{"id":50455912,"url":"https://github.com/adil-ber/graph-acp-llm-analysis","last_synced_at":"2026-06-01T02:31:26.198Z","repository":{"id":327096131,"uuid":"1106052131","full_name":"adil-ber/graph-acp-llm-analysis","owner":"adil-ber","description":"LLM-based Access Control Policy (ACP) analysis tool designed to detect and repair anomalies such as redundancy, inconsistency, irrelevancy, and least astonishment violations in access control rules.  This project integrates LLMs (via API) to analyze and optimize access policies.","archived":false,"fork":false,"pushed_at":"2026-04-21T16:51:23.000Z","size":108,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-21T18:39:47.668Z","etag":null,"topics":["access-control","database","graphdatabase","neo4j-database"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/adil-ber.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-28T14:53:00.000Z","updated_at":"2026-04-21T16:51:28.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/adil-ber/graph-acp-llm-analysis","commit_stats":null,"previous_names":["adil-ber/graph-acp-llm-analysis"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/adil-ber/graph-acp-llm-analysis","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adil-ber%2Fgraph-acp-llm-analysis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adil-ber%2Fgraph-acp-llm-analysis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adil-ber%2Fgraph-acp-llm-analysis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adil-ber%2Fgraph-acp-llm-analysis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/adil-ber","download_url":"https://codeload.github.com/adil-ber/graph-acp-llm-analysis/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adil-ber%2Fgraph-acp-llm-analysis/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33757790,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-01T02:00:06.963Z","response_time":115,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["access-control","database","graphdatabase","neo4j-database"],"created_at":"2026-06-01T02:31:25.223Z","updated_at":"2026-06-01T02:31:26.187Z","avatar_url":"https://github.com/adil-ber.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🔐 Access Control Policy Analyzer\n\n\u003cdiv align=\"center\"\u003e\n\n![Python](https://img.shields.io/badge/python-3.9%2B-blue)\n![Status](https://img.shields.io/badge/status-active-brightgreen)\n![LLM Support](https://img.shields.io/badge/LLM-GPT%2C%20DeepSeek%2C%20Mistral-orange)\n\n**Intelligent analysis and repair of access control policies using AI**\n\n\u003c/div\u003e\n\n## ✨ Overview\n\nA sophisticated **Access Control Policy (ACP) analysis and repair tool** designed to detect and fix security anomalies in access control rules. The system leverages **Large Language Models (LLMs)** to intelligently analyze policies for redundancy, inconsistency, irrelevancy, and Principle of Least Astonishment (POLA) violations.\n\nThis project bridges the gap between traditional security analysis and modern AI capabilities, providing automated, intelligent policy optimization.\n\n## 🎯 Key Features\n\n### 🔍 **Advanced Anomaly Detection**\n- **Redundancy Analysis**: Identifies duplicate or overlapping rules\n- **Inconsistency Detection**: Finds contradictory permissions and conflicts\n- **Irrelevancy Filtering**: Removes rules that have no practical effect\n- **POLA Violations**: Detects creation/modify privileges without corresponding access\n\n### 🤖 **AI-Powered Analysis**\n- **Multi-LLM Support**: Works with GPT, DeepSeek, Mistral, and other models\n- **Context-Aware Reasoning**: Understands policy semantics and relationships\n- **Automated Repair**: Generates optimized policy sets based on analysis\n- **Explainable Results**: Provides clear justifications for all modifications\n\n### ⚙️ **Professional Tooling**\n- **Modular Architecture**: Easy to extend with custom analyzers\n- **Batch Processing**: Handle large policy sets efficiently\n- **Cross-Platform**: Works on Windows, Linux, and macOS\n\n## 📋 Supported Rule Types\n\nThe analyzer supports comprehensive ACP rule syntax including:\n\n```bash\n# Entity-level rules\ngrant|deny traverse|create|delete on nodes|relationships (variable:Label) [conditions]\n\n# Attribute-level rules  \ngrant|deny modify|add|remove|read{attribute|*} on nodes|relationships (variable:Label) [conditions]\n```\n\n## 🏗️ Architecture\n\n\u003cdiv align=\"center\"\u003e\n\n```mermaid\ngraph TD\n    A[Input Policies] --\u003e B[Policy Preprocessing]\n    B --\u003e C[LLM Analysis Engine]\n    C --\u003e D{Anomaly Detection}\n    D --\u003e E[Redundancy Check]\n    D --\u003e F[Consistency Check]\n    D --\u003e G[Relevancy Check]\n    D --\u003e H[POLA Violation Check]\n    E --\u003e I[Repair Engine]\n    F --\u003e I\n    G --\u003e I\n    H --\u003e I\n    I --\u003e J[Optimized Policies]\n    J --\u003e K[Validation \u0026 Output]\n```\n\n\u003c/div\u003e\n\n## 🚀 Quick Start\n\n### 1. **Clone \u0026 Setup**\n```bash\ngit clone https://github.com/adil-ber/graph-acp-llm-analysis.git\ncd graph-acp-llm-analysis\n\n# Create virtual environment\npython -m venv venv\n\n# Activate (Linux/Mac)\nsource venv/bin/activate\n\n# Activate (Windows)\nvenv\\Scripts\\activate\n```\n\n### 2. **Install Dependencies**\n```bash\npip install -r requirements.txt\n```\n\n### 3. **Configure API Settings**\nCreate `config.py` with your API credentials:\n\n```python\n# config.py\n#APP PARAMETERS\nAPI_KEY = \"ENTER_YOUR_API_KEY_HERE\"\nAPI_URL = \"ENTER_YOUR_YOUR_API_URL_HERE\"\n\n\nHEADERS = {\n    \"Authorization\": f\"Bearer {API_KEY}\",\n    \"Content-Type\": \"application/json\"\n}\n\nMODELS = [\"openai/gpt-oss-120b\"]  # Change as needed: \"openai/gpt-oss-120b\", \"google/gemini-2.5-flash\",...\n\nPOLICIES = [\"policy1\"]  # Change as needed: \"policy1\", \"policy2\", ...\n\nPROPERTY=\"relev\" # Change as needed: \"relev\", \"consist\", \"la\", or \"all\"\n```\n\n### 4. **Run Analysis**\n```bash\n# Analyze a single policy file\npython main.py --input policies/acl_rules.csv --output repaired_rules.csv\n\n# Analyze directory of policies\npython main.py --dir input_policies/ --output_dir repaired_policies/\n\n# Enable verbose debugging\npython main.py --input rules.csv --output fixed.csv --verbose --debug\n```\n\n## 📁 Project Structure\n\n```\ngraph-acp-llm-analysis/\n├── 📁 policy_preprocessing/     # Policy normalization and parsing\n│   ├── policy_preprocessing.py\n│   ├── Policy.py\n├── 📁 policy_sets/             # Example datasets\n│   ├── input_policies/         # Raw policy files\n│   ├── repaired_policies/      # Optimized outputs\n│   └── expected_policies/      # Ground truth for validation\n├── 📁 prompts/                 # LLM prompt templates\n│   ├── prompt1_satisfiability.txt\n│   ├── prompt2_redundancy.txt\n│   ├── prompt3_consistency.txt\n│   └── prompt4_astonishment.txt\n├── 📁 few_shots/              # Few-shot learning examples\n│   ├── few_shots1_satisfiability.txt\n│   ├── few_shots2_redundancy.txt\n│   └── few_shots3_consistency.txt\n│   └── few_shots4_astonishment.txt\n├── 📁 analyzers/              # LLM API integrations and Core analysis modules\n│   ├── astonishment_analyzer.py\n│   ├── consistency_analyzer.py\n│   ├── llm_analyzer.py\n│   ├── relevancy__analyzer.py\n├── 📁 evaluation/              # Tasks evaluation and accuracy measuring\n│   ├── redundancy_analyzer.py\n│   ├── consistency_analyzer.py\n├── config.py                  # API and runtime configuration\n├── main.py                    # Entry point\n├── requirements.txt           # Dependencies\n└── README.md                  # This file\n```\n\n## 🔬 Analysis Examples\n\n\n### **Irrelevancy Detection**\n```python\n# Input Rules (Redundant)\nR1: grant traverse on nodes (u:User) to member;\nR2: grant traverse on nodes (u:User) to member where u.age\u003e=18;\n\n# Analysis Result: ❌ IRRELEVANT\n# R2 is included in R1\n# Repair: Remove R2\n```\n\n### **Inconsistency Detection**\n```python\n# Input Rules (Redundant)\nR1: grant modify{age} on nodes (u:User) to member;\nR2: deny traverse on nodes (u:User) to member where u.age\u003e=18;\n\n# Analysis Result: ❌ INCONSISTENT\n# R2 can be bypassed by using R1\n# Repair: Remove R1\n```\n\n\n### **Least-Astonishment Violation Detection**\n```python\n# Input Rule (Violation)\nR10: grant create on relationships (r:REPORTS_TO) where r.level \u003e 3 to member;\n\n# Analysis Result: ❌ ASTONISHMENT\n# Missing corresponding: grant traverse on relationships (r:REPORTS_TO)\n# Repair: Rule removed - cannot create inaccessible entities\n```\n\n\n\n\n\n## 📧 Contact \u0026 Support\n\n**Project Maintainer**: Adil Ber  \n**Email**: [adil.bereksi@gmail.com](mailto:adil.bereksi@gmail.com)  \n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n### ⭐ **Star this repo if you find it useful!** ⭐\n\n**Built with ❤️ for the DB community**\n\n\u003c/div\u003e","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadil-ber%2Fgraph-acp-llm-analysis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadil-ber%2Fgraph-acp-llm-analysis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadil-ber%2Fgraph-acp-llm-analysis/lists"}