Service policies and policy documents on the Gateway are XML files, at the end of the day. If you export a policy from the Gateway or copy-and-paste it into a text editor then you will see that a policy is a large amount of XML. Policy assertions are pre-written blocks of XML then are filled in based on the UI components. The XML code for an assertion is essentially a template that is modified by the UI components. For example: The Route via HTTP(S) assertion starts as a template block of XML. An operator or administrator adds the assertion to the policy. The template is modified based on the user input--such as routing URL, preemptive credentials, or header and parameter customization. The assertion is then saved and the corresponding XML is saved to a document.
This model was actually a significant strenght of the API Gateway. Legacy XML gateway and web security platforms required that the policy author be familiar in many complex WS-Security technologies and be capable of writing XML by hand. Writing XML by hand can certainly be expedited by a development environment but it still required specialized programming knowledge. A significant gain was provided to our customers by allowing people to write policies even if they were not fluent in software engineering. The Policy Manager and the paradigm of policies has never been associated with free-form coding--by design.
To that end: The policies are XML and XML can be source-controlled. We have tooling in-place that allows administrators to integrate API Gateways into existing source code repositories and versioning systems (such as ClearCase, SVN, or GitHub). You can use the Gateway Migration Utility to facilitate this effort and export whole configurations, folders, services, and other configurable items of the Gateway. Hopefully that helps with the control and versioning element. If you need further assistance with using that implementation then I would recommend opening a new issue with CA Support.
With regards to conditional logic: There is certainly room for growth in that area. I have authored an article that gives a bit of primer on authoring conditional statements in the Policy Manager. It can be found here: Creating conditional statements in the CA API Gateway Policy Manager. This document is currently pending moderation so it may not be immediately available. Please check back later if it is not currently available.
We also have several development incidents open with respect to improving the policy logic flow of the API Gateway with respect to conditional statements:
SSG-4884: Allow "At Least One" and "All" folders to be toggled. This would allow an existing conditional folder to be switched between At Least and All, dynamically
SSG-8425: Allow "One Or More" as a composite conditional assertion. This would allow an arbitrary number of assertions to pass in order to succeed.
There are many others out there and I can happily find more if you are interested. Point being: We recognize that the flow of policies can become very complex very quickly. We've also made a lot of progress in developing the Policy Manager into a more robust IDE instead of just a drag-and-drop interface for the Gateway. Functionality such as the service debugger, revision histories, and having multiple concurrent tabs were all designed with the intent of catering to the broader software engineering community that use our product.