Runtime enforcement boundary for AI agents: a local sidecar that gates every outbound call against Cedar policies you own. Deterministic, call-level, no model on the hot path
-
Updated
Jul 10, 2026 - Rust
Runtime enforcement boundary for AI agents: a local sidecar that gates every outbound call against Cedar policies you own. Deterministic, call-level, no model on the hot path
Open-source infrastructure for groups of AI agents — identity, capability, accountability, and norms. Framework-agnostic.
MCP server for Cedar policy language - validate, authorize, diff, and plan policy changes for Amazon Verified Permissions from your AI assistant.
Agent Run Config — an open specification for declaring, packaging, securing, and sharing portable, governed AI agents. Like a Dockerfile for agents: one reviewable Agentfile for identity, tools, boundaries, policy, and OCI packaging.
Apache-2.0 licensed lightweight agent sandbox: Cedar policy + Ed25519-signed receipts in one Rust binary. Design-partner preview.
Cedar for .NET — a C#/.NET port of the Cedar Java bindings, enabling .NET applications to parse, validate, format, convert, and evaluate Cedar policies using the native Cedar engine.
Deterministic, policy-as-code authorization for what an AI agent is allowed to do. Every tool call checked before it runs, logged after. A runnable reference build, not output guardrails. https://demo.sarthak-gupta.com
Open-source AI agent governance kernel — cryptographic audit trails, consent-checked data access, and verifiable decision records.
Policy platform for AI agents: Cedar policy over network, filesystem, and process access. Container sandboxing with observe-then-enforce workflow.
The Zero-Trust Action Hub is a standalone, Zero-Trust Policy Decision Point (PDP) designed for autonomous AI agent ecosystems. It enforces cryptographic governance over high-risk agent actions using AWS Cedar policies and Ed25519 digital signatures, requiring agents to collect and present cryptographic proofs from trusted external microservices.
PaediatricClinic Spring Boot application to demonstrate Cedar.
Experimental governance ideas for autonomous AI agents — captcha, permit, mesh, eval, memory.
Reusable Cedar policy templates for agent action receipt verification. Interoperable with the Cedar policy engine and cedar for agents.
Zero-trust API firewall and security integrity layer for autonomous AI agents & Model Context Protocol (MCP) tool execution. Secure, TOCTOU-proof, fail-closed.
Vendor-neutral authorization for AI agents. Run the check inside the agent controls you already use (LlamaFirewall, NeMo Guardrails, FastMCP, A2A) and decide with the Policy-as-Code engine you already trust (OPA, Cedar, OpenFGA, or any AuthZEN PDP). One fail-closed allow/block/human-review verdict on every agent action.
Desktop runtime for humans and AI agents to share live coding sessions. Multi-provider agent orchestration (Claude/Codex), policy-gated approvals (Cedar), human-in-the-loop interventions, multi-agent channels, worktree-isolated execution, dual-signed cross-node dispatch, E2E-encrypted relay. TypeScript daemon + tRPC + Electron/CLI clients.
OpenAgentTrustStack (OATS) Specification
A secure-by-default database
Policy-gated data excavation for AI agents on Amazon Bedrock AgentCore. Cedar + Bedrock Guardrails enforce cost limits, PII protection, and read-only access across Athena, OpenSearch, S3, and MCP. Apache 2.0 CDK reference architecture.
Self-hosted JavaScript authentication library for AWS Cognito with WebAuthn/Passkey support. Rust Token Handler backend with Cedar authorization.
Add a description, image, and links to the cedar-policy topic page so that developers can more easily learn about it.
To associate your repository with the cedar-policy topic, visit your repo's landing page and select "manage topics."