Guides

Step-by-step guides for common authorization patterns. Each guide includes working code, policies, and a runnable demo.

Engine Comparison

SAPL vs Cedar, OPA, OpenFGA, and Cerbos. Feature tables, integration depth, and evaluation latency benchmarks from the Cedar OOPSLA 2024 scenarios.

Performance

Throughput, latency, and scaling benchmarks. 2M decisions/sec over RSocket, 35 microsecond latency, near-constant scaling to 10,000 policies. JVM and native image compared.

Spring Security

Secure a Spring Boot application with attribute-based access control. Method-level enforcement with @PreEnforce and @PostEnforce, embedded PDP, reactive policies.

RAG Pipeline

Document-level access control in retrieval-augmented generation. Filter and redact retrieved content before it reaches the LLM.

AI Tool Authorization

Per-tool authorization for Spring AI applications. Control which tools agents can call and transform tool responses.

Human-in-the-Loop

Policy-driven approval workflows for sensitive AI operations. The policy decides when human confirmation is needed.

MCP Server Authorization

Authorize MCP tool calls, resources, and prompts inside MCP servers.

Streaming Authorization

Authorization decisions that update in real time. PIPs stream live data, the PDP re-evaluates, and the PEP adapts the data flow without reconnection.

Policy Testing

Test your policies like you test your code. A dedicated test DSL validates decisions, obligations, and streaming behavior with coverage reports and quality gates.

Data-Level Security

Policies that reshape data, not just allow or deny. Modify method arguments before execution, filter collections, blacken fields, and rewrite database queries. Works across Spring, Python, NestJS, MCP, and AI tool calls.

Policy Operations

Ship policies like you ship code. Git versioning, automated testing with coverage gates, Ed25519 bundle signing, remote polling, Prometheus metrics, structured logging.

Multi-Framework

Same policies, same behavior, any stack. Spring, Flask, FastAPI, Django, Tornado, NestJS, and .NET all pass the same 28-endpoint test suite.