Skip to content

[feature] support the new "a" type policies (aka LLM AI policy) #1692

New issue
New issue
Open
#1695
Open
[feature] support the new "a" type policies (aka LLM AI policy)#1692
#1695
Assignees
hsluoyzcopilot-swe-agent
Labels
enhancement
@hsluoyz

Description

@hsluoyz
hsluoyz
opened on Jan 25, 2026

see: https://editor.casbin.org/#6W5HP2HEM

need to support the new "a" type policy (means AI LLM policy, can be "a", "a2", "a3" like p and g policy), like:

a, "if the request object contains anything like credential/secret leak, then deny"

so Casbin will call the LLM API (use the new Explain API in: 0fe9505) to determine the "a" policy: "if the request object contains anything like credential/secret leak, then deny".

Casbin Policy Configuration

Model

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = ipMatch(r.sub, p.sub) && r.obj == p.obj && r.act == p.act

Policy

p, 192.168.2.0/24, data1, read
p, 10.0.0.0/16, data2, write
a, "allow US residential IPs to read data1" # "residential" means not cloud IPs
a, "allow global cloud IPs to write data2"

Request

192.168.2.1, data1, read
10.0.2.3, data2, write

Enforcement Result

(empty)

Metadata

Metadata

Assignees

Labels

enhancement

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions