Policy document evaluator plugin for Spakky auth

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Spakky from gravatar.com Spakky
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Spakky
  • Requires: Python >=3.12
Report project as malware

Project description

spakky-policy

spakky-policy loads YAML, TOML, and JSON policy documents into typed canonical models and evaluates RBAC, PBAC, and ABAC-style authorization rules for spakky-auth.

Installation

pip install spakky-policy

Usage

from spakky.auth import AuthContext, AuthSubject
from spakky.plugins.policy import PolicyDocumentEvaluator, PolicyEvaluationInput
from spakky.plugins.policy.loader import policy_document_from_mapping

document = policy_document_from_mapping(
    {
        "version": "2026-06",
        "metadata": {"name": "article-policy"},
        "roles": [{"ref": "role:editor", "permissions": ["permission:article-read"]}],
        "policies": [
            {
                "ref": "policy:article-read",
                "statements": [
                    {
                        "ref": "allow-editor-read",
                        "effect": "allow",
                        "roles": ["role:editor"],
                        "permissions": ["permission:article-read"],
                        "resources": ["article:1"],
                        "actions": ["article:read"],
                    }
                ],
            }
        ],
    }
)

auth_context = AuthContext(
    subject=AuthSubject(id="user:alice"),
    issuer="issuer:test",
    roles=("role:editor",),
)
result = PolicyDocumentEvaluator(document).evaluate(
    PolicyEvaluationInput(
        auth_context=auth_context,
        resource="article:1",
        action="article:read",
        policy="policy:article-read",
    )
)
assert result.allowed is True

Policy Semantics

  • Explicit deny statements take precedence over matching allow statements.
  • No matching allow statement returns default deny evidence.
  • Conditions support all, any, and not composition plus equals, not_equals, in, contains, and exists atomic operators.
  • Resource, action, and tenant refs are canonical strings supplied by AuthorizationRequest, decorator metadata, AuthContext, or resolver output.
  • Named policies are the OR/ANY user-facing surface; MCP/tool authorization, generic policy APIs, policy UI, and authorized data filtering are out of scope.

License

MIT License

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Spakky from gravatar.com Spakky
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Spakky
  • Requires: Python >=3.12

Release history Release notifications | RSS feed

6.9.1

6.9.0

6.8.0

6.7.0

6.6.1

This version

6.6.0

6.5.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

spakky_policy-6.6.0.tar.gz (8.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

spakky_policy-6.6.0-py3-none-any.whl (12.2 kB view details)

Uploaded Python 3

File details

Details for the file spakky_policy-6.6.0.tar.gz.

File metadata

  • Download URL: spakky_policy-6.6.0.tar.gz
  • Upload date:
  • Size: 8.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for spakky_policy-6.6.0.tar.gz
Algorithm Hash digest
SHA256 ad38ee8965092680a23eb799a922a4a063ef852668075e438f1e72b8df97bd1d
MD5 596b7d923811be2f1018f063370c7403
BLAKE2b-256 d72775d1f8e0a9972c14c755c42b5066ff0417d3c343b4dfcc04aefe9dc8b9db

See more details on using hashes here.

Provenance

The following attestation bundles were made for spakky_policy-6.6.0.tar.gz:

Publisher: publish-package.yml on E5presso/spakky-framework

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file spakky_policy-6.6.0-py3-none-any.whl.

File metadata

  • Download URL: spakky_policy-6.6.0-py3-none-any.whl
  • Upload date:
  • Size: 12.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for spakky_policy-6.6.0-py3-none-any.whl
Algorithm Hash digest
SHA256 c3b2bc2527f669a50181d0fb73de3e4a57564fd40c4d2bc7ef78cc3267b3ea92
MD5 fb9758ea7bb026f403b9681a640555cf
BLAKE2b-256 d8b4fbab6d328fe864294d444b597e0e474ed4fa82efff9248394c752efc80ed

See more details on using hashes here.

Provenance

The following attestation bundles were made for spakky_policy-6.6.0-py3-none-any.whl:

Publisher: publish-package.yml on E5presso/spakky-framework

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page