Copied to Clipboard
Drop a Cedar policy in policies/ and pass --policy-dir policies to
the server:
permit (
principal == Spiffe::"spiffe://omega.local/example/web",
action == Action::"GET",
resource == HttpPath::"/api/foo"
);
Re-run the curl and the response flips to
{"decision":true,"reasons":["policy0"]}. Tear it down with make
docker-down.
How the audit log stays tamper-evident
Every write goes through one append path that computes a row hash from
the previous row's hash plus this row's content
(internal/server/storage/audit.go):
// hash = sha256(seq | ts_nano | kind | actor | subject | decision | payload | prev_hash)
h := sha256.New()
fmt.Fprintf(h, "%d|%d|%s|%s|%s|%s|", ev.Seq, ev.Ts.UnixNano(),
ev.Kind, ev.Actor, ev.Subject, ev.Decision)
h.Write([]byte(ev.Payload))
h.Write([]byte("|"))
h.Write([]byte(ev.PrevHash))
AppendAudit is serialized through a single mutex so the
prev_hash lookup and the INSERT cannot interleave. A Verify walk
re-computes every row and reports the first mismatched seq, so any
deletion or in-place edit shows up the next time you scan.
AI agent delegation example
The examples/mcp-a2a-delegation/ directory shows how a human, a
coordinator agent, and a sub-agent chain through Omega. Each hop calls
POST /v1/token/exchange, which mints a new JWT-SVID whose act claim
is the previous token's subject. After two hops the leaf token looks
like:
{"sub":"spiffe://omega.local/agents/claude-code/github-tool","act":{"sub":"spiffe://omega.local/agents/claude-code","act":{"sub":"spiffe://omega.local/humans/alice"}}}
The tool-server verifies the leaf with the omega JWKS, checks the
audience, and walks the act chain. With
--enforce-token-exchange-policy the Cedar policy gets the final say
on whether each exchange is allowed, and every decision lands in the
audit log.
This is a reference example today, not an in-tree library.
What comes next
Three things have to land before the project moves off v0.0.x:
-
OmegaIdentity CRD plus operator-to-control-plane mTLS.
- SPIFFE federation bundle authenticity (peer mTLS plus first-time pin) and JWKS federation.
- An OIDC IdP federation adapter, AWS first.
PQC (ML-DSA / ML-KEM) and a CSI driver are deliberately later. CRL and
OCSP are not on the list at all; short-lived SVIDs plus rotation is
the revocation story. Detailed non-goals (secrets storage, end-user
login UI, service-mesh data plane, SIEM, agent runtime) live in
docs/non-goals.md.
Try it
If you have spent an evening stitching SPIRE to OPA to Keycloak to
Loki, please clone it, run make docker-up, and tell me where it
breaks.