Back to browse
GitHub Repository

Fail-closed authorization gateway for agentic RAG — capability-label pushdown, deny-aware barriers, per-turn agent-context revalidation.

3 starsPython

Warden – authorization gateway for agentic RAG

by geminimir·Jul 18, 2026·2 points·0 comments

AI Analysis

●●●BangerBig BrainWizardryNiche Gem

Solves the O(N) permission filter problem by pushing capability labels directly into the vector index.

Strengths
  • Pushes capability labels as integer predicates into the ANN search, keeping query complexity O(1).
  • Implements a strict fail-closed security boundary separate from the performance-optimized pre-filter.
  • Revalidates agent context before every model call to catch revocations mid-session.
Weaknesses
  • Tightly coupled to specific vector database capabilities for label overlap predicates.
  • Complexity may be overkill for single-tenant applications or simple role-based access.
Category
Target Audience

AI engineers building RAG systems for enterprise or multi-tenant environments

Similar To

SpiceDB · OpenFGA · Permit.io

Similar Projects

Security●●●Banger

VellaVeto — blocks unsafe MCP tool calls by default

Fail-closed MCP gateway with formal verification and MCPSEC benchmark suite.

Big BrainWizardryZero to One
paolovella
213mo ago
Security●●Solid

Gait – because "what did the AI agent do?" shouldn't require guesswork

Turns every agent run into a verifiable artifact you can inspect offline, replay deterministically, and promote into a CI gate with one command. The combo of signed packs (Ed25519 + SHA-256), structural pack diffs, and a 'regress bootstrap' that produces JUnit fixtures is a pragmatic approach to taming tool-call side effects without replacing your agents. The repo ships demos, docs, and install scripts so this feels like a usable infra tool rather than a paper design.

Niche GemWizardry
davidresilify
105mo ago