AI-powered firewall policy management

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for vmadatyan from gravatar.com vmadatyan

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache-2.0
  • Author: Vahagn Madatyan
  • Requires: Python >=3.12
Classifiers
Report project as malware

Project description

Policy Foundry

AI-powered firewall policy analysis and recommendation engine. Feed it traffic data and get back validated, risk-assessed firewall rule proposals with change request exports.

Input: Excel traffic exports or VPC Flow Logs (local/S3) Output: Terminal display, JSON, or change request forms (xlsx/pdf)

  Traffic Data  ──▶  AI Analysis Pipeline  ──▶  Change Request
  (Excel/Logs)       Analyze → Assess →         (xlsx / pdf /
                     Generate → Validate →       terminal / JSON)
                     Decide

Installation

Option 1: Install from PyPI (recommended)

pip install policy-foundry

Option 2: Install with pipx (isolated environment)

pipx install policy-foundry

Option 3: Install with uv

uv tool install policy-foundry

Verify installation

policyfoundry --help

Setup

PolicyFoundry uses an LLM to analyze traffic. You need one of these providers configured:

Using Ollama (free, local, default)

  1. Install Ollama
  2. Pull a model: 
    ollama pull llama3.2
  3. That's it — PolicyFoundry uses Ollama by default.

Using OpenAI

Set your API key as an environment variable:

export POLICYFOUNDRY_LLM__PROVIDER=openai
export POLICYFOUNDRY_LLM__MODEL=gpt-4o
export POLICYFOUNDRY_LLM__API_KEY=sk-your-key-here

Using AWS Bedrock

export POLICYFOUNDRY_LLM__PROVIDER=bedrock
export POLICYFOUNDRY_LLM__MODEL=anthropic.claude-3-sonnet-20240229-v1:0

Requires AWS credentials configured via aws configure or environment variables.

Using a config file

Create .policyfoundry.yaml in your working directory:

llm:
  provider: ollama
  model: llama3.2
  temperature: 0.1
  max_tokens: 4096
  timeout: 120

Usage

Analyze an Excel traffic export

policyfoundry analyze --source excel --file traffic.xlsx

Export a change request form

# Excel change request
policyfoundry analyze --source excel --file traffic.xlsx --export xlsx

# PDF change request
policyfoundry analyze --source excel --file traffic.xlsx --export pdf

# Both
policyfoundry analyze --source excel --file traffic.xlsx --export xlsx,pdf

Use a custom change request template

policyfoundry analyze --source excel --file traffic.xlsx \
  --export xlsx --template my-template.xlsx

A sample template is included in the repo.

Analyze VPC Flow Logs

# From local files
policyfoundry analyze --source local --sg-ids sg-0123456789abcdef0

# From S3
policyfoundry analyze --source s3 --sg-ids sg-0123456789abcdef0

Get JSON output

policyfoundry analyze --source excel --file traffic.xlsx --format json

View current firewall rules

policyfoundry rules --sg-id sg-0123456789abcdef0

Show resolved configuration

policyfoundry config

CLI Reference

policyfoundry analyze

Option Description Default
--source Data source: local, s3, or excel local
--format Output format: rich or json rich
--file Path to input file (required for excel) --
--export Export: xlsx, pdf, or xlsx,pdf --
--template Custom Excel template for export --
--sg-ids Security group IDs to analyze --
--config Path to YAML config file --
--debug Enable debug output false

policyfoundry rules

Option Description Default
--adapter Adapter name aws_sg
--sg-id Security group ID to query --
--format Output format: rich or json rich

policyfoundry config

Option Description Default
--format Output format: rich or json rich

Configuration

PolicyFoundry merges configuration from multiple sources (highest priority wins):

  1. CLI flags
  2. Environment variables (POLICYFOUNDRY_ prefix, __ for nesting)
  3. Local YAML (.policyfoundry.yaml in current directory)
  4. Global YAML (~/.policyfoundry/config.yaml)

Full config example

llm:
  provider: ollama          # ollama | openai | bedrock
  model: llama3.2
  temperature: 0.1
  max_tokens: 4096
  timeout: 120

sources:
  log_paths:
    - /var/log/vpc-flow/*.log
  # s3_bucket: my-vpc-logs-bucket
  # s3_prefix: vpc-flow-logs/

targets:
  security_group_ids:
    - sg-0123456789abcdef0

excel:
  # sheet_name: null
  # header_row: 1

output:
  format: rich
  data_dir: ~/.policyfoundry/data

Environment variable examples

export POLICYFOUNDRY_LLM__PROVIDER=openai
export POLICYFOUNDRY_LLM__MODEL=gpt-4o
export POLICYFOUNDRY_LLM__API_KEY=sk-...
export POLICYFOUNDRY_SOURCES__S3_BUCKET=my-vpc-logs
export POLICYFOUNDRY_TARGETS__SECURITY_GROUP_IDS=sg-abc123,sg-def456

Docker

Run PolicyFoundry with an Ollama sidecar:

docker compose up -d
docker compose exec ollama ollama pull llama3.2
docker compose run policyfoundry analyze --source excel --file /path/to/traffic.xlsx

Contributing

Build from source

git clone https://github.com/vahagn-madatyan/PolicyFoundry.git
cd PolicyFoundry

# Install uv if you don't have it
curl -LsSf https://astral.sh/uv/install.sh | sh

# Install with dev dependencies
uv sync --group dev

# Run from source
uv run policyfoundry --help

Run tests

uv run pytest
uv run pytest --cov=policyfoundry
uv run pytest -k "test_analyze"

Project structure

src/policyfoundry/
├── main.py                  # CLI app (analyze, rules, config)
├── adapters/                # Firewall vendor adapters (AWS SG, etc.)
├── analysis/                # Traffic analysis & aggregation
├── config/                  # Configuration management
├── ingestion/               # Data ingestion (local, S3, Excel)
├── pipeline/                # AI analysis pipeline (LangGraph)
├── storage/                 # Parquet persistence + DuckDB queries
├── output/                  # Terminal & JSON formatters
└── export/                  # Change request export (xlsx/pdf)

Architecture

PolicyFoundry runs a 5-stage AI pipeline built on LangGraph:

Stage Purpose
Analyze Examine traffic patterns, identify flows, detect anomalies
Assess Evaluate risk levels, flag high-risk flows
Generate Produce concrete firewall rule proposals
Validate Check proposals against adapter constraints (e.g., AWS SG limits)
Decide Final accept/modify/reject decisions with justifications

LLM calls use Instructor + LiteLLM for structured output — every call returns a validated Pydantic model, not free-form text.

Adapter system

Firewall adapters are loaded via Python entry points. The included AWS Security Group adapter validates against AWS-specific constraints (allow-only rules, 60-rule limit, CIDR validation). All adapters are wrapped in a read-only safety layer — PolicyFoundry never modifies live firewall rules.

Infrastructure (optional)

The infra/terraform/ directory contains Terraform for a test environment (VPC, security groups, S3 bucket, flow logs):

cd infra/terraform
terraform init
terraform plan -var="name_prefix=policyfoundry-dev"
terraform apply

License

Apache License 2.0

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for vmadatyan from gravatar.com vmadatyan

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache-2.0
  • Author: Vahagn Madatyan
  • Requires: Python >=3.12
Classifiers

Release history Release notifications | RSS feed

This version

0.2.2

0.2.0

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

policy_foundry-0.2.2.tar.gz (3.1 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

policy_foundry-0.2.2-py3-none-any.whl (110.5 kB view details)

Uploaded Python 3

File details

Details for the file policy_foundry-0.2.2.tar.gz.

File metadata

  • Download URL: policy_foundry-0.2.2.tar.gz
  • Upload date:
  • Size: 3.1 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for policy_foundry-0.2.2.tar.gz
Algorithm Hash digest
SHA256 5520c376c12da63779795646741d4bfa368518b0964a77991fa93be6933a8efb
MD5 bdcc63331a52e2d815811fc82f195a92
BLAKE2b-256 0e93531201332aa2abb391c127644a4c27f6e2fb029dce9a397d3f0d01f39428

See more details on using hashes here.

Provenance

The following attestation bundles were made for policy_foundry-0.2.2.tar.gz:

Publisher: pypi-publish.yml on vahagn-madatyan/PolicyFoundry

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file policy_foundry-0.2.2-py3-none-any.whl.

File metadata

  • Download URL: policy_foundry-0.2.2-py3-none-any.whl
  • Upload date:
  • Size: 110.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for policy_foundry-0.2.2-py3-none-any.whl
Algorithm Hash digest
SHA256 65e1ce956673938a360ab8d3a7a24d972029da3bf78530c564486dfd0c69fd8a
MD5 a14a04f8d3c831f7b6d21f3ab0a97bb1
BLAKE2b-256 661134042cb6048382a8a021244bf1f6496556fe34f0685d8954efcddec38f2a

See more details on using hashes here.

Provenance

The following attestation bundles were made for policy_foundry-0.2.2-py3-none-any.whl:

Publisher: pypi-publish.yml on vahagn-madatyan/PolicyFoundry

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page