/doubles.go
diff --git a/internal/orchestratorproviders/googlecloud/google_client.go b/demo/internal/orchestratorproviders/googlecloud/google_client.go
similarity index 84%
rename from internal/orchestratorproviders/googlecloud/google_client.go
rename to demo/internal/orchestratorproviders/googlecloud/google_client.go
index a4f1fdb5..86c4c4b1 100644
--- a/internal/orchestratorproviders/googlecloud/google_client.go
+++ b/demo/internal/orchestratorproviders/googlecloud/google_client.go
@@ -4,16 +4,15 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	"github.com/hexa-org/policy-mapper/mapper/formats/gcpBind"
 	"io"
 	"log"
 	"net/http"
 	"strings"
 
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/functionalsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/googlesupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/hexapolicy"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/functionalsupport"
 	"google.golang.org/api/iam/v1"
 )
 
@@ -124,7 +123,7 @@ type bindingInfo struct {
 	Condition *condition `json:"condition,omitempty"`
 }
 
-func (c *GoogleClient) GetBackendPolicy(name, objectId string) ([]policysupport.PolicyInfo, error) {
+func (c *GoogleClient) GetBackendPolicy(name, objectId string) ([]hexapolicy.PolicyInfo, error) {
 	var url string
 	if strings.HasPrefix(name, "apps") { // todo - revisit and improve the decision here
 		url = fmt.Sprintf("https://iap.googleapis.com/v1/projects/%s/iap_web/appengine-%s/services/default:getIamPolicy", c.ProjectId, objectId)
@@ -135,14 +134,14 @@ func (c *GoogleClient) GetBackendPolicy(name, objectId string) ([]policysupport.
 	post, err := c.HttpClient.Post(url, "application/json", bytes.NewReader([]byte{}))
 	if err != nil {
 		log.Println("Unable to find google cloud policy.")
-		return []policysupport.PolicyInfo{}, err
+		return []hexapolicy.PolicyInfo{}, err
 	}
 	log.Printf("Google cloud response %s.\n", post.Status)
 
 	var binds bindings
 	if err = json.NewDecoder(post.Body).Decode(&binds); err != nil {
 		log.Println("Unable to decode google cloud policy.")
-		return []policysupport.PolicyInfo{}, err
+		return []hexapolicy.PolicyInfo{}, err
 	}
 
 	/// todo - below is work in progress
@@ -158,7 +157,9 @@ func (c *GoogleClient) GetBackendPolicy(name, objectId string) ([]policysupport.
 	})
 
 	policies := functionalsupport.Map(iamBindings, func(iamBinding iam.Binding) hexapolicy.PolicyInfo {
-		p, mappingErr := googlesupport.New(map[string]string{}).MapBindingToPolicy(objectId, iamBinding)
+		p, mappingErr := gcpBind.New(map[string]string{}).MapBindingToPolicy(objectId, iamBinding)
+
+		//p, mappingErr := googlesupport.New(map[string]string{}).MapBindingToPolicy(objectId, iamBinding)
 		if mappingErr != nil {
 			return hexapolicy.PolicyInfo{}
 		}
@@ -166,22 +167,22 @@ func (c *GoogleClient) GetBackendPolicy(name, objectId string) ([]policysupport.
 	})
 
 	// todo - use mapper policy support here...
-	hexaPolicies := functionalsupport.Map(policies, func(policy hexapolicy.PolicyInfo) policysupport.PolicyInfo {
-		return policysupport.PolicyInfo{
-			Meta: policysupport.MetaInfo{Version: policy.Meta.Version},
-			Actions: functionalsupport.Map(policy.Actions, func(action hexapolicy.ActionInfo) policysupport.ActionInfo {
-				return policysupport.ActionInfo{
+	hexaPolicies := functionalsupport.Map(policies, func(policy hexapolicy.PolicyInfo) hexapolicy.PolicyInfo {
+		return hexapolicy.PolicyInfo{
+			Meta: hexapolicy.MetaInfo{Version: policy.Meta.Version},
+			Actions: functionalsupport.Map(policy.Actions, func(action hexapolicy.ActionInfo) hexapolicy.ActionInfo {
+				return hexapolicy.ActionInfo{
 					ActionUri: action.ActionUri,
 				}
 			}),
-			Subject: policysupport.SubjectInfo{Members: policy.Subject.Members},
-			Object:  policysupport.ObjectInfo{ResourceID: policy.Object.ResourceID},
+			Subject: hexapolicy.SubjectInfo{Members: policy.Subject.Members},
+			Object:  hexapolicy.ObjectInfo{ResourceID: policy.Object.ResourceID},
 		}
 	})
 	return hexaPolicies, err
 }
 
-func (c *GoogleClient) SetBackendPolicy(name, objectId string, p policysupport.PolicyInfo) error { // todo - objectId may no longer be needed, at least for google
+func (c *GoogleClient) SetBackendPolicy(name, objectId string, p hexapolicy.PolicyInfo) error { // todo - objectId may no longer be needed, at least for google
 	var url string
 	if strings.HasPrefix(name, "apps") { // todo - revisit and improve the decision here
 		url = fmt.Sprintf("https://iap.googleapis.com/v1/projects/%s/iap_web/appengine-%s/services/default:setIamPolicy", c.ProjectId, objectId)
diff --git a/internal/orchestratorproviders/googlecloud/google_client_test.go b/demo/internal/orchestratorproviders/googlecloud/google_client_test.go
similarity index 86%
rename from internal/orchestratorproviders/googlecloud/google_client_test.go
rename to demo/internal/orchestratorproviders/googlecloud/google_client_test.go
index 050d7a44..2ae03fbc 100644
--- a/internal/orchestratorproviders/googlecloud/google_client_test.go
+++ b/demo/internal/orchestratorproviders/googlecloud/google_client_test.go
@@ -4,9 +4,9 @@ import (
 	"errors"
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/googlecloud"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/googlecloud"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -145,8 +145,8 @@ func TestGoogleClient_GetBackendPolicies_withBadJson(t *testing.T) {
 }
 
 func TestGoogleClient_SetAppEnginePolicies(t *testing.T) {
-	policy := policysupport.PolicyInfo{
-		Meta: policysupport.MetaInfo{Version: "aVersion"}, Actions: []policysupport.ActionInfo{{"roles/iap.httpsResourceAccessor"}}, Subject: policysupport.SubjectInfo{Members: []string{"aUser"}}, Object: policysupport.ObjectInfo{
+	policy := hexapolicy.PolicyInfo{
+		Meta: hexapolicy.MetaInfo{Version: "aVersion"}, Actions: []hexapolicy.ActionInfo{{"roles/iap.httpsResourceAccessor"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"aUser"}}, Object: hexapolicy.ObjectInfo{
 			ResourceID: "anObjectId",
 		},
 	}
@@ -172,8 +172,8 @@ func TestGoogleClient_SetAppEnginePolicies(t *testing.T) {
 }
 
 func TestGoogleClient_SetBackendPolicies(t *testing.T) {
-	policy := policysupport.PolicyInfo{
-		Meta: policysupport.MetaInfo{Version: "aVersion"}, Actions: []policysupport.ActionInfo{{"gcp:roles/iap.httpsResourceAccessor"}}, Subject: policysupport.SubjectInfo{Members: []string{"aUser"}}, Object: policysupport.ObjectInfo{
+	policy := hexapolicy.PolicyInfo{
+		Meta: hexapolicy.MetaInfo{Version: "aVersion"}, Actions: []hexapolicy.ActionInfo{{"gcp:roles/iap.httpsResourceAccessor"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"aUser"}}, Object: hexapolicy.ObjectInfo{
 			ResourceID: "anObjectId",
 		},
 	}
@@ -197,8 +197,8 @@ func TestGoogleClient_SetBackendPolicies(t *testing.T) {
 }
 
 func TestGoogleClient_SetBackendPolicies_withRequestError(t *testing.T) {
-	policy := policysupport.PolicyInfo{
-		Meta: policysupport.MetaInfo{Version: "aVersion"}, Actions: []policysupport.ActionInfo{{"gcp:roles/iap.httpsResourceAccessor"}}, Subject: policysupport.SubjectInfo{Members: []string{"aUser"}}, Object: policysupport.ObjectInfo{
+	policy := hexapolicy.PolicyInfo{
+		Meta: hexapolicy.MetaInfo{Version: "aVersion"}, Actions: []hexapolicy.ActionInfo{{"gcp:roles/iap.httpsResourceAccessor"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"aUser"}}, Object: hexapolicy.ObjectInfo{
 			ResourceID: "anObjectId",
 		},
 	}
diff --git a/internal/orchestratorproviders/googlecloud/google_cloud_provider.go b/demo/internal/orchestratorproviders/googlecloud/google_cloud_provider.go
similarity index 92%
rename from internal/orchestratorproviders/googlecloud/google_cloud_provider.go
rename to demo/internal/orchestratorproviders/googlecloud/google_cloud_provider.go
index 60621d93..d12c428c 100644
--- a/internal/orchestratorproviders/googlecloud/google_cloud_provider.go
+++ b/demo/internal/orchestratorproviders/googlecloud/google_cloud_provider.go
@@ -8,8 +8,8 @@ import (
 	"strings"
 
 	"github.com/go-playground/validator/v10"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
 	"google.golang.org/api/option"
 	"google.golang.org/api/transport/http"
 )
@@ -49,7 +49,7 @@ func (g *GoogleProvider) DiscoverApplications(info orchestrator.IntegrationInfo)
 	return apps, err
 }
 
-func (g *GoogleProvider) GetPolicyInfo(integration orchestrator.IntegrationInfo, app orchestrator.ApplicationInfo) (infos []policysupport.PolicyInfo, err error) {
+func (g *GoogleProvider) GetPolicyInfo(integration orchestrator.IntegrationInfo, app orchestrator.ApplicationInfo) (infos []hexapolicy.PolicyInfo, err error) {
 	key := integration.Key
 	foundCredentials := g.credentials(key)
 	client, createClientErr := g.getHttpClient(key)
@@ -61,7 +61,7 @@ func (g *GoogleProvider) GetPolicyInfo(integration orchestrator.IntegrationInfo,
 	return googleClient.GetBackendPolicy(app.Name, app.ObjectID)
 }
 
-func (g *GoogleProvider) SetPolicyInfo(integration orchestrator.IntegrationInfo, app orchestrator.ApplicationInfo, policyInfos []policysupport.PolicyInfo) (int, error) {
+func (g *GoogleProvider) SetPolicyInfo(integration orchestrator.IntegrationInfo, app orchestrator.ApplicationInfo, policyInfos []hexapolicy.PolicyInfo) (int, error) {
 	validate := validator.New() // todo - move this up?
 	errApp := validate.Struct(app)
 	if errApp != nil {
diff --git a/internal/orchestratorproviders/googlecloud/google_cloud_provider_test.go b/demo/internal/orchestratorproviders/googlecloud/google_cloud_provider_test.go
similarity index 82%
rename from internal/orchestratorproviders/googlecloud/google_cloud_provider_test.go
rename to demo/internal/orchestratorproviders/googlecloud/google_cloud_provider_test.go
index 9dd31366..b7b596d4 100644
--- a/internal/orchestratorproviders/googlecloud/google_cloud_provider_test.go
+++ b/demo/internal/orchestratorproviders/googlecloud/google_cloud_provider_test.go
@@ -3,10 +3,10 @@ package googlecloud_test
 import (
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/googlecloud"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/googlecloud"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -20,7 +20,7 @@ func TestGoogleProvider_BadClientKey(t *testing.T) {
 	_, getErr := p.GetPolicyInfo(info, orchestrator.ApplicationInfo{ObjectID: "anObjectId"})
 	assert.Error(t, getErr)
 
-	status, setErr := p.SetPolicyInfo(info, orchestrator.ApplicationInfo{ObjectID: "anObjectId"}, []policysupport.PolicyInfo{})
+	status, setErr := p.SetPolicyInfo(info, orchestrator.ApplicationInfo{ObjectID: "anObjectId"}, []hexapolicy.PolicyInfo{})
 	assert.Equal(t, 500, status)
 	assert.Error(t, setErr)
 }
@@ -102,8 +102,8 @@ func TestGoogleProvider_GetPolicy(t *testing.T) {
 }
 
 func TestGoogleProvider_SetPolicy(t *testing.T) {
-	policy := policysupport.PolicyInfo{
-		Meta: policysupport.MetaInfo{Version: "aVersion"}, Actions: []policysupport.ActionInfo{{"anAction"}}, Subject: policysupport.SubjectInfo{Members: []string{"aUser"}}, Object: policysupport.ObjectInfo{
+	policy := hexapolicy.PolicyInfo{
+		Meta: hexapolicy.MetaInfo{Version: "aVersion"}, Actions: []hexapolicy.ActionInfo{{"anAction"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"aUser"}}, Object: hexapolicy.ObjectInfo{
 			ResourceID: "anObjectId",
 		},
 	}
@@ -111,14 +111,14 @@ func TestGoogleProvider_SetPolicy(t *testing.T) {
 
 	p := googlecloud.GoogleProvider{HttpClientOverride: m}
 	info := orchestrator.IntegrationInfo{Name: "google_cloud", Key: []byte("aKey")}
-	status, err := p.SetPolicyInfo(info, orchestrator.ApplicationInfo{ObjectID: "anObjectId"}, []policysupport.PolicyInfo{policy})
+	status, err := p.SetPolicyInfo(info, orchestrator.ApplicationInfo{ObjectID: "anObjectId"}, []hexapolicy.PolicyInfo{policy})
 	assert.Equal(t, 201, status)
 	assert.NoError(t, err)
 }
 
 func TestGoogleProvider_SetPolicy_withInvalidArguments(t *testing.T) {
-	missingMeta := policysupport.PolicyInfo{
-		Actions: []policysupport.ActionInfo{{"anAction"}}, Subject: policysupport.SubjectInfo{Members: []string{"aUser"}}, Object: policysupport.ObjectInfo{
+	missingMeta := hexapolicy.PolicyInfo{
+		Actions: []hexapolicy.ActionInfo{{"anAction"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"aUser"}}, Object: hexapolicy.ObjectInfo{
 			ResourceID: "anObjectId",
 		},
 	}
@@ -127,11 +127,11 @@ func TestGoogleProvider_SetPolicy_withInvalidArguments(t *testing.T) {
 	p := googlecloud.GoogleProvider{HttpClientOverride: m}
 	info := orchestrator.IntegrationInfo{Name: "not google_cloud", Key: []byte("aKey")}
 
-	status, err := p.SetPolicyInfo(info, orchestrator.ApplicationInfo{}, []policysupport.PolicyInfo{missingMeta})
+	status, err := p.SetPolicyInfo(info, orchestrator.ApplicationInfo{}, []hexapolicy.PolicyInfo{missingMeta})
 	assert.Equal(t, 500, status)
 	assert.Error(t, err)
 
-	status, err = p.SetPolicyInfo(info, orchestrator.ApplicationInfo{ObjectID: "anObjectId"}, []policysupport.PolicyInfo{missingMeta})
+	status, err = p.SetPolicyInfo(info, orchestrator.ApplicationInfo{ObjectID: "anObjectId"}, []hexapolicy.PolicyInfo{missingMeta})
 	assert.Equal(t, 500, status)
 	assert.Error(t, err)
 }
diff --git a/internal/orchestratorproviders/googlecloud/responses_test.go b/demo/internal/orchestratorproviders/googlecloud/responses_test.go
similarity index 100%
rename from internal/orchestratorproviders/googlecloud/responses_test.go
rename to demo/internal/orchestratorproviders/googlecloud/responses_test.go
diff --git a/internal/orchestratorproviders/microsoftazure/azad/azure_client.go b/demo/internal/orchestratorproviders/microsoftazure/azad/azure_client.go
similarity index 98%
rename from internal/orchestratorproviders/microsoftazure/azad/azure_client.go
rename to demo/internal/orchestratorproviders/microsoftazure/azad/azure_client.go
index c9d1926f..ec1bca7f 100644
--- a/internal/orchestratorproviders/microsoftazure/azad/azure_client.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azad/azure_client.go
@@ -6,8 +6,8 @@ import (
 	"errors"
 	"fmt"
 	"github.com/go-playground/validator/v10"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azurecommon"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azurecommon"
 	"log"
 	"net/http"
 	"net/url"
diff --git a/internal/orchestratorproviders/microsoftazure/azad/azure_client_test.go b/demo/internal/orchestratorproviders/microsoftazure/azad/azure_client_test.go
similarity index 98%
rename from internal/orchestratorproviders/microsoftazure/azad/azure_client_test.go
rename to demo/internal/orchestratorproviders/microsoftazure/azad/azure_client_test.go
index e40ced86..1ba537a4 100644
--- a/internal/orchestratorproviders/microsoftazure/azad/azure_client_test.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azad/azure_client_test.go
@@ -1,9 +1,9 @@
 package azad_test
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azad"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/policytestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azad"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/policytestsupport"
 	"net/http"
 	"testing"
 
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/apim_provider_service.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/apim_provider_service.go
similarity index 86%
rename from internal/orchestratorproviders/microsoftazure/azarm/apim_provider_service.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/apim_provider_service.go
index 8b8dadeb..d7612f69 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/apim_provider_service.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/apim_provider_service.go
@@ -3,13 +3,13 @@ package azarm
 import (
 	"errors"
 	"fmt"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azad"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/azapim"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/providerscommon"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azad"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/providerscommon"
 	log "golang.org/x/exp/slog"
 	"net/http"
 )
@@ -64,16 +64,16 @@ func (s *ApimProviderService) DiscoverApplications(info orchestrator.Integration
 	return apps, nil
 }
 
-func (s *ApimProviderService) GetPolicyInfo(appInfo orchestrator.ApplicationInfo) ([]policysupport.PolicyInfo, error) {
+func (s *ApimProviderService) GetPolicyInfo(appInfo orchestrator.ApplicationInfo) ([]hexapolicy.PolicyInfo, error) {
 	serviceInfoAndRars, err := s.getResourceRolesForApi(appInfo)
 	if err != nil {
 		log.Error("ApimProviderService.GetPolicyInfo", "error calling getResourceRolesForApi App.Name", appInfo.Name, "identifierUrl[0]", appInfo.Service, "err=", err)
-		return []policysupport.PolicyInfo{}, err
+		return []hexapolicy.PolicyInfo{}, err
 	}
 	return providerscommon.BuildPolicies(serviceInfoAndRars.rarList), nil
 }
 
-func (s *ApimProviderService) SetPolicyInfo(appInfo orchestrator.ApplicationInfo, policyInfos []policysupport.PolicyInfo) (int, error) {
+func (s *ApimProviderService) SetPolicyInfo(appInfo orchestrator.ApplicationInfo, policyInfos []hexapolicy.PolicyInfo) (int, error) {
 	serviceInfoAndRars, err := s.getResourceRolesForApi(appInfo)
 	if err != nil {
 		log.Error("ApimProviderService.SetPolicyInfo", "error calling getResourceRolesForApi App.Name", appInfo.Name, "identifierUrl[0]", appInfo.Service, "err=", err)
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/apim_provider_service_test.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/apim_provider_service_test.go
similarity index 78%
rename from internal/orchestratorproviders/microsoftazure/azarm/apim_provider_service_test.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/apim_provider_service_test.go
index ba0bafa8..46902e44 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/apim_provider_service_test.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/apim_provider_service_test.go
@@ -1,12 +1,12 @@
 package azarm_test
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport/apim_testsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport/armtestsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/policytestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport/apim_testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport/armtestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/policytestsupport"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_client_list_pager.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_client_list_pager.go
similarity index 94%
rename from internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_client_list_pager.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_client_list_pager.go
index 6a4245c3..82d9ca31 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_client_list_pager.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_client_list_pager.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azurecommon"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azurecommon"
 	log "golang.org/x/exp/slog"
 )
 
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_client_list_pager_test.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_client_list_pager_test.go
similarity index 97%
rename from internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_client_list_pager_test.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_client_list_pager_test.go
index 0d0a30ac..44ec0cd7 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_client_list_pager_test.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_client_list_pager_test.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
 	"github.com/google/uuid"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_client_support.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_client_support.go
similarity index 81%
rename from internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_client_support.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_client_support.go
index 00eff285..73740be5 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_client_support.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_client_support.go
@@ -3,7 +3,7 @@ package armclientsupport
 import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/arm"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azurecommon"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azurecommon"
 )
 
 func NewArmClientOptions(httpClient azurecommon.HTTPClient) *arm.ClientOptions {
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_lro_poller.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_lro_poller.go
similarity index 100%
rename from internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_lro_poller.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_lro_poller.go
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_lro_poller_test.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_lro_poller_test.go
similarity index 96%
rename from internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_lro_poller_test.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_lro_poller_test.go
index dfc7b2b6..52fa3192 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_lro_poller_test.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/arm_lro_poller_test.go
@@ -6,8 +6,8 @@ import (
 	"errors"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
 	"github.com/stretchr/testify/assert"
 	"io"
 	"net/http"
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/mock_lro_poller_test.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/mock_lro_poller_test.go
similarity index 94%
rename from internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/mock_lro_poller_test.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/mock_lro_poller_test.go
index c4da62eb..37a5db1e 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/mock_lro_poller_test.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport/mock_lro_poller_test.go
@@ -3,8 +3,8 @@ package armclientsupport_test
 import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
 	"io"
 	"net/http"
 	"strconv"
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/armmodel/apim_service_info.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel/apim_service_info.go
similarity index 100%
rename from internal/orchestratorproviders/microsoftazure/azarm/armmodel/apim_service_info.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel/apim_service_info.go
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/armmodel/apim_service_info_test.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel/apim_service_info_test.go
similarity index 83%
rename from internal/orchestratorproviders/microsoftazure/azarm/armmodel/apim_service_info_test.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel/apim_service_info_test.go
index 3d29d782..8332acab 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/armmodel/apim_service_info_test.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel/apim_service_info_test.go
@@ -1,7 +1,7 @@
 package armmodel_test
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/armmodel/arm_resource.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel/arm_resource.go
similarity index 100%
rename from internal/orchestratorproviders/microsoftazure/azarm/armmodel/arm_resource.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel/arm_resource.go
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/armmodel/arm_resource_test.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel/arm_resource_test.go
similarity index 95%
rename from internal/orchestratorproviders/microsoftazure/azarm/armmodel/arm_resource_test.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel/arm_resource_test.go
index 719d6729..edbca715 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/armmodel/arm_resource_test.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel/arm_resource_test.go
@@ -2,7 +2,7 @@ package armmodel_test
 
 import (
 	"fmt"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/azapim/apim_svc.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apim_svc.go
similarity index 83%
rename from internal/orchestratorproviders/microsoftazure/azarm/azapim/apim_svc.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apim_svc.go
index 39eda9af..7d825be0 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/azapim/apim_svc.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apim_svc.go
@@ -4,10 +4,10 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/arm"
 	azarmapim "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimapi"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimservice"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimapi"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimservice"
 )
 
 type ArmApimSvc interface {
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/azapim/apim_svc_test.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apim_svc_test.go
similarity index 88%
rename from internal/orchestratorproviders/microsoftazure/azarm/azapim/apim_svc_test.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apim_svc_test.go
index 5079a9b6..e3ebcc85 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/azapim/apim_svc_test.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apim_svc_test.go
@@ -2,12 +2,12 @@ package azapim_test
 
 import (
 	"encoding/json"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/azapim"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport/apim_testsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport/armtestsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport/apim_testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport/armtestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
 	"github.com/stretchr/testify/assert"
 	"net/http"
 	"testing"
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimapi/apimapi_client.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimapi/apimapi_client.go
similarity index 100%
rename from internal/orchestratorproviders/microsoftazure/azarm/azapim/apimapi/apimapi_client.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimapi/apimapi_client.go
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimapiop/apim_policy_xml_test.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimapiop/apim_policy_xml_test.go
similarity index 100%
rename from internal/orchestratorproviders/microsoftazure/azarm/azapim/apimapiop/apim_policy_xml_test.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimapiop/apim_policy_xml_test.go
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/apim_namedvalue_client.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/apim_namedvalue_client.go
similarity index 100%
rename from internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/apim_namedvalue_client.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/apim_namedvalue_client.go
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/apim_namedvalue_svc.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/apim_namedvalue_svc.go
similarity index 92%
rename from internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/apim_namedvalue_svc.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/apim_namedvalue_svc.go
index 14daa372..d35ca398 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/apim_namedvalue_svc.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/apim_namedvalue_svc.go
@@ -8,9 +8,9 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/arm"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
 	azarmapim "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/providerscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/providerscommon"
 	log "golang.org/x/exp/slog"
 	"time"
 )
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/apim_namedvalue_svc_test.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/apim_namedvalue_svc_test.go
similarity index 53%
rename from internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/apim_namedvalue_svc_test.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/apim_namedvalue_svc_test.go
index 879c87a9..93c9df51 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/apim_namedvalue_svc_test.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/apim_namedvalue_svc_test.go
@@ -1,9 +1,9 @@
 package apimnv_test
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/providerscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/providerscommon"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/svc_update_resource_roles_test.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/svc_update_resource_roles_test.go
similarity index 89%
rename from internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/svc_update_resource_roles_test.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/svc_update_resource_roles_test.go
index ca0f78eb..11776d74 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/svc_update_resource_roles_test.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv/svc_update_resource_roles_test.go
@@ -7,11 +7,11 @@ import (
 	"errors"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
 	azarmapim "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/providerscommon"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport/apim_testsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport/armtestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/providerscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport/apim_testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport/armtestsupport"
 	"github.com/stretchr/testify/assert"
 	"io"
 	"net/http"
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimservice/apimservice_client.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimservice/apimservice_client.go
similarity index 100%
rename from internal/orchestratorproviders/microsoftazure/azarm/azapim/apimservice/apimservice_client.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimservice/apimservice_client.go
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimservice/apimservice_client_test.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimservice/apimservice_client_test.go
similarity index 65%
rename from internal/orchestratorproviders/microsoftazure/azarm/azapim/apimservice/apimservice_client_test.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimservice/apimservice_client_test.go
index c50a4e11..d358ce13 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimservice/apimservice_client_test.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimservice/apimservice_client_test.go
@@ -3,12 +3,12 @@ package apimservice_test
 import (
 	"context"
 	"encoding/json"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimservice"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azurecommon"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport/apim_testsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport/armtestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimservice"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azurecommon"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport/apim_testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport/armtestsupport"
 	"github.com/stretchr/testify/assert"
 	"net/http"
 	"testing"
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/azapim/svc_factory.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/svc_factory.go
similarity index 76%
rename from internal/orchestratorproviders/microsoftazure/azarm/azapim/svc_factory.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/svc_factory.go
index 62ddd52d..b5228802 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/azapim/svc_factory.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/svc_factory.go
@@ -3,10 +3,10 @@ package azapim
 import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/arm"
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/azresource"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azurecommon"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armclientsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/azresource"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azurecommon"
 	log "golang.org/x/exp/slog"
 )
 
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/azresource/arm_resource_client.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/azresource/arm_resource_client.go
similarity index 100%
rename from internal/orchestratorproviders/microsoftazure/azarm/azresource/arm_resource_client.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/azresource/arm_resource_client.go
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/azresource/arm_resource_client_test.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/azresource/arm_resource_client_test.go
similarity index 88%
rename from internal/orchestratorproviders/microsoftazure/azarm/azresource/arm_resource_client_test.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/azresource/arm_resource_client_test.go
index a4503281..681e8c8c 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/azresource/arm_resource_client_test.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/azresource/arm_resource_client_test.go
@@ -4,10 +4,10 @@ import (
 	"encoding/json"
 	"fmt"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/azapim"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport/armtestsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport/armtestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
 	"github.com/stretchr/testify/assert"
 	"log"
 	"net/http"
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/azresource/arm_resource_svc.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/azresource/arm_resource_svc.go
similarity index 88%
rename from internal/orchestratorproviders/microsoftazure/azarm/azresource/arm_resource_svc.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/azresource/arm_resource_svc.go
index 5713e730..9df9c2a5 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/azresource/arm_resource_svc.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/azresource/arm_resource_svc.go
@@ -5,8 +5,8 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/arm"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azurecommon"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azurecommon"
 	log "golang.org/x/exp/slog"
 )
 
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/azure_apim_provider.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/azure_apim_provider.go
similarity index 85%
rename from internal/orchestratorproviders/microsoftazure/azarm/azure_apim_provider.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/azure_apim_provider.go
index 4fa0278b..f03656fe 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/azure_apim_provider.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/azure_apim_provider.go
@@ -1,11 +1,11 @@
 package azarm
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azad"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/azapim"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azad"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv"
 	log "golang.org/x/exp/slog"
 	"net/http"
 	"strings"
@@ -69,17 +69,17 @@ func (a *AzureApimProvider) DiscoverApplications(integrationInfo orchestrator.In
 
 }
 
-func (a *AzureApimProvider) GetPolicyInfo(integrationInfo orchestrator.IntegrationInfo, applicationInfo orchestrator.ApplicationInfo) ([]policysupport.PolicyInfo, error) {
+func (a *AzureApimProvider) GetPolicyInfo(integrationInfo orchestrator.IntegrationInfo, applicationInfo orchestrator.ApplicationInfo) ([]hexapolicy.PolicyInfo, error) {
 	service, err := a.getApimProviderService(integrationInfo.Key)
 	if err != nil {
 		log.Error("ApimProvider.GetPolicyInfo", "getApimProviderService err", err)
-		return []policysupport.PolicyInfo{}, err
+		return []hexapolicy.PolicyInfo{}, err
 	}
 
 	return service.GetPolicyInfo(applicationInfo)
 }
 
-func (a *AzureApimProvider) SetPolicyInfo(integrationInfo orchestrator.IntegrationInfo, applicationInfo orchestrator.ApplicationInfo, policyInfos []policysupport.PolicyInfo) (int, error) {
+func (a *AzureApimProvider) SetPolicyInfo(integrationInfo orchestrator.IntegrationInfo, applicationInfo orchestrator.ApplicationInfo, policyInfos []hexapolicy.PolicyInfo) (int, error) {
 	service, err := a.getApimProviderService(integrationInfo.Key)
 	if err != nil {
 		log.Error("ApimProvider.SetPolicyInfo", "getApimProviderService err", err)
diff --git a/internal/orchestratorproviders/microsoftazure/azarm/azure_apim_provider_test.go b/demo/internal/orchestratorproviders/microsoftazure/azarm/azure_apim_provider_test.go
similarity index 73%
rename from internal/orchestratorproviders/microsoftazure/azarm/azure_apim_provider_test.go
rename to demo/internal/orchestratorproviders/microsoftazure/azarm/azure_apim_provider_test.go
index de68da54..d9e781fd 100644
--- a/internal/orchestratorproviders/microsoftazure/azarm/azure_apim_provider_test.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azarm/azure_apim_provider_test.go
@@ -1,15 +1,15 @@
 package azarm_test
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azad"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/azapim"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport/apim_testsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport/armtestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azad"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/azapim/apimnv"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport/apim_testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport/armtestsupport"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
diff --git a/internal/orchestratorproviders/microsoftazure/azure_policy_mapper.go b/demo/internal/orchestratorproviders/microsoftazure/azure_policy_mapper.go
similarity index 76%
rename from internal/orchestratorproviders/microsoftazure/azure_policy_mapper.go
rename to demo/internal/orchestratorproviders/microsoftazure/azure_policy_mapper.go
index ab4c1e3e..466168ba 100644
--- a/internal/orchestratorproviders/microsoftazure/azure_policy_mapper.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azure_policy_mapper.go
@@ -2,8 +2,8 @@ package microsoftazure
 
 import (
 	"fmt"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azad"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azad"
 )
 
 type AzurePolicyMapper struct {
@@ -25,8 +25,8 @@ func NewAzurePolicyMapper(sps azad.AzureServicePrincipals, existingAssignments [
 		azureUserEmail:       azureUserEmail}
 }
 
-func (azm *AzurePolicyMapper) ToIDQL() []policysupport.PolicyInfo {
-	policies := make([]policysupport.PolicyInfo, 0)
+func (azm *AzurePolicyMapper) ToIDQL() []hexapolicy.PolicyInfo {
+	policies := make([]hexapolicy.PolicyInfo, 0)
 	for appRoleId, appRole := range azm.roleIdToAppRole {
 		pol := azm.appRoleAssignmentToIDQL(azm.existingRoleIdToAras[appRoleId], appRole.Value)
 		policies = append(policies, pol)
@@ -35,7 +35,7 @@ func (azm *AzurePolicyMapper) ToIDQL() []policysupport.PolicyInfo {
 
 }
 
-func (azm *AzurePolicyMapper) appRoleAssignmentToIDQL(assignments []azad.AzureAppRoleAssignment, action string) policysupport.PolicyInfo {
+func (azm *AzurePolicyMapper) appRoleAssignmentToIDQL(assignments []azad.AzureAppRoleAssignment, action string) hexapolicy.PolicyInfo {
 
 	members := make([]string, 0)
 	for _, oneAssignment := range assignments {
@@ -46,11 +46,11 @@ func (azm *AzurePolicyMapper) appRoleAssignmentToIDQL(assignments []azad.AzureAp
 
 	}
 
-	return policysupport.PolicyInfo{
-		Meta:    policysupport.MetaInfo{Version: "0.5"},
-		Actions: []policysupport.ActionInfo{{action}},
-		Subject: policysupport.SubjectInfo{Members: members},
-		Object:  policysupport.ObjectInfo{ResourceID: azm.objectId},
+	return hexapolicy.PolicyInfo{
+		Meta:    hexapolicy.MetaInfo{Version: "0.5"},
+		Actions: []hexapolicy.ActionInfo{{action}},
+		Subject: hexapolicy.SubjectInfo{Members: members},
+		Object:  hexapolicy.ObjectInfo{ResourceID: azm.objectId},
 	}
 }
 
diff --git a/internal/orchestratorproviders/microsoftazure/azure_policy_mapper_test.go b/demo/internal/orchestratorproviders/microsoftazure/azure_policy_mapper_test.go
similarity index 87%
rename from internal/orchestratorproviders/microsoftazure/azure_policy_mapper_test.go
rename to demo/internal/orchestratorproviders/microsoftazure/azure_policy_mapper_test.go
index 377c09ac..448d1fdb 100644
--- a/internal/orchestratorproviders/microsoftazure/azure_policy_mapper_test.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azure_policy_mapper_test.go
@@ -1,10 +1,10 @@
 package microsoftazure_test
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azad"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/policytestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azad"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/policytestsupport"
 	"github.com/stretchr/testify/assert"
 	"log"
 	"testing"
diff --git a/internal/orchestratorproviders/microsoftazure/azure_provider.go b/demo/internal/orchestratorproviders/microsoftazure/azure_provider.go
similarity index 90%
rename from internal/orchestratorproviders/microsoftazure/azure_provider.go
rename to demo/internal/orchestratorproviders/microsoftazure/azure_provider.go
index b601ef88..e51adf26 100644
--- a/internal/orchestratorproviders/microsoftazure/azure_provider.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azure_provider.go
@@ -3,10 +3,10 @@ package microsoftazure
 import (
 	"errors"
 	"github.com/go-playground/validator/v10"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azad"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/workflowsupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azad"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/workflowsupport"
 	"log"
 	"net/http"
 	"strings"
@@ -47,11 +47,11 @@ func (a *AzureProvider) DiscoverApplications(info orchestrator.IntegrationInfo)
 	return apps, err
 }
 
-func (a *AzureProvider) GetPolicyInfo(integrationInfo orchestrator.IntegrationInfo, applicationInfo orchestrator.ApplicationInfo) ([]policysupport.PolicyInfo, error) {
+func (a *AzureProvider) GetPolicyInfo(integrationInfo orchestrator.IntegrationInfo, applicationInfo orchestrator.ApplicationInfo) ([]hexapolicy.PolicyInfo, error) {
 	key := integrationInfo.Key
 	servicePrincipals, _ := a.client.GetServicePrincipals(key, applicationInfo.Description) // todo - description is named poorly
 	if len(servicePrincipals.List) == 0 {
-		return []policysupport.PolicyInfo{}, nil
+		return []hexapolicy.PolicyInfo{}, nil
 	}
 	assignments, _ := a.client.GetAppRoleAssignedTo(key, servicePrincipals.List[0].ID)
 
@@ -75,7 +75,7 @@ func (a *AzureProvider) GetPolicyInfo(integrationInfo orchestrator.IntegrationIn
 	return policyMapper.ToIDQL(), nil
 }
 
-func (a *AzureProvider) SetPolicyInfo(integrationInfo orchestrator.IntegrationInfo, applicationInfo orchestrator.ApplicationInfo, policyInfos []policysupport.PolicyInfo) (int, error) {
+func (a *AzureProvider) SetPolicyInfo(integrationInfo orchestrator.IntegrationInfo, applicationInfo orchestrator.ApplicationInfo, policyInfos []hexapolicy.PolicyInfo) (int, error) {
 	validate := validator.New() // todo - move this up?
 	errApp := validate.Struct(applicationInfo)
 	if errApp != nil {
diff --git a/internal/orchestratorproviders/microsoftazure/azure_provider_test.go b/demo/internal/orchestratorproviders/microsoftazure/azure_provider_test.go
similarity index 77%
rename from internal/orchestratorproviders/microsoftazure/azure_provider_test.go
rename to demo/internal/orchestratorproviders/microsoftazure/azure_provider_test.go
index 707b0b74..f4aa18db 100644
--- a/internal/orchestratorproviders/microsoftazure/azure_provider_test.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azure_provider_test.go
@@ -1,12 +1,12 @@
 package microsoftazure_test
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azad"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/policytestsupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azad"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/policytestsupport"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"log"
@@ -155,11 +155,11 @@ func TestSetPolicy_withInvalidArguments(t *testing.T) {
 	status, err := azureProvider.SetPolicyInfo(
 		orchestrator.IntegrationInfo{Name: "azure", Key: key},
 		orchestrator.ApplicationInfo{Name: "anAppName", Description: "anAppId"},
-		[]policysupport.PolicyInfo{{
-			Meta:    policysupport.MetaInfo{Version: "0"},
-			Actions: []policysupport.ActionInfo{{"azure:anAppRoleId"}},
-			Subject: policysupport.SubjectInfo{Members: []string{"aPrincipalId:aPrincipalDisplayName", "yetAnotherPrincipalId:yetAnotherPrincipalDisplayName", "andAnotherPrincipalId:andAnotherPrincipalDisplayName"}},
-			Object: policysupport.ObjectInfo{
+		[]hexapolicy.PolicyInfo{{
+			Meta:    hexapolicy.MetaInfo{Version: "0"},
+			Actions: []hexapolicy.ActionInfo{{"azure:anAppRoleId"}},
+			Subject: hexapolicy.SubjectInfo{Members: []string{"aPrincipalId:aPrincipalDisplayName", "yetAnotherPrincipalId:yetAnotherPrincipalDisplayName", "andAnotherPrincipalId:andAnotherPrincipalDisplayName"}},
+			Object: hexapolicy.ObjectInfo{
 				ResourceID: "anObjectId",
 			},
 		}})
@@ -170,11 +170,11 @@ func TestSetPolicy_withInvalidArguments(t *testing.T) {
 	status, err = azureProvider.SetPolicyInfo(
 		orchestrator.IntegrationInfo{Name: "azure", Key: key},
 		orchestrator.ApplicationInfo{ObjectID: "anObjectId", Name: "anAppName", Description: "aDescription"},
-		[]policysupport.PolicyInfo{{
-			Meta:    policysupport.MetaInfo{Version: "0"},
-			Actions: []policysupport.ActionInfo{{"azure:anAppRoleId"}},
-			Subject: policysupport.SubjectInfo{Members: []string{"aPrincipalId:aPrincipalDisplayName", "yetAnotherPrincipalId:yetAnotherPrincipalDisplayName", "andAnotherPrincipalId:andAnotherPrincipalDisplayName"}},
-			Object:  policysupport.ObjectInfo{},
+		[]hexapolicy.PolicyInfo{{
+			Meta:    hexapolicy.MetaInfo{Version: "0"},
+			Actions: []hexapolicy.ActionInfo{{"azure:anAppRoleId"}},
+			Subject: hexapolicy.SubjectInfo{Members: []string{"aPrincipalId:aPrincipalDisplayName", "yetAnotherPrincipalId:yetAnotherPrincipalDisplayName", "andAnotherPrincipalId:andAnotherPrincipalDisplayName"}},
+			Object:  hexapolicy.ObjectInfo{},
 		}})
 
 	assert.Equal(t, http.StatusInternalServerError, status)
@@ -195,12 +195,12 @@ func TestSetPolicy_IgnoresAllPrincipalIdsNotFound(t *testing.T) {
 	status, err := p.SetPolicyInfo(
 		orchestrator.IntegrationInfo{Name: "azure", Key: key},
 		orchestrator.ApplicationInfo{ObjectID: "anObjectId", Name: "anAppName", Description: appId},
-		[]policysupport.PolicyInfo{{
-			Meta:    policysupport.MetaInfo{Version: "0"},
-			Actions: []policysupport.ActionInfo{{"azure:" + policytestsupport.ActionGetHrUs}},
-			Subject: policysupport.SubjectInfo{Members: []string{"user:" + policytestsupport.UserEmailGetHrUs,
+		[]hexapolicy.PolicyInfo{{
+			Meta:    hexapolicy.MetaInfo{Version: "0"},
+			Actions: []hexapolicy.ActionInfo{{"azure:" + policytestsupport.ActionGetHrUs}},
+			Subject: hexapolicy.SubjectInfo{Members: []string{"user:" + policytestsupport.UserEmailGetHrUs,
 				"user:" + policytestsupport.UserEmailGetProfile}},
-			Object: policysupport.ObjectInfo{
+			Object: hexapolicy.ObjectInfo{
 				ResourceID: policytestsupport.PolicyObjectResourceId,
 			},
 		}})
@@ -225,12 +225,12 @@ func TestSetPolicy_IgnoresAnyNotFoundPrincipalId(t *testing.T) {
 	status, err := p.SetPolicyInfo(
 		orchestrator.IntegrationInfo{Name: "azure", Key: key},
 		orchestrator.ApplicationInfo{ObjectID: "anObjectId", Name: "anAppName", Description: appId},
-		[]policysupport.PolicyInfo{{
-			Meta:    policysupport.MetaInfo{Version: "0"},
-			Actions: []policysupport.ActionInfo{{"azure:" + policytestsupport.ActionGetHrUs}},
-			Subject: policysupport.SubjectInfo{Members: []string{"user:" + policytestsupport.UserEmailGetHrUs,
+		[]hexapolicy.PolicyInfo{{
+			Meta:    hexapolicy.MetaInfo{Version: "0"},
+			Actions: []hexapolicy.ActionInfo{{"azure:" + policytestsupport.ActionGetHrUs}},
+			Subject: hexapolicy.SubjectInfo{Members: []string{"user:" + policytestsupport.UserEmailGetHrUs,
 				"user:" + policytestsupport.UserEmailGetProfile}},
-			Object: policysupport.ObjectInfo{
+			Object: hexapolicy.ObjectInfo{
 				ResourceID: policytestsupport.PolicyObjectResourceId,
 			},
 		}})
@@ -251,14 +251,14 @@ func TestSetPolicy_AddAssignment_IgnoresInvalidAction(t *testing.T) {
 	status, err := p.SetPolicyInfo(
 		orchestrator.IntegrationInfo{Name: "azure", Key: key},
 		orchestrator.ApplicationInfo{ObjectID: "anObjectId", Name: "anAppName", Description: appId},
-		[]policysupport.PolicyInfo{{
-			Meta:    policysupport.MetaInfo{Version: "0"},
-			Actions: []policysupport.ActionInfo{{"azure:GET/not_defined"}},
-			Subject: policysupport.SubjectInfo{
+		[]hexapolicy.PolicyInfo{{
+			Meta:    hexapolicy.MetaInfo{Version: "0"},
+			Actions: []hexapolicy.ActionInfo{{"azure:GET/not_defined"}},
+			Subject: hexapolicy.SubjectInfo{
 				Members: []string{
 					"user:" + policytestsupport.UserEmailGetHrUs,
 					"user:" + policytestsupport.UserEmailGetProfile}},
-			Object: policysupport.ObjectInfo{
+			Object: hexapolicy.ObjectInfo{
 				ResourceID: policytestsupport.PolicyObjectResourceId,
 			},
 		}})
@@ -281,11 +281,11 @@ func TestSetPolicy(t *testing.T) {
 	status, err := p.SetPolicyInfo(
 		orchestrator.IntegrationInfo{Name: "azure", Key: key},
 		orchestrator.ApplicationInfo{ObjectID: "anObjectId", Name: "anAppName", Description: appId},
-		[]policysupport.PolicyInfo{{
-			Meta:    policysupport.MetaInfo{Version: "0"},
-			Actions: []policysupport.ActionInfo{{"azure:" + policytestsupport.ActionGetHrUs}},
-			Subject: policysupport.SubjectInfo{Members: []string{"user:" + policytestsupport.UserEmailGetHrUs}},
-			Object: policysupport.ObjectInfo{
+		[]hexapolicy.PolicyInfo{{
+			Meta:    hexapolicy.MetaInfo{Version: "0"},
+			Actions: []hexapolicy.ActionInfo{{"azure:" + policytestsupport.ActionGetHrUs}},
+			Subject: hexapolicy.SubjectInfo{Members: []string{"user:" + policytestsupport.UserEmailGetHrUs}},
+			Object: hexapolicy.ObjectInfo{
 				ResourceID: policytestsupport.PolicyObjectResourceId,
 			},
 		}})
@@ -308,11 +308,11 @@ func TestSetPolicy_RemovedAllMembers_FromOnePolicy(t *testing.T) {
 	status, err := p.SetPolicyInfo(
 		orchestrator.IntegrationInfo{Name: "azure", Key: key},
 		orchestrator.ApplicationInfo{ObjectID: "anObjectId", Name: "anAppName", Description: appId},
-		[]policysupport.PolicyInfo{{
-			Meta:    policysupport.MetaInfo{Version: "0"},
-			Actions: []policysupport.ActionInfo{{"azure:" + policytestsupport.ActionGetHrUs}},
-			Subject: policysupport.SubjectInfo{Members: []string{}},
-			Object: policysupport.ObjectInfo{
+		[]hexapolicy.PolicyInfo{{
+			Meta:    hexapolicy.MetaInfo{Version: "0"},
+			Actions: []hexapolicy.ActionInfo{{"azure:" + policytestsupport.ActionGetHrUs}},
+			Subject: hexapolicy.SubjectInfo{Members: []string{}},
+			Object: hexapolicy.ObjectInfo{
 				ResourceID: policytestsupport.PolicyObjectResourceId,
 			},
 		}})
@@ -337,20 +337,20 @@ func TestSetPolicy_RemovedAllMembers_FromAllPolicies(t *testing.T) {
 	status, err := p.SetPolicyInfo(
 		orchestrator.IntegrationInfo{Name: "azure", Key: key},
 		orchestrator.ApplicationInfo{ObjectID: "anObjectId", Name: "anAppName", Description: appId},
-		[]policysupport.PolicyInfo{
+		[]hexapolicy.PolicyInfo{
 			{
-				Meta:    policysupport.MetaInfo{Version: "0"},
-				Actions: []policysupport.ActionInfo{{"azure:" + policytestsupport.ActionGetHrUs}},
-				Subject: policysupport.SubjectInfo{Members: []string{}},
-				Object: policysupport.ObjectInfo{
+				Meta:    hexapolicy.MetaInfo{Version: "0"},
+				Actions: []hexapolicy.ActionInfo{{"azure:" + policytestsupport.ActionGetHrUs}},
+				Subject: hexapolicy.SubjectInfo{Members: []string{}},
+				Object: hexapolicy.ObjectInfo{
 					ResourceID: policytestsupport.PolicyObjectResourceId,
 				},
 			},
 			{
-				Meta:    policysupport.MetaInfo{Version: "0"},
-				Actions: []policysupport.ActionInfo{{"azure:" + policytestsupport.ActionGetProfile}},
-				Subject: policysupport.SubjectInfo{Members: []string{}},
-				Object: policysupport.ObjectInfo{
+				Meta:    hexapolicy.MetaInfo{Version: "0"},
+				Actions: []hexapolicy.ActionInfo{{"azure:" + policytestsupport.ActionGetProfile}},
+				Subject: hexapolicy.SubjectInfo{Members: []string{}},
+				Object: hexapolicy.ObjectInfo{
 					ResourceID: policytestsupport.PolicyObjectResourceId,
 				},
 			},
@@ -377,20 +377,20 @@ func TestSetPolicy_MultipleAppRolePolicies(t *testing.T) {
 	status, err := p.SetPolicyInfo(
 		orchestrator.IntegrationInfo{Name: "azure", Key: key},
 		orchestrator.ApplicationInfo{ObjectID: "anObjectId", Name: "anAppName", Description: appId},
-		[]policysupport.PolicyInfo{
+		[]hexapolicy.PolicyInfo{
 			{
-				Meta:    policysupport.MetaInfo{Version: "0"},
-				Actions: []policysupport.ActionInfo{{"azure:" + policytestsupport.ActionGetHrUs}},
-				Subject: policysupport.SubjectInfo{Members: []string{"user:" + policytestsupport.UserEmailGetHrUs}},
-				Object: policysupport.ObjectInfo{
+				Meta:    hexapolicy.MetaInfo{Version: "0"},
+				Actions: []hexapolicy.ActionInfo{{"azure:" + policytestsupport.ActionGetHrUs}},
+				Subject: hexapolicy.SubjectInfo{Members: []string{"user:" + policytestsupport.UserEmailGetHrUs}},
+				Object: hexapolicy.ObjectInfo{
 					ResourceID: policytestsupport.PolicyObjectResourceId,
 				},
 			},
 			{
-				Meta:    policysupport.MetaInfo{Version: "0"},
-				Actions: []policysupport.ActionInfo{{"azure:" + policytestsupport.ActionGetProfile}},
-				Subject: policysupport.SubjectInfo{Members: []string{"user:" + policytestsupport.UserEmailGetProfile}},
-				Object: policysupport.ObjectInfo{
+				Meta:    hexapolicy.MetaInfo{Version: "0"},
+				Actions: []hexapolicy.ActionInfo{{"azure:" + policytestsupport.ActionGetProfile}},
+				Subject: hexapolicy.SubjectInfo{Members: []string{"user:" + policytestsupport.UserEmailGetProfile}},
+				Object: hexapolicy.ObjectInfo{
 					ResourceID: policytestsupport.PolicyObjectResourceId,
 				},
 			},
diff --git a/internal/orchestratorproviders/microsoftazure/azurecommon/azure_credentials_support.go b/demo/internal/orchestratorproviders/microsoftazure/azurecommon/azure_credentials_support.go
similarity index 100%
rename from internal/orchestratorproviders/microsoftazure/azurecommon/azure_credentials_support.go
rename to demo/internal/orchestratorproviders/microsoftazure/azurecommon/azure_credentials_support.go
diff --git a/internal/orchestratorproviders/microsoftazure/azurecommon/azure_credentials_support_test.go b/demo/internal/orchestratorproviders/microsoftazure/azurecommon/azure_credentials_support_test.go
similarity index 85%
rename from internal/orchestratorproviders/microsoftazure/azurecommon/azure_credentials_support_test.go
rename to demo/internal/orchestratorproviders/microsoftazure/azurecommon/azure_credentials_support_test.go
index 5fc88969..04cdc39a 100644
--- a/internal/orchestratorproviders/microsoftazure/azurecommon/azure_credentials_support_test.go
+++ b/demo/internal/orchestratorproviders/microsoftazure/azurecommon/azure_credentials_support_test.go
@@ -1,8 +1,8 @@
 package azurecommon_test
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azurecommon"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azurecommon"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport"
 	"github.com/stretchr/testify/assert"
 	"net/http"
 	"testing"
diff --git a/internal/orchestratorproviders/microsoftazure/azurecommon/azure_http_client.go b/demo/internal/orchestratorproviders/microsoftazure/azurecommon/azure_http_client.go
similarity index 100%
rename from internal/orchestratorproviders/microsoftazure/azurecommon/azure_http_client.go
rename to demo/internal/orchestratorproviders/microsoftazure/azurecommon/azure_http_client.go
diff --git a/internal/orchestratorproviders/microsoftazure/azurecommon/http_response_error_support.go b/demo/internal/orchestratorproviders/microsoftazure/azurecommon/http_response_error_support.go
similarity index 100%
rename from internal/orchestratorproviders/microsoftazure/azurecommon/http_response_error_support.go
rename to demo/internal/orchestratorproviders/microsoftazure/azurecommon/http_response_error_support.go
diff --git a/internal/orchestratorproviders/openpolicyagent/aws_bundle_client.go b/demo/internal/orchestratorproviders/openpolicyagent/aws_bundle_client.go
similarity index 91%
rename from internal/orchestratorproviders/openpolicyagent/aws_bundle_client.go
rename to demo/internal/orchestratorproviders/openpolicyagent/aws_bundle_client.go
index a1b6c5ea..a827f77b 100644
--- a/internal/orchestratorproviders/openpolicyagent/aws_bundle_client.go
+++ b/demo/internal/orchestratorproviders/openpolicyagent/aws_bundle_client.go
@@ -4,11 +4,11 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awscommon"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/s3"
-	"github.com/hexa-org/policy-orchestrator/pkg/compressionsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/compressionsupport"
 
 	"net/http"
 	"os"
diff --git a/internal/orchestratorproviders/openpolicyagent/aws_bundle_client_test.go b/demo/internal/orchestratorproviders/openpolicyagent/aws_bundle_client_test.go
similarity index 93%
rename from internal/orchestratorproviders/openpolicyagent/aws_bundle_client_test.go
rename to demo/internal/orchestratorproviders/openpolicyagent/aws_bundle_client_test.go
index 25a563c1..9bfdde93 100644
--- a/internal/orchestratorproviders/openpolicyagent/aws_bundle_client_test.go
+++ b/demo/internal/orchestratorproviders/openpolicyagent/aws_bundle_client_test.go
@@ -3,7 +3,7 @@ package openpolicyagent_test
 import (
 	"bytes"
 	"fmt"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awscommon"
 	"math/rand"
 	"net/http"
 	"path/filepath"
@@ -11,9 +11,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/openpolicyagent"
-	"github.com/hexa-org/policy-orchestrator/pkg/compressionsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/openpolicyagent"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/compressionsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/internal/orchestratorproviders/openpolicyagent/gcp_bundle_client.go b/demo/internal/orchestratorproviders/openpolicyagent/gcp_bundle_client.go
similarity index 98%
rename from internal/orchestratorproviders/openpolicyagent/gcp_bundle_client.go
rename to demo/internal/orchestratorproviders/openpolicyagent/gcp_bundle_client.go
index 2f736cff..82ac11d7 100644
--- a/internal/orchestratorproviders/openpolicyagent/gcp_bundle_client.go
+++ b/demo/internal/orchestratorproviders/openpolicyagent/gcp_bundle_client.go
@@ -7,7 +7,7 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/compressionsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/compressionsupport"
 
 	"log"
 	"net/http"
diff --git a/internal/orchestratorproviders/openpolicyagent/gcp_bundle_client_test.go b/demo/internal/orchestratorproviders/openpolicyagent/gcp_bundle_client_test.go
similarity index 96%
rename from internal/orchestratorproviders/openpolicyagent/gcp_bundle_client_test.go
rename to demo/internal/orchestratorproviders/openpolicyagent/gcp_bundle_client_test.go
index 1e450ac1..e90d0dcb 100644
--- a/internal/orchestratorproviders/openpolicyagent/gcp_bundle_client_test.go
+++ b/demo/internal/orchestratorproviders/openpolicyagent/gcp_bundle_client_test.go
@@ -5,8 +5,8 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/openpolicyagent"
-	"github.com/hexa-org/policy-orchestrator/pkg/compressionsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/openpolicyagent"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/compressionsupport"
 
 	"math/rand"
 	"net/http"
@@ -16,7 +16,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
 	assert "github.com/stretchr/testify/require"
 )
 
diff --git a/internal/orchestratorproviders/openpolicyagent/github_bundle_client.go b/demo/internal/orchestratorproviders/openpolicyagent/github_bundle_client.go
similarity index 98%
rename from internal/orchestratorproviders/openpolicyagent/github_bundle_client.go
rename to demo/internal/orchestratorproviders/openpolicyagent/github_bundle_client.go
index 9ed7478d..d6ebb076 100644
--- a/internal/orchestratorproviders/openpolicyagent/github_bundle_client.go
+++ b/demo/internal/orchestratorproviders/openpolicyagent/github_bundle_client.go
@@ -13,7 +13,7 @@ import (
 	"time"
 
 	"github.com/go-playground/validator/v10"
-	"github.com/hexa-org/policy-orchestrator/pkg/compressionsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/compressionsupport"
 	"gopkg.in/square/go-jose.v2/json"
 )
 
diff --git a/internal/orchestratorproviders/openpolicyagent/github_bundle_client_test.go b/demo/internal/orchestratorproviders/openpolicyagent/github_bundle_client_test.go
similarity index 97%
rename from internal/orchestratorproviders/openpolicyagent/github_bundle_client_test.go
rename to demo/internal/orchestratorproviders/openpolicyagent/github_bundle_client_test.go
index 72571745..cb18b552 100644
--- a/internal/orchestratorproviders/openpolicyagent/github_bundle_client_test.go
+++ b/demo/internal/orchestratorproviders/openpolicyagent/github_bundle_client_test.go
@@ -12,9 +12,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/openpolicyagent"
-	"github.com/hexa-org/policy-orchestrator/pkg/compressionsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/openpolicyagent"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/compressionsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/internal/orchestratorproviders/openpolicyagent/http_bundle_client.go b/demo/internal/orchestratorproviders/openpolicyagent/http_bundle_client.go
similarity index 95%
rename from internal/orchestratorproviders/openpolicyagent/http_bundle_client.go
rename to demo/internal/orchestratorproviders/openpolicyagent/http_bundle_client.go
index dcdd1e3f..8fa1e1cd 100644
--- a/internal/orchestratorproviders/openpolicyagent/http_bundle_client.go
+++ b/demo/internal/orchestratorproviders/openpolicyagent/http_bundle_client.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"fmt"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/compressionsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/compressionsupport"
 
 	"io"
 	"mime/multipart"
diff --git a/internal/orchestratorproviders/openpolicyagent/http_bundle_client_test.go b/demo/internal/orchestratorproviders/openpolicyagent/http_bundle_client_test.go
similarity index 93%
rename from internal/orchestratorproviders/openpolicyagent/http_bundle_client_test.go
rename to demo/internal/orchestratorproviders/openpolicyagent/http_bundle_client_test.go
index ec8f40f9..6da3ff28 100644
--- a/internal/orchestratorproviders/openpolicyagent/http_bundle_client_test.go
+++ b/demo/internal/orchestratorproviders/openpolicyagent/http_bundle_client_test.go
@@ -5,8 +5,8 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/openpolicyagent"
-	"github.com/hexa-org/policy-orchestrator/pkg/compressionsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/openpolicyagent"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/compressionsupport"
 
 	"math/rand"
 	"os"
@@ -15,7 +15,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/internal/orchestratorproviders/openpolicyagent/opa_policy_test.go b/demo/internal/orchestratorproviders/openpolicyagent/opa_policy_test.go
similarity index 97%
rename from internal/orchestratorproviders/openpolicyagent/opa_policy_test.go
rename to demo/internal/orchestratorproviders/openpolicyagent/opa_policy_test.go
index fef039e8..67f01cd3 100644
--- a/internal/orchestratorproviders/openpolicyagent/opa_policy_test.go
+++ b/demo/internal/orchestratorproviders/openpolicyagent/opa_policy_test.go
@@ -2,7 +2,7 @@ package openpolicyagent_test
 
 import (
 	"bytes"
-	"github.com/hexa-org/policy-orchestrator/internal/decisionsupportproviders"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/decisionsupportproviders"
 	"log"
 	"net/http"
 	"os"
diff --git a/internal/orchestratorproviders/openpolicyagent/opa_provider.go b/demo/internal/orchestratorproviders/openpolicyagent/opa_provider.go
similarity index 90%
rename from internal/orchestratorproviders/openpolicyagent/opa_provider.go
rename to demo/internal/orchestratorproviders/openpolicyagent/opa_provider.go
index 098e23f9..fae6914b 100644
--- a/internal/orchestratorproviders/openpolicyagent/opa_provider.go
+++ b/demo/internal/orchestratorproviders/openpolicyagent/opa_provider.go
@@ -7,11 +7,11 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/amazonwebservices/awscommon"
 
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/compressionsupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/compressionsupport"
 
 	"io/ioutil"
 	"log"
@@ -85,7 +85,7 @@ type Object struct {
 	ResourceID string `json:"resource_id"`
 }
 
-func (o *OpaProvider) GetPolicyInfo(integration orchestrator.IntegrationInfo, appInfo orchestrator.ApplicationInfo) ([]policysupport.PolicyInfo, error) {
+func (o *OpaProvider) GetPolicyInfo(integration orchestrator.IntegrationInfo, appInfo orchestrator.ApplicationInfo) ([]hexapolicy.PolicyInfo, error) {
 	key := integration.Key
 	client, err := o.ConfigureClient(key)
 	if err != nil {
@@ -106,19 +106,19 @@ func (o *OpaProvider) GetPolicyInfo(integration orchestrator.IntegrationInfo, ap
 		return nil, unmarshalErr
 	}
 
-	var hexaPolicies []policysupport.PolicyInfo
+	var hexaPolicies []hexapolicy.PolicyInfo
 	for _, p := range policies.Policies {
-		var actions []policysupport.ActionInfo
+		var actions []hexapolicy.ActionInfo
 		for _, a := range p.Actions {
-			actions = append(actions, policysupport.ActionInfo{ActionUri: a.ActionUri})
+			actions = append(actions, hexapolicy.ActionInfo{ActionUri: a.ActionUri})
 		}
-		hexaPolicies = append(hexaPolicies, policysupport.PolicyInfo{
-			Meta:    policysupport.MetaInfo{Version: p.Meta.Version},
+		hexaPolicies = append(hexaPolicies, hexapolicy.PolicyInfo{
+			Meta:    hexapolicy.MetaInfo{Version: p.Meta.Version},
 			Actions: actions,
-			Subject: policysupport.SubjectInfo{
+			Subject: hexapolicy.SubjectInfo{
 				Members: p.Subject.Members,
 			},
-			Object: policysupport.ObjectInfo{
+			Object: hexapolicy.ObjectInfo{
 				ResourceID: appInfo.ObjectID, // todo - for now, ensures the correct resource identifier
 			},
 		})
@@ -126,7 +126,7 @@ func (o *OpaProvider) GetPolicyInfo(integration orchestrator.IntegrationInfo, ap
 	return hexaPolicies, nil
 }
 
-func (o *OpaProvider) SetPolicyInfo(integration orchestrator.IntegrationInfo, appInfo orchestrator.ApplicationInfo, policyInfos []policysupport.PolicyInfo) (int, error) {
+func (o *OpaProvider) SetPolicyInfo(integration orchestrator.IntegrationInfo, appInfo orchestrator.ApplicationInfo, policyInfos []hexapolicy.PolicyInfo) (int, error) {
 	validate := validator.New() // todo - move this up?
 	errApp := validate.Struct(appInfo)
 	if errApp != nil {
diff --git a/internal/orchestratorproviders/openpolicyagent/opa_provider_test.go b/demo/internal/orchestratorproviders/openpolicyagent/opa_provider_test.go
similarity index 91%
rename from internal/orchestratorproviders/openpolicyagent/opa_provider_test.go
rename to demo/internal/orchestratorproviders/openpolicyagent/opa_provider_test.go
index 13926dc8..a240c589 100644
--- a/internal/orchestratorproviders/openpolicyagent/opa_provider_test.go
+++ b/demo/internal/orchestratorproviders/openpolicyagent/opa_provider_test.go
@@ -8,11 +8,11 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/openpolicyagent"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/openpolicyagent/test"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/compressionsupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/openpolicyagent"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/openpolicyagent/test"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/compressionsupport"
 
 	"io/ioutil"
 	"math/rand"
@@ -298,8 +298,8 @@ func TestSetPolicyInfo(t *testing.T) {
 	status, err := p.SetPolicyInfo(
 		orchestrator.IntegrationInfo{Name: "open_policy_agent", Key: key},
 		orchestrator.ApplicationInfo{ObjectID: "anotherResourceId"},
-		[]policysupport.PolicyInfo{
-			{Meta: policysupport.MetaInfo{Version: "0.5"}, Actions: []policysupport.ActionInfo{{"http:GET"}}, Subject: policysupport.SubjectInfo{Members: []string{"allusers"}}, Object: policysupport.ObjectInfo{
+		[]hexapolicy.PolicyInfo{
+			{Meta: hexapolicy.MetaInfo{Version: "0.5"}, Actions: []hexapolicy.ActionInfo{{"http:GET"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"allusers"}}, Object: hexapolicy.ObjectInfo{
 				ResourceID: "aResourceId",
 			}},
 		},
@@ -330,7 +330,7 @@ func TestSetPolicyInfo_withInvalidArguments(t *testing.T) {
 	status, err := p.SetPolicyInfo(
 		orchestrator.IntegrationInfo{Name: "open_policy_agent", Key: key},
 		orchestrator.ApplicationInfo{},
-		[]policysupport.PolicyInfo{},
+		[]hexapolicy.PolicyInfo{},
 	)
 
 	assert.Equal(t, 500, status)
@@ -339,9 +339,9 @@ func TestSetPolicyInfo_withInvalidArguments(t *testing.T) {
 	status, err = p.SetPolicyInfo(
 		orchestrator.IntegrationInfo{Name: "open_policy_agent", Key: key},
 		orchestrator.ApplicationInfo{ObjectID: "aResourceId"},
-		[]policysupport.PolicyInfo{
+		[]hexapolicy.PolicyInfo{
 			{
-				Actions: []policysupport.ActionInfo{{"http:GET"}}, Subject: policysupport.SubjectInfo{Members: []string{"allusers"}}, Object: policysupport.ObjectInfo{
+				Actions: []hexapolicy.ActionInfo{{"http:GET"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"allusers"}}, Object: hexapolicy.ObjectInfo{
 					ResourceID: "aResourceId",
 				}},
 		},
@@ -357,7 +357,7 @@ func TestSetPolicyInfo_withInvalidArguments(t *testing.T) {
 	status, err = p.SetPolicyInfo(
 		orchestrator.IntegrationInfo{Name: "open_policy_agent", Key: key},
 		orchestrator.ApplicationInfo{ObjectID: "anObjectID"},
-		[]policysupport.PolicyInfo{},
+		[]hexapolicy.PolicyInfo{},
 	)
 
 	assert.Equal(t, 500, status)
@@ -391,8 +391,8 @@ func TestSetPolicyInfo_WithHTTPSBundleServer(t *testing.T) {
 	status, err := p.SetPolicyInfo(
 		orchestrator.IntegrationInfo{Name: "open_policy_agent", Key: key},
 		orchestrator.ApplicationInfo{ObjectID: "aResourceId"},
-		[]policysupport.PolicyInfo{
-			{Meta: policysupport.MetaInfo{Version: "0.5"}, Actions: []policysupport.ActionInfo{{"http:GET"}}, Subject: policysupport.SubjectInfo{Members: []string{"allusers"}}, Object: policysupport.ObjectInfo{
+		[]hexapolicy.PolicyInfo{
+			{Meta: hexapolicy.MetaInfo{Version: "0.5"}, Actions: []hexapolicy.ActionInfo{{"http:GET"}}, Subject: hexapolicy.SubjectInfo{Members: []string{"allusers"}}, Object: hexapolicy.ObjectInfo{
 				ResourceID: "aResourceId",
 			}},
 		},
diff --git a/internal/orchestratorproviders/openpolicyagent/resources/bundles/bundle/.manifest b/demo/internal/orchestratorproviders/openpolicyagent/resources/bundles/bundle/.manifest
similarity index 100%
rename from internal/orchestratorproviders/openpolicyagent/resources/bundles/bundle/.manifest
rename to demo/internal/orchestratorproviders/openpolicyagent/resources/bundles/bundle/.manifest
diff --git a/internal/orchestratorproviders/openpolicyagent/resources/bundles/bundle/data.json b/demo/internal/orchestratorproviders/openpolicyagent/resources/bundles/bundle/data.json
similarity index 100%
rename from internal/orchestratorproviders/openpolicyagent/resources/bundles/bundle/data.json
rename to demo/internal/orchestratorproviders/openpolicyagent/resources/bundles/bundle/data.json
diff --git a/internal/orchestratorproviders/openpolicyagent/resources/bundles/bundle/policy.rego b/demo/internal/orchestratorproviders/openpolicyagent/resources/bundles/bundle/policy.rego
similarity index 100%
rename from internal/orchestratorproviders/openpolicyagent/resources/bundles/bundle/policy.rego
rename to demo/internal/orchestratorproviders/openpolicyagent/resources/bundles/bundle/policy.rego
diff --git a/internal/orchestratorproviders/openpolicyagent/test/mock_client.go b/demo/internal/orchestratorproviders/openpolicyagent/test/mock_client.go
similarity index 100%
rename from internal/orchestratorproviders/openpolicyagent/test/mock_client.go
rename to demo/internal/orchestratorproviders/openpolicyagent/test/mock_client.go
diff --git a/internal/orchestratorproviders/providerscommon/policy_transformer.go b/demo/internal/orchestratorproviders/providerscommon/policy_transformer.go
similarity index 63%
rename from internal/orchestratorproviders/providerscommon/policy_transformer.go
rename to demo/internal/orchestratorproviders/providerscommon/policy_transformer.go
index 3c73cc3d..14babc91 100644
--- a/internal/orchestratorproviders/providerscommon/policy_transformer.go
+++ b/demo/internal/orchestratorproviders/providerscommon/policy_transformer.go
@@ -1,8 +1,8 @@
 package providerscommon
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/functionalsupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/functionalsupport"
 	"golang.org/x/exp/slices"
 	log "golang.org/x/exp/slog"
 	"sort"
@@ -11,17 +11,17 @@ import (
 
 const ActionUriPrefix = "http:"
 
-func BuildPolicies(resourceActionRolesList []ResourceActionRoles) []policysupport.PolicyInfo {
-	policies := make([]policysupport.PolicyInfo, 0)
+func BuildPolicies(resourceActionRolesList []ResourceActionRoles) []hexapolicy.PolicyInfo {
+	policies := make([]hexapolicy.PolicyInfo, 0)
 	for _, one := range resourceActionRolesList {
 		httpMethod := one.Action
 		roles := one.Roles
 		slices.Sort(roles)
-		policies = append(policies, policysupport.PolicyInfo{
-			Meta:    policysupport.MetaInfo{Version: "0.5"},
-			Actions: []policysupport.ActionInfo{{ActionUriPrefix + httpMethod}},
-			Subject: policysupport.SubjectInfo{Members: roles},
-			Object:  policysupport.ObjectInfo{ResourceID: one.Resource},
+		policies = append(policies, hexapolicy.PolicyInfo{
+			Meta:    hexapolicy.MetaInfo{Version: "0.5"},
+			Actions: []hexapolicy.ActionInfo{{ActionUriPrefix + httpMethod}},
+			Subject: hexapolicy.SubjectInfo{Members: roles},
+			Object:  hexapolicy.ObjectInfo{ResourceID: one.Resource},
 		})
 	}
 
@@ -29,9 +29,9 @@ func BuildPolicies(resourceActionRolesList []ResourceActionRoles) []policysuppor
 	return policies
 }
 
-func FlattenPolicy(origPolicies []policysupport.PolicyInfo) []policysupport.PolicyInfo {
+func FlattenPolicy(origPolicies []hexapolicy.PolicyInfo) []hexapolicy.PolicyInfo {
 
-	resActionPolicyMap := make(map[string]policysupport.PolicyInfo)
+	resActionPolicyMap := make(map[string]hexapolicy.PolicyInfo)
 	for _, pol := range origPolicies {
 		resource := pol.Object.ResourceID
 		if resource == "" {
@@ -50,18 +50,18 @@ func FlattenPolicy(origPolicies []policysupport.PolicyInfo) []policysupport.Poli
 				existingMembers = matchingPolicy.Subject.Members
 			}
 			newMembers := CompactMembers(existingMembers, pol.Subject.Members)
-			newPol := policysupport.PolicyInfo{
-				Meta:    policysupport.MetaInfo{Version: "0.5"},
-				Actions: []policysupport.ActionInfo{{ActionUri: act.ActionUri}},
-				Subject: policysupport.SubjectInfo{Members: newMembers},
-				Object:  policysupport.ObjectInfo{ResourceID: resource},
+			newPol := hexapolicy.PolicyInfo{
+				Meta:    hexapolicy.MetaInfo{Version: "0.5"},
+				Actions: []hexapolicy.ActionInfo{{ActionUri: act.ActionUri}},
+				Subject: hexapolicy.SubjectInfo{Members: newMembers},
+				Object:  hexapolicy.ObjectInfo{ResourceID: resource},
 			}
 
 			resActionPolicyMap[lookupKey] = newPol
 		}
 	}
 
-	flat := make([]policysupport.PolicyInfo, 0)
+	flat := make([]hexapolicy.PolicyInfo, 0)
 	for _, pol := range resActionPolicyMap {
 		flat = append(flat, pol)
 	}
@@ -70,7 +70,7 @@ func FlattenPolicy(origPolicies []policysupport.PolicyInfo) []policysupport.Poli
 	return flat
 }
 
-func CompactActions(existing, new []policysupport.ActionInfo) []policysupport.ActionInfo {
+func CompactActions(existing, new []hexapolicy.ActionInfo) []hexapolicy.ActionInfo {
 	actionUris := make([]string, 0)
 	for _, act := range existing {
 		actionUris = append(actionUris, act.ActionUri)
@@ -80,9 +80,9 @@ func CompactActions(existing, new []policysupport.ActionInfo) []policysupport.Ac
 	}
 	actionUris = functionalsupport.SortCompact(actionUris)
 
-	actionInfos := make([]policysupport.ActionInfo, 0)
+	actionInfos := make([]hexapolicy.ActionInfo, 0)
 	for _, uri := range actionUris {
-		actionInfos = append(actionInfos, policysupport.ActionInfo{
+		actionInfos = append(actionInfos, hexapolicy.ActionInfo{
 			ActionUri: uri,
 		})
 	}
@@ -96,7 +96,7 @@ func CompactMembers(existing, new []string) []string {
 	return functionalsupport.SortCompact(compacted)
 }
 
-func sortPolicies(policies []policysupport.PolicyInfo) {
+func sortPolicies(policies []hexapolicy.PolicyInfo) {
 	sort.SliceStable(policies, func(i, j int) bool {
 		resComp := strings.Compare(policies[i].Object.ResourceID, policies[j].Object.ResourceID)
 		actComp := strings.Compare(policies[i].Actions[0].ActionUri, policies[j].Actions[0].ActionUri)
@@ -115,12 +115,12 @@ func sortPolicies(policies []policysupport.PolicyInfo) {
 // If multiple PolicyInfo elements exist for a given resource, these are merged
 // This ensures downstream functions do not have to deal with multiple policies for same resource.
 // Also filters out any empty strings or duplicates in members or actions
-func ResourcePolicyMap(origPolicies []policysupport.PolicyInfo) map[string]policysupport.PolicyInfo {
-	resPolicyMap := make(map[string]policysupport.PolicyInfo)
+func ResourcePolicyMap(origPolicies []hexapolicy.PolicyInfo) map[string]hexapolicy.PolicyInfo {
+	resPolicyMap := make(map[string]hexapolicy.PolicyInfo)
 	for _, pol := range origPolicies {
 		resource := pol.Object.ResourceID
 
-		var existingActions []policysupport.ActionInfo
+		var existingActions []hexapolicy.ActionInfo
 		var existingMembers []string
 		if existing, exists := resPolicyMap[resource]; exists {
 			existingActions = existing.Actions
@@ -130,11 +130,11 @@ func ResourcePolicyMap(origPolicies []policysupport.PolicyInfo) map[string]polic
 		mergedActions := CompactActions(existingActions, pol.Actions)
 		newMembers := CompactMembers(existingMembers, pol.Subject.Members)
 
-		newPol := policysupport.PolicyInfo{
-			Meta:    policysupport.MetaInfo{Version: "0.5"},
+		newPol := hexapolicy.PolicyInfo{
+			Meta:    hexapolicy.MetaInfo{Version: "0.5"},
 			Actions: mergedActions,
-			Subject: policysupport.SubjectInfo{Members: newMembers},
-			Object:  policysupport.ObjectInfo{ResourceID: resource},
+			Subject: hexapolicy.SubjectInfo{Members: newMembers},
+			Object:  hexapolicy.ObjectInfo{ResourceID: resource},
 		}
 
 		resPolicyMap[resource] = newPol
diff --git a/internal/orchestratorproviders/providerscommon/policy_transformer_test.go b/demo/internal/orchestratorproviders/providerscommon/policy_transformer_test.go
similarity index 69%
rename from internal/orchestratorproviders/providerscommon/policy_transformer_test.go
rename to demo/internal/orchestratorproviders/providerscommon/policy_transformer_test.go
index 876ffcac..8f65bde3 100644
--- a/internal/orchestratorproviders/providerscommon/policy_transformer_test.go
+++ b/demo/internal/orchestratorproviders/providerscommon/policy_transformer_test.go
@@ -1,9 +1,9 @@
 package providerscommon_test
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/providerscommon"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/policytestsupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/providerscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/policytestsupport"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
@@ -42,13 +42,13 @@ func TestBuildPolicies(t *testing.T) {
 func TestCompactActions_NilEmpty(t *testing.T) {
 	tests := []struct {
 		name     string
-		existing []policysupport.ActionInfo
-		newOnes  []policysupport.ActionInfo
+		existing []hexapolicy.ActionInfo
+		newOnes  []hexapolicy.ActionInfo
 	}{
 		{name: "nils", existing: nil, newOnes: nil},
-		{name: "empties", existing: []policysupport.ActionInfo{}, newOnes: []policysupport.ActionInfo{}},
-		{name: "existing nil", existing: nil, newOnes: []policysupport.ActionInfo{}},
-		{name: "newOnes nil", existing: []policysupport.ActionInfo{}, newOnes: nil},
+		{name: "empties", existing: []hexapolicy.ActionInfo{}, newOnes: []hexapolicy.ActionInfo{}},
+		{name: "existing nil", existing: nil, newOnes: []hexapolicy.ActionInfo{}},
+		{name: "newOnes nil", existing: []hexapolicy.ActionInfo{}, newOnes: nil},
 	}
 
 	for _, tt := range tests {
@@ -61,7 +61,7 @@ func TestCompactActions_NilEmpty(t *testing.T) {
 }
 
 func TestCompactActions_AllWhitespace(t *testing.T) {
-	arr1 := []policysupport.ActionInfo{
+	arr1 := []hexapolicy.ActionInfo{
 		{ActionUri: ""}, {ActionUri: "   "}, {ActionUri: " "},
 	}
 	compacted := providerscommon.CompactActions(arr1, arr1)
@@ -70,49 +70,49 @@ func TestCompactActions_AllWhitespace(t *testing.T) {
 }
 
 func TestCompactActions_DuplicatesAndWhitespace(t *testing.T) {
-	arr1 := []policysupport.ActionInfo{
+	arr1 := []hexapolicy.ActionInfo{
 		{ActionUri: ""}, {ActionUri: "1one"}, {ActionUri: " "}, {ActionUri: "2two"}, {ActionUri: "3three"},
 	}
-	arr2 := []policysupport.ActionInfo{
+	arr2 := []hexapolicy.ActionInfo{
 		{ActionUri: ""}, {ActionUri: "1one"}, {ActionUri: " "}, {ActionUri: "2two"}, {ActionUri: "3three"},
 	}
 
 	compacted := providerscommon.CompactActions(arr1, arr2)
 	assert.NotNil(t, compacted)
-	assert.Equal(t, []policysupport.ActionInfo{
+	assert.Equal(t, []hexapolicy.ActionInfo{
 		{ActionUri: "1one"}, {ActionUri: "2two"}, {ActionUri: "3three"},
 	}, compacted)
 }
 
 func TestCompactActions_UniqueAndWhitespace(t *testing.T) {
-	arr1 := []policysupport.ActionInfo{
+	arr1 := []hexapolicy.ActionInfo{
 		{ActionUri: ""}, {ActionUri: "1one"}, {ActionUri: " "}, {ActionUri: "2two"}, {ActionUri: "3three"},
 	}
-	arr2 := []policysupport.ActionInfo{
+	arr2 := []hexapolicy.ActionInfo{
 		{ActionUri: ""}, {ActionUri: "4four"}, {ActionUri: " "}, {ActionUri: "5five"},
 	}
 
 	compacted := providerscommon.CompactActions(arr1, arr2)
 	assert.NotNil(t, compacted)
-	assert.Equal(t, []policysupport.ActionInfo{
+	assert.Equal(t, []hexapolicy.ActionInfo{
 		{ActionUri: "1one"}, {ActionUri: "2two"}, {ActionUri: "3three"}, {ActionUri: "4four"}, {ActionUri: "5five"},
 	}, compacted)
 }
 
 func TestCompactActions_OneEmptyNil(t *testing.T) {
-	arr := []policysupport.ActionInfo{
+	arr := []hexapolicy.ActionInfo{
 		{ActionUri: ""}, {ActionUri: "1one"}, {ActionUri: " "}, {ActionUri: "2two"}, {ActionUri: "3three"},
 	}
 
 	compacted := providerscommon.CompactActions(arr, nil)
 	assert.NotNil(t, compacted)
-	assert.Equal(t, []policysupport.ActionInfo{
+	assert.Equal(t, []hexapolicy.ActionInfo{
 		{ActionUri: "1one"}, {ActionUri: "2two"}, {ActionUri: "3three"},
 	}, compacted)
 
 	compacted = providerscommon.CompactActions(nil, arr)
 	assert.NotNil(t, compacted)
-	assert.Equal(t, []policysupport.ActionInfo{
+	assert.Equal(t, []hexapolicy.ActionInfo{
 		{ActionUri: "1one"}, {ActionUri: "2two"}, {ActionUri: "3three"},
 	}, compacted)
 }
@@ -167,7 +167,7 @@ func TestCompactMembers_OneNil(t *testing.T) {
 }
 
 func TestFlattenPolicy_ReturnsEmpty(t *testing.T) {
-	actPolicies := providerscommon.FlattenPolicy([]policysupport.PolicyInfo{})
+	actPolicies := providerscommon.FlattenPolicy([]hexapolicy.PolicyInfo{})
 	assert.NotNil(t, actPolicies)
 	assert.Empty(t, actPolicies)
 
@@ -177,23 +177,23 @@ func TestFlattenPolicy_ReturnsEmpty(t *testing.T) {
 }
 
 func TestFlattenPolicy_DupResourceDupMembers(t *testing.T) {
-	pol1 := policysupport.PolicyInfo{
-		Meta: policysupport.MetaInfo{Version: "0.5"},
-		Actions: []policysupport.ActionInfo{
+	pol1 := hexapolicy.PolicyInfo{
+		Meta: hexapolicy.MetaInfo{Version: "0.5"},
+		Actions: []hexapolicy.ActionInfo{
 			{ActionUri: ""}, {ActionUri: "1act"}, {ActionUri: " "}, {ActionUri: "2act"}},
-		Subject: policysupport.SubjectInfo{Members: []string{"1mem", "", "2mem"}},
-		Object:  policysupport.ObjectInfo{ResourceID: "resource1"},
+		Subject: hexapolicy.SubjectInfo{Members: []string{"1mem", "", "2mem"}},
+		Object:  hexapolicy.ObjectInfo{ResourceID: "resource1"},
 	}
 
-	pol2 := policysupport.PolicyInfo{
-		Meta: policysupport.MetaInfo{Version: "0.5"},
-		Actions: []policysupport.ActionInfo{
+	pol2 := hexapolicy.PolicyInfo{
+		Meta: hexapolicy.MetaInfo{Version: "0.5"},
+		Actions: []hexapolicy.ActionInfo{
 			{ActionUri: ""}, {ActionUri: "3act"}, {ActionUri: " "}, {ActionUri: "4act"}},
-		Subject: policysupport.SubjectInfo{Members: []string{"1mem", "", "2mem"}},
-		Object:  policysupport.ObjectInfo{ResourceID: "resource1"},
+		Subject: hexapolicy.SubjectInfo{Members: []string{"1mem", "", "2mem"}},
+		Object:  hexapolicy.ObjectInfo{ResourceID: "resource1"},
 	}
 
-	orig := []policysupport.PolicyInfo{pol1, pol2}
+	orig := []hexapolicy.PolicyInfo{pol1, pol2}
 	actPolicies := providerscommon.FlattenPolicy(orig)
 	assert.NotNil(t, actPolicies)
 	assert.Equal(t, 4, len(actPolicies))
@@ -210,30 +210,30 @@ func TestFlattenPolicy_DupResourceDupMembers(t *testing.T) {
 }
 
 func TestFlattenPolicy_NoResource(t *testing.T) {
-	pol1 := policysupport.PolicyInfo{
-		Meta:    policysupport.MetaInfo{Version: "0.5"},
-		Actions: []policysupport.ActionInfo{{ActionUri: "1act"}, {ActionUri: "2act"}},
-		Subject: policysupport.SubjectInfo{Members: []string{"1mem", "", "2mem"}},
+	pol1 := hexapolicy.PolicyInfo{
+		Meta:    hexapolicy.MetaInfo{Version: "0.5"},
+		Actions: []hexapolicy.ActionInfo{{ActionUri: "1act"}, {ActionUri: "2act"}},
+		Subject: hexapolicy.SubjectInfo{Members: []string{"1mem", "", "2mem"}},
 	}
-	pol2 := policysupport.PolicyInfo{
-		Meta:    policysupport.MetaInfo{Version: "0.5"},
-		Actions: []policysupport.ActionInfo{{ActionUri: "1act"}},
-		Subject: policysupport.SubjectInfo{Members: []string{"1mem", "2mem"}},
-		Object:  policysupport.ObjectInfo{ResourceID: "resource1"},
+	pol2 := hexapolicy.PolicyInfo{
+		Meta:    hexapolicy.MetaInfo{Version: "0.5"},
+		Actions: []hexapolicy.ActionInfo{{ActionUri: "1act"}},
+		Subject: hexapolicy.SubjectInfo{Members: []string{"1mem", "2mem"}},
+		Object:  hexapolicy.ObjectInfo{ResourceID: "resource1"},
 	}
 
 	tests := []struct {
 		name          string
-		inputPolicies []policysupport.PolicyInfo
+		inputPolicies []hexapolicy.PolicyInfo
 		expLen        int
 	}{
 		{
 			name:          "Single policy without resource",
-			inputPolicies: []policysupport.PolicyInfo{pol1},
+			inputPolicies: []hexapolicy.PolicyInfo{pol1},
 		},
 		{
 			name:          "Two policies one with, one without resource",
-			inputPolicies: []policysupport.PolicyInfo{pol1, pol2},
+			inputPolicies: []hexapolicy.PolicyInfo{pol1, pol2},
 			expLen:        1,
 		},
 	}
@@ -250,24 +250,24 @@ func TestFlattenPolicy_NoResource(t *testing.T) {
 }
 
 func TestFlattenPolicy_NoActions(t *testing.T) {
-	pol1 := policysupport.PolicyInfo{
-		Meta:    policysupport.MetaInfo{Version: "0.5"},
-		Subject: policysupport.SubjectInfo{Members: []string{"1mem", "", "2mem"}},
-		Object:  policysupport.ObjectInfo{ResourceID: "resource1"},
+	pol1 := hexapolicy.PolicyInfo{
+		Meta:    hexapolicy.MetaInfo{Version: "0.5"},
+		Subject: hexapolicy.SubjectInfo{Members: []string{"1mem", "", "2mem"}},
+		Object:  hexapolicy.ObjectInfo{ResourceID: "resource1"},
 	}
-	orig := []policysupport.PolicyInfo{pol1}
+	orig := []hexapolicy.PolicyInfo{pol1}
 	actPolicies := providerscommon.FlattenPolicy(orig)
 	assert.NotNil(t, actPolicies)
-	assert.Equal(t, []policysupport.PolicyInfo{}, actPolicies)
+	assert.Equal(t, []hexapolicy.PolicyInfo{}, actPolicies)
 }
 
 func TestFlattenPolicy_NoMembers(t *testing.T) {
-	pol1 := policysupport.PolicyInfo{
-		Meta:    policysupport.MetaInfo{Version: "0.5"},
-		Actions: []policysupport.ActionInfo{{ActionUri: "1act"}, {ActionUri: "2act"}},
-		Object:  policysupport.ObjectInfo{ResourceID: "resource1"},
+	pol1 := hexapolicy.PolicyInfo{
+		Meta:    hexapolicy.MetaInfo{Version: "0.5"},
+		Actions: []hexapolicy.ActionInfo{{ActionUri: "1act"}, {ActionUri: "2act"}},
+		Object:  hexapolicy.ObjectInfo{ResourceID: "resource1"},
 	}
-	orig := []policysupport.PolicyInfo{pol1}
+	orig := []hexapolicy.PolicyInfo{pol1}
 	actPolicies := providerscommon.FlattenPolicy(orig)
 	assert.NotNil(t, actPolicies)
 	assert.Equal(t, 2, len(actPolicies))
@@ -282,31 +282,31 @@ func TestFlattenPolicy_NoMembers(t *testing.T) {
 }
 
 func TestFlattenPolicy_MergeSameResourceAction(t *testing.T) {
-	pol1a := policysupport.PolicyInfo{
-		Meta: policysupport.MetaInfo{Version: "0.5"},
-		Actions: []policysupport.ActionInfo{
+	pol1a := hexapolicy.PolicyInfo{
+		Meta: hexapolicy.MetaInfo{Version: "0.5"},
+		Actions: []hexapolicy.ActionInfo{
 			{ActionUri: "1act"}, {ActionUri: "2act"}},
-		Subject: policysupport.SubjectInfo{Members: []string{"1mem", "2mem"}},
-		Object:  policysupport.ObjectInfo{ResourceID: "resource1"},
+		Subject: hexapolicy.SubjectInfo{Members: []string{"1mem", "2mem"}},
+		Object:  hexapolicy.ObjectInfo{ResourceID: "resource1"},
 	}
 
-	pol1b := policysupport.PolicyInfo{
-		Meta: policysupport.MetaInfo{Version: "0.5"},
-		Actions: []policysupport.ActionInfo{
+	pol1b := hexapolicy.PolicyInfo{
+		Meta: hexapolicy.MetaInfo{Version: "0.5"},
+		Actions: []hexapolicy.ActionInfo{
 			{ActionUri: "1act"}, {ActionUri: "2act"}},
-		Subject: policysupport.SubjectInfo{Members: []string{"3mem", "4mem"}},
-		Object:  policysupport.ObjectInfo{ResourceID: "resource1"},
+		Subject: hexapolicy.SubjectInfo{Members: []string{"3mem", "4mem"}},
+		Object:  hexapolicy.ObjectInfo{ResourceID: "resource1"},
 	}
 
-	pol2 := policysupport.PolicyInfo{
-		Meta: policysupport.MetaInfo{Version: "0.5"},
-		Actions: []policysupport.ActionInfo{
+	pol2 := hexapolicy.PolicyInfo{
+		Meta: hexapolicy.MetaInfo{Version: "0.5"},
+		Actions: []hexapolicy.ActionInfo{
 			{ActionUri: "3act"}, {ActionUri: "4act"}},
-		Subject: policysupport.SubjectInfo{Members: []string{"1mem", "2mem"}},
-		Object:  policysupport.ObjectInfo{ResourceID: "resource2"},
+		Subject: hexapolicy.SubjectInfo{Members: []string{"1mem", "2mem"}},
+		Object:  hexapolicy.ObjectInfo{ResourceID: "resource2"},
 	}
 
-	orig := []policysupport.PolicyInfo{pol1a, pol2, pol1b}
+	orig := []hexapolicy.PolicyInfo{pol1a, pol2, pol1b}
 	actPolicies := providerscommon.FlattenPolicy(orig)
 
 	assert.NotNil(t, actPolicies)
diff --git a/internal/orchestratorproviders/providerscommon/resource_action_role.go b/demo/internal/orchestratorproviders/providerscommon/resource_action_role.go
similarity index 100%
rename from internal/orchestratorproviders/providerscommon/resource_action_role.go
rename to demo/internal/orchestratorproviders/providerscommon/resource_action_role.go
diff --git a/internal/orchestratorproviders/providerscommon/resource_action_role_policy_support.go b/demo/internal/orchestratorproviders/providerscommon/resource_action_role_policy_support.go
similarity index 91%
rename from internal/orchestratorproviders/providerscommon/resource_action_role_policy_support.go
rename to demo/internal/orchestratorproviders/providerscommon/resource_action_role_policy_support.go
index b1751b75..0a44c3f3 100644
--- a/internal/orchestratorproviders/providerscommon/resource_action_role_policy_support.go
+++ b/demo/internal/orchestratorproviders/providerscommon/resource_action_role_policy_support.go
@@ -1,8 +1,8 @@
 package providerscommon
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/functionalsupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/functionalsupport"
 	log "golang.org/x/exp/slog"
 )
 
@@ -10,7 +10,7 @@ import (
 // Builds ResourceActionRoles that need to be updated only for those policies that match an existing resource action.
 // If existing is empty, returns empty slice
 // If policyInfos is empty, returns empty slice
-func CalcResourceActionRolesForUpdate(existing []ResourceActionRoles, policyInfos []policysupport.PolicyInfo) []ResourceActionRoles {
+func CalcResourceActionRolesForUpdate(existing []ResourceActionRoles, policyInfos []hexapolicy.PolicyInfo) []ResourceActionRoles {
 
 	existingRarMap := mapResourceActionRoles(existing)
 	newPolicies := FlattenPolicy(policyInfos)
diff --git a/internal/orchestratorproviders/providerscommon/resource_action_role_policy_support_test.go b/demo/internal/orchestratorproviders/providerscommon/resource_action_role_policy_support_test.go
similarity index 95%
rename from internal/orchestratorproviders/providerscommon/resource_action_role_policy_support_test.go
rename to demo/internal/orchestratorproviders/providerscommon/resource_action_role_policy_support_test.go
index 0faa9a87..fe5466ad 100644
--- a/internal/orchestratorproviders/providerscommon/resource_action_role_policy_support_test.go
+++ b/demo/internal/orchestratorproviders/providerscommon/resource_action_role_policy_support_test.go
@@ -1,9 +1,9 @@
 package providerscommon_test
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/providerscommon"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/policytestsupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/providerscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/policytestsupport"
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/exp/slices"
 	"testing"
@@ -15,7 +15,7 @@ func TestCalcResourceActionRolesForUpdate_NoUpdates(t *testing.T) {
 
 	act = providerscommon.CalcResourceActionRolesForUpdate(
 		[]providerscommon.ResourceActionRoles{},
-		[]policysupport.PolicyInfo{})
+		[]hexapolicy.PolicyInfo{})
 	assert.Empty(t, act)
 
 	expRoles := []string{"some-role-to-add"}
diff --git a/internal/orchestratorproviders/providerscommon/resource_action_role_test.go b/demo/internal/orchestratorproviders/providerscommon/resource_action_role_test.go
similarity index 97%
rename from internal/orchestratorproviders/providerscommon/resource_action_role_test.go
rename to demo/internal/orchestratorproviders/providerscommon/resource_action_role_test.go
index 79e0d83a..8f9ba317 100644
--- a/internal/orchestratorproviders/providerscommon/resource_action_role_test.go
+++ b/demo/internal/orchestratorproviders/providerscommon/resource_action_role_test.go
@@ -1,7 +1,7 @@
 package providerscommon_test
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/providerscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/providerscommon"
 	"github.com/stretchr/testify/assert"
 	"net/http"
 	"testing"
diff --git a/pkg/azuretestsupport/apim_testsupport/arm_apiservice_client_testsupport.go b/demo/pkg/azuretestsupport/apim_testsupport/arm_apiservice_client_testsupport.go
similarity index 89%
rename from pkg/azuretestsupport/apim_testsupport/arm_apiservice_client_testsupport.go
rename to demo/pkg/azuretestsupport/apim_testsupport/arm_apiservice_client_testsupport.go
index e563176d..62ff4977 100644
--- a/pkg/azuretestsupport/apim_testsupport/arm_apiservice_client_testsupport.go
+++ b/demo/pkg/azuretestsupport/apim_testsupport/arm_apiservice_client_testsupport.go
@@ -3,9 +3,9 @@ package apim_testsupport
 import (
 	"fmt"
 	azarmapim "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport/armtestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport/armtestsupport"
 )
 
 func ApimServiceId() string {
diff --git a/pkg/azuretestsupport/apim_testsupport/mock_apim_namedvalue_svc.go b/demo/pkg/azuretestsupport/apim_testsupport/mock_apim_namedvalue_svc.go
similarity index 76%
rename from pkg/azuretestsupport/apim_testsupport/mock_apim_namedvalue_svc.go
rename to demo/pkg/azuretestsupport/apim_testsupport/mock_apim_namedvalue_svc.go
index a4eaa7ab..a04e9652 100644
--- a/pkg/azuretestsupport/apim_testsupport/mock_apim_namedvalue_svc.go
+++ b/demo/pkg/azuretestsupport/apim_testsupport/mock_apim_namedvalue_svc.go
@@ -1,9 +1,9 @@
 package apim_testsupport
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/providerscommon"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/policytestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/providerscommon"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/policytestsupport"
 	"github.com/stretchr/testify/mock"
 )
 
diff --git a/pkg/azuretestsupport/apim_testsupport/mock_apim_namedvalues_client.go b/demo/pkg/azuretestsupport/apim_testsupport/mock_apim_namedvalues_client.go
similarity index 100%
rename from pkg/azuretestsupport/apim_testsupport/mock_apim_namedvalues_client.go
rename to demo/pkg/azuretestsupport/apim_testsupport/mock_apim_namedvalues_client.go
diff --git a/pkg/azuretestsupport/apim_testsupport/mock_apimservice_client.go b/demo/pkg/azuretestsupport/apim_testsupport/mock_apimservice_client.go
similarity index 92%
rename from pkg/azuretestsupport/apim_testsupport/mock_apimservice_client.go
rename to demo/pkg/azuretestsupport/apim_testsupport/mock_apimservice_client.go
index 8367e963..929e8ac6 100644
--- a/pkg/azuretestsupport/apim_testsupport/mock_apimservice_client.go
+++ b/demo/pkg/azuretestsupport/apim_testsupport/mock_apimservice_client.go
@@ -3,7 +3,7 @@ package apim_testsupport
 import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
 	azarmapim "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport/armtestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport/armtestsupport"
 	"github.com/stretchr/testify/mock"
 )
 
diff --git a/pkg/azuretestsupport/apim_testsupport/mock_arm_apim_svc.go b/demo/pkg/azuretestsupport/apim_testsupport/mock_arm_apim_svc.go
similarity index 84%
rename from pkg/azuretestsupport/apim_testsupport/mock_arm_apim_svc.go
rename to demo/pkg/azuretestsupport/apim_testsupport/mock_arm_apim_svc.go
index 3da5660d..ea2ac7e5 100644
--- a/pkg/azuretestsupport/apim_testsupport/mock_arm_apim_svc.go
+++ b/demo/pkg/azuretestsupport/apim_testsupport/mock_arm_apim_svc.go
@@ -1,7 +1,7 @@
 package apim_testsupport
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azarm/armmodel"
 	"github.com/stretchr/testify/mock"
 )
 
diff --git a/pkg/azuretestsupport/approle_assignments_test_support.go b/demo/pkg/azuretestsupport/approle_assignments_test_support.go
similarity index 88%
rename from pkg/azuretestsupport/approle_assignments_test_support.go
rename to demo/pkg/azuretestsupport/approle_assignments_test_support.go
index c065419e..a6bef26a 100644
--- a/pkg/azuretestsupport/approle_assignments_test_support.go
+++ b/demo/pkg/azuretestsupport/approle_assignments_test_support.go
@@ -2,10 +2,10 @@ package azuretestsupport
 
 import (
 	"github.com/google/uuid"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azad"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/policytestsupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azad"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/policytestsupport"
 	"sort"
 )
 
@@ -79,7 +79,7 @@ func AssignmentsForDelete(assignments []azad.AzureAppRoleAssignment) []azad.Azur
 	return newAssignments
 }
 
-func MakePolicies(assignments []azad.AzureAppRoleAssignment) []policysupport.PolicyInfo {
+func MakePolicies(assignments []azad.AzureAppRoleAssignment) []hexapolicy.PolicyInfo {
 	policyMapper := microsoftazure.NewAzurePolicyMapper(AzureServicePrincipals(),
 		assignments,
 		policytestsupport.MakePrincipalEmailMap())
diff --git a/pkg/azuretestsupport/armtestsupport/fake_token_credential_http_client.go b/demo/pkg/azuretestsupport/armtestsupport/fake_token_credential_http_client.go
similarity index 96%
rename from pkg/azuretestsupport/armtestsupport/fake_token_credential_http_client.go
rename to demo/pkg/azuretestsupport/armtestsupport/fake_token_credential_http_client.go
index 22ac42f2..f4179329 100644
--- a/pkg/azuretestsupport/armtestsupport/fake_token_credential_http_client.go
+++ b/demo/pkg/azuretestsupport/armtestsupport/fake_token_credential_http_client.go
@@ -3,7 +3,7 @@ package armtestsupport
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
 	"net/http"
 )
 
diff --git a/pkg/azuretestsupport/armtestsupport/pager_testsupport.go b/demo/pkg/azuretestsupport/armtestsupport/pager_testsupport.go
similarity index 100%
rename from pkg/azuretestsupport/armtestsupport/pager_testsupport.go
rename to demo/pkg/azuretestsupport/armtestsupport/pager_testsupport.go
diff --git a/pkg/azuretestsupport/azure_credentials.go b/demo/pkg/azuretestsupport/azure_credentials.go
similarity index 87%
rename from pkg/azuretestsupport/azure_credentials.go
rename to demo/pkg/azuretestsupport/azure_credentials.go
index 5a9a00da..a0f7aeb2 100644
--- a/pkg/azuretestsupport/azure_credentials.go
+++ b/demo/pkg/azuretestsupport/azure_credentials.go
@@ -3,7 +3,7 @@ package azuretestsupport
 import (
 	"encoding/json"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azurecommon"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azurecommon"
 )
 
 const AzureAppId = "anAppId"
diff --git a/pkg/azuretestsupport/mock_azure_client.go b/demo/pkg/azuretestsupport/mock_azure_client.go
similarity index 91%
rename from pkg/azuretestsupport/mock_azure_client.go
rename to demo/pkg/azuretestsupport/mock_azure_client.go
index 8793dd75..7bb6a63e 100644
--- a/pkg/azuretestsupport/mock_azure_client.go
+++ b/demo/pkg/azuretestsupport/mock_azure_client.go
@@ -1,10 +1,10 @@
 package azuretestsupport
 
 import (
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azad"
-	"github.com/hexa-org/policy-orchestrator/pkg/azuretestsupport/armtestsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/policytestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azad"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/azuretestsupport/armtestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/policytestsupport"
 	"github.com/stretchr/testify/mock"
 	"reflect"
 )
diff --git a/pkg/azuretestsupport/mock_azure_client_support.go b/demo/pkg/azuretestsupport/mock_azure_client_support.go
similarity index 95%
rename from pkg/azuretestsupport/mock_azure_client_support.go
rename to demo/pkg/azuretestsupport/mock_azure_client_support.go
index 6fdd0561..cd735a06 100644
--- a/pkg/azuretestsupport/mock_azure_client_support.go
+++ b/demo/pkg/azuretestsupport/mock_azure_client_support.go
@@ -3,9 +3,9 @@ package azuretestsupport
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azad"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/policytestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azad"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/policytestsupport"
 	"net/http"
 	"net/url"
 )
diff --git a/pkg/azuretestsupport/service_principals_test_support.go b/demo/pkg/azuretestsupport/service_principals_test_support.go
similarity index 86%
rename from pkg/azuretestsupport/service_principals_test_support.go
rename to demo/pkg/azuretestsupport/service_principals_test_support.go
index 4b12c856..fb3c4964 100644
--- a/pkg/azuretestsupport/service_principals_test_support.go
+++ b/demo/pkg/azuretestsupport/service_principals_test_support.go
@@ -3,8 +3,8 @@ package azuretestsupport
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azad"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/policytestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/microsoftazure/azad"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/policytestsupport"
 )
 
 const ServicePrincipalId = "some-service-principal-id"
diff --git a/pkg/compressionsupport/compress.go b/demo/pkg/compressionsupport/compress.go
similarity index 100%
rename from pkg/compressionsupport/compress.go
rename to demo/pkg/compressionsupport/compress.go
diff --git a/pkg/compressionsupport/compress_test.go b/demo/pkg/compressionsupport/compress_test.go
similarity index 96%
rename from pkg/compressionsupport/compress_test.go
rename to demo/pkg/compressionsupport/compress_test.go
index 77feb1ac..a6439441 100644
--- a/pkg/compressionsupport/compress_test.go
+++ b/demo/pkg/compressionsupport/compress_test.go
@@ -3,7 +3,7 @@ package compressionsupport_test
 import (
 	"bytes"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/compressionsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/compressionsupport"
 
 	"os"
 	"path/filepath"
diff --git a/pkg/compressionsupport/resources/compressdir/.manifest b/demo/pkg/compressionsupport/resources/compressdir/.manifest
similarity index 100%
rename from pkg/compressionsupport/resources/compressdir/.manifest
rename to demo/pkg/compressionsupport/resources/compressdir/.manifest
diff --git a/pkg/compressionsupport/resources/compressdir/compress.txt b/demo/pkg/compressionsupport/resources/compressdir/compress.txt
similarity index 100%
rename from pkg/compressionsupport/resources/compressdir/compress.txt
rename to demo/pkg/compressionsupport/resources/compressdir/compress.txt
diff --git a/pkg/databasesupport/db_support.go b/demo/pkg/databasesupport/db_support.go
similarity index 100%
rename from pkg/databasesupport/db_support.go
rename to demo/pkg/databasesupport/db_support.go
diff --git a/pkg/databasesupport/db_support_test.go b/demo/pkg/databasesupport/db_support_test.go
similarity index 100%
rename from pkg/databasesupport/db_support_test.go
rename to demo/pkg/databasesupport/db_support_test.go
diff --git a/pkg/functionalsupport/functional_support.go b/demo/pkg/functionalsupport/functional_support.go
similarity index 100%
rename from pkg/functionalsupport/functional_support.go
rename to demo/pkg/functionalsupport/functional_support.go
diff --git a/pkg/functionalsupport/functional_support_test.go b/demo/pkg/functionalsupport/functional_support_test.go
similarity index 83%
rename from pkg/functionalsupport/functional_support_test.go
rename to demo/pkg/functionalsupport/functional_support_test.go
index 6f2789d5..83344697 100644
--- a/pkg/functionalsupport/functional_support_test.go
+++ b/demo/pkg/functionalsupport/functional_support_test.go
@@ -3,7 +3,7 @@ package functionalsupport_test
 import (
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/functionalsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/functionalsupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/pkg/functionalsupport/slice_support.go b/demo/pkg/functionalsupport/slice_support.go
similarity index 100%
rename from pkg/functionalsupport/slice_support.go
rename to demo/pkg/functionalsupport/slice_support.go
diff --git a/pkg/functionalsupport/slice_support_test.go b/demo/pkg/functionalsupport/slice_support_test.go
similarity index 97%
rename from pkg/functionalsupport/slice_support_test.go
rename to demo/pkg/functionalsupport/slice_support_test.go
index 033b4589..3c154d34 100644
--- a/pkg/functionalsupport/slice_support_test.go
+++ b/demo/pkg/functionalsupport/slice_support_test.go
@@ -1,7 +1,7 @@
 package functionalsupport_test
 
 import (
-	"github.com/hexa-org/policy-orchestrator/pkg/functionalsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/functionalsupport"
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/exp/slices"
 	"testing"
diff --git a/pkg/hawksupport/hawk_support.go b/demo/pkg/hawksupport/hawk_support.go
similarity index 100%
rename from pkg/hawksupport/hawk_support.go
rename to demo/pkg/hawksupport/hawk_support.go
diff --git a/pkg/hawksupport/hawk_support_test.go b/demo/pkg/hawksupport/hawk_support_test.go
similarity index 93%
rename from pkg/hawksupport/hawk_support_test.go
rename to demo/pkg/hawksupport/hawk_support_test.go
index caeb7805..3a3eefc8 100644
--- a/pkg/hawksupport/hawk_support_test.go
+++ b/demo/pkg/hawksupport/hawk_support_test.go
@@ -11,9 +11,9 @@ import (
 	"testing"
 
 	"github.com/gorilla/mux"
-	"github.com/hexa-org/policy-orchestrator/pkg/hawksupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/hawksupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/pkg/healthsupport/health_support.go b/demo/pkg/healthsupport/health_support.go
similarity index 100%
rename from pkg/healthsupport/health_support.go
rename to demo/pkg/healthsupport/health_support.go
diff --git a/pkg/healthsupport/health_support_test.go b/demo/pkg/healthsupport/health_support_test.go
similarity index 96%
rename from pkg/healthsupport/health_support_test.go
rename to demo/pkg/healthsupport/health_support_test.go
index fa2d799e..06956571 100644
--- a/pkg/healthsupport/health_support_test.go
+++ b/demo/pkg/healthsupport/health_support_test.go
@@ -9,7 +9,7 @@ import (
 	"testing"
 
 	"github.com/gorilla/mux"
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/pkg/metricssupport/metrics_support.go b/demo/pkg/metricssupport/metrics_support.go
similarity index 100%
rename from pkg/metricssupport/metrics_support.go
rename to demo/pkg/metricssupport/metrics_support.go
diff --git a/pkg/metricssupport/metrics_support_test.go b/demo/pkg/metricssupport/metrics_support_test.go
similarity index 93%
rename from pkg/metricssupport/metrics_support_test.go
rename to demo/pkg/metricssupport/metrics_support_test.go
index 8e1df464..af57b140 100644
--- a/pkg/metricssupport/metrics_support_test.go
+++ b/demo/pkg/metricssupport/metrics_support_test.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"log"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/metricssupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/metricssupport"
 
 	"github.com/gorilla/mux"
 
diff --git a/pkg/oidctestsupport/test_authserver.go b/demo/pkg/oidctestsupport/test_authserver.go
similarity index 100%
rename from pkg/oidctestsupport/test_authserver.go
rename to demo/pkg/oidctestsupport/test_authserver.go
diff --git a/pkg/testsupport/awstestsupport/aws_api_client_testsupport.go b/demo/pkg/testsupport/awstestsupport/aws_api_client_testsupport.go
similarity index 93%
rename from pkg/testsupport/awstestsupport/aws_api_client_testsupport.go
rename to demo/pkg/testsupport/awstestsupport/aws_api_client_testsupport.go
index a9346532..1e52f58a 100644
--- a/pkg/testsupport/awstestsupport/aws_api_client_testsupport.go
+++ b/demo/pkg/testsupport/awstestsupport/aws_api_client_testsupport.go
@@ -2,7 +2,7 @@ package awstestsupport
 
 import (
 	"fmt"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
 )
 
 const TestAwsRegion = "us-west-1"
diff --git a/pkg/testsupport/cognitotestsupport/congnito_operations_test_support.go b/demo/pkg/testsupport/cognitotestsupport/congnito_operations_test_support.go
similarity index 98%
rename from pkg/testsupport/cognitotestsupport/congnito_operations_test_support.go
rename to demo/pkg/testsupport/cognitotestsupport/congnito_operations_test_support.go
index d4d46a25..f6842558 100644
--- a/pkg/testsupport/cognitotestsupport/congnito_operations_test_support.go
+++ b/demo/pkg/testsupport/cognitotestsupport/congnito_operations_test_support.go
@@ -6,7 +6,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
 	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport/awstestsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/awstestsupport"
 	"net/http"
 )
 
diff --git a/pkg/testsupport/cognitotestsupport/test_cognito_http_client.go b/demo/pkg/testsupport/cognitotestsupport/test_cognito_http_client.go
similarity index 100%
rename from pkg/testsupport/cognitotestsupport/test_cognito_http_client.go
rename to demo/pkg/testsupport/cognitotestsupport/test_cognito_http_client.go
diff --git a/pkg/testsupport/contains_exactly.go b/demo/pkg/testsupport/contains_exactly.go
similarity index 100%
rename from pkg/testsupport/contains_exactly.go
rename to demo/pkg/testsupport/contains_exactly.go
diff --git a/pkg/testsupport/policytestsupport/policy_checker_support.go b/demo/pkg/testsupport/policytestsupport/policy_checker_support.go
similarity index 58%
rename from pkg/testsupport/policytestsupport/policy_checker_support.go
rename to demo/pkg/testsupport/policytestsupport/policy_checker_support.go
index 9dd37db5..17b581e1 100644
--- a/pkg/testsupport/policytestsupport/policy_checker_support.go
+++ b/demo/pkg/testsupport/policytestsupport/policy_checker_support.go
@@ -2,24 +2,24 @@ package policytestsupport
 
 import (
 	"fmt"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
 	"github.com/stretchr/testify/assert"
 	"reflect"
 	"sort"
 	"testing"
 )
 
-func ContainsPolicies(t *testing.T, expPolicies []policysupport.PolicyInfo, actPolicies []policysupport.PolicyInfo) bool {
+func ContainsPolicies(t *testing.T, expPolicies []hexapolicy.PolicyInfo, actPolicies []hexapolicy.PolicyInfo) bool {
 	for _, act := range actPolicies {
 		if HasPolicy(expPolicies, act) {
 			return true
 		}
 	}
 
-	return assert.Fail(t, fmt.Sprintf("Policies do not match expected: \n expected: %s\n actual: %s", expPolicies, actPolicies))
+	return assert.Fail(t, fmt.Sprintf("Policies do not match expected: \n expected: %v\n actual: %v", expPolicies, actPolicies))
 }
 
-func HasPolicy(expPolicies []policysupport.PolicyInfo, act policysupport.PolicyInfo) bool {
+func HasPolicy(expPolicies []hexapolicy.PolicyInfo, act hexapolicy.PolicyInfo) bool {
 	for _, exp := range expPolicies {
 		if MatchPolicy(exp, act) {
 			return true
@@ -28,7 +28,7 @@ func HasPolicy(expPolicies []policysupport.PolicyInfo, act policysupport.PolicyI
 	return false
 }
 
-func MatchPolicy(exp policysupport.PolicyInfo, act policysupport.PolicyInfo) bool {
+func MatchPolicy(exp hexapolicy.PolicyInfo, act hexapolicy.PolicyInfo) bool {
 	if exp.Object.ResourceID != act.Object.ResourceID {
 		return false
 	}
@@ -44,8 +44,8 @@ func MatchPolicy(exp policysupport.PolicyInfo, act policysupport.PolicyInfo) boo
 	return reflect.DeepEqual(expMembers, actMembers)
 }
 
-func MakePolicies(actionMembers map[string][]string, resourceId string) []policysupport.PolicyInfo {
-	policies := make([]policysupport.PolicyInfo, 0)
+func MakePolicies(actionMembers map[string][]string, resourceId string) []hexapolicy.PolicyInfo {
+	policies := make([]hexapolicy.PolicyInfo, 0)
 
 	for action, membersNoPrefix := range actionMembers {
 		members := make([]string, 0)
@@ -53,11 +53,11 @@ func MakePolicies(actionMembers map[string][]string, resourceId string) []policy
 			members = append(members, "user:"+mem)
 		}
 
-		pol := policysupport.PolicyInfo{
-			Meta:    policysupport.MetaInfo{Version: "0.5"},
-			Actions: []policysupport.ActionInfo{{action}},
-			Subject: policysupport.SubjectInfo{Members: members},
-			Object: policysupport.ObjectInfo{
+		pol := hexapolicy.PolicyInfo{
+			Meta:    hexapolicy.MetaInfo{Version: "0.5"},
+			Actions: []hexapolicy.ActionInfo{{action}},
+			Subject: hexapolicy.SubjectInfo{Members: members},
+			Object: hexapolicy.ObjectInfo{
 				ResourceID: resourceId,
 			},
 		}
@@ -68,8 +68,8 @@ func MakePolicies(actionMembers map[string][]string, resourceId string) []policy
 	return policies
 }
 
-func sortAction(orig []policysupport.ActionInfo) []policysupport.ActionInfo {
-	sorted := make([]policysupport.ActionInfo, 0)
+func sortAction(orig []hexapolicy.ActionInfo) []hexapolicy.ActionInfo {
+	sorted := make([]hexapolicy.ActionInfo, 0)
 	sorted = append(sorted, orig...)
 	sort.Slice(sorted, func(i, j int) bool {
 		return sorted[i].ActionUri <= sorted[j].ActionUri
@@ -77,13 +77,13 @@ func sortAction(orig []policysupport.ActionInfo) []policysupport.ActionInfo {
 	return sorted
 }
 
-func sortMembers(subInfo policysupport.SubjectInfo) policysupport.SubjectInfo {
+func sortMembers(subInfo hexapolicy.SubjectInfo) hexapolicy.SubjectInfo {
 	sorted := make([]string, 0)
 	for _, one := range subInfo.Members {
 		sorted = append(sorted, one)
 	}
 	sort.Strings(sorted)
-	return policysupport.SubjectInfo{
+	return hexapolicy.SubjectInfo{
 		Members: sorted,
 	}
 }
diff --git a/pkg/testsupport/policytestsupport/policy_data_support.go b/demo/pkg/testsupport/policytestsupport/policy_data_support.go
similarity index 78%
rename from pkg/testsupport/policytestsupport/policy_data_support.go
rename to demo/pkg/testsupport/policytestsupport/policy_data_support.go
index 911fe719..437f7cd1 100644
--- a/pkg/testsupport/policytestsupport/policy_data_support.go
+++ b/demo/pkg/testsupport/policytestsupport/policy_data_support.go
@@ -2,7 +2,7 @@ package policytestsupport
 
 import (
 	"fmt"
-	"github.com/hexa-org/policy-orchestrator/internal/policysupport"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
 	"strings"
 )
 
@@ -57,8 +57,8 @@ func MakeActionMembers() map[string]ActionMembers {
 	}
 }
 
-func MakeTestPolicies(actionMembers map[string]ActionMembers) []policysupport.PolicyInfo {
-	policies := make([]policysupport.PolicyInfo, 0)
+func MakeTestPolicies(actionMembers map[string]ActionMembers) []hexapolicy.PolicyInfo {
+	policies := make([]hexapolicy.PolicyInfo, 0)
 	for action, members := range actionMembers {
 		policies = append(policies, MakeTestPolicy(PolicyObjectResourceId, action, members))
 	}
@@ -67,8 +67,8 @@ func MakeTestPolicies(actionMembers map[string]ActionMembers) []policysupport.Po
 
 // MakeRoleSubjectTestPolicies - makes policies with passed in param
 // actionMembers = { "GET/humanresources/us": ["role1", "role2"] }
-func MakeRoleSubjectTestPolicies(actionMembers map[string][]string) []policysupport.PolicyInfo {
-	policies := make([]policysupport.PolicyInfo, 0)
+func MakeRoleSubjectTestPolicies(actionMembers map[string][]string) []hexapolicy.PolicyInfo {
+	policies := make([]hexapolicy.PolicyInfo, 0)
 	for action, members := range actionMembers {
 		parts := strings.Split(action, "/")
 		actionUri := "http:" + parts[0]
@@ -78,23 +78,23 @@ func MakeRoleSubjectTestPolicies(actionMembers map[string][]string) []policysupp
 	return policies
 }
 
-func MakeRoleSubjectTestPolicy(resourceId string, action string, roles []string) policysupport.PolicyInfo {
-	return policysupport.PolicyInfo{
-		Meta:    policysupport.MetaInfo{Version: "0.5"},
-		Actions: []policysupport.ActionInfo{{action}},
-		Subject: policysupport.SubjectInfo{Members: roles},
-		Object: policysupport.ObjectInfo{
+func MakeRoleSubjectTestPolicy(resourceId string, action string, roles []string) hexapolicy.PolicyInfo {
+	return hexapolicy.PolicyInfo{
+		Meta:    hexapolicy.MetaInfo{Version: "0.5"},
+		Actions: []hexapolicy.ActionInfo{{action}},
+		Subject: hexapolicy.SubjectInfo{Members: roles},
+		Object: hexapolicy.ObjectInfo{
 			ResourceID: resourceId,
 		},
 	}
 }
 
-func MakeTestPolicy(resourceId string, action string, actionMembers ActionMembers) policysupport.PolicyInfo {
-	return policysupport.PolicyInfo{
-		Meta:    policysupport.MetaInfo{Version: "0.5"},
-		Actions: []policysupport.ActionInfo{{action}},
-		Subject: policysupport.SubjectInfo{Members: MakePolicyTestUsers(actionMembers)},
-		Object: policysupport.ObjectInfo{
+func MakeTestPolicy(resourceId string, action string, actionMembers ActionMembers) hexapolicy.PolicyInfo {
+	return hexapolicy.PolicyInfo{
+		Meta:    hexapolicy.MetaInfo{Version: "0.5"},
+		Actions: []hexapolicy.ActionInfo{{action}},
+		Subject: hexapolicy.SubjectInfo{Members: MakePolicyTestUsers(actionMembers)},
+		Object: hexapolicy.ObjectInfo{
 			ResourceID: resourceId,
 		},
 	}
diff --git a/pkg/testsupport/policytestsupport/resource_action_roles_policy_testsupport.go b/demo/pkg/testsupport/policytestsupport/resource_action_roles_policy_testsupport.go
similarity index 65%
rename from pkg/testsupport/policytestsupport/resource_action_roles_policy_testsupport.go
rename to demo/pkg/testsupport/policytestsupport/resource_action_roles_policy_testsupport.go
index 6d09f142..4e03f391 100644
--- a/pkg/testsupport/policytestsupport/resource_action_roles_policy_testsupport.go
+++ b/demo/pkg/testsupport/policytestsupport/resource_action_roles_policy_testsupport.go
@@ -2,8 +2,8 @@ package policytestsupport
 
 import (
 	"fmt"
-	"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/providerscommon"
-	"golang.org/x/exp/slices"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestratorproviders/providerscommon"
+	"sort"
 	"strings"
 )
 
@@ -15,7 +15,9 @@ func MakeRarList(retActionRoles map[string][]string) []providerscommon.ResourceA
 		rarList = append(rarList, resRole)
 	}
 
-	slices.SortStableFunc(rarList, func(a, b providerscommon.ResourceActionRoles) bool {
+	sort.SliceStable(rarList, func(i, j int) bool {
+		a := rarList[i]
+		b := rarList[j]
 		resComp := strings.Compare(a.Resource, b.Resource)
 		actComp := strings.Compare(a.Action, b.Action)
 		switch resComp {
@@ -25,6 +27,17 @@ func MakeRarList(retActionRoles map[string][]string) []providerscommon.ResourceA
 			return resComp < 0
 		}
 	})
+
+	/*slices.SortStableFunc(rarList, func(a, b providerscommon.ResourceActionRoles) bool {
+		resComp := strings.Compare(a.Resource, b.Resource)
+		actComp := strings.Compare(a.Action, b.Action)
+		switch resComp {
+		case 0:
+			return actComp <= 0
+		default:
+			return resComp < 0
+		}
+	})*/
 	return rarList
 }
 
diff --git a/pkg/testsupport/test_httpclient.go b/demo/pkg/testsupport/test_httpclient.go
similarity index 100%
rename from pkg/testsupport/test_httpclient.go
rename to demo/pkg/testsupport/test_httpclient.go
diff --git a/pkg/testsupport/test_support.go b/demo/pkg/testsupport/test_support.go
similarity index 100%
rename from pkg/testsupport/test_support.go
rename to demo/pkg/testsupport/test_support.go
diff --git a/pkg/testsupport/test_support_test.go b/demo/pkg/testsupport/test_support_test.go
similarity index 84%
rename from pkg/testsupport/test_support_test.go
rename to demo/pkg/testsupport/test_support_test.go
index 374259e9..a4ec2e8d 100644
--- a/pkg/testsupport/test_support_test.go
+++ b/demo/pkg/testsupport/test_support_test.go
@@ -3,7 +3,7 @@ package testsupport_test
 import (
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/pkg/testsupport/tools/generate_cert.go b/demo/pkg/testsupport/tools/generate_cert.go
similarity index 100%
rename from pkg/testsupport/tools/generate_cert.go
rename to demo/pkg/testsupport/tools/generate_cert.go
diff --git a/pkg/websupport/test/README.md b/demo/pkg/websupport/test/README.md
similarity index 100%
rename from pkg/websupport/test/README.md
rename to demo/pkg/websupport/test/README.md
diff --git a/pkg/websupport/test/certs/ca-cert.pem b/demo/pkg/websupport/test/certs/ca-cert.pem
similarity index 100%
rename from pkg/websupport/test/certs/ca-cert.pem
rename to demo/pkg/websupport/test/certs/ca-cert.pem
diff --git a/pkg/websupport/test/certs/client-cert.pem b/demo/pkg/websupport/test/certs/client-cert.pem
similarity index 100%
rename from pkg/websupport/test/certs/client-cert.pem
rename to demo/pkg/websupport/test/certs/client-cert.pem
diff --git a/pkg/websupport/test/certs/client-key.pem b/demo/pkg/websupport/test/certs/client-key.pem
similarity index 100%
rename from pkg/websupport/test/certs/client-key.pem
rename to demo/pkg/websupport/test/certs/client-key.pem
diff --git a/pkg/websupport/test/certs/server-cert.pem b/demo/pkg/websupport/test/certs/server-cert.pem
similarity index 100%
rename from pkg/websupport/test/certs/server-cert.pem
rename to demo/pkg/websupport/test/certs/server-cert.pem
diff --git a/pkg/websupport/test/certs/server-key.pem b/demo/pkg/websupport/test/certs/server-key.pem
similarity index 100%
rename from pkg/websupport/test/certs/server-key.pem
rename to demo/pkg/websupport/test/certs/server-key.pem
diff --git a/pkg/websupport/test/resources.go b/demo/pkg/websupport/test/resources.go
similarity index 100%
rename from pkg/websupport/test/resources.go
rename to demo/pkg/websupport/test/resources.go
diff --git a/pkg/websupport/test/resources/templates/bad.gohtml b/demo/pkg/websupport/test/resources/templates/bad.gohtml
similarity index 100%
rename from pkg/websupport/test/resources/templates/bad.gohtml
rename to demo/pkg/websupport/test/resources/templates/bad.gohtml
diff --git a/pkg/websupport/test/resources/templates/template.gohtml b/demo/pkg/websupport/test/resources/templates/template.gohtml
similarity index 100%
rename from pkg/websupport/test/resources/templates/template.gohtml
rename to demo/pkg/websupport/test/resources/templates/template.gohtml
diff --git a/pkg/websupport/test/resources/templates/test.gohtml b/demo/pkg/websupport/test/resources/templates/test.gohtml
similarity index 100%
rename from pkg/websupport/test/resources/templates/test.gohtml
rename to demo/pkg/websupport/test/resources/templates/test.gohtml
diff --git a/pkg/websupport/view_support.go b/demo/pkg/websupport/view_support.go
similarity index 100%
rename from pkg/websupport/view_support.go
rename to demo/pkg/websupport/view_support.go
diff --git a/pkg/websupport/view_support_test.go b/demo/pkg/websupport/view_support_test.go
similarity index 88%
rename from pkg/websupport/view_support_test.go
rename to demo/pkg/websupport/view_support_test.go
index 8d91ece2..b24648ae 100644
--- a/pkg/websupport/view_support_test.go
+++ b/demo/pkg/websupport/view_support_test.go
@@ -8,8 +8,8 @@ import (
 	"testing"
 
 	"github.com/gorilla/mux"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport/test"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport/test"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/pkg/websupport/web_support.go b/demo/pkg/websupport/web_support.go
similarity index 94%
rename from pkg/websupport/web_support.go
rename to demo/pkg/websupport/web_support.go
index 6f6fdc0c..ebdb768f 100644
--- a/pkg/websupport/web_support.go
+++ b/demo/pkg/websupport/web_support.go
@@ -9,8 +9,8 @@ import (
 	"os"
 
 	"github.com/gorilla/mux"
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/metricssupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/metricssupport"
 )
 
 type Options struct {
diff --git a/pkg/websupport/web_support_test.go b/demo/pkg/websupport/web_support_test.go
similarity index 93%
rename from pkg/websupport/web_support_test.go
rename to demo/pkg/websupport/web_support_test.go
index fe523a6d..bbc0bb72 100644
--- a/pkg/websupport/web_support_test.go
+++ b/demo/pkg/websupport/web_support_test.go
@@ -12,8 +12,8 @@ import (
 	"testing"
 
 	"github.com/gorilla/mux"
-	"github.com/hexa-org/policy-orchestrator/pkg/healthsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/websupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/healthsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/websupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/pkg/workflowsupport/process_async.go b/demo/pkg/workflowsupport/process_async.go
similarity index 100%
rename from pkg/workflowsupport/process_async.go
rename to demo/pkg/workflowsupport/process_async.go
diff --git a/pkg/workflowsupport/process_async_test.go b/demo/pkg/workflowsupport/process_async_test.go
similarity index 89%
rename from pkg/workflowsupport/process_async_test.go
rename to demo/pkg/workflowsupport/process_async_test.go
index ec437f41..a5a0223c 100644
--- a/pkg/workflowsupport/process_async_test.go
+++ b/demo/pkg/workflowsupport/process_async_test.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/testsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport"
 )
 
 func TestProcessAsync(t *testing.T) {
diff --git a/pkg/workflowsupport/workflow_support.go b/demo/pkg/workflowsupport/workflow_support.go
similarity index 100%
rename from pkg/workflowsupport/workflow_support.go
rename to demo/pkg/workflowsupport/workflow_support.go
diff --git a/pkg/workflowsupport/workflow_support_test.go b/demo/pkg/workflowsupport/workflow_support_test.go
similarity index 95%
rename from pkg/workflowsupport/workflow_support_test.go
rename to demo/pkg/workflowsupport/workflow_support_test.go
index 9e3f1a37..65c77aeb 100644
--- a/pkg/workflowsupport/workflow_support_test.go
+++ b/demo/pkg/workflowsupport/workflow_support_test.go
@@ -5,7 +5,7 @@ import (
 	"log"
 	"testing"
 
-	"github.com/hexa-org/policy-orchestrator/pkg/workflowsupport"
+	"github.com/hexa-org/policy-orchestrator/demo/pkg/workflowsupport"
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/project.toml b/demo/project.toml
similarity index 100%
rename from project.toml
rename to demo/project.toml
diff --git a/go.mod b/go.mod
deleted file mode 100644
index a04548ef..00000000
--- a/go.mod
+++ /dev/null
@@ -1,88 +0,0 @@
-module github.com/hexa-org/policy-orchestrator
-
-go 1.20
-
-// +heroku goVersion go1.20
-
-require (
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.2
-	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement v1.1.1
-	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.1.1
-	github.com/alecthomas/assert/v2 v2.0.3
-	github.com/alecthomas/participle/v2 v2.0.0-beta.5
-	github.com/aws/aws-sdk-go-v2 v1.19.0
-	github.com/aws/aws-sdk-go-v2/config v1.14.0
-	github.com/aws/aws-sdk-go-v2/credentials v1.9.0
-	github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.10.31
-	github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.13.0
-	github.com/aws/aws-sdk-go-v2/service/dynamodb v1.20.1
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.30.0
-	github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f
-	github.com/go-playground/validator/v10 v10.11.2
-	github.com/golang-jwt/jwt v3.2.2+incompatible
-	github.com/google/cel-go v0.13.0
-	github.com/google/uuid v1.3.0
-	github.com/gorilla/mux v1.8.0
-	github.com/gorilla/sessions v1.2.1
-	github.com/hiyosi/hawk v1.0.1
-	github.com/lib/pq v1.10.7
-	github.com/stretchr/testify v1.8.3
-	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
-	google.golang.org/api v0.114.0
-	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1
-	gopkg.in/square/go-jose.v2 v2.6.0
-)
-
-require (
-	cloud.google.com/go/compute v1.19.1 // indirect
-	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.2.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v0.9.0 // indirect
-	github.com/alecthomas/repr v0.1.0 // indirect
-	github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.11.0 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.29 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.6 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.18 // indirect
-	github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.14.15 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.22 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.29 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.21 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.10.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.15.0 // indirect
-	github.com/aws/smithy-go v1.13.5 // indirect
-	github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/go-playground/locales v0.14.1 // indirect
-	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
-	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
-	github.com/googleapis/gax-go/v2 v2.7.1 // indirect
-	github.com/gorilla/securecookie v1.1.1 // indirect
-	github.com/hexops/gotextdiff v1.0.3 // indirect
-	github.com/jmespath/go-jmespath v0.4.0 // indirect
-	github.com/kr/text v0.2.0 // indirect
-	github.com/kylelemons/godebug v1.1.0 // indirect
-	github.com/leodido/go-urn v1.2.1 // indirect
-	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/stoewer/go-strcase v1.2.0 // indirect
-	github.com/stretchr/objx v0.5.0 // indirect
-	go.opencensus.io v0.24.0 // indirect
-	golang.org/x/crypto v0.14.0 // indirect
-	golang.org/x/net v0.17.0 // indirect
-	golang.org/x/oauth2 v0.7.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
-	golang.org/x/text v0.13.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/grpc v1.56.3 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
-)
diff --git a/go.work b/go.work
new file mode 100644
index 00000000..0b4b1e91
--- /dev/null
+++ b/go.work
@@ -0,0 +1,18 @@
+go 1.20
+
+// THIS FILE IS ONLY USED FOR LOCAL DEVELOPMENT
+// THIS FILE IS ALSO USED IN THE github workflows
+// AND SHOULD ONLY EVER BE COMMITTED IF ADDING A NEW MODULE
+// DO NOT PUT ANY LOCAL DEPENDENCIES HERE
+// DO NOT PUT ANY REPLACE STATEMENTS HERE
+
+use (
+	./demo
+	./sdk/core
+	./sdk/provideraws/awscommon
+	./sdk/provideraws/cognitoidp
+	./sdk/provideraws/policystore/dynamodbpolicystore
+)
+
+// DO NOT ADD ANY THING ELSE IN THIS FILE
+// NO REPLACE STATEMENTS
\ No newline at end of file
diff --git a/go.work.sum b/go.work.sum
new file mode 100644
index 00000000..4531f86e
--- /dev/null
+++ b/go.work.sum
@@ -0,0 +1,5 @@
+cloud.google.com/go v0.110.2 h1:sdFPBr6xG9/wkBbfhmUz/JmZC7X6LavQgcrVINrKiVA=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
diff --git a/internal/policysupport/policy_support.go b/internal/policysupport/policy_support.go
deleted file mode 100644
index bb19b7cb..00000000
--- a/internal/policysupport/policy_support.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package policysupport
-
-// todo - longer name used here to simplify a refactoring
-
-type PolicyInfo struct {
-	Meta    MetaInfo     `validate:"required"`
-	Actions []ActionInfo `validate:"required"`
-	Subject SubjectInfo  `validate:"required"`
-	Object  ObjectInfo   `validate:"required"`
-}
-
-type MetaInfo struct {
-	Version string `validate:"required"`
-}
-
-type ActionInfo struct {
-	ActionUri string `validate:"required"`
-}
-
-type SubjectInfo struct {
-	Members []string `validate:"required"`
-}
-
-type ObjectInfo struct {
-	ResourceID string `validate:"required"`
-}
diff --git a/pkg/amazonsupport/amazon_cedar.go b/pkg/amazonsupport/amazon_cedar.go
deleted file mode 100644
index 67d49e52..00000000
--- a/pkg/amazonsupport/amazon_cedar.go
+++ /dev/null
@@ -1,404 +0,0 @@
-package amazonsupport
-
-import (
-	"errors"
-	"fmt"
-	"os"
-	"strings"
-
-	"github.com/alecthomas/participle/v2"
-	"github.com/hexa-org/policy-orchestrator/pkg/googlesupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/hexapolicy"
-)
-
-type CedarPolicyMapper struct {
-	ConditionMapper googlesupport.GoogleConditionMapper
-	Parser          *participle.Parser[CedarPolicies]
-}
-
-func New(nameMap map[string]string) *CedarPolicyMapper {
-	return &CedarPolicyMapper{ConditionMapper: googlesupport.GoogleConditionMapper{NameMapper: hexapolicy.NewNameMapper(nameMap)},
-		Parser: participle.MustBuild[CedarPolicies](participle.CaseInsensitive("permit", "forbid", "unless", "when"))}
-}
-
-func (c *CedarPolicyMapper) ParseCedarBytes(cedarBytes []byte) (*CedarPolicies, error) {
-	cedarAst, err := c.Parser.ParseBytes("", cedarBytes)
-	return cedarAst, err
-}
-
-func (c *CedarPolicyMapper) Name() string {
-	return "cedar"
-}
-
-/*
-MapPolicyToCedar takes an IDQL Policy and maps it to 1 or more Cedar policies. The need for more than one arises because
-IDQL supports multiple subjects where Cedar is limited to 1 Principal and 1 Resource.
-*/
-func (c *CedarPolicyMapper) MapPolicyToCedar(idqlPol hexapolicy.PolicyInfo) ([]*CedarPolicy, error) {
-	cpolicies := make([]*CedarPolicy, 0)
-
-	if len(idqlPol.Subject.Members) == 0 {
-		cpolicy, err := c.mapSimplePolicyToCedar("", idqlPol)
-		if err != nil {
-			return nil, err
-		}
-		cpolicies = append(cpolicies, cpolicy)
-
-		return cpolicies, nil
-	}
-
-	for _, v := range idqlPol.Subject.Members {
-		cpolicy, err := c.mapSimplePolicyToCedar(v, idqlPol)
-		if err != nil {
-			return nil, err
-		}
-		cpolicies = append(cpolicies, cpolicy)
-	}
-	return cpolicies, nil
-}
-
-func mapActionItemToUri(cedarAction string) string {
-	ret := cedarAction
-	if strings.Contains(cedarAction, "::") {
-		ret = "cedar:" + cedarAction
-	}
-	return ret
-}
-
-func mapActionUri(idqlaction string) string {
-	ret := idqlaction
-	if strings.HasPrefix(strings.ToLower(idqlaction), "cedar:") {
-		ret = idqlaction[6:]
-	}
-	return ret
-}
-
-func (c *CedarPolicyMapper) mapActions(actions []hexapolicy.ActionInfo) *ActionExpression {
-	switch len(actions) {
-	case 0:
-		return nil
-	case 1:
-		action := mapActionUri(actions[0].ActionUri)
-
-		return &ActionExpression{
-			Operator: EQUALS,
-			Action:   action,
-		}
-
-	default:
-		cActions := make([]ActionItem, len(actions))
-		for k, v := range actions {
-			actionIden := mapActionUri(v.ActionUri)
-			cActions[k].Item = actionIden
-		}
-		return &ActionExpression{
-			Operator: IN,
-			Actions:  cActions,
-		}
-	}
-}
-
-func isSingular(entityId string) bool {
-	var singleResources = []string{"file", "user", "employee"}
-	lEntityId := strings.ToLower(entityId)
-	for _, v := range singleResources {
-		if strings.HasPrefix(lEntityId, v) {
-			return true
-		}
-	}
-	return false
-}
-
-func mapResourceToObject(res *ResourceExpression) hexapolicy.ObjectInfo {
-	mId := "cedar:" + res.Entity
-	return hexapolicy.ObjectInfo{
-		ResourceID: mId,
-	}
-}
-
-func mapObjectToResource(object hexapolicy.ObjectInfo) *ResourceExpression {
-	id := object.ResourceID
-	if id == "" {
-		return nil
-	}
-	op := IN
-	if isSingular(id) {
-		op = EQUALS
-	}
-
-	mId := id
-	if strings.HasPrefix(strings.ToLower(id), "cedar:") {
-		mId = id[6:]
-	}
-	return &ResourceExpression{
-		Operator: op,
-		Entity:   mId,
-	}
-}
-
-func mapMemberToPrincipal(member string) string {
-	parts := strings.SplitN(member, ":", 2)
-	if len(parts) == 1 {
-		return member
-	}
-	if strings.HasPrefix(parts[1], ":") {
-		return member
-	}
-	return parts[0] + "::" + parts[1]
-}
-
-func mapPrincipalToMember(principal string) string {
-	parts := strings.SplitN(principal, "::", 2)
-	if len(parts) == 1 {
-		return principal
-	}
-
-	return parts[0] + ":" + parts[1]
-}
-
-func (c *CedarPolicyMapper) mapSimplePolicyToCedar(member string, policy hexapolicy.PolicyInfo) (*CedarPolicy, error) {
-	var conds []*ConditionalClause
-	if policy.Condition != nil {
-		operator := WHEN
-		if policy.Condition.Action == "deny" {
-			operator = UNLESS
-		}
-		cel, err := c.ConditionMapper.MapConditionToProvider(*policy.Condition)
-		if err != nil {
-			return nil, err
-		}
-		var cond = ConditionType(cel)
-		conds = append(conds, &ConditionalClause{
-			Type:      operator,
-			Condition: &cond,
-		})
-	}
-
-	var principal *PrincipalExpression
-	switch member {
-	case hexapolicy.SAnyUser, "":
-		principal = nil
-
-	case hexapolicy.SAnyAuth, hexapolicy.SJwtAuth, hexapolicy.SSamlAuth, hexapolicy.SBasicAuth:
-		principal = nil
-		cond := ConditionType("context.authenticated == true")
-		conds = append(conds, &ConditionalClause{
-			Type:      WHEN,
-			Condition: &cond})
-	default:
-		princ := mapMemberToPrincipal(member)
-		lMember := strings.ToLower(member)
-		switch lMember[0:4] {
-		case "user:":
-			principal = &PrincipalExpression{
-				Operator: "==",
-				Entity:   princ,
-			}
-		case "group", "domai":
-			principal = &PrincipalExpression{
-				Operator: "in",
-				Entity:   princ,
-			}
-
-		default:
-			// For now assume all other types are singular so ==
-			principal = &PrincipalExpression{
-				Operator: "==",
-				Entity:   princ,
-			}
-
-		}
-	}
-
-	actions := c.mapActions(policy.Actions)
-	res := mapObjectToResource(policy.Object)
-
-	head := PolicyHead{
-		Principal: principal,
-		Actions:   actions,
-		Resource:  res,
-	}
-
-	return &CedarPolicy{
-		Type:       PERMIT,
-		Head:       &head,
-		Conditions: conds,
-	}, nil
-}
-
-func (c *CedarPolicyMapper) MapHexaPolicies(policies []hexapolicy.PolicyInfo) (map[string]interface{}, error) {
-	pols, err := c.MapPoliciesToCedar(policies)
-	return map[string]interface{}{"cedar": pols}, err
-}
-
-func (c *CedarPolicyMapper) MapToHexaPolicy(cedarpolicies map[string]interface{}) ([]hexapolicy.PolicyInfo, error) {
-	pols := hexapolicy.Policies{
-		Policies: []hexapolicy.PolicyInfo{},
-	}
-	var err error
-	for _, v := range cedarpolicies {
-		switch obj := v.(type) {
-		case CedarPolicies:
-			policies, err := c.MapCedarPoliciesToIdql(&obj)
-			if err == nil && policies != nil {
-				pols.AddPolicies(*policies)
-			}
-
-		case CedarPolicy:
-			policyInfo, err := c.MapCedarPolicyToIdql(&obj)
-			if err == nil && policyInfo != nil {
-				pols.AddPolicy(*policyInfo)
-			}
-
-		case []byte:
-			policies, err := c.ParseAndMapCedarToHexa(obj)
-			if err == nil && policies != nil {
-				pols.AddPolicies(*policies)
-			}
-
-		case string:
-			policies, err := c.ParseFile(obj)
-			if err == nil && policies != nil {
-				pols.AddPolicies(*policies)
-			}
-
-		default:
-			err = errors.New(fmt.Sprintf("Unsupported Cedar input type: %t", obj))
-			break
-		}
-	}
-	return pols.Policies, err
-}
-
-func (c *CedarPolicyMapper) MapPoliciesToCedar(policies []hexapolicy.PolicyInfo) (*CedarPolicies, error) {
-	cpolicies := make([]*CedarPolicy, 0)
-	for _, v := range policies {
-		newPols, err := c.MapPolicyToCedar(v)
-		if err != nil {
-			return nil, err
-		}
-		cpolicies = append(cpolicies, newPols...)
-	}
-
-	return &CedarPolicies{
-		Policies: cpolicies,
-	}, nil
-}
-
-func (c *CedarPolicyMapper) MapCedarPolicyToIdql(policy *CedarPolicy) (*hexapolicy.PolicyInfo, error) {
-
-	var subj hexapolicy.SubjectInfo
-	if policy.Head.Principal == nil {
-		subj = hexapolicy.SubjectInfo{Members: []string{hexapolicy.SAnyUser}}
-	} else {
-		subj = hexapolicy.SubjectInfo{Members: []string{mapPrincipalToMember(policy.Head.Principal.Entity)}}
-	}
-
-	actions := make([]hexapolicy.ActionInfo, 0)
-	if policy.Head.Actions != nil {
-		if policy.Head.Actions.Action != "" {
-			actions = append(actions, hexapolicy.ActionInfo{ActionUri: mapActionItemToUri(policy.Head.Actions.Action)})
-		} else {
-			for _, v := range policy.Head.Actions.Actions {
-				actions = append(actions, hexapolicy.ActionInfo{ActionUri: mapActionItemToUri(v.Item)})
-			}
-		}
-	}
-
-	conditions := make([]string, 0)
-	for _, v := range policy.Conditions {
-		cel := string(*v.Condition)
-		// cel mapper won't tolerate ::
-		if strings.Contains(cel, "::") {
-			cel = strings.ReplaceAll(cel, "Group::\"", "\"Group:")
-			cel = strings.ReplaceAll(cel, "User::\"", "\"User:")
-			cel = strings.ReplaceAll(cel, "Account::\"", "\"Account:")
-			cel = strings.ReplaceAll(cel, "Domain::\"", "\"Domain:")
-			// cel = strings.ReplaceAll(cel, " in ", " co ") // this is just temporary
-		}
-
-		idqlCond, err := c.ConditionMapper.MapProviderToCondition(cel)
-		if err != nil {
-			return nil, err
-		}
-
-		if v.Type == WHEN {
-			conditions = append(conditions, idqlCond.Rule)
-		} else {
-			conditions = append(conditions, "not("+idqlCond.Rule+")")
-		}
-	}
-
-	var condInfo *hexapolicy.ConditionInfo
-	if len(conditions) == 0 {
-		condInfo = nil
-	} else {
-		if len(conditions) == 1 {
-			condInfo = &hexapolicy.ConditionInfo{
-				Rule:   conditions[0],
-				Action: PERMIT,
-			}
-		} else {
-			merge := ""
-			for i, v := range conditions {
-				if i == 0 {
-					merge = "(" + v + ")"
-				} else {
-					if strings.HasPrefix(v, "not") {
-						merge = merge + " && " + v
-					} else {
-						merge = merge + " && (" + v + ")"
-
-					}
-				}
-			}
-			condInfo = &hexapolicy.ConditionInfo{
-				Rule:   merge,
-				Action: PERMIT,
-			}
-		}
-	}
-	obj := hexapolicy.ObjectInfo{}
-	if policy.Head.Resource != nil {
-		obj = mapResourceToObject(policy.Head.Resource)
-	}
-	ret := hexapolicy.PolicyInfo{
-		Meta:      hexapolicy.MetaInfo{Version: "0.5"},
-		Actions:   actions,
-		Subject:   subj,
-		Object:    obj,
-		Condition: condInfo,
-	}
-	return &ret, nil
-}
-
-func (c *CedarPolicyMapper) MapCedarPoliciesToIdql(cedarPols *CedarPolicies) (*hexapolicy.Policies, error) {
-	pols := make([]hexapolicy.PolicyInfo, 0)
-
-	for _, v := range cedarPols.Policies {
-		mapPol, err := c.MapCedarPolicyToIdql(v)
-		if err != nil {
-			return nil, err
-		}
-		pols = append(pols, *mapPol)
-	}
-	return &hexapolicy.Policies{Policies: pols}, nil
-}
-
-func (c *CedarPolicyMapper) ParseFile(filename string) (*hexapolicy.Policies, error) {
-	policyBytes, err := os.ReadFile(filename)
-	if err != nil {
-		return nil, err
-	}
-	return c.ParseAndMapCedarToHexa(policyBytes)
-}
-
-func (c *CedarPolicyMapper) ParseAndMapCedarToHexa(cedarBytes []byte) (*hexapolicy.Policies, error) {
-
-	cedarPols, err := c.ParseCedarBytes(cedarBytes)
-	if err != nil {
-		return nil, err
-	}
-
-	return c.MapCedarPoliciesToIdql(cedarPols)
-}
diff --git a/pkg/amazonsupport/amazon_cedar_test.go b/pkg/amazonsupport/amazon_cedar_test.go
deleted file mode 100644
index cd918ce1..00000000
--- a/pkg/amazonsupport/amazon_cedar_test.go
+++ /dev/null
@@ -1,143 +0,0 @@
-package amazonsupport_test
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"runtime"
-	"testing"
-
-	"github.com/hexa-org/policy-orchestrator/pkg/amazonsupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/hexapolicysupport"
-	"github.com/stretchr/testify/assert"
-)
-
-var cedarMapper = amazonsupport.New(map[string]string{})
-
-func getTestFile(name string) string {
-	_, file, _, _ := runtime.Caller(0)
-	return filepath.Join(file, name)
-}
-
-func TestProduceAndParseCedar(t *testing.T) {
-	var err error
-	policies, err := hexapolicysupport.ParsePolicyFile(getTestFile("../test/data.json"))
-	assert.NoError(t, err, "File %s not parsed", getTestFile("../test/data.json"))
-
-	cedarPols, err := cedarMapper.MapPoliciesToCedar(policies)
-
-	assert.Equal(t, 7, len(cedarPols.Policies), "Should be 5 policies generated")
-
-	fmt.Printf("%v Cedar Policies Returned\n", len(cedarPols.Policies))
-	for k, v := range cedarPols.Policies {
-		fmt.Printf("Policy# %v\n", k)
-		polString := v.String()
-		fmt.Println(polString)
-	}
-
-	res := cedarPols.Policies[0].Head.Resource
-
-	assert.Equal(t, "==", cedarPols.Policies[0].Head.Actions.Operator, "Should be ==")
-	assert.Equal(t, "Action::\"view\"", cedarPols.Policies[0].Head.Actions.Action, "Should be Action::\"view\"")
-	assert.Equal(t, 1, len(cedarPols.Policies[0].Conditions), "Should be 1 condition")
-	assert.Nil(t, res, "Resource should be nil")
-
-}
-
-func TestParserSingle(t *testing.T) {
-
-	file := getTestFile("../test/cedarSingle.txt")
-	cedarBytes, err := os.ReadFile(file)
-	if err != nil {
-		assert.Fail(t, "Error opening cedar test file: "+err.Error())
-	}
-
-	cedarAst, err := cedarMapper.ParseCedarBytes(cedarBytes)
-	if err != nil {
-		fmt.Println(err.Error())
-	}
-	assert.NoError(t, err)
-
-	fmt.Printf("Polcies returned: %v\n", len(cedarAst.Policies))
-
-	fmt.Printf("%v Cedar Policies Returned\n", len(cedarAst.Policies))
-	for k, v := range cedarAst.Policies {
-		fmt.Printf("Policy# %v\n", k)
-		polString := v.String()
-		fmt.Println(polString)
-	}
-
-	assert.Equal(t, 2, len(cedarAst.Policies[0].Head.Actions.Actions), "Should be two actions")
-
-}
-
-func TestParserMulti(t *testing.T) {
-
-	file := getTestFile("../test/cedarMulti.txt")
-	cedarBytes, err := os.ReadFile(file)
-	if err != nil {
-		assert.Fail(t, "Error opening cedar test file: "+err.Error())
-	}
-
-	cedarAst, err := cedarMapper.ParseCedarBytes(cedarBytes)
-	if err != nil {
-		fmt.Println(err.Error())
-	}
-	assert.NoError(t, err)
-
-	fmt.Printf("Polcies returned: %v\n", len(cedarAst.Policies))
-
-	fmt.Printf("%v Cedar Policies Returned\n", len(cedarAst.Policies))
-	for k, v := range cedarAst.Policies {
-		fmt.Printf("Policy# %v\n", k)
-		polString := v.String()
-		fmt.Println(polString)
-	}
-	assert.Equal(t, 4, len(cedarAst.Policies), "Should be 4 policies parsed")
-	assert.Equal(t, 2, len(cedarAst.Policies[0].Head.Actions.Actions), "Should be two actions")
-
-	condString := cedarAst.Policies[3].Conditions[0].String()
-	assert.Contains(t, condString, " true ", "Check boolean not quoted")
-	assert.Contains(t, condString, " < ", "Check less than present")
-}
-
-func TestParserToHexa(t *testing.T) {
-	file := getTestFile("../test/cedarMulti.txt")
-
-	idql, err := cedarMapper.ParseFile(file)
-	if err != nil {
-		assert.NoError(t, err, "error parsing and mapping of cedar bytes")
-
-	}
-
-	condString := idql.Policies[3].Condition.Rule
-	assert.Contains(t, condString, " true", "Check boolean not quoted")
-	assert.Contains(t, condString, " lt ", "Check less than present")
-
-}
-
-func TestGcpMapped(t *testing.T) {
-	file := getTestFile("../test/testGcpIdql.json")
-	policies, err := hexapolicysupport.ParsePolicyFile(file)
-	assert.NoError(t, err)
-
-	cedarPols, err := cedarMapper.MapPoliciesToCedar(policies)
-	assert.NoError(t, err)
-	assert.Equal(t, 7, len(cedarPols.Policies))
-
-}
-
-func TestMultiCond(t *testing.T) {
-	file := getTestFile("../test/cedarMultiCond.txt")
-	idql, err := cedarMapper.ParseFile(file)
-	if err != nil {
-		assert.NoError(t, err, "error parsing and mapping of cedar bytes")
-
-	}
-
-	condString := idql.Policies[0].Condition.Rule
-
-	assert.Equal(t, "(not(resource.tag eq \"private\")) && (resource.type eq \"file\")", condString)
-	fmt.Println(condString)
-
-}
diff --git a/pkg/amazonsupport/amazon_cedar_types.go b/pkg/amazonsupport/amazon_cedar_types.go
deleted file mode 100644
index d559ccc1..00000000
--- a/pkg/amazonsupport/amazon_cedar_types.go
+++ /dev/null
@@ -1,214 +0,0 @@
-package amazonsupport
-
-import (
-	"strings"
-
-	"github.com/alecthomas/participle/v2/lexer"
-)
-
-const (
-	PERMIT string = "permit"
-
-	IN string = "in"
-
-	EQUALS string = "=="
-	WHEN   string = "when"
-	UNLESS string = "unless"
-	TERM   string = ";"
-
-	SPACER string = "    "
-)
-
-type CedarPolicies struct {
-	Policies []*CedarPolicy `parser:"(@@ ';')+"`
-}
-
-type CedarPolicy struct {
-	Type       string               `parser:"@('permit'|'forbid')"`
-	Head       *PolicyHead          `parser:"'(' @@ ')'"`
-	Conditions []*ConditionalClause `parser:"@@*"`
-}
-
-func (c *CedarPolicy) String() string {
-	doc := string(c.Type) + " "
-	doc = doc + c.Head.String()
-	if c.Conditions != nil {
-		for _, v := range c.Conditions {
-			doc = doc + "\n" + v.String()
-
-		}
-	}
-	doc = doc + TERM + "\n"
-	return doc
-}
-
-type PolicyHead struct {
-	Principal *PrincipalExpression `parser:"'principal' @@? ','"` // ser:"'principal' @@? ','"`
-	Actions   *ActionExpression    `parser:"'action' @@? ','"`
-	Resource  *ResourceExpression  `parser:"'resource' @@?"` // `parser:"'resource' @@? "`
-}
-
-func getType(entity string) string {
-	parts := strings.SplitN(entity, "::", 2)
-	if len(parts) < 2 {
-		parts = strings.SplitN(entity, ":", 2)
-	}
-	return parts[0]
-}
-
-func (p *PolicyHead) String() string {
-	doc := "(\n"
-	if p.Principal == nil {
-		doc = doc + SPACER + "principal,\n"
-	} else {
-		pType := getType(p.Principal.Entity)
-		if isSingular(pType) {
-			doc = doc + SPACER + "principal == " + p.Principal.Entity + ",\n"
-		} else {
-			doc = doc + SPACER + "principal in " + p.Principal.Entity + ",\n"
-		}
-
-	}
-
-	if p.Actions == nil {
-		doc = doc + SPACER + "action,\n"
-	} else {
-		doc = doc + SPACER + "action " + p.Actions.String() + ",\n"
-	}
-
-	if p.Resource == nil {
-		doc = doc + SPACER + "resource\n"
-	} else {
-		rType := getType(p.Resource.Entity)
-		if isSingular(rType) {
-			doc = doc + SPACER + "resource == " + p.Resource.Entity + "\n"
-		} else {
-			doc = doc + SPACER + "resource in " + p.Resource.Entity + "\n"
-		}
-	}
-	return doc + ")"
-}
-
-type ConditionType string
-
-func (c *ConditionType) Parse(lex *lexer.PeekingLexer) error {
-	buf := strings.Builder{}
-	isDouble := false
-	tok := lex.RawPeek()
-	for {
-		if !isDouble {
-			tok = lex.RawPeek()
-		} else {
-			isDouble = false
-		}
-		if tok.Value == "{" {
-			lex.Next()
-			tok = lex.Peek()
-		}
-
-		if tok.EOF() {
-			break
-		}
-		val := tok.String()
-
-		if val == "}" {
-			lex.Next()
-			break
-		}
-
-		switch val {
-		case "in":
-			buf.WriteString(" " + val + " ")
-		case "&", "|", ",", "<", ">", "=":
-			lex.Next()
-			tok = lex.RawPeek()
-			switch tok.String() {
-			case "&", "|", ",", "<", ">", "=":
-				buf.WriteString(" " + val + tok.String() + " ")
-			default:
-				buf.WriteString(" " + val + " ")
-				isDouble = true
-			}
-
-		default:
-			buf.WriteString(val)
-		}
-		if !isDouble {
-			lex.Next()
-		}
-
-	}
-	expr := buf.String()
-	// fmt.Println(expr)
-	*c = ConditionType(expr)
-	return nil
-}
-
-type ConditionalClause struct {
-	Type string `parser:"@('when'|'unless')"`
-	// Condition string `parser:"'{'@(Ident|String|' '|':'|'.'|'='|'&')+'}'"`
-	// Condition string `parser:"'{' @(~'}' ' '*)+ '}'"`
-	Condition *ConditionType `parser:"@@"`
-}
-
-func (c *ConditionalClause) String() string {
-	cond := string(*c.Condition)
-	if c.Type == WHEN {
-		return "when { " + cond + " }"
-	}
-	return "unless { " + cond + " }"
-}
-
-type PrincipalExpression struct {
-	Operator string `parser:"@('=''='|'in'|'IN')"` // `@("=" "="|"in"|"IN")`
-	// Operator string `parser:"@('=='|'in'|'IN')"`
-	Entity string `parser:"@(Ident|':'|String)+"`
-}
-
-func (e *PrincipalExpression) String() string {
-	if e.Operator == EQUALS {
-		return "== " + e.Entity
-	}
-	return "in [" + e.Entity + "]"
-}
-
-type ResourceExpression struct {
-	Operator string `parser:"@('=''='|'in'|'IN')"`
-	// Operator string `parser:"@('=='|'in'|'IN')"`
-	Entity string `parser:"@(Ident|':'|String)+"`
-}
-
-func (e *ResourceExpression) String() string {
-	if e.Operator == EQUALS {
-		return "== " + e.Entity
-	}
-	return "in [" + e.Entity + "]"
-}
-
-type ActionItem struct {
-	Item string `parser:"@(Ident|':'|String)+"`
-}
-
-type ActionExpression struct {
-	Operator string       `parser:"@('=''='|'in')"` // @("=" "="|"in"|"IN")`
-	Actions  []ActionItem `parser:"('[' (@@ ','? )* ']')?"`
-	Action   string       `parser:"(@(Ident|':'|String)+)?"`
-}
-
-func (a *ActionExpression) String() string {
-
-	if a.Operator == EQUALS {
-		return "== " + a.Action
-	}
-
-	listString := ""
-	for k, v := range a.Actions {
-		if k == 0 {
-			listString = v.Item
-
-		} else {
-			listString = listString + ", " + v.Item
-		}
-	}
-	return "in [" + listString + "]"
-}
diff --git a/pkg/amazonsupport/amazon_cedar_types_test.go b/pkg/amazonsupport/amazon_cedar_types_test.go
deleted file mode 100644
index 57bc4b8e..00000000
--- a/pkg/amazonsupport/amazon_cedar_types_test.go
+++ /dev/null
@@ -1 +0,0 @@
-package amazonsupport_test
diff --git a/pkg/amazonsupport/test/cedarMulti.txt b/pkg/amazonsupport/test/cedarMulti.txt
deleted file mode 100644
index d5101785..00000000
--- a/pkg/amazonsupport/test/cedarMulti.txt
+++ /dev/null
@@ -1,18 +0,0 @@
-permit(
-principal == User::"bob",
-action in [Action::"view", Action::"comment"], resource in Photo::"trip"
-) unless{
-resource.tag == "private" };
-
-permit(
-principal == User::"cat",
-action in [Action::"view", Action::"comment"], resource in Doc::"sales"
-) when{
-resource.tag.contains("private") || resource.tag.contains("confidential") };
-
-forbid(principal, action, resource) unless{
-principal in Group::"family" };
-
-permit(principal, action == Action::"remoteAccess", resource) when {
-principal.numberOfLaptops < 5 &&
-principal.jobLevel > 6 && principal.active == true };
\ No newline at end of file
diff --git a/pkg/amazonsupport/test/cedarMultiCond.txt b/pkg/amazonsupport/test/cedarMultiCond.txt
deleted file mode 100644
index 65861a35..00000000
--- a/pkg/amazonsupport/test/cedarMultiCond.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-permit(
-principal == User::"bob",
-action in [Action::"view", Action::"comment"],
-resource in Photo::"trip"
-) unless{
-resource.tag == "private" }
-when{ resource.type == "file"};
\ No newline at end of file
diff --git a/pkg/amazonsupport/test/cedarSingle.txt b/pkg/amazonsupport/test/cedarSingle.txt
deleted file mode 100644
index 04a86df6..00000000
--- a/pkg/amazonsupport/test/cedarSingle.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-permit(
-principal == User::"bob",
-action in [Action::"view", Action::"comment"],
-resource in Photo::"trip"
-) unless{
-resource.tag == "private" };
\ No newline at end of file
diff --git a/pkg/amazonsupport/test/data.json b/pkg/amazonsupport/test/data.json
deleted file mode 100644
index 997c4d43..00000000
--- a/pkg/amazonsupport/test/data.json
+++ /dev/null
@@ -1,91 +0,0 @@
-{
-  "policies": [
-    {
-      "Meta": {
-        "Version": "0.5"
-      },
-      "Actions": [
-        {
-          "ActionUri": "cedar:Action::\"view\""
-        }
-      ],
-      "Subject": {
-        "Members": [
-          "User:\"stacey\""
-        ]
-      },
-      "Object": {
-        "resource_id": ""
-      },
-      "Condition": {
-        "Rule": "resource in \"Account:stacey\"",
-        "Action": "permit"
-      }
-    },
-    {
-      "meta": {"version": "0.5"},
-      "actions": [{"actionUri": "cedar:Action::ReadFile"},{"actionuri": "cedar:Action::ListFiles"}],
-      "subject": {
-        "members": [
-          "any"
-        ]
-      },
-      "condition": {
-        "rule": "action.isReadOperation eq true",
-        "action": "allow"
-      },
-      "object": {
-        "resource_id": "Folder::3b276b13858d46839d8cbfb45e5c6c2a"
-      }
-    },
-    {
-      "meta": {"version": "0.5"},
-      "actions": [{"actionUri": "cedar:Action::writeFile"}],
-      "subject": {
-        "members": [
-          "anyAuthenticated",
-          "User:sales@hexaindustries.io",
-          "Group:marketing@hexaindustries.io"
-        ]
-      },
-      "object": {
-        "resource_id": "File::ec37b3b17a1e4ae08a641dcd9d915535"
-      }
-    },
-    {
-      "meta": {"version": "0.5"},
-      "actions": [{"actionUri": "cedar:Action::ReadFile"},{"actionUri": "cedar:Action::ListFiles"}],
-      "subject": {
-        "members": [
-          "User:accounting@hexaindustries.io"
-        ]
-      },
-      "condition": {
-        "rule": "context.sourceIp eq \"192.158.1.38\" and context.http.method eq GET",
-        "action": "allow"
-      },
-      "object": {
-        "resource_id": "Folder::900af98fc3ab47cbaa982d94da7c90e3"
-      }
-    },
-    {
-      "Meta": {
-        "Version": "0.5"
-      },
-      "Actions": [
-        {
-          "ActionUri": "cedar:Action::\"view\""
-        }
-      ],
-      "Subject": {
-        "Members": [
-          "User:\"alice\""
-        ]
-      },
-      "Object": {
-        "resource_id": "cedar:Photo::\"VacationPhoto94.jpg\""
-      }
-    }
-
-  ]
-}
\ No newline at end of file
diff --git a/pkg/amazonsupport/test/testGcpIdql.json b/pkg/amazonsupport/test/testGcpIdql.json
deleted file mode 100644
index fef67459..00000000
--- a/pkg/amazonsupport/test/testGcpIdql.json
+++ /dev/null
@@ -1,69 +0,0 @@
-[
-  {
-    "Meta": {
-      "Version": "0.5"
-    },
-    "Actions": null,
-    "Subject": {
-      "Members": [
-        "allusers",
-        "allauthenticated"
-      ]
-    },
-    "Object": {
-      "resource_id": "aResourceId1"
-    },
-    "Condition": {
-      "Rule": "req.ip sw 127 and req.method eq \"POST\"",
-      "Action": "allow"
-    }
-  },
-  {
-    "Meta": {
-      "Version": "0.5"
-    },
-    "Actions": null,
-    "Subject": {
-      "Members": [
-        "humanresources@hexaindustries.io"
-      ]
-    },
-    "Object": {
-      "resource_id": "aResourceId1"
-    }
-  },
-  {
-    "Meta": {
-      "Version": "0.5"
-    },
-    "Actions": null,
-    "Subject": {
-      "Members": [
-        "allauthenticated",
-        "sales@hexaindustries.io",
-        "marketing@hexaindustries.io"
-      ]
-    },
-    "Object": {
-      "resource_id": "aResourceId2"
-    }
-  },
-  {
-    "Meta": {
-      "Version": "0.5"
-    },
-    "Actions": null,
-    "Subject": {
-      "Members": [
-        "accounting@hexaindustries.io"
-      ]
-    },
-    "Object": {
-      "resource_id": "aResourceId3"
-    },
-    "Condition": {
-      "Rule": "req.ip sw 127 and req.method eq \"POST\"",
-      "Action": "allow"
-    }
-  }
-]
diff --git a/pkg/filtersupport/parser.go b/pkg/filtersupport/parser.go
deleted file mode 100644
index a9e3ab1b..00000000
--- a/pkg/filtersupport/parser.go
+++ /dev/null
@@ -1,404 +0,0 @@
-package filtersupport
-
-import (
-	"errors"
-
-	"strings"
-)
-
-func ParseFilter(expression string) (*Expression, error) {
-	return parseFilterSub(expression, "")
-}
-
-func parseFilterSub(expression string, parentAttr string) (*Expression, error) {
-	bracketCount := 0
-	bracketIndex := -1
-	valPathCnt := 0
-	vPathStartIndex := -1
-	wordIndex := -1
-	var clauses []*Expression
-	cond := ""
-
-	isLogic := false
-	isAnd := false
-	isNot := false
-	isAttr := false
-	attr := ""
-	isExpr := false
-	isValue := false
-	value := ""
-	isQuote := false
-
-	expRunes := []rune(expression)
-	var charPos int
-	for charPos = 0; charPos < len(expRunes); charPos++ {
-
-		c := expRunes[charPos]
-		switch c {
-		case '(':
-			if isQuote || isValue {
-				break
-			}
-			bracketCount++
-			if bracketCount == 1 {
-				bracketIndex = charPos
-			}
-			charPos++
-			quotedBracket := false
-			for charPos < len(expRunes) && bracketCount > 0 {
-				cc := expRunes[charPos]
-				switch cc {
-				case '"':
-					quotedBracket = !quotedBracket
-					break
-				case '(':
-					if quotedBracket {
-						break
-					}
-					bracketCount++
-					break
-				case ')':
-					//ignore brackets in values
-					if quotedBracket {
-						break
-					}
-					bracketCount--
-					if bracketCount == 0 {
-						subExpression := expression[bracketIndex+1 : charPos]
-						subFilter, err := parseFilterSub(subExpression, parentAttr)
-						if err != nil {
-							return nil, err
-						}
-						var filter Expression
-						sFilter := *subFilter
-						switch sFilter.(type) {
-						case AttributeExpression:
-
-							if isNot {
-								filter = NotExpression{
-									Expression: sFilter,
-								}
-							} else {
-								filter = PrecedenceExpression{Expression: sFilter}
-							}
-							clauses = append(clauses, &filter)
-
-						default:
-							if isNot {
-								filter = NotExpression{Expression: sFilter}
-								clauses = append(clauses, &filter)
-							} else {
-								filter = PrecedenceExpression{Expression: sFilter}
-								clauses = append(clauses, &filter)
-							}
-						}
-						bracketIndex = -1
-					}
-
-				}
-				if bracketCount > 0 {
-					charPos++
-				}
-			}
-			break
-		case '[':
-			if isQuote || isValue {
-				break
-			}
-			valPathCnt++
-			if valPathCnt == 1 {
-				vPathStartIndex = charPos
-			}
-			charPos++
-			quotedSqBracket := false
-			for charPos < len(expression) && valPathCnt > 0 {
-				cc := expRunes[charPos]
-				switch cc {
-				case '"':
-					quotedSqBracket = !quotedSqBracket
-					break
-				case '[':
-					if quotedSqBracket {
-						break
-					}
-					if valPathCnt >= 1 {
-						return nil, errors.New("invalid IDQL filter: A second '[' was detected while looking for a ']' in a value path filter")
-					}
-					valPathCnt++
-					break
-				case ']':
-					if quotedSqBracket {
-						break
-					}
-					valPathCnt--
-					if valPathCnt == 0 {
-						name := expression[wordIndex:vPathStartIndex]
-						valueFilterStr := expression[vPathStartIndex+1 : charPos]
-						subExpression, err := parseFilterSub(valueFilterStr, "")
-						if err != nil {
-							return nil, err
-						}
-						var filter Expression
-						filter = ValuePathExpression{
-							Attribute:   name,
-							VPathFilter: *subExpression,
-						}
-						clauses = append(clauses, &filter)
-
-						// This code checks for text after ] ... in future attr[type eq value].subattr may be permissible
-						if charPos+1 < len(expression) && expRunes[charPos+1] != ' ' {
-							return nil, errors.New("invalid IDQL filter: expecting space after ']' in value path expression")
-							/*
-								charPos++
-								for charPos < len(expression) && expRunes[charPos] != ' ' {
-									charPos++
-								}
-							*/
-						}
-						// reset for the next phrase
-						vPathStartIndex = -1
-						wordIndex = -1
-						isAttr = false
-					}
-				default:
-				}
-				// only increment if we are still processing ( ) phrases
-				if valPathCnt > 0 {
-					charPos++
-				}
-			}
-			if charPos == len(expression) && valPathCnt > 0 {
-				return nil, errors.New("invalid IDQL filter: Missing close ']' bracket")
-			}
-			break
-
-		case ' ':
-			if isQuote {
-				break
-			}
-			// end of phrase
-			if wordIndex > -1 {
-				phrase := expression[wordIndex:charPos]
-				if strings.EqualFold(phrase, "or") || strings.EqualFold(phrase, "and") {
-					isLogic = true
-					isAnd = strings.EqualFold(phrase, "and")
-					wordIndex = -1
-					break
-				}
-				if isAttr && attr == "" {
-					attr = phrase
-					wordIndex = -1
-				} else {
-					if isExpr && cond == "" {
-						cond = phrase
-						wordIndex = -1
-						if strings.EqualFold(cond, "pr") {
-							var attrFilter Expression
-							attrFilter = AttributeExpression{
-								AttributePath: attr,
-								Operator:      CompareOperator("pr"),
-							}
-							attr = ""
-							isAttr = false
-							cond = ""
-							isExpr = false
-							isValue = false
-							clauses = append(clauses, &attrFilter)
-						}
-					} else {
-						if isValue {
-							value = phrase
-							if strings.HasSuffix(value, ")") && bracketCount == 0 {
-								return nil, errors.New("invalid IDQL filter: Missing open '(' bracket")
-							}
-							if strings.HasPrefix(value, "\"") && strings.HasSuffix(value, "\"") {
-								value = value[1 : len(value)-1]
-							}
-							wordIndex = -1
-							filterAttr := attr
-							if parentAttr != "" {
-								filterAttr = parentAttr + "." + attr
-							}
-
-							var attrFilter Expression
-							attrFilter, err := createExpression(filterAttr, cond, value)
-							if err != nil {
-								return nil, err
-							}
-
-							attr = ""
-							isAttr = false
-							cond = ""
-							isExpr = false
-							isValue = false
-							clauses = append(clauses, &attrFilter)
-							break
-						}
-					}
-				}
-			}
-			break
-		case ')':
-			if isQuote || isValue {
-				break
-			}
-			if bracketCount == 0 {
-				return nil, errors.New("invalid IDQL filter: Missing open '(' bracket")
-			}
-			break
-		case ']':
-			if isQuote || isValue {
-				break
-			}
-			if valPathCnt == 0 {
-				return nil, errors.New("invalid IDQL filter: Missing open '[' bracket")
-			}
-		case 'n', 'N':
-			if !isValue {
-				if charPos+3 < len(expression) &&
-					strings.EqualFold(expression[charPos:charPos+3], "not") {
-					isNot = true
-					charPos = charPos + 2
-					break
-				}
-			}
-
-			// we want this to fall through to default in case it is an attribute starting with n
-			if wordIndex == -1 {
-				wordIndex = charPos
-			}
-			if !isAttr {
-				isAttr = true
-			} else {
-				if !isExpr && attr != "" {
-					isExpr = true
-				} else {
-					if !isValue && cond != "" {
-						isValue = true
-					}
-				}
-			}
-			break
-		default:
-			if c == '"' {
-				isQuote = !isQuote
-			}
-			if wordIndex == -1 {
-				wordIndex = charPos
-			}
-			if !isAttr {
-				isAttr = true
-			} else {
-				if !isExpr && attr != "" {
-					isExpr = true
-				} else {
-					if !isValue && cond != "" {
-						isValue = true
-					}
-				}
-			}
-		}
-		// combine logic here
-		if isLogic && len(clauses) == 2 {
-			var oper LogicalOperator
-			if isAnd {
-				oper = "and"
-			} else {
-				oper = "or"
-			}
-			var filter Expression
-			filter = LogicalExpression{
-				Operator: oper,
-				Left:     *clauses[0],
-				Right:    *clauses[1],
-			}
-			clauses = []*Expression{}
-			clauses = append(clauses, &filter)
-			isLogic = false
-		}
-	}
-
-	if bracketCount > 0 {
-		return nil, errors.New("invalid IDQL filter: Missing close ')' bracket")
-	}
-	if valPathCnt > 0 {
-		return nil, errors.New("invalid IDQL filter: Missing ']' bracket")
-	}
-	if wordIndex > -1 && charPos == len(expression) {
-		filterAttr := attr
-		if parentAttr != "" {
-			filterAttr = parentAttr + "." + attr
-		}
-		if filterAttr == "" {
-			return nil, errors.New("invalid IDQL filter: Incomplete expression")
-		}
-		if isAttr && cond != "" {
-			value = expression[wordIndex:]
-			if strings.HasSuffix(value, ")") && bracketCount == 0 {
-				return nil, errors.New("invalid IDQL filter: Missing open '(' bracket")
-			}
-			if strings.HasPrefix(value, "\"") && strings.HasSuffix(value, "\"") {
-				value = value[1 : len(value)-1]
-			}
-			var filter Expression
-			filter, err := createExpression(filterAttr, cond, value)
-			if err != nil {
-				return nil, err
-			}
-			clauses = append(clauses, &filter)
-		} else {
-			// a presence match at the end of the filter string
-			if isAttr {
-				cond = expression[wordIndex:]
-			}
-			var filter Expression
-			filter = AttributeExpression{
-				AttributePath: filterAttr,
-				Operator:      CompareOperator("pr"),
-			}
-			clauses = append(clauses, &filter)
-
-		}
-	}
-
-	if isLogic && len(clauses) == 2 {
-		var oper LogicalOperator
-		if isAnd {
-			oper = "and"
-		} else {
-			oper = "or"
-		}
-		var filter Expression
-		filter = LogicalExpression{
-			Operator: oper,
-			Left:     *clauses[0],
-			Right:    *clauses[1],
-		}
-		clauses = []*Expression{}
-		clauses = append(clauses, &filter)
-
-		return &filter, nil
-	}
-	if len(clauses) == 1 {
-		return clauses[0], nil
-	}
-
-	return nil, errors.New("invalid IDQL filter: Missing and/or clause")
-}
-
-func createExpression(attribute string, cond string, value string) (AttributeExpression, error) {
-	lCond := strings.ToLower(cond)
-	var attrFilter AttributeExpression
-	switch CompareOperator(lCond) {
-	case EQ, NE, SW, EW, GT, LT, GE, LE, CO, IN:
-		attrFilter = AttributeExpression{
-			AttributePath: attribute,
-			Operator:      CompareOperator(strings.ToLower(cond)),
-			CompareValue:  value,
-		}
-
-	default:
-		return AttributeExpression{}, errors.New("invalid IDQL filter: Unsupported comparison operator: " + cond)
-	}
-	return attrFilter, nil
-}
diff --git a/pkg/filtersupport/parser_test.go b/pkg/filtersupport/parser_test.go
deleted file mode 100644
index f2e3f671..00000000
--- a/pkg/filtersupport/parser_test.go
+++ /dev/null
@@ -1,167 +0,0 @@
-package filtersupport_test
-
-import (
-	"fmt"
-	"testing"
-
-	"github.com/hexa-org/policy-orchestrator/pkg/filtersupport"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestParseFilter(t *testing.T) {
-	examples := [][2]string{
-		{"title pr"},
-		{"name pr and userName pr and title pr"},
-		{"name.familyName co \"O'Malley\""},
-		{"(userName eq \"bjensen\")"},
-		{"userName   eq  \"bjensen\"", "userName eq \"bjensen\""},
-		{"level gt 12"},
-		{"level gt 12.3"},
-		{"level eq 123.45e-5"},
-		{"emails.type eq \"w o(rk)\""},
-		{"userName Eq \"bjensen\"", "userName eq \"bjensen\""},
-		{"((userName eq A) or (username eq \"B\")) or username eq C", "((userName eq \"A\") or (username eq \"B\")) or username eq \"C\""},
-		{"((userName eq A or username eq \"B\") or (username eq C))", "((userName eq \"A\" or username eq \"B\") or (username eq \"C\"))"},
-		{"userName sw \"J\""},
-		{"urn:ietf:params:scim:schemas:core:2.0:User:userName sw \"J\""},
-
-		{"meta.lastModified gt \"2011-05-13T04:42:34Z\""},
-		{"meta.lastModified ge \"2011-05-13T04:42:34Z\""},
-		{"meta.lastModified lt \"2011-05-13T04:42:34Z\""},
-		{"meta.lastModified le \"2011-05-13T04:42:34Z\""},
-		{"title pr and userType eq \"Employee\""},
-		{"title pr or userType eq \"Intern\""},
-		{"schemas eq \"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User\""},
-
-		{"userType eq \"Employee\" and (emails.type eq \"work\")"},
-		{"userType eq \"Employee\" and emails[type eq \"work\" and value co \"@example.com\"]"},
-		{"userType eq \"Employee\" and (emails co \"example.com\" or emails.value co \"example.org\")"},
-		{"userType ne \"Employee\" and not (emails co \"example.com\" or emails.value co \"example.org\")"},
-		{"emails[type eq \"work\" and value co \"@example.com\"] or ims[type eq \"xmpp\" and value co \"@foo.com\"]"},
-
-		{"name pr and not (first eq \"test\") and another ne \"test\""},
-		{"NAME PR AND NOT (FIRST EQ \"t[es]t\") AND ANOTHER NE \"test\"", "NAME pr and not (FIRST eq \"t[es]t\") and ANOTHER ne \"test\""},
-		{"name pr or userName pr or title pr"},
-		{"emails[type eq work and value ew \"h[exa].org\"]", "emails[type eq \"work\" and value ew \"h[exa].org\"]"},
-	}
-	for _, example := range examples {
-		t.Run(example[0], func(t *testing.T) {
-			fmt.Println(fmt.Sprintf("Input:\t%s", example[0]))
-			ast, err := filtersupport.ParseFilter(example[0])
-			assert.NoError(t, err, "Example not parsed: "+example[0])
-			element := *ast
-			out := element.String()
-			fmt.Println(fmt.Sprintf("Parsed:\t%s", out))
-			match := example[1]
-			if match == "" {
-				match = example[0]
-			}
-			assert.Equal(t, match, out, "Check expected result matches: %s", match)
-		})
-	}
-}
-
-func TestNegParseTests(t *testing.T) {
-	ast, err := filtersupport.ParseFilter("username == blah")
-	if err != nil {
-		fmt.Println(err.Error())
-		assert.EqualError(t, err, "invalid IDQL filter: Unsupported comparison operator: ==")
-	}
-
-	assert.Nil(t, ast, "No filter should be parsed")
-
-	ast, err = filtersupport.ParseFilter("((username pr or quota eq 0) and black eq white")
-	if err != nil {
-		fmt.Println(err.Error())
-		assert.EqualError(t, err, "invalid IDQL filter: Missing close ')' bracket")
-	}
-
-	assert.Nil(t, ast, "No filter should be parsed")
-
-	ast, err = filtersupport.ParseFilter("username pr or quota eq \"none\") and black eq white")
-	if err != nil {
-		fmt.Println(err.Error())
-		assert.EqualError(t, err, "invalid IDQL filter: Missing open '(' bracket")
-	}
-	assert.Nil(t, ast, "No filter should be parsed")
-
-	ast, err = filtersupport.ParseFilter("username eq \"none\")")
-	if err != nil {
-		fmt.Println(err.Error())
-		assert.EqualError(t, err, "invalid IDQL filter: Missing open '(' bracket")
-	}
-	assert.Nil(t, ast, "No filter should be parsed")
-
-	ast, err = filtersupport.ParseFilter("username eq \"none\" and")
-	if err != nil {
-		fmt.Println(err.Error())
-		assert.EqualError(t, err, "invalid IDQL filter: Incomplete expression")
-	}
-	assert.Nil(t, ast, "No filter should be parsed")
-
-	ast, err = filtersupport.ParseFilter("username eq \"none\" or abc")
-	if err != nil {
-		fmt.Println(err.Error())
-		assert.EqualError(t, err, "invalid IDQL filter: Incomplete expression")
-	}
-	assert.Nil(t, ast, "No filter should be parsed")
-
-	// The following test is poorly formed. Expression should be emails[type eq work and value ew "hexa.org"]
-	ast, err = filtersupport.ParseFilter("emails[type eq work] ew \"hexa.org\"")
-	if err != nil {
-		fmt.Println(err.Error())
-		assert.EqualError(t, err, "invalid IDQL filter: Missing and/or clause")
-	}
-	assert.Nil(t, ast, "No filter should be parsed")
-
-	ast, err = filtersupport.ParseFilter("emails[type eq work and value ew \"hexa.org\"")
-	if err != nil {
-		fmt.Println(err.Error())
-		assert.EqualError(t, err, "invalid IDQL filter: Missing close ']' bracket")
-	}
-	assert.Nil(t, ast, "No filter should be parsed")
-
-	ast, err = filtersupport.ParseFilter("emails[type[sub eq val] eq work and value ew \"hexa.org\"")
-	if err != nil {
-		fmt.Println(err.Error())
-		assert.EqualError(t, err, "invalid IDQL filter: A second '[' was detected while looking for a ']' in a value path filter")
-	}
-	assert.Nil(t, ast, "No filter should be parsed")
-
-	// This checks if a sufFilter expression is invalid
-	ast, err = filtersupport.ParseFilter("(username == \"malformed\")")
-	if err != nil {
-		fmt.Println(err.Error())
-		assert.EqualError(t, err, "invalid IDQL filter: Unsupported comparison operator: ==")
-	}
-	assert.Nil(t, ast, "No filter should be parsed")
-
-	// .value is not currently supported
-	ast, err = filtersupport.ParseFilter("emails[type eq val].value eq work")
-	if err != nil {
-		fmt.Println(err.Error())
-		assert.EqualError(t, err, "invalid IDQL filter: expecting space after ']' in value path expression")
-	}
-	assert.Nil(t, ast, "No filter should be parsed")
-
-	ast, err = filtersupport.ParseFilter("emails.type] eq work")
-	if err != nil {
-		fmt.Println(err.Error())
-		assert.EqualError(t, err, "invalid IDQL filter: Missing open '[' bracket")
-	}
-	assert.Nil(t, ast, "No filter should be parsed")
-
-	ast, err = filtersupport.ParseFilter("emails.type) eq work and a eq b")
-	if err != nil {
-		fmt.Println(err.Error())
-		assert.EqualError(t, err, "invalid IDQL filter: Missing open '(' bracket")
-	}
-	assert.Nil(t, ast, "No filter should be parsed")
-
-	ast, err = filtersupport.ParseFilter("emails[type == work] and a eq b")
-	if err != nil {
-		fmt.Println(err.Error())
-		assert.EqualError(t, err, "invalid IDQL filter: Unsupported comparison operator: ==")
-	}
-	assert.Nil(t, ast, "No filter should be parsed")
-}
diff --git a/pkg/filtersupport/types.go b/pkg/filtersupport/types.go
deleted file mode 100644
index d1b084bb..00000000
--- a/pkg/filtersupport/types.go
+++ /dev/null
@@ -1,115 +0,0 @@
-package filtersupport
-
-import (
-	"fmt"
-	"regexp"
-	"strings"
-)
-
-const (
-	// PR is an abbreviation for 'present'.
-	PR CompareOperator = "pr"
-	// EQ is an abbreviation for 'equals'.
-	EQ CompareOperator = "eq"
-	// NE is an abbreviation for 'not equals'.
-	NE CompareOperator = "ne"
-	// CO is an abbreviation for 'contains'.
-	CO CompareOperator = "co"
-	// IN is an abbreviation for 'in'.
-	IN CompareOperator = "in"
-	// SW is an abbreviation for 'starts with'.
-	SW CompareOperator = "sw"
-	// EW an abbreviation for 'ends with'.
-	EW CompareOperator = "ew"
-	// GT is an abbreviation for 'greater than'.
-	GT CompareOperator = "gt"
-	// LT is an abbreviation for 'less than'.
-	LT CompareOperator = "lt"
-	// GE is an abbreviation for 'greater or equal than'.
-	GE CompareOperator = "ge"
-	// LE is an abbreviation for 'less or equal than'.
-	LE CompareOperator = "le"
-
-	// AND is the logical operation and (&&).
-	AND LogicalOperator = "and"
-	// OR is the logical operation or (||).
-	OR LogicalOperator = "or"
-)
-
-type CompareOperator string
-
-type LogicalOperator string
-
-type Expression interface {
-	exprNode()
-	String() string
-}
-
-type LogicalExpression struct {
-	Operator    LogicalOperator
-	Left, Right Expression
-}
-
-func (LogicalExpression) exprNode() {}
-func (e LogicalExpression) String() string {
-	return fmt.Sprintf("%s %s %s", e.Left.String(), e.Operator, e.Right.String())
-}
-
-type NotExpression struct {
-	Expression Expression
-}
-
-func (e NotExpression) String() string {
-	return fmt.Sprintf("not (%s)", e.Expression.String())
-}
-
-func (NotExpression) exprNode() {}
-
-type PrecedenceExpression struct {
-	Expression Expression
-}
-
-func (PrecedenceExpression) exprNode() {}
-
-func (e PrecedenceExpression) String() string {
-	return fmt.Sprintf("(%s)", e.Expression.String())
-}
-
-type AttributeExpression struct {
-	AttributePath string
-	Operator      CompareOperator
-	CompareValue  string
-}
-
-func (AttributeExpression) exprNode() {}
-
-func (e AttributeExpression) String() string {
-	if e.Operator == "pr" {
-		return fmt.Sprintf("%s pr", e.AttributePath)
-	}
-
-	isNumber, _ := regexp.MatchString("^[-+]?[0-9]+[.]?[0-9]*([eE][-+]?[0-9]+)?$", e.CompareValue)
-	if isNumber {
-		// Numbers are not quoted
-		return fmt.Sprintf("%s %s %v", e.AttributePath, e.Operator, e.CompareValue)
-	}
-
-	// Check boolean
-	lVal := strings.ToLower(e.CompareValue)
-	if lVal == "true" || lVal == "false" {
-		return fmt.Sprintf("%s %s %v", e.AttributePath, e.Operator, lVal)
-	}
-
-	// treat as string
-	return fmt.Sprintf("%s %s \"%s\"", e.AttributePath, e.Operator, e.CompareValue)
-}
-
-type ValuePathExpression struct {
-	Attribute   string
-	VPathFilter Expression
-}
-
-func (ValuePathExpression) exprNode() {}
-func (e ValuePathExpression) String() string {
-	return fmt.Sprintf("%s[%s]", e.Attribute, e.VPathFilter.String())
-}
diff --git a/pkg/googlesupport/google_bind_policy.go b/pkg/googlesupport/google_bind_policy.go
deleted file mode 100644
index 361d78a2..00000000
--- a/pkg/googlesupport/google_bind_policy.go
+++ /dev/null
@@ -1,271 +0,0 @@
-package googlesupport
-
-import (
-	"encoding/json"
-	"fmt"
-	"os"
-	"strings"
-
-	"github.com/hexa-org/policy-orchestrator/pkg/hexapolicy"
-	"google.golang.org/api/iam/v1"
-)
-
-type GooglePolicyMapper struct {
-	conditionMapper GoogleConditionMapper
-}
-
-/*
-BindAssignment is an array of GCP Bindings combined with a resource identifier.
-*/
-type BindAssignment struct {
-	ResourceId string        `json:"resource_id"`
-	Bindings   []iam.Binding `json:"bindings"`
-}
-
-func New(nameMap map[string]string) *GooglePolicyMapper {
-	return &GooglePolicyMapper{conditionMapper: GoogleConditionMapper{NameMapper: hexapolicy.NewNameMapper(nameMap)}}
-}
-
-func (m *GooglePolicyMapper) Name() string {
-	return "bind"
-}
-
-func (m *GooglePolicyMapper) MapBindingAssignmentsToPolicy(bindAssignments []*BindAssignment) ([]hexapolicy.PolicyInfo, error) {
-	var policies []hexapolicy.PolicyInfo
-	for _, v := range bindAssignments {
-		pols, err := m.MapBindingAssignmentToPolicy(*v)
-		if err != nil {
-			return nil, err
-		}
-		for _, pol := range pols {
-			policies = append(policies, pol)
-		}
-	}
-	return policies, nil
-}
-
-func (m *GooglePolicyMapper) MapBindingAssignmentToPolicy(bindAssignment BindAssignment) ([]hexapolicy.PolicyInfo, error) {
-	var policies []hexapolicy.PolicyInfo
-	objectId := bindAssignment.ResourceId
-	for _, v := range bindAssignment.Bindings {
-		policy, err := m.MapBindingToPolicy(objectId, v)
-		if err != nil {
-			return nil, err
-		}
-		policies = append(policies, policy)
-	}
-
-	return policies, nil
-}
-
-func (m *GooglePolicyMapper) MapBindingToPolicy(objectId string, binding iam.Binding) (hexapolicy.PolicyInfo, error) {
-	bindingCondition := binding.Condition
-	if bindingCondition != nil {
-		condition, err := m.convertCelToCondition(binding.Condition)
-		if err != nil {
-			return hexapolicy.PolicyInfo{}, err
-		}
-
-		policy := hexapolicy.PolicyInfo{
-			Meta:      hexapolicy.MetaInfo{Version: "0.5"},
-			Actions:   convertRoleToAction(binding.Role),
-			Subject:   hexapolicy.SubjectInfo{Members: binding.Members},
-			Object:    hexapolicy.ObjectInfo{ResourceID: objectId},
-			Condition: &condition,
-		}
-		return policy, nil
-	}
-	policy := hexapolicy.PolicyInfo{
-		Meta:    hexapolicy.MetaInfo{Version: "0.5"},
-		Actions: convertRoleToAction(binding.Role),
-		Subject: hexapolicy.SubjectInfo{Members: binding.Members},
-		Object:  hexapolicy.ObjectInfo{ResourceID: objectId},
-	}
-	return policy, nil
-
-}
-
-func (m *GooglePolicyMapper) MapPolicyToBinding(policy hexapolicy.PolicyInfo) (*iam.Binding, error) {
-	cond := policy.Condition
-	var condExpr *iam.Expr
-	var err error
-	if cond != nil {
-		condExpr, err = m.convertPolicyCondition(policy)
-	} else {
-		condExpr = nil
-	}
-
-	if err != nil {
-		return nil, err
-	}
-	return &iam.Binding{
-		Condition: condExpr,
-		Members:   policy.Subject.Members,
-		Role:      convertActionToRole(policy),
-	}, nil
-}
-
-func (m *GooglePolicyMapper) MapPoliciesToBindings(policies []hexapolicy.PolicyInfo) []*BindAssignment {
-	bindingMap := make(map[string][]iam.Binding)
-
-	for i, policy := range policies {
-		binding, err := m.MapPolicyToBinding(policy)
-		if err != nil {
-			fmt.Println(err.Error())
-			continue
-		}
-		key := policies[i].Object.ResourceID
-
-		existing := bindingMap[key]
-		existing = append(existing, *binding)
-		bindingMap[key] = existing
-
-	}
-	bindings := make([]*BindAssignment, len(bindingMap))
-	i := 0
-	for k, v := range bindingMap {
-		bindings[i] = &BindAssignment{
-			ResourceId: k,
-			Bindings:   v,
-		}
-		i++
-	}
-	return bindings
-}
-
-func convertActionToRole(policy hexapolicy.PolicyInfo) string {
-	for _, v := range policy.Actions {
-		action := v.ActionUri
-		if strings.HasPrefix(action, "gcp:") {
-			return action[4:]
-		}
-	}
-	return ""
-}
-
-func convertRoleToAction(role string) []hexapolicy.ActionInfo {
-	if role == "" {
-		return nil
-	}
-	return []hexapolicy.ActionInfo{{"gcp:" + role}}
-}
-
-func (m *GooglePolicyMapper) convertCelToCondition(expr *iam.Expr) (hexapolicy.ConditionInfo, error) {
-	return m.conditionMapper.MapProviderToCondition(expr.Expression)
-}
-
-func (m *GooglePolicyMapper) convertPolicyCondition(policy hexapolicy.PolicyInfo) (*iam.Expr, error) {
-
-	if policy.Condition == nil {
-		return nil, nil // do nothing as policy has no condition
-	}
-
-	celString, err := m.conditionMapper.MapConditionToProvider(*policy.Condition)
-	if err != nil {
-		return nil, err
-	}
-
-	iamExpr := iam.Expr{
-		Expression: celString,
-	}
-	return &iamExpr, nil
-}
-
-type Assignments struct {
-	BindAssignments []*BindAssignment
-}
-
-// UnmarshalJSON implements json.Unmarshaler
-func (d *Assignments) UnmarshalJSON(b []byte) error {
-	if len(b) == 0 {
-		return fmt.Errorf("no bytes to unmarshal")
-	}
-
-	switch b[0] {
-	case '{':
-		return d.unMarshallSingle(b)
-	case '[':
-		return d.unMarshallMulti(b)
-	}
-	return nil
-}
-
-func (d *Assignments) unMarshallSingle(b []byte) error {
-	type DetectSingle struct {
-		iam.Binding
-		BindAssignment
-	}
-	var single DetectSingle
-	err := json.Unmarshal(b, &single)
-	if err != nil {
-		return err
-	}
-	assignments := make([]*BindAssignment, 1)
-	if len(single.Bindings) != 0 {
-		assignments[0] = &single.BindAssignment
-	} else {
-		iamBindings := make([]iam.Binding, 1)
-		iamBindings[0] = single.Binding
-		assignments[0] = &BindAssignment{
-			Bindings:   iamBindings,
-			ResourceId: "",
-		}
-	}
-	d.BindAssignments = assignments
-	return nil
-}
-
-func (d *Assignments) unMarshallMulti(b []byte) error {
-	var iamBinds []iam.Binding
-	var assigns []BindAssignment
-
-	err := json.Unmarshal(b, &assigns)
-	if err != nil {
-		return err
-	}
-	if len(assigns) > 0 {
-		pAssigns := make([]*BindAssignment, len(assigns))
-		for k := range assigns {
-			pAssigns[k] = &assigns[k]
-		}
-		d.BindAssignments = pAssigns
-		return nil
-	}
-
-	err = json.Unmarshal(b, &iamBinds)
-	if err != nil {
-		return err
-	}
-
-	assignments := make([]*BindAssignment, 1)
-	assignments[0] = &BindAssignment{
-		Bindings:   iamBinds,
-		ResourceId: "",
-	}
-	return nil
-}
-
-/*
-ParseBindings will read either an iam.Binding or GcpBindAssignment structure and returns a []*GcpBindAssignment type.
-Note that if a single binding is provided, the GcpBindAssignment.ResourceId value will be nil
-*/
-func ParseBindings(bindingBytes []byte) ([]*BindAssignment, error) {
-	var data Assignments
-	err := json.Unmarshal(bindingBytes, &data)
-	if err != nil {
-		return nil, err
-	}
-
-	return data.BindAssignments, nil
-}
-
-/*
-ParseFile will load a file from the specified path and will auto-detect format and convert to GcpBindAssignment. See ParseBindings
-*/
-func ParseFile(path string) ([]*BindAssignment, error) {
-	policyBytes, err := os.ReadFile(path)
-	if err != nil {
-		return nil, err
-	}
-	return ParseBindings(policyBytes)
-}
diff --git a/pkg/googlesupport/google_bind_policy_test.go b/pkg/googlesupport/google_bind_policy_test.go
deleted file mode 100644
index 226a83c4..00000000
--- a/pkg/googlesupport/google_bind_policy_test.go
+++ /dev/null
@@ -1,163 +0,0 @@
-package googlesupport_test
-
-import (
-	"encoding/json"
-	"fmt"
-	"math/rand"
-	"os"
-	"path/filepath"
-	"runtime"
-	"testing"
-	"time"
-
-	"github.com/hexa-org/policy-orchestrator/pkg/googlesupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/hexapolicysupport"
-	"github.com/stretchr/testify/assert"
-	"google.golang.org/api/iam/v1"
-)
-
-var gcpMapper = googlesupport.New(map[string]string{})
-
-func getIdqlFile() string {
-	_, file, _, _ := runtime.Caller(0)
-	return filepath.Join(file, "../test/data.json")
-}
-
-func TestProduceAndParseGcp(t *testing.T) {
-	var err error
-	policies, err := hexapolicysupport.ParsePolicyFile(getIdqlFile())
-	assert.NoError(t, err, "File %s not parsed", getIdqlFile())
-
-	bindAssignments := gcpMapper.MapPoliciesToBindings(policies)
-
-	fmt.Println("iam.Binding:")
-	PrintObj(bindAssignments[0].Bindings[0])
-	fmt.Println("BindAssignment:")
-	PrintObj(bindAssignments[0])
-	fmt.Println("[]BindAssignment")
-	PrintObj(bindAssignments)
-	rand.Seed(time.Now().UnixNano())
-	dir := t.TempDir()
-
-	runId := rand.Uint64()
-
-	// We will generate 3 output variants to test the parser
-
-	bindingAssignFile := filepath.Join(dir, fmt.Sprintf("bindAssign-%d.json", runId))
-	bindingsAssignFile := filepath.Join(dir, fmt.Sprintf("bindAssigns-%d.json", runId))
-	bindingFile := filepath.Join(dir, fmt.Sprintf("binding-%d.json", runId))
-
-	// Write a single binding
-	assert.NoError(t, WriteObj(bindingFile, bindAssignments[0].Bindings[0]), "Single bind write")
-
-	// Write out a single bind assignment
-	assert.NoError(t, WriteObj(bindingAssignFile, bindAssignments[0]), "Single bind assignment write")
-
-	// Write out all assignments
-	assert.NoError(t, WriteObj(bindingsAssignFile, bindAssignments), "Single bind assignment write")
-
-	// Parse a simple binding
-	bindRead, err := googlesupport.ParseFile(bindingFile)
-	assert.NoError(t, err, "Read a single binding")
-
-	assert.Equal(t, 1, len(bindRead), "Check 1 GcpBindAssignment returned")
-	resId := bindRead[0].ResourceId
-	assert.Equal(t, "", resId)
-
-	// Parse a single assignment
-	bindAssign, err := googlesupport.ParseFile(bindingAssignFile)
-	assert.NoError(t, err, "Read a single binding assignment")
-
-	assert.Equal(t, 1, len(bindAssign), "Check 1 GcpBindAssignment returned")
-	resId = bindAssign[0].ResourceId
-	assert.NotEqual(t, "", resId)
-
-	// Parse a multiple assignment
-	bindAssigns, err := googlesupport.ParseFile(bindingsAssignFile)
-	assert.NoError(t, err, "Read multiple binding assignments")
-
-	assert.Equal(t, 3, len(bindAssigns), "Check 4 GcpBindAssignment returned")
-	p1 := bindAssigns[0]
-	p2 := bindAssigns[1]
-	resId1 := p1.ResourceId
-	resId2 := p2.ResourceId
-
-	assert.NotEqual(t, resId1, resId2, "Check resource ids are different")
-
-	copyPolcies, err := gcpMapper.MapBindingAssignmentsToPolicy(bindAssigns)
-
-	output, err := json.MarshalIndent(copyPolcies, "", "  ")
-	fmt.Println(string(output))
-	assert.NoError(t, err, "Check error after mapping bindings back to policies")
-	assert.Equal(t, 4, len(copyPolcies), "4 policies returned")
-}
-
-func TestReadGcp(t *testing.T) {
-	_, file, _, _ := runtime.Caller(0)
-	assignmentsFile := filepath.Join(file, "../test/test_assignments.json")
-	assignmentFile := filepath.Join(file, "../test/test_assignment.json")
-	bindingFile := filepath.Join(file, "../test/test_binding.json")
-
-	assignment, err := googlesupport.ParseFile(assignmentFile)
-	assert.NoError(t, err, "Parsing Assignment error")
-	assert.Equal(t, 1, len(assignment), "1 assignment should be returned")
-
-	assignment, err = googlesupport.ParseFile(assignmentsFile)
-	assert.NoError(t, err, "Parsing Multi Assignments error")
-	assert.Equal(t, 3, len(assignment), "3 assignment should be returned")
-
-	assignment, err = googlesupport.ParseFile(bindingFile)
-	assert.NoError(t, err, "Parsing Binding error")
-	assert.Equal(t, 1, len(assignment), "1 assignment should be returned")
-	assert.Equal(t, "", assignment[0].ResourceId, "should have no resource id value")
-}
-
-func PrintObj(data interface{}) {
-	var polBytes []byte
-	switch pol := data.(type) {
-	case iam.Binding:
-		polBytes, err := json.MarshalIndent(pol, "", "  ")
-		if err != nil {
-			fmt.Println(err.Error())
-		}
-		//	fmt.Println(string(polBytes))
-		fmt.Println(string(polBytes))
-		return
-
-	case []*googlesupport.BindAssignment, *googlesupport.BindAssignment:
-		polBytes, err := json.MarshalIndent(pol, "", "  ")
-		if err != nil {
-			fmt.Println(err.Error())
-		}
-		fmt.Println(string(polBytes))
-		return
-	}
-
-	fmt.Println(string(polBytes))
-	return
-
-}
-
-func WriteObj(path string, data interface{}) error {
-	var polBytes []byte
-	switch pol := data.(type) {
-	case iam.Binding:
-		polBytes, err := json.MarshalIndent(pol, "", "  ")
-		if err != nil {
-			fmt.Println(err.Error())
-		}
-		//	fmt.Println(string(polBytes))
-		return os.WriteFile(path, polBytes, 0644)
-
-	case []*googlesupport.BindAssignment, *googlesupport.BindAssignment:
-		polBytes, err := json.MarshalIndent(pol, "", "  ")
-		if err != nil {
-			fmt.Println(err.Error())
-		}
-		//	fmt.Println(string(polBytes))
-		return os.WriteFile(path, polBytes, 0644)
-	}
-
-	return os.WriteFile(path, polBytes, 0644)
-
-}
diff --git a/pkg/googlesupport/google_condition_mapper.go b/pkg/googlesupport/google_condition_mapper.go
deleted file mode 100644
index 3fdf8482..00000000
--- a/pkg/googlesupport/google_condition_mapper.go
+++ /dev/null
@@ -1,460 +0,0 @@
-package googlesupport
-
-/*
- Condition mapper for Google IAM - See: https://cloud.google.com/iam/docs/conditions-overview
-*/
-import (
-	"errors"
-	"fmt"
-	"strconv"
-	"strings"
-
-	celv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/filters/cel/v3"
-	"github.com/google/cel-go/cel"
-	"github.com/hexa-org/policy-orchestrator/pkg/filtersupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/hexapolicy"
-	expr "google.golang.org/genproto/googleapis/api/expr/v1alpha1"
-)
-
-var (
-	env, _ = cel.NewEnv()
-)
-
-type GoogleConditionMapper struct {
-	NameMapper *hexapolicy.AttributeMap
-}
-
-type CelConditionType struct {
-	Title       string
-	Description string
-	Expression  celv3.ExpressionFilter
-}
-
-type GcpConditionType struct {
-	Title       string
-	Description string
-	Expression  string
-}
-
-func (mapper *GoogleConditionMapper) MapConditionToProvider(condition hexapolicy.ConditionInfo) (string, error) {
-	// assumes https://github.com/google/cel-spec/blob/master/doc/langdef.md#logical-operators
-	ast, err := hexapolicy.ParseConditionRuleAst(condition)
-	if err != nil {
-		return "", err
-	}
-	return mapper.MapFilter(ast)
-
-}
-
-func (mapper *GoogleConditionMapper) MapFilter(ast *filtersupport.Expression) (string, error) {
-	err := checkCompatibility(*ast)
-	if err != nil {
-		return "", err
-	}
-	return mapper.mapFilterInternal(ast, false), nil
-}
-
-func (mapper *GoogleConditionMapper) mapFilterInternal(ast *filtersupport.Expression, isChild bool) string {
-
-	// dereference
-	deref := *ast
-
-	switch element := deref.(type) {
-	case filtersupport.NotExpression:
-		return mapper.mapFilterNot(&element, isChild)
-	case filtersupport.PrecedenceExpression:
-		return mapper.mapFilterPrecedence(&element, true)
-
-	case filtersupport.LogicalExpression:
-		return mapper.mapFilterLogical(&element, isChild)
-
-	default:
-		attrExpression := deref.(filtersupport.AttributeExpression)
-		return mapper.mapFilterAttrExpr(&attrExpression)
-	}
-	// return mapper.mapFilterValuePath(deref.(filter.ValuePathExpression))
-}
-
-/*
-func (mapper *GoogleConditionMapper) mapFilterValuePath(vpFilter filter.ValuePathExpression) string {
-	// See: https://cloud.google.com/access-context-manager/docs/custom-access-level-spec
-	subFilter := vpFilter.VPathFilter
-	attribute := vpFilter.Attribute
-	celFilter := mapper.mapFilterInternal(&subFilter, false)
-	return attribute + ".exists(" + attribute + "," + celFilter + ")"
-}
-*/
-
-func (mapper *GoogleConditionMapper) mapFilterNot(notFilter *filtersupport.NotExpression, isChild bool) string {
-	subExpression := notFilter.Expression
-	var celFilter string
-	switch subFilter := subExpression.(type) {
-	case filtersupport.LogicalExpression:
-		// For the purpose of a not filter, the logical expression is not a child
-		celFilter = mapper.mapFilterLogical(&subFilter, false)
-		celFilter = "(" + celFilter + ")"
-		break
-	default:
-		celFilter = mapper.mapFilterInternal(&subFilter, false)
-	}
-
-	return fmt.Sprintf("!%v", celFilter)
-}
-
-func (mapper *GoogleConditionMapper) mapFilterPrecedence(pfilter *filtersupport.PrecedenceExpression, isChild bool) string {
-	subExpression := pfilter.Expression
-	var celFilter string
-	switch subFilter := subExpression.(type) {
-	case filtersupport.LogicalExpression:
-		// For the purpose of a not filter, the logical expression is not a child
-		celFilter = mapper.mapFilterLogical(&subFilter, false)
-		celFilter = "(" + celFilter + ")"
-		break
-	default:
-		celFilter = mapper.mapFilterInternal(&subFilter, false)
-	}
-	return fmt.Sprintf("%v", celFilter)
-}
-
-func (mapper *GoogleConditionMapper) mapFilterLogical(logicFilter *filtersupport.LogicalExpression, isChild bool) string {
-	isDouble := false
-	var celLeft, celRight string
-	switch subFilter := logicFilter.Left.(type) {
-	case filtersupport.LogicalExpression:
-		if subFilter.Operator == logicFilter.Operator {
-			isDouble = true
-		}
-	}
-
-	celLeft = mapper.mapFilterInternal(&logicFilter.Left, !isDouble)
-
-	celRight = mapper.mapFilterInternal(&logicFilter.Right, !isDouble)
-
-	switch logicFilter.Operator {
-	default:
-		return fmt.Sprintf("%v && %v", celLeft, celRight)
-	case filtersupport.OR:
-		if isChild {
-			// Add precedence to preserve order
-			return fmt.Sprintf("(%v || %v)", celLeft, celRight)
-		} else {
-			return fmt.Sprintf("%v || %v", celLeft, celRight)
-		}
-	}
-}
-
-func (mapper *GoogleConditionMapper) mapFilterAttrExpr(attrExpr *filtersupport.AttributeExpression) string {
-	compareValue := prepareValue(attrExpr)
-
-	mapPath := mapper.NameMapper.GetProviderAttributeName(attrExpr.AttributePath)
-
-	switch attrExpr.Operator {
-
-	case filtersupport.NE:
-		return mapPath + " != " + compareValue
-	case filtersupport.LT:
-		return mapPath + " < " + compareValue
-	case filtersupport.LE:
-		return mapPath + " <= " + compareValue
-	case filtersupport.GT:
-		return mapPath + " > " + compareValue
-	case filtersupport.GE:
-		return mapPath + " >= " + compareValue
-	case filtersupport.SW:
-		return mapPath + ".startsWith(" + compareValue + ")"
-	case filtersupport.EW:
-		return mapPath + ".endsWith(" + compareValue + ")"
-	case filtersupport.PR:
-		return "has(" + mapPath + ")"
-	case filtersupport.CO:
-		return mapPath + ".contains(" + compareValue + ")"
-	case filtersupport.IN:
-		return mapPath + " in " + compareValue
-	default:
-		return mapPath + " == " + compareValue
-	}
-
-}
-
-/*
-If the value type is string, it needs to be quoted.
-*/
-func prepareValue(attrExpr *filtersupport.AttributeExpression) string {
-	compValue := attrExpr.CompareValue
-	if compValue == "" {
-		return ""
-	}
-
-	// Check for integer
-
-	if _, err := strconv.ParseInt(compValue, 10, 64); err == nil {
-		return compValue
-	}
-
-	if compValue == "true" || compValue == "false" {
-		return compValue
-	}
-
-	// assume it is a string and return with quotes
-	return fmt.Sprintf("\"%s\"", attrExpr.CompareValue)
-
-}
-
-func (mapper *GoogleConditionMapper) MapProviderToCondition(expression string) (hexapolicy.ConditionInfo, error) {
-
-	celAst, issues := env.Parse(expression)
-	if issues != nil {
-		return hexapolicy.ConditionInfo{}, errors.New("CEL Mapping Error: " + issues.String())
-	}
-
-	idqlAst, err := mapper.mapCelExpr(celAst.Expr(), false)
-	if err != nil {
-		return hexapolicy.ConditionInfo{
-			Rule: "",
-		}, errors.New("IDQL condition mapper error: " + err.Error())
-	}
-
-	condString := hexapolicy.SerializeExpression(&idqlAst)
-
-	return hexapolicy.ConditionInfo{
-		Rule:   condString,
-		Action: "allow",
-	}, nil
-}
-
-func (mapper *GoogleConditionMapper) mapCelExpr(expression *expr.Expr, isChild bool) (filtersupport.Expression, error) {
-
-	cexpr := expression.GetCallExpr()
-
-	if cexpr != nil {
-		return mapper.mapCallExpr(cexpr, isChild)
-	}
-
-	kind := expression.GetExprKind()
-	switch v := kind.(type) {
-	case *expr.Expr_SelectExpr:
-		return mapper.mapSelectExpr(v)
-	// case *expr.Expr_ComprehensionExpr:
-	//	return nil, errors.New("unimplemented CEL 'comprehension expression' not implemented. ")
-	default:
-		msg := fmt.Sprintf("unimplemented CEL expression: %s", expression.String())
-		return nil, fmt.Errorf(msg)
-	}
-}
-
-func (mapper *GoogleConditionMapper) mapSelectExpr(selection *expr.Expr_SelectExpr) (filtersupport.Expression, error) {
-	field := selection.SelectExpr.GetField()
-	/*
-		if !selection.SelectExpr.GetTestOnly() {
-			return nil, errors.New("unimplemented Google CEL Select Expression: " + selection.SelectExpr.String())
-		}
-	*/
-
-	ident := selection.SelectExpr.GetOperand().GetIdentExpr()
-
-	name := ident.GetName()
-	attr := name + "." + field
-	path := mapper.NameMapper.GetHexaFilterAttributePath(attr)
-	return filtersupport.AttributeExpression{
-		AttributePath: path,
-		Operator:      filtersupport.PR,
-	}, nil
-}
-
-func (mapper *GoogleConditionMapper) mapCallExpr(expression *expr.Expr_Call, isChild bool) (filtersupport.Expression, error) {
-	operand := expression.GetFunction()
-	switch operand {
-	case "_&&_":
-		return mapper.mapCelLogical(expression.Args, true, isChild)
-	case "_||_":
-		return mapper.mapCelLogical(expression.Args, false, isChild)
-	case "_!_", "!_":
-		return mapper.mapCelNot(expression.Args, isChild), nil // was false
-	case "_==_":
-		return mapper.mapCelAttrCompare(expression.Args, filtersupport.EQ)
-	case "_!=_":
-		return mapper.mapCelAttrCompare(expression.Args, filtersupport.NE)
-	case "_>_":
-		return mapper.mapCelAttrCompare(expression.Args, filtersupport.GT)
-	case "_<_":
-		return mapper.mapCelAttrCompare(expression.Args, filtersupport.LT)
-	case "_<=_":
-		return mapper.mapCelAttrCompare(expression.Args, filtersupport.LE)
-	case "_>=_":
-		return mapper.mapCelAttrCompare(expression.Args, filtersupport.GE)
-	case "@in":
-		return mapper.mapCelAttrCompare(expression.Args, filtersupport.IN)
-
-	case "startsWith", "endsWith", "contains", "has":
-		return mapper.mapCelAttrFunction(expression)
-
-	}
-
-	return nil, errors.New("unimplemented CEL expression operand: " + operand)
-}
-
-func (mapper *GoogleConditionMapper) mapCelAttrFunction(expression *expr.Expr_Call) (filtersupport.Expression, error) {
-	target := expression.GetTarget()
-	selection := target.GetSelectExpr()
-	operand := selection.GetOperand()
-	// subattr := selection.Field
-	name := operand.GetIdentExpr().GetName()
-	var path string
-	if name == "" {
-		name = target.GetIdentExpr().GetName()
-		path = mapper.NameMapper.GetHexaFilterAttributePath(name)
-
-	} else {
-		subattr := selection.GetField()
-		path = mapper.NameMapper.GetHexaFilterAttributePath(name + "." + subattr)
-	}
-
-	switch expression.GetFunction() {
-	case "startsWith":
-		rh := expression.GetArgs()[0].GetConstExpr().GetStringValue()
-		return filtersupport.AttributeExpression{
-			AttributePath: path,
-			Operator:      filtersupport.SW,
-			CompareValue:  rh,
-		}, nil
-	case "endsWith":
-		rh := expression.GetArgs()[0].GetConstExpr().GetStringValue()
-		return filtersupport.AttributeExpression{
-			AttributePath: path,
-			Operator:      filtersupport.EW,
-			CompareValue:  rh,
-		}, nil
-	case "contains":
-		rh := expression.GetArgs()[0].GetConstExpr().GetStringValue()
-		return filtersupport.AttributeExpression{
-			AttributePath: path,
-			Operator:      filtersupport.CO,
-			CompareValue:  rh,
-		}, nil
-	}
-	return nil, errors.New(fmt.Sprintf("unimplemented CEL function:%s", expression.GetFunction()))
-
-}
-
-func (mapper *GoogleConditionMapper) mapCelAttrCompare(expressions []*expr.Expr, operator filtersupport.CompareOperator) (filtersupport.Expression, error) {
-	// target :=
-
-	path := ""
-	isNot := false
-	callExpr := expressions[0].GetCallExpr()
-	lhExpression := expressions[0]
-	if callExpr != nil {
-		switch callExpr.GetFunction() {
-		case "!_":
-			isNot = true
-			break
-		default:
-			msg := fmt.Sprintf("unimplemented CEL function: %s", callExpr.GetFunction())
-			return nil, errors.New(msg)
-		}
-		lhExpression = callExpr.Args[0]
-	}
-	ident := lhExpression.GetIdentExpr()
-	if ident == nil {
-		selectExpr := lhExpression.GetSelectExpr()
-		path = selectExpr.GetOperand().GetIdentExpr().Name + "." + selectExpr.GetField()
-	} else {
-		path = ident.GetName()
-	}
-
-	// map the path name
-	path = mapper.NameMapper.GetHexaFilterAttributePath(path)
-	constExpr := expressions[1].GetConstExpr().String()
-
-	elems := strings.SplitN(constExpr, ":", 2)
-	rh := ""
-
-	if len(elems) == 2 {
-		switch elems[0] {
-		case "string_value":
-			rh = expressions[1].GetConstExpr().GetStringValue()
-		default:
-			rh = elems[1]
-		}
-	}
-	attrFilter := filtersupport.AttributeExpression{
-		AttributePath: path,
-		Operator:      operator,
-		CompareValue:  rh,
-	}
-	if isNot {
-		return filtersupport.NotExpression{
-			Expression: attrFilter,
-		}, nil
-	}
-	return attrFilter, nil
-}
-
-func (mapper *GoogleConditionMapper) mapCelNot(expressions []*expr.Expr, isChild bool) filtersupport.Expression {
-
-	expression, _ := mapper.mapCelExpr(expressions[0], false) // ischild is ignored because of not
-
-	notFilter := filtersupport.NotExpression{
-		Expression: expression,
-	}
-	return notFilter
-}
-
-func (mapper *GoogleConditionMapper) mapCelLogical(expressions []*expr.Expr, isAnd bool, isChild bool) (filtersupport.Expression, error) {
-	filters := make([]filtersupport.Expression, len(expressions))
-	var err error
-	// collapse n clauses back into a series of nested pairwise and/or clauses
-	for i, v := range expressions {
-		filters[i], err = mapper.mapCelExpr(v, true)
-		if err != nil {
-			return nil, err
-		}
-	}
-	var op string
-	if isAnd {
-		op = "and"
-	} else {
-		op = "or"
-
-	}
-
-	// Collapse all the way down to 1 filter
-	for len(filters) > 1 {
-		i := len(filters)
-		subFilter := filtersupport.LogicalExpression{
-			Left:     filters[i-2],
-			Right:    filters[i-1],
-			Operator: filtersupport.LogicalOperator(op),
-		}
-
-		filters[i-2] = subFilter
-		filters = filters[0 : i-1 : i-1]
-	}
-
-	// Surround with precedence to preserve order
-	return filters[0], nil
-}
-
-func checkCompatibility(e filtersupport.Expression) error {
-	var err error
-	switch v := e.(type) {
-	case filtersupport.LogicalExpression:
-		err = checkCompatibility(v.Left)
-		if err != nil {
-			return err
-		}
-		err = checkCompatibility(v.Right)
-		if err != nil {
-			return err
-		}
-	case filtersupport.NotExpression:
-		return checkCompatibility(v.Expression)
-	case filtersupport.PrecedenceExpression:
-		return checkCompatibility(v.Expression)
-	case filtersupport.ValuePathExpression:
-		return errors.New("IDQL ValuePath expression mapping to Google CEL currently not supported")
-	case filtersupport.AttributeExpression:
-		return nil
-	}
-	return nil
-}
diff --git a/pkg/googlesupport/google_condition_mapper_test.go b/pkg/googlesupport/google_condition_mapper_test.go
deleted file mode 100644
index b69d59f1..00000000
--- a/pkg/googlesupport/google_condition_mapper_test.go
+++ /dev/null
@@ -1,185 +0,0 @@
-package googlesupport_test
-
-import (
-	"fmt"
-	"testing"
-
-	"github.com/hexa-org/policy-orchestrator/pkg/googlesupport"
-	"github.com/hexa-org/policy-orchestrator/pkg/hexapolicy"
-	"github.com/stretchr/testify/assert"
-)
-
-var mapper = googlesupport.GoogleConditionMapper{
-	NameMapper: hexapolicy.NewNameMapper(map[string]string{
-		"a":        "b",
-		"c":        "d",
-		"username": "account.userid",
-	}),
-}
-
-func TestParseFilter(t *testing.T) {
-	examples := [][2]string{
-		{
-			"principal.numberOfLaptops lt 5 and principal.joblevel gt 6",
-			"principal.numberOfLaptops lt 5 and principal.joblevel gt 6",
-		},
-		{"request.auth pr", "request.auth pr"},
-		{"emails ew strata.io", "emails ew \"strata.io\""},
-		{"username in crmUsers", "username in \"crmUsers\""},
-		{"account.active eq true", "account.active eq true"},
-		// Note: PR only works for compound attributes like account.userid in Google
-		{"username pr", "username pr"},
-
-		{"userName sw \"J\"", "username sw \"J\""},
-		{"test.name sw \"J\"", "test.name sw \"J\""},
-		{
-			"username eq \"june\" or username eq fred or username eq alice",
-			"username eq \"june\" or username eq \"fred\" or username eq \"alice\"",
-		},
-		{
-			"username eq \"june\" and username eq fred and username eq alice",
-			"username eq \"june\" and username eq \"fred\" and username eq \"alice\"",
-		},
-		{
-			"subject.common_name eq \"gcpbind.com\" and subject.country_code eq \"US\" or subject.country_code eq \"IR\"",
-			"subject.common_name eq \"gcpbind.com\" and subject.country_code eq \"US\" or subject.country_code eq \"IR\"",
-		}, {
-			"subject.common_name eq \"gcpbind.com\" and (subject.country_code eq \"US\" or subject.country_code eq \"IR\")",
-			"subject.common_name eq \"gcpbind.com\" and (subject.country_code eq \"US\" or subject.country_code eq \"IR\")",
-		},
-
-		// Following tests that parenthesis and logic preserved
-		{
-			"subject.common_name eq \"gcpbind.com\" and (subject.country_code eq \"US\" or subject.country_code eq \"IR\")",
-			"subject.common_name eq \"gcpbind.com\" and (subject.country_code eq \"US\" or subject.country_code eq \"IR\")",
-		}, {
-			"subject.common_name eq \"gcpbind.com\" and (subject.country_code eq \"US\" or not (subject.country_code eq \"IR\"))",
-			"subject.common_name eq \"gcpbind.com\" and (subject.country_code eq \"US\" or not(subject.country_code eq \"IR\"))",
-		}, {
-			"userName eq \"bjensen\"", "username eq \"bjensen\"",
-		}, {
-			"userName Eq \"bjensen\"", "username eq \"bjensen\"",
-		}, { // this should not correct case because name.familityName not in attribute name list
-			"name.familyName co \"O'Malley\"", "name.familyName co \"O'Malley\"",
-		},
-
-		// Following tests confirm > < >= <=
-		{"meta.lastModified gt \"2011-05-13T04:42:34Z\"", "meta.lastModified gt \"2011-05-13T04:42:34Z\""},
-		{"meta.lastModified ge \"2011-05-13T04:42:34Z\"", "meta.lastModified ge \"2011-05-13T04:42:34Z\""},
-		{"meta.lastModified lt \"2011-05-13T04:42:34Z\"", "meta.lastModified lt \"2011-05-13T04:42:34Z\""},
-		{"meta.lastModified le \"2011-05-13T04:42:34Z\"", "meta.lastModified le \"2011-05-13T04:42:34Z\""},
-		{"username pr and userType eq \"Employee\"", "username pr and userType eq \"Employee\""},
-		{"username pr or userType eq \"Intern\"", "username pr or userType eq \"Intern\""},
-
-		{
-			"userType eq \"Employee\" and (emails co \"example.com\" or emails.value co \"example.org\")",
-			"userType eq \"Employee\" and (emails co \"example.com\" or emails.value co \"example.org\")",
-		},
-		{
-			"userType eq \"Employee\" and (emails.type eq \"work\")",
-			"userType eq \"Employee\" and emails.type eq \"work\"",
-		},
-		{
-			// Confirms proper handling of not brackets
-			"userType ne \"Employee\" and not (emails co \"example.com\" or emails.value co \"example.org\")",
-			"userType ne \"Employee\" and not(emails co \"example.com\" or emails.value co \"example.org\")",
-		},
-		// "userType eq \"Employee\" and emails[type eq \"work\" and value co \"@example.com\"]",  // ValueFilter not implemented
-		// "emails[type eq \"work\" and value co \"@example.com\"] or ims[type eq \"xmpp\" and value co \"@foo.com\"]",
-
-	}
-	for _, example := range examples {
-		t.Run(example[0], func(t *testing.T) {
-
-			condition := hexapolicy.ConditionInfo{
-				Rule:   example[0],
-				Action: "allow",
-			}
-			fmt.Println("Test:\t" + example[0])
-			celString, err := mapper.MapConditionToProvider(condition)
-			assert.NoError(t, err, "error mapping IDQL Condition to Google CEL")
-			fmt.Println("=>GCP:\t" + celString)
-
-			conditionBack, err := mapper.MapProviderToCondition(celString)
-			assert.NoError(t, err, "error parsing/mapping CEL statement to IDQL Condition")
-			returnExample := conditionBack.Rule
-			fmt.Println("=>IDQL:\t" + returnExample)
-
-			assert.Equal(t, example[1], returnExample, "Check expected result matches: &s", example[1])
-			// Because of case-insensitive tests (Eq vs eq vs EQ) round trip may not match in mixed cases.
-			// assert.Equal(t, strings.ToLower(example), strings.ToLower(returnExample), "Round-trip map test failure")
-			// assert.Equal(t, example, conditionBack.Rule, "Round-trip map test failure")
-
-		})
-	}
-
-}
-
-func TestNegToProvider(t *testing.T) {
-	condition := hexapolicy.ConditionInfo{
-		Rule: "bleh is bad",
-	}
-	celString, err := mapper.MapConditionToProvider(condition)
-	assert.Errorf(t, err, "invalid IDQL filter: Unsupported comparison operator: is")
-	assert.Equal(t, "", celString, "Should be empty string")
-
-	valuePath := hexapolicy.ConditionInfo{Rule: "emails[type eq \"work\" and value ew \"strata.io\""}
-	celString, err = mapper.MapConditionToProvider(valuePath)
-	assert.Errorf(t, err, "invalid IDQL filter: Missing close ']' bracket")
-	assert.Equal(t, "", celString, "Should be empty string")
-
-	valuePath = hexapolicy.ConditionInfo{Rule: "emails[type eq \"work\" and value ew \"strata.io\"]"}
-	celString, err = mapper.MapConditionToProvider(valuePath)
-	assert.Errorf(t, err, "IDQL ValuePath expression mapping to Google CEL currently not supported")
-	assert.Equal(t, "", celString, "Empty, value path not supported")
-
-	valuePath = hexapolicy.ConditionInfo{Rule: "level GT 5 and emails[type eq \"work\" and value ew \"strata.io\"]"}
-	celString, err = mapper.MapConditionToProvider(valuePath)
-	assert.Errorf(t, err, "IDQL ValuePath expression mapping to Google CEL currently not supported")
-	assert.Equal(t, "", celString, "Empty, value path not supported")
-
-	valuePath = hexapolicy.ConditionInfo{Rule: "emails[type eq \"work\" and value ew \"strata.io\"] and level gt 5"}
-	celString, err = mapper.MapConditionToProvider(valuePath)
-	assert.Errorf(t, err, "IDQL ValuePath expression mapping to Google CEL currently not supported")
-	assert.Equal(t, "", celString, "Empty, value path not supported")
-
-	badCompare := hexapolicy.ConditionInfo{Rule: "level GT 3 and abc GR 2"}
-	celString, err = mapper.MapConditionToProvider(badCompare)
-	assert.Errorf(t, err, "invalid IDQL filter: Unsupported comparison operator: GR")
-	assert.Equal(t, "", celString, "Should be empty string")
-
-}
-
-func TestNegToIdql(t *testing.T) {
-	celString := "document.summary.size() < 100"
-	cond, err := mapper.MapProviderToCondition(celString)
-	assert.Errorf(t, err, "IDQL condition mapper error: unimplemented CEL function: size")
-
-	assert.Equal(t, "", cond.Rule, "Condition should be empty")
-
-	// THis should invoke the error within a logic filter
-	celString = "(level > 3 || not(document.summary.size() < 100)) && level < 10"
-	cond, err = mapper.MapProviderToCondition(celString)
-	assert.Errorf(t, err, "IDQL condition mapper error: unimplemented CEL function: size")
-
-	assert.Equal(t, "", cond.Rule, "Condition should be empty")
-
-	celString = "(level > 3 or not(document.summary.size() < 100)) && level < 10"
-	cond, err = mapper.MapProviderToCondition(celString)
-	assert.Errorf(t, err, "CEL Mapping Error: ERROR: <input>:1:12: Syntax error: mismatched input 'or' expecting ')'\n | (level ")
-
-	assert.Equal(t, "", cond.Rule, "Condition should be empty")
-
-	// This tests for ? operator
-	celString = "level > 3 ? document.path.startsWith(\"/abc\") : level < 10"
-	cond, err = mapper.MapProviderToCondition(celString)
-	assert.Errorf(t, err, "IDQL condition mapper error: unimplemented CEL expression operand: _?_:_")
-
-	assert.Equal(t, "", cond.Rule, "Condition should be empty")
-
-	celString = "emails.exists(emails,type == \"work\" && value.endsWith(\"strata.io\"))"
-	cond, err = mapper.MapProviderToCondition(celString)
-	assert.Contains(t, err.Error(), "unimplemented CEL expression:")
-	assert.Equal(t, "", cond.Rule, "Empty rule returned")
-
-}
diff --git a/pkg/googlesupport/test/data.json b/pkg/googlesupport/test/data.json
deleted file mode 100644
index 81b1197b..00000000
--- a/pkg/googlesupport/test/data.json
+++ /dev/null
@@ -1,93 +0,0 @@
-{
-  "policies": [
-    {
-      "meta": {
-        "version": "0.5"
-      },
-      "actions": [
-        {
-          "action_uri": "http:GET:/"
-        }
-      ],
-      "subject": {
-        "members": [
-          "allusers",
-          "allauthenticated"
-        ]
-      },
-      "condition": {
-        "rule": "req.ip sw 127 and req.method eq POST",
-        "action": "allow"
-      },
-      "object": {
-        "resource_id": "aResourceId"
-      }
-    },
-    {
-      "meta": {
-        "version": "0.5"
-      },
-      "actions": [
-        {
-          "actionUri": "http:GET:/sales"
-        },
-        {
-          "actionUri": "http:GET:/marketing"
-        }
-      ],
-      "subject": {
-        "members": [
-          "allauthenticated",
-          "sales@hexaindustries.io",
-          "marketing@hexaindustries.io"
-        ]
-      },
-      "object": {
-        "resource_id": "bResourceId"
-      }
-    },
-    {
-      "meta": {
-        "version": "0.5"
-      },
-      "actions": [
-        {
-          "actionUri": "http:GET:/accounting"
-        },
-        {
-          "actionUri": "http:POST:/accounting"
-        }
-      ],
-      "subject": {
-        "members": [
-          "accounting@hexaindustries.io"
-        ]
-      },
-      "condition": {
-        "rule": "req.ip sw 127 and req.method eq POST",
-        "action": "allow"
-      },
-      "object": {
-        "resource_id": "cResourceId"
-      }
-    },
-    {
-      "meta": {
-        "version": "0.5"
-      },
-      "actions": [
-        {
-          "actionUri": "http:GET:/humanresources"
-        }
-      ],
-      "subject": {
-        "members": [
-          "humanresources@hexaindustries.io"
-        ]
-      },
-      "object": {
-        "resource_id": "aResourceId"
-      }
-    }
-  ]
-}
\ No newline at end of file
diff --git a/pkg/googlesupport/test/test_assignment.json b/pkg/googlesupport/test/test_assignment.json
deleted file mode 100644
index de6f6994..00000000
--- a/pkg/googlesupport/test/test_assignment.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-  "resource_id": "cResourceId",
-  "bindings": [
-    {
-      "condition": {
-        "expression": "req.ip.startsWith(\"127\") \u0026\u0026 req.method == \"POST\""
-      },
-      "members": [
-        "accounting@hexaindustries.io"
-      ]
-    }
-  ]
-}
\ No newline at end of file
diff --git a/pkg/googlesupport/test/test_assignments.json b/pkg/googlesupport/test/test_assignments.json
deleted file mode 100644
index baedfc03..00000000
--- a/pkg/googlesupport/test/test_assignments.json
+++ /dev/null
@@ -1,46 +0,0 @@
-[
-  {
-    "resource_id": "cResourceId",
-    "bindings": [
-      {
-        "condition": {
-          "expression": "req.ip.startsWith(\"127\") \u0026\u0026 req.method == \"POST\""
-        },
-        "members": [
-          "accounting@hexaindustries.io"
-        ]
-      }
-    ]
-  },
-  {
-    "resource_id": "aResourceId",
-    "bindings": [
-      {
-        "condition": {
-          "expression": "req.ip.startsWith(\"127\") \u0026\u0026 req.method == \"POST\""
-        },
-        "members": [
-          "allusers",
-          "allauthenticated"
-        ]
-      },
-      {
-        "members": [
-          "humanresources@hexaindustries.io"
-        ]
-      }
-    ]
-  },
-  {
-    "resource_id": "bResourceId",
-    "bindings": [
-      {
-        "members": [
-          "allauthenticated",
-          "sales@hexaindustries.io",
-          "marketing@hexaindustries.io"
-        ]
-      }
-    ]
-  }
-]
\ No newline at end of file
diff --git a/pkg/googlesupport/test/test_binding.json b/pkg/googlesupport/test/test_binding.json
deleted file mode 100644
index 1e431ace..00000000
--- a/pkg/googlesupport/test/test_binding.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
-  "condition": {
-    "expression": "req.ip.startsWith(\"127\") \u0026\u0026 req.method == \"POST\""
-  },
-  "members": [
-    "accounting@hexaindustries.io"
-  ]
-}
\ No newline at end of file
diff --git a/pkg/hexapolicy/conditions.go b/pkg/hexapolicy/conditions.go
deleted file mode 100644
index f9197864..00000000
--- a/pkg/hexapolicy/conditions.go
+++ /dev/null
@@ -1,142 +0,0 @@
-package hexapolicy
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/hexa-org/policy-orchestrator/pkg/filtersupport"
-)
-
-const (
-	AAllow string = "allow"
-	ADeny  string = "deny"
-	AAudit string = "audit"
-)
-
-type ConditionInfo struct {
-	Rule   string `json:"Rule,omitempty" validate:"required"` // in RFC7644 filter form
-	Action string `json:"Action,omitempty"`                   // allow/deny/audit default is allow
-}
-
-type AttributeMap struct {
-	forward map[string]string
-	reverse map[string]string
-}
-
-type NameMapper interface {
-	// GetProviderAttributeName returns a simple string representation of the mapped attribute name (usually in name[.sub-attribute] form).
-	GetProviderAttributeName(hexaName string) string
-
-	// GetHexaFilterAttributePath returns a filterAttributePath which is used to build a SCIM Filter AST
-	GetHexaFilterAttributePath(provName string) string
-}
-
-type ConditionMapper interface {
-	/*
-		MapConditionToProvider takes an IDQL Condition expression and converts it to a string
-		usable the target provider. For example from RFC7644, Section-3.4.2.2 to Google Common Expression Language
-	*/
-	MapConditionToProvider(condition ConditionInfo) interface{}
-
-	/*
-		MapProviderToCondition take a string expression from a platform policy and converts it to RFC7644: Section-3.4.2.2.
-	*/
-	MapProviderToCondition(expression string) (ConditionInfo, error)
-}
-
-// NewNameMapper is called by a condition mapper provider to instantiate an attribute name translator using interface NameMapper
-func NewNameMapper(attributeMap map[string]string) *AttributeMap {
-	reverse := make(map[string]string, len(attributeMap))
-	forward := make(map[string]string, len(attributeMap))
-	for k, v := range attributeMap {
-		reverse[strings.ToLower(v)] = k
-		forward[strings.ToLower(k)] = v
-	}
-
-	return &AttributeMap{
-		forward: forward,
-		reverse: reverse,
-	}
-}
-
-func (n *AttributeMap) GetProviderAttributeName(hexaName string) string {
-	val, exists := n.forward[strings.ToLower(hexaName)]
-	if exists {
-		return val
-	}
-	return hexaName
-}
-
-func (n *AttributeMap) GetHexaFilterAttributePath(provName string) string {
-	val, exists := n.reverse[provName]
-	if !exists {
-		val = provName
-	}
-	return val
-}
-
-// ParseConditionRuleAst is used by mapping providers to get the IDQL condition rule AST tree
-func ParseConditionRuleAst(condition ConditionInfo) (*filtersupport.Expression, error) {
-	return filtersupport.ParseFilter(condition.Rule)
-}
-
-func ParseExpressionAst(expression string) (*filtersupport.Expression, error) {
-	return filtersupport.ParseFilter(expression)
-}
-
-// SerializeExpression walks the AST and emits the condition in string form. It preserves precedence over the normal filter.String() method
-func SerializeExpression(ast *filtersupport.Expression) string {
-
-	return walk(*ast, false)
-}
-
-func checkNestedLogic(e filtersupport.Expression, op filtersupport.LogicalOperator) string {
-	// if the child is a repeat of the parent eliminate brackets (e.g. a or b or c)
-
-	switch v := e.(type) {
-	case filtersupport.PrecedenceExpression:
-		e = v.Expression
-	}
-
-	switch v := e.(type) {
-	case filtersupport.LogicalExpression:
-		if v.Operator == op {
-			return walk(e, false)
-		} else {
-			return walk(e, true)
-		}
-
-	default:
-		return walk(e, true)
-	}
-}
-
-func walk(e filtersupport.Expression, isChild bool) string {
-	switch v := e.(type) {
-	case filtersupport.LogicalExpression:
-		lhVal := checkNestedLogic(v.Left, v.Operator)
-
-		rhVal := checkNestedLogic(v.Right, v.Operator)
-
-		if isChild && v.Operator == filtersupport.OR {
-			return fmt.Sprintf("(%v or %v)", lhVal, rhVal)
-		} else {
-			return fmt.Sprintf("%v %v %v", lhVal, v.Operator, rhVal)
-		}
-	case filtersupport.NotExpression:
-		subExpression := v.Expression
-		// Note, because of not() brackets, can treat as top level
-		subExpressionString := walk(subExpression, false)
-
-		return fmt.Sprintf("not(%v)", subExpressionString)
-	case filtersupport.PrecedenceExpression:
-		subExpressionString := walk(v.Expression, false)
-
-		return fmt.Sprintf("(%v)", subExpressionString)
-	case filtersupport.ValuePathExpression:
-		return walk(v.VPathFilter, true)
-	//case filter.AttributeExpression:
-	default:
-		return v.String()
-	}
-}
diff --git a/pkg/hexapolicy/conditions_test.go b/pkg/hexapolicy/conditions_test.go
deleted file mode 100644
index e51d9402..00000000
--- a/pkg/hexapolicy/conditions_test.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package hexapolicy_test
-
-import (
-	"fmt"
-	"testing"
-
-	"github.com/hexa-org/policy-orchestrator/pkg/hexapolicy"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestParseFilter(t *testing.T) {
-	for _, example := range []string{
-		"(level gt 5 or test eq \"abc\" or level lt 10) and (username sw \"emp\" or username eq \"guest\")",
-		"(userName eq \"bjensen\")",
-		"userName Eq \"bjensen\"",
-		"name.familyName co \"O'Malley\"",
-		"userName sw \"J\"",
-		"urn:ietf:params:scim:schemas:core:2.0:User:userName sw \"J\"",
-		"title pr",
-		"meta.lastModified gt \"2011-05-13T04:42:34Z\"",
-		"meta.lastModified ge \"2011-05-13T04:42:34Z\"",
-		"meta.lastModified lt \"2011-05-13T04:42:34Z\"",
-		"meta.lastModified le \"2011-05-13T04:42:34Z\"",
-		"title pr and userType eq \"Employee\"",
-		"title pr or userType eq \"Intern\"",
-		"schemas eq \"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User\"",
-		"userType eq \"Employee\" and (emails co \"example.com\" or emails.value co \"example.org\")",
-		"userType ne \"Employee\" and not (emails co \"example.com\" or emails.value co \"example.org\")",
-		"userType eq \"Employee\" and (emails.type eq \"work\")",
-		"userType eq \"Employee\" and emails[type eq \"work\" and value co \"@example.com\"]",
-		"emails[type eq \"work\" and value co \"@example.com\"] or ims[type eq \"xmpp\" and value co \"@foo.com\"]",
-
-		"name pr and userName pr and title pr",
-		"name pr and not (first eq \"test\") and another ne \"test\"",
-		"NAME PR AND NOT (FIRST EQ \"test\") AND ANOTHER NE \"test\"",
-		"name pr or userName pr or title pr",
-		"emails[type eq \"work\" and value ew \"strata.io\"]",
-	} {
-		t.Run(example, func(t *testing.T) {
-			cond := hexapolicy.ConditionInfo{Rule: example}
-			ast, err := hexapolicy.ParseConditionRuleAst(cond)
-			assert.NoError(t, err, "Parse error against -->"+cond.Rule+"<--")
-			astString := hexapolicy.SerializeExpression(ast)
-			assert.NoError(t, err, "Serialization error against -->"+cond.Rule+"<--")
-			fmt.Println(astString)
-			if err != nil {
-				t.Error(err)
-			}
-		})
-	}
-}
-
-func TestNewNameMapper(t *testing.T) {
-	mapper := hexapolicy.NewNameMapper(map[string]string{
-		"a":           "b",
-		"c":           "d",
-		"username":    "userid",
-		"emails.type": "mail.type",
-	})
-
-	// Test Provider mapping
-	assert.Equal(t, "b", mapper.GetProviderAttributeName("a"), "a produces b")
-	assert.Equal(t, "userid", mapper.GetProviderAttributeName("userName"), "userName prodeuces userid")
-	assert.Equal(t, "undefined", mapper.GetProviderAttributeName("undefined"), "undefined maps as undefined")
-	assert.Equal(t, "mail.type", mapper.GetProviderAttributeName("emails.type"), "emails.type maps to mail.type")
-
-	// Test ReversMapping
-	path := mapper.GetHexaFilterAttributePath("mail.type")
-
-	assert.Equal(t, "emails.type", path, "should be emails.type")
-
-	path = mapper.GetHexaFilterAttributePath("unknown.type")
-	assert.Equal(t, "unknown.type", path, "should be unknown.type")
-
-	path = mapper.GetHexaFilterAttributePath("d")
-	assert.Equal(t, "c", path, "attribute should be c")
-
-}
-
-func TestWalker(t *testing.T) {
-	cond := hexapolicy.ConditionInfo{Rule: "level gt 6 and not(expired eq true)"}
-	ast, err := hexapolicy.ParseExpressionAst(cond.Rule)
-	assert.NotNilf(t, ast, "ast is not nil")
-	assert.NoError(t, err, "no error parsing expression")
-
-	back := hexapolicy.SerializeExpression(ast)
-	assert.NotNilf(t, ast, "ast is not nil")
-	assert.Equal(t, "level gt 6 and not(expired eq true)", back)
-
-	ast, err = hexapolicy.ParseExpressionAst("(level gt 6 or rank lt 5) and not username pr")
-	assert.NotNilf(t, ast, "ast is not nil")
-	back2 := hexapolicy.SerializeExpression(ast)
-	fmt.Println(back2)
-}
diff --git a/pkg/hexapolicy/hexa_policy.go b/pkg/hexapolicy/hexa_policy.go
deleted file mode 100644
index 71b25e28..00000000
--- a/pkg/hexapolicy/hexa_policy.go
+++ /dev/null
@@ -1,48 +0,0 @@
-package hexapolicy
-
-const (
-	SAnyUser   string = "any"
-	SAnyAuth   string = "anyAuthenticated"
-	SBasicAuth string = "basic"
-	SJwtAuth   string = "jwt"
-	SSamlAuth  string = "saml"
-	SCidr      string = "net"
-)
-
-type Policies struct {
-	Policies []PolicyInfo `json:"policies"`
-}
-
-func (p *Policies) AddPolicy(info PolicyInfo) {
-	p.Policies = append(p.Policies, info)
-}
-
-func (p *Policies) AddPolicies(policies Policies) {
-	for _, v := range policies.Policies {
-		p.AddPolicy(v)
-	}
-}
-
-type PolicyInfo struct {
-	Meta      MetaInfo       `validate:"required"`
-	Subject   SubjectInfo    `validate:"required"`
-	Actions   []ActionInfo   `validate:"required"`
-	Object    ObjectInfo     `validate:"required"`
-	Condition *ConditionInfo `json:",omitempty"` // Condition is optional
-}
-
-type MetaInfo struct {
-	Version string `validate:"required"`
-}
-
-type ActionInfo struct {
-	ActionUri string `validate:"required"`
-}
-
-type SubjectInfo struct {
-	Members []string `validate:"required"`
-}
-
-type ObjectInfo struct {
-	ResourceID string `json:"resource_id" validate:"required"`
-}
diff --git a/pkg/hexapolicy/hexa_policy_test.go b/pkg/hexapolicy/hexa_policy_test.go
deleted file mode 100644
index 089840eb..00000000
--- a/pkg/hexapolicy/hexa_policy_test.go
+++ /dev/null
@@ -1 +0,0 @@
-package hexapolicy_test
diff --git a/pkg/hexapolicysupport/hexa_policy_support.go b/pkg/hexapolicysupport/hexa_policy_support.go
deleted file mode 100644
index 110957af..00000000
--- a/pkg/hexapolicysupport/hexa_policy_support.go
+++ /dev/null
@@ -1,48 +0,0 @@
-package hexapolicysupport
-
-import (
-	"encoding/json"
-	"os"
-
-	"github.com/hexa-org/policy-orchestrator/pkg/hexapolicy"
-)
-
-// ParsePolicyFile parses a file containing IDQL policy data in JSON form. The top level attribute is "policies" which
-// is an array of IDQL Policies ([]PolicyInfo)
-func ParsePolicyFile(path string) ([]hexapolicy.PolicyInfo, error) {
-	policyBytes, err := os.ReadFile(path)
-	if err != nil {
-		return nil, err
-	}
-	return ParsePolicies(policyBytes)
-}
-
-// ParsePolicies parses an array of bytes representing an IDQL policy data in JSON form. The top level attribute is "policies" which
-// is an array of IDQL Policies ([]PolicyInfo)
-func ParsePolicies(policyBytes []byte) ([]hexapolicy.PolicyInfo, error) {
-	var policies hexapolicy.Policies
-	err := json.Unmarshal(policyBytes, &policies)
-	if err != nil {
-		// Try array of polcies
-		var pols []hexapolicy.PolicyInfo
-		err = json.Unmarshal(policyBytes, &pols)
-		if err != nil {
-			return nil, err
-		}
-		return pols, nil
-	}
-	return policies.Policies, nil
-}
-
-func ToBytes(policies []hexapolicy.PolicyInfo) ([]byte, error) {
-	pol := hexapolicy.Policies{Policies: policies}
-	return json.Marshal(&pol)
-}
-
-func WritePolicies(path string, policies []hexapolicy.PolicyInfo) error {
-	polBytes, err := ToBytes(policies)
-	if err != nil {
-		return err
-	}
-	return os.WriteFile(path, polBytes, 0644)
-}
diff --git a/pkg/hexapolicysupport/hexa_policy_support_test.go b/pkg/hexapolicysupport/hexa_policy_support_test.go
deleted file mode 100644
index 9f16aff0..00000000
--- a/pkg/hexapolicysupport/hexa_policy_support_test.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package hexapolicysupport_test
-
-import (
-	"fmt"
-	"math/rand"
-	"path/filepath"
-	"runtime"
-	"testing"
-	"time"
-
-	"github.com/alecthomas/assert/v2"
-	"github.com/hexa-org/policy-orchestrator/pkg/hexapolicysupport"
-)
-
-func TestReadFile(t *testing.T) {
-	idqlPath := getFile()
-
-	policies, err := hexapolicysupport.ParsePolicyFile(idqlPath)
-	assert.NoError(t, err, "File %s not parsed", idqlPath)
-
-	assert.Equal(t, 4, len(policies), "Expecting 4 policies")
-}
-
-func TestWriteFile(t *testing.T) {
-	policies, err := hexapolicysupport.ParsePolicyFile(getFile())
-	assert.NoError(t, err, "File %s not parsed", getFile())
-
-	rand.Seed(time.Now().UnixNano())
-	dir := t.TempDir()
-
-	tmpFile := filepath.Join(dir, fmt.Sprintf("idqldata-%d.json", rand.Uint64()))
-	err = hexapolicysupport.WritePolicies(tmpFile, policies)
-	assert.NoError(t, err, "Check error on writing policy")
-
-	policyCopy, err := hexapolicysupport.ParsePolicyFile(tmpFile)
-	assert.Equal(t, 4, len(policyCopy), "4 policies in copy parsed")
-	assert.Equal(t, policies, policyCopy, "Check that the copy is the same as the original")
-}
-
-func getFile() string {
-	_, file, _, _ := runtime.Caller(0)
-	return filepath.Join(file, "../test/data.json")
-}
diff --git a/pkg/hexapolicysupport/test/data.json b/pkg/hexapolicysupport/test/data.json
deleted file mode 100644
index ef49eb6b..00000000
--- a/pkg/hexapolicysupport/test/data.json
+++ /dev/null
@@ -1,93 +0,0 @@
-{
-  "policies": [
-    {
-      "meta": {
-        "version": "0.5"
-      },
-      "actions": [
-        {
-          "action_uri": "http:GET:/"
-        }
-      ],
-      "subject": {
-        "members": [
-          "allusers",
-          "allauthenticated"
-        ]
-      },
-      "condition": {
-        "rule": "req.ip sw 127 and req.method eq POST",
-        "action": "allow"
-      },
-      "object": {
-        "resource_id": "aResourceId"
-      }
-    },
-    {
-      "meta": {
-        "version": "0.5"
-      },
-      "actions": [
-        {
-          "action_uri": "http:GET:/sales"
-        },
-        {
-          "action_uri": "http:GET:/marketing"
-        }
-      ],
-      "subject": {
-        "members": [
-          "allauthenticated",
-          "sales@hexaindustries.io",
-          "marketing@hexaindustries.io"
-        ]
-      },
-      "object": {
-        "resource_id": "aResourceId"
-      }
-    },
-    {
-      "meta": {
-        "version": "0.5"
-      },
-      "actions": [
-        {
-          "action_uri": "http:GET:/accounting"
-        },
-        {
-          "action_uri": "http:POST:/accounting"
-        }
-      ],
-      "subject": {
-        "members": [
-          "accounting@hexaindustries.io"
-        ]
-      },
-      "condition": {
-        "rule": "req.ip sw 127 and req.method eq POST",
-        "action": "allow"
-      },
-      "object": {
-        "resource_id": "aResourceId"
-      }
-    },
-    {
-      "meta": {
-        "version": "0.5"
-      },
-      "actions": [
-        {
-          "action_uri": "http:GET:/humanresources"
-        }
-      ],
-      "subject": {
-        "members": [
-          "humanresources@hexaindustries.io"
-        ]
-      },
-      "object": {
-        "resource_id": "aResourceId"
-      }
-    }
-  ]
-}
\ No newline at end of file
diff --git a/sdk/core/go.mod b/sdk/core/go.mod
new file mode 100644
index 00000000..f05042ff
--- /dev/null
+++ b/sdk/core/go.mod
@@ -0,0 +1,16 @@
+module github.com/hexa-org/policy-orchestrator/sdk/core
+
+go 1.20
+
+require (
+	github.com/hexa-org/policy-mapper/hexaIdql v0.6.0-alpha.3
+	github.com/stretchr/testify v1.8.4
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/kr/text v0.2.0 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
diff --git a/sdk/core/go.sum b/sdk/core/go.sum
new file mode 100644
index 00000000..5808fd22
--- /dev/null
+++ b/sdk/core/go.sum
@@ -0,0 +1,19 @@
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/hexa-org/policy-mapper/hexaIdql v0.6.0-alpha.3 h1:kApPuTEC8bVualHsj0CA5avqk7DgU2ZiJOpLG5EiKTM=
+github.com/hexa-org/policy-mapper/hexaIdql v0.6.0-alpha.3/go.mod h1:mqzC3LjDSVimn8u7s98JWJjrYUm4fCR7ZlMsqI/7ABM=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/sdk/core/idp/apps.go b/sdk/core/idp/apps.go
new file mode 100644
index 00000000..f1219de5
--- /dev/null
+++ b/sdk/core/idp/apps.go
@@ -0,0 +1,12 @@
+package idp
+
+type AppInfo interface {
+	Id() string
+	Name() string
+	DisplayName() string
+	Type() string
+}
+
+type AppInfoSvc interface {
+	GetApplications() ([]AppInfo, error)
+}
diff --git a/sdk/core/internal/testhelper/idql/fixtures.go b/sdk/core/internal/testhelper/idql/fixtures.go
new file mode 100644
index 00000000..a9b9ef93
--- /dev/null
+++ b/sdk/core/internal/testhelper/idql/fixtures.go
@@ -0,0 +1,43 @@
+package idql
+
+import (
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/internal/testhelper"
+)
+
+const MetaVersion = "5.0"
+
+func ReadHrUSPolicy() hexapolicy.PolicyInfo {
+	return MakeTestPolicy(testhelper.ResourceHrUs, []string{testhelper.ActionHttpGet}, []string{testhelper.RoleReadHrUs})
+}
+
+// MakeTestPolicy - creates a IDQL policy for the specified resource, http method and members
+// e.g. MakeTestPolicy("some-resource",
+//
+//	[]string{http.MethodGet, http.MethodPost},
+//	[]string{"role1", "role2"})
+func MakeTestPolicy(resourceId string, httpMethods []string, members []string) hexapolicy.PolicyInfo {
+	return hexapolicy.PolicyInfo{
+		Meta:    hexapolicy.MetaInfo{Version: MetaVersion},
+		Actions: MakeActionInfo(httpMethods...),
+		Subject: hexapolicy.SubjectInfo{Members: members},
+		Object: hexapolicy.ObjectInfo{
+			ResourceID: resourceId,
+		},
+	}
+}
+
+// MakeActionInfo - converts an http method to hexapolicy.ActionInfo
+// e.g. MakeActionInfo([]string{http.MethodGet, http.MethodPost})
+func MakeActionInfo(httpMethods ...string) []hexapolicy.ActionInfo {
+	actionInfos := make([]hexapolicy.ActionInfo, 0)
+	for _, aMethod := range httpMethods {
+		if aMethod == "" {
+			// if testing with a "" action, pass it as is
+			actionInfos = append(actionInfos, hexapolicy.ActionInfo{ActionUri: aMethod})
+		} else {
+			actionInfos = append(actionInfos, hexapolicy.ActionInfo{ActionUri: "http:" + aMethod})
+		}
+	}
+	return actionInfos
+}
diff --git a/sdk/core/internal/testhelper/policy_test_data.go b/sdk/core/internal/testhelper/policy_test_data.go
new file mode 100644
index 00000000..d524d449
--- /dev/null
+++ b/sdk/core/internal/testhelper/policy_test_data.go
@@ -0,0 +1,14 @@
+package testhelper
+
+const ResourceHrUs = "/humanresources/us"
+const ResourceProfile = "/profile"
+
+const ActionHttpGet = "http:GET"
+const ActionHttpPost = "http:POST"
+
+const RoleReadHrUs = "Read.HR_US"
+const RoleReadProfile = "Read.Profile"
+
+// RoleUnassigned1 Use these to test new assignments
+const RoleUnassigned1 = "Read.Unassigned1"
+const RoleUnassigned2 = "Read.Unassigned2"
diff --git a/sdk/core/internal/testhelper/rar_test_helper.go b/sdk/core/internal/testhelper/rar_test_helper.go
new file mode 100644
index 00000000..a88e4b61
--- /dev/null
+++ b/sdk/core/internal/testhelper/rar_test_helper.go
@@ -0,0 +1,49 @@
+package testhelper
+
+import "github.com/hexa-org/policy-orchestrator/sdk/core/rar"
+
+// MakeRarMap - builds a map with as many elements as in the given httpMethods array
+// key = "http:" + aMethod + resource
+// value = rar.ResourceActionRoles
+// e.g. { "http:GET/someresource": rar, "http:POST/someresource": rar }
+func MakeRarMap(resource string, httpMethods []string, members []string) map[string]rar.ResourceActionRoles {
+	return MakeRarMapMultiple([]string{resource}, [][]string{httpMethods}, [][]string{members})
+}
+
+// MakeRarMapMultiple builds a map with as many element as total len of httpMethods
+// number of elements in each array param should be equal
+// i.e. len(resources) == len(httpMethods) == len(members)
+// individual member elements can be nil or empty
+// e.g. MakeRarMapMultiple({"res1", "res2", {{GET,POST},{PUT}}, {{"mem1"}, {nil}})
+// returns {
+//    key1: rar(res1, GET, mem1,
+//    key2: rar(res1, POST, mem1,
+//    key3: rar(res2, PUT, nil
+// }
+
+func MakeRarMapMultiple(resources []string, httpMethods [][]string, members [][]string) map[string]rar.ResourceActionRoles {
+	rarMap := make(map[string]rar.ResourceActionRoles)
+	for i, aResource := range resources {
+		for _, aMethod := range httpMethods[i] {
+			lookupKey := makeRarKey(aResource, aMethod)
+			aRar, _ := rar.NewResourceActionRoles(aResource, []string{aMethod}, members[i])
+			rarMap[lookupKey] = aRar
+		}
+	}
+	return rarMap
+}
+
+func MakeRarListMultiple(resources []string, httpMethods [][]string, members [][]string) []rar.ResourceActionRoles {
+	rarList := make([]rar.ResourceActionRoles, 0)
+	for i, aResource := range resources {
+		for _, aMethod := range httpMethods[i] {
+			aRar, _ := rar.NewResourceActionRoles(aResource, []string{aMethod}, members[i])
+			rarList = append(rarList, aRar)
+		}
+	}
+	return rarList
+}
+
+func makeRarKey(resource, method string) string {
+	return method + resource
+}
diff --git a/sdk/core/main.go b/sdk/core/main.go
new file mode 100644
index 00000000..f9d1aca6
--- /dev/null
+++ b/sdk/core/main.go
@@ -0,0 +1,10 @@
+package main
+
+import (
+	"fmt"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/policyprovider"
+)
+
+func main() {
+	fmt.Println("From core.Hello", policyprovider.Hello("saurabh"))
+}
diff --git a/sdk/core/policyprovider/idql_rar_mapper.go b/sdk/core/policyprovider/idql_rar_mapper.go
new file mode 100644
index 00000000..19a072a8
--- /dev/null
+++ b/sdk/core/policyprovider/idql_rar_mapper.go
@@ -0,0 +1,65 @@
+package policyprovider
+
+import (
+	"errors"
+	"fmt"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/rar"
+	log "golang.org/x/exp/slog"
+	"strings"
+)
+
+const ActionUriPrefix = "http:"
+
+// mapIdqlToRar - converts IDQL policy to a map with
+// key = resource+action, value = rar
+// each action in a IDQL results in a new rar.
+func mapIdqlToRar(origPolicies ...hexapolicy.PolicyInfo) (map[string]rar.ResourceActionRoles, error) {
+	resActionRarMap := make(map[string]rar.ResourceActionRoles)
+	log.Info("policyprovider.mapIdqlToRar", "origPolicies", origPolicies)
+
+	for _, pol := range origPolicies {
+
+		resource := strings.TrimSpace(pol.Object.ResourceID)
+		log.Info("policyprovider.mapIdqlToRar", "LOOP onePol.resource", resource, "actions", pol.Actions)
+		if resource == "" {
+			return nil, errors.New("mapIdqlToRar error mapping IDQL with empty resource")
+		}
+
+		if len(pol.Actions) == 0 {
+			return nil, fmt.Errorf("mapIdqlToRar error mapping IDQL with nil actionUri. Resource=%s", resource)
+		}
+
+		// convert each action to a rar
+		for _, anAction := range pol.Actions {
+			log.Info("policyprovider.mapIdqlToRar", "LOOP actions", anAction.ActionUri)
+			actionUri := strings.TrimSpace(anAction.ActionUri)
+			actionUri = strings.TrimPrefix(actionUri, ActionUriPrefix)
+			if actionUri == "" {
+				return nil, fmt.Errorf("mapIdqlToRar error mapping IDQL without actionUri. Resource=%s", resource)
+			}
+
+			lookupKey := actionUri + resource
+			log.Info("policyprovider.mapIdqlToRar", "LOOP actions lookupKey", lookupKey)
+			matchingRar, _ := resActionRarMap[lookupKey]
+			log.Info("policyprovider.mapIdqlToRar", "LOOP matchingRar", matchingRar)
+			members := make([]string, 0)
+			members = append(members, matchingRar.Members()...)
+			members = append(members, pol.Subject.Members...)
+			log.Info("policyprovider.mapIdqlToRar", "newMembers", members)
+			newRar, nErr := rar.NewResourceActionUriRoles(resource, []string{actionUri}, members)
+			log.Info("policyprovider.mapIdqlToRar", "newRar", newRar)
+			if nErr != nil {
+				log.Error("mapIdqlToRar",
+					"failed to make ResourceActionRoles resource", resource,
+					"action", actionUri,
+					"members", members,
+					"error", nErr)
+				return nil, nErr
+			}
+			resActionRarMap[lookupKey] = newRar
+		}
+	}
+
+	return resActionRarMap, nil
+}
diff --git a/sdk/core/policyprovider/idql_rar_mapper_test.go b/sdk/core/policyprovider/idql_rar_mapper_test.go
new file mode 100644
index 00000000..3590b5a6
--- /dev/null
+++ b/sdk/core/policyprovider/idql_rar_mapper_test.go
@@ -0,0 +1,176 @@
+package policyprovider
+
+import (
+	"github.com/hexa-org/policy-orchestrator/sdk/core/internal/testhelper"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/internal/testhelper/idql"
+	"github.com/stretchr/testify/assert"
+	"net/http"
+	"testing"
+)
+
+func TestMapIdqlToRar_ErrorWithoutResource(t *testing.T) {
+	expMethods := []string{http.MethodGet, http.MethodPost}
+	expMembers := []string{testhelper.RoleReadHrUs, testhelper.RoleReadProfile}
+	hexaPol := idql.MakeTestPolicy("", expMethods, expMembers)
+	actRarMap, err := mapIdqlToRar(hexaPol)
+	assert.ErrorContains(t, err, "empty resource")
+	assert.Nil(t, actRarMap)
+}
+
+// TestMapIdqlToRar_ActionTrimmed asserts no error returned if resource has leading/trailing spaces
+func TestMapIdqlToRar_ResourceTrimmed(t *testing.T) {
+	expResource := testhelper.ResourceHrUs
+	expMethods := []string{http.MethodGet, http.MethodPost}
+	expMembers := []string{testhelper.RoleReadHrUs, testhelper.RoleReadProfile}
+	hexaPol := idql.MakeTestPolicy("   "+expResource+"   ", expMethods, expMembers)
+	actRarMap, err := mapIdqlToRar(hexaPol)
+	assert.NoError(t, err)
+	assert.Equal(t, 2, len(actRarMap))
+	for _, actRar := range actRarMap {
+		assert.Equal(t, expResource, actRar.Resource())
+	}
+}
+
+func TestMapIdqlToRar_InvalidActionsError(t *testing.T) {
+	expResource := testhelper.ResourceHrUs
+	expMembers := []string{testhelper.RoleReadHrUs, testhelper.RoleReadProfile}
+	hexaPol := idql.MakeTestPolicy(expResource, nil, expMembers)
+	actRarMap, err := mapIdqlToRar(hexaPol)
+	assert.ErrorContains(t, err, "nil actionUri")
+	assert.Nil(t, actRarMap)
+
+	expMethods := []string{http.MethodGet, ""}
+	expMembers = []string{testhelper.RoleReadHrUs, testhelper.RoleReadProfile}
+	hexaPol = idql.MakeTestPolicy(expResource, expMethods, expMembers)
+	actRarMap, err = mapIdqlToRar(hexaPol)
+	assert.ErrorContains(t, err, "without actionUri")
+	assert.Nil(t, actRarMap)
+
+	expMethods = []string{http.MethodGet, "http:SOMETHING"}
+	expMembers = []string{testhelper.RoleReadHrUs, testhelper.RoleReadProfile}
+	hexaPol = idql.MakeTestPolicy(expResource, expMethods, expMembers)
+	actRarMap, err = mapIdqlToRar(hexaPol)
+	assert.ErrorContains(t, err, "Invalid http method")
+	assert.Nil(t, actRarMap)
+
+	//expMethods = []string{http.MethodGet, "  "}
+	//expMembers = []string{testhelper.RoleReadHrUs, testhelper.RoleReadProfile}
+	//hexaPol = idql.MakeTestPolicy(expResource, expMethods, expMembers)
+	//actRarMap, err = mapIdqlToRar(hexaPol)
+	//assert.ErrorContains(t, err, "Invalid http method")
+	//assert.Nil(t, actRarMap)
+}
+
+// TestMapIdqlToRar_ActionTrimmed asserts no error returned if action has leading/trailing spaces
+func TestMapIdqlToRar_ActionTrimmed(t *testing.T) {
+	expResource := testhelper.ResourceHrUs
+	expMethods := []string{http.MethodGet + "  "}
+	expMembers := []string{testhelper.RoleReadHrUs, testhelper.RoleReadProfile}
+	hexaPol := idql.MakeTestPolicy(expResource, expMethods, expMembers)
+	actRarMap, err := mapIdqlToRar(hexaPol)
+	assert.NoError(t, err)
+	assert.Equal(t, 1, len(actRarMap))
+	expRarMap := testhelper.MakeRarMap(expResource, []string{http.MethodGet}, expMembers)
+	assert.Equal(t, expRarMap, actRarMap)
+}
+
+// TestMapIdqlToRar - assets that when given idql with multiple actions
+// mapIdqlToRar maps each action to a separate rar
+func TestMapIdqlToRar_IdqlWithMultipleActions(t *testing.T) {
+	// Two hexa policies with same resource action, having different members
+	// One hexa policy with multiple actions, multiple members
+	expResource := testhelper.ResourceHrUs
+	expMethods := []string{http.MethodGet, http.MethodPost}
+	expMembers := []string{testhelper.RoleReadHrUs, testhelper.RoleReadProfile}
+	hexaPol := idql.MakeTestPolicy(expResource, expMethods, expMembers)
+
+	actRarMap, err := mapIdqlToRar(hexaPol)
+	assert.NoError(t, err)
+	assert.Equal(t, 2, len(actRarMap))
+	expRarMap := testhelper.MakeRarMap(expResource, expMethods, expMembers)
+	assert.Equal(t, expRarMap, actRarMap)
+}
+
+// TestMapIdqlToRar - assets that when given multiple idql policies with same resource, actions but different members
+// mapIdqlToRar maps merges the members into a single rar
+func TestMapIdqlToRar_MembersMergedInRar(t *testing.T) {
+	expResource := testhelper.ResourceHrUs
+	expMethods := []string{http.MethodGet, http.MethodPost}
+	expMembers1 := []string{testhelper.RoleReadHrUs, "  ", ""}
+	hexaPol1 := idql.MakeTestPolicy(expResource, expMethods, expMembers1)
+
+	expMembers2 := []string{"  ", "", testhelper.RoleReadProfile}
+	hexaPol2 := idql.MakeTestPolicy(expResource, expMethods, expMembers2)
+
+	actRarMap, err := mapIdqlToRar(hexaPol1, hexaPol2)
+	assert.NoError(t, err)
+	assert.Equal(t, 2, len(actRarMap))
+	expMembers := make([]string, 0)
+	expMembers = append(expMembers, expMembers1...)
+	expMembers = append(expMembers, expMembers2...)
+	expRarMap := testhelper.MakeRarMap(expResource, expMethods, expMembers)
+	assert.Equal(t, expRarMap, actRarMap)
+}
+
+// TestMapIdqlToRar_DuplicateIdqlPolicies asserts that when given duplicate idql policies
+// mapIdqlToRar removes the duplicates
+func TestMapIdqlToRar_DuplicateIdqlPolicies(t *testing.T) {
+	expResource := testhelper.ResourceHrUs
+	expMethods := []string{http.MethodGet, http.MethodPost}
+	expMembers := []string{testhelper.RoleReadHrUs, testhelper.RoleReadProfile}
+	hexaPol1 := idql.MakeTestPolicy(expResource, expMethods, expMembers)
+	hexaPol2 := idql.MakeTestPolicy(expResource, expMethods, expMembers)
+
+	actRarMap, err := mapIdqlToRar(hexaPol1, hexaPol2)
+	assert.NoError(t, err)
+	assert.Equal(t, 2, len(actRarMap))
+
+	expRarMap := testhelper.MakeRarMap(expResource, expMethods, expMembers)
+	assert.Equal(t, expRarMap, actRarMap)
+}
+
+// TestMapIdqlToRar_NoMembers asserts no error returned if no members in IDQL
+func TestMapIdqlToRar_NoMembers(t *testing.T) {
+	expResource := testhelper.ResourceHrUs
+	expMethods := []string{http.MethodGet, http.MethodPost}
+	tests := []struct {
+		name    string
+		members []string
+	}{
+		{name: "Nil members", members: nil},
+		{name: "No members", members: []string{}},
+		{name: "Empty members", members: []string{"", "  "}},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			hexaPol1 := idql.MakeTestPolicy(expResource, expMethods, tt.members)
+			actRarMap, err := mapIdqlToRar(hexaPol1)
+			assert.NoError(t, err)
+			assert.Equal(t, 2, len(actRarMap))
+			expRarMap := testhelper.MakeRarMap(expResource, expMethods, tt.members)
+			assert.Equal(t, expRarMap, actRarMap)
+		})
+	}
+}
+
+// TestMapIdqlToRar_MultiplePoliciesWithMultipleActions asserts a valid map
+// is returned when multiple idql policies are provided
+func TestMapIdqlToRar_MultiplePoliciesWithMultipleActions(t *testing.T) {
+	expResource1 := testhelper.ResourceHrUs
+	expMethods1 := []string{http.MethodGet, http.MethodPost}
+	expMembers1 := []string{testhelper.RoleReadHrUs, testhelper.RoleReadProfile}
+	hexaPol1 := idql.MakeTestPolicy(expResource1, expMethods1, expMembers1)
+
+	expResource2 := testhelper.ResourceProfile
+	expMethods2 := []string{http.MethodPut, http.MethodDelete}
+	expMembers2 := []string{testhelper.RoleReadHrUs, testhelper.RoleReadProfile}
+	hexaPol2 := idql.MakeTestPolicy(expResource2, expMethods2, expMembers2)
+
+	actRarMap, err := mapIdqlToRar(hexaPol1, hexaPol2)
+	assert.NoError(t, err)
+	assert.Equal(t, 4, len(actRarMap))
+	expRarMap := testhelper.MakeRarMapMultiple([]string{expResource1, expResource2}, [][]string{expMethods1, expMethods2}, [][]string{expMembers1, expMembers2})
+
+	assert.Equal(t, expRarMap, actRarMap)
+}
diff --git a/sdk/core/policyprovider/policy_provider_service.go b/sdk/core/policyprovider/policy_provider_service.go
new file mode 100644
index 00000000..2766200e
--- /dev/null
+++ b/sdk/core/policyprovider/policy_provider_service.go
@@ -0,0 +1,102 @@
+package policyprovider
+
+import (
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/idp"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/policystore"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/rar"
+	log "golang.org/x/exp/slog"
+)
+
+type ProviderService interface {
+	DiscoverApplications() ([]idp.AppInfo, error)
+	GetPolicyInfo(idp.AppInfo) ([]hexapolicy.PolicyInfo, error)
+	SetPolicyInfo(idp.AppInfo, []hexapolicy.PolicyInfo) error
+}
+
+type providerService[R any] struct {
+	appInfoSvc     idp.AppInfoSvc
+	policyStoreSvc policystore.PolicyBackendSvc[R]
+}
+
+func NewProviderService[R any](appInfoService idp.AppInfoSvc, policyStoreSvc policystore.PolicyBackendSvc[R]) ProviderService {
+	return &providerService[R]{appInfoSvc: appInfoService, policyStoreSvc: policyStoreSvc}
+}
+
+func (s *providerService[R]) DiscoverApplications() ([]idp.AppInfo, error) {
+	return s.appInfoSvc.GetApplications()
+}
+func (s *providerService[R]) GetPolicyInfo(appInfo idp.AppInfo) ([]hexapolicy.PolicyInfo, error) {
+	rarList, err := s.policyStoreSvc.GetPolicies(appInfo)
+	if err != nil {
+		log.Error("ProviderService.GetPolicyInfo",
+			"failed calling GetPolicies App.Name", appInfo.Name(),
+			"App.Id", appInfo.Id(),
+			"err=", err)
+		return []hexapolicy.PolicyInfo{}, err
+	}
+	return buildPolicies(rarList), nil
+}
+func (s *providerService[R]) SetPolicyInfo(appInfo idp.AppInfo, policies []hexapolicy.PolicyInfo) error {
+	log.Info("policyprovider.ProviderService", "appInfo", appInfo)
+	log.Info("policyprovider.ProviderService", "policies", policies)
+	existingRarList, err := s.policyStoreSvc.GetPolicies(appInfo)
+	if err != nil {
+		log.Error("ProviderService.SetPolicyInfo",
+			"failed calling GetPolicies App.Name", appInfo.Name(),
+			"App.Id", appInfo.Id(),
+			"err=", err)
+		return err
+	}
+
+	log.Info("policyprovider.ProviderService", "existingRarList", existingRarList)
+
+	if len(existingRarList) == 0 {
+		log.Info("ProviderService.SetPolicyInfo", "no existing policies, returning", "appInfo.Name()", appInfo.Name())
+		return nil
+	}
+
+	newPoliciesRarMap, err := mapIdqlToRar(policies...)
+	log.Info("policyprovider.ProviderService", "newPoliciesRarMap", newPoliciesRarMap)
+	if err != nil {
+		log.Error("ProviderService.SetPolicyInfo",
+			"failed to map IDQL to rar", appInfo.Name(),
+			"err=", err)
+		return err
+	}
+
+	if len(newPoliciesRarMap) == 0 {
+		log.Info("ProviderService.SetPolicyInfo", "no new policies, returning", "appInfo.Name()", appInfo.Name())
+		return nil
+	}
+
+	updateCalc := newUpdateCalculator(existingRarList, newPoliciesRarMap)
+	updateList := updateCalc.calculate()
+
+	for _, aRar := range updateList {
+		log.Info("ProviderService.SetPolicyInfo", "msg", "call policyStoreSvc.SetPolicy", "aRar", aRar)
+		updateErr := s.policyStoreSvc.SetPolicy(aRar)
+		if updateErr != nil {
+			log.Error("ProviderService.SetPolicyInfo", "msg", "failed to update policy in backend store",
+				"resource", aRar.Resource(),
+				"action", aRar.Actions(),
+				"members", aRar.Members(),
+				"error", updateErr)
+			return updateErr
+		}
+	}
+
+	return nil // StatusCreated
+}
+
+func Hello(name string) string {
+	return "Hello " + name
+}
+
+func buildPolicies(rarList []rar.ResourceActionRoles) []hexapolicy.PolicyInfo {
+	policies := make([]hexapolicy.PolicyInfo, 0)
+	for _, aRar := range rarList {
+		policies = append(policies, aRar.ToIDQL())
+	}
+	return policies
+}
diff --git a/sdk/core/policyprovider/rar_update_calculator.go b/sdk/core/policyprovider/rar_update_calculator.go
new file mode 100644
index 00000000..3cefaeb5
--- /dev/null
+++ b/sdk/core/policyprovider/rar_update_calculator.go
@@ -0,0 +1,70 @@
+package policyprovider
+
+import (
+	"github.com/hexa-org/policy-orchestrator/sdk/core/rar"
+	"golang.org/x/exp/slices"
+	log "golang.org/x/exp/slog"
+)
+
+type updateCalculator struct {
+	existingRars []rar.ResourceActionRoles
+	newRarMap    map[string]rar.ResourceActionRoles
+}
+
+func newUpdateCalculator(existingRars []rar.ResourceActionRoles, newRarMap map[string]rar.ResourceActionRoles) updateCalculator {
+	return updateCalculator{existingRars: existingRars, newRarMap: newRarMap}
+}
+
+func (c updateCalculator) calculate() []rar.ResourceActionRoles {
+	log.Info("updateCalculator.calculate", "msg", "BEGIN")
+
+	// finds new - existing
+	// if no changes, do not add to update list
+	// if new is empty, use new members
+	// if existing is empty, new members
+	// if both are non-empty,
+	//   no change - do no add to update list
+	//   there are changes - use new members.
+	// if both are empty, no change
+
+	updateList := make([]rar.ResourceActionRoles, 0)
+	for _, existing := range c.existingRars {
+
+		lookupKey := existing.Actions()[0] + existing.Resource() // TODO handle array actions
+		log.Info("updateCalculator.calculate", "msg", "LOOP existing lookupKey", lookupKey)
+
+		newRar, found := c.newRarMap[lookupKey]
+		log.Info("updateCalculator.calculate", "msg", "LOOP newRar", newRar, "found", found)
+		// We DON'T support orchestrating policy fragments
+		if !found {
+			log.Warn("updateCalculator.calculate", "msg", "requested policies do not contain existing policy",
+				"resource", existing.Resource(),
+				"action", existing.Actions(),
+				"members", existing.Members())
+
+			continue
+		}
+
+		newMembersLen := len(newRar.Members())
+		existingMembersLen := len(existing.Members())
+		log.Info("updateCalculator.calculate", "newMembersLen", newMembersLen, "existingMembersLen", existingMembersLen)
+
+		if newMembersLen == existingMembersLen {
+			// If both empty OR both same
+			if newMembersLen == 0 || slices.Compare(existing.Members(), newRar.Members()) == 0 {
+				log.Info("updateCalculator.calculate", "skipping", "no changes",
+					"resource", existing.Resource(),
+					"action", existing.Actions(),
+					"members", existing.Members())
+				continue // no change
+			}
+		}
+
+		// if new members empty OR if existing members are empty, OR if both are non-empty but differ
+		// we should just be able to use the new
+		log.Info("updateCalculator.calculate", "msg", "add to update list")
+		updateList = append(updateList, newRar)
+	}
+
+	return updateList
+}
diff --git a/sdk/core/policyprovider/rar_update_calculator_test.go b/sdk/core/policyprovider/rar_update_calculator_test.go
new file mode 100644
index 00000000..11a2bd4c
--- /dev/null
+++ b/sdk/core/policyprovider/rar_update_calculator_test.go
@@ -0,0 +1,166 @@
+package policyprovider
+
+import (
+	"github.com/hexa-org/policy-orchestrator/sdk/core/internal/testhelper"
+	"github.com/stretchr/testify/assert"
+	"net/http"
+	"testing"
+)
+
+var expResource1 = testhelper.ResourceHrUs
+var expMethods1 = []string{http.MethodGet, http.MethodPost}
+var existingMembers1 = []string{testhelper.RoleReadHrUs, testhelper.RoleReadProfile}
+
+var expResource2 = testhelper.ResourceProfile
+var expMethods2 = []string{http.MethodPut, http.MethodDelete}
+var existingMembers2 = []string{testhelper.RoleReadHrUs, testhelper.RoleReadProfile}
+
+// TestCalculate_AddMembers asserts update calculator returns expected rars
+// when adding new members to existing
+func TestCalculate_AddMembers(t *testing.T) {
+
+	// 4 rars with same members
+	existingRars := testhelper.MakeRarListMultiple(
+		[]string{expResource1, expResource2},
+		[][]string{expMethods1, expMethods2},
+		[][]string{existingMembers1, existingMembers2})
+
+	// Add 2 new members to resource1
+	newMembers1 := addMembersToExisting(existingMembers1, testhelper.RoleUnassigned1, testhelper.RoleUnassigned2)
+	// Add 2 new members to resource2
+	newMembers2 := addMembersToExisting(existingMembers2, testhelper.RoleUnassigned2, testhelper.RoleUnassigned1)
+
+	// 4 rars with new members (all same)
+	newRarMap := testhelper.MakeRarMapMultiple([]string{expResource1, expResource2}, [][]string{expMethods1, expMethods2}, [][]string{newMembers1, newMembers2})
+
+	calc := newUpdateCalculator(existingRars, newRarMap)
+	updateList := calc.calculate()
+	assert.Len(t, updateList, len(existingRars))
+
+	// Expect 4 rars with new and existing members
+	expUpdateList := testhelper.MakeRarListMultiple(
+		[]string{expResource1, expResource2},
+		[][]string{expMethods1, expMethods2},
+		[][]string{newMembers1, newMembers2})
+
+	assert.Equal(t, expUpdateList, updateList)
+
+}
+
+// TestCalculate_AddMembers asserts update calculator returns expected rars
+// when replacing all members
+func TestCalculate_RemoveMembers(t *testing.T) {
+
+	tests := []struct {
+		name        string
+		existing1   []string
+		existing2   []string
+		newMembers1 []string
+		newMembers2 []string
+	}{
+		{
+			name:        "Remove Some Members",
+			existing1:   addMembersToExisting(existingMembers1, testhelper.RoleUnassigned1, testhelper.RoleUnassigned2),
+			existing2:   addMembersToExisting(existingMembers2, testhelper.RoleUnassigned2, testhelper.RoleUnassigned1),
+			newMembers1: existingMembers1,
+			newMembers2: existingMembers2,
+		},
+		{
+			name:        "Replace All Members",
+			existing1:   existingMembers1,
+			existing2:   existingMembers2,
+			newMembers1: []string{testhelper.RoleUnassigned1, testhelper.RoleUnassigned2},
+			newMembers2: []string{testhelper.RoleUnassigned2, testhelper.RoleUnassigned1},
+		},
+		{
+			name:        "Remove All Members",
+			existing1:   existingMembers1,
+			existing2:   existingMembers2,
+			newMembers1: nil,
+			newMembers2: nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// 4 rars with same 4 members each
+			existingRars := testhelper.MakeRarListMultiple(
+				[]string{expResource1, expResource2},
+				[][]string{expMethods1, expMethods2},
+				[][]string{tt.existing1, tt.existing2})
+
+			// 4 rars with all members replaced
+			newRarMap := testhelper.MakeRarMapMultiple([]string{expResource1, expResource2}, [][]string{expMethods1, expMethods2}, [][]string{tt.newMembers1, tt.newMembers2})
+			calc := newUpdateCalculator(existingRars, newRarMap)
+			updateList := calc.calculate()
+			assert.Len(t, updateList, len(existingRars))
+
+			// Expect 4 rars with new members only
+			expUpdateList := testhelper.MakeRarListMultiple(
+				[]string{expResource1, expResource2},
+				[][]string{expMethods1, expMethods2},
+				[][]string{tt.newMembers1, tt.newMembers2})
+
+			assert.Equal(t, expUpdateList, updateList)
+		})
+	}
+}
+
+// TestCalculate_SkipOnNoChanges asserts no updates are returned
+// when there are no changes between exising and new
+func TestCalculate_SkipOnNoChanges(t *testing.T) {
+	// 4 rars with same members
+	existingRars := testhelper.MakeRarListMultiple(
+		[]string{expResource1, expResource2},
+		[][]string{expMethods1, expMethods2},
+		[][]string{existingMembers1, existingMembers2})
+
+	tests := []struct {
+		name               string
+		newMembers1        []string
+		newMembers2        []string
+		expEmptyUpdateList bool
+	}{
+		{
+			name:               "one changed, one unchanged",
+			newMembers1:        addMembersToExisting(existingMembers1, testhelper.RoleUnassigned1, testhelper.RoleUnassigned2),
+			newMembers2:        existingMembers2,
+			expEmptyUpdateList: false,
+		},
+		{
+			name:               "no changes",
+			newMembers1:        existingMembers1,
+			newMembers2:        existingMembers2,
+			expEmptyUpdateList: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// 4 rars with new members (all same)
+			newRarMap := testhelper.MakeRarMapMultiple([]string{expResource1, expResource2}, [][]string{expMethods1, expMethods2}, [][]string{tt.newMembers1, tt.newMembers2})
+
+			calc := newUpdateCalculator(existingRars, newRarMap)
+			updateList := calc.calculate()
+			if tt.expEmptyUpdateList {
+				assert.Empty(t, updateList)
+			} else {
+				assert.Len(t, updateList, 2)
+				// Expect 4 rars with new members only
+				expUpdateList := testhelper.MakeRarListMultiple(
+					[]string{expResource1},
+					[][]string{expMethods1},
+					[][]string{tt.newMembers1})
+
+				assert.Equal(t, expUpdateList, updateList)
+			}
+		})
+	}
+}
+
+func addMembersToExisting(existing []string, newMembers ...string) []string {
+	newMembers1 := make([]string, 0)
+	newMembers1 = append(newMembers1, existing...)
+	newMembers1 = append(newMembers1, newMembers...)
+	return newMembers
+}
diff --git a/sdk/core/policystore/policy_store.go b/sdk/core/policystore/policy_store.go
new file mode 100644
index 00000000..1b14b236
--- /dev/null
+++ b/sdk/core/policystore/policy_store.go
@@ -0,0 +1,11 @@
+package policystore
+
+import (
+	"github.com/hexa-org/policy-orchestrator/sdk/core/idp"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/rar"
+)
+
+type PolicyBackendSvc[R any] interface {
+	GetPolicies(info idp.AppInfo) ([]rar.ResourceActionRoles, error)
+	SetPolicy(rar rar.ResourceActionRoles) error
+}
diff --git a/sdk/core/rar/resource_action_roles.go b/sdk/core/rar/resource_action_roles.go
new file mode 100644
index 00000000..03287592
--- /dev/null
+++ b/sdk/core/rar/resource_action_roles.go
@@ -0,0 +1,128 @@
+package rar
+
+import (
+	"errors"
+	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"golang.org/x/exp/slices"
+	log "golang.org/x/exp/slog"
+	"net/http"
+	"strings"
+)
+
+const ActionUriPrefix = "http:"
+
+var supportedHttpMethods = []string{http.MethodGet, http.MethodHead, http.MethodPost,
+	http.MethodPut, http.MethodPatch, http.MethodDelete,
+	http.MethodConnect, http.MethodOptions, http.MethodTrace}
+
+// ResourceActionRolesMapper - Clients provide implementation based on their policy schema
+// The external vendor specific policy struct must implement this interface
+// which will be used to convert the vendor specific policy to ResourceActionRoles
+// Simple mapper with
+// - non composite keys and values
+// auto generated table definition
+type ResourceActionRolesMapper interface {
+	MapTo() (ResourceActionRoles, error)
+}
+
+type DynamicResourceActionRolesMapper struct {
+}
+
+func (d DynamicResourceActionRolesMapper) MapTo() (ResourceActionRoles, error) {
+	//TODO implement me
+	panic("implement me")
+}
+
+// ResourceActionRoles - an internal representation of a policy
+// Vendor specific policies are transformed to / from IDQL
+// using this struct
+// TODO - Rename to something better
+type ResourceActionRoles struct {
+	resource string
+	actions  []string // http method e.g GET
+	roles    []string
+}
+
+// NewResourceActionRoles - creates ResourceActionRoles with specified
+// resource, http methods and roles
+// e.g. NewResourceActionRoles("some-resource", {http.GET, http.POST}, {...} )
+func NewResourceActionRoles(resource string, httpMethods []string, roles []string) (ResourceActionRoles, error) {
+	return newResourceActionRoles(resource, httpMethods, roles)
+}
+
+// NewResourceActionUriRoles creates ResourceActionRoles for an idql policy
+// e.g. NewResourceActionUriRoles("some-resource", {"http:GET", "http:POST"}, {...} )
+func NewResourceActionUriRoles(resource string, actionUris []string, roles []string) (ResourceActionRoles, error) {
+	httpMethods := make([]string, 0)
+	for _, prefixedMethod := range actionUris {
+		trimmed := strings.TrimSpace(prefixedMethod)
+		unPrefixed := strings.TrimPrefix(trimmed, ActionUriPrefix)
+		httpMethods = append(httpMethods, unPrefixed)
+	}
+	return newResourceActionRoles(resource, httpMethods, roles)
+}
+
+func newResourceActionRoles(aResource string, httpMethods []string, roles []string) (ResourceActionRoles, error) {
+
+	resource := strings.TrimSpace(aResource)
+	// TODO - Check if resource itself is "/"
+	if resource == "" {
+		log.Warn("NewResourceActionRoles empty resource")
+		return ResourceActionRoles{}, errors.New("error creating ResourceActionRole with empty resource")
+	}
+
+	tmpActions := make([]string, 0)
+	for _, aMethod := range httpMethods {
+		trimmed := strings.TrimSpace(aMethod)
+		if slices.Index(supportedHttpMethods, trimmed) < 0 {
+			return ResourceActionRoles{}, errors.New("error creating ResourceActionRole. Invalid http method " + aMethod)
+		}
+		tmpActions = append(tmpActions, trimmed)
+	}
+
+	sortedActions := sanitizeAndSort(tmpActions)
+	members := sanitizeAndSort(roles)
+	return ResourceActionRoles{resource: resource,
+		actions: sortedActions, roles: members}, nil
+}
+
+func (rar ResourceActionRoles) Resource() string {
+	return rar.resource
+}
+
+func (rar ResourceActionRoles) Actions() []string {
+	return rar.actions
+}
+
+func (rar ResourceActionRoles) Members() []string {
+	return rar.roles
+}
+
+func (rar ResourceActionRoles) ToIDQL() hexapolicy.PolicyInfo {
+	actionInfos := make([]hexapolicy.ActionInfo, 0)
+	for _, act := range rar.Actions() {
+		actionInfos = append(actionInfos, hexapolicy.ActionInfo{ActionUri: ActionUriPrefix + act})
+	}
+	return hexapolicy.PolicyInfo{
+		Meta:    hexapolicy.MetaInfo{Version: "0.5"},
+		Actions: actionInfos,
+		Subject: hexapolicy.SubjectInfo{Members: rar.Members()},
+		Object:  hexapolicy.ObjectInfo{ResourceID: rar.Resource()},
+	}
+}
+
+// sanitizeAndSort - removes duplicates, trims each element
+// returns sorted slice
+func sanitizeAndSort(orig []string) []string {
+	slices.Sort(orig) // keep sorted, and also compact replaces consecutive elements
+	ret := make([]string, 0)
+	// Compact to remove duplicates
+	for _, elem := range slices.Compact(orig) {
+		aElem := strings.TrimSpace(elem)
+		if len(aElem) > 0 {
+			ret = append(ret, aElem)
+		}
+	}
+
+	return ret
+}
diff --git a/sdk/provideraws/awscommon/aws_http_client.go b/sdk/provideraws/awscommon/aws_http_client.go
new file mode 100644
index 00000000..4f183cb9
--- /dev/null
+++ b/sdk/provideraws/awscommon/aws_http_client.go
@@ -0,0 +1,52 @@
+package awscommon
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/credentials"
+	logger "golang.org/x/exp/slog"
+	"net/http"
+)
+
+// AWSHttpClient
+// Contents copied from policy-orchestrator/internal/orchestratorproviders/amazonwebservices/awscommon/amazon_http_client.go
+type AWSHttpClient interface {
+	Do(req *http.Request) (*http.Response, error)
+}
+
+//type AWSClientOptions struct {
+//	HTTPClient AWSHttpClient
+//	DisableRetry bool
+//}
+
+func GetAwsClientConfig(key []byte, httpClient AWSHttpClient) (aws.Config, error) {
+	var awsCredentials credentialsInfo
+	err := json.NewDecoder(bytes.NewReader(key)).Decode(&awsCredentials)
+	if err != nil {
+		logger.Error("GetAwsClientConfig msg", "failed to decode awsCredentials. Error", err)
+		return aws.Config{}, err
+	}
+
+	awsOptions := []func(options *config.LoadOptions) error{
+		config.WithCredentialsProvider(credentials.StaticCredentialsProvider{
+			Value: aws.Credentials{AccessKeyID: awsCredentials.AccessKeyID, SecretAccessKey: awsCredentials.SecretAccessKey},
+		}),
+		config.WithRegion(awsCredentials.Region),
+	}
+
+	if httpClient != nil {
+		awsOptions = append(awsOptions, config.WithHTTPClient(httpClient))
+		awsOptions = append(awsOptions, config.WithRetryer(func() aws.Retryer { return aws.NopRetryer{} }))
+	}
+
+	return config.LoadDefaultConfig(context.Background(), awsOptions...)
+}
+
+type credentialsInfo struct {
+	AccessKeyID     string `json:"accessKeyID"`
+	SecretAccessKey string `json:"secretAccessKey"`
+	Region          string `json:"region"`
+}
diff --git a/sdk/provideraws/awscommon/go.mod b/sdk/provideraws/awscommon/go.mod
new file mode 100644
index 00000000..5aa3a6c3
--- /dev/null
+++ b/sdk/provideraws/awscommon/go.mod
@@ -0,0 +1,23 @@
+module github.com/hexa-org/policy-orchestrator/sdk/provideraws/awscommon
+
+go 1.20
+
+require (
+	github.com/aws/aws-sdk-go-v2 v1.21.2
+	github.com/aws/aws-sdk-go-v2/config v1.18.45
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.43
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
+)
+
+require (
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect
+	github.com/aws/smithy-go v1.15.0 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+)
diff --git a/sdk/provideraws/awscommon/go.sum b/sdk/provideraws/awscommon/go.sum
new file mode 100644
index 00000000..fbe63c7e
--- /dev/null
+++ b/sdk/provideraws/awscommon/go.sum
@@ -0,0 +1,34 @@
+github.com/aws/aws-sdk-go-v2 v1.21.2 h1:+LXZ0sgo8quN9UOKXXzAWRT3FWd4NxeXWOZom9pE7GA=
+github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
+github.com/aws/aws-sdk-go-v2/config v1.18.45 h1:Aka9bI7n8ysuwPeFdm77nfbyHCAKQ3z9ghB3S/38zes=
+github.com/aws/aws-sdk-go-v2/config v1.18.45/go.mod h1:ZwDUgFnQgsazQTnWfeLWk5GjeqTQTL8lMkoE1UXzxdE=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.43 h1:LU8vo40zBlo3R7bAvBVy/ku4nxGEyZe9N8MqAeFTzF8=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.43/go.mod h1:zWJBz1Yf1ZtX5NGax9ZdNjhhI4rgjfgsyk6vTY1yfVg=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 h1:PIktER+hwIG286DqXyvVENjgLTAwGgoeriLDD5C+YlQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13/go.mod h1:f/Ib/qYjhV2/qdsf79H3QP/eRE4AkVyEf6sk7XfZ1tg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 h1:nFBQlGtkbPzp/NjZLuFxRqmT91rLJkgvsEQs68h962Y=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 h1:JRVhO25+r3ar2mKGP7E0LDl8K9/G36gjlqca5iQbaqc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 h1:hze8YsjSh8Wl1rYa1CJpRmXP21BvOBuc76YhW0HsuQ4=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45/go.mod h1:lD5M20o09/LCuQ2mE62Mb/iSdSlCNuj6H5ci7tW7OsE=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 h1:WWZA/I2K4ptBS1kg0kV1JbBtG/umed0vwHRrmcr9z7k=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37/go.mod h1:vBmDnwWXWxNPFRMmG2m/3MKOe+xEcMDo1tanpaWCcck=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 h1:JuPGc7IkOP4AaqcZSIcyqLpFSqBWK32rM9+a1g6u73k=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.2/go.mod h1:gsL4keucRCgW+xA85ALBpRFfdSLH4kHOVSnLMSuBECo=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 h1:HFiiRkf1SdaAmV3/BHOFZ9DjFynPHj8G/UIO1lQS+fk=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3/go.mod h1:a7bHA82fyUXOm+ZSWKU6PIoBxrjSprdLoM8xPYvzYVg=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 h1:0BkLfgeDjfZnZ+MhB3ONb01u9pwFYTCZVhlsSSBvlbU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.2/go.mod h1:Eows6e1uQEsc4ZaHANmsPRzAKcVDrcmjjWiih2+HUUQ=
+github.com/aws/smithy-go v1.15.0 h1:PS/durmlzvAFpQHDs4wi4sNNP9ExsqZh6IlfdHXgKK8=
+github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/sdk/provideraws/cognitoidp/congnito_app_svc.go b/sdk/provideraws/cognitoidp/congnito_app_svc.go
new file mode 100644
index 00000000..b640dbd8
--- /dev/null
+++ b/sdk/provideraws/cognitoidp/congnito_app_svc.go
@@ -0,0 +1,61 @@
+package cognitoidp
+
+import (
+	"github.com/hexa-org/policy-orchestrator/sdk/core/idp"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/cognitoidp/internal/client"
+	logger "golang.org/x/exp/slog"
+)
+
+type appInfoSvc struct {
+	cognito client.CognitoClient
+}
+
+type Opt func(svc *appInfoSvc)
+
+func WithCognitoClientOverride(client client.CognitoClient) Opt {
+	return func(svc *appInfoSvc) {
+		svc.cognito = client
+	}
+}
+func NewAppInfoSvc(key []byte, opts ...Opt) (idp.AppInfoSvc, error) {
+	if len(opts) == 0 {
+		cognito, err := client.NewCognitoClient(key, nil)
+		if err != nil {
+			logger.Error("NewAppInfoSvc", "error building CognitoClient", "error", err.Error())
+			return nil, err
+		}
+		return &appInfoSvc{cognito: cognito}, nil
+	}
+
+	svc := &appInfoSvc{}
+	for _, o := range opts {
+		o(svc)
+	}
+	return svc, nil
+}
+
+func (as *appInfoSvc) GetApplications() ([]idp.AppInfo, error) {
+	return as.getResourceServers()
+}
+
+func (as *appInfoSvc) getResourceServers() ([]idp.AppInfo, error) {
+	pools, err := as.cognito.ListUserPools()
+	if err != nil {
+		logger.Error("getResourceServers", "error calling listUserPools aws cognito api", err.Error())
+		return nil, err
+	}
+
+	apps := make([]idp.AppInfo, 0)
+	for _, p := range pools.UserPools {
+		rsOutput, err := as.cognito.ListResourceServers(*p.Id)
+		if err != nil {
+			logger.Error("getResourceServers", "error calling listResourceServers aws cognito api. UserPoolId", *p.Id, "error", err.Error())
+			return nil, err
+		}
+
+		for _, rs := range rsOutput.ResourceServers {
+			apps = append(apps, NewResourceServerAppInfo(*rs.UserPoolId, *rs.Name, *rs.Name, *rs.Identifier))
+		}
+	}
+	return apps, err
+}
diff --git a/sdk/provideraws/cognitoidp/congnito_app_svc_test.go b/sdk/provideraws/cognitoidp/congnito_app_svc_test.go
new file mode 100644
index 00000000..b7a9244b
--- /dev/null
+++ b/sdk/provideraws/cognitoidp/congnito_app_svc_test.go
@@ -0,0 +1,54 @@
+package cognitoidp_test
+
+import (
+	"errors"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/idp"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/cognitoidp"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/cognitoidp/internal/testhelper"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+// TestNewAppInfoSvc_WithRealCognitoClient - asserts a new AppInfoSvc
+// with actual cognito client. Since it uses random aws credentials, we expect an error
+// when using the appInfoSvc to make calls.
+func TestNewAppInfoSvc_WithRealCognitoClient(t *testing.T) {
+	svc, err := cognitoidp.NewAppInfoSvc(testhelper.AwsCredentialsForTest())
+	assert.NoError(t, err)
+	assert.NotNil(t, svc)
+	applications, err := svc.GetApplications()
+	assert.ErrorContains(t, err, "StatusCode: 400")
+	assert.Nil(t, applications)
+}
+
+func TestGetApplications_ListUserPoolsError(t *testing.T) {
+	svc, m := newAppInfoSvcWithMock()
+	m.ExpectListUserPools(nil, errors.New("user pools error"))
+	_, err := svc.GetApplications()
+	assert.ErrorContains(t, err, "user pools error")
+}
+
+func TestGetApplications_ListResourceServersError(t *testing.T) {
+	svc, m := newAppInfoSvcWithMock()
+	m.ExpectListUserPools(testhelper.ListUserPoolsOutput(), nil)
+	m.ExpectListResourceServers(testhelper.TestUserPoolId, nil, errors.New("resource servers error"))
+	_, err := svc.GetApplications()
+	assert.ErrorContains(t, err, "resource servers error")
+}
+
+func TestGetApplications_Success(t *testing.T) {
+	svc, m := newAppInfoSvcWithMock()
+	m.ExpectListUserPools(testhelper.ListUserPoolsOutput(), nil)
+	m.ExpectListResourceServers(testhelper.TestUserPoolId, testhelper.ListResourceServersOutput(), nil)
+	apps, err := svc.GetApplications()
+	assert.NoError(t, err)
+	assert.Equal(t, 1, len(apps))
+	exp := cognitoidp.NewResourceServerAppInfo(testhelper.TestUserPoolId, testhelper.TestResourceServerName, testhelper.TestResourceServerName, testhelper.TestResourceServerIdentifier)
+	assert.Equal(t, exp, apps[0].(cognitoidp.ResourceServerAppInfo))
+}
+
+func newAppInfoSvcWithMock() (idp.AppInfoSvc, *testhelper.MockCognitoClient) {
+	m := testhelper.NewMockCognitoClient()
+	svc, _ := cognitoidp.NewAppInfoSvc(nil, cognitoidp.WithCognitoClientOverride(m))
+	return svc, m
+}
diff --git a/sdk/provideraws/cognitoidp/go.mod b/sdk/provideraws/cognitoidp/go.mod
new file mode 100644
index 00000000..66e5e8be
--- /dev/null
+++ b/sdk/provideraws/cognitoidp/go.mod
@@ -0,0 +1,37 @@
+module github.com/hexa-org/policy-orchestrator/sdk/provideraws/cognitoidp
+
+go 1.20
+
+require (
+	github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.27.0
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
+)
+
+require (
+	github.com/aws/aws-sdk-go-v2 v1.21.2
+	github.com/hexa-org/policy-orchestrator/sdk/core v0.6.0-alpha.8
+	github.com/hexa-org/policy-orchestrator/sdk/provideraws/awscommon v0.6.0-alpha.8
+	github.com/stretchr/testify v1.8.4
+)
+
+require (
+	github.com/aws/aws-sdk-go-v2/config v1.18.45 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.43 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect
+	github.com/aws/smithy-go v1.15.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/kr/pretty v0.3.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/rogpeppe/go-internal v1.11.0 // indirect
+	github.com/stretchr/objx v0.5.0 // indirect
+	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
diff --git a/sdk/provideraws/cognitoidp/go.sum b/sdk/provideraws/cognitoidp/go.sum
new file mode 100644
index 00000000..29b2416b
--- /dev/null
+++ b/sdk/provideraws/cognitoidp/go.sum
@@ -0,0 +1,72 @@
+github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
+github.com/aws/aws-sdk-go-v2 v1.21.2 h1:+LXZ0sgo8quN9UOKXXzAWRT3FWd4NxeXWOZom9pE7GA=
+github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
+github.com/aws/aws-sdk-go-v2/config v1.18.45 h1:Aka9bI7n8ysuwPeFdm77nfbyHCAKQ3z9ghB3S/38zes=
+github.com/aws/aws-sdk-go-v2/config v1.18.45/go.mod h1:ZwDUgFnQgsazQTnWfeLWk5GjeqTQTL8lMkoE1UXzxdE=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.43 h1:LU8vo40zBlo3R7bAvBVy/ku4nxGEyZe9N8MqAeFTzF8=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.43/go.mod h1:zWJBz1Yf1ZtX5NGax9ZdNjhhI4rgjfgsyk6vTY1yfVg=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 h1:PIktER+hwIG286DqXyvVENjgLTAwGgoeriLDD5C+YlQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13/go.mod h1:f/Ib/qYjhV2/qdsf79H3QP/eRE4AkVyEf6sk7XfZ1tg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41/go.mod h1:CrObHAuPneJBlfEJ5T3szXOUkLEThaGfvnhTf33buas=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 h1:nFBQlGtkbPzp/NjZLuFxRqmT91rLJkgvsEQs68h962Y=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35/go.mod h1:SJC1nEVVva1g3pHAIdCp7QsRIkMmLAgoDquQ9Rr8kYw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 h1:JRVhO25+r3ar2mKGP7E0LDl8K9/G36gjlqca5iQbaqc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 h1:hze8YsjSh8Wl1rYa1CJpRmXP21BvOBuc76YhW0HsuQ4=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45/go.mod h1:lD5M20o09/LCuQ2mE62Mb/iSdSlCNuj6H5ci7tW7OsE=
+github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.27.0 h1:f5Pwi2WroVsN6Qd3eS2MdBqxHRjT8V2tOkoy/JDQUcI=
+github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.27.0/go.mod h1:y1KD4pOtJebA4NsZPuT7+FnLqhilsCxjZtXkWZm2pBE=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 h1:WWZA/I2K4ptBS1kg0kV1JbBtG/umed0vwHRrmcr9z7k=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37/go.mod h1:vBmDnwWXWxNPFRMmG2m/3MKOe+xEcMDo1tanpaWCcck=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 h1:JuPGc7IkOP4AaqcZSIcyqLpFSqBWK32rM9+a1g6u73k=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.2/go.mod h1:gsL4keucRCgW+xA85ALBpRFfdSLH4kHOVSnLMSuBECo=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 h1:HFiiRkf1SdaAmV3/BHOFZ9DjFynPHj8G/UIO1lQS+fk=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3/go.mod h1:a7bHA82fyUXOm+ZSWKU6PIoBxrjSprdLoM8xPYvzYVg=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 h1:0BkLfgeDjfZnZ+MhB3ONb01u9pwFYTCZVhlsSSBvlbU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.2/go.mod h1:Eows6e1uQEsc4ZaHANmsPRzAKcVDrcmjjWiih2+HUUQ=
+github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/aws/smithy-go v1.15.0 h1:PS/durmlzvAFpQHDs4wi4sNNP9ExsqZh6IlfdHXgKK8=
+github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/hexa-org/policy-orchestrator/sdk/core v0.6.0-alpha.8 h1:rGqQOR5KjMl4+sBQxGzOwK5Qz63nbMjDBeuV2aeBWsk=
+github.com/hexa-org/policy-orchestrator/sdk/core v0.6.0-alpha.8/go.mod h1:rK63pk8W/+VJnj08hmgo9kVXd8gpNRqo7z1h/Ecrtw0=
+github.com/hexa-org/policy-orchestrator/sdk/provideraws/awscommon v0.6.0-alpha.8 h1:iEx5oLRkYKr9ST9RGyw8E2nZAxJvAx0EiJiMxZVkETc=
+github.com/hexa-org/policy-orchestrator/sdk/provideraws/awscommon v0.6.0-alpha.8/go.mod h1:/X5vEXgKOddu3KBNP2pT8lgBsVksoRa32xaQIkLs6ZU=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/sdk/provideraws/cognitoidp/internal/client/client.go b/sdk/provideraws/cognitoidp/internal/client/client.go
new file mode 100644
index 00000000..dd5c82fd
--- /dev/null
+++ b/sdk/provideraws/cognitoidp/internal/client/client.go
@@ -0,0 +1,38 @@
+package client
+
+import (
+	"context"
+	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/awscommon"
+	logger "golang.org/x/exp/slog"
+)
+
+type CognitoClient interface {
+	ListUserPools() (*cognitoidentityprovider.ListUserPoolsOutput, error)
+	ListResourceServers(userPoolId string) (*cognitoidentityprovider.ListResourceServersOutput, error)
+}
+
+type cognitoClient struct {
+	client *cognitoidentityprovider.Client
+}
+
+func NewCognitoClient(key []byte, httpClient awscommon.AWSHttpClient) (CognitoClient, error) {
+	cfg, err := awscommon.GetAwsClientConfig(key, httpClient)
+	if err != nil {
+		logger.Error("NewCognitoClient", "error building aws client config", "error", err.Error())
+		return nil, err
+	}
+	return &cognitoClient{client: cognitoidentityprovider.NewFromConfig(cfg)}, nil
+}
+
+func (c *cognitoClient) ListUserPools() (*cognitoidentityprovider.ListUserPoolsOutput, error) {
+	poolsInput := cognitoidentityprovider.ListUserPoolsInput{MaxResults: 20}
+	pools, err := c.client.ListUserPools(context.Background(), &poolsInput)
+	return pools, err
+}
+
+func (c *cognitoClient) ListResourceServers(userPoolId string) (*cognitoidentityprovider.ListResourceServersOutput, error) {
+	rsInput := cognitoidentityprovider.ListResourceServersInput{UserPoolId: &userPoolId, MaxResults: 10}
+	rsOutput, err := c.client.ListResourceServers(context.Background(), &rsInput)
+	return rsOutput, err
+}
diff --git a/sdk/provideraws/cognitoidp/internal/client/client_test.go b/sdk/provideraws/cognitoidp/internal/client/client_test.go
new file mode 100644
index 00000000..1d1b9f7e
--- /dev/null
+++ b/sdk/provideraws/cognitoidp/internal/client/client_test.go
@@ -0,0 +1,64 @@
+package client
+
+import (
+	"fmt"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/awscommon"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/cognitoidp/internal/testhelper"
+	"github.com/stretchr/testify/assert"
+	"net/http"
+	"testing"
+	"time"
+)
+
+// TestListUserPools - asserts the cognito listUserPools endpoint is called
+// and that the return ListUserPoolsOutput struct is as expected.
+func TestListUserPools(t *testing.T) {
+	m := testhelper.NewMockCognitoHttpClient()
+	m.ExpectListUserPools(nil)
+	c := newClient(m)
+	act, err := c.ListUserPools()
+	assert.NoError(t, err)
+	assert.NotNil(t, act)
+	assert.Equal(t, 1, len(act.UserPools))
+	assert.Equal(t, testhelper.TestUserPoolName, *act.UserPools[0].Name)
+	assert.Equal(t, testhelper.TestUserPoolId, *act.UserPools[0].Id)
+}
+
+func TestListResourceServers(t *testing.T) {
+	m := testhelper.NewMockCognitoHttpClient()
+	c := newClient(m)
+	m.ExpectListResourceServers(nil)
+	act, err := c.ListResourceServers(testhelper.TestUserPoolId)
+	assert.NoError(t, err)
+	assert.NotNil(t, act)
+	assert.Equal(t, 1, len(act.ResourceServers))
+	assert.Equal(t, testhelper.TestUserPoolId, *act.ResourceServers[0].UserPoolId)
+	assert.Equal(t, testhelper.TestResourceServerName, *act.ResourceServers[0].Name)
+	assert.Equal(t, testhelper.TestResourceServerIdentifier, *act.ResourceServers[0].Identifier)
+}
+
+// TestListUserPools_Error - asserts an error is returned when calling the real cognito
+// listUserPools endpoint. Since this uses random aws credentials, an error is expected.
+func TestListUserPools_Error(t *testing.T) {
+	httpClient := &http.Client{Timeout: time.Second}
+	c := newClient(httpClient)
+	pools, err := c.ListUserPools()
+	assert.ErrorContains(t, err, "StatusCode: 400")
+	assert.Nil(t, pools)
+}
+
+// TestListResourceServers_Error - asserts an error is returned calling the real cognito
+// listResourceServers endpoint. Since this uses random aws credentials, an error is expected.
+func TestListResourceServers_Error(t *testing.T) {
+	httpClient := &http.Client{Timeout: time.Second}
+	c := newClient(httpClient)
+	pools, err := c.ListResourceServers(testhelper.TestUserPoolId)
+	assert.ErrorContains(t, err, "StatusCode: 400")
+	fmt.Println(err)
+	assert.Nil(t, pools)
+}
+
+func newClient(httpClient awscommon.AWSHttpClient) CognitoClient {
+	c, _ := NewCognitoClient(testhelper.AwsCredentialsForTest(), httpClient)
+	return c
+}
diff --git a/sdk/provideraws/cognitoidp/internal/testhelper/cognito_idp_api_fixtures.go b/sdk/provideraws/cognitoidp/internal/testhelper/cognito_idp_api_fixtures.go
new file mode 100644
index 00000000..65c1209b
--- /dev/null
+++ b/sdk/provideraws/cognitoidp/internal/testhelper/cognito_idp_api_fixtures.go
@@ -0,0 +1,59 @@
+package testhelper
+
+import (
+	"encoding/json"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
+	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
+)
+
+// ListUserPoolsResponse - builds valid response body bytes for a
+// successful listUserPools response
+func ListUserPoolsResponse() []byte {
+	expBytes, _ := json.Marshal(ListUserPoolsOutput())
+	return expBytes
+}
+
+// ListUserPoolsOutput - builds a valid cognito ListUserPoolsOutput struct
+// with the UserPoolId and UserPoolName
+func ListUserPoolsOutput() *cognitoidentityprovider.ListUserPoolsOutput {
+	return &cognitoidentityprovider.ListUserPoolsOutput{
+		NextToken: nil,
+		UserPools: []types.UserPoolDescriptionType{
+			{
+				Id:   aws.String(TestUserPoolId),
+				Name: aws.String(TestUserPoolName),
+			},
+		},
+	}
+}
+
+func ListResourceServersOutput() *cognitoidentityprovider.ListResourceServersOutput {
+	return ListResourceServersOutputCustom(TestUserPoolId, TestResourceServerName, TestResourceServerIdentifier)
+}
+
+func ListResourceServersOutputCustom(userPoolId, name, identifier string) *cognitoidentityprovider.ListResourceServersOutput {
+	usePoolId := TestUserPoolId
+	useName := TestResourceServerName
+	useIdentifier := TestResourceServerIdentifier
+
+	if userPoolId != "" {
+		usePoolId = userPoolId
+	}
+	if name != "" {
+		useName = name
+	}
+	if identifier != "" {
+		useIdentifier = identifier
+	}
+
+	return &cognitoidentityprovider.ListResourceServersOutput{
+		ResourceServers: []types.ResourceServerType{
+			{
+				Identifier: &useIdentifier,
+				Name:       &useName,
+				UserPoolId: &usePoolId,
+			},
+		},
+	}
+}
diff --git a/sdk/provideraws/cognitoidp/internal/testhelper/helper.go b/sdk/provideraws/cognitoidp/internal/testhelper/helper.go
new file mode 100644
index 00000000..231f90e7
--- /dev/null
+++ b/sdk/provideraws/cognitoidp/internal/testhelper/helper.go
@@ -0,0 +1,24 @@
+package testhelper
+
+import "fmt"
+
+const TestAwsRegion = "us-west-1"
+const TestAwsAccessKeyId = "anAccessKeyID"
+const TestAwsSecretAccessKey = "aSecretAccessKey"
+
+const TestUserPoolId = "some-user-pool-id"
+const TestUserPoolName = "some-user-pool-name"
+const TestResourceServerIdentifier = "https://some-resource-server"
+const TestResourceServerName = "some-resource-server-name"
+
+func AwsCredentialsForTest() []byte {
+	str := fmt.Sprintf(`
+{
+  "accessKeyID": "%s",
+  "secretAccessKey": "%s",
+  "region": "%s"
+}
+`, TestAwsAccessKeyId, TestAwsSecretAccessKey, TestAwsRegion)
+
+	return []byte(str)
+}
diff --git a/sdk/provideraws/cognitoidp/internal/testhelper/mock_cognito_client.go b/sdk/provideraws/cognitoidp/internal/testhelper/mock_cognito_client.go
new file mode 100644
index 00000000..c3fcabaf
--- /dev/null
+++ b/sdk/provideraws/cognitoidp/internal/testhelper/mock_cognito_client.go
@@ -0,0 +1,32 @@
+package testhelper
+
+import (
+	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
+	"github.com/stretchr/testify/mock"
+)
+
+type MockCognitoClient struct {
+	mock.Mock
+}
+
+func NewMockCognitoClient() *MockCognitoClient {
+	return &MockCognitoClient{}
+}
+
+func (mc *MockCognitoClient) ListUserPools() (*cognitoidentityprovider.ListUserPoolsOutput, error) {
+	args := mc.Called()
+	return args.Get(0).(*cognitoidentityprovider.ListUserPoolsOutput), args.Error(1)
+}
+
+func (mc *MockCognitoClient) ListResourceServers(userPoolId string) (*cognitoidentityprovider.ListResourceServersOutput, error) {
+	args := mc.Called(userPoolId)
+	return args.Get(0).(*cognitoidentityprovider.ListResourceServersOutput), args.Error(1)
+}
+
+func (mc *MockCognitoClient) ExpectListUserPools(output *cognitoidentityprovider.ListUserPoolsOutput, err error) {
+	mc.On("ListUserPools").Return(output, err)
+}
+
+func (mc *MockCognitoClient) ExpectListResourceServers(userPoolId string, withOutput *cognitoidentityprovider.ListResourceServersOutput, withErr error) {
+	mc.On("ListResourceServers", userPoolId).Return(withOutput, withErr)
+}
diff --git a/sdk/provideraws/cognitoidp/internal/testhelper/mock_cognito_http_client.go b/sdk/provideraws/cognitoidp/internal/testhelper/mock_cognito_http_client.go
new file mode 100644
index 00000000..f8d16bca
--- /dev/null
+++ b/sdk/provideraws/cognitoidp/internal/testhelper/mock_cognito_http_client.go
@@ -0,0 +1,51 @@
+package testhelper
+
+import (
+	"bytes"
+	"encoding/json"
+	"github.com/stretchr/testify/mock"
+	"io"
+	"net/http"
+)
+
+type MockCognitoHttpClient struct {
+	mock.Mock
+}
+
+func NewMockCognitoHttpClient() *MockCognitoHttpClient {
+	return &MockCognitoHttpClient{}
+}
+
+func (m *MockCognitoHttpClient) Do(req *http.Request) (*http.Response, error) {
+	args := m.Called(req)
+	return args.Get(0).(*http.Response), args.Error(1)
+}
+
+// ExpectListUserPools - caller expects the listUserPools endpoint to be called
+// with either err OR a valid response (see ListUserPoolsResponse())
+func (m *MockCognitoHttpClient) ExpectListUserPools(err error) {
+	var resp *http.Response
+	if err == nil {
+		resp = &http.Response{StatusCode: http.StatusOK, Body: io.NopCloser(bytes.NewReader(ListUserPoolsResponse()))}
+	}
+	theFunc := mock.MatchedBy(func(req *http.Request) bool {
+		return req.Method == http.MethodPost &&
+			req.Header.Get("X-Amz-Target") == "AWSCognitoIdentityProviderService.ListUserPools"
+	})
+
+	m.On("Do", theFunc).Return(resp, err)
+}
+
+func (m *MockCognitoHttpClient) ExpectListResourceServers(err error) {
+	var resp *http.Response
+	if err == nil {
+		expBytes, _ := json.Marshal(ListResourceServersOutput())
+		resp = &http.Response{StatusCode: http.StatusOK, Body: io.NopCloser(bytes.NewReader(expBytes))}
+	}
+	theFunc := mock.MatchedBy(func(req *http.Request) bool {
+		return req.Method == http.MethodPost &&
+			req.Header.Get("X-Amz-Target") == "AWSCognitoIdentityProviderService.ListResourceServers"
+	})
+
+	m.On("Do", theFunc).Return(resp, err)
+}
diff --git a/sdk/provideraws/cognitoidp/resource_server_app.go b/sdk/provideraws/cognitoidp/resource_server_app.go
new file mode 100644
index 00000000..01a45d94
--- /dev/null
+++ b/sdk/provideraws/cognitoidp/resource_server_app.go
@@ -0,0 +1,28 @@
+package cognitoidp
+
+type ResourceServerAppInfo struct {
+	id          string
+	name        string
+	description string
+	identifier  string
+}
+
+func NewResourceServerAppInfo(id string, name string, description string, identifier string) ResourceServerAppInfo {
+	return ResourceServerAppInfo{id: id, name: name, description: description, identifier: identifier}
+}
+
+func (a ResourceServerAppInfo) Id() string {
+	return a.id
+}
+func (a ResourceServerAppInfo) Name() string {
+	return a.name
+}
+func (a ResourceServerAppInfo) DisplayName() string {
+	return a.description
+}
+func (a ResourceServerAppInfo) Identifier() string {
+	return a.identifier
+}
+func (a ResourceServerAppInfo) Type() string {
+	return "Cognito Resource Server"
+}
diff --git a/sdk/provideraws/policystore/dynamodbpolicystore/ddbtest/mock_policy_store_svc.go b/sdk/provideraws/policystore/dynamodbpolicystore/ddbtest/mock_policy_store_svc.go
new file mode 100644
index 00000000..32804c56
--- /dev/null
+++ b/sdk/provideraws/policystore/dynamodbpolicystore/ddbtest/mock_policy_store_svc.go
@@ -0,0 +1,21 @@
+package ddbtest
+
+import (
+	"github.com/hexa-org/policy-orchestrator/sdk/core/idp"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/rar"
+	"github.com/stretchr/testify/mock"
+)
+
+type MockPolicyStoreSvc[R rar.ResourceActionRolesMapper] struct {
+	mock.Mock
+}
+
+func (m *MockPolicyStoreSvc[R]) GetPolicies(app idp.AppInfo) ([]rar.ResourceActionRoles, error) {
+	args := m.Called(app)
+	return args.Get(0).([]rar.ResourceActionRoles), args.Error(1)
+}
+
+func (m *MockPolicyStoreSvc[R]) SetPolicy(rar rar.ResourceActionRoles) error {
+	args := m.Called(rar)
+	return args.Error(0)
+}
diff --git a/sdk/provideraws/policystore/dynamodbpolicystore/dynamic_table_definition.go b/sdk/provideraws/policystore/dynamodbpolicystore/dynamic_table_definition.go
new file mode 100644
index 00000000..00bf83fa
--- /dev/null
+++ b/sdk/provideraws/policystore/dynamodbpolicystore/dynamic_table_definition.go
@@ -0,0 +1,31 @@
+package dynamodbpolicystore
+
+import (
+	"encoding/json"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/rar"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/policystore/dynamodbpolicystore/internal/table"
+	log "golang.org/x/exp/slog"
+)
+
+func NewAttributeDefinition(nameOrPath string, valType string, pk bool, sk bool) *table.AttributeDefinition {
+	return table.NewAttributeDefinition(nameOrPath, valType, pk, sk)
+}
+
+func NewSimpleTableInfo[R rar.ResourceActionRolesMapper](tableName string, sampleItem R) (*table.TableInfo[R], error) {
+	return table.NewSimpleTableInfo(tableName, sampleItem)
+}
+
+func NewDynamicTableInfo(tableName string, resourceAttrDef, actionsAttrDef, membersAttrDef *table.AttributeDefinition) (*table.TableInfo[rar.DynamicResourceActionRolesMapper], error) {
+	return table.NewDynamicTableInfo(tableName, resourceAttrDef, actionsAttrDef, membersAttrDef)
+}
+
+func NewTableDefinitionV2(jsonStr string) (table.TableDefinition, error) {
+	var defV2 table.TableDefinitionV2
+	err := json.Unmarshal([]byte(jsonStr), &defV2)
+	if err != nil {
+		log.Error("NewTableDefinitionV2", "msg", "failed to marshall string to TableDefinitionV2",
+			"jsonStr", jsonStr, "error", err)
+		return table.TableDefinitionV2{}, err
+	}
+	return defV2, nil
+}
diff --git a/sdk/provideraws/policystore/dynamodbpolicystore/dynamodb_policy_store_svc.go b/sdk/provideraws/policystore/dynamodbpolicystore/dynamodb_policy_store_svc.go
new file mode 100644
index 00000000..757eb30e
--- /dev/null
+++ b/sdk/provideraws/policystore/dynamodbpolicystore/dynamodb_policy_store_svc.go
@@ -0,0 +1,301 @@
+package dynamodbpolicystore
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
+	ddb "github.com/aws/aws-sdk-go-v2/service/dynamodb"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/idp"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/policystore"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/rar"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/policystore/dynamodbpolicystore/internal/client"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/policystore/dynamodbpolicystore/internal/table"
+	log "golang.org/x/exp/slog"
+	"sort"
+	"strings"
+)
+
+type PolicyStoreSvc[R rar.ResourceActionRolesMapper] struct {
+	client    client.DynamodbClient
+	tableInfo *table.TableInfo[R]
+}
+
+type Opt[R rar.ResourceActionRolesMapper] func(svc *PolicyStoreSvc[R])
+
+func WithDynamodbClientOverride[R rar.ResourceActionRolesMapper](client client.DynamodbClient) Opt[R] {
+	return func(svc *PolicyStoreSvc[R]) {
+		svc.client = client
+	}
+}
+
+/*
+func NewPolicyStoreSvcSimpleTable[R rar.ResourceActionRolesMapper](tableName string, tableItem R, key []byte, opts ...Opt[R]) (policystore.PolicyBackendSvc[R], error) {
+	aTableInfo, err := table.NewTableInfo[R](tableName, tableItem)
+	if err != nil {
+		return nil, err
+	}
+
+	return newPolicyStoreSvc(aTableInfo, key, opts...)
+}
+
+func NewPolicyStoreSvcDynamicTable(tableName string, tableDef table.TableDefinition, key []byte, opts ...Opt[rar.DynamicResourceActionRolesMapper]) (policystore.PolicyBackendSvc[rar.DynamicResourceActionRolesMapper], error) {
+	aTableInfo, err := table.NewDynamicTableInfo[rar.DynamicResourceActionRolesMapper](tableName, tableDef)
+	//aTableInfo, err := NewTableInfo[rar.DynamicResourceActionRolesMapper](tableName, rar.DynamicResourceActionRolesMapper{})
+	if err != nil {
+		return nil, err
+	}
+
+	return newPolicyStoreSvc[rar.DynamicResourceActionRolesMapper](aTableInfo, key, opts...)
+}
+*/
+
+func newPolicyStoreSvc[R rar.ResourceActionRolesMapper](tableInfo *table.TableInfo[R], key []byte, opts ...Opt[R]) (policystore.PolicyBackendSvc[R], error) {
+	svc := &PolicyStoreSvc[R]{tableInfo: tableInfo}
+	if len(opts) == 0 {
+		c, err := client.NewDynamodbClient(key, nil)
+		if err != nil {
+			return nil, err
+		}
+		svc.client = c
+	}
+
+	for _, o := range opts {
+		o(svc)
+	}
+	return svc, nil
+}
+
+func NewPolicyStoreSvc[R rar.ResourceActionRolesMapper](tableInfo *table.TableInfo[R], key []byte, opts ...Opt[R]) (policystore.PolicyBackendSvc[R], error) {
+	if tableInfo == nil {
+		return nil, errors.New("failed to create PolicyStoreSvc without tableInfo")
+	}
+
+	svc := &PolicyStoreSvc[R]{tableInfo: tableInfo}
+	if len(opts) == 0 {
+		c, err := client.NewDynamodbClient(key, nil)
+		if err != nil {
+			return nil, err
+		}
+		svc.client = c
+	}
+
+	for _, o := range opts {
+		o(svc)
+	}
+	return svc, nil
+}
+
+func (s *PolicyStoreSvc[R]) GetPolicies(_ idp.AppInfo) ([]rar.ResourceActionRoles, error) {
+	input := &ddb.ScanInput{TableName: &s.tableInfo.TableName}
+	output, err := s.client.Scan(context.TODO(), input)
+
+	if err != nil {
+		log.Error("PolicyStoreSvc.GetPolicies", "Failed to Scan table. Err=", err)
+		return nil, err
+	}
+
+	var rarList []rar.ResourceActionRoles
+
+	if s.tableInfo.ItemMappingDynamic {
+		rarList, err = s.getPoliciesDynamic(output)
+	} else {
+		// If can be mapped to a provided struct, then use simple MapTo
+		rarList, err = s.getPoliciesSimple(output)
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	sortResourceActionRoleList(rarList)
+	return rarList, nil
+}
+
+func (s *PolicyStoreSvc[R]) getPoliciesDynamic(output *ddb.ScanOutput) ([]rar.ResourceActionRoles, error) {
+	var items []interface{}
+	err := attributevalue.UnmarshalListOfMaps(output.Items, &items)
+	if err != nil {
+		log.Error("PolicyStoreSvc.GetPolicies", "Failed to unmarshal items. Err=", err)
+		return nil, err
+	}
+	return s.toRarListV2(items)
+}
+
+func (s *PolicyStoreSvc[R]) getPoliciesSimple(output *ddb.ScanOutput) ([]rar.ResourceActionRoles, error) {
+	var items []R
+	err := attributevalue.UnmarshalListOfMaps(output.Items, &items)
+	if err != nil {
+		log.Error("PolicyStoreSvc.GetPolicies", "Failed to unmarshal items. Err=", err)
+		return nil, err
+	}
+
+	return simpleRarListMapper(items)
+}
+
+func simpleRarListMapper[R rar.ResourceActionRolesMapper](items []R) ([]rar.ResourceActionRoles, error) {
+	rarList := make([]rar.ResourceActionRoles, 0)
+	for _, item := range items {
+		aRar, err := item.MapTo()
+		if err != nil {
+			log.Error("ToResourceActionRoleList", "failed to map item to ResourceActionRoles", err)
+			return nil, err
+		}
+		rarList = append(rarList, aRar)
+	}
+
+	return rarList, nil
+}
+
+func sortResourceActionRoleList(rarList []rar.ResourceActionRoles) {
+	sort.SliceStable(rarList, func(i, j int) bool {
+		resComp := strings.Compare(rarList[i].Resource(), rarList[j].Resource())
+		actComp := strings.Compare(rarList[i].Actions()[0], rarList[j].Actions()[0]) // TODO handle array
+		switch resComp {
+		case 0:
+			return actComp <= 0
+		default:
+			return resComp < 0
+		}
+	})
+}
+
+func (s *PolicyStoreSvc[R]) SetPolicy(aRar rar.ResourceActionRoles) error {
+	log.Info("PolicyStoreSvc.SetPolicy", "msg", "aRar", aRar)
+	builderV2 := client.NewInputBuilderV2(s.tableInfo.TableName, s.tableInfo.TableDefinition)
+
+	input, err := builderV2.UpdateItemInput(aRar)
+	if err != nil {
+		log.Error("PolicyStoreSvc.SetPolicy", "msg", "failed to build updateItemInput", "error", err)
+		return err
+	}
+
+	// TODO - process output
+	log.Error("PolicyStoreSvc.SetPolicy", "msg", input)
+	_, err = s.client.UpdateItem(context.TODO(), input)
+	return err
+}
+
+func (s *PolicyStoreSvc[R]) toRarListV2(scanOutputItems []interface{}) ([]rar.ResourceActionRoles, error) {
+
+	rarList := make([]rar.ResourceActionRoles, 0)
+
+	for _, anItem := range scanOutputItems {
+		log.Info("toRarListV2", "anItem", anItem)
+		theMap := anItem.(map[string]interface{})
+		aRar, err := getRarFromItem(s.tableInfo.TableDefinition, theMap)
+		if err != nil {
+			return nil, err
+		}
+		rarList = append(rarList, aRar)
+
+	}
+	return rarList, nil
+}
+
+func getRarFromItem(tableDef table.TableDefinition, theMap map[string]interface{}) (rar.ResourceActionRoles, error) {
+	var resource string
+	var actions []string
+	var members []string
+
+	for policyAttrType, aDef := range tableDef.AttrDefinitionMap() {
+		valArr, err := parseItemValueForRar(aDef, theMap)
+		if err != nil {
+			return rar.ResourceActionRoles{}, err
+		}
+
+		if len(valArr) == 0 {
+			continue
+		}
+
+		switch policyAttrType {
+		case table.PolicyAttrTypeResource:
+			resource = valArr[0]
+			break
+		case table.PolicyAttrTypeActions:
+			actions = valArr
+			break
+		case table.PolicyAttrTypeMembers:
+			members = valArr
+			break
+		default:
+			return rar.ResourceActionRoles{}, fmt.Errorf("invalid PolicyAttrType %s. Should be one of [resource, actions, members]. AttrNameOrPath=%s", policyAttrType, aDef.NameOrPath)
+		}
+	}
+
+	return rar.NewResourceActionRoles(resource, actions, members)
+}
+
+// parseValue returns []string irrespective or attribute value type
+// caller to decide whether to use array fully, or just first element
+// while building rar
+func parseItemValueForRar(aDef *table.AttributeDefinition, theMap map[string]interface{}) ([]string, error) {
+	nameOrPath := aDef.NameOrPath
+	var aVal interface{}
+	tmpMap := theMap
+	if aDef.Pk || aDef.Sk {
+		aVal = theMap[nameOrPath]
+	} else {
+		// non key - can be composite
+		// value can be []string, []int, string, int
+		// just get the leaf value here. dont worry about value type.
+		partsArr := strings.Split(nameOrPath, "/")
+		numParts := len(partsArr)
+
+		// last part is not a map so only loop till 2nd last
+		for _, aPart := range partsArr[0 : numParts-1] {
+			tmpMap = tmpMap[aPart].(map[string]interface{})
+		}
+
+		attrName := partsArr[numParts-1] // last one is the actual attribute
+		aVal = tmpMap[attrName]
+	}
+
+	var strArr []string
+	if aDef.ValType == "[]string" {
+		strArr = aVal.([]string)
+	} else if aDef.ValType == "[]int" {
+		arrVal := aVal.([]int)
+		strArr = make([]string, 0)
+		for _, v := range arrVal {
+			strArr = append(strArr, fmt.Sprintf("%v", v))
+		}
+	} else if aDef.ValType == "string" {
+		// takes care of int, string
+		strVal := fmt.Sprintf("%s", aVal)
+		strVal = strings.TrimSpace(strVal)
+		// Check if its an array encoded as a string
+		// e.g. members = "[\"Read.HRUS\"]"
+		// in our test dynamodb instance, we use a string type for members, but
+		// it actually supports multiple members "[\"Read.HRUS\", \"Read.HRUK\"]"
+		if strings.HasPrefix(strVal, "[") && strings.HasSuffix(strVal, "]") {
+			err := json.Unmarshal([]byte(strVal), &strArr)
+			if err != nil {
+				return nil, fmt.Errorf("failed to unmarshall string as array for %s. string value %s: error %w", nameOrPath, strVal, err)
+			}
+		} else {
+			strArr = []string{fmt.Sprintf("%s", aVal)}
+		}
+	} else {
+		// its an int
+		strArr = []string{fmt.Sprintf("%v", aVal)}
+	}
+
+	return strArr, nil
+}
+
+/*
+func (s *PolicyStoreSvc[R]) toRarList(scanOutputItems []interface{}) ([]rar.ResourceActionRoles, error) {
+	rars := make([]rar.ResourceActionRoles, 0)
+	for _, anItem := range scanOutputItems {
+		aRar, err := s.tableInfo.ItemType.MapToV2(anItem)
+		if err != nil {
+			return nil, err
+		}
+		rars = append(rars, aRar)
+	}
+	return rars, nil
+}
+
+*/
diff --git a/sdk/provideraws/policystore/dynamodbpolicystore/dynamodb_policy_store_svc_test.go b/sdk/provideraws/policystore/dynamodbpolicystore/dynamodb_policy_store_svc_test.go
new file mode 100644
index 00000000..543b7e80
--- /dev/null
+++ b/sdk/provideraws/policystore/dynamodbpolicystore/dynamodb_policy_store_svc_test.go
@@ -0,0 +1,91 @@
+package dynamodbpolicystore_test
+
+import (
+	"errors"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/idp"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/policystore"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/rar"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/policystore/dynamodbpolicystore"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/policystore/dynamodbpolicystore/internal/table"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/policystore/dynamodbpolicystore/internal/testhelper"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestNewPolicyStoreSvc_Error(t *testing.T) {
+	tableInfo, err := table.NewSimpleTableInfo(testhelper.TableName, testhelper.SimpleDynamodbItem{})
+	svc, err := dynamodbpolicystore.NewPolicyStoreSvc(tableInfo, []byte("$$"))
+	assert.ErrorContains(t, err, "invalid character '$'")
+	assert.Nil(t, svc)
+}
+
+func TestNewPolicyStoreSvc(t *testing.T) {
+	tableInfo, err := table.NewSimpleTableInfo(testhelper.TableName, testhelper.SimpleDynamodbItem{})
+	svc, err := dynamodbpolicystore.NewPolicyStoreSvc(tableInfo, testhelper.AwsCredentialsForTest())
+	assert.NoError(t, err)
+	assert.NotNil(t, svc)
+}
+
+func TestGetPolicies_ScanError(t *testing.T) {
+	svc, c := newPolicyStoreSvcAndClient()
+	app := new(idp.AppInfo)
+	c.ExpectScan(errors.New("some-error"))
+	policies, err := svc.GetPolicies(*app)
+	assert.ErrorContains(t, err, "some-error")
+	assert.Nil(t, policies)
+}
+
+func TestGetPolicies_EmptyItemsFromScan(t *testing.T) {
+	svc, c := newPolicyStoreSvcAndClient()
+	app := new(idp.AppInfo)
+	c.ExpectScan(nil)
+	policies, err := svc.GetPolicies(*app)
+	assert.NoError(t, err)
+	assert.NotNil(t, policies)
+	assert.Empty(t, policies)
+}
+func TestGetPolicies(t *testing.T) {
+	svc, c := newPolicyStoreSvcAndClient()
+	app := new(idp.AppInfo)
+	expRar := testhelper.MakeResourceActionRoles()
+
+	c.ExpectScan(nil, expRar)
+	policies, err := svc.GetPolicies(*app)
+	assert.NoError(t, err)
+	assert.NotNil(t, policies)
+	assert.Equal(t, []rar.ResourceActionRoles{expRar}, policies)
+}
+
+func TestSetPolicy(t *testing.T) {
+	svc, c := newPolicyStoreSvcAndClient()
+	expRar := testhelper.MakeResourceActionRoles()
+	c.ExpectUpdateItem(expRar, nil)
+	err := svc.SetPolicy(expRar)
+	assert.NoError(t, err)
+}
+
+func TestWithDynamicItemJson(t *testing.T) {
+	svc, mockClient := newSvcWithDynamicTableDef()
+	app := new(idp.AppInfo)
+	expRar := testhelper.MakeResourceActionRoles()
+
+	mockClient.ExpectScan(nil, expRar)
+	policies, err := svc.GetPolicies(*app)
+	assert.NoError(t, err)
+	assert.NotNil(t, policies)
+	assert.Equal(t, []rar.ResourceActionRoles{expRar}, policies)
+}
+
+func newPolicyStoreSvcAndClient() (policystore.PolicyBackendSvc[testhelper.SimpleDynamodbItem], *testhelper.MockClient) {
+	mockClient := testhelper.NewMockClient()
+	aOpt := dynamodbpolicystore.WithDynamodbClientOverride[testhelper.SimpleDynamodbItem](mockClient)
+	svc, _ := dynamodbpolicystore.NewPolicyStoreSvc(testhelper.SimpleTableInfo(), testhelper.AwsCredentialsForTest(), aOpt)
+	return svc, mockClient
+}
+
+func newSvcWithDynamicTableDef() (policystore.PolicyBackendSvc[rar.DynamicResourceActionRolesMapper], *testhelper.MockClient) {
+	mockClient := testhelper.NewMockClient()
+	aOpt := dynamodbpolicystore.WithDynamodbClientOverride[rar.DynamicResourceActionRolesMapper](mockClient)
+	svc, _ := dynamodbpolicystore.NewPolicyStoreSvc(testhelper.DynamicTableInfo(), testhelper.AwsCredentialsForTest(), aOpt)
+	return svc, mockClient
+}
diff --git a/sdk/provideraws/policystore/dynamodbpolicystore/go.mod b/sdk/provideraws/policystore/dynamodbpolicystore/go.mod
new file mode 100644
index 00000000..9ded3b31
--- /dev/null
+++ b/sdk/provideraws/policystore/dynamodbpolicystore/go.mod
@@ -0,0 +1,41 @@
+module github.com/hexa-org/policy-orchestrator/sdk/provideraws/policystore/dynamodbpolicystore
+
+go 1.20
+
+require (
+	github.com/aws/aws-sdk-go-v2 v1.21.2
+	github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.10.42
+	github.com/aws/aws-sdk-go-v2/service/dynamodb v1.22.2
+	github.com/aws/smithy-go v1.15.0
+	github.com/stretchr/testify v1.8.4
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
+)
+
+require (
+	github.com/hexa-org/policy-orchestrator/sdk/core v0.6.0-alpha.8
+	github.com/hexa-org/policy-orchestrator/sdk/provideraws/awscommon v0.6.0-alpha.8
+)
+
+require (
+	github.com/aws/aws-sdk-go-v2/config v1.18.45 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.43 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect
+	github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.15.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.15 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.37 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/hexa-org/policy-mapper/hexaIdql v0.6.0-alpha.3 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/stretchr/objx v0.5.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
diff --git a/sdk/provideraws/policystore/dynamodbpolicystore/go.sum b/sdk/provideraws/policystore/dynamodbpolicystore/go.sum
new file mode 100644
index 00000000..74d757a7
--- /dev/null
+++ b/sdk/provideraws/policystore/dynamodbpolicystore/go.sum
@@ -0,0 +1,71 @@
+github.com/aws/aws-sdk-go-v2 v1.21.2 h1:+LXZ0sgo8quN9UOKXXzAWRT3FWd4NxeXWOZom9pE7GA=
+github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
+github.com/aws/aws-sdk-go-v2/config v1.18.45 h1:Aka9bI7n8ysuwPeFdm77nfbyHCAKQ3z9ghB3S/38zes=
+github.com/aws/aws-sdk-go-v2/config v1.18.45/go.mod h1:ZwDUgFnQgsazQTnWfeLWk5GjeqTQTL8lMkoE1UXzxdE=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.43 h1:LU8vo40zBlo3R7bAvBVy/ku4nxGEyZe9N8MqAeFTzF8=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.43/go.mod h1:zWJBz1Yf1ZtX5NGax9ZdNjhhI4rgjfgsyk6vTY1yfVg=
+github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.10.42 h1:taACSYOzbwyrJPvzX0ucCkB9gxkIkcYkuXkUhNRsnJ0=
+github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.10.42/go.mod h1:y4dbQK/yjYJ2HXqx57/G8FvLckKtN61s/IWNVvP5k9E=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 h1:PIktER+hwIG286DqXyvVENjgLTAwGgoeriLDD5C+YlQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13/go.mod h1:f/Ib/qYjhV2/qdsf79H3QP/eRE4AkVyEf6sk7XfZ1tg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 h1:nFBQlGtkbPzp/NjZLuFxRqmT91rLJkgvsEQs68h962Y=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 h1:JRVhO25+r3ar2mKGP7E0LDl8K9/G36gjlqca5iQbaqc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 h1:hze8YsjSh8Wl1rYa1CJpRmXP21BvOBuc76YhW0HsuQ4=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45/go.mod h1:lD5M20o09/LCuQ2mE62Mb/iSdSlCNuj6H5ci7tW7OsE=
+github.com/aws/aws-sdk-go-v2/service/dynamodb v1.22.2 h1:s7oacej7gZm+Bcq5BxZIlm5HWjEyKiWtOt405QZ+WOA=
+github.com/aws/aws-sdk-go-v2/service/dynamodb v1.22.2/go.mod h1:1HkLh8vaL4obF95fne7ZOu7sxomS/+vkBt3/+gqqwE4=
+github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.15.7 h1:WCeS9WZbIqEKCbgIkrHB5jw/9mO2QMYTLPF8wee3v4Y=
+github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.15.7/go.mod h1:uT1paW42RVCVEoAEbWKu98gEI0GMBWUsT/H+pI4ODJQ=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.15 h1:7R8uRYyXzdD71KWVCL78lJZltah6VVznXBazvKjfH58=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.15/go.mod h1:26SQUPcTNgV1Tapwdt4a1rOsYRsnBsJHLMPoxK2b0d8=
+github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.37 h1:4LoizcvPT9A0tiAFhepxn0bGZXkzvN0pG0epydY3Pno=
+github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.37/go.mod h1:7xBUZyP6LeLc+5Ym9PG7atqw4sR28sBtYcHETik+bPE=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 h1:WWZA/I2K4ptBS1kg0kV1JbBtG/umed0vwHRrmcr9z7k=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37/go.mod h1:vBmDnwWXWxNPFRMmG2m/3MKOe+xEcMDo1tanpaWCcck=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 h1:JuPGc7IkOP4AaqcZSIcyqLpFSqBWK32rM9+a1g6u73k=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.2/go.mod h1:gsL4keucRCgW+xA85ALBpRFfdSLH4kHOVSnLMSuBECo=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 h1:HFiiRkf1SdaAmV3/BHOFZ9DjFynPHj8G/UIO1lQS+fk=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3/go.mod h1:a7bHA82fyUXOm+ZSWKU6PIoBxrjSprdLoM8xPYvzYVg=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 h1:0BkLfgeDjfZnZ+MhB3ONb01u9pwFYTCZVhlsSSBvlbU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.2/go.mod h1:Eows6e1uQEsc4ZaHANmsPRzAKcVDrcmjjWiih2+HUUQ=
+github.com/aws/smithy-go v1.15.0 h1:PS/durmlzvAFpQHDs4wi4sNNP9ExsqZh6IlfdHXgKK8=
+github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/hexa-org/policy-mapper/hexaIdql v0.6.0-alpha.3 h1:kApPuTEC8bVualHsj0CA5avqk7DgU2ZiJOpLG5EiKTM=
+github.com/hexa-org/policy-mapper/hexaIdql v0.6.0-alpha.3/go.mod h1:mqzC3LjDSVimn8u7s98JWJjrYUm4fCR7ZlMsqI/7ABM=
+github.com/hexa-org/policy-orchestrator/sdk/core v0.6.0-alpha.8 h1:rGqQOR5KjMl4+sBQxGzOwK5Qz63nbMjDBeuV2aeBWsk=
+github.com/hexa-org/policy-orchestrator/sdk/core v0.6.0-alpha.8/go.mod h1:rK63pk8W/+VJnj08hmgo9kVXd8gpNRqo7z1h/Ecrtw0=
+github.com/hexa-org/policy-orchestrator/sdk/provideraws/awscommon v0.6.0-alpha.8 h1:iEx5oLRkYKr9ST9RGyw8E2nZAxJvAx0EiJiMxZVkETc=
+github.com/hexa-org/policy-orchestrator/sdk/provideraws/awscommon v0.6.0-alpha.8/go.mod h1:/X5vEXgKOddu3KBNP2pT8lgBsVksoRa32xaQIkLs6ZU=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/sdk/provideraws/policystore/dynamodbpolicystore/internal/client/client.go b/sdk/provideraws/policystore/dynamodbpolicystore/internal/client/client.go
new file mode 100644
index 00000000..15f71bd1
--- /dev/null
+++ b/sdk/provideraws/policystore/dynamodbpolicystore/internal/client/client.go
@@ -0,0 +1,40 @@
+package client
+
+import (
+	"context"
+	ddb "github.com/aws/aws-sdk-go-v2/service/dynamodb"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/awscommon"
+)
+
+// DynamodbClient -
+// BEGIN - copied from dynamodb_client.go
+type DynamodbClient interface {
+	Scan(ctx context.Context, params *ddb.ScanInput, optFns ...func(*ddb.Options)) (*ddb.ScanOutput, error)
+	UpdateItem(ctx context.Context, params *ddb.UpdateItemInput, optFns ...func(*ddb.Options)) (*ddb.UpdateItemOutput, error)
+}
+
+type dynamodbClient struct {
+	internal *ddb.Client
+}
+
+// NewDynamodbClient - builds DynamodbClient with provide credentials and optional httpClient
+// pass an httpClient to use for tests
+func NewDynamodbClient(key []byte, httpClient awscommon.AWSHttpClient) (DynamodbClient, error) {
+	cfg, err := awscommon.GetAwsClientConfig(key, httpClient)
+	if err != nil {
+		return nil, err
+	}
+
+	return &dynamodbClient{internal: ddb.NewFromConfig(cfg)}, nil
+}
+
+func (c *dynamodbClient) Scan(ctx context.Context, params *ddb.ScanInput, optFns ...func(*ddb.Options)) (*ddb.ScanOutput, error) {
+	out, err := c.internal.Scan(ctx, params, optFns...)
+	return out, err
+}
+
+func (c *dynamodbClient) UpdateItem(ctx context.Context, params *ddb.UpdateItemInput, optFns ...func(*ddb.Options)) (*ddb.UpdateItemOutput, error) {
+	return c.internal.UpdateItem(ctx, params, optFns...)
+}
+
+// END copied from dynamodb_client.go
diff --git a/sdk/provideraws/policystore/dynamodbpolicystore/internal/client/client_model.go b/sdk/provideraws/policystore/dynamodbpolicystore/internal/client/client_model.go
new file mode 100644
index 00000000..da13c8ef
--- /dev/null
+++ b/sdk/provideraws/policystore/dynamodbpolicystore/internal/client/client_model.go
@@ -0,0 +1 @@
+package client
diff --git a/sdk/provideraws/policystore/dynamodbpolicystore/internal/client/client_test.go b/sdk/provideraws/policystore/dynamodbpolicystore/internal/client/client_test.go
new file mode 100644
index 00000000..5fb00059
--- /dev/null
+++ b/sdk/provideraws/policystore/dynamodbpolicystore/internal/client/client_test.go
@@ -0,0 +1,89 @@
+package client_test
+
+import (
+	"context"
+	"errors"
+	awshttp "github.com/aws/aws-sdk-go-v2/aws/transport/http"
+	ddb "github.com/aws/aws-sdk-go-v2/service/dynamodb"
+	"github.com/aws/smithy-go"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/policystore/dynamodbpolicystore/internal/client"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/policystore/dynamodbpolicystore/internal/testhelper"
+	"github.com/stretchr/testify/assert"
+	"net/http"
+	"testing"
+)
+
+func TestScan_Error(t *testing.T) {
+	m := testhelper.NewMockDynamodbHttpClient()
+	c, _ := client.NewDynamodbClient(testhelper.AwsCredentialsForTest(), m)
+	tableName := testhelper.TableName
+	input := &ddb.ScanInput{TableName: &tableName}
+
+	m.ExpectScan(errors.New("some error"))
+	output, err := c.Scan(context.TODO(), input)
+	assert.ErrorContains(t, err, "some error")
+	assert.Nil(t, output)
+	opErr, respErr := awsError(err)
+	assert.Equal(t, "DynamoDB", opErr.Service())
+	assert.Equal(t, "Scan", opErr.Operation())
+	assert.Equal(t, http.StatusBadRequest, respErr.HTTPStatusCode())
+}
+
+func TestScan(t *testing.T) {
+	m := testhelper.NewMockDynamodbHttpClient()
+	c, _ := client.NewDynamodbClient(testhelper.AwsCredentialsForTest(), m)
+	tableName := testhelper.TableName
+	input := &ddb.ScanInput{TableName: &tableName}
+	testItem := testhelper.MakeResourceActionRoles()
+	m.ExpectScan(nil, testItem)
+	output, err := c.Scan(context.TODO(), input)
+	assert.NoError(t, err)
+	assert.NotNil(t, output)
+	assert.Equal(t, testhelper.ScanOutput().Items, output.Items)
+}
+
+func TestUpdateItem_Error(t *testing.T) {
+	m := testhelper.NewMockDynamodbHttpClient()
+	c, _ := client.NewDynamodbClient(testhelper.AwsCredentialsForTest(), m)
+
+	reqItem := testhelper.MakeResourceActionRoles()
+	m.ExpectUpdateItem(reqItem, errors.New("some-error"))
+
+	inputBuilder := inputBuilderV2()
+	input, _ := inputBuilder.UpdateItemInput(reqItem)
+
+	_, err := c.UpdateItem(context.TODO(), input)
+	assert.ErrorContains(t, err, "some-error")
+	opErr, respErr := awsError(err)
+	assert.Equal(t, "DynamoDB", opErr.Service())
+	assert.Equal(t, "UpdateItem", opErr.Operation())
+	assert.Equal(t, http.StatusBadRequest, respErr.HTTPStatusCode())
+
+}
+
+func TestUpdateItem(t *testing.T) {
+	m := testhelper.NewMockDynamodbHttpClient()
+	c, _ := client.NewDynamodbClient(testhelper.AwsCredentialsForTest(), m)
+
+	reqItem := testhelper.MakeResourceActionRoles()
+	m.ExpectUpdateItem(reqItem, nil)
+
+	inputBuilder := inputBuilderV2()
+	input, _ := inputBuilder.UpdateItemInput(reqItem)
+
+	_, err := c.UpdateItem(context.TODO(), input)
+	assert.NoError(t, err)
+}
+
+func inputBuilderV2() *client.InputBuilderV2 {
+	return client.NewInputBuilderV2(testhelper.TableName, testhelper.DynamicTableDefinition())
+}
+
+func awsError(err error) (*smithy.OperationError, *awshttp.ResponseError) {
+	var opErr *smithy.OperationError
+	_ = errors.As(err, &opErr)
+
+	var respErr *awshttp.ResponseError
+	_ = errors.As(opErr.Err, &respErr)
+	return opErr, respErr
+}
diff --git a/sdk/provideraws/policystore/dynamodbpolicystore/internal/client/dynamodb_input_builder.go b/sdk/provideraws/policystore/dynamodbpolicystore/internal/client/dynamodb_input_builder.go
new file mode 100644
index 00000000..0c8b2ab5
--- /dev/null
+++ b/sdk/provideraws/policystore/dynamodbpolicystore/internal/client/dynamodb_input_builder.go
@@ -0,0 +1,197 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue"
+	"github.com/aws/aws-sdk-go-v2/service/dynamodb"
+	"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/rar"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/policystore/dynamodbpolicystore/internal/table"
+	log "golang.org/x/exp/slog"
+	"strings"
+)
+
+// UpdateItemInput
+// nested items update
+// https://repost.aws/questions/QUQxPvh3XLQQeDNUM1s3Y9vA/dynamodb-update-deep-nested-attributes
+// Primary key attribute must be scalar etc
+// The only data types allowed for primary key attributes are string, number, or binary
+// https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.CoreComponents.html#HowItWorks.CoreComponents.PrimaryKey
+
+type InputBuilderV2 struct {
+	tableName                 string
+	tableDefinition           table.TableDefinition
+	keyAttrVal                map[string]types.AttributeValue
+	expressionAttributeNames  map[string]string
+	expressionAttributeValues map[string]types.AttributeValue
+	updateExpression          string
+}
+
+func NewInputBuilderV2(tableName string, tableDefinition table.TableDefinition) *InputBuilderV2 {
+	// Validate has pk.
+	// Only one pk
+	// If sk exists, only one sk
+	// Validate types "int", "string", "[]int", "[]string"
+	return &InputBuilderV2{
+		tableName:                 tableName,
+		tableDefinition:           tableDefinition,
+		keyAttrVal:                map[string]types.AttributeValue{},
+		expressionAttributeNames:  map[string]string{},
+		expressionAttributeValues: map[string]types.AttributeValue{}}
+}
+
+// UpdateItemInput - builds input without making any assumption on the attribute names or types
+// TODO - 1) add support for composite fields 2) array values
+func (t2 *InputBuilderV2) UpdateItemInput(aRar rar.ResourceActionRoles) (*dynamodb.UpdateItemInput, error) {
+	log.Info("InputBuilderV2.updateItemInputV2", "aRar", aRar)
+	err := t2.makeInput(aRar)
+	if err != nil {
+		log.Error("updateItemInputV2", "msg", "failed to build updateInputV2", "error", err)
+		return nil, err
+	}
+
+	input := &dynamodb.UpdateItemInput{
+		TableName:                 &t2.tableName,
+		Key:                       t2.keyAttrVal,
+		ExpressionAttributeNames:  t2.expressionAttributeNames,
+		ExpressionAttributeValues: t2.expressionAttributeValues,
+		UpdateExpression:          &t2.updateExpression,
+		ReturnValues:              types.ReturnValueAllNew,
+	}
+
+	return input, nil
+}
+
+func (t2 *InputBuilderV2) makeInput(aRar rar.ResourceActionRoles) error {
+	log.Info("InputBuilderV2.makeInput BEGIN")
+	tDef := t2.tableDefinition
+	var aDef *table.AttributeDefinition
+	var rarVal []string
+	for _, synAttr := range []string{"resource", "actions", "members"} {
+		switch synAttr {
+		case "resource":
+			// seems very odd that resources can be a sk and actions is the pk
+			if tDef.ResourceAttrDefinition().Sk || tDef.ResourceAttrDefinition().Pk {
+				aDef = tDef.ResourceAttrDefinition()
+				rarVal = []string{aRar.Resource()}
+			}
+			break
+		case "actions":
+			if tDef.ActionsAttrDefinition().Sk || tDef.ActionsAttrDefinition().Pk {
+				aDef = tDef.ActionsAttrDefinition()
+				// TODO - only first element of list is accepted.
+				// If not defined as key, allow processing as a dynamodb list
+				rarVal = aRar.Actions()
+			}
+			break
+		default:
+			aDef = tDef.MembersAttrDefinition()
+			membersStr, err := json.Marshal(aRar.Members())
+			log.Info("InputBuilderV2.updateItemInputV2", "membersStr", membersStr)
+			if err != nil {
+				log.Error("updateItemInput error marshall member array from", "members", aRar.Members(), "Err", err)
+				return err
+			}
+			// assuming members are stored as a string.
+			// TODO - process actual dynamodb list
+			rarVal = []string{string(membersStr)}
+			//t2.updateExpression = fmt.Sprintf("SET #%s = :%s", aDef.NameOrPath, aDef.NameOrPath)
+			useNameOrPath := strings.ReplaceAll(aDef.NameOrPath, "/", ".#")
+			t2.updateExpression = fmt.Sprintf("SET #%s = :%s", useNameOrPath, aDef.NameOrPath)
+		}
+
+		// aDef can be nil if actions is incorrectly defined, or not defined in the table def
+		// we only necessarily need one key attribute from resources, actions
+		// though we can accept one as a pk and other as sk
+		// but if user specifies only the pk
+		// then the other attr must be ignored.
+		if aDef != nil {
+			log.Info("InputBuilderV2.updateItemInputV2", "processing", synAttr, "attribute", aDef.NameOrPath, "value", rarVal)
+			err := t2.addToKeyOrNameValueExpressions(aDef, rarVal)
+			if err != nil {
+				log.Error("updateItemInput error from makeOne", "attribute", aDef.NameOrPath, "value", rarVal, "Err", err)
+				return err
+			}
+		} else {
+			log.Info("InputBuilderV2.updateItemInputV2", "processing", synAttr, "ignore", "not defined as key OR not member")
+		}
+
+	}
+
+	return nil
+}
+
+func (t2 *InputBuilderV2) addToKeyOrNameValueExpressions(aDef *table.AttributeDefinition, rarVal []string) error {
+	nameOrPath := aDef.NameOrPath
+	valType := aDef.ValType
+	log.Info("InputBuilderV2.makeOne", "nameOrPath", nameOrPath, "value", rarVal, "valType", valType, "pk", aDef.Pk, "sk", aDef.Sk)
+
+	aVal, err := marshallVal(valType, rarVal)
+	if err != nil {
+		log.Error("makeItemKey", "msg", "error marshall attribute value",
+			"nameOrPath", nameOrPath, "valType", valType, "rarVal", rarVal,
+			"error", err)
+		return err
+	}
+
+	if aDef.Pk || aDef.Sk {
+		t2.addToKey(nameOrPath, aVal)
+	} else {
+		t2.addToExprNameAndValue(nameOrPath, aVal)
+	}
+
+	return nil
+}
+
+func (t2 *InputBuilderV2) addToKey(tableAttrName string, attrValue types.AttributeValue) {
+	// key cannot be composite
+	t2.keyAttrVal[tableAttrName] = attrValue
+}
+
+func (t2 *InputBuilderV2) addToExprNameAndValue(tableAttrName string, attrValue types.AttributeValue) {
+	// even though member attr can be composite, this func just uses the leaf
+	// attribute name in ExpressionAttributeNames,ExpressionAttributeValues
+	// This func will not be used for Action or Resource because, either these are defined as pk, sk
+	// or are not used in the expression at all
+	// e.g. we need the pk defined, sk is optional
+	// so this is invalid config Resource: pk, Actions: "", Member: [mem1, mem2]
+	// because Actions is not defined as a key attr and we DON'T update Actions
+
+	// We also don't perform any delete operations.
+	// If user deletes a policy from the UI IDQL during SetPolicy
+	// we simply set the members = [] (but DO NOT perform delete operations).
+
+	// The whole point of this entire explanation
+	// TODO: Validate TableDefinition
+	// 1) at least one scalar attr defined as pk
+	// 2) member is required
+	// 3) only member attr can be composite
+	// 4) nameOrPath - only allowed ['/', 'a-zA-Z', '0-9', '_', '-', '.']
+	// 5A) first split name or path by '/'
+	//		'.'' NOT allowed prefix/suffix
+
+	// If tableDefinition was validated at creation time, we should be good here without any chcecking.
+	// This func will only run for members
+	t2.expressionAttributeNames["#"+tableAttrName] = tableAttrName
+	t2.expressionAttributeValues[":"+tableAttrName] = attrValue
+}
+
+func marshallVal(valType string, val []string) (types.AttributeValue, error) {
+	// TODO - process []int, []string as well for non-key attributes
+	// even composite attributes
+	if valType == "int" || valType == "string" {
+		aVal, err := attributevalue.Marshal(val[0])
+		if err != nil {
+			log.Error("marshallVal", "msg", "error marshall attribute value",
+				"found", valType, "error", err)
+			return nil, err
+		}
+
+		return aVal, nil
+	} else {
+		log.Error("makeItemKey", "msg", "invalid table definition provided. attributes must be either string or int",
+			"found", valType)
+		return nil, fmt.Errorf("invalid table definition provided. attributes must be either string or int")
+	}
+}
diff --git a/sdk/provideraws/policystore/dynamodbpolicystore/internal/table/attribute_definition.go b/sdk/provideraws/policystore/dynamodbpolicystore/internal/table/attribute_definition.go
new file mode 100644
index 00000000..406ea434
--- /dev/null
+++ b/sdk/provideraws/policystore/dynamodbpolicystore/internal/table/attribute_definition.go
@@ -0,0 +1,83 @@
+package table
+
+import (
+	"fmt"
+	"reflect"
+	"regexp"
+	"strings"
+)
+
+// AttributeDefinition both pk, sk cannot be true
+type AttributeDefinition struct {
+	//PolicyAttrType string // one of 'resource', 'actions' or 'members'
+	NameOrPath string `json:"nameOrPath"`
+	ValType    string `json:"valType"`
+	Pk         bool   `json:"pk"`
+	Sk         bool   `json:"sk"`
+}
+
+func NewAttributeDefinition(nameOrPath string, valType string, pk bool, sk bool) *AttributeDefinition {
+	return &AttributeDefinition{NameOrPath: nameOrPath, ValType: valType, Pk: pk, Sk: sk}
+}
+
+func makeTableAttrName(fld reflect.StructField) string {
+	jsonTag := fld.Tag.Get("json")
+	jsonTagParts := strings.Split(jsonTag, ",")
+	if len(jsonTagParts) == 0 {
+		return ""
+	}
+	return jsonTagParts[0]
+}
+
+func validateAttrNameOrPathPart(nameOrPathPart string) error {
+	tableAttrName := strings.TrimSpace(nameOrPathPart)
+	// Allowed characters a-z, A-Z, 0-9, '_', '-' and '.'
+	isMatch := regexp.MustCompile(`^[.A-Za-z0-9_-]*$`).MatchString(tableAttrName)
+	if !isMatch || strings.HasPrefix(tableAttrName, ".") || strings.HasSuffix(tableAttrName, ".") {
+		return fmt.Errorf("failed to validate nameOrPath. Only allowed [a-ZA-Z0-9_-.] (. not allowed as prefix or suffix). nameOrPathPart=%s", nameOrPathPart)
+	}
+	return nil
+}
+
+func makeValType(fld reflect.StructField) string {
+	aValType := fld.Type.Name()
+	if fld.Type.Kind() == reflect.Slice {
+		aValType = "[]" + fld.Type.Elem().Name()
+	}
+
+	if aValType == "int" || aValType == "string" || aValType == "[]string" || aValType == "[]int" {
+		return aValType
+	}
+
+	return ""
+}
+
+func validateValType(aValType string) error {
+	if aValType == "int" || aValType == "string" || aValType == "[]string" || aValType == "[]int" {
+		return nil
+	}
+	return fmt.Errorf("unsupported attribute type in definition. only allowed one of 'int','string','[]int','[]string'")
+}
+
+func makeMeta(fld reflect.StructField) (string, bool, bool) {
+	metaTag := fld.Tag.Get("meta")
+	metaParts := strings.Split(metaTag, ",")
+	var isPk bool
+	var isSk bool
+	var attrNameIdentifier string
+
+	for _, aPart := range metaParts {
+		if aPart == PolicyAttrTypeResource || aPart == PolicyAttrTypeActions || aPart == PolicyAttrTypeMembers {
+			attrNameIdentifier = aPart
+		}
+
+		if strings.Contains(strings.ReplaceAll(aPart, " ", ""), "pk") {
+			isPk = true
+		}
+		if strings.Contains(strings.ReplaceAll(aPart, " ", ""), "sk") {
+			isSk = true
+		}
+	}
+
+	return attrNameIdentifier, isPk, isSk
+}
diff --git a/sdk/provideraws/policystore/dynamodbpolicystore/internal/table/dynamodb_table_info.go b/sdk/provideraws/policystore/dynamodbpolicystore/internal/table/dynamodb_table_info.go
new file mode 100644
index 00000000..90bcc7d4
--- /dev/null
+++ b/sdk/provideraws/policystore/dynamodbpolicystore/internal/table/dynamodb_table_info.go
@@ -0,0 +1,214 @@
+package table
+
+import (
+	"fmt"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/rar"
+	log "golang.org/x/exp/slog"
+	"reflect"
+	"strings"
+)
+
+type TableInfo[R rar.ResourceActionRolesMapper] struct {
+	TableName          string
+	ItemType           R
+	ItemMappingDynamic bool // MapTo static, or dynamic. Decides whether to use item.MapTo() or MapTo(interface{})
+	TableDefinition    TableDefinition
+}
+
+// NewTableInfo - creates a simple table info
+// Only scalar attributes
+// R is a struct with 3 elements having struct tags for 'meta'
+// the tag identifies the element as a 'resource', 'actions', 'members'
+// the type of element must be either scalar string, int or slice of string, int
+// one of them must be pk
+// max one can be pk, and one can be sk
+// sk is optional
+// should have one for 'members' and this cannot be a pk or sk
+// attribute names can contain a-zA-Z0-9 or '_', '-' or '.'
+//
+//	'.' cannot be at the start or end of attribute name
+/*
+func NewTableInfo[R rar.ResourceActionRolesMapper](tableName string, sampleItem R) (*TableInfo[R], error) {
+
+	attrMap := make(map[string]*AttributeDefinition)
+	sType := reflect.TypeOf(sampleItem)
+	for i := 0; i < sType.NumField(); i++ {
+		fld := sType.Field(i)
+		tableAttrName := makeTableAttrName(fld)
+		theValType := makeValType(fld)
+		policyAttrType, isPk, isSk := makeMeta(fld)
+		aDef := &AttributeDefinition{
+			NameOrPath: tableAttrName,
+			ValType:    theValType,
+			Pk:         isPk,
+			Sk:         isSk,
+		}
+		attrMap[policyAttrType] = aDef
+		log.Info("NewTableInfo", "tableAttrName", aDef.NameOrPath, "ValType", aDef.ValType, "PK", aDef.Pk, "SK", aDef.Sk)
+	}
+
+	tableDef := NewTableDefinition(attrMap)
+	err := validateTableDefinition(false, tableDef)
+	if err != nil {
+		return nil, err
+	}
+	return &TableInfo[R]{TableName: tableName, ItemType: sampleItem, ItemMappingDynamic: false, TableDefinition: tableDef}, nil
+}
+*/
+
+func NewSimpleTableInfo[R rar.ResourceActionRolesMapper](tableName string, sampleItem R) (*TableInfo[R], error) {
+	tableDef, err := newSimpleTableDefinition(sampleItem)
+	if err != nil {
+		return nil, err
+	}
+
+	return &TableInfo[R]{TableName: tableName, ItemMappingDynamic: false, TableDefinition: tableDef}, nil
+}
+
+func NewDynamicTableInfo(tableName string, resourceAttrDef, actionsAttrDef, membersAttrDef *AttributeDefinition) (*TableInfo[rar.DynamicResourceActionRolesMapper], error) {
+	tableDef, err := newDynamicTableDefinition(resourceAttrDef, actionsAttrDef, membersAttrDef)
+	if err != nil {
+		return nil, err
+	}
+
+	return &TableInfo[rar.DynamicResourceActionRolesMapper]{TableName: tableName, ItemMappingDynamic: true, TableDefinition: tableDef}, nil
+}
+
+func newSimpleTableDefinition[R rar.ResourceActionRolesMapper](sampleItem R) (TableDefinition, error) {
+	var resourceAttrDef *AttributeDefinition
+	var actionsAttrDef *AttributeDefinition
+	var membersAttrDef *AttributeDefinition
+
+	sType := reflect.TypeOf(sampleItem)
+	for i := 0; i < sType.NumField(); i++ {
+		fld := sType.Field(i)
+		tableAttrName := makeTableAttrName(fld)
+		theValType := makeValType(fld)
+		policyAttrType, isPk, isSk := makeMeta(fld)
+		aDef := &AttributeDefinition{
+			NameOrPath: tableAttrName,
+			ValType:    theValType,
+			Pk:         isPk,
+			Sk:         isSk,
+		}
+
+		log.Info("NewTableInfo", "tableAttrName", aDef.NameOrPath, "ValType", aDef.ValType, "PK", aDef.Pk, "SK", aDef.Sk)
+		switch policyAttrType {
+		case PolicyAttrTypeResource:
+			resourceAttrDef = aDef
+			break
+		case PolicyAttrTypeActions:
+			actionsAttrDef = aDef
+			break
+		case PolicyAttrTypeMembers:
+			membersAttrDef = aDef
+			break
+		default:
+
+		}
+	}
+
+	return newTableDefinition(resourceAttrDef, actionsAttrDef, membersAttrDef)
+
+}
+
+func newDynamicTableDefinition(resourceAttrDef, actionsAttrDef, membersAttrDef *AttributeDefinition) (TableDefinition, error) {
+	return newTableDefinition(resourceAttrDef, actionsAttrDef, membersAttrDef)
+}
+
+func newTableDefinition(resourceAttrDef, actionsAttrDef, membersAttrDef *AttributeDefinition) (TableDefinition, error) {
+	tableDef := TableDefinitionV2{
+		Attributes: TableAttributes{
+			Resource: resourceAttrDef,
+			Actions:  actionsAttrDef,
+			Members:  membersAttrDef,
+		},
+	}
+
+	err := ValidateTableDefinition(tableDef)
+	if err != nil {
+		return nil, err
+	}
+	return tableDef, nil
+}
+
+/*
+func NewDynamicTableInfo[R rar.ResourceActionRolesMapper](tableName string, tableDefinition TableDefinition) (*TableInfo[R], error) {
+
+	err := validateTableDefinition(true, tableDefinition)
+	if err != nil {
+		return nil, err
+	}
+	return &TableInfo[R]{TableName: tableName, ItemMappingDynamic: true, TableDefinition: tableDefinition}, nil
+}
+*/
+
+func ValidateTableDefinition(tableDef TableDefinition) error {
+
+	pkNames := make([]string, 0)
+	skNames := make([]string, 0)
+	for policyAttrType, aDef := range tableDef.AttrDefinitionMap() {
+		// Ensure all 3 are present i.e. resource, actions, members
+		if aDef == nil {
+			return fmt.Errorf("failed to validate table definition. Missing attribute definition for %s", policyAttrType)
+		}
+
+		nameOrPath := aDef.NameOrPath
+
+		// Composite attributes only allowed on non-key
+		// Composites not allowed if using simple table definition
+		if strings.Contains(nameOrPath, "/") {
+			if aDef.Pk || aDef.Sk {
+				return fmt.Errorf("failed to validate table definition. pk, sk attribute cannot be composite. tableAttrName=%s", nameOrPath)
+			}
+
+			//if !itemMappingDynamic {
+			//	return fmt.Errorf("failed to validate table definition. simple table definitions cannot define composite attributes. tableAttrName=%s", nameOrPath)
+			//}
+		}
+
+		// validate each path part for bad characters
+		for _, pathPart := range strings.Split(nameOrPath, "/") {
+			err := validateAttrNameOrPathPart(pathPart)
+			if err != nil {
+				return err
+			}
+		}
+
+		err := validateValType(aDef.ValType)
+		if err != nil {
+			return fmt.Errorf("nameOrPath %s: error %w", nameOrPath, err)
+		}
+
+		if aDef.Pk {
+			pkNames = append(pkNames, aDef.NameOrPath)
+		}
+		if aDef.Sk {
+			skNames = append(skNames, aDef.NameOrPath)
+		}
+	}
+
+	// exactly one pk required
+	if len(pkNames) != 1 {
+		return fmt.Errorf("failed to build tableInfo, at least one attribute must be defined as pk")
+	}
+
+	// exactly 0 or 1 sk
+	if len(skNames) > 1 {
+		return fmt.Errorf("failed to build tableInfo, cannot have more than one attribute as sk")
+	}
+
+	// resource must be string or int
+	resDef := tableDef.ResourceAttrDefinition()
+	if resDef.ValType == "[]string" || resDef.ValType == "[]int" {
+		return fmt.Errorf("resource attribute value cannot be slice")
+	}
+
+	// member cannot be either pk or sk
+	membersDef := tableDef.MembersAttrDefinition()
+	if membersDef.Pk || membersDef.Sk {
+		return fmt.Errorf("failed to build tableInfo, invalid 'members' attr definition. 'members' MUST be defined and cannot be pk, sk")
+	}
+
+	return nil
+}
diff --git a/sdk/provideraws/policystore/dynamodbpolicystore/internal/table/table_definition.go b/sdk/provideraws/policystore/dynamodbpolicystore/internal/table/table_definition.go
new file mode 100644
index 00000000..a482087f
--- /dev/null
+++ b/sdk/provideraws/policystore/dynamodbpolicystore/internal/table/table_definition.go
@@ -0,0 +1,68 @@
+package table
+
+const PolicyAttrTypeResource = "resource"
+const PolicyAttrTypeActions = "actions"
+const PolicyAttrTypeMembers = "members"
+
+//var PolicyAttrTypes = []string{PolicyAttrTypeResource, PolicyAttrTypeActions, PolicyAttrTypeMembers}
+
+type TableDefinition interface {
+	ResourceAttrDefinition() *AttributeDefinition
+	ActionsAttrDefinition() *AttributeDefinition
+	MembersAttrDefinition() *AttributeDefinition
+	AttrDefinitionMap() map[string]*AttributeDefinition
+}
+
+type MetadataKeyInfo struct {
+	Attribute string `json:"attribute"`
+}
+
+// TableDefinitionV2 - dynamic table definition provided by consumers
+// Also refactor into reusable structs
+type TableMetadata struct {
+	Pk MetadataKeyInfo `json:"pk"`
+	Sk MetadataKeyInfo `json:"sk"`
+}
+type TableAttributes struct {
+	Resource *AttributeDefinition `json:"resource"`
+	Actions  *AttributeDefinition `json:"actions"`
+	Members  *AttributeDefinition `json:"members"`
+}
+
+type TableDefinitionV2 struct {
+	Metadata   TableMetadata   `json:"metadata"`
+	Attributes TableAttributes `json:"attributes"`
+}
+
+/*
+func NewTableDefinition(attrMap map[string]*table.AttributeDefinition) TableDefinition {
+	tableDef := &TableDefinitionV2{
+		Attributes: TableAttributes{
+			Resource: attrMap[PolicyAttrTypeResource],
+			Actions:  attrMap[PolicyAttrTypeActions],
+			Members:  attrMap[PolicyAttrTypeMembers],
+		},
+	}
+	return tableDef
+}
+*/
+
+func (t TableDefinitionV2) ResourceAttrDefinition() *AttributeDefinition {
+	return t.Attributes.Resource
+}
+
+func (t TableDefinitionV2) ActionsAttrDefinition() *AttributeDefinition {
+	return t.Attributes.Actions
+}
+
+func (t TableDefinitionV2) MembersAttrDefinition() *AttributeDefinition {
+	return t.Attributes.Members
+}
+
+func (t TableDefinitionV2) AttrDefinitionMap() map[string]*AttributeDefinition {
+	return map[string]*AttributeDefinition{
+		PolicyAttrTypeResource: t.ResourceAttrDefinition(),
+		PolicyAttrTypeActions:  t.ActionsAttrDefinition(),
+		PolicyAttrTypeMembers:  t.MembersAttrDefinition(),
+	}
+}
diff --git a/sdk/provideraws/policystore/dynamodbpolicystore/internal/testhelper/fixtures.go b/sdk/provideraws/policystore/dynamodbpolicystore/internal/testhelper/fixtures.go
new file mode 100644
index 00000000..2f5b8dc1
--- /dev/null
+++ b/sdk/provideraws/policystore/dynamodbpolicystore/internal/testhelper/fixtures.go
@@ -0,0 +1,62 @@
+package testhelper
+
+import (
+	"encoding/json"
+	ddb "github.com/aws/aws-sdk-go-v2/service/dynamodb"
+	"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/rar"
+)
+
+const (
+	ActionGet    = "GET"
+	ResourceHrUs = "/humanresources/us"
+	MembersHrUs  = "Read.HRUS"
+)
+
+func MakeResourceActionRoles() rar.ResourceActionRoles {
+	return CustomResourceActionRoles(ResourceHrUs, ActionGet, []string{MembersHrUs})
+}
+
+func CustomResourceActionRoles(res, action string, members []string) rar.ResourceActionRoles {
+	aRar, _ := rar.NewResourceActionRoles(res, []string{action}, members)
+	return aRar
+}
+
+func ScanOutput() *ddb.ScanOutput {
+	aRar := MakeResourceActionRoles()
+	return customScanOutput(aRar)
+}
+
+func customScanOutput(rarList ...rar.ResourceActionRoles) *ddb.ScanOutput {
+	items := make([]map[string]types.AttributeValue, 0)
+	for _, aRar := range rarList {
+		members, _ := json.Marshal(aRar.Members())
+
+		anItem := map[string]types.AttributeValue{
+			AttrNameResource: &types.AttributeValueMemberS{Value: aRar.Resource()},
+			AttrNameActions:  &types.AttributeValueMemberS{Value: aRar.Actions()[0]}, // TODO - haldle array
+			AttrNameMembers:  &types.AttributeValueMemberS{Value: string(members)},
+		}
+
+		items = append(items, anItem)
+	}
+	output := &ddb.ScanOutput{Items: items}
+	return output
+}
+
+func CustomScanOutputWithAttributeNames(rarList ...rar.ResourceActionRoles) *ddb.ScanOutput {
+	items := make([]map[string]types.AttributeValue, 0)
+	for _, aRar := range rarList {
+		members, _ := json.Marshal(aRar.Members())
+
+		anItem := map[string]types.AttributeValue{
+			AttrNameResource: &types.AttributeValueMemberS{Value: aRar.Resource()},
+			AttrNameActions:  &types.AttributeValueMemberS{Value: aRar.Actions()[0]}, // TODO - haldle array
+			AttrNameMembers:  &types.AttributeValueMemberS{Value: string(members)},
+		}
+
+		items = append(items, anItem)
+	}
+	output := &ddb.ScanOutput{Items: items}
+	return output
+}
diff --git a/sdk/provideraws/policystore/dynamodbpolicystore/internal/testhelper/helper.go b/sdk/provideraws/policystore/dynamodbpolicystore/internal/testhelper/helper.go
new file mode 100644
index 00000000..738f0dbe
--- /dev/null
+++ b/sdk/provideraws/policystore/dynamodbpolicystore/internal/testhelper/helper.go
@@ -0,0 +1,88 @@
+package testhelper
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/rar"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/policystore/dynamodbpolicystore/internal/table"
+)
+
+const TestAwsRegion = "us-west-1"
+const TestAwsAccessKeyId = "anAccessKeyID"
+const TestAwsSecretAccessKey = "aSecretAccessKey"
+
+const AttrNameResource = "ResourceX"
+const AttrNameActions = "ActionsX"
+
+const AttrNameMembers = "MembersX"
+const AttrNameExprMembers = "#MembersX"
+const AttrMembersPlaceholder = ":MembersX"
+
+var TableName = "TestDynamodbTable"
+
+const DynamicTableDefinitionJson = `
+			{
+				"metadata": {
+					"pk": { "attribute": "resource" },
+					"sk": { "attribute": "actions" }
+				},
+				"attributes": {
+					"resource": { "nameOrPath": "ResourceX", "valType": "string", "pk": true },
+					"actions": { "nameOrPath": "ActionsX", "valType": "string", "sk": true },
+					"members": { "nameOrPath": "MembersX", "valType": "string" }
+				}
+			}`
+
+func AwsCredentialsForTest() []byte {
+	str := fmt.Sprintf(`
+{
+  "accessKeyID": "%s",
+  "secretAccessKey": "%s",
+  "region": "%s"
+}
+`, TestAwsAccessKeyId, TestAwsSecretAccessKey, TestAwsRegion)
+
+	return []byte(str)
+}
+
+type SimpleDynamodbItem struct {
+	ResourceX string `json:"ResourceX" meta:"resource,pk"`
+	ActionsX  string `json:"ActionsX" meta:"actions,sk"`
+	MembersX  string `json:"MembersX" meta:"members"`
+}
+
+func (it SimpleDynamodbItem) MapTo() (rar.ResourceActionRoles, error) {
+	members := make([]string, 0)
+	_ = json.Unmarshal([]byte(it.MembersX), &members)
+	return rar.NewResourceActionRoles(it.ResourceX, []string{it.ActionsX}, members)
+}
+
+func SimpleTableInfo() *table.TableInfo[SimpleDynamodbItem] {
+	tableInfo, _ := table.NewSimpleTableInfo(TableName, SimpleDynamodbItem{})
+	return tableInfo
+}
+
+func AttributeDefinitions() (resDef, actionsDef, membersDef *table.AttributeDefinition) {
+	resDef = table.NewAttributeDefinition(AttrNameResource, "string", true, false)
+	actionsDef = table.NewAttributeDefinition(AttrNameActions, "string", false, true)
+	membersDef = table.NewAttributeDefinition(AttrNameMembers, "string", false, false)
+	return
+
+}
+
+func DynamicTableInfo() *table.TableInfo[rar.DynamicResourceActionRolesMapper] {
+	resDef, actionsDef, membersDef := AttributeDefinitions()
+	tableInfo, _ := table.NewDynamicTableInfo(TableName, resDef, actionsDef, membersDef)
+	return tableInfo
+}
+
+func DynamicTableDefinition() table.TableDefinition {
+	resourceAttrDef, actionsAttrDef, membersAttrDef := AttributeDefinitions()
+	return table.TableDefinitionV2{
+		Attributes: table.TableAttributes{
+			Resource: resourceAttrDef,
+			Actions:  actionsAttrDef,
+			Members:  membersAttrDef,
+		},
+	}
+}
diff --git a/sdk/provideraws/policystore/dynamodbpolicystore/internal/testhelper/mock_dynamodb_client.go b/sdk/provideraws/policystore/dynamodbpolicystore/internal/testhelper/mock_dynamodb_client.go
new file mode 100644
index 00000000..e74c3fe4
--- /dev/null
+++ b/sdk/provideraws/policystore/dynamodbpolicystore/internal/testhelper/mock_dynamodb_client.go
@@ -0,0 +1,79 @@
+package testhelper
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	ddb "github.com/aws/aws-sdk-go-v2/service/dynamodb"
+	"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/rar"
+	"github.com/stretchr/testify/mock"
+	"reflect"
+)
+
+type MockClient struct {
+	mock.Mock
+}
+
+func NewMockClient() *MockClient {
+	return &MockClient{}
+}
+
+func (m *MockClient) Scan(ctx context.Context, params *ddb.ScanInput, optFns ...func(*ddb.Options)) (*ddb.ScanOutput, error) {
+	args := m.Called(ctx, params, optFns)
+	return args.Get(0).(*ddb.ScanOutput), args.Error(1)
+}
+func (m *MockClient) UpdateItem(ctx context.Context, params *ddb.UpdateItemInput, optFns ...func(*ddb.Options)) (*ddb.UpdateItemOutput, error) {
+	args := m.Called(ctx, params, optFns)
+	return args.Get(0).(*ddb.UpdateItemOutput), args.Error(1)
+}
+
+func (m *MockClient) ExpectScan(andRetError error, orRetItems ...rar.ResourceActionRoles) {
+	input := &ddb.ScanInput{TableName: &TableName}
+	var output *ddb.ScanOutput
+	if andRetError == nil {
+		output = CustomScanOutputWithAttributeNames(orRetItems...)
+	}
+
+	m.On("Scan", context.TODO(), input, mock.AnythingOfType("[]func(*dynamodb.Options)")).
+		Return(output, andRetError)
+}
+
+func (m *MockClient) ExpectUpdateItem(withInput rar.ResourceActionRoles, andRetError error) {
+	output := &ddb.UpdateItemOutput{}
+
+	theFunc := mock.MatchedBy(func(input *ddb.UpdateItemInput) bool {
+
+		expMembers, _ := json.Marshal(withInput.Members())
+		updateExpr := fmt.Sprintf("SET #%s = :%s", AttrNameMembers, AttrNameMembers)
+		keys := map[string]types.AttributeValue{
+			AttrNameResource: &types.AttributeValueMemberS{Value: withInput.Resource()},
+			AttrNameActions:  &types.AttributeValueMemberS{Value: withInput.Actions()[0]},
+		}
+		exprNames := map[string]string{
+			//AttrNameExprResource: AttrNameResource,
+			//AttrNameExprActions:  AttrNameActions,
+			AttrNameExprMembers: AttrNameMembers,
+		}
+
+		exprValues := map[string]types.AttributeValue{
+			//AttrResourcePlaceholder: &types.AttributeValueMemberS{Value: withInput.Resource()},
+			//AttrActionsPlaceholder:  &types.AttributeValueMemberS{Value: withInput.Actions()[0]},
+			AttrMembersPlaceholder: &types.AttributeValueMemberS{Value: string(expMembers)},
+		}
+
+		expUpdateItemInput := &ddb.UpdateItemInput{
+			TableName:                 &TableName,
+			Key:                       keys,
+			ExpressionAttributeNames:  exprNames,
+			ExpressionAttributeValues: exprValues,
+			UpdateExpression:          &updateExpr,
+			ReturnValues:              types.ReturnValueAllNew,
+		}
+		ok := reflect.DeepEqual(input, expUpdateItemInput)
+		return ok
+	})
+
+	m.On("UpdateItem", context.TODO(), theFunc, mock.AnythingOfType("[]func(*dynamodb.Options)")).
+		Return(output, andRetError)
+}
diff --git a/sdk/provideraws/policystore/dynamodbpolicystore/internal/testhelper/mock_dynamodb_http_client.go b/sdk/provideraws/policystore/dynamodbpolicystore/internal/testhelper/mock_dynamodb_http_client.go
new file mode 100644
index 00000000..bb2f3a16
--- /dev/null
+++ b/sdk/provideraws/policystore/dynamodbpolicystore/internal/testhelper/mock_dynamodb_http_client.go
@@ -0,0 +1,167 @@
+package testhelper
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/rar"
+	"github.com/stretchr/testify/mock"
+	log "golang.org/x/exp/slog"
+	"io"
+	"net/http"
+	"reflect"
+)
+
+type MockDynamodbHttpClient struct {
+	mock.Mock
+}
+
+func NewMockDynamodbHttpClient() *MockDynamodbHttpClient {
+	return &MockDynamodbHttpClient{}
+}
+
+func (m *MockDynamodbHttpClient) Do(req *http.Request) (*http.Response, error) {
+	args := m.Called(req)
+	resp := args.Get(0).(*http.Response)
+	return resp, args.Error(1)
+}
+
+type scanOutputType struct {
+	Items []map[string]interface{}
+}
+
+// The Key and ExpressionAttributeValues in below struct are actually
+// map[string]types.AttributeValue which can hold values of different types
+// but during json Unmarshall to map[string]types.AttributeValue doesn't seem to work
+// because types.AttributeValue is some sort of generic implementation of aws
+// The concrete types are actually types.AttributeValueMemberS (string) etc.
+// Instead of interface{}, using types.AttributeValueMemberS works fine
+// but then we are restricted to only string values.
+// The only way around this I found was using interface{}
+// The one caveat is that if you need to access the actual data value, you will need to cast it
+// In our case, we are just comparing two structs using Deep equals so it works
+type updateItemInputType struct {
+	TableName                 string
+	Key                       map[string]interface{}
+	UpdateExpression          string
+	ConditionExpression       string
+	ExpressionAttributeNames  map[string]string
+	ExpressionAttributeValues map[string]interface{}
+	ReturnValues              string
+}
+
+func (m *MockDynamodbHttpClient) ExpectScan(withRespErr error, orRespItems ...rar.ResourceActionRoles) {
+	itemArr := makeDynamodbResourcePolicyItems(orRespItems...)
+	itemsResp, err := json.Marshal(itemArr)
+	if err != nil {
+		log.Error("test", "mock.ExpectScan failed to marshall ScanOutput items", err)
+		return
+	}
+	m.expectCall("DynamoDB_20120810.Scan", withRespErr, itemsResp)
+}
+
+func (m *MockDynamodbHttpClient) ExpectUpdateItem(withReq rar.ResourceActionRoles, respWithErr error) {
+	theFunc := mock.MatchedBy(func(req *http.Request) bool {
+		ok := req.Method == http.MethodPost &&
+			req.Header.Get("X-Amz-Target") == "DynamoDB_20120810.UpdateItem"
+		if !ok {
+			log.Error("test", "mock.ExpectUpdateItem", "expecting dynamodb UpdateItem", "req.Method", req.Method, "X-Amz-Target", req.Header.Get("X-Amz-Target"))
+			return false
+		}
+
+		// Actual Request
+		actBody, err := io.ReadAll(req.Body)
+		if err != nil {
+			log.Error("test", "mock.ExpectUpdateItem error reading mocked request body", err)
+			return false
+		}
+		var actInput updateItemInputType
+		err = json.Unmarshal(actBody, &actInput)
+		if err != nil {
+			log.Error("test", "mock.ExpectUpdateItem error unmarshall actual request body for UpdateItemInput", err)
+			return false
+		}
+
+		// Build Expected Request
+		membersEscaped := make([]string, 0)
+		for _, mem := range withReq.Members() {
+			escMem := fmt.Sprintf(`\"%s\"`, mem)
+			membersEscaped = append(membersEscaped, escMem)
+		}
+
+		membersStr, err := json.Marshal(withReq.Members())
+
+		expInput := updateItemInputType{
+			TableName: TableName,
+			Key: map[string]interface{}{
+				AttrNameResource: ddbTypeString(withReq.Resource()),
+				AttrNameActions:  ddbTypeString(withReq.Actions()[0]), // TODO handle array
+			},
+			UpdateExpression: fmt.Sprintf("SET %s = %s", AttrNameExprMembers, AttrMembersPlaceholder),
+			//ConditionExpression:       "",
+			ExpressionAttributeNames: map[string]string{AttrNameExprMembers: AttrNameMembers},
+			ExpressionAttributeValues: map[string]interface{}{
+				AttrMembersPlaceholder: ddbTypeString(string(membersStr)),
+			},
+			ReturnValues: "ALL_NEW",
+		}
+		ok = reflect.DeepEqual(expInput, actInput)
+		return ok
+	})
+
+	statusCode := http.StatusOK
+	if respWithErr != nil {
+		statusCode = http.StatusBadRequest
+	}
+	resp := &http.Response{
+		StatusCode: statusCode, Body: http.NoBody}
+	m.On("Do", theFunc).Return(resp, respWithErr)
+}
+
+func (m *MockDynamodbHttpClient) expectCall(amzTarget string, withRespErr error, orRespBytes []byte) {
+	var resp *http.Response
+	if withRespErr != nil {
+		resp = &http.Response{
+			StatusCode: http.StatusBadRequest, Body: http.NoBody}
+	} else {
+		resp = &http.Response{
+			StatusCode: http.StatusOK,
+			Body:       io.NopCloser(bytes.NewReader(orRespBytes)),
+		}
+	}
+
+	theFunc := mock.MatchedBy(func(req *http.Request) bool {
+		ok := req.Method == http.MethodPost &&
+			req.Header.Get("X-Amz-Target") == amzTarget
+		return ok
+	})
+
+	m.On("Do", theFunc).Return(resp, withRespErr)
+}
+
+// makeDynamodbResourcePolicyItem - builds the Items response returned in response to ddb.Scan
+// Marshall / Unmarshall does not seem to work, so we have to build the resp with string manipulation.
+func makeDynamodbResourcePolicyItems(rarList ...rar.ResourceActionRoles) scanOutputType {
+
+	if len(rarList) == 0 {
+		return scanOutputType{}
+	}
+
+	items := make([]map[string]interface{}, 0)
+	for _, rar := range rarList {
+		item := make(map[string]interface{})
+		item[AttrNameResource] = ddbTypeString(rar.Resource())
+		item[AttrNameActions] = ddbTypeString(rar.Actions()[0]) // TODO handle array
+		members := fmt.Sprintf("[\"%s\"]", rar.Members()[0])
+		item[AttrNameMembers] = ddbTypeString(members)
+		items = append(items, item)
+	}
+
+	return scanOutputType{Items: items}
+}
+
+func ddbTypeString(val string) map[string]interface{} {
+	return map[string]interface{}{
+		"S": val,
+	}
+}
diff --git a/test_workspace.sh b/test_workspace.sh
new file mode 100755
index 00000000..161d0176
--- /dev/null
+++ b/test_workspace.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+
+prefix="github.com/hexa-org/policy-orchestrator"
+go mod graph | awk '{print $1}' | cut -d '@' -f 1 | sort | uniq | grep "policy-orchestrator" |  while read x; do
+  echo $x
+  suffix_removed=${x/#$prefix}
+  use_mod=".$suffix_removed"
+  echo $use_mod
+  go test -tags integration -coverprofile coverage.out "${use_mod}/.../"
+  #go test "${use_mod}/.../"
+done