Policy document evaluator plugin for Spakky auth

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Spakky from gravatar.com Spakky
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Spakky
  • Requires: Python >=3.12
Report project as malware

Project description

spakky-policy

spakky-policy loads YAML, TOML, and JSON policy documents into typed canonical models and evaluates RBAC, PBAC, and ABAC-style authorization rules for spakky-auth.

Installation

pip install spakky-policy

Usage

from spakky.auth import AuthContext, AuthSubject
from spakky.plugins.policy import PolicyDocumentEvaluator, PolicyEvaluationInput
from spakky.plugins.policy.loader import policy_document_from_mapping

document = policy_document_from_mapping(
    {
        "version": "2026-06",
        "metadata": {"name": "article-policy"},
        "roles": [{"ref": "role:editor", "permissions": ["permission:article-read"]}],
        "policies": [
            {
                "ref": "policy:article-read",
                "statements": [
                    {
                        "ref": "allow-editor-read",
                        "effect": "allow",
                        "roles": ["role:editor"],
                        "permissions": ["permission:article-read"],
                        "resources": ["article:1"],
                        "actions": ["article:read"],
                    }
                ],
            }
        ],
    }
)

auth_context = AuthContext(
    subject=AuthSubject(id="user:alice"),
    issuer="issuer:test",
    roles=("role:editor",),
)
result = PolicyDocumentEvaluator(document).evaluate(
    PolicyEvaluationInput(
        auth_context=auth_context,
        resource="article:1",
        action="article:read",
        policy="policy:article-read",
    )
)
assert result.allowed is True

Policy Semantics

  • Explicit deny statements take precedence over matching allow statements.
  • No matching allow statement returns default deny evidence.
  • Conditions support all, any, and not composition plus equals, not_equals, in, contains, and exists atomic operators.
  • Resource, action, and tenant refs are canonical strings supplied by AuthorizationRequest, decorator metadata, AuthContext, or resolver output.
  • Named policies are the OR/ANY user-facing surface; MCP/tool authorization, generic policy APIs, policy UI, and authorized data filtering are out of scope.

License

MIT License

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Spakky from gravatar.com Spakky
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Spakky
  • Requires: Python >=3.12

Release history Release notifications | RSS feed

6.9.1

6.9.0

6.8.0

6.7.0

6.6.1

6.6.0

This version

6.5.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

spakky_policy-6.5.0.tar.gz (8.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

spakky_policy-6.5.0-py3-none-any.whl (12.2 kB view details)

Uploaded Python 3

File details

Details for the file spakky_policy-6.5.0.tar.gz.

File metadata

  • Download URL: spakky_policy-6.5.0.tar.gz
  • Upload date:
  • Size: 8.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for spakky_policy-6.5.0.tar.gz
Algorithm Hash digest
SHA256 fc2580c05edb478cc0a45a9822544d39f385308e1ab49ee0130ab23ee4e8ecc2
MD5 50c52b88d98f5d92e6a620ddfecda4bd
BLAKE2b-256 96a820f4ba7da60035fd37262ca25d78fd3978881e79bf822c8a3b6423feab19

See more details on using hashes here.

Provenance

The following attestation bundles were made for spakky_policy-6.5.0.tar.gz:

Publisher: publish-package.yml on E5presso/spakky-framework

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file spakky_policy-6.5.0-py3-none-any.whl.

File metadata

  • Download URL: spakky_policy-6.5.0-py3-none-any.whl
  • Upload date:
  • Size: 12.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for spakky_policy-6.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 c805565d9f1d81f782f438774e39023b6960fabeae679af4a7a9ce13d5928fde
MD5 2413fd743914069396a5d7e354eebe5e
BLAKE2b-256 fbe53591428e1c0000823ddaa6b4352005948e3cffd9f7d5206ded95171c90fd

See more details on using hashes here.

Provenance

The following attestation bundles were made for spakky_policy-6.5.0-py3-none-any.whl:

Publisher: publish-package.yml on E5presso/spakky-framework

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page