Pre-execution authority enforcement system for AI agents
Project description
Pre-execution authority enforcement for AI agents
Overview
Caracal is a pre-execution authority enforcement system for AI agents and automated software operating in production environments. It exists at the exact boundary where decisions turn into irreversible actions—API calls, database writes, deployments, or workflow triggers.
Instead of relying on broad roles or static API keys, Caracal enforces the principle of explicit authority: no action executes unless there is a cryptographically verified, time-bound mandate issued under a governing policy.
Quickstart
Caracal offers two distinct interfaces for managing authority.
1. Caracal Flow (TUI)
Target: Security Teams, Governance Officers, and Developers.
Caracal Flow is an interactive terminal interface for onboarding, monitoring authority ledgers, and managing infrastructure. It includes an Onboarding Wizard to help you configure your first principal, policy, and mandate in minutes.
╔═══════════════════════════════════════════════════════════════════╗
║ ║
║ ██████╗ █████╗ ██████╗ █████╗ ██████╗ █████╗ ██╗ ║
║ ██╔════╝██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔══██╗██║ ║
║ ██║ ███████║██████╔╝███████║██║ ███████║██║ ║
║ ██║ ██╔══██║██╔══██╗██╔══██║██║ ██╔══██║██║ ║
║ ╚██████╗██║ ██║██║ ██║██║ ██║╚██████╗██║ ██║███████╗ ║
║ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝╚══════╝ ║
║ ║
║ C A R A C A L F L O W ║
║ Pre-Execution Authority Enforcement System ║
║ ║
╚═══════════════════════════════════════════════════════════════════╝
Launch Caracal Flow:
caracal-flow
Capabilities in Flow:
- Onboarding Wizard: Guided setup for principals and policies.
- Authority Ledger: Real-time stream of authorization decisions.
- Principal Hub: Manage identities and cryptographic key pairs.
- Infrastructure Setup: Provision PostgreSQL and Kafka with one click.
2. Caracal Core (CLI & SDK)
Target: Developers and System Architects.
Caracal Core provides the high-performance CLI and SDK for deep integration into agentic loops and CI/CD pipelines.
Installation:
pip install caracal-core
Example CLI Commands:
# Register a principal (agent identity)
caracal principals register --name "web-scraper-01" --type agent
# Create an authority policy allowing search on specific resources
caracal policies create --principal-id <ID> --resources "google.com/*" --actions "GET,POST"
# Issue a time-bound execution mandate
caracal mandates issue --principal-id <ID> --ttl 1800
# Query the authority ledger
caracal authority-ledger query --principal-id <ID>
Core Concepts
Principals Identities (agents, users, or services) that can hold and exercise authority. Principals use ECDSA P-256 keys for cryptographic attestation.
Authority Policies Governing rules that define the maximum validity, allowed resource patterns, and permitted actions for a given principal.
Execution Mandates Short-lived, cryptographically signed tokens that grant specific rights. Mandates are checked by the Caracal Gateway before any action is executed.
Authority Ledger A high-performance, immutable audit trail of every authorization request, decision, and enforcement event.
Infrastructure
Caracal scales from local development to enterprise-grade throughput.
| Environment | Database | Messaging | Event Bus | Use Case |
|---|---|---|---|---|
| Standard | SQLite | File-based | In-Memory | Local development, testing, and TUI default. |
| Enterprise | PostgreSQL | Kafka | Redis/Redpanda | High-availability production enforcement. |
Project Structure
caracal/core/: Core engine for policy evaluation and mandate issuance.caracal/flow/: TUI layer for interactive management.caracal/db/: Persistence layer supporting multiple backends.k8s/: Kubernetes manifests for production deployment.deploy/: Infrastructure automation scripts.
License
Caracal is open-source software licensed under the AGPL-3.0. See the LICENSE file for details.
Developed by Garudex Labs.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file caracal_core-0.6.0.tar.gz.
File metadata
- Download URL: caracal_core-0.6.0.tar.gz
- Upload date:
- Size: 352.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3a28cb7694e66964c88f388fba0c07e2651dbf2c9c971a37a49335669c44856e
|
|
| MD5 |
8dc80a662d98f508b912387afd31ba73
|
|
| BLAKE2b-256 |
4a6b0d8f9d47806eefe1e35b26cd500aa92121015d618b0f24162cbd2ae33603
|
File details
Details for the file caracal_core-0.6.0-py3-none-any.whl.
File metadata
- Download URL: caracal_core-0.6.0-py3-none-any.whl
- Upload date:
- Size: 407.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
beaf5792fb6bf9e11722c19bf5c9d11afdfd5fd39325ef7916e4b98d26c6de83
|
|
| MD5 |
3a4e9563f412766a798a8bce5f79a315
|
|
| BLAKE2b-256 |
0e9459ff75e9ed234eaef2bc421c25f5694fb5a33190f9d8a2fcee5b91e2c780
|
