Awesome GitHub RepositoriesAccess Control

Openclaw is a platform for managing agent execution environments, providing the infrastructure to control agent lifecycles, session state, and workspace persistence. It features a centralized gateway that handles model loops, tool invocation, and streaming events, while supporting multi-agent routing and persistent mem

Governs credential usage and permission overrides for individual agents through specialized command-line controls.

n8n is a workflow automation platform that combines a visual interface with code-based extensibility to design, orchestrate, and manage automated processes. It provides a comprehensive suite of tools for data transformation, filtering, and storage, allowing users to build complex logic through conditional branching, lo

Restricts chat participants to read-only access, ensuring users cannot alter sensitive workflows or underlying credentials.

FreeDomain is a centralized platform for managing the full lifecycle of domain names, providing services for free registration and web presence activation. It offers a unified administrative interface that allows users to secure digital identities across multiple top-level extensions and configure hosting environments

Isolates user accounts and ownership data within a shared database to maintain strict boundaries in multi-tenant environments.

LangChain is an orchestration framework designed for building, managing, and deploying applications powered by large language models. It provides a unified integration layer that normalizes disparate model provider APIs into a consistent set of primitives, enabling developers to build complex, multi-step AI workflows t

Revoke external system access by managing and removing active connections to preserve security boundaries.

RustDesk is a cross-platform remote desktop client that enables users to initiate and receive remote sessions. It provides a complete infrastructure for self-hosted remote access, utilizing a signaling and relay server architecture to maintain connectivity when direct peer-to-peer links are unavailable. The software is

Interact with protected system dialogs and administrative prompts remotely through specialized elevation handling.

OpenCode is a framework for orchestrating autonomous AI agents within development environments. It provides a multi-tiered architecture where primary assistants manage user interaction while specialized subagents handle specific tasks like planning, research, and code generation. The system includes a comprehensive com

Enforces granular permission rules that determine whether specific agent actions are allowed, blocked, or require manual validation.

Deno is a high-performance runtime for JavaScript and TypeScript that prioritizes security and developer productivity. Built on the V8 engine, it provides a secure execution environment that enforces a default-deny security model, requiring explicit user authorization for access to system resources like the file system

Evaluates and enforces resource access policies dynamically while applications are actively running.

This project provides a command-line interface for managing autonomous agent workflows, task orchestration, and system-level automation. It includes a comprehensive framework for defining agent skills, managing persistent memory, and delegating tasks to specialized subagents. Users can configure complex planning modes,

Policy engines evaluate security rules based on tool names and environmental context to permit or restrict specific system actions.

Home Assistant is a centralized home automation platform designed to orchestrate diverse internet-connected devices and services. It functions as a local-first control system that normalizes heterogeneous hardware protocols into a unified set of entities, attributes, and services. The core architecture relies on an eve

Implements comprehensive user authentication, multi-factor security, and granular permission controls to protect system access.

The Model Context Protocol is a standardized communication framework designed to connect language models to external data sources, functional tools, and interactive user interfaces. It provides a vendor-neutral interface layer that enables AI hosts to discover and execute capabilities across heterogeneous service envir

Enforces least-privilege access, authorization flows, and scope management for external data and tool integration.

This project provides a remote development platform that enables users to access a full-featured integrated development environment through a standard web browser. By decoupling the user interface from the server-side filesystem, it allows for persistent coding workspaces to be hosted on remote servers, virtual machine

Intercepts traffic at the network edge to enforce identity verification before granting access to internal resources.

Stirling-PDF is a self-hosted document processing suite designed for secure, private file management. It functions as a comprehensive transformation engine that executes complex operations—such as merging, splitting, converting, and redacting documents—directly on the host machine. The platform provides both a browser-

Configures user authentication and enforces role-based access control to secure application access and protect sensitive data.

Redis is an in-memory, key-value database designed to provide sub-millisecond latency for read and write operations. It functions as a versatile data platform, serving as a distributed cache, a message broker, a NoSQL document store, and a vector database. The system utilizes an event-driven, single-threaded loop to pr

Categorizes commands into functional sets to simplify permission management and restrict user access to specific operations.

Protocol Buffers is a language-neutral, platform-agnostic mechanism for serializing structured data. It provides a schema-driven toolchain that compiles declarative data definitions into type-safe source code, enabling consistent communication and strongly typed API contracts across services written in different progra

Apply file-level configurations that dictate the default scope and visibility of symbols to maintain consistent access control across generated code.

Superset is a web-based business intelligence platform designed for data exploration, visualization, and interactive dashboarding. It functions as a query-driven analytics engine that connects to various SQL databases, allowing users to perform ad-hoc analysis, define virtual metrics, and build complex data visualizati

Enforces data security by mapping user identities to granular permissions and row-level filters applied to database queries.

This project is a community-driven directory that aggregates essential software projects and educational content for the Node.js ecosystem. It functions as a centralized knowledge base and discovery index, designed to simplify the navigation of a fragmented technical landscape by providing a structured collection of hi

Compiles reliable libraries and tools for implementing authentication and authorization in software.

LocalStack is an infrastructure development environment that provides a local simulation of cloud services. By leveraging container-orchestrated service lifecycles, it allows developers to build, test, and debug cloud-native applications on their local machines without requiring remote connectivity or incurring cloud p

Governs permission sets and authentication flows by simulating credential handling to secure local testing environments.

Vaultwarden is a self-hosted password management server designed to store and synchronize sensitive credentials, identities, and organizational data across multiple client devices. It functions as a database-backed web application that provides an API layer for secure client-server communication, enabling users to mana

Restricts administrative access by enabling proxy-level filtering of incoming connections based on specific network or IP address criteria.

Appwrite is a backend-as-a-service platform that provides a unified development environment for building full-stack applications. It integrates essential infrastructure components—including authentication, databases, storage, and serverless functions—into a single, centralized interface to simplify application developm

Enforces the principle of least privilege by assigning granular access scopes to individual API keys.

Ghost is an open-source publishing platform and headless content management system designed for professional publishers. It provides a decoupled architecture that separates the content management backend from the front-end delivery layer, allowing users to manage editorial workflows and site data through structured web

Restricts access to specific content items based on user subscription tiers and membership status.