Keyrunes/Keyrunes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
No description
84 commits 1 branch 0 tags 446 KiB
  • Rust 85%
  • HTML 12%
  • Makefile 1.3%
  • Shell 0.9%
  • PLpgSQL 0.5%
  • Other 0.3%
Find a file
Exact
Jonatas Oliveira 6619a57869
Some checks failed
CI / Lint (push) Has been cancelled
Details
CI / Formatting (push) Has been cancelled
Details
CI / Audit (push) Has been cancelled
Details
CI / Test (push) Has been cancelled
Details
trigger deploy
2026-05-18 11:00:27 +02:00
.cargo chore: update dependencies and resolve 5 security advisories 2026-04-28 16:35:03 +02:00
.github/workflows chore(ci): fix audit exemptions and code formatting 2026-04-28 14:35:31 +02:00
.sqlx build: prepare queries offline to docker image and fix tests 2026-01-02 16:06:22 +01:00
.woodpecker fix: fix delete users 2026-03-10 07:58:06 +01:00
hurl feat(test): add Goose stress test infrastructure with 3 scenarios 2026-04-28 17:32:35 +02:00
migrations fix: problem with register new users with default groups 2026-02-27 10:32:08 +01:00
scripts feat: add multi tenant support and organizations 2025-12-31 21:55:08 +01:00
src chore(ci): fix audit exemptions and code formatting 2026-04-28 14:35:31 +02:00
templates feat: add multi tenant with support to multi schemas in database, refactor api, cli and views for this format 2026-01-02 15:26:09 +01:00
tests chore(tests): remove hurl files from cargo tests directory 2026-04-28 18:45:55 +02:00
.env-example feat: add multi tenant with support to multi schemas in database, refactor api, cli and views for this format 2026-01-02 15:26:09 +01:00
.gitignore build: fix clippy errors 2025-11-27 14:06:12 +01:00
.pre-commit-config.yaml build: add config for build in dokku 2026-02-09 20:29:53 +01:00
app.json chore: fix app.json for dokku 2026-02-27 10:47:55 +01:00
Cargo.lock fix: bump lettre to 0.11.22 (RUSTSEC-2026-0141) 2026-05-16 16:18:06 +02:00
Cargo.toml build: update libraries 2026-05-16 16:04:10 +02:00
CHANGELOG.md build: update libraries 2026-05-16 16:04:10 +02:00
cliff.toml chore: add changelogs 2025-12-31 21:58:25 +01:00
CODE_OF_CONDUCT.md doc: add code of conduct 2025-10-01 14:33:10 +02:00
CONTRIBUTING.md fix: resolved comments 2025-10-22 16:35:47 +00:00
deploy-trigger.txt trigger deploy 2026-05-18 11:00:27 +02:00
docker-compose-full.yml feat: add multi tenant support and organizations 2025-12-31 21:55:08 +01:00
docker-compose-prod-example.yml build: fix clippy errors 2025-11-27 14:06:12 +01:00
docker-compose.yml feat: add multi tenant with support to multi schemas in database, refactor api, cli and views for this format 2026-01-02 15:26:09 +01:00
Dockerfile build: prepare queries offline to docker image and fix tests 2026-01-02 16:06:22 +01:00
hurl.env Updates: 2025-10-02 15:27:43 +01:00
LICENSE Initial commit 2025-06-02 08:35:28 +02:00
Makefile feat(test): add Goose stress test infrastructure with 3 scenarios 2026-04-28 17:32:35 +02:00
Procfile build: add config for build in dokku 2026-02-27 10:32:08 +01:00
README.md feat: add multi tenant with support to multi schemas in database, refactor api, cli and views for this format 2026-01-02 15:26:09 +01:00
start_server.sh feat: add multi tenant with support to multi schemas in database, refactor api, cli and views for this format 2026-01-02 15:26:09 +01:00

README.md

🛡️ KeyRunes — Modern Access Control Engine in Rust

CI

KeyRunes is a high-performance, extensible authorization system designed to compete with and surpass traditional solutions like Keycloak. It brings together advanced access control models such as RBAC, ABAC, ReBAC, and PBAC, while offering a great developer experience and enterprise-grade scalability.

Built for Rust. Inspired by RPG systems. Designed for security-critical platforms.

⚙️ Built for Rust. Inspired by RPG systems. Designed for security-critical platforms.

Key Features

Advanced Authorization Models

  • RBAC (Role-Based Access Control): Global (realm) and per-client roles, including role composition.
  • ABAC (Attribute-Based Access Control): Policies based on dynamic user/environment attributes (e.g. time, department, device).
  • ReBAC (Relationship-Based Access Control): Authorization through graph-based relationships (e.g. ownership, collaboration).
  • PBAC (Policy-Based Access Control): Combine RBAC + ABAC in unified policies.

Scalability & Performance

  • Lightweight Policy Decision Point (PDP) with <10ms latency at enterprise scale.
  • Optional in-process or external microservice deployment.
  • Distributed cache support to reduce calls to external sources (e.g. Keycloak/LDAP).

Developer Experience

  • Policy-as-Code using YAML or Rego, versionable via Git.
  • CI/CD-ready: Run automated tests for policies.
  • Simulate access decisions before deployment with a rich UI.
  • SDKs (planned) for Rust, Java, Go, and Python for seamless integration.

Audit & Compliance

  • Complete decision logs with metadata (timestamp, policy, attributes).
  • Automated rollback for failed policies in production.
  • Compliance reports for standards like HIPAA and PCI.

Integration & Extensibility

  • Federate identities from Keycloak, Okta and others via OIDC.
  • Map custom IdP attributes into policies.
  • Webhook support for access denial events.
  • Plugin system for sourcing attributes from internal systems (CRM, HR).

Multi-Tenant Support

  • Isolated policies and data per tenant.
  • Delegated administration (e.g. department leads managing roles).

Real-World Use Cases

  • Hospitals (HIPAA): Role + location + shift access to medical records.
  • Banks: Enforce MFA outside corporate network.
  • E-commerce: Temporary supplier access.
  • IoT: Device-based publish/subscribe permissions.

📦 Roadmap (Milestones)

Phase Focus
MVP RBAC, Policy-as-Code, SDKs, Keycloak integration
V1 ABAC, ReBAC, Simulators, Attribute Graphs
V2 Multi-tenancy, Audit, Compliance tooling
V3 Edge-case handling, IoT, Delegated access UI

Quickstart (WIP)

Follow these steps to quickly start KeyRunes locally:

# 1. Copy environment variables
cp .env-example .env

# 2. Start the database using Docker
docker-compose up -d

# 3. Run the web application
cargo run --bin keyrunes

# 4. Or run the CLI application
cargo run --bin cli

# 5. Run tests 
cargo test

# 6. Stop the database container when done
docker-compose down

Project Structure (Planned)

/src

/core # Policy engine

/models # Roles, attributes, relationships

/parser # Policy-as-code parser (YAML/Rego)

/sdk # API bindings

/tests

/docs

Contributing

Contributions are welcome! If youre interested in:

  • Access control systems
  • Graph-based security
  • High-performance Rust services

…then feel free to open issues, suggest ideas, or contribute code once were live 🚀

See in CONTRIBUTING

License

MIT CODE OF CONDUCT

🧙‍♂️ About the Name

Just like magical runes control access to forbidden realms in fantasy worlds, KeyRunes grants or denies access to sensitive resources: through logic, context, and relationships.

🔒 Security meets storytelling.