Policy-aware control plane for enterprise LLM, RAG, and AI agent applications.
Project description
PolicyAware AI Gateway
PolicyAware AI Gateway is an open-source control plane for governed AI execution across enterprise LLM, RAG, AI agent, and MCP-style tool workflows. It enforces organizational, legal, security, cost, and routing policy before requests reach models or tools, then evaluates outputs for safety, quality, compliance, and auditability.
The default posture is deny-by-default: every request must match an allow or conditional policy before execution.
Documentation site: https://ktirupati.github.io/policyaware/
What It Provides
- Policy enforcement for RBAC, context, tenant, region, compliance, budgets, tokens, latency, and model constraints.
- PII, PHI, secrets, and sensitive-data detection with redaction actions.
- Multi-provider model routing with fallbacks by policy, task type, risk, cost, availability, and quality.
- Runtime evaluation for safety, policy compliance, grounding, citations, and leakage.
- Risk-tier classification with explainable reason codes.
- MCP/tool governance for connector-level and action-level permissions.
- Full request/response trace, explainable decisions, replay-ready audit logs, and exportable JSONL records.
- Python SDK, CLI, YAML policies, local development mode, and integration shims.
Quick Start
pip install policyaware
For local development from this repository:
pip install -e ".[dev]"
policyaware policy test examples/policies/basic.yaml
policyaware policy validate examples/policies/basic.yaml
policyaware policy explain examples/policies/basic.yaml --prompt "Email jane@example.com"
policyaware risk classify "Summarize this patient diagnosis" --domain healthcare
policyaware tools check examples/policies/tool-governance.yaml --agent code_assistant --connector github --action create_pr
policyaware eval run examples/evals/support_rag.yaml
For copy-pasteable end-to-end examples, see Working Examples.
from policyaware import Gateway, GatewayRequest
gateway = Gateway.from_policy_file("examples/policies/basic.yaml")
response = gateway.chat(
GatewayRequest(
tenant="acme",
app="claims-assistant",
user={"id": "u_123", "role": "claims_adjuster"},
context={"region": "us", "task_type": "summarization", "risk": "low"},
messages=[{"role": "user", "content": "Summarize claim ACME-42."}],
)
)
print(response.content)
print(response.policy.decision)
print(response.policy.reason_codes)
print(response.trace_id)
Architecture
Application / Agent / RAG App
|
v
PolicyAware SDK / Middleware
|
v
Identity + Context Resolver
|
v
Policy Decision Engine -> Data Protection Engine -> Model Router -> Provider/Tool
|
v
Runtime Evaluation -> Audit Trace -> Response
Repository Layout
src/policyaware/
audit.py Request traces and audit export records
cli.py policyaware CLI
data_protection.py PII/PHI/secret detection and redaction
evals.py Offline and runtime evaluation primitives
gateway.py Main SDK facade
models.py Core typed contracts
policy.py Deny-by-default policy engine
providers.py Provider abstraction and local simulated provider
routing.py Policy-aware model routing
integrations/ FastAPI, Flask, LangChain, LlamaIndex shims
examples/
policies/
evals/
tests/
Policy Example
id: basic_enterprise_policy
default: deny
rules:
- name: allow_low_risk_support
effect: allow
when:
user.role_in: ["support_agent", "claims_adjuster"]
request.risk_in: ["low", "medium"]
data.contains_secrets: false
- name: redact_pii_for_non_privileged_users
effect: transform
action: redact
when:
data.contains_pii: true
user.role_not_in: ["privacy_admin", "compliance_officer"]
- name: require_approval_for_high_risk
effect: require_approval
when:
request.risk: "high"
Development Status
This is a production-grade starter framework: the core extension points and executable behavior are present, while provider integrations, enterprise identity adapters, dashboard UI, and long-term storage can be expanded by contributors.
v0.2 MVP Capabilities
- Deterministic risk classification: low, medium, high, critical.
- Explainable policy decisions with reason codes and remediation.
- Replayable audit trace snapshots.
- Audit bundle generation.
- Tool governance policies for MCP-style connectors and actions.
- Governance-aware eval report schema.
- Provider adapters for OpenAI-compatible APIs, Azure OpenAI, Anthropic, Bedrock, Vertex AI, Ollama, and vLLM.
- SQLite audit storage and static trace viewer.
- Prometheus text and OpenTelemetry-shaped JSON exporters.
- File and webhook approval hooks.
- Executable golden dataset policy checks.
License
Apache-2.0
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file policyaware-0.2.2.tar.gz.
File metadata
- Download URL: policyaware-0.2.2.tar.gz
- Upload date:
- Size: 96.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
688695f9428dc8763656cbd6876bbbb313bd6e17a21cf6506d33b2f57c09aae8
|
|
| MD5 |
5190be9c86982f89476a9e59045d6d2e
|
|
| BLAKE2b-256 |
0abe29d385e4f59f27b76fc7a06c8e3cb01dfefa658c4714d2a2d47ce9acb758
|
Provenance
The following attestation bundles were made for policyaware-0.2.2.tar.gz:
Publisher:
publish.yml on ktirupati/policyaware
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
policyaware-0.2.2.tar.gz -
Subject digest:
688695f9428dc8763656cbd6876bbbb313bd6e17a21cf6506d33b2f57c09aae8 - Sigstore transparency entry: 1507439057
- Sigstore integration time:
-
Permalink:
ktirupati/policyaware@ab0f580f91f09e96e1f1d214d722886870bbcd38 -
Branch / Tag:
refs/tags/v0.2.2 - Owner: https://github.com/ktirupati
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@ab0f580f91f09e96e1f1d214d722886870bbcd38 -
Trigger Event:
release
-
Statement type:
File details
Details for the file policyaware-0.2.2-py3-none-any.whl.
File metadata
- Download URL: policyaware-0.2.2-py3-none-any.whl
- Upload date:
- Size: 32.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
dd7e6a57135c4459a684716b5145e4bcdb02295aa94d969c6de09591eca20bf3
|
|
| MD5 |
264297c5bd69c9285bb4d416c64413f8
|
|
| BLAKE2b-256 |
93cc1c8f7ff23ce235e94428d0947d12699530d38725263ca5624cd7ea5c3134
|
Provenance
The following attestation bundles were made for policyaware-0.2.2-py3-none-any.whl:
Publisher:
publish.yml on ktirupati/policyaware
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
policyaware-0.2.2-py3-none-any.whl -
Subject digest:
dd7e6a57135c4459a684716b5145e4bcdb02295aa94d969c6de09591eca20bf3 - Sigstore transparency entry: 1507439184
- Sigstore integration time:
-
Permalink:
ktirupati/policyaware@ab0f580f91f09e96e1f1d214d722886870bbcd38 -
Branch / Tag:
refs/tags/v0.2.2 - Owner: https://github.com/ktirupati
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@ab0f580f91f09e96e1f1d214d722886870bbcd38 -
Trigger Event:
release
-
Statement type: