Skip to main content

Policy-aware control plane for enterprise LLM, RAG, and AI agent applications.

Project description

PolicyAware AI Gateway

PyPI: policyaware | Downloads: Pepy stats | Python: 3.10+ | License: Apache-2.0 | Docs: GitHub Pages

PolicyAware adds deny-by-default policy, PII redaction, MCP tool governance, model routing, runtime evaluation, and audit traces to LLM, RAG, and AI agent applications in minutes.

PolicyAware AI Gateway is an open-source control plane for governed AI execution across enterprise LLM, RAG, AI agent, and MCP-style tool workflows. It enforces organizational, legal, security, cost, and routing policy before requests reach models or tools, then evaluates outputs for safety, quality, compliance, and auditability.

Documentation site: https://ktirupati.github.io/policyaware/

Capability docs: docs/capabilities.md Ready-to-use YAML policies: docs/capabilities/ready-to-use-yaml.md Comparison guide: PolicyAware vs guardrails vs AI gateway vs model router Alternatives guide: PolicyAware alternatives for guardrails, AI gateways, model routers, and MCP governance Demo outputs: captured terminal output for runnable examples Changelog: release history

What It Provides

  • Policy enforcement for RBAC, context, tenant, region, compliance, budgets, tokens, latency, and model constraints.
  • PII, PHI, secrets, and sensitive-data detection with redaction actions.
  • Multi-provider model routing with fallbacks by policy, task type, risk, cost, availability, and quality.
  • Runtime evaluation for safety, policy compliance, grounding, citations, and leakage.
  • Risk-tier classification with explainable reason codes.
  • MCP/tool governance for connector-level and action-level permissions.
  • Full request/response trace, explainable decisions, replay-ready audit logs, and exportable JSONL records.
  • Python SDK, CLI, YAML policies, local development mode, and integration shims.

Author

Created and maintained by Krishna Kishor Tirupati.

Project links:

Quick Start

pip install policyaware
policyaware dev simulate
policyaware risk classify "Email jane@example.com about a patient diagnosis" --domain healthcare

For local development from this repository:

pip install -e ".[dev]"
policyaware policy test examples/policies/basic.yaml
policyaware policy validate examples/policies/basic.yaml
policyaware risk classify "Summarize this patient diagnosis" --domain healthcare
policyaware tools check examples/policies/tool-governance.yaml --agent code_assistant --connector github --action create_pr
policyaware eval run examples/evals/support_rag.yaml

For copy-pasteable end-to-end examples, see Working Examples.

Copy-Paste Examples

Captured terminal output for the runnable examples is available in docs/demo-outputs.md.

Articles

from policyaware import Gateway, GatewayRequest

gateway = Gateway.from_policy_file("examples/policies/basic.yaml")

response = gateway.chat(
    GatewayRequest(
        tenant="acme",
        app="claims-assistant",
        user={"id": "u_123", "role": "claims_adjuster"},
        context={"region": "us", "task_type": "summarization", "risk": "low"},
        messages=[{"role": "user", "content": "Summarize claim ACME-42."}],
    )
)

print(response.content)
print(response.policy.decision)
print(response.policy.reason_codes)
print(response.trace_id)

Architecture

Application / Agent / RAG App
        |
        v
PolicyAware SDK / Middleware
        |
        v
Identity + Context Resolver
        |
        v
Policy Decision Engine -> Data Protection Engine -> Model Router -> Provider/Tool
        |
        v
Runtime Evaluation -> Audit Trace -> Response

Repository Layout

src/policyaware/
  audit.py              Request traces and audit export records
  cli.py                policyaware CLI
  data_protection.py    PII/PHI/secret detection and redaction
  evals.py              Offline and runtime evaluation primitives
  gateway.py            Main SDK facade
  models.py             Core typed contracts
  policy.py             Deny-by-default policy engine
  providers.py          Provider abstraction and local simulated provider
  routing.py            Policy-aware model routing
  integrations/         FastAPI, Flask, LangChain, LlamaIndex shims
examples/
  policies/
  evals/
tests/

Policy Example

id: basic_enterprise_policy
default: deny

rules:
  - name: allow_low_risk_support
    effect: allow
    when:
      user.role_in: ["support_agent", "claims_adjuster"]
      request.risk_in: ["low", "medium"]
      data.contains_secrets: false

  - name: redact_pii_for_non_privileged_users
    effect: transform
    action: redact
    when:
      data.contains_pii: true
      user.role_not_in: ["privacy_admin", "compliance_officer"]

  - name: require_approval_for_high_risk
    effect: require_approval
    when:
      request.risk: "high"

Development Status

This is a production-grade starter framework: the core extension points and executable behavior are present, while provider integrations, enterprise identity adapters, dashboard UI, and long-term storage can be expanded by contributors.

v0.2 MVP Capabilities

  • Deterministic risk classification: low, medium, high, critical.
  • Explainable policy decisions with reason codes and remediation.
  • Replayable audit trace snapshots.
  • Audit bundle generation.
  • Tool governance policies for MCP-style connectors and actions.
  • Governance-aware eval report schema.
  • Provider adapters for OpenAI-compatible APIs, Azure OpenAI, Anthropic, Bedrock, Vertex AI, Ollama, and vLLM.
  • Optional ML signal integrations for Presidio PII detection, ProtectAI prompt-injection detection, and custom Transformers domain/risk classifiers.
  • SQLite audit storage and static trace viewer.
  • Prometheus text and OpenTelemetry-shaped JSON exporters.
  • File and webhook approval hooks.
  • Executable golden dataset policy checks.

Third-Party ML Models

Optional ML integrations may download third-party models at runtime. PolicyAware does not bundle model weights. Review and accept the license or access terms for any model you configure, especially gated Hugging Face models.

Recommended GitHub Topics

For discovery, use repository topics such as llm, ai-gateway, llm-governance, guardrails, rag, mcp, ai-agents, pii-redaction, model-routing, audit, python, and open-source.

License

Apache-2.0

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

policyaware-0.2.6.tar.gz (132.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

policyaware-0.2.6-py3-none-any.whl (38.6 kB view details)

Uploaded Python 3

File details

Details for the file policyaware-0.2.6.tar.gz.

File metadata

  • Download URL: policyaware-0.2.6.tar.gz
  • Upload date:
  • Size: 132.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for policyaware-0.2.6.tar.gz
Algorithm Hash digest
SHA256 d44e1114f8b5c8df7459e32489662b5b03f33b829f385077d2132bcb3d7fecf2
MD5 abda51c3151fa6a537bef1e53cb46bf7
BLAKE2b-256 546fa2624872773f194336e6d7b731b840f96ec5af15f6f208c004f52d32af1a

See more details on using hashes here.

Provenance

The following attestation bundles were made for policyaware-0.2.6.tar.gz:

Publisher: publish.yml on ktirupati/policyaware

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file policyaware-0.2.6-py3-none-any.whl.

File metadata

  • Download URL: policyaware-0.2.6-py3-none-any.whl
  • Upload date:
  • Size: 38.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for policyaware-0.2.6-py3-none-any.whl
Algorithm Hash digest
SHA256 aba1b7547ae4f900bb9c0550409cca1726e4ff132e119b342d664a11209c22ee
MD5 774b4ffc2db4438d4944b49eb9668364
BLAKE2b-256 3d340444bc98fc9136acb71fa7ea01fbac71b7cb0d435f8a129f498147287cb6

See more details on using hashes here.

Provenance

The following attestation bundles were made for policyaware-0.2.6-py3-none-any.whl:

Publisher: publish.yml on ktirupati/policyaware

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page