Project summary
MIDAS is an open source governance engine for evaluating and authorizing decisions in autonomous systems.
Project description
MIDAS is an open source authority governance engine for autonomous systems. Modern systems increasingly rely on AI agents and automation to make consequential decisions. While existing tools determine what should happen (e.g. policy engines and decision systems), there is no standard mechanism for governing what is actually allowed to proceed, creating gaps in authority management and auditability, particularly in regulated environments.
MIDAS introduces an explicit governance layer that evaluates decision requests against defined authority structures and operational constraints prior to producing an outcome. It models boundaries as decision surfaces, resolves delegated permissions through authority chains, and records each evaluation as a governance envelope with a tamper-evident audit trail.
The system is built around three core primitives:
- Decision Surfaces: machine-readable contracts defining governed action boundaries
- Governance Envelopes: immutable records binding decisions to their authority chains
- Authority Graphs: traversable delegation paths showing how authority is assigned
MIDAS integrates via a simple HTTP API, sitting alongside AI agents, services, and decision systems without replacing them. It follows a cloud-native design with stateless evaluation, externalized persistence, and support for containerized deployment and observability.
By making delegated authority explicit and traceable, MIDAS gives autonomous systems the governance they need for compliance and operational control.
Org repo URL (provide if all repos under the org are in scope of the application)
https://github.com/accept-io
Project repo URL in scope of application
https://github.com/accept-io/midas
Additional repos in scope of the application
None at this time. MIDAS is currently developed as a single repository project. Additional repositories may be introduced as the project evolves.
Website URL
https://www.accept.io/
Roadmap
https://github.com/accept-io/midas/blob/main/ROADMAP.md
Roadmap context
The MIDAS roadmap focuses on evolving the project into a stable and widely adoptable governance layer for autonomous systems.
Near-term priorities include:
- stabilizing core evaluation and authority resolution behaviour
- improving API consistency and documentation
- improving the Explorer functionality to provide greater capabilities for non-technical platform users
- strengthening authentication, role-based access, and configuration
- expanding observability (metrics, tracing, audit inspection)
Mid-term priorities include:
- deeper integration patterns with policy engines and event-driven systems
- enhanced control plane capabilities for managing surfaces, profiles, and grants
- improved developer tooling and local development experience
Long-term direction focuses on:
- supporting broader deployment patterns in cloud-native environments
- enabling richer governance workflows (e.g. review, escalation, lifecycle management)
- building a community-driven ecosystem around decision governance
The roadmap is intentionally iterative, prioritizing stability and clarity before expanding scope.
Contributing guide
https://github.com/accept-io/midas/blob/main/CONTRIBUTING.md
Code of Conduct (CoC)
https://github.com/accept-io/midas/blob/main/CODE_OF_CONDUCT.md
Adopters
https://github.com/accept-io/midas/blob/main/ADOPTERS.md
Maintainers file
https://github.com/accept-io/midas/blob/main/MAINTAINERS.md
Security policy file
https://github.com/accept-io/midas/blob/main/SECURITY.md
Standard or specification?
N/A. MIDAS does not currently define or implement a formal standard or specification. The project introduces concepts such as decision surfaces, governance envelopes, and authority graphs as part of its internal model. These are not yet formalized as external standards but may evolve over time based on community adoption and feedback.
Business product or service to project separation
MIDAS is developed as an independent, open-source project by Accept Labs. The project is not a downstream dependency of a proprietary product, nor is it required to use any commercial service. MIDAS is designed to be usable as a standalone governance component within any architecture. Accept Labs may build related services or offerings in the future; however, MIDAS itself is developed in the open, with its source code, roadmap, and design decisions managed transparently via GitHub.
The intention is for MIDAS to evolve as a community-driven project, with contributions, feedback, and direction shaped through open collaboration rather than being tightly coupled to a specific commercial product.
Why CNCF?
This project aligns with CNCF's focus on open, interoperable infrastructure for modern distributed systems. As organizations deploy AI agents and automation in production, they face a common challenge: how to govern whether autonomous systems are authorized to proceed with decisions, and how to audit those decisions under regulatory or operational scrutiny. This governance gap is distinct from policy definition (OPA's domain), request routing (service mesh domain), or orchestration (Kubernetes domain). Existing CNCF projects primarily determine what should happen; MIDAS governs whether decisions are authorized to proceed, with explicit authority tracking.
The CNCF provides a neutral, collaborative environment well-suited to evolving MIDAS into a shared governance infrastructure. Being part of the CNCF would help:
- Establish clear positioning as a governance checkpoint that complements existing policy, security, and observability tools without replacing them
- Enable integration patterns (e.g. MIDAS + OPA for policy evaluation with authority tracking, MIDAS + Envoy for service-level enforcement, MIDAS + Kubernetes for deployment)
- Attract contributors from organizations operating in regulated environments and those deploying autonomous systems with authority management and audit requirements
- Ensure the project evolves through open, community-driven governance rather than single-vendor control
MIDAS is designed as infrastructure rather than a product feature. The project is submitted to the CNCF Sandbox as an early-stage, open-source system with a clear architectural scope and production-ready components, licensed under Apache-2.0.
Benefit to the landscape
This project benefits the Cloud-Native Landscape by introducing a distinct capability: governance of decision authorization based on explicit, traceable authority chains.
Existing projects address key aspects of modern systems:
- Policy engines (e.g. OPA) define what should be allowed
- Service meshes (e.g. Envoy, Linkerd) control how requests are routed and enforced
- Observability tools (e.g. Prometheus, Grafana) capture what happened
However, there is currently no widely adopted component that tracks how authority is delegated for a decision, maintains traversable authority chains, and produces governance records linking decisions to their source of authority. Policy engines answer "is this allowed?" but do not track who granted the permission or produce audit records that bind decisions to authority context.
MIDAS fills this gap by providing:
- An explicit authority model (decision surfaces and authority chains) for governing autonomous system actions
- Deterministic evaluation of decision requests against authority structures and operational constraints
- Tamper-evident governance envelopes that record not just what happened, but under whose authority it was permitted
- API-driven integration that works alongside policy engines, service meshes, and observability systems
- A stateless, horizontally scalable architecture suitable for deployment in cloud native environments
MIDAS complements existing CNCF projects:
- Works with OPA for policy evaluation while adding authority tracking
- Integrates alongside service meshes to provide governance at decision boundaries
- Emits governance metrics and audit events for observability platforms such as Prometheus
- Deploys alongside Kubernetes workloads using standard patterns
This enables organizations to move from implicit, application-level permission logic to explicit, system-level governance—particularly in environments where autonomous systems must demonstrate that decisions were made under properly delegated authority with auditable chains of custody.
By addressing this gap, MIDAS extends the cloud native ecosystem into decision governance without overlapping with existing project responsibilities.
Cloud native 'fit'
This project fits into the cloud native landscape as an API-driven governance component for decision authorization in distributed systems. It is designed to operate as a stateless service within microservice and event-driven architectures, integrating with existing systems via HTTP APIs. MIDAS evaluates decision requests at runtime against authority structures and contextual constraints, making it suitable for deployment alongside application services, AI agents, and automation workflows.
From a cloud native perspective, MIDAS embodies several core CNCF principles:
Stateless services with externalized state: Evaluation logic is stateless and horizontally scalable, with persistence handled via external data stores (e.g. PostgreSQL), following standard cloud-native separation of compute and storage.
API-first design: All functionality is exposed through well-defined HTTP APIs, enabling loose coupling and integration with services, agents, and decision systems.
Containerized and orchestrated deployment: MIDAS is designed to run in container environments and deploy via Kubernetes using standard patterns, including health probes and service-based scaling.
Horizontal scalability: Multiple MIDAS instances can operate concurrently behind a load balancer without inter-instance coordination.
Observability integration: The system emits structured logs, metrics, and governance events suitable for integration with cloud-native observability platforms such as Prometheus and Grafana.
Composable architecture: MIDAS integrates with policy engines (e.g. OPA), service meshes (e.g. Envoy, Linkerd), and observability systems rather than replacing them, adding an authority governance layer to existing infrastructure.
In the cloud native stack, MIDAS operates as a governance layer at decision boundaries—complementing policy evaluation, request routing, and observability by introducing explicit authority validation and auditability at runtime.
The project follows cloud-native operational patterns including declarative configuration, immutable deployments, and structured observability, making it suitable for deployment in Kubernetes environments alongside existing CNCF projects.
Cloud native 'integration'
MIDAS is designed to complement existing CNCF projects by operating as a governance
layer at decision boundaries, integrating with policy, networking, orchestration, and
observability components.
Policy engines (OPA): MIDAS integrates with Open Policy Agent by treating policy
evaluation as one input to the governance decision. A typical pattern: OPA evaluates
"is this action permitted by policy?" while MIDAS evaluates "is this action authorized
under delegated authority?" The governance envelope can include both policy results
and authority chain validation, creating a complete audit record. MIDAS can call OPA
as part of evaluation or operate in parallel with services that already use OPA,
complementing policy enforcement with authority tracking.
Service meshes (Envoy, Linkerd): MIDAS operates as an external authorization
service that service meshes can invoke before allowing requests to proceed. For example,
Envoy's ext_authz filter can call MIDAS to validate authority before routing requests—
following the same pattern as Envoy + OPA integrations but adding authority chain
tracking and governance envelope generation. MIDAS can also operate outside the mesh
as a standalone governance checkpoint for decision-making services that don't transit
the mesh.
Kubernetes: MIDAS deploys as a standard Kubernetes service using Deployment
manifests, ConfigMaps for configuration, and Secrets for credentials. It includes
health probes (/readyz, /healthz) for liveness and readiness checks and follows
cloud-native deployment patterns. The roadmap includes Helm charts and a Kubernetes
operator for declarative governance configuration. MIDAS runs alongside application
workloads in the same cluster or as a centralized governance service across multiple
clusters.
Observability (Prometheus, Grafana): MIDAS exposes Prometheus metrics at /metrics
, including evaluation latency histograms, envelope write counts, and authority validation
results. Structured logs (JSON format) include correlation IDs for distributed tracing.
Governance envelopes stored in PostgreSQL can be queried directly or visualized in
Grafana dashboards. The project includes example Grafana dashboards for authority
graph visualization and audit trail inspection.
Container runtimes and registries: MIDAS ships OCI-compliant container images
compatible with containerd, CRI-O, and Docker. Images are published to public
registries with security scanning (govulncheck, Trivy) integrated into the CI pipeline.
MIDAS follows a composition-over-replacement pattern: it adds authority governance to
existing cloud-native stacks without requiring organizations to replace current policy,
networking, or observability infrastructure. This makes adoption incremental—teams can
introduce governance at decision boundaries while preserving existing investments in
CNCF projects. Integration is achieved through standard HTTP APIs and cloud-native
observability patterns rather than custom protocols or tightly coupled dependencies.
Cloud native overlap
MIDAS has some conceptual overlap with policy engines and authorization systems, but operates at a distinct layer focused on authority-based governance rather than policy evaluation or request enforcement.
Policy engines (OPA): The closest overlap is with Open Policy Agent, which evaluates whether actions are allowed based on defined policies. MIDAS complements this by evaluating whether actions are authorized based on delegated authority structures.
For example, OPA may evaluate whether a class of actions is permitted (e.g. "can support agents issue refunds under $100?"), while MIDAS evaluates whether a specific action is authorized under delegated authority (e.g. "which manager granted this agent permission, and is that grant still active?"). Both may produce allow/deny outcomes, but OPA focuses on policy rules, whereas MIDAS focuses on authority resolution and auditability.
OPA provides decision logging for policy evaluation, whereas MIDAS produces governance envelopes that bind decisions to their authority context with tamper-evident integrity, supporting audit and compliance use cases.
Service mesh authorization: MIDAS can be integrated via external authorization patterns in service meshes (e.g. Envoy, Linkerd). While the integration point is similar, the responsibility differs: network-level authorization services enforce service-to-service access, whereas MIDAS evaluates decision-level authorization based on delegated authority. MIDAS can operate alongside traditional authorization services or independently at the application layer.
Identity and authentication: MIDAS does not overlap with identity systems (e.g. SPIFFE/SPIRE, Keycloak, cert-manager). It assumes authenticated identities and focuses on decision-level authorization, integrating with identity systems to resolve context during evaluation.
Workflow orchestration: MIDAS does not overlap with workflow systems (e.g. Argo Workflows, Temporal, Flyte), which manage task sequencing and execution. While workflows may include approval steps, MIDAS provides cross-cutting governance for decision authorization independent of execution model.
Orchestration and observability: MIDAS does not overlap with Kubernetes (workload orchestration) or observability systems (e.g. Prometheus, Grafana). It emits data for these systems and runs within them but does not provide their core functionality.
Overall, while MIDAS may be invoked at similar points in the request lifecycle as policy or authorization systems, it introduces a distinct responsibility: governing decisions based on explicit, traceable authority and producing verifiable audit records. This positions it as complementary, introducing a governance layer not directly addressed by existing CNCF projects.
Similar projects
There are no direct equivalents to MIDAS, but several adjacent projects address related aspects of policy, authorization, and governance:
CNCF and cloud native projects:
-
Open Policy Agent (OPA): A general-purpose policy engine that evaluates whether actions are allowed based on policy rules. MIDAS complements OPA by focusing on authority-based authorization and auditability—addressing who authorized a decision, rather than whether it is permitted by policy.
-
Service mesh external authorization (Envoy ext_authz): Provides request-level authorization hooks within service meshes. MIDAS can integrate via these patterns but operates at a higher level, governing decisions rather than enforcing network-level access control.
-
Observability systems (OpenTelemetry, Fluentd): Capture and process logs, metrics, and traces. MIDAS differs by producing structured governance records tied to authority context, which can be consumed by observability systems for analysis.
-
Workflow engines (Temporal, Argo Workflows, Flyte): Manage execution flow and orchestration. While these systems may include approval steps, MIDAS provides cross-cutting governance of decision authorization independent of workflow execution.
Authorization and policy systems:
-
Cedar (AWS), Permit.io, Oso, Casbin: Policy-driven authorization systems that manage application-level permissions and access control. These systems focus on declarative policy evaluation, whereas MIDAS focuses on tracking delegated authority and producing auditable governance records. MIDAS can integrate with these systems to combine policy evaluation with authority-based governance.
-
Policy management platforms (e.g. Styra DAS, HashiCorp Sentinel): Provide policy lifecycle management and decision logging. MIDAS complements these by introducing authority tracking and governance records linked to decision context.
Compliance and audit platforms:
- Compliance platforms (e.g. Vanta, Drata, OneTrust): Focus on organizational compliance workflows and audit preparation. MIDAS operates at the system level, producing governance data that can feed into such platforms rather than replacing them.
These projects address important adjacent concerns, but MIDAS introduces a distinct capability: evaluating decision authorization based on explicit, traceable authority and producing verifiable governance records. It is designed to complement existing tools by adding an authority-based governance layer within cloud native architectures.
Landscape
No, not currently.
Insights
No, not currently.
Trademark and accounts
IP policy
Will the project require a license exception?
N/A
Project "Domain Technical Review"
No. MIDAS has not yet engaged with a CNCF TAG or completed the General Technical Review. We intend to engage with the relevant TAGs (e.g. TAG Security and TAG Runtime) following Sandbox acceptance to gather feedback and align the project with CNCF best practices.
Application contact email(s)
anjali@accept.io,philip@accept.io
Contributing or sponsoring entity signatory information
If an organization:
| Name | Address | Type (e.g., Delaware corporation) | Signatory name and title | Email address |
|Accept Ltd, Marlin Court, Marlow, Buckinghamshire UK |Philip O'Shaughnessy, Managing Director|philip@accept.io|
|Accept Ltd, Marlin Court, Marlow, Buckinghamshire UK |Anjali Jain, Director of Engineering|anjali@accept.io|
CNCF contacts
No response
Additional information
MIDAS is an early-stage project with a clearly defined architectural scope and a focus on addressing a specific gap in the cloud-native ecosystem: governance of decision authorization based on explicit authority. The project has been developed with an emphasis on deterministic evaluation, clear API boundaries, and tamper-evident auditability, reflecting requirements observed in regulated and high-assurance environments. These design principles are intended to make the system suitable for real-world deployment while remaining simple to integrate into existing architectures.
We are applying to CNCF Sandbox to validate the problem space, refine the project through community feedback, and ensure that MIDAS evolves as an open, interoperable component within the broader cloud native ecosystem.
If we were to receive Sandbox acceptance, we would then engage with relevant CNCF TAGs (such as TAG Security and TAG Runtime) to gather feedback and align the project with CNCF best practices.
Project summary
MIDAS is an open source governance engine for evaluating and authorizing decisions in autonomous systems.
Project description
MIDAS is an open source authority governance engine for autonomous systems. Modern systems increasingly rely on AI agents and automation to make consequential decisions. While existing tools determine what should happen (e.g. policy engines and decision systems), there is no standard mechanism for governing what is actually allowed to proceed, creating gaps in authority management and auditability, particularly in regulated environments.
MIDAS introduces an explicit governance layer that evaluates decision requests against defined authority structures and operational constraints prior to producing an outcome. It models boundaries as decision surfaces, resolves delegated permissions through authority chains, and records each evaluation as a governance envelope with a tamper-evident audit trail.
The system is built around three core primitives:
MIDAS integrates via a simple HTTP API, sitting alongside AI agents, services, and decision systems without replacing them. It follows a cloud-native design with stateless evaluation, externalized persistence, and support for containerized deployment and observability.
By making delegated authority explicit and traceable, MIDAS gives autonomous systems the governance they need for compliance and operational control.
Org repo URL (provide if all repos under the org are in scope of the application)
https://github.com/accept-io
Project repo URL in scope of application
https://github.com/accept-io/midas
Additional repos in scope of the application
None at this time. MIDAS is currently developed as a single repository project. Additional repositories may be introduced as the project evolves.
Website URL
https://www.accept.io/
Roadmap
https://github.com/accept-io/midas/blob/main/ROADMAP.md
Roadmap context
The MIDAS roadmap focuses on evolving the project into a stable and widely adoptable governance layer for autonomous systems.
Near-term priorities include:
Mid-term priorities include:
Long-term direction focuses on:
The roadmap is intentionally iterative, prioritizing stability and clarity before expanding scope.
Contributing guide
https://github.com/accept-io/midas/blob/main/CONTRIBUTING.md
Code of Conduct (CoC)
https://github.com/accept-io/midas/blob/main/CODE_OF_CONDUCT.md
Adopters
https://github.com/accept-io/midas/blob/main/ADOPTERS.md
Maintainers file
https://github.com/accept-io/midas/blob/main/MAINTAINERS.md
Security policy file
https://github.com/accept-io/midas/blob/main/SECURITY.md
Standard or specification?
N/A. MIDAS does not currently define or implement a formal standard or specification. The project introduces concepts such as decision surfaces, governance envelopes, and authority graphs as part of its internal model. These are not yet formalized as external standards but may evolve over time based on community adoption and feedback.
Business product or service to project separation
MIDAS is developed as an independent, open-source project by Accept Labs. The project is not a downstream dependency of a proprietary product, nor is it required to use any commercial service. MIDAS is designed to be usable as a standalone governance component within any architecture. Accept Labs may build related services or offerings in the future; however, MIDAS itself is developed in the open, with its source code, roadmap, and design decisions managed transparently via GitHub.
The intention is for MIDAS to evolve as a community-driven project, with contributions, feedback, and direction shaped through open collaboration rather than being tightly coupled to a specific commercial product.
Why CNCF?
This project aligns with CNCF's focus on open, interoperable infrastructure for modern distributed systems. As organizations deploy AI agents and automation in production, they face a common challenge: how to govern whether autonomous systems are authorized to proceed with decisions, and how to audit those decisions under regulatory or operational scrutiny. This governance gap is distinct from policy definition (OPA's domain), request routing (service mesh domain), or orchestration (Kubernetes domain). Existing CNCF projects primarily determine what should happen; MIDAS governs whether decisions are authorized to proceed, with explicit authority tracking.
The CNCF provides a neutral, collaborative environment well-suited to evolving MIDAS into a shared governance infrastructure. Being part of the CNCF would help:
MIDAS is designed as infrastructure rather than a product feature. The project is submitted to the CNCF Sandbox as an early-stage, open-source system with a clear architectural scope and production-ready components, licensed under Apache-2.0.
Benefit to the landscape
This project benefits the Cloud-Native Landscape by introducing a distinct capability: governance of decision authorization based on explicit, traceable authority chains.
Existing projects address key aspects of modern systems:
However, there is currently no widely adopted component that tracks how authority is delegated for a decision, maintains traversable authority chains, and produces governance records linking decisions to their source of authority. Policy engines answer "is this allowed?" but do not track who granted the permission or produce audit records that bind decisions to authority context.
MIDAS fills this gap by providing:
MIDAS complements existing CNCF projects:
This enables organizations to move from implicit, application-level permission logic to explicit, system-level governance—particularly in environments where autonomous systems must demonstrate that decisions were made under properly delegated authority with auditable chains of custody.
By addressing this gap, MIDAS extends the cloud native ecosystem into decision governance without overlapping with existing project responsibilities.
Cloud native 'fit'
This project fits into the cloud native landscape as an API-driven governance component for decision authorization in distributed systems. It is designed to operate as a stateless service within microservice and event-driven architectures, integrating with existing systems via HTTP APIs. MIDAS evaluates decision requests at runtime against authority structures and contextual constraints, making it suitable for deployment alongside application services, AI agents, and automation workflows.
From a cloud native perspective, MIDAS embodies several core CNCF principles:
Stateless services with externalized state: Evaluation logic is stateless and horizontally scalable, with persistence handled via external data stores (e.g. PostgreSQL), following standard cloud-native separation of compute and storage.
API-first design: All functionality is exposed through well-defined HTTP APIs, enabling loose coupling and integration with services, agents, and decision systems.
Containerized and orchestrated deployment: MIDAS is designed to run in container environments and deploy via Kubernetes using standard patterns, including health probes and service-based scaling.
Horizontal scalability: Multiple MIDAS instances can operate concurrently behind a load balancer without inter-instance coordination.
Observability integration: The system emits structured logs, metrics, and governance events suitable for integration with cloud-native observability platforms such as Prometheus and Grafana.
Composable architecture: MIDAS integrates with policy engines (e.g. OPA), service meshes (e.g. Envoy, Linkerd), and observability systems rather than replacing them, adding an authority governance layer to existing infrastructure.
In the cloud native stack, MIDAS operates as a governance layer at decision boundaries—complementing policy evaluation, request routing, and observability by introducing explicit authority validation and auditability at runtime.
The project follows cloud-native operational patterns including declarative configuration, immutable deployments, and structured observability, making it suitable for deployment in Kubernetes environments alongside existing CNCF projects.
Cloud native 'integration'
MIDAS is designed to complement existing CNCF projects by operating as a governance
layer at decision boundaries, integrating with policy, networking, orchestration, and
observability components.
Policy engines (OPA): MIDAS integrates with Open Policy Agent by treating policy
evaluation as one input to the governance decision. A typical pattern: OPA evaluates
"is this action permitted by policy?" while MIDAS evaluates "is this action authorized
under delegated authority?" The governance envelope can include both policy results
and authority chain validation, creating a complete audit record. MIDAS can call OPA
as part of evaluation or operate in parallel with services that already use OPA,
complementing policy enforcement with authority tracking.
Service meshes (Envoy, Linkerd): MIDAS operates as an external authorization
service that service meshes can invoke before allowing requests to proceed. For example,
Envoy's ext_authz filter can call MIDAS to validate authority before routing requests—
following the same pattern as Envoy + OPA integrations but adding authority chain
tracking and governance envelope generation. MIDAS can also operate outside the mesh
as a standalone governance checkpoint for decision-making services that don't transit
the mesh.
Kubernetes: MIDAS deploys as a standard Kubernetes service using Deployment
manifests, ConfigMaps for configuration, and Secrets for credentials. It includes
health probes (/readyz, /healthz) for liveness and readiness checks and follows
cloud-native deployment patterns. The roadmap includes Helm charts and a Kubernetes
operator for declarative governance configuration. MIDAS runs alongside application
workloads in the same cluster or as a centralized governance service across multiple
clusters.
Observability (Prometheus, Grafana): MIDAS exposes Prometheus metrics at /metrics
, including evaluation latency histograms, envelope write counts, and authority validation
results. Structured logs (JSON format) include correlation IDs for distributed tracing.
Governance envelopes stored in PostgreSQL can be queried directly or visualized in
Grafana dashboards. The project includes example Grafana dashboards for authority
graph visualization and audit trail inspection.
Container runtimes and registries: MIDAS ships OCI-compliant container images
compatible with containerd, CRI-O, and Docker. Images are published to public
registries with security scanning (govulncheck, Trivy) integrated into the CI pipeline.
MIDAS follows a composition-over-replacement pattern: it adds authority governance to
existing cloud-native stacks without requiring organizations to replace current policy,
networking, or observability infrastructure. This makes adoption incremental—teams can
introduce governance at decision boundaries while preserving existing investments in
CNCF projects. Integration is achieved through standard HTTP APIs and cloud-native
observability patterns rather than custom protocols or tightly coupled dependencies.
Cloud native overlap
MIDAS has some conceptual overlap with policy engines and authorization systems, but operates at a distinct layer focused on authority-based governance rather than policy evaluation or request enforcement.
Policy engines (OPA): The closest overlap is with Open Policy Agent, which evaluates whether actions are allowed based on defined policies. MIDAS complements this by evaluating whether actions are authorized based on delegated authority structures.
For example, OPA may evaluate whether a class of actions is permitted (e.g. "can support agents issue refunds under $100?"), while MIDAS evaluates whether a specific action is authorized under delegated authority (e.g. "which manager granted this agent permission, and is that grant still active?"). Both may produce allow/deny outcomes, but OPA focuses on policy rules, whereas MIDAS focuses on authority resolution and auditability.
OPA provides decision logging for policy evaluation, whereas MIDAS produces governance envelopes that bind decisions to their authority context with tamper-evident integrity, supporting audit and compliance use cases.
Service mesh authorization: MIDAS can be integrated via external authorization patterns in service meshes (e.g. Envoy, Linkerd). While the integration point is similar, the responsibility differs: network-level authorization services enforce service-to-service access, whereas MIDAS evaluates decision-level authorization based on delegated authority. MIDAS can operate alongside traditional authorization services or independently at the application layer.
Identity and authentication: MIDAS does not overlap with identity systems (e.g. SPIFFE/SPIRE, Keycloak, cert-manager). It assumes authenticated identities and focuses on decision-level authorization, integrating with identity systems to resolve context during evaluation.
Workflow orchestration: MIDAS does not overlap with workflow systems (e.g. Argo Workflows, Temporal, Flyte), which manage task sequencing and execution. While workflows may include approval steps, MIDAS provides cross-cutting governance for decision authorization independent of execution model.
Orchestration and observability: MIDAS does not overlap with Kubernetes (workload orchestration) or observability systems (e.g. Prometheus, Grafana). It emits data for these systems and runs within them but does not provide their core functionality.
Overall, while MIDAS may be invoked at similar points in the request lifecycle as policy or authorization systems, it introduces a distinct responsibility: governing decisions based on explicit, traceable authority and producing verifiable audit records. This positions it as complementary, introducing a governance layer not directly addressed by existing CNCF projects.
Similar projects
There are no direct equivalents to MIDAS, but several adjacent projects address related aspects of policy, authorization, and governance:
CNCF and cloud native projects:
Open Policy Agent (OPA): A general-purpose policy engine that evaluates whether actions are allowed based on policy rules. MIDAS complements OPA by focusing on authority-based authorization and auditability—addressing who authorized a decision, rather than whether it is permitted by policy.
Service mesh external authorization (Envoy ext_authz): Provides request-level authorization hooks within service meshes. MIDAS can integrate via these patterns but operates at a higher level, governing decisions rather than enforcing network-level access control.
Observability systems (OpenTelemetry, Fluentd): Capture and process logs, metrics, and traces. MIDAS differs by producing structured governance records tied to authority context, which can be consumed by observability systems for analysis.
Workflow engines (Temporal, Argo Workflows, Flyte): Manage execution flow and orchestration. While these systems may include approval steps, MIDAS provides cross-cutting governance of decision authorization independent of workflow execution.
Authorization and policy systems:
Cedar (AWS), Permit.io, Oso, Casbin: Policy-driven authorization systems that manage application-level permissions and access control. These systems focus on declarative policy evaluation, whereas MIDAS focuses on tracking delegated authority and producing auditable governance records. MIDAS can integrate with these systems to combine policy evaluation with authority-based governance.
Policy management platforms (e.g. Styra DAS, HashiCorp Sentinel): Provide policy lifecycle management and decision logging. MIDAS complements these by introducing authority tracking and governance records linked to decision context.
Compliance and audit platforms:
These projects address important adjacent concerns, but MIDAS introduces a distinct capability: evaluating decision authorization based on explicit, traceable authority and producing verifiable governance records. It is designed to complement existing tools by adding an authority-based governance layer within cloud native architectures.
Landscape
No, not currently.
Insights
No, not currently.
Trademark and accounts
IP policy
Will the project require a license exception?
N/A
Project "Domain Technical Review"
No. MIDAS has not yet engaged with a CNCF TAG or completed the General Technical Review. We intend to engage with the relevant TAGs (e.g. TAG Security and TAG Runtime) following Sandbox acceptance to gather feedback and align the project with CNCF best practices.
Application contact email(s)
anjali@accept.io,philip@accept.io
Contributing or sponsoring entity signatory information
If an organization:
| Name | Address | Type (e.g., Delaware corporation) | Signatory name and title | Email address |
|Accept Ltd, Marlin Court, Marlow, Buckinghamshire UK |Philip O'Shaughnessy, Managing Director|philip@accept.io|
|Accept Ltd, Marlin Court, Marlow, Buckinghamshire UK |Anjali Jain, Director of Engineering|anjali@accept.io|
CNCF contacts
No response
Additional information
MIDAS is an early-stage project with a clearly defined architectural scope and a focus on addressing a specific gap in the cloud-native ecosystem: governance of decision authorization based on explicit authority. The project has been developed with an emphasis on deterministic evaluation, clear API boundaries, and tamper-evident auditability, reflecting requirements observed in regulated and high-assurance environments. These design principles are intended to make the system suitable for real-world deployment while remaining simple to integrate into existing architectures.
We are applying to CNCF Sandbox to validate the problem space, refine the project through community feedback, and ensure that MIDAS evolves as an open, interoperable component within the broader cloud native ecosystem.
If we were to receive Sandbox acceptance, we would then engage with relevant CNCF TAGs (such as TAG Security and TAG Runtime) to gather feedback and align the project with CNCF best practices.