@@ -80,21 +80,192 @@ SecureAgent
8080 └── RuntimeAgent (orchestration, pre-action hook)
8181```
8282
83- ## Policy Example
83+ ## Sidecar Prerequisite (Optional)
84+
85+ The [ Predicate Authority Sidecar] ( https://github.com/PredicateSystems/predicate-authority-sidecar ) is ** only required if you need pre-action authorization** —real-time policy evaluation that blocks unauthorized actions before they execute.
86+
87+ | Feature | Sidecar Required? |
88+ | ---------| -------------------|
89+ | Pre-action authorization (` strict ` /` permissive ` modes) | ** Yes** |
90+ | Debug tracing (` debug ` mode) | No |
91+ | Audit logging (` audit ` mode) | No |
92+ | Policy development & testing | No |
93+
94+ If you only need debug tracing or audit logging, you can skip the sidecar entirely.
95+
96+ ### Starting the Sidecar
97+
98+ ** Docker (Recommended):**
99+
100+ ``` bash
101+ docker run -d -p 8787:8787 ghcr.io/predicatesystems/predicate-authorityd:latest
102+ ```
103+
104+ ** Or download binary:**
105+
106+ ``` bash
107+ # macOS (Apple Silicon)
108+ curl -fsSL https://github.com/PredicateSystems/predicate-authority-sidecar/releases/latest/download/predicate-authorityd-darwin-arm64.tar.gz | tar -xz
109+ ./predicate-authorityd --port 8787
110+
111+ # Linux x64
112+ curl -fsSL https://github.com/PredicateSystems/predicate-authority-sidecar/releases/latest/download/predicate-authorityd-linux-x64.tar.gz | tar -xz
113+ ./predicate-authorityd --port 8787
114+ ```
115+
116+ ** Verify:**
117+
118+ ``` bash
119+ curl http://localhost:8787/health
120+ # {"status":"ok"}
121+ ```
122+
123+ The sidecar handles policy evaluation in <25ms with zero egress—no data leaves your infrastructure.
124+
125+ ## Flexible Verification
126+
127+ Use pre-execution authorization and post-execution verification ** independently or together** :
128+
129+ | Pattern | Use Case | Sidecar? |
130+ | ---------| ----------| ----------|
131+ | Pre-execution only | Block unauthorized actions | Yes |
132+ | Post-execution only | Verify outcomes after completion | No |
133+ | Both (full loop) | Block + verify for max safety | Yes |
134+
135+ ** Pre-execution only** (policy without ` require_verification ` ):
136+
137+ ``` yaml
138+ rules :
139+ - action : " browser.*"
140+ resource : " https://amazon.com/*"
141+ effect : allow
142+ ` ` `
143+
144+ **Post-execution only** (debug mode, no sidecar):
145+
146+ ` ` ` python
147+ secure_agent = SecureAgent(agent=agent, mode="debug")
148+ secure_agent.run()
149+ secure_agent.trace_verification("cart_not_empty", passed=True)
150+ ```
151+
152+ ** Both** (policy with ` require_verification ` ):
153+
154+ ``` yaml
155+ rules :
156+ - action : " browser.click"
157+ resource : " *checkout*"
158+ effect : allow
159+ require_verification :
160+ - element_exists : " #order-confirmation"
161+ ` ` `
162+
163+ ## Debug Mode
164+
165+ Debug mode provides human-readable trace output for troubleshooting:
166+
167+ ` ` ` python
168+ secure_agent = SecureAgent(
169+ agent=agent,
170+ policy="policy.yaml",
171+ mode="debug",
172+ trace_format="console", # or "json"
173+ trace_file="trace.jsonl", # optional file output
174+ )
175+ ```
176+
177+ Console output shows:
178+ - Session start/end with framework and policy info
179+ - Each step with action and resource
180+ - Policy decisions (ALLOWED/DENIED) with reason codes
181+ - Snapshot diffs (before/after state changes)
182+ - Verification results (PASS/FAIL)
183+
184+ For JSON trace output (machine-parseable):
185+
186+ ``` python
187+ secure_agent = SecureAgent(
188+ agent = agent,
189+ mode = " debug"
190+ trace_format = " json"
191+ trace_file = " trace.jsonl"
192+ )
193+ ```
194+
195+ ## Policy Reference
196+
197+ ### Basic Structure
198+
199+ ``` yaml
200+ # policies/example.yaml
201+ rules :
202+ - action : " <action_pattern>"
203+ resource : " <resource_pattern>"
204+ effect : allow | deny
205+ require_verification : # optional
206+ - <predicate>
207+ ` ` `
208+
209+ ### Action Patterns
210+
211+ | Pattern | Description | Example |
212+ |---------|-------------|---------|
213+ | ` browser.*` | All browser actions | click, type, navigate |
214+ | `browser.click` | Specific action | Only click events |
215+ | `api.call` | API tool calls | HTTP requests |
216+ | `*` | Wildcard (all actions) | Catch-all rules |
217+
218+ # ## Resource Patterns
219+
220+ | Pattern | Description | Example |
221+ |---------|-------------|---------|
222+ | `https://example.com/*` | URL prefix match | All pages on domain |
223+ | `*checkout*` | Contains match | Any checkout-related URL |
224+ | `button#submit` | CSS selector | Specific element |
225+ | `*` | Wildcard (all resources) | Catch-all |
226+
227+ # ## Verification Predicates
228+
229+ ` ` ` yaml
230+ require_verification:
231+ # URL checks
232+ - url_contains: "/checkout"
233+ - url_matches: "^https://.*\\ .amazon\\ .com/.*"
234+
235+ # DOM state checks
236+ - element_exists: "#cart-items"
237+ - element_text_contains:
238+ selector: ".total"
239+ text: "$"
240+
241+ # Custom predicates
242+ - predicate: "cart_not_empty"
243+ ` ` `
244+
245+ # ## Policy Example
84246
85247` ` ` yaml
86248# policies/shopping.yaml
87249rules:
250+ # Allow browsing Amazon
88251 - action: "browser.*"
89252 resource: "https://amazon.com/*"
90253 effect: allow
91254
255+ # Allow checkout with verification
92256 - action: "browser.click"
93257 resource: "*checkout*"
94258 effect: allow
95259 require_verification:
96260 - url_contains: "/checkout"
261+ - element_exists: "#cart-items"
262+
263+ # Block external links
264+ - action: "browser.navigate"
265+ resource: "https://external.com/*"
266+ effect: deny
97267
268+ # Default deny
98269 - action: "*"
99270 resource: "*"
100271 effect: deny
0 commit comments