Embedded ABAC policy engine for AI agents

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for vladkesler from gravatar.com vladkesler

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT OR Apache-2.0
    SPDX License Expression
  • Author: vladimir kesler
  • Tags abac , agent , ai , authorization , cel , policy , yaml
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

initguard

Embedded ABAC policy engine for AI agents.

PyPI Python License

Write authorization policies in YAML with CEL conditions, evaluate them in-process. No sidecar, no HTTP, no external service. Policies use when/unless clauses for readable rules and return structured Decision objects with human-readable reasons and advice.

Install

pip install initguard

Quick start

Create a policy file:

# policies/tool_policy.yaml
apiVersion: initguard/v1
kind: ResourcePolicy
resource: tool
rules:
  - actions: ["execute"]
    effect: allow
    roles: ["agent"]
    when: request.resource.attr.tool_type in ["http", "search"]

  - actions: ["execute"]
    effect: deny
    roles: ["agent"]
    when: request.resource.attr.tool_type == "shell"
    unless: request.principal.attr.tags.exists(t, t == "trusted")
    advice: "Shell tools require the 'trusted' tag."

Load and evaluate:

from initguard import PolicyEngine, Principal, load_policies

engine = PolicyEngine(load_policies("./policies"))

agent = Principal(
    id="agent:helper",
    roles=["agent"],
    attrs={"tags": ["basic"]},
)

decision = engine.check(agent, "tool", "execute", resource_attrs={"tool_type": "shell"})

print(decision.allowed)  # False
print(decision.reason)   # "denied by tool_policy.yaml:rules[1]"
print(decision.advice)   # "Shell tools require the 'trusted' tag."

Policy format

Three document kinds, all in YAML.

Schema (optional)

Lint your policies against known attribute names. Catches typos at load time.

apiVersion: initguard/v1
kind: Schema
principals:
  agent:
    attrs:
      team: string
      tags: list
resources:
  tool:
    attrs:
      tool_type: string
    actions: [execute]

DerivedRoles

Conditional role elevation using CEL. A definition matches when when is true and unless is false (or absent). Names must be globally unique.

apiVersion: initguard/v1
kind: DerivedRoles
name: agent_roles
definitions:
  - name: trusted_agent
    parentRoles: ["agent"]
    when: request.principal.attr.tags.exists(t, t == "trusted")

  - name: same_team
    parentRoles: ["agent"]
    when: request.principal.attr.team != ""
    unless: request.principal.attr.team != request.resource.attr.team

ResourcePolicy

Allow/deny rules for a resource kind. Deny always wins over allow. Every rule must declare at least one of roles or derivedRoles.

apiVersion: initguard/v1
kind: ResourcePolicy
resource: tool
importDerivedRoles: [agent_roles]
rules:
  - actions: ["execute"]
    effect: allow
    derivedRoles: ["trusted_agent"]

  - actions: ["execute"]
    effect: deny
    roles: ["agent"]
    when: request.resource.attr.tool_type in ["shell", "python"]
    unless: request.principal.attr.tags.exists(t, t == "trusted")
    advice: "Requires the 'trusted' tag."

Derived roles are scoped to imports -- a ResourcePolicy only sees roles from the sets it explicitly imports, preventing privilege leakage across policy domains.

API

load_policies(policy_dir) -> PolicySet

Load all *.yaml / *.yml files from a directory. Files are loaded in sorted order for deterministic precedence. All CEL expressions are compiled at load time. Raises PolicyLoadError on invalid YAML, bad CEL syntax, duplicate role names, or broken references.

PolicyEngine(policy_set)

engine = PolicyEngine(policy_set)

engine.check(principal, resource_kind, action, resource_id="*", resource_attrs=None) -> Decision

Evaluate policies and return a Decision. Also available as check_async for async contexts.

engine.info() -> EngineInfo

Returns loaded policy summary: resource kinds, derived role sets, policy/rule counts, schema presence.

Decision

Field Type Description
allowed bool Whether the action is permitted
reason str Human-readable explanation, always populated
matched_rule str Stable rule identifier, e.g. "tool_policy.yaml:rules[1]"
advice str From the rule's advice field, or empty

Principal

Field Type Description
id str Identity string, e.g. "agent:code-reviewer"
roles list[str] Role list, e.g. ["agent", "team:platform"]
attrs dict[str, Any] Attributes for CEL conditions

CEL expressions

Conditions use Google Common Expression Language. Supported patterns:

# List membership
request.resource.attr.tool_type in ["shell", "python"]

# Existential quantifier
request.principal.attr.tags.exists(t, t == "trusted")

# Attribute equality
request.principal.attr.team == request.resource.attr.team

# Boolean operators
!request.principal.attr.tags.exists(t, t == "admin") && request.resource.attr.tool_type == "shell"

Missing attributes in CEL expressions evaluate to false (condition not met), not an error.

Development

uv sync --all-extras
uv run pytest tests/ -v
uv run ruff check . && uv run ruff format --check .

License

MIT OR Apache-2.0

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for vladkesler from gravatar.com vladkesler

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT OR Apache-2.0
    SPDX License Expression
  • Author: vladimir kesler
  • Tags abac , agent , ai , authorization , cel , policy , yaml
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

This version

2026.3.3

2026.3.2

2026.3.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

initguard-2026.3.3.tar.gz (62.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

initguard-2026.3.3-py3-none-any.whl (16.6 kB view details)

Uploaded Python 3

File details

Details for the file initguard-2026.3.3.tar.gz.

File metadata

  • Download URL: initguard-2026.3.3.tar.gz
  • Upload date:
  • Size: 62.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for initguard-2026.3.3.tar.gz
Algorithm Hash digest
SHA256 c117d010572e9acc3aa9fc632758c20466eb6bf914ee2171ab358e662a71013a
MD5 3a0365c8274fbea9362444c3f6da9724
BLAKE2b-256 8aec111fb385a7cde080f65696507c754350577a8f9b631b728b715d9d51fdc9

See more details on using hashes here.

Provenance

The following attestation bundles were made for initguard-2026.3.3.tar.gz:

Publisher: release.yml on vladkesler/initguard

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file initguard-2026.3.3-py3-none-any.whl.

File metadata

  • Download URL: initguard-2026.3.3-py3-none-any.whl
  • Upload date:
  • Size: 16.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for initguard-2026.3.3-py3-none-any.whl
Algorithm Hash digest
SHA256 6942825e6d7e885108f073dcb7089976b0c959a0126787109a41cef7ec11bcd3
MD5 3465f5ad65cbfc4f102796447928cc4a
BLAKE2b-256 1cbded0396e36d4a3883d0ba7233d0f66a7983e7322bf8ff22d35dc3a0e97372

See more details on using hashes here.

Provenance

The following attestation bundles were made for initguard-2026.3.3-py3-none-any.whl:

Publisher: release.yml on vladkesler/initguard

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page