# Authorization Policy-as-Code Engines > Search results for `policy-as-code engine for authorization decisions` on awesome-repositories.com. 114 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/policy-as-code-engine-for-authorization-decisions **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/policy-as-code-engine-for-authorization-decisions).** ## Results - [anomalyco/opencode](https://awesome-repositories.com/repository/anomalyco-opencode.md) (175,152 ⭐) — OpenCode is a framework for orchestrating autonomous AI agents within development environments. It provides a multi-tiered architecture where primary assistants manage user interaction while specialized subagents handle specific tasks like planning, research, and code generation. The system includes a comprehensive command-line interface for managing these workflows, configuring agent behavior, and defining custom tools or commands through metadata-rich files. The platform features a modular plugin system and extensive integration support, including standardized protocols for connecting local and remote tool servers. It incorporates a security-focused architecture with granular permission controls, allowing users to define access policies for file operations, shell commands, and web access. These security measures are complemented by enterprise-grade infrastructure options, such as centralized authentication and private registry integration. For developers, the project offers a type-safe SDK for building custom integrations and a RESTful API for programmatic system management. Configuration is handled through a schema-validated system that supports variable injection and multi-file organization. The interface is fully customizable, featuring a theme system for terminal displays and interactive commands for managing model selection and session history. - [open-policy-agent/opa](https://awesome-repositories.com/repository/open-policy-agent-opa.md) (11,860 ⭐) — This project is a unified, cloud-native policy engine designed to decouple authorization and security logic from application codebases. It functions as a centralized authorization service that evaluates structured input data against declarative rules, enabling consistent policy enforcement across microservices, infrastructure, and continuous integration pipelines. The engine utilizes a specialized logic programming language to express complex constraints, which are compiled into an optimized intermediate representation for high-performance evaluation. By supporting both sidecar-based deployment and direct library embedding, it allows for local, low-latency policy checks. The system further distinguishes itself through bundle-based distribution, which synchronizes versioned policy sets across distributed instances to maintain a consistent authorization state at scale. Beyond core evaluation, the platform provides a comprehensive suite of tools for the entire policy lifecycle, including development assistance, linting, testing, and partial evaluation for portable logic execution. It also features robust observability capabilities, such as query execution tracing, performance metrics reporting, and request provenance verification, to ensure transparency and auditability in decision-making. The engine exposes a programmable HTTP interface for real-time authorization queries and supports dynamic data injection to facilitate context-aware decision-making. - [aws/aws-cdk](https://awesome-repositories.com/repository/aws-aws-cdk.md) (12,817 ⭐) — The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It employs a language-agnostic intermediate representation to synthesize these definitions into platform-specific configurations, while supporting aspect-oriented policy injection to apply security and compliance rules across infrastructure definitions during the synthesis phase. Beyond core provisioning, the project provides a modular component registry for distributing and reusing pre-configured infrastructure building blocks. It supports multi-account orchestration, allowing for the deployment of consistent resource sets across different regions and accounts from a single template, and includes capabilities for detecting infrastructure drift to ensure deployed environments remain aligned with their defined state. The project is distributed as a software development kit, providing programmatic interfaces to manage the full lifecycle of cloud resources and integrate infrastructure definitions directly into application codebases. - [backstage/backstage](https://awesome-repositories.com/repository/backstage-backstage.md) (33,679 ⭐) — Backstage is an open-source framework for building internal developer portals. It provides a centralized, metadata-driven software catalog that tracks ownership, dependencies, and lifecycle status for all technical assets by harvesting configuration files directly from version control systems. The platform is built on a plugin-based modular architecture, allowing teams to extend core functionality through isolated, independently deployable modules that integrate into a unified frontend and backend ecosystem. The project distinguishes itself through its focus on developer productivity and standardized workflows. It includes a template-driven scaffolding engine that automates the creation of new software projects, ensuring consistent architecture and best practices across teams. The platform also features granular, policy-based access control and secure proxy routing, which manage authentication and protect sensitive internal resources while aggregating infrastructure tools and documentation into a single, searchable interface. Beyond its core catalog and scaffolding capabilities, the platform supports a wide range of operational needs, including infrastructure monitoring, technical documentation management, and automated notification delivery. It provides standardized patterns for custom plugin development, testing, and interface composition, enabling organizations to tailor the portal to their specific requirements. The system is designed to be extensible, with support for AI integration, usage analytics, and interface localization to accommodate diverse organizational needs. - [datahub-project/datahub](https://awesome-repositories.com/repository/datahub-project-datahub.md) (12,141 ⭐) — DataHub is a metadata management platform designed to unify technical, operational, and business context across diverse data ecosystems. By utilizing a graph-based metadata model and an event-driven ingestion architecture, it creates a centralized source of truth that maps complex data relationships, lineage, and ownership. This foundational framework enables organizations to maintain a synchronized view of their data landscape, supporting both human-led discovery and automated data operations. The platform distinguishes itself through its focus on grounding artificial intelligence and autonomous agents in verified enterprise context. It provides specialized capabilities to inject provenance-aware lineage, business definitions, and quality signals into AI prompts, ensuring that generated insights are accurate and trustworthy. Through a policy-as-code governance engine, it enforces access controls and compliance rules directly within the metadata graph, allowing for programmatic oversight of data assets across hybrid environments. Beyond its core identity, the project offers a comprehensive suite of tools for data discovery, observability, and lifecycle management. It includes features for automated lineage extraction, impact analysis, and semantic search, enabling users to navigate data dependencies and resolve quality issues efficiently. The platform also supports collaborative workflows, allowing teams to manage business glossaries, certify data assets, and automate access requests through integrated communication channels. DataHub is built to scale, utilizing a distributed architecture that allows storage, search, and graph processing layers to operate independently. It provides standardized interfaces and a bridge-based connector framework to facilitate integration with heterogeneous data sources and external AI agent frameworks. - [cert-manager/cert-manager](https://awesome-repositories.com/repository/cert-manager-cert-manager.md) (13,578 ⭐) — This project is a Kubernetes controller that automates the issuance, renewal, and lifecycle management of TLS certificates. It functions as a native extension to the cluster API, using custom resource definitions and reconciliation loops to maintain the desired state of certificates and trust bundles across distributed services. By integrating directly with the cluster's admission control and secret storage systems, it ensures that cryptographic identities are consistently provisioned and available for application workloads. The project distinguishes itself through its extensive support for automated domain validation and multi-provider integration. It orchestrates complex challenge processes—including those for private or split-horizon networks—to prove domain ownership without manual intervention. Beyond standard certificate management, it provides granular policy enforcement, allowing administrators to restrict issuance permissions, delegate certificate requests to specific service accounts, and enforce security requirements through custom metadata and issuer configurations. The platform covers a broad capability surface for securing network traffic and service communication. It supports diverse issuance workflows, ranging from public certificate authorities and ACME-based automation to private internal PKI infrastructures. The system also includes robust observability tools, such as operational metrics and status inspection, alongside administrative features for managing resource configurations, performing API migrations, and scaling controller components for high-availability environments. Installation and management are facilitated through standard cluster deployment workflows, with comprehensive command-line tools available for troubleshooting, configuration export, and lifecycle verification. - [jfrolich/authorize](https://awesome-repositories.com/repository/jfrolich-authorize.md) (100 ⭐) — Rule based authorization for Elixir - [emotion-js/emotion](https://awesome-repositories.com/repository/emotion-js-emotion.md) (18,017 ⭐) — This project is a styling library and framework designed for component-based architectures, enabling developers to define and manage visual styles directly within JavaScript or TypeScript. It functions as a styling engine that generates unique class names from style definitions, ensuring encapsulated, predictable, and maintainable visual presentation across applications. By integrating with component logic, it allows for the creation of reusable UI elements with styles defined through template literals or object syntax. The library distinguishes itself through a comprehensive suite of build-time and runtime capabilities that extend beyond basic styling. It supports dynamic theme propagation through the component tree, allowing for consistent design token management, and provides advanced server-side rendering support by extracting and serializing styles for initial page loads. Furthermore, it includes specialized tooling for performance optimization, such as critical CSS management, dead code elimination, and build-time style transformations, alongside security features like content security policy nonce injection for dynamically generated styles. Beyond its core styling primitives, the project offers a robust ecosystem for managing complex design systems. This includes responsive design utilities, global style management, and extensive configuration options for style injection and debugging. The library also provides automated tools for code migration, style usage validation, and standards enforcement to maintain consistency across large-scale projects. Comprehensive documentation and installation instructions are available in the repository, which also provides utilities for source-mapped debugging and style serialization to assist in development and testing workflows. - [anasoid/jmeter-as-code](https://awesome-repositories.com/repository/anasoid-jmeter-as-code.md) (0 ⭐) — An API that give access to full Jmeter feature as code, All designed object in GUI can be written as code. - [casbin/casbin](https://awesome-repositories.com/repository/casbin-casbin.md) (19,848 ⭐) — Casbin is an authorization library that provides a model-based engine for enforcing access control across diverse application environments. It decouples authorization logic from application code by using a configuration-driven approach, allowing developers to define access rules and evaluation logic independently. The system supports a wide range of access control models, including role-based, attribute-based, and relationship-based patterns, which are evaluated at runtime to determine if a subject is permitted to perform an action on a resource. The project distinguishes itself through a highly modular architecture that includes adapter-based storage abstraction, enabling the engine to connect to various persistent backends for policy management. It supports complex, context-aware policy execution by allowing developers to inject custom functions for domain-specific matching and validation. Furthermore, the engine handles hierarchical role resolution and provides mechanisms for aggregating multiple policy outcomes, such as allow-override or deny-override, to resolve conflicting permissions. The platform covers a broad capability surface, including middleware integration for web frameworks, API gateways, and service mesh architectures. It offers extensive tooling for policy administration, observability, and performance optimization, such as result caching and asynchronous execution. The system also supports multi-tenancy through domain-aware authorization and provides programmatic interfaces for automating policy updates and lifecycle management. The library is designed for integration into existing stacks, offering middleware components and support for distributed deployments to ensure consistent authorization state across multiple service instances. - [eyaltoledano/claude-task-master](https://awesome-repositories.com/repository/eyaltoledano-claude-task-master.md) (27,567 ⭐) — This project is an autonomous, multi-model orchestrator designed to manage the full software development lifecycle through a command-line interface. It functions as an intelligent agent that decomposes high-level product goals into actionable, prioritized subtasks, manages dependency graphs, and executes development cycles. By automating requirement parsing, technical research, and task tracking, it maintains project alignment and momentum throughout the implementation process. The system distinguishes itself through a provider-agnostic abstraction layer that allows users to assign specific artificial intelligence models to primary, research, or fallback roles. It supports both cloud-based services for broad reasoning capabilities and local model execution to ensure data privacy and offline functionality. Furthermore, the platform integrates live web research directly into the task management workflow, enabling agents to generate complexity scores and validate technical decisions against current industry patterns before writing code. Beyond core orchestration, the tool provides a comprehensive framework for managing task metadata, parallel workstreams, and team collaboration. It includes features for real-time task monitoring, automated documentation generation, and integration with development environments through standardized communication protocols and editor extensions. The system is configured via local environment files, which handle secure credential management and allow for the optimization of active tools to balance context window usage. - [crowdsecurity/crowdsec](https://awesome-repositories.com/repository/crowdsecurity-crowdsec.md) (12,574 ⭐) — CrowdSec is a collaborative, distributed security engine designed for threat detection and infrastructure protection. It functions as an intrusion detection system that parses logs and network traffic to identify malicious patterns, utilizing a bucket-based threshold detection model to aggregate events and trigger alerts. The platform is built on a modular architecture that includes a centralized local API server for managing security signals and a relational database for persistent storage of remediation decisions. What distinguishes the project is its decoupled enforcement model, which offloads active blocking to lightweight external components known as bouncers. These bouncers query the central API to synchronize threat intelligence and apply real-time remediation across distributed environments. The system also features a hub-based configuration management framework, allowing users to download and deploy community-curated security scenarios, parsers, and collections to ensure consistent protection against evolving threats. The platform provides a comprehensive suite of tools for security operations, including automated log parsing pipelines, event-driven plugin systems for notification workflows, and extensive command-line utilities for infrastructure management. It supports flexible deployment patterns across standalone, containerized, and cloud-native environments, enabling centralized orchestration of security agents and fleet-wide monitoring of threat activity. The project includes a robust documentation and command-line interface that facilitates the lifecycle management of security components, from initial service discovery and configuration to the validation of detection logic and the auditing of active security policies. - [google-gemini/gemini-cli](https://awesome-repositories.com/repository/google-gemini-gemini-cli.md) (105,341 ⭐) — This project provides a command-line interface for managing autonomous agent workflows, task orchestration, and system-level automation. It includes a comprehensive framework for defining agent skills, managing persistent memory, and delegating tasks to specialized subagents. Users can configure complex planning modes, execute shell commands with safety constraints, and integrate external tools through standardized protocols. The platform supports non-interactive execution via a headless mode and provides an event-driven hook framework for custom lifecycle automation. It features centralized configuration for model routing, system prompts, and cost management, alongside a modular extension system for adding custom commands and capabilities. The interface also includes diagnostic tools, file system management utilities, and repository-level automation for maintenance tasks. - [cakephp/authorization](https://awesome-repositories.com/repository/cakephp-authorization.md) (0 ⭐) — Authorization stack for the CakePHP framework. - [vercel-labs/agent-browser](https://awesome-repositories.com/repository/vercel-labs-agent-browser.md) (36,203 ⭐) — This project is an agentic framework designed to enable autonomous web navigation and browser automation. It functions as a controller that translates natural language instructions into deterministic browser actions, allowing agents to interact with websites, perform data extraction, and manage complex authentication flows. By leveraging accessibility trees and semantic element resolution, the framework mimics human-like navigation, moving beyond brittle DOM selectors to interact reliably with modern web interfaces. The framework distinguishes itself through its focus on secure, scalable execution and deep observability. It provides a unified abstraction layer for managing browser instances, whether they are running locally, in containerized environments, or via remote cloud infrastructure. To ensure security and consistency, it utilizes microVM-based isolation and policy-driven gating, which allows developers to enforce human-in-the-loop verification for sensitive operations and maintain strict resource constraints during automated sessions. Beyond core navigation, the project offers a comprehensive suite of tools for managing long-running workflows and debugging agent behavior. It supports persistent session management to maintain authentication states across tasks, alongside advanced observability features like real-time viewport streaming, performance profiling, and network traffic inspection. These capabilities allow for the monitoring of agent activity and the diagnosis of complex interactions within dynamic web applications. The framework is designed for programmatic integration, providing a flexible interface to connect with external AI assistants and automated systems. It includes extensive support for configuring browser environments, injecting custom scripts, and handling complex page states, making it suitable for both exploratory testing and production-grade automation tasks. - [calcom/cal.com](https://awesome-repositories.com/repository/calcom-cal-com.md) (45,760 ⭐) — Cal.com is a comprehensive scheduling infrastructure platform designed to manage availability, booking workflows, and calendar synchronization across multiple users and external services. It provides a backend service for automated appointment scheduling, enabling the creation, confirmation, and management of booking lifecycles through a centralized state machine. The platform also offers embeddable user interface components that allow developers to integrate interactive booking experiences directly into third-party websites. What distinguishes the platform is its extensible app ecosystem and intelligent automation capabilities. Developers can build custom integrations using a modular plugin architecture, while an AI-driven interface allows for complex scheduling operations and configuration updates via natural language commands. The system includes a sophisticated event routing engine that automatically assigns meetings to hosts based on availability, round-robin rules, and organizational hierarchy, supported by real-time webhook orchestration to keep external systems synchronized. The platform covers a broad capability surface including CRM data synchronization, granular role-based access control, and secure OAuth-based integration management. It supports advanced booking configurations, such as prefilling form data and monitoring state changes, alongside specialized tools for Salesforce connectivity, including assignment traceability and fuzzy account matching. Users can also leverage local or remote server hosting options to maintain control over their infrastructure and security configurations. - [zhendong-wang/diffusion-policies-for-offline-rl](https://awesome-repositories.com/repository/zhendong-wang-diffusion-policies-for-offline-rl.md) (0 ⭐) — Diffusion Policies as an Expressive Policy Class for Offline Reinforcement Learning Zhendong Wang, Jonathan J Hunt and Mingyuan Zhou https://arxiv.org/abs/2208.06193 - [denoland/deno](https://awesome-repositories.com/repository/denoland-deno.md) (107,110 ⭐) — Deno is a high-performance runtime for JavaScript and TypeScript that prioritizes security and developer productivity. Built on the V8 engine, it provides a secure execution environment that enforces a default-deny security model, requiring explicit user authorization for access to system resources like the file system, network, and environment variables. The runtime natively supports modern web-standard APIs, ensuring consistent behavior and portability across different environments. What distinguishes Deno is its integrated approach to the software development lifecycle. It bundles essential utilities—including a formatter, linter, test runner, and dependency manager—directly into the runtime, eliminating the need for external build tools or complex transpilation steps. The platform features a universal module resolution system that supports remote HTTPS URLs, local paths, and standard package registries, all backed by lockfiles to ensure build determinism and supply chain security. Beyond its core runtime capabilities, Deno includes a built-in, persistent key-value database engine that supports atomic transactions and reactive data monitoring. It also provides a robust compatibility layer for the Node.js ecosystem, allowing for the seamless execution of legacy modules and native binary addons. For multi-tenant or distributed applications, the runtime offers isolated sandbox environments that manage resource constraints and security boundaries, facilitating secure code execution in shared infrastructure. The project is distributed as a single binary, providing a unified toolchain for managing dependencies, executing tasks, and configuring runtime security policies. - [authelia/authelia](https://awesome-repositories.com/repository/authelia-authelia.md) (26,785 ⭐) — Authelia is a centralized identity and access management server designed to secure web applications through unified authentication and authorization. It functions as an identity authority that enables single sign-on across diverse platforms, allowing users to access multiple services with a single set of credentials. By acting as a standards-compliant provider, it facilitates secure identity propagation and token issuance for client applications. The platform distinguishes itself through its ability to integrate directly with web gateways as a reverse proxy authentication middleware, intercepting requests to validate user identity before granting access to protected resources. It enforces granular access control policies and provides robust multi-factor authentication, supporting various verification methods such as hardware security keys, mobile push notifications, and time-based one-time passwords. To maintain consistency across distributed environments, it utilizes stateless session management via encrypted cookies. Authelia offers a flexible integration surface, featuring a pluggable backend that supports multiple external directory services like LDAP alongside internal database options. Its configuration is managed through a declarative, version-controlled YAML schema, which can be further automated using environment variables. The project provides comprehensive command-line tooling for policy validation and configuration management, with native support for deployment in containerized and orchestrated environments. - [jparise/flake8-author](https://awesome-repositories.com/repository/jparise-flake8-author.md) (0 ⭐) — Flake8 author Checker - [quarkusio/quarkus](https://awesome-repositories.com/repository/quarkusio-quarkus.md) (15,479 ⭐) — Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative programming, allowing developers to mix non-blocking, event-driven logic with traditional blocking code. It features a specialized dependency injection container optimized for build-time resolution and supports virtual thread concurrency to improve throughput in high-concurrency environments. Its container-native lifecycle management ensures seamless integration with cloud infrastructure, providing automated health monitoring and service orchestration. Quarkus covers a broad capability surface, including comprehensive support for RESTful web services, event-driven messaging, and secure identity management. It integrates with standard enterprise specifications and provides extensive tooling for automated infrastructure provisioning, distributed tracing, and observability. The platform also includes a developer-focused dashboard and live-coding capabilities to streamline the development lifecycle. The project provides extensive documentation and a modular extension system that allows developers to add features while maintaining native compatibility. It is designed to be installed and managed through standard build automation tools, supporting a wide range of deployment targets including serverless functions and managed Kubernetes clusters. - [coder/code-server](https://awesome-repositories.com/repository/coder-code-server.md) (78,024 ⭐) — This project provides a remote development platform that enables users to access a full-featured integrated development environment through a standard web browser. By decoupling the user interface from the server-side filesystem, it allows for persistent coding workspaces to be hosted on remote servers, virtual machines, or cloud-native infrastructure, ensuring a consistent development experience from any device. The platform distinguishes itself through a secure gateway architecture that manages traffic, authentication, and encryption at the edge. It utilizes persistent WebSocket connections to synchronize editor state and terminal input-output between the remote server and the browser. Furthermore, it includes built-in service proxying capabilities that allow developers to expose locally running web applications via secure subdomains or subpaths, complete with integrated identity verification and traffic management. To support diverse infrastructure requirements, the system offers flexible deployment options including containerized environments and automated provisioning workflows. It maintains state continuity through filesystem-mounted persistence, ensuring that configurations and project data remain intact across restarts. The platform also enforces network security by managing TLS certificates for HTTPS traffic and providing integration layers for external authentication providers. Installation is supported across various host architectures through shell scripts, package managers, or standalone archives, with built-in utilities for managing the application lifecycle. - [encoredev/encore](https://awesome-repositories.com/repository/encoredev-encore.md) (12,049 ⭐) — Encore is a distributed systems framework designed to unify backend development, infrastructure provisioning, and observability. It functions as an infrastructure-as-code platform that allows developers to define cloud resources, databases, and messaging topics directly within their application code. By analyzing these declarations at compile-time, the system automatically manages the deployment of cloud resources and security policies, ensuring parity between local development and production environments. The platform distinguishes itself through its integrated development experience, which includes a local workspace that mirrors production infrastructure to facilitate testing and debugging. It provides automated AI-assisted development tools that leverage application metadata and runtime telemetry to aid in code generation and performance analysis. Furthermore, the framework enforces architectural standards and automates the creation of ephemeral, production-like environments for every pull request, streamlining the validation process before deployment. Beyond its core orchestration capabilities, the framework includes a comprehensive suite for building type-safe APIs and event-driven services. It handles the complexities of service communication, including automated client library generation, request validation, and distributed tracing instrumentation. The system also incorporates robust security primitives, such as identity token validation, secret management, and automated traffic control, to support the development of secure, scalable backend architectures. - [google/yggdrasil-decision-forests](https://awesome-repositories.com/repository/google-yggdrasil-decision-forests.md) (660 ⭐) — A library to train, evaluate, interpret, and productionize decision forest models such as Random Forest and Gradient Boosted Decision Trees. - [kanidm/kanidm](https://awesome-repositories.com/repository/kanidm-kanidm.md) (4,595 ⭐) — Kanidm is a centralized identity management server designed to handle authentication, authorization, and directory services across distributed infrastructure. It provides a comprehensive framework for managing human and service accounts, utilizing a schema-driven database to store identity records, group memberships, and system attributes. The platform supports a wide range of authentication methods, including passkeys, passwords, and standard protocols like OAuth2, OIDC, LDAP, and RADIUS. The system distinguishes itself through a granular access control engine that enforces security policies based on user, group, and resource attributes. It incorporates advanced security features such as privilege access mode enforcement, which requires reauthentication for sensitive operations, and high-privilege group tainting to prevent lateral movement. Administrators can delegate management tasks for specific entries or groups, ensuring that permissions remain tightly scoped while maintaining operational flexibility. Beyond core identity functions, the platform includes robust tools for system maintenance, including automated backup scheduling, database consistency verification, and multi-node replication to ensure high availability. It also provides deep integration with host operating systems through pluggable authentication modules and supports infrastructure access provisioning by managing SSH keys and POSIX attributes. The project provides a suite of command-line utilities for administrative tasks, session management, and server configuration. Documentation and installation resources are available to guide the deployment of the server and its associated client tools. - [goauthentik/authentik](https://awesome-repositories.com/repository/goauthentik-authentik.md) (22,035 ⭐) — Authentik is a centralized identity and access management platform designed to serve as a unified authentication authority. It enables enterprise single sign-on across diverse applications and services, providing a cloud-native identity provider that manages user sessions and security protocols from a single location. The platform distinguishes itself through a policy-driven flow engine and a visual orchestration interface. This allows administrators to design complex, custom authentication workflows by chaining modular verification stages and conditional logic. These workflows can be further refined with granular access policies that evaluate user attributes and environmental conditions, ensuring that security requirements are met through flexible, logic-based rules rather than static configurations. Beyond core authentication, the system supports infrastructure-wide automation through declarative blueprints and container-based deployment models. It includes comprehensive tools for user account management, background task scheduling, and system monitoring, all accessible via a centralized administrative dashboard. The platform is designed for high availability and scalability, allowing for integration with external databases and various cloud-native environments. The software is distributed as a containerized service, with installation supported through standard package managers and configuration templates. - [tensorflow/decision-forests](https://awesome-repositories.com/repository/tensorflow-decision-forests.md) (694 ⭐) — A collection of state-of-the-art algorithms for the training, serving and interpretation of Decision Forest models in Keras. - [diem/diem](https://awesome-repositories.com/repository/diem-diem.md) (16,678 ⭐) — Diem is a distributed ledger technology platform designed for the development of decentralized applications and the execution of programmable financial transactions. It provides a comprehensive framework for operating validator nodes that maintain ledger integrity through a Byzantine fault-tolerant consensus protocol, ensuring consistent state updates across a distributed network of participants. The platform distinguishes itself through a modular node architecture that decouples consensus, execution, and storage to facilitate scalability and maintenance. It utilizes a resource-oriented virtual machine and a type-safe smart contract engine that enforces strict ownership rules, specifically designed to prevent common financial vulnerabilities during the processing of digital assets. The system supports a broad range of capabilities, including the integration of financial services such as digital wallets and merchant storefronts via a standardized remote procedure call interface. By organizing ledger history into cryptographic hashes, the platform enables efficient verification of state and historical transactions, providing a secure environment for defining custom logic and automated financial operations. - [modelcontextprotocol/servers](https://awesome-repositories.com/repository/modelcontextprotocol-servers.md) (87,320 ⭐) — The Model Context Protocol is a standardized communication framework designed to connect language models to external data sources, functional tools, and interactive user interfaces. It provides a vendor-neutral interface layer that enables AI hosts to discover and execute capabilities across heterogeneous service environments, using a JSON-RPC based messaging standard to facilitate bidirectional communication between clients and servers. The protocol distinguishes itself through a robust capability-based handshake that negotiates feature sets during session initialization, ensuring compatibility and supporting graceful degradation when client and server capabilities are mismatched. It enforces security through a mediation framework that manages isolated connections, implements least-privilege access controls, and provides standardized authorization flows. By executing server instances as independent, host-managed processes, the protocol maintains strict security boundaries while allowing for modular growth through a defined lifecycle for protocol extensions. Beyond its core messaging and security primitives, the protocol covers a broad range of integration needs, including structured resource access, schema-defined tool invocation, and parameterized prompt templates. It supports advanced interaction patterns such as asynchronous task management with durable handles, interactive UI rendering, and dynamic user input elicitation. The ecosystem also includes developer tooling for session management, server metadata discovery, and diagnostic inspection to assist in the integration of local and remote services. - [jam3/math-as-code](https://awesome-repositories.com/repository/jam3-math-as-code.md) (0 ⭐) - [open-policy-agent/conftest](https://awesome-repositories.com/repository/open-policy-agent-conftest.md) (3,128 ⭐) — Conftest is a suite of tools designed for validating structured configurations, testing policy logic, and generating policy documentation. It serves as a configuration file validator that checks YAML, JSON, and Helm charts for security violations and compliance issues using declarative rules. The project functions as an Open Policy Agent testing tool, allowing structured configuration files to be validated against custom policies written in Rego. It includes a policy-as-code testing framework to ensure policy logic is correct and a utility to extract metadata from Rego code to create static markdown reference files. The tool provides capabilities for infrastructure-as-code testing, configuration compliance auditing, and integration into CI/CD pipelines to block non-compliant changes. It supports executing policy validations within containerized environments to maintain consistency across different host operating systems. - [casdoor/casdoor](https://awesome-repositories.com/repository/casdoor-casdoor.md) (13,814 ⭐) — Casdoor is a centralized identity and access management platform that functions as an OAuth 2.0 authorization server. It provides a comprehensive suite of services for managing user identities, authentication sessions, and access policies across both web and machine-to-machine applications. Built with a decoupled frontend-backend architecture in Go, the platform supports high-concurrency environments and offers a web-based management interface for administrative tasks. The platform distinguishes itself through its extensive support for federated identity management, allowing integration with external providers via OIDC, SAML, and LDAP. It enforces granular security through role-based access control, scope-based permission validation, and hardware-backed authentication methods like WebAuthn. Beyond standard identity services, it includes specialized infrastructure for managing AI agent lifecycles, monitoring agent traffic, and securing tool access through delegated authentication. The system provides a broad capability surface that includes observability and audit logging, event-driven webhook notifications, and automated session management. It also offers developer-focused tools such as CLI-based authentication flows, secure token storage, and software development kits for integrating identity verification into external services. The platform is designed for flexible deployment, supporting configuration via JSON-based data initialization and providing APIs for querying system status and version information. - [goabstract/marketing-for-engineers](https://awesome-repositories.com/repository/goabstract-marketing-for-engineers.md) (13,153 ⭐) — Marketing-for-Engineers is a product marketing resource library and bootstrapping guide designed for software engineers. It serves as an operational manual for independent creators to start, fund, and manage a sustainable internet business. The project provides a customer acquisition playbook and a growth hacking toolkit, focusing on validating product-market fit and automating marketing workflows. It includes a content marketing framework that covers SEO, audience research, and distribution channels to convert readers into users. The library covers a broad range of capability areas, including SaaS pricing and metrics, market and user research, and product launch planning. It also provides guidance on social media strategy, email lifecycle automation, and B2B outreach. - [gyoogle/tech-interview-for-developer](https://awesome-repositories.com/repository/gyoogle-tech-interview-for-developer.md) (17,417 ⭐) — This project is a comprehensive technical interview preparation resource and computer science interview guide. It serves as an educational reference for developers to study core software engineering fundamentals and common coding patterns required for employment screenings. The repository provides detailed guides and references covering data structures and algorithms, networking and security, operating systems, and web development. It specifically focuses on the implementation and complexity analysis of sorting, searching, and graph algorithms. The material encompasses a wide breadth of computer science domains, including software engineering principles like SOLID and design patterns, language fundamentals across Java, C, and C++, and system architecture. It also covers database design and scaling, concurrency and multithreading, and frontend development lifecycles. The project is primarily written in Java and is structured as a knowledge base for mastering technical interviews. - [elevenlabs/elevenlabs-python](https://awesome-repositories.com/repository/elevenlabs-elevenlabs-python.md) (2,873 ⭐) — This Python SDK provides a comprehensive toolkit for synthetic audio generation, voice cloning, and the development of conversational AI agents. It enables the creation of lifelike spoken audio from text, the replication of human voices through custom cloning, and the deployment of real-time voice agents capable of interacting with external large language models. The library distinguishes itself through deep integration of conversational AI capabilities, including the design of agent personas and the execution of real-time actions via APIs. It supports professional-grade audio production through a variety of specialized tools for multilingual dubbing, studio-quality music generation, and high-fidelity sound effects. The SDK covers a broad surface of speech and media processing, including real-time audio streaming via WebSockets, speech-to-text transcription with speaker diarization, and the synchronization of audio with visual elements. It also provides utilities for monitoring generation costs and managing agent security through response guardrails and access controls. - [modelcontextprotocol/modelcontextprotocol](https://awesome-repositories.com/repository/modelcontextprotocol-modelcontextprotocol.md) (8,458 ⭐) — Model Context Protocol is a standardized framework for connecting large language models to external data sources and executable tools. It enables the creation of a universal interface where servers expose tools, resources, and prompts that can be discovered and utilized by various AI clients. The protocol utilizes a JSON-RPC message system that is transport-agnostic, supporting both standard input/output for local processes and HTTP with server-sent events for remote connections. It emphasizes security and control by delegating model sampling to the client to keep API keys secure from servers and requiring explicit user approval for tool execution on local systems. The system covers broad capabilities including agentic workflow orchestration, URI-based resource mapping for filesystem and database access, and the delivery of interactive HTML-based user interfaces. It also includes comprehensive support for asynchronous task management, enterprise identity integration via OAuth and SSO, and a registry system for server discovery and versioning. The project provides client and server SDKs, alongside automated scaffolding tools for generating project structures and server boilerplate. - [colinhacks/zod](https://awesome-repositories.com/repository/colinhacks-zod.md) (43,036 ⭐) — Zod is a TypeScript-first schema declaration and validation library designed to ensure end-to-end data integrity. It functions as a runtime type guard, allowing developers to define complex data structures through a declarative, chainable syntax. By using these schema definitions, the library automatically derives static TypeScript types, eliminating the need for manual type duplication and ensuring that runtime data matches expected application contracts. The library distinguishes itself through functional schema composition, which enables the creation of hierarchical structures by nesting and chaining reusable primitives. It supports bidirectional transformation logic, allowing for the definition of custom encode and decode functions that maintain strict type integrity during data processing. Furthermore, Zod provides a tree-shakable interface that minimizes bundle size by allowing bundlers to exclude unused validation logic, while its support for recursive schema resolution handles complex, self-referential data structures at runtime. Beyond core validation, the project offers a comprehensive suite of tools for managing data pipelines, including support for custom error handling, metadata-driven schema registries, and automated documentation generation. It integrates into broader development workflows by facilitating form state validation, mock data generation, and seamless interoperability with existing JSON Schema definitions. - [lisadziuba/marketing-for-engineers](https://awesome-repositories.com/repository/lisadziuba-marketing-for-engineers.md) (13,153 ⭐) — Marketing-for-Engineers is a curated knowledge base and set of conceptual guides designed to help developers implement growth strategies, product marketing, and user acquisition methods. It serves as a structured resource for learning how to acquire initial users and scale digital products. The project provides specific frameworks for content marketing, user acquisition strategies, and marketing automation. It includes guides for creating search engine optimized articles, executing cold outreach, and utilizing influencer partnerships to gain traction. The repository covers a broad range of growth capabilities, including market research through competitor analysis, the design of pricing models and monetization tiers, and the implementation of conversion rate optimization. It also details tactical execution for social media management, community engagement in niche forums, and the setup of automated lifecycle email sequences. - [apify/crawlee](https://awesome-repositories.com/repository/apify-crawlee.md) (24,002 ⭐) — Crawlee is a web scraping framework designed for building scalable, reliable, and distributed data extraction pipelines. It provides a unified interface for managing headless browser automation and lightweight HTTP requests, allowing developers to handle complex web navigation, dynamic content rendering, and large-scale data collection within a single, modular architecture. The project distinguishes itself through its resource-aware concurrency controller, which dynamically scales task execution based on real-time CPU and memory usage to prevent host machine exhaustion. It also features a robust session-based fingerprint isolation system that manages unique browser contexts, TLS fingerprints, and proxy rotation to mimic human behavior and bypass anti-bot protections. These capabilities are supported by a persistent request queueing system that ensures crawl operations can survive process restarts and resume from their last state. The framework offers a comprehensive suite of tools for the entire scraping lifecycle, including event-driven lifecycle hooks for custom logic, a middleware-based request pipeline for handling authentication and data transformation, and a pluggable storage backend interface that decouples data persistence from application logic. It supports advanced automation tasks such as AI-driven navigation, sitemap discovery, and multi-engine browser orchestration, while providing extensive observability through performance metrics, error snapshots, and configurable logging. The project is implemented in TypeScript and provides a command-line interface for scaffolding, managing, and deploying scraping projects to cloud or serverless environments. - [authzed/spicedb](https://awesome-repositories.com/repository/authzed-spicedb.md) (6,781 ⭐) — SpiceDB is a distributed permission store and relationship-based access control system. It provides a scalable database for storing and querying fine-grained authorization relationships, implementing a consistency model inspired by Google Zanzibar to manage access rights across large-scale applications. The system uses a dedicated schema language to define the rules and logic governing how relationships translate into permissions independently of application code. It functions as a pluggable authorization engine that persists relationship tuples in external relational databases such as PostgreSQL, MySQL, or Spanner. The platform covers a broad range of capabilities including authorization schema management, recursive permission evaluation, and the ability to query access data via SQL. It includes infrastructure for managing data lifecycles through relationship expiration and garbage collection, as well as performance optimizations using set theory for query planning and read-replica request routing. The project can be deployed via containers and supports telemetry export for observability. - [experience-monks/math-as-code](https://awesome-repositories.com/repository/experience-monks-math-as-code.md) (15,482 ⭐) — This project is a mathematics programming pattern library and translation guide designed to map academic mathematical symbols and formulas into programmable logic. It serves as a reference for converting complex notations into software implementations. The resource provides mapping guides for translating calculus, linear algebra, and set theory into iterative loops, functional code, and boolean expressions. It includes specific patterns for implementing piecewise functions, matrix operations, and standard mathematical operators using conditional logic and built-in language functions. The library covers a broad range of capabilities including the conversion of summation and derivative symbols into loops, the translation of vector and matrix notations for dot products and Euclidean norms, and the mapping of set membership constraints to data structures. - [microsoft/code-with-engineering-playbook](https://awesome-repositories.com/repository/microsoft-code-with-engineering-playbook.md) (2,608 ⭐) — This project is a software engineering playbook providing a collection of standardized guidelines and processes for managing the full software development lifecycle and team operations. It serves as a high-level framework for organizing agile project management, API design, containerized development standards, and markdown documentation workflows. The framework establishes a system for language-agnostic API design to automate client library generation and documentation. It also defines standards for providing uniform contributor environments and toolchains through virtualized containers. The playbook covers a broad range of engineering operations, including agile workflow management, software defect tracking, and technical governance. It details processes for architecture decision records, engineering practice standardization, and the use of version-controlled wikis to maintain a single source of truth across repositories. The technical content pipeline integrates automated quality guardrails, such as markdown linting and link validation, with static site generation and cloud infrastructure provisioning for hosting documentation. - [eclipse-theia/theia](https://awesome-repositories.com/repository/eclipse-theia-theia.md) (21,569 ⭐) — Theia is a modular framework designed for building professional-grade development environments that function as both local desktop applications and remote browser-based services. It provides a comprehensive toolkit for constructing specialized coding tools, allowing developers to assemble custom interfaces and backend logic through a flexible, contribution-based architecture. The platform distinguishes itself through a highly extensible workbench that supports the integration of existing third-party editor plugins and standard language servers. By utilizing a dependency injection container and a multi-process architecture, it enables the creation of tailored development experiences that maintain compatibility with established industry standards while offering deep customization of UI components, menus, and command structures. Beyond its core construction capabilities, the framework includes integrated support for artificial intelligence, offering features such as natural language chat, automated code issue resolution, and context-aware coding assistance. It manages complex development workflows through task planning, automated script execution, and collaborative review processes, all while enforcing security policies through workspace execution restrictions and tool access controls. The project is distributed as a ready-to-use desktop application and provides build pipelines for packaging custom environments into native installers for major operating systems. - [casibase/casibase](https://awesome-repositories.com/repository/casibase-casibase.md) (4,443 ⭐) — Casibase is an open-source platform that orchestrates multi-turn conversations with large language models and manages retrieval-augmented knowledge bases from a single interface. It provides a unified system for connecting to over 30 AI model providers, ingesting documents into vector embeddings for semantic search, and running autonomous agent loops that can drive a browser, search the web, execute commands, and integrate with external tools. The platform distinguishes itself by combining AI conversation management with infrastructure and application orchestration capabilities. It includes a visual workflow designer for composing multi-step pipelines, a Kubernetes blueprint orchestrator for deploying containerized applications with environment-specific customization, and a browser-based remote server gateway for managing SSH, RDP, and VNC connections. Role-based access control is enforced across routers, controllers, and UI layers, with single sign-on authentication and user-to-store data isolation. Beyond its core AI and automation features, Casibase offers infrastructure security scanning, token-aware billing with per-message cost tracking, and integration with enterprise messaging platforms for real-time AI responses. It provides an OpenAI-compatible API endpoint, client SDKs, and Swagger-generated documentation for programmatic access. The system supports multi-store knowledge isolation, cross-store vector sharing, and a centralized dashboard for monitoring system resources, deployment states, and usage activity across providers and users. - [appwrite/appwrite](https://awesome-repositories.com/repository/appwrite-appwrite.md) (56,318 ⭐) — Appwrite is a backend-as-a-service platform that provides a unified development environment for building full-stack applications. It integrates essential infrastructure components—including authentication, databases, storage, and serverless functions—into a single, centralized interface to simplify application development and resource management. The platform distinguishes itself through a container-based microservices architecture that ensures consistent execution across diverse infrastructure. It features a versatile connectivity layer that links frontend applications with third-party services, databases, and external APIs through standardized interfaces. Developers can manage and automate the configuration of these backend resources using infrastructure-as-code tools, while granular role-based access control enforces security policies across all platform resources and API endpoints. Beyond its core services, the platform offers a broad capability surface that includes cross-platform data synchronization, event-driven webhooks, and comprehensive billing and usage monitoring. It supports extensive integrations for AI utilities, payment processing, messaging, and logging, allowing developers to extend application functionality through modular, event-driven workflows. The platform is designed for both managed and self-hosted deployments, providing tools for production environment optimization, data migration, and custom domain configuration. - [talater/awesome-book-authoring](https://awesome-repositories.com/repository/talater-awesome-book-authoring.md) (408 ⭐) — :books: A collection of awesome resources for technical book authors - [rustdesk/rustdesk](https://awesome-repositories.com/repository/rustdesk-rustdesk.md) (116,258 ⭐) — RustDesk is a cross-platform remote desktop client that enables users to initiate and receive remote sessions. It provides a complete infrastructure for self-hosted remote access, utilizing a signaling and relay server architecture to maintain connectivity when direct peer-to-peer links are unavailable. The software is designed to function across desktop and mobile environments, offering native remote control, screen sharing, and file management capabilities. What distinguishes the platform is its centralized administrative control plane, which allows for granular management of security policies, user identities, and device access permissions. Administrators can define scoped roles, implement hierarchical permission logic, and enforce security strategies across large deployments. The system supports integration with external identity providers, including OIDC and LDAP, alongside multi-factor authentication methods like TOTP to secure access to the infrastructure. The software provides extensive tools for managed environments, including automated deployment scripts, command-line configuration, and bulk policy management. It includes specialized mechanisms for handling system-level elevation, allowing remote operators to interact with administrative prompts on target machines. The server infrastructure is designed for flexibility, supporting containerized deployments and geolocation-based routing to optimize connection paths and minimize latency. Documentation and installation support cover a wide range of operating systems, providing native packages, portable formats, and guidance for running server components as persistent background services. - [refinedev/refine](https://awesome-repositories.com/repository/refinedev-refine.md) (34,906 ⭐) — Refine is a headless framework designed for building data-intensive internal business applications, such as admin panels and dashboards. It provides a core set of hooks and architectural patterns that decouple business logic, authentication, and data operations from the user interface, allowing developers to integrate any design system while maintaining a consistent application structure. The framework distinguishes itself through a resource-centric approach that automatically maps application views to data entities via centralized configuration. It features a unified data provider interface that standardizes communication with diverse backend services, including REST and GraphQL, and employs a declarative access control layer to enforce granular, role-based security policies across the entire application. Beyond its core routing and data handling, the platform supports complex organizational workflows through modular plugins and hierarchical state management. It is built to facilitate self-hosted deployments, ensuring that teams retain full control over their data security, regulatory compliance, and infrastructure without reliance on third-party cloud providers. Comprehensive documentation is available to guide the construction of CRUD-based applications, including tools for debugging application state and monitoring system activity. - [sigstore/policy-controller](https://awesome-repositories.com/repository/sigstore-policy-controller.md) (175 ⭐) — Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supply-chain metadata from cosign - [clickhouse/clickhouse](https://awesome-repositories.com/repository/clickhouse-clickhouse.md) (48,229 ⭐) — ClickHouse is a high-performance, columnar analytical database designed for real-time query execution and large-scale data aggregation. It functions as a distributed data warehouse capable of processing petabytes of information, while also providing an embedded engine that integrates directly into applications for native query capabilities without external dependencies. The system is built to handle high-throughput ingestion and complex analytical workloads, delivering millisecond-level latency for interactive dashboards and operational monitoring. The platform distinguishes itself through advanced storage and execution techniques, including vectorized query processing and a merge tree storage engine that maintains performance during massive insertions. It features adaptive subcolumn mapping for semi-structured data and supports native vector search for machine learning and generative AI applications. To facilitate efficient data movement, the engine utilizes zero-copy shared memory buffers, minimizing overhead when interacting with external analytical tools or processing diverse file formats like Parquet, JSON, and Arrow. Beyond its core storage and processing capabilities, the project provides a comprehensive suite of tools for observability, security, and data integration. It includes built-in support for natural language querying, automated workflow orchestration for AI agents, and extensive diagnostic features for query plan inspection. The platform also offers robust cloud infrastructure management, including support for private networking, compliant deployment strategies, and integrated billing consolidation.