{"id":13457896,"url":"https://github.com/permitio/cedar-agent","last_synced_at":"2025-09-13T03:48:28.659Z","repository":{"id":163568070,"uuid":"639022586","full_name":"permitio/cedar-agent","owner":"permitio","description":"Cedar-agent is the easiest way to deploy and run Cedar","archived":false,"fork":false,"pushed_at":"2025-07-15T20:37:24.000Z","size":151,"stargazers_count":176,"open_issues_count":7,"forks_count":16,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-09-05T22:02:27.302Z","etag":null,"topics":["cedar","opal","open-policy","policy-as-code"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/permitio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-05-10T15:36:23.000Z","updated_at":"2025-09-01T17:43:16.000Z","dependencies_parsed_at":"2023-05-26T00:00:18.064Z","dependency_job_id":"58c8f352-b59a-4aa9-854e-349ecc953cb4","html_url":"https://github.com/permitio/cedar-agent","commit_stats":null,"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/permitio/cedar-agent","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/permitio%2Fcedar-agent","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/permitio%2Fcedar-agent/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/permitio%2Fcedar-agent/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/permitio%2Fcedar-agent/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/permitio","download_url":"https://codeload.github.com/permitio/cedar-agent/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/permitio%2Fcedar-agent/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273934932,"owners_count":25193841,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-06T02:00:13.247Z","response_time":2576,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cedar","opal","open-policy","policy-as-code"],"created_at":"2024-07-31T09:00:39.156Z","updated_at":"2025-09-13T03:48:28.492Z","avatar_url":"https://github.com/permitio.png","language":"Rust","funding_links":[],"categories":["Uncategorized","Deploy and Run Cedar"],"sub_categories":["Uncategorized"],"readme":"\u003ch1 style=\"text-align: center;\"\u003e\nCedar Agent\n\u003c/h1\u003e\n\n[![Current Crates.io Version](https://img.shields.io/crates/v/cedar-agent.svg)](https://crates.io/crates/cedar-agent)\n[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n\n## What is Cedar-Agent?\n\nCedar-Agent is an HTTP server designed to efficiently manage a policy store and a data store.\nIt provides a seamless integration with [Cedar](https://www.cedarpolicy.com/en), a language for defining permissions as\npolicies.  \nWith Cedar-Agent, you can easily control and monitor access to your application's resources by leveraging Cedar\npolicies.\nIf you are not familiar with Cedar, we encourage you to visit the [Cedar website](https://www.cedarpolicy.com/en)\nand [playground](https://www.cedarpolicy.com/en/playground) to learn more about it.\n\nLearn more reading these blog posts:\n- [Policy as Code: OPA's Rego vs. AWS Cedar](https://www.permit.io/blog/opa-vs-cedar)\n- [Open-Sourcing AWS Cedar is a Gamechanger for IAM](https://www.permit.io/blog/oss-aws-cedar-is-a-gamechanger-for-iam)\n\n### Policy Store Management\n\nCedar-Agent includes a store that allows you to create, retrieve, update, and delete policies.\nThese policies define who should have access to what resources within your application.\nThe policy store provides a centralized and flexible way to manage permissions, enabling fine-grained control over user\naccess.  \nFeatured Policy Stores :\n\n- [x] In-Memory\n- [ ] Redis\n\n### Data Store Management\n\nIn addition to the policy store, Cedar-Agent also provides an in-memory data store. This data store allows you to store\nand manage your application's data efficiently. By integrating the data store with Cedar-Agent, you can perform\nauthorized checks on the stored data based on incoming HTTP requests.  \nFeatured Data Stores :\n\n- [x] In-Memory\n- [ ] Redis\n\n### Schema Store Management\n\nCedar-Agent support storing custom schemas, which hold the shape of your data types and actions. Utilising the schema\nstore enables you to create a strict definition of all the objects used by your application. Cedar-Agent will validate\nall your policies and data against this schema.\nFeatured Polict Stores :\n\n- [x] In-Memory\n- [ ] Redis\n\n### Authorization Checks\n\nOne of the key features of Cedar-Agent is its ability to perform authorization checks on stored policies and data.  \nBy evaluating the Cedar policies, Cedar-Agent ensures that each user's access is restricted to the resources they are\npermitted to access.  \nAuthorization checks are performed based on the incoming HTTP requests, providing an easy-to-use robust and secure\nmechanism for controlling access to your application.\n\nCedar-Agent offers a comprehensive solution for managing policies, data, and authorization checks within your\napplication. With its seamless integration with Cedar and its robust HTTP server capabilities, Cedar-Agent empowers you\nto enforce fine-grained access control and protect your resources effectively.\n\n## How to Use\n\nTo use Cedar-Agent, follow the steps below:\n\n### Prerequisites\n\nBefore proceeding, ensure that you have Rust and Cargo installed on your system. If you don't have them installed, you\ncan visit the official [Rust installation page](https://www.rust-lang.org/tools/install) and follow the instructions\nspecific to your operating system.\n\n### Clone the Repository\n\nStart by cloning the Cedar-Agent repository to your local machine:\n\n```shell\ngit clone https://github.com/permitio/cedar-agent.git\ncd cedar-agent\n```\n\n### Build\n\nTo build Cedar-Agent, use the following command:\n\n```shell\ncargo build\n```\n\n### Configuration\n\nCedar Agent configuration is available using environment variables and command line arguments.\n\n- The port on which the Cedar Agent will listen for incoming HTTP requests. Defaults to `8180`.  \n  `CEDAR_AGENT_PORT` environment variable.  \n  `--port`, `-p` command line argument.\n- Authentication token to enforce using the `Authorization` header. Defaults to `None`.  \n  `CEDAR_AGENT_AUTHENTICATION` environment variable.  \n  `--authentication`, `-a` command line argument.\n- The address of the HTTP server. Defaults to `127.0.0.1`.  \n  `CEDAR_AGENT_ADDR` environment variable.  \n  `--addr` command line argument.\n- The log level to filter logs. Defaults to `info`.  \n  `CEDAR_AGENT_LOG_LEVEL` environment variable.  \n  `--log-level`, `-l` command line argument.\n- Load schema from json file. Defaults to `None`.  \n  `CEDAR_AGENT_SCHEMA` environment variable.\n  `--schema`, `-s` command line argument.\n- Load data from json file. Defaults to `None`.  \n  `CEDAR_AGENT_DATA` environment variable.\n  `--data`, `-d` command line argument.\n- Load policies from json file. Defaults to `None`.\n  `CEDAR_AGENT_POLICIES` environment variable.\n  `--policies` command line argument.\n\n**command line arguments take precedence over environment variables when configuring the Cedar Agent**\n\n### Run\n\nThere are several ways to run the Cedar Agent\n\n#### Run with cargo\n\nTo run Cedar-Agent, use the following command:\n\n```shell\ncargo run\n```\n\nto add any arguments to the command append them after `--`, for example:\n\n```shell\ncargo run -- --port 8080\n```\n\n#### Run the binary\n\nTo run the binary, make sure you've done the [build step](#build), and run this command:\n\n```shell\n./target/debug/cedar-agent\n```\n\nTo check the arguments you can pass to the binary, run:\n\n```shell\n./target/debug/cedar-agent --help\n```\n\n#### Run with docker\n\nTo execute the Cedar Agent docker image, use the following command:\n\n```shell\ndocker run -p 8180:8180 permitio/cedar-agent\n```\n\n### Test\n\nTo test Cedar-Agent, use the following command:\n\n```shell\ncargo test\n```\n\n### API Endpoints\n\nAfter running Cedar-Agent, the application provides comprehensive API documentation and endpoint schema\nusing Rapidoc and Swagger UI, that you can access through the following routes:\n\n- http://localhost:8180/rapidoc: Visit this route in your web browser to explore the interactive API\n  documentation powered by the Rapidoc tool. It provides detailed information about each endpoint,\n  including their parameters,\n  request bodies, and response structures.\n- http://localhost:8180/swagger-ui: Access this route to interact with the Swagger UI,\n  which offers a user-friendly interface to browse the API endpoints.\n  It presents a visual representation of the available routes, along with their descriptions,\n  request and response schemas, and example requests.\n\n### Quickstart\n\n1. [Run the Cedar Agent](#run)\n2. Store schema using this command:\n\n    ```shell\n    curl -X PUT -H \"Content-Type: application/json\" -d @./examples/schema.json http://localhost:8180/v1/schema\n    ```\n\n3. Store policy using this command:\n\n    ```shell\n    curl -X PUT -H \"Content-Type: application/json\" -d @./examples/policies.json http://localhost:8180/v1/policies\n    ```\n\n4. Store data using this command:\n\n    ```shell\n    curl -X PUT -H \"Content-Type: application/json\" -d @./examples/data.json http://localhost:8180/v1/data\n    ```\n\n5. Perform IsAuthorized check using this command:\n\n    ```shell\n    curl -X POST -H \"Content-Type: application/json\" -d @./examples/allowed_authorization_query.json http://localhost:8180/v1/is_authorized\n    ```\n\n   The response is:\n\n    ```json\n    {\n      \"decision\": \"Allow\",\n      \"diagnostics\": {\n        \"reason\": [\n          \"admins-policy\"\n        ],\n        \"errors\": []\n      }\n    }\n    ```\n   As you can see the user is allowed to access the resource because policy id `admins-policy` permits it.  \n   Check for a user that is not allowed to access the resource:\n\n    ```shell\n   curl -X POST -H \"Content-Type: application/json\" -d @./examples/denied_authorization_query.json http://localhost:8180/v1/is_authorized\n    ```\n\n   The response is:\n\n    ```json\n   {\n    \"decision\": \"Deny\",\n    \"diagnostics\": {\n      \"reason\": [],\n      \"errors\": []\n      }\n    }\n    ```\n   As you can see the user is denied access to the resource because no policy allows this request.\n\n**For more details about the performed requests you can check the [examples directory](examples)**\n\n## Run Cedar-agents at scale with OPAL\nWant to run multiple Cedar-agents and have them loaded with the data and policeis you need? Try [OPAL](https://github.com/permitio/opal).\nOPAL (Open Policy Administration Layer) is a sister project to Cedar-Agent, which has become the de-facto way to manage policy agents (including others like OPA) at scale.\nCheck out the [tutorial for Cedar+OPAL in the OPAL docs](https://docs.opal.ac/tutorials/cedar).\n\n## Community\n\nCome talk to us about Cedar Agent, or authorization in general - we would love to hear from you ❤️\n\nYou can raise questions and ask for features to be added to the road-map in our [**GitHub\ndiscussions**](https://github.com/permitio/cedar-agent/discussions),\nreport issues in [**GitHub issues**](https://github.com/permitio/cedar-agent/issues),\njoin our Slack community to chat about authorization, open-source, realtime communication, tech, or anything else!\n\nIf you are using our project, please consider giving us a ⭐️\n\n[![Button][join-slack-link]][badge-slack-link]\n\n## Contributing\n\nIf you encounter any issues or have suggestions for improvement, please open\nan [issue](https://github.com/permitio/cedar-agent/issues), on the Cedar-Agent GitHub repository to get assistance from\nthe community.\n\n- Pull requests are welcome! (please make sure to include passing tests and docs)\n- Prior to submitting a PR - open an issue on GitHub, or make sure your PR addresses an existing issue well.\n\n[join-slack-link]: https://i.ibb.co/wzrGHQL/Group-749.png\n\n[badge-slack-link]: https://io.permit.io/opalcommunity\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpermitio%2Fcedar-agent","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpermitio%2Fcedar-agent","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpermitio%2Fcedar-agent/lists"}