113 مستودعات
Systems that enforce security permissions based on defined authorization policies.
Distinguishing note: Focuses on policy-driven authorization rather than role-based or attribute-based access control alone.
Explore 113 awesome GitHub repositories matching security & cryptography · Policy-Based Access Control. Refine with filters or upvote what's useful.
This project is an AI model API gateway and proxy server designed to provide a unified interface for interacting with diverse artificial intelligence service providers. It functions as a centralized middleware platform that routes, load balances, and translates API requests across multiple models, enabling developers to access text, image, audio, and video generation capabilities through a single, standardized integration. The gateway distinguishes itself through comprehensive administrative and financial controls, including event-driven usage accounting, real-time token consumption tracking,
Enforces security permissions through token grouping and model-level access restrictions.
Backstage is an open-source framework for building internal developer portals. It provides a centralized, metadata-driven software catalog that tracks ownership, dependencies, and lifecycle status for all technical assets by harvesting configuration files directly from version control systems. The platform is built on a plugin-based modular architecture, allowing teams to extend core functionality through isolated, independently deployable modules that integrate into a unified frontend and backend ecosystem. The project distinguishes itself through its focus on developer productivity and stan
Enforces granular security permissions across all platform resources by evaluating authorization rules.
Filament is a full-stack framework for building administrative panels and management interfaces within the Laravel ecosystem. It provides a declarative, component-based architecture that allows developers to construct complex, data-driven applications using server-side configuration objects rather than manual HTML. By inspecting database model structures and relationships, the framework automates the generation of CRUD interfaces, forms, and data tables, significantly reducing boilerplate code. The project distinguishes itself through a highly modular and extensible design that supports custo
Integrates with existing model policies to automatically restrict user access to creation pages based on authorization rules.
This project is a high-performance headless browser engine designed for scalable web automation, data extraction, and AI agent integration. It provides a specialized environment that allows autonomous agents and testing frameworks to interact with web content through standardized remote control protocols. By executing pages in a lightweight, headless state, the engine minimizes resource consumption while maintaining the ability to perform complex navigation and dynamic content rendering. The platform distinguishes itself through deep integration with AI-centric communication layers and advanc
Automatically enforces website exclusion directives to ensure automated requests comply with site owner preferences.
Consul is a distributed coordination service and service mesh tool used for service discovery, health monitoring, and cluster state management across dynamic networks. It provides a platform for locating network addresses of services and managing traffic across distributed infrastructure using DNS and HTTP interfaces. The project distinguishes itself through multi-datacenter network orchestration, enabling the federation of services across different regions using mesh gateways. It secures communication via a service mesh architecture that employs identity-based authorization and mutual TLS en
Implements a token-based authorization system using prefix-matching rules to restrict API access.
OpenZeppelin Contracts is a library of modular, secure, and reusable smart contract components designed for the development of decentralized applications. It provides a foundational framework for building standard-compliant contracts, offering battle-tested implementations for token standards, access control, and common utility patterns. The project distinguishes itself through its comprehensive support for complex architectural patterns, including proxy-based upgradeability, role-based access control, and account abstraction. It enables developers to implement modular logic injection via hoo
Enables flexible access control by decoupling security logic into modular signers, context rules, and policies.
Dexter is an autonomous research platform designed to decompose complex inquiries into structured, multi-step workflows. It functions as an agent orchestration system that utilizes iterative tool-calling loops and language models to gather data, perform analysis, and validate findings against internal criteria to ensure accuracy. The platform distinguishes itself through its specialized focus on financial research and messaging integration. It autonomously interprets real-time market data, including income statements and regulatory filings, to generate evidence-based insights. By connecting d
Restricts incoming messages to specific phone numbers or personal accounts to control interaction and prevent unauthorized usage.
Pulumi is an infrastructure-as-code framework that enables the definition, deployment, and management of cloud resources using general-purpose programming languages. It functions as a cloud resource orchestrator that coordinates the lifecycle of heterogeneous infrastructure by executing code to construct dependency graphs and reconciling the desired state against actual cloud environments. The platform distinguishes itself through a language-host runtime bridge that allows developers to use standard programming languages to define infrastructure, rather than relying solely on domain-specific
Defines organization roles, team memberships, and permission assignments as versioned infrastructure code.
FastMCP is a Python framework designed for building servers that expose functions, resources, and prompts to AI models using the Model Context Protocol. It simplifies the development process by automatically deriving tool metadata, input schemas, and documentation directly from Python function signatures and type hints. The framework provides a unified container for managing these components, allowing developers to build modular applications that integrate seamlessly with AI assistants. The project distinguishes itself through its support for interactive, server-defined user interface compone
Enforces granular access control by evaluating dynamic JSON-based policies against incoming requests.
Firefly III is a self-hosted personal finance management system built on a double-entry bookkeeping engine. It provides a comprehensive platform for tracking income, expenses, and account balances while maintaining financial integrity through structured accounting principles. Designed for private use, the system supports multi-user access, allowing independent financial administrations to coexist within a single installation. The platform distinguishes itself through extensive automation and integration capabilities. It features a robust REST JSON API and webhook system that enables programma
Secures access to financial information using OAuth2-based authentication and token validation.
Authentik is a centralized identity and access management platform designed to serve as a unified authentication authority. It enables enterprise single sign-on across diverse applications and services, providing a cloud-native identity provider that manages user sessions and security protocols from a single location. The platform distinguishes itself through a policy-driven flow engine and a visual orchestration interface. This allows administrators to design complex, custom authentication workflows by chaining modular verification stages and conditional logic. These workflows can be further
Defines granular logic rules based on user attributes and environmental conditions to control resource access.
This project provides a framework for managing multi-agent systems, designed to automate complex software development, infrastructure, and business workflows. It functions as a multi-agent workflow orchestrator that routes tasks to domain-specific workers while maintaining state persistence and infrastructure automation. By leveraging large language models, the system decomposes high-level objectives into actionable plans, ensuring that complex operations are executed with consistency and reliability. The framework distinguishes itself through its hierarchical agent registry and policy-driven
Enforces security boundaries by restricting agent tool access based on defined functional roles.
Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private network resources. It functions as a cloud-native network controller that orchestrates encrypted tunnels, traffic routing, and access policies across distributed environments. By leveraging WireGuard for secure data transport, the platform enables authenticated access to internal web applications, terminal sessions, and remote desktops without exposing services to the public internet. The platform distinguishes itself through a declarative infrastructure model that synchronizes n
Applies identity-based authentication and context-aware rules to control user access to network resources.
Claude Code Templates is a comprehensive framework for orchestrating specialized AI agents and automating development workflows within local environments. It provides a structured system for defining, configuring, and deploying AI personas that handle specific technical tasks, ranging from backend architecture and frontend implementation to security auditing and infrastructure management. The project distinguishes itself through a configuration-driven approach that allows teams to standardize development environments and share reusable agent definitions across projects. It includes a robust C
Controls agent capabilities by applying granular allow-lists and read-only constraints to filesystem and shell access.
Cube is a semantic data layer that provides a unified framework for defining business metrics, dimensions, and relationships across diverse data sources. By acting as a headless business intelligence engine, it transforms raw data into a governed model that can be queried via SQL, REST, and GraphQL interfaces. This architecture ensures consistent data definitions and logic across all downstream analytical applications and reporting tools. The platform distinguishes itself through its integrated conversational AI capabilities, which allow users to explore data using natural language. It orches
Defines group-scoped policies to control member visibility, row-level filtering, and data masking within the semantic model.
Casbin is an authorization library designed to manage application access control and permissions through a configurable model-based engine. It serves as a centralized system for verifying whether a user has permission to perform specific actions on a resource. The engine supports multiple access control models, including Role-Based Access Control, Attribute-Based Access Control, and Access Control Lists. It allows for the definition of role hierarchies and the evaluation of user, resource, and environment attributes to make access decisions. The library decouples authorization logic from dat
Implements a configurable model-based engine to determine access permissions based on custom logic.
Teleport is a zero-trust access platform designed to provide secure, identity-based connectivity to servers, databases, and Kubernetes clusters. It functions as a centralized gateway that replaces static credentials with short-lived, identity-bound cryptographic certificates, effectively eliminating the need for traditional VPNs and long-term secret exposure. The platform distinguishes itself by orchestrating access through a unified control plane that maps external identity provider claims to granular, role-based infrastructure permissions. It enforces security through mutual TLS gateways an
Enforces granular security permissions and access restrictions based on centralized role-based authorization policies.
Casbin is an authorization library that provides a model-based engine for enforcing access control across diverse application environments. It decouples authorization logic from application code by using a configuration-driven approach, allowing developers to define access rules and evaluation logic independently. The system supports a wide range of access control models, including role-based, attribute-based, and relationship-based patterns, which are evaluated at runtime to determine if a subject is permitted to perform an action on a resource. The project distinguishes itself through a hig
Decouples authorization logic from application code using a configuration-driven engine that interprets access rules at runtime.
Gun is a decentralized graph database and synchronization engine designed for real-time, peer-to-peer data management. It functions as a JavaScript library that enables applications to maintain consistent state across distributed nodes without relying on a central server. By utilizing conflict-free replicated data types and a gossip protocol, the system ensures that data updates propagate across the network and reconcile automatically. The project distinguishes itself through a focus on decentralized identity and security, utilizing public-key infrastructure to authenticate users and sign dat
Enforces granular read and write permissions on graph data using custom validation and authentication policies.
Parlant is an agentic workflow engine and orchestration framework designed for building conversational AI that adheres to strict behavioral guidelines. It provides a platform for managing multi-turn interactions through state-machine-based logic, allowing developers to define complex, hierarchical conversational flows that can adapt, skip, or revisit steps based on real-time user input. The framework distinguishes itself through its focus on behavioral governance and observability. It enables developers to define precise domain terminology and enforce instruction compliance through prioritize
Overrides default detection mechanisms with user-defined logic to determine guideline relevance during interactions.