Zero-Trust Core

Identity-first access control and continuous verification.

Operational quickstart

Pick an IdP (OIDC) and map roles/groups to admin/analyst/viewer.
Define assets + trust boundaries (apps, data, admin surfaces, SOC tooling).
Turn policies into decisions (allow/deny) + always emit audit evidence.
Enforce phishing-resistant MFA and session security (short TTL + re-auth for risky actions).

This build includes a minimal policy engine + audit endpoints to validate end-to-end wiring.

Try realistic inputs and see an allow/deny decision. This calls the platform API.

Subject id

Roles (comma separated)

Resource type

Resource id

Action

Tip: give the subject the admin role to see a broader allow decision.

Replace the stub decision logic with OPA / Cedar or your in-house policy engine.
Persist audit + alerts to a durable store (Postgres) with retention/immutability requirements.
Add device posture signals (MDM/EDR) and conditional access.
Integrate SIEM/SOAR and ticketing for incident workflows.