Runtime enforcement boundary for AI agents: a local sidecar that gates every outbound call against Cedar policies you own. Deterministic, call-level, no model on the hot path

Open-source infrastructure for groups of AI agents — identity, capability, accountability, and norms. Framework-agnostic.

MCP server for Cedar policy language - validate, authorize, diff, and plan policy changes for Amazon Verified Permissions from your AI assistant.

Apache-2.0 licensed lightweight agent sandbox: Cedar policy + Ed25519-signed receipts in one Rust binary. Design-partner preview.

Open-source AI agent governance kernel — cryptographic audit trails, consent-checked data access, and verifiable decision records.

Cedar for .NET — a C#/.NET port of the Cedar Java bindings, enabling .NET applications to parse, validate, format, convert, and evaluate Cedar policies using the native Cedar engine.

Policy platform for AI agents: Cedar policy over network, filesystem, and process access. Container sandboxing with observe-then-enforce workflow.

Experimental governance ideas for autonomous AI agents — captcha, permit, mesh, eval, memory.

OpenAgentTrustStack (OATS) Specification

Desktop runtime for humans and AI agents to share live coding sessions. Multi-provider agent orchestration (Claude/Codex), policy-gated approvals (Cedar), human-in-the-loop interventions, multi-agent channels, worktree-isolated execution, dual-signed cross-node dispatch, E2E-encrypted relay. TypeScript daemon + tRPC + Electron/CLI clients.

Policy-gated data excavation for AI agents on Amazon Bedrock AgentCore. Cedar + Bedrock Guardrails enforce cost limits, PII protection, and read-only access across Athena, OpenSearch, S3, and MCP. Apache 2.0 CDK reference architecture.

A secure-by-default database

The Zero-Trust Action Hub is a standalone, Zero-Trust Policy Decision Point (PDP) designed for autonomous AI agent ecosystems. It enforces cryptographic governance over high-risk agent actions using AWS Cedar policies and Ed25519 digital signatures, requiring agents to collect and present cryptographic proofs from trusted external microservices.

Self-hosted JavaScript authentication library for AWS Cognito with WebAuthn/Passkey support. Rust Token Handler backend with Cedar authorization.

Reusable Cedar policy templates for agent action receipt verification. Interoperable with the Cedar policy engine and cedar for agents.