# Attribute-Based Access Control Libraries > Search results for `attribute-based access control library for fine-grained rules` on awesome-repositories.com. 117 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/attribute-based-access-control-library-for-fine-grained-rules **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/attribute-based-access-control-library-for-fine-grained-rules).** ## Results - [casbin/casbin](https://awesome-repositories.com/repository/casbin-casbin.md) (19,848 ⭐) — Casbin is an authorization library that provides a model-based engine for enforcing access control across diverse application environments. It decouples authorization logic from application code by using a configuration-driven approach, allowing developers to define access rules and evaluation logic independently. The system supports a wide range of access control models, including role-based, attribute-based, and relationship-based patterns, which are evaluated at runtime to determine if a subject is permitted to perform an action on a resource. The project distinguishes itself through a hig - [kanidm/kanidm](https://awesome-repositories.com/repository/kanidm-kanidm.md) (4,595 ⭐) — Kanidm is a centralized identity management server designed to handle authentication, authorization, and directory services across distributed infrastructure. It provides a comprehensive framework for managing human and service accounts, utilizing a schema-driven database to store identity records, group memberships, and system attributes. The platform supports a wide range of authentication methods, including passkeys, passwords, and standard protocols like OAuth2, OIDC, LDAP, and RADIUS. The system distinguishes itself through a granular access control engine that enforces security policies - [directus/directus](https://awesome-repositories.com/repository/directus-directus.md) (36,030 ⭐) — Directus is a headless content platform that functions as a backend service, automatically generating REST and GraphQL APIs by performing introspection on existing SQL database schemas. It serves as a unified data orchestration layer, decoupling content management from frontend delivery while providing a secure, stateless gateway for database transactions. The platform distinguishes itself through a granular role-based access control engine that enforces security policies at the field level across all API endpoints. It includes a visual, low-code administrative dashboard that allows non-techn - [sysgears/grain](https://awesome-repositories.com/repository/sysgears-grain.md) (161 ⭐) — Grain - [infisical/infisical](https://awesome-repositories.com/repository/infisical-infisical.md) (27,374 ⭐) — Infisical is a centralized secrets management platform designed to store, synchronize, and control access to sensitive credentials and configuration data across distributed development, staging, and production environments. It employs client-side encryption to ensure that secrets remain unreadable to the underlying storage infrastructure, while providing a hierarchical permission model to govern both user and machine access. The platform distinguishes itself through dynamic credential provisioning, which generates short-lived access tokens that are automatically revoked after use. It supports - [anthropics/claude-code](https://awesome-repositories.com/repository/anthropics-claude-code.md) (132,728 ⭐) — Anthropic's terminal-native AI coding agent. - [nirma/attributed](https://awesome-repositories.com/repository/nirma-attributed.md) (750 ⭐) — µframework for Attributed strings. - [openfga/openfga](https://awesome-repositories.com/repository/openfga-openfga.md) (4,793 ⭐) — OpenFGA is a fine-grained authorization server and policy decision point that implements relationship-based access control. It serves as a centralized authorization service for evaluating access requests and managing relationship tuples across distributed microservices and multi-tenant environments. The engine combines relationship graphs with attribute-based access control, using the Common Expression Language to evaluate dynamic runtime attributes and conditional access rules. It handles complex hierarchies and nested permissions by traversing chains of associations and parent-child links t - [oauth2-proxy/oauth2-proxy](https://awesome-repositories.com/repository/oauth2-proxy-oauth2-proxy.md) (14,576 ⭐) — This project is a reverse proxy server that secures internal web services by enforcing authentication against external identity providers. It acts as a gatekeeper for incoming HTTP traffic, validating user identity before forwarding requests to protected backend applications. By integrating with OAuth2 and OIDC providers, the proxy ensures that only authorized users can access internal resources. The proxy distinguishes itself through its flexible session management and granular access control. It maintains authenticated user state across requests using either encrypted client-side cookies or - [calcom/cal.com](https://awesome-repositories.com/repository/calcom-cal-com.md) (45,760 ⭐) — Cal.com is a comprehensive scheduling infrastructure platform designed to manage availability, booking workflows, and calendar synchronization across multiple users and external services. It provides a backend service for automated appointment scheduling, enabling the creation, confirmation, and management of booking lifecycles through a centralized state machine. The platform also offers embeddable user interface components that allow developers to integrate interactive booking experiences directly into third-party websites. What distinguishes the platform is its extensible app ecosystem and - [whyhow-ai/rule-based-retrieval](https://awesome-repositories.com/repository/whyhow-ai-rule-based-retrieval.md) (248 ⭐) — The Rule-based Retrieval package is a Python package that enables you to create and manage Retrieval Augmented Generation (RAG) applications with advanced filtering capabilities. It seamlessly integrates with OpenAI for text generation and Pinecone for efficient vector database management. - [quarto-ext/attribution](https://awesome-repositories.com/repository/quarto-ext-attribution.md) (0 ⭐) — A Revealjs plugin extension for displaying attribution text sideways along the right edge of the viewport. Based on the attribution plugin by @rschmehl. - [langchain-ai/langgraph](https://awesome-repositories.com/repository/langchain-ai-langgraph.md) (34,925 ⭐) — LangGraph is a framework for building stateful, multi-step agentic workflows by modeling application logic as a directed graph. It provides a runtime environment where complex tasks are orchestrated through interconnected nodes and edges, allowing developers to manage state transitions, persistent memory, and control flow across long-running automated processes. The platform distinguishes itself through its native support for human-in-the-loop automation, enabling developers to define breakpoints that pause execution for manual review, modification, or approval. It also features checkpoint-ba - [langchain-ai/deepagents](https://awesome-repositories.com/repository/langchain-ai-deepagents.md) (25,006 ⭐) — Deepagents is an LLM agent orchestration platform and stateful application server designed for deploying and managing AI agents built with computational graphs. It provides a containerized runtime environment that handles agent execution, state persistence, and the versioning of AI assistants. The platform distinguishes itself through deep integration with the Model Context Protocol, allowing agents to function as servers that expose tools and capabilities to external clients. It features a sophisticated observability suite for capturing execution traces, performing LLM-based evaluations agai - [accelerationnet/access](https://awesome-repositories.com/repository/accelerationnet-access.md) (91 ⭐) — A common lisp library to unify access to common dictionary-like data-structures - [cube-js/cube](https://awesome-repositories.com/repository/cube-js-cube.md) (20,251 ⭐) — Cube is a semantic data layer that provides a unified framework for defining business metrics, dimensions, and relationships across diverse data sources. By acting as a headless business intelligence engine, it transforms raw data into a governed model that can be queried via SQL, REST, and GraphQL interfaces. This architecture ensures consistent data definitions and logic across all downstream analytical applications and reporting tools. The platform distinguishes itself through its integrated conversational AI capabilities, which allow users to explore data using natural language. It orches - [apache/gravitino](https://awesome-repositories.com/repository/apache-gravitino.md) (2,866 ⭐) — Gravitino is a federated metadata lake and unified data catalog designed to manage tables, files, and AI models across diverse data sources and cloud storage. It serves as a centralized interface for governing schemas, access controls, and tagging across relational databases, messaging queues, and object stores. The project distinguishes itself by unifying the management of AI assets, such as machine learning models and their version lineages, alongside traditional tabular data. It also implements the Iceberg REST specification to provide a standardized metadata server and proxy for lakehouse - [gam-team/gam](https://awesome-repositories.com/repository/gam-team-gam.md) (4,206 ⭐) — GAM is a command-line tool for administering Google Workspace and Cloud Identity. It translates command-line arguments into structured API calls, enabling administrators to manage users, groups, organizational units, and domain settings across a Google Workspace environment. The tool handles authentication through OAuth2 flows, service accounts, and workload identity federation, and supports multi-tenant configurations for managing multiple domains or cloud projects from a single installation. GAM distinguishes itself through its batch processing and automation capabilities. It can process la - [0ceanslim/grain](https://awesome-repositories.com/repository/0ceanslim-grain.md) (47 ⭐) — Go Relay Architecture for Implementing Nostr 🌾 - [fosrl/pangolin](https://awesome-repositories.com/repository/fosrl-pangolin.md) (21,255 ⭐) — Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private network resources. It functions as a cloud-native network controller that orchestrates encrypted tunnels, traffic routing, and access policies across distributed environments. By leveraging WireGuard for secure data transport, the platform enables authenticated access to internal web applications, terminal sessions, and remote desktops without exposing services to the public internet. The platform distinguishes itself through a declarative infrastructure model that synchronizes n - [jerowork/graphql-attribute-schema](https://awesome-repositories.com/repository/jerowork-graphql-attribute-schema.md) (16 ⭐) — Build your GraphQL schema for webonyx/graphql-php using PHP attributes instead of array-based configuration. - [holms-ur/fine-tuning](https://awesome-repositories.com/repository/holms-ur-fine-tuning.md) (72 ⭐) — Close-Domain fine-tuning for table detection - [teamhanko/hanko](https://awesome-repositories.com/repository/teamhanko-hanko.md) (8,801 ⭐) — Hanko is an open-source identity provider and customer identity and access management system. It serves as a passkey authentication service and an OAuth and SAML SSO gateway, allowing applications to authenticate users and issue tokens via standard identity protocols. The project distinguishes itself through a strong focus on passwordless access using WebAuthn-based passkeys and email-based passcodes. It provides framework-agnostic authentication interfaces as customizable web components that can be embedded directly into web applications to handle login, registration, and profile management. - [authelia/authelia](https://awesome-repositories.com/repository/authelia-authelia.md) (26,785 ⭐) — Authelia is a centralized identity and access management server designed to secure web applications through unified authentication and authorization. It functions as an identity authority that enables single sign-on across diverse platforms, allowing users to access multiple services with a single set of credentials. By acting as a standards-compliant provider, it facilitates secure identity propagation and token issuance for client applications. The platform distinguishes itself through its ability to integrate directly with web gateways as a reverse proxy authentication middleware, intercep - [prefecthq/fastmcp](https://awesome-repositories.com/repository/prefecthq-fastmcp.md) (22,994 ⭐) — FastMCP is a Python framework designed for building servers that expose functions, resources, and prompts to AI models using the Model Context Protocol. It simplifies the development process by automatically deriving tool metadata, input schemas, and documentation directly from Python function signatures and type hints. The framework provides a unified container for managing these components, allowing developers to build modular applications that integrate seamlessly with AI assistants. The project distinguishes itself through its support for interactive, server-defined user interface compone - [insin/control-panel-for-twitter](https://awesome-repositories.com/repository/insin-control-panel-for-twitter.md) (2,540 ⭐) — Browser extension which gives you more control over your Twitter timeline and adds missing features and UI improvements - for desktop and mobile - [base/base-mcp](https://awesome-repositories.com/repository/base-base-mcp.md) (348 ⭐) — A Model Context Protocol (MCP) server that provides onchain tools for LLMs, allowing them to interact with the Base network and Coinbase API. - [crewaiinc/crewai](https://awesome-repositories.com/repository/crewaiinc-crewai.md) (53,687 ⭐) — CrewAI is a multi-agent orchestration framework designed for building autonomous systems that execute complex, multi-step workflows. It provides a development platform where specialized agents are defined with specific roles, goals, and tool sets to perform tasks collaboratively. By leveraging a declarative workflow engine, the system manages task dependencies, state transitions, and execution logic, allowing for the creation of structured, stateful sequences of operations. The framework distinguishes itself through its hierarchical management capabilities, which utilize manager agents to coo - [othmanadi/planning-with-files](https://awesome-repositories.com/repository/othmanadi-planning-with-files.md) (14,139 ⭐) — Planning with files is an enterprise knowledge graph platform designed to transform unstructured organizational data into a searchable, interconnected network. By utilizing a graph-based retrieval-augmented generation engine, the system grounds language model outputs in verified internal data, ensuring that responses are explainable, traceable, and free from hallucinations. The platform distinguishes itself through a focus on data sovereignty and secure, private infrastructure deployment. It enables organizations to maintain full control over sensitive information by processing data locally o - [yusing/godoxy](https://awesome-repositories.com/repository/yusing-godoxy.md) (3,360 ⭐) — Godoxy is a Docker container orchestrator and reverse proxy manager. It provides a centralized system for managing the lifecycle, power states, and resource usage of virtualized containers, while routing HTTP, TCP, and UDP traffic to backend services with automatic route discovery. The project distinguishes itself through an OIDC access control gateway that authenticates users via external identity providers and a resource optimization system that puts idle containers to sleep and wakes them automatically when network requests arrive. It also includes an automatic SSL certificate manager that - [haxefoundation/haxe](https://awesome-repositories.com/repository/haxefoundation-haxe.md) (6,880 ⭐) — Haxe is a statically typed, multi-target programming language and open-source compiler toolkit that translates a single codebase into native executables and scripts for JavaScript, C++, C#, Java, Python, Lua, PHP, and Flash targets. It provides a unified type system with automatic type inference, a compile-time macro system for code transformation and generation, conditional compilation directives, and a static analysis engine that enforces null safety and eliminates dead code to produce smaller, safer outputs. The language is supported by the HashLink virtual machine, which executes platform - [awslabs/opsworks-attribute-customization](https://awesome-repositories.com/repository/awslabs-opsworks-attribute-customization.md) (4 ⭐) — AWS OpsWorks attribute customization example - [yara-rules/rules](https://awesome-repositories.com/repository/yara-rules-rules.md) (4,712 ⭐) — This project is a community-curated repository of YARA rules used to detect malware, webshells, and other malicious patterns in files. It serves as a dataset of signatures for identifying known malware families, software packers, and threat intelligence indicators. The collection provides specialized detection capabilities for identifying exploit kits and anti-analysis evasion techniques, such as anti-debugging and anti-virtualization methods. It also includes signatures for cryptographic algorithm detection and the identification of unauthorized remote administration tools on servers. The r - [dubinc/dub](https://awesome-repositories.com/repository/dubinc-dub.md) (23,722 ⭐) — This project is a comprehensive link management and marketing attribution platform designed for creating, tracking, and analyzing shortened URLs. It functions as a centralized hub for marketing analytics, providing tools to monitor link performance, visualize conversion funnels, and manage affiliate programs through a unified dashboard. The platform distinguishes itself by integrating advanced attribution modeling and partner management directly into the link infrastructure. It supports complex marketing workflows, including automated commission calculations, fraud detection, and payout distr - [octelium/octelium](https://awesome-repositories.com/repository/octelium-octelium.md) (3,371 ⭐) — Octelium is a zero-trust network access platform and identity-aware proxy designed to secure private HTTP, SSH, and SQL resources. It functions as a secure gateway that validates human and workload identities using OIDC, SAML, and FIDO2 passkeys before granting access to internal applications and SaaS APIs. The system is distinguished by its secretless access broker, which injects credentials—such as API keys, passwords, and AWS Sigv4 signatures—at the gateway level so users can access databases and cloud resources without managing secrets. It further specializes in AI gateway administration, - [appsmithorg/appsmith](https://awesome-repositories.com/repository/appsmithorg-appsmith.md) (40,051 ⭐) — Appsmith is a low-code platform designed for building internal business tools, such as operational dashboards and administrative panels. It enables developers to construct dynamic user interfaces by dragging and dropping modular widgets onto a canvas and binding them directly to backend data sources. The platform utilizes a reactive framework that automatically updates interface elements and triggers functions whenever underlying data or widget properties change, eliminating the need for manual event handling. The platform distinguishes itself through a server-side proxy architecture that exe - [tsinghuac3i/intuitive-fine-tuning](https://awesome-repositories.com/repository/tsinghuac3i-intuitive-fine-tuning.md) (30 ⭐) — This repository contains the code for the paper "Intuitive Fine-Tuning: Towards Simplifying Alignment into a Single Process". - [stalniy/casl](https://awesome-repositories.com/repository/stalniy-casl.md) (6,952 ⭐) — CASL is a JavaScript authorization library for defining and enforcing declarative access control rules across both frontend and backend environments. It provides an attribute-based access control system that manages permissions based on user roles and specific object properties. The library is designed for isomorphic access control, allowing a consistent set of permission rules to be shared between a server API and a client interface. It enables the serialization of permission sets as plain data objects to maintain synchronization across these different layers. Its capabilities include trans - [fineuploader/fine-uploader](https://awesome-repositories.com/repository/fineuploader-fine-uploader.md) (8,149 ⭐) — Fine Uploader is a browser file upload widget and manager that provides a frontend interface for transferring multiple files. It functions as a chunked file upload manager and a client-side image processor. The project enables the direct transfer of files to cloud storage providers, specifically Amazon S3 and Microsoft Azure, to reduce the load on application servers. It includes tools for scaling and resizing image dimensions during the upload process to save bandwidth. The system manages large file transfers by splitting them into small pieces, allowing for pause and resume functionality. - [apereo/cas](https://awesome-repositories.com/repository/apereo-cas.md) (11,347 ⭐) — This project is an open-source identity provider and single sign-on platform that centralizes user authentication for multiple web applications and services. It functions as a multi-protocol authentication gateway, verifying user identities and issuing tokens through the CAS protocol as well as industry standards including SAML, OAuth2, and OpenID Connect. The system acts as a federated identity server, allowing authentication to be delegated to external third-party or corporate identity providers. It distinguishes itself through identity attribute governance, which manages which specific use - [agno-agi/agno](https://awesome-repositories.com/repository/agno-agi-agno.md) (40,717 ⭐) — Agno is an agent operating system designed to manage the lifecycle, tool execution, and persistent state of autonomous agents across distributed infrastructure. It provides a unified runtime environment that wraps diverse agent frameworks into a consistent, interoperable protocol, allowing developers to build and deploy complex multi-agent systems that coordinate tasks and delegate sub-processes. The platform distinguishes itself through a robust governance and orchestration layer that includes human-in-the-loop approval gates, role-based access control, and a centralized API gateway. It feat - [josbeir/cakephp-attribute-registry](https://awesome-repositories.com/repository/josbeir-cakephp-attribute-registry.md) (2 ⭐) — A powerful CakePHP plugin for discovering, caching, and querying PHP 8 attributes across your application and plugins. - [langchain-ai/langchain](https://awesome-repositories.com/repository/langchain-ai-langchain.md) (139,458 ⭐) — LangChain is an orchestration framework designed for building, managing, and deploying applications powered by large language models. It provides a unified integration layer that normalizes disparate model provider APIs into a consistent set of primitives, enabling developers to build complex, multi-step AI workflows that manage state, memory, and tool execution. The project distinguishes itself through a durable execution runtime that maintains persistent state across long-running processes by checkpointing progress to external storage. It models agent workflows as directed graphs, allowing - [gofr-dev/gofr](https://awesome-repositories.com/repository/gofr-dev-gofr.md) (21,321 ⭐) — Gofr is a comprehensive framework for building production-ready microservices in Go. It provides a unified toolkit for developing RESTful APIs and gRPC services, offering built-in support for observability, database management, and distributed system communication. The framework distinguishes itself through its focus on developer productivity and system resilience. It automates common backend tasks such as CRUD handler generation, schema-driven code creation, and database migration orchestration, while preventing race conditions in clustered environments. To maintain stability, it includes in - [azuread/microsoft-authentication-library-for-js](https://awesome-repositories.com/repository/azuread-microsoft-authentication-library-for-js.md) (4,084 ⭐) — Microsoft Authentication Library (MSAL) for JS - [ory/keto](https://awesome-repositories.com/repository/ory-keto.md) (5,270 ⭐) — Ory Keto is an open-source authorization server that implements Google Zanzibar’s relationship-based access control model. It stores every access relationship as a tuple in a SQL database and exposes a declarative TypeScript-like namespace language for defining object types, relations, and permissions. The service provides bidirectional permission resolution, configurable consistency levels for checks, and dual gRPC and REST APIs for broad integration. Keto extends the Zanzibar model with edge enforcement of access policies, structured compliance auditing of permission decisions, and infrastr - [toolness/accessible-color-matrix](https://awesome-repositories.com/repository/toolness-accessible-color-matrix.md) (345 ⭐) — An Elm-based prototype to help designers build accessible color palettes. - [strongloop/loopback](https://awesome-repositories.com/repository/strongloop-loopback.md) (13,159 ⭐) — LoopBack is a Node.js API framework used to build RESTful services and backend applications. It functions as a model-driven API generator that automatically maps predefined data models to network endpoints to create standardized web interfaces. The project features a database abstraction layer that unifies access across diverse SQL databases, NoSQL stores, and remote data sources. It includes a backend application scaffolder using command-line generators to automate the creation of project structures and data connectors. Additionally, it provides an API authentication system to manage applica - [huggingface/transformers](https://awesome-repositories.com/repository/huggingface-transformers.md) (161,630 ⭐) — Transformers is a comprehensive library for machine learning that provides a unified interface for training, fine-tuning, and deploying transformer-based models. It supports a wide range of tasks, including text classification, language modeling, question answering, and sequence-to-sequence translation, while offering specialized architectures for both text and vision processing. The framework includes tools for managing the entire model lifecycle, from data preprocessing and tokenization to distributed training and inference. The library features extensive support for model optimization and - [hsluoyz/casbin](https://awesome-repositories.com/repository/hsluoyz-casbin.md) (20,189 ⭐) — Casbin is an authorization library designed to manage application access control and permissions through a configurable model-based engine. It serves as a centralized system for verifying whether a user has permission to perform specific actions on a resource. The engine supports multiple access control models, including Role-Based Access Control, Attribute-Based Access Control, and Access Control Lists. It allows for the definition of role hierarchies and the evaluation of user, resource, and environment attributes to make access decisions. The library decouples authorization logic from dat