{"id":46843533,"url":"https://github.com/getactra/actra","last_synced_at":"2026-04-04T13:26:55.948Z","repository":{"id":343212366,"uuid":"1176629087","full_name":"getactra/actra","owner":"getactra","description":"Actra - control what runs before it runs, controls what actions are allowed before they execute. Evaluate policies across APIs, workflows, and AI agents — in real time.","archived":false,"fork":false,"pushed_at":"2026-03-29T04:19:44.000Z","size":545,"stargazers_count":1,"open_issues_count":2,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-02T07:39:06.347Z","etag":null,"topics":["access-control","action-admission-control","action-control","agent-control","agent-governance","agent-policy","agent-safety","agentic-ai","ai-agents","ai-governance","ai-safety","authorization","automation","governance","policy-as-code","policy-engine","policy-management","python","rule-engine","runtime-policy"],"latest_commit_sha":null,"homepage":"https://actra.dev","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/getactra.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":"CITATION.cff","codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-09T08:02:14.000Z","updated_at":"2026-04-02T07:22:41.000Z","dependencies_parsed_at":"2026-03-14T18:01:42.746Z","dependency_job_id":null,"html_url":"https://github.com/getactra/actra","commit_stats":null,"previous_names":["getactra/actra"],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/getactra/actra","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getactra%2Factra","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getactra%2Factra/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getactra%2Factra/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getactra%2Factra/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/getactra","download_url":"https://codeload.github.com/getactra/actra/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getactra%2Factra/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31402263,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T10:20:44.708Z","status":"ssl_error","status_checked_at":"2026-04-04T10:20:06.846Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["access-control","action-admission-control","action-control","agent-control","agent-governance","agent-policy","agent-safety","agentic-ai","ai-agents","ai-governance","ai-safety","authorization","automation","governance","policy-as-code","policy-engine","policy-management","python","rule-engine","runtime-policy"],"created_at":"2026-03-10T14:07:34.367Z","updated_at":"2026-04-04T13:26:55.921Z","avatar_url":"https://github.com/getactra.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Actra\n### Control what runs before it runs\n\n[![PyPI version](https://img.shields.io/pypi/v/actra.svg)](https://pypi.org/project/actra/)\n[![PyPI downloads](https://img.shields.io/pypi/dm/actra)](https://pypi.org/project/actra/)\n[![npm version](https://img.shields.io/npm/v/@getactra/actra.svg)](https://www.npmjs.com/package/@getactra/actra)\n[![npm downloads](https://img.shields.io/npm/dm/@getactra/actra.svg)](https://www.npmjs.com/package/@getactra/actra)\n[![types](https://img.shields.io/npm/types/@getactra/actra)](https://www.npmjs.com/package/@getactra/actra)\n[![WebAssembly](https://img.shields.io/badge/WebAssembly-supported-purple.svg)](https://webassembly.org/)\n[![Edge Runtime](https://img.shields.io/badge/Edge-ready-black.svg)](https://vercel.com/docs/functions/edge-functions)\n[![Bundle size](https://img.shields.io/bundlephobia/minzip/@getactra/actra)](https://bundlephobia.com/package/@getactra/actra)\n[![ESM](https://img.shields.io/badge/module-ESM-blue.svg)]()\n[![Node](https://img.shields.io/badge/node-%3E%3D18-green.svg)](https://nodejs.org/)\n[![Deno](https://img.shields.io/badge/Deno-supported-black.svg)](https://deno.land/)\n[![Bun](https://img.shields.io/badge/Bun-supported-black.svg)](https://bun.sh/)\n[![Browser](https://img.shields.io/badge/browser-supported-brightgreen.svg)]()\n[![Cloudflare Workers](https://img.shields.io/badge/Cloudflare-Workers-orange.svg)](https://workers.cloudflare.com/)\n[![Vercel Edge](https://img.shields.io/badge/Vercel-Edge-black.svg)](https://vercel.com/)\n[![License](https://img.shields.io/github/license/getactra/actra)](https://github.com/getactra/actra/blob/main/LICENSE)\n\n**Admission Control for Agentic and Automated Systems**\n\n![Actra Policy Enforced](https://img.shields.io/badge/Actra-Policy%20Enforced-16a34a?style=flat-square)\n\nActra introduces **Decision Control** — a runtime layer that evaluates policies **before operations execute**.\n\nIt allows systems to **permit or block actions safely**, preventing unsafe operations triggered by AI agents, APIs \u0026 automation systems\n\nInstead of embedding control logic directly in application code, Actra evaluates **external policies** before state-changing actions run.\n\n## Where Actra applies\n\nActra protects operations in systems such as:\n\n- AI agents\n- APIs and services\n- automation pipelines\n- background workers\n- workflows and schedulers\n\n### Runs Everywhere\n#### SDKs\nPython • JavaScript • CLI\n\n**Server**: Node • Bun • Deno\n**Edge**: Cloudflare Workers • AWS Lambda • Vercel Edge • Netlify Edge • Fastly Compute@Edge\n**Browser**: Web Browsers\n**WASM Runtimes:** Wasmtime • Wasmer\n\n---\n\n## See Actra in Action\n\n![MCP Demo](doc/mcp-demo.gif)\n\n## Try in 30 seconds\n\nRun Actra directly in your browser:\n\n👉 https://actra.dev/playground.html\n\nNo setup required. Uses the real WASM engine.\n\n### An AI agent attempted to call an MCP tool.\n\nActra evaluated policy and **blocked the unsafe operation before execution**.\n\n---\n\n## Why Actra?\n\nModern systems increasingly perform actions automatically:\n\n* AI agents calling tools\n* workflow automation\n* API integrations\n* background jobs\n\nThese systems can trigger **powerful state-changing operations**, such as:\n\n* issuing refunds\n* deleting resources\n* sending payments\n* modifying infrastructure\n\nToday these controls often live inside application code:\n\n```python\nif amount \u003e 1000:\n    raise Exception(\"Refund too large\")\n```\n\nThis creates problems:\n\n* rules duplicated across services\n* difficult to audit behavior\n* policy changes require redeploys\n* automation becomes risky\n\nActra moves these decisions into **deterministic external policies evaluated before actions execute**.\n\n---\n\n## 20-Second Example\n\n```python\n@actra.admit()\ndef refund(amount):\n    ...\n```\n\nThe rule lives in policy:\n\n```yaml\nrules:\n  - id: block_large_refund\n    scope:\n      action: refund\n    when:\n      subject:\n        domain: action\n        field: amount\n      operator: greater_than\n      value:\n        literal: 1000\n    effect: block\n```\n\nResult:\n\n```markdown\nrefund(200)   -\u003e allowed  \nrefund(1500)  -\u003e blocked by policy\n```\n\nActra evaluates the policy **before the function executes** and blocks refunds greater than 1000.\n\n---\n\n## JavaScript Example \n\n\n```javascript\nimport { Actra, ActraRuntime, ActraPolicyError } from \"@getactra/actra\";\n\n// 1. Schema\nconst schema = `\nversion: 1\n\nactions:\n  refund:\n    fields:\n      amount: number\n\nactor:\n  fields:\n    role: string\n\nsnapshot:\n  fields:\n    fraud_flag: boolean\n`;\n\n// 2. Policy\nconst policyYaml = `\nversion: 1\n\nrules:\n  - id: block_large_refund\n    scope:\n      action: refund\n    when:\n      subject:\n        domain: action\n        field: amount\n      operator: greater_than\n      value:\n        literal: 1000\n    effect: block\n`;\n\n// 3. Compile\nconst policy = await Actra.fromStrings(schema, policyYaml);\n\n// 4. Runtime\nconst runtime = new ActraRuntime(policy);\n\n// 5. Context resolvers\nruntime.setActorResolver(() =\u003e ({ role: \"support\" }));\nruntime.setSnapshotResolver(() =\u003e ({ fraud_flag: false }));\n\n// 6. Protect function\nfunction refund(amount) {\n  console.log(\"Refund executed:\", amount);\n}\n\nconst protectedRefund = runtime.admit(\"refund\", refund);\n\n// 7. Execute\nawait protectedRefund(200); // allowed\n\ntry {\n  await protectedRefund(1500); // blocked\n} catch (e) {\n  if (e instanceof ActraPolicyError) {\n    console.log(\"Blocked by policy:\", e.matchedRule);\n  }\n}\n```\n\n## Python Example \n\n```python\nfrom actra import Actra, ActraPolicyError\nfrom actra.runtime import ActraRuntime\n\nschema = \"\"\"...\"\"\"\npolicy_yaml = \"\"\"...\"\"\"\n\npolicy = Actra.from_strings(schema, policy_yaml)\nruntime = ActraRuntime(policy)\n\nruntime.set_actor_resolver(lambda ctx: {\"role\": \"support\"})\nruntime.set_snapshot_resolver(lambda ctx: {\"fraud_flag\": False})\n\n@runtime.admit()\ndef refund(amount: int):\n    print(\"Refund executed:\", amount)\n\nrefund(200)\n\ntry:\n    refund(1500)\nexcept ActraPolicyError as e:\n    print(\"Blocked by policy:\", e.matched_rule)\n```\n\n## Key Concepts\n\nActra evaluates policies using a small set of core concepts.\n\n**Action**  \nThe operation being requested.  \nExample: `refund`, `delete_user`, `deploy_service`.\n\n**Actor**  \nThe identity performing the action (user, service, or agent).\n\n**Snapshot**  \nExternal system state used during evaluation.  \nExample: account status, fraud flags, environment.\n\n**Policy**  \nRules that determine whether an action should be allowed or blocked.\n\n**Governance**  \nOptional policies that control how operational policies themselves can be defined or modified.\n\n**Admission Control**  \nActra evaluates policies **before the action executes**, allowing or blocking the operation.\n\n---\n\n## Governance\n\nActra optionally supports **governance policies**.\n\nGovernance policies validate operational policies at compile time,\nensuring that critical safety rules cannot be removed or weakened.\n\nGovernance can enforce constraints such as:\n\n* requiring specific safety rules to exist\n* preventing unsafe rule patterns\n* limiting the number of certain rule types\n* restricting which fields policies may reference\n* applying constraints only to specific actions\n\nThis allows platform or security teams to enforce **organization-wide\npolicy standards** across services.\n\nGovernance policies operate **above normal admission policies**,\nproviding a control layer that validates policies themselves before\nthey are accepted.\n\n## Installation Python\n\n```bash\npip install actra\n```\n\nSee the **examples/** directory for quick start examples.\n\n## Installation JavaScript\n\nInstall:\n\n```bash\nnpm install @getactra/actra\n```\n\n---\n\n## Architecture\n\nActra evaluates policies **before operations execute**.\n\n```mermaid\nflowchart LR\n\nsubgraph Governance Layer\nG[Governance Policies]\nend\n\nsubgraph Policy Layer\nS[Schema]\nP[Operational Policies]\nend\n\nsubgraph Runtime Layer\nA[Application / Agent / API]\nC[Actra Admission Control]\nR[Runtime Context]\nend\n\nA --\u003e C\nR --\u003e C\n\nS --\u003e C\nP --\u003e C\n\nG --\u003e P\n\nC --\u003e D{Decision}\n\nD --\u003e|Allow| E[Execute Operation]\nD --\u003e|Block| F[Operation Prevented]\n```\n\nSchema defines the structure of actions, actors, and snapshots used during policy evaluation.\n\n---\n\n## Example Use Cases\n\nActra can control many automated operations.\n\n### AI Agents\n\n* restrict tool execution\n* prevent critical infrastructure changes\n* enforce safety policies\n\n### APIs\n\n* block large refunds\n* prevent destructive operations\n* enforce safety checks\n\n### Automation\n\n* enforce workflow rules\n* restrict financial operations\n* require approval thresholds\n\n### Infrastructure\n\n* prevent destructive changes\n* enforce safe deployment policies\n\n---\n\n## Actra Platform Support\n\nActra runs across **server, edge, and browser environments**.\n\n### SDKs and Engines.\n\n| SDK/Engine              |  Status    |\n| ---------------------- | ------------------- | \n| Rust Core Engine       | Available (Publishing Pending) |\n| Python SDK             | Available |\n| JavaScript Runtime SDK | Available       |\n| JavaScript Browser SDK | Available     |\n| Go SDK                 | Planned |\n\n### JavaScript Runtime Compatibility\n\n| Runtime            | Status  |\n| ------------------ | --------|\n| Node.js            | Available |\n| Bun                | Available |\n| Cloudflare Workers | Available |\n| AWS Lambda         | Available |\n| Web Browsers       | Available |\n| Deno                   | Available |\n| Fastly Compute@Edge    | Available |\n| Vercel Edge Runtime    | Available |\n| Netlify Edge Functions | Available |\n\n### Native WebAssembly Runtime Targets\n\n| Runtime  | Status  |\n| -------- | ------- |\n| Wasmtime | Planned |\n| Wasmer   | Planned |\n\n\n---\n\n## Actra vs OPA vs Cedar\n\n| Feature | Actra | OPA | Cedar |\n|-------|------|-----|------|\n| Primary purpose | Decision control for operations | General policy engine | Authorization policy language |\n| Evaluation timing | **Before executing actions** | Usually request-time decisions | Authorization decisions |\n| Integration model | Function / action enforcement | API / sidecar / middleware | Service authorization |\n| Policy style | Structured YAML rules | Rego language | Cedar language |\n| Governance support | **Built-in policy governance** | External tooling | Limited |\n| Determinism focus | Strong | Moderate | Strong |\n| Target systems | Agents, automation, APIs | Infrastructure, Kubernetes | Application authorization |\n| Typical use case | Control automated operations | Policy enforcement in infra | Access control |\n\n### Positioning\n\nActra focuses on **controlling actions before they execute**, especially in automated or agent-driven systems.\n\nOPA and Cedar focus primarily on **authorization decisions**, such as:\n\n* “Can user X access resource Y?”\n\nActra focuses on **admission control for mutations**, such as:\n\n* Should this refund execute?\n* Should an agent run this tool?\n* Should this workflow step proceed?\n\nActra also supports **governance policies**, which validate operational policies at compile time to ensure safety rules cannot be removed or weakened.\n\n### Example Scenarios\n\n| Scenario | Best Tool |\n|--------|----------|\n| Can a user access a document? | Cedar |\n| Can a service access an API? | OPA |\n| Should an automated system execute an operation? | Actra |\n| Should policies themselves follow safety standards? | Actra |\n\n\n---\n\n## Documentation\n\nFull documentation available at https://docs.actra.dev\n\n---\n\n## License\n\nApache 2.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgetactra%2Factra","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgetactra%2Factra","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgetactra%2Factra/lists"}