Skip to content

readme #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rcholic merged 1 commit into from
Feb 17, 2026
Merged

readme #3

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 8 additions & 12 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,9 @@ In practice: IdP answers **who the principal is**, while `predicate-authority` a
| --- | --- |
| `predicate_contracts` | Shared typed contracts and protocols (`ActionRequest`, `PolicyRule`, evidence, decision/proof models). |
| `predicate_authority` | Runtime authorization engine (`PolicyEngine`, `ActionGuard`, mandate signing, proof ledger, telemetry emitter). |
| `examples/` | Browser/MCP/HTTP guard examples using the local Phase 1 runtime. |
| `examples/` | Browser/MCP/HTTP/sidecar examples for local and connected workflows. |

## Phase 1 Status
## Current Capabilities

Implemented in this repository:

Expand All @@ -51,13 +51,9 @@ Implemented in this repository:
- policy evaluation with deny precedence and required verification labels,
- typed [predicate-sdk](https://github.com/PredicateSystems/sdk-python) integration adapter (`predicate_authority.integrations`),
- OpenTelemetry-compatible trace emitter (`OpenTelemetryTraceEmitter`),
- pytest coverage for core authorization, mandate, integration, and telemetry flows.

Planned in upcoming phases:

- `predicate-authorityd` sidecar for token lifecycle and local kill-switch,
- enterprise IdP bridge hardening (Entra/Okta/OIDC adapters),
- hosted governance control plane.
- `predicate-authorityd` sidecar daemon with policy polling and health/status endpoints,
- ops-focused CLI commands for sidecar health/status, policy validate/reload, and revoke controls,
- pytest coverage for authorization, mandate, integration, telemetry, daemon, and CLI flows.

## Installation

Expand All @@ -71,7 +67,7 @@ For shared contracts directly:
pip install predicate-contracts
```

## Quick Start (Phase 1 API)
## Quick Start

```python
from predicate_authority import ActionGuard, InMemoryProofLedger, LocalMandateSigner, PolicyEngine
Expand Down Expand Up @@ -123,7 +119,7 @@ See runnable examples in:
- `examples/mcp_tool_guard_example.py`
- `examples/outbound_http_guard_example.py`

## Operations CLI (Phase 2)
## Operations CLI

`predicate-authority` provides an ops-focused CLI for sidecar/runtime workflows.

Expand Down Expand Up @@ -156,7 +152,7 @@ predicate-authorityd --host 127.0.0.1 --port 8787 --mode local_only --policy-fil

## Security: Local Kill-Switch Path

The current Phase 1 runtime supports fail-closed checks and local proof emission. The sidecar model (`predicate-authorityd`) is planned to provide instant local revocation and managed token lifecycle for long-running production agents.
`predicate-authority` supports fail-closed checks, local proof emission, and sidecar-managed revocation/token lifecycle for long-running agents.

## Release

Expand Down