Skip to content

Commit 97b5206

Browse files
authored
docs(cedar-authorization): add Python examples to Cedar docs page (strands-agents#2828)
1 parent 5486b23 commit 97b5206

3 files changed

Lines changed: 445 additions & 15 deletions

File tree

site/src/content/docs/user-guide/concepts/agents/interventions/cedar-authorization.mdx

Lines changed: 112 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,14 @@
11
---
22
title: Cedar Authorization
33
description: "Control which tools an agent can invoke using Cedar policies. Enforce identity-aware access control, role-based permissions, and rate limits at the tool-call boundary."
4-
languages: [typescript]
54
tags: [safety, interventions, tool-execution]
65
sidebar:
76
badge:
87
text: New
98
variant: tip
109
---
1110

12-
Cedar Authorization evaluates [Cedar](https://cedarpolicy.com) policies before each tool call, giving you declarative, identity-aware access control over agent behavior. It ships as a vended intervention in the TypeScript SDK.
11+
Cedar Authorization evaluates [Cedar](https://cedarpolicy.com) policies before each tool call, giving you declarative, identity-aware access control over agent behavior. It ships as a vended intervention handler in both the Python and TypeScript SDKs.
1312

1413
## How it works
1514

@@ -29,81 +28,158 @@ The design is fail-closed: if principal identity cannot be resolved, all tool ca
2928

3029
Permit specific tools and deny everything else:
3130

31+
<Tabs>
32+
<Tab label="Python">
33+
34+
```python
35+
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization.py:basic_example"
36+
```
37+
</Tab>
38+
<Tab label="TypeScript">
39+
3240
```typescript
3341
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization_imports.ts:basic_example_imports"
3442

3543
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization.ts:basic_example"
3644
```
45+
</Tab>
46+
</Tabs>
3747

3848
Cedar uses default-deny semantics. Tools without a matching `permit` statement are automatically blocked.
3949

4050
## Role-based access control
4151

42-
For multi-tenant agents where each request carries user identity, use `principalResolver` to extract the principal from `invocationState` and `contextEnricher` to forward role information into Cedar context:
52+
For multi-tenant agents where each request carries user identity, use <Syntax py="principal_resolver" ts="principalResolver" /> to extract the principal from <Syntax py="invocation_state" ts="invocationState" /> and <Syntax py="context_enricher" ts="contextEnricher" /> to forward role information into Cedar context:
53+
54+
<Tabs>
55+
<Tab label="Python">
56+
57+
```python
58+
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization.py:role_based"
59+
```
60+
</Tab>
61+
<Tab label="TypeScript">
4362

4463
```typescript
4564
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization_imports.ts:role_based_imports"
4665

4766
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization.ts:role_based"
4867
```
68+
</Tab>
69+
</Tabs>
4970

50-
When `principalResolver` returns `undefined` (no identity found), the handler denies all tool calls for that request.
71+
When <Syntax py="principal_resolver" ts="principalResolver" /> returns <Syntax py="None" ts="undefined" /> (no identity found), the handler denies all tool calls for that request.
5172

5273
## Rate limiting
5374

5475
Cedar policies can reference `context.session.call_count`, which tracks how many times each tool has been invoked successfully during the session:
5576

77+
<Tabs>
78+
<Tab label="Python">
79+
80+
```python
81+
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization.py:rate_limit"
82+
```
83+
</Tab>
84+
<Tab label="TypeScript">
85+
5686
```typescript
5787
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization_imports.ts:rate_limit_imports"
5888

5989
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization.ts:rate_limit"
6090
```
91+
</Tab>
92+
</Tabs>
6193

62-
Call counts persist with the agent's `appState` and survive session reloads. Only successful tool calls increment the counter.
94+
Call counts persist with the agent's state and survive session reloads. Only successful tool calls increment the counter.
6395

6496
## Schema validation
6597

66-
Pass your `tools` array to catch policy typos at construction time. The handler generates a Cedar schema from tool definitions and validates policies against it:
98+
Pass your tool definitions to catch policy typos at construction time. The handler generates a Cedar schema from tool definitions and validates policies against it:
99+
100+
<Tabs>
101+
<Tab label="Python">
102+
103+
```python
104+
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization.py:schema_validation"
105+
```
106+
</Tab>
107+
<Tab label="TypeScript">
67108

68109
```typescript
69110
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization_imports.ts:schema_validation_imports"
70111

71112
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization.ts:schema_validation"
72113
```
114+
</Tab>
115+
</Tabs>
73116

74-
Schema validation integrates with the [`cedar-for-agents`](https://github.com/cedar-policy/cedar-for-agents) ecosystem via `@cedar-policy/mcp-schema-generator-wasm`.
117+
Schema validation integrates with the [`cedar-for-agents`](https://github.com/cedar-policy/cedar-for-agents) ecosystem via `@cedar-policy/mcp-schema-generator-wasm` (TypeScript) and `cedar-policy-mcp-schema-generator` (Python).
75118

76119
## Environment gating
77120

78-
Block tools based on deployment context by forwarding environment metadata through `contextEnricher`:
121+
Block tools based on deployment context by forwarding environment metadata through <Syntax py="context_enricher" ts="contextEnricher" />:
122+
123+
<Tabs>
124+
<Tab label="Python">
125+
126+
```python
127+
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization.py:env_gating"
128+
```
129+
</Tab>
130+
<Tab label="TypeScript">
79131

80132
```typescript
81133
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization_imports.ts:env_gating_imports"
82134

83135
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization.ts:env_gating"
84136
```
137+
</Tab>
138+
</Tabs>
85139

86140
## File-based policies
87141

88142
For production deployments, keep policies in `.cedar` files rather than inline strings:
89143

144+
<Tabs>
145+
<Tab label="Python">
146+
147+
```python
148+
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization.py:file_policies"
149+
```
150+
</Tab>
151+
<Tab label="TypeScript">
152+
90153
```typescript
91154
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization_imports.ts:file_policies_imports"
92155

93156
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization.ts:file_policies"
94157
```
158+
</Tab>
159+
</Tabs>
95160

96161
The handler reads and parses files at construction time. Invalid syntax throws immediately.
97162

98163
## Hot reload
99164

100165
Update policies without restarting your agent process:
101166

167+
<Tabs>
168+
<Tab label="Python">
169+
170+
```python
171+
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization.py:hot_reload"
172+
```
173+
</Tab>
174+
<Tab label="TypeScript">
175+
102176
```typescript
103177
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization_imports.ts:hot_reload_imports"
104178

105179
--8<-- "user-guide/concepts/agents/interventions/cedar-authorization.ts:hot_reload"
106180
```
181+
</Tab>
182+
</Tabs>
107183

108184
`reload()` reads fresh policy, entity, and schema files, validates them, and atomically swaps the active policy set. If validation fails, the previous policies remain in effect and the method throws.
109185

@@ -125,15 +201,38 @@ Every authorization request includes a structured context object:
125201
- `context.input` contains the tool's input arguments, accessible in policies via `context.input.fieldName`
126202
- `context.session.hour_utc` is auto-populated with the current UTC hour (0-23)
127203
- `context.session.call_count` tracks per-tool invocation count
128-
- Additional `context.session` fields come from your `contextEnricher`
204+
- Additional `context.session` fields come from your <Syntax py="context_enricher" ts="contextEnricher" />
129205

130206
## Error handling
131207

132-
The `onError` option controls behavior when Cedar evaluation itself fails (malformed context, WASM errors):
208+
Cedar engine failures (malformed policies, evaluation errors) are always fail-closed: the tool call is denied regardless of configuration.
209+
210+
The <Syntax py="on_error" ts="onError" /> option controls what happens when your user-supplied callbacks (<Syntax py="principal_resolver" ts="principalResolver" /> or <Syntax py="context_enricher" ts="contextEnricher" />) raise an exception:
211+
212+
- `'throw'` (default): re-raises the exception to the caller
213+
- `'deny'`: treats the callback failure as a denial (fail-closed)
214+
- `'proceed'`: allows the tool call despite the callback error (fail-open, use with caution)
215+
216+
## Installation
217+
218+
<Tabs>
219+
<Tab label="Python">
220+
221+
```bash
222+
pip install strands-agents[cedar]
223+
```
224+
225+
Requires `cedarpy` and `cedar-policy-mcp-schema-generator` (installed automatically with the extra).
226+
</Tab>
227+
<Tab label="TypeScript">
228+
229+
```bash
230+
npm install @strands-agents/sdk
231+
```
133232

134-
- `'throw'` (default): raises the error to the caller
135-
- `'deny'`: treats evaluation failure as a denial (fail-closed)
136-
- `'proceed'`: allows the tool call despite the error (fail-open, use with caution)
233+
Cedar support is included in the core package via `@cedar-policy/mcp-schema-generator-wasm`.
234+
</Tab>
235+
</Tabs>
137236

138237
## Cedar policy syntax
139238

0 commit comments

Comments
 (0)