Policy Engine
All policy decisions in TapPass are made by Open Policy Agent (OPA). a CNCF-graduated policy engine running as a sidecar. TapPass enforces OPA’s decisions. It has no built-in policy logic.
Fail-closed
Section titled “Fail-closed”If OPA is unreachable, all requests are denied. No request is ever forwarded unscanned.
Policy modules (Rego)
Section titled “Policy modules (Rego)”| Module | Path | Purpose |
|---|---|---|
authz.rego | tappass/authz | RBAC: who can access what endpoint |
pipeline.rego | tappass/pipeline | Pipeline step config per agent/org |
tools.rego | tappass/tools | Tool permissions: allow/deny per agent |
routing.rego | tappass/routing | Model routing: classification → allowed models |
breakglass.rego | tappass/breakglass | Emergency override authorization |
guardrails.rego | tappass/guardrails | Detection response: block vs redact vs notify |
Capability tokens
Section titled “Capability tokens”After the pipeline passes, TapPass mints an ES256-signed capability token:
- Time-bounded: 60s default TTL
- Action-scoped: lists allowed tools and operations
- Identity-bound: cryptographically bound to agent’s SPIFFE ID
- Constraint-carrying: embeds argument restrictions
- Verifiable offline: ~27μs via JWKS at
/.well-known/jwks.json
OPA client features
Section titled “OPA client features”- Decision caching: LRU with 30s TTL, 10K entries
- Sub-millisecond latency: sidecar deployment
- Audit logging: every decision logged with OPA decision ID
Policy replay
Section titled “Policy replay”Test new policies against historical events without affecting production:
# Replay last 1000 events with a new policyresults = tp.policy_replay("new-policy-v2", events=1000)print(f"Would have blocked {results.blocked_count} additional requests")