Authorization layer for AI Agents
Made with ❤ by the team at What About You.
Read the docs · Join the Discord
Note
Try the new Eunomia MCP Middleware for adding policy-based authorization to your MCP servers!
Eunomia is a standalone authorization layer purpose-built for AI agents. As a framework-agnostic solution, it decouples authorization logic from your agent architecture, enabling cleaner and more maintainable systems.
Built in the open, Eunomia provides enterprise-grade authorization capabilities that power What About You's AI governance platform. The framework seamlessly integrates with Model Context Protocol (MCP) primitives, making it easy to add policy-based authorization to your existing agent workflows.
Key features:
- Framework-agnostic: Works with any AI agent architecture or framework
- Decoupled design: Separates authorization concerns from business logic
- Agent Identity Governance: Verified agent identities through cryptographically signed Agent Passport tokens
- MCP integration: Native support for Model Context Protocol workflows
- Enterprise-ready: Proven in production environments
- Developer-focused: Simple APIs and comprehensive tooling
Eunomia is a standalone server to decouple the authorization logic from the main architecture of your AI Agent.
Install the eunomia-ai package via pip and run the server locally with:
eunomia serverOr use the Docker image instead:
docker run -d -p 8421:8421 --name eunomia ttommitt/eunomia-server:latestCheck out the quickstart example in the documentation for a fully working example.
To interact with the server from your code, you can use the following SDKs:
Eunomia provides extensions for the following frameworks:
For more examples and detailed usage, check out the documentation.
Admin endpoints for policy and entity management have been moved under the /admin prefix for better organization and security. Update your requests to use the new endpoints:
Affected endpoints:
- All
/policies[...]endpoints →/admin/policies[...] - All
/fetchers[...]endpoints →/admin/fetchers[...]
Public endpoints unchanged:
- All
/check[...]endpoints remain public
The SDKs have been automatically updated to use the new endpoints.
The internal fetcher has been renamed to registry for consistency. Update your configuration and endpoints to use the new name.
The SDK packages have been renamed to eunomia-sdk for consistency. Install the new package and update your imports.
Python:
# Before (v0.3.4)
from eunomia_sdk_python import EunomiaClient
# After (v0.3.5)
from eunomia_sdk import EunomiaClientTypescript:
// Before (v0.3.4)
import { EunomiaClient } from "eunomia-sdk-typescript";
// After (v0.3.5)
import { EunomiaClient } from "eunomia-sdk";The response of /check and /check/bulk endpoints has changed from bool to eunomia_core.schemas.CheckResponse.
Update your Python code to use the new response type:
# Before (v0.3.2)
is_allowed = eunomia.check(principal_uri, resource_uri)
# After (v0.3.3)
response = eunomia.check(principal_uri, resource_uri)
is_allowed = response.allowedThe simple policy creation endpoint has been renamed to /policies/simple for consistency.
A new endpoint has been added for creating full policies:
curl -X POST "http://localhost:8421/policies" \
-H "Content-Type: application/json" \
-d '{"version": "1.0", "name": "...", "default_effect": "...", "rules": []}'The following breaking changes were introduced in this version:
The authorization endpoint has been renamed for clarity; update your requests to use the new endpoint:
# Before (v0.3.1)
curl -X POST "http://localhost:8421/check-access" \
-H "Content-Type: application/json" \
-d '{"principal": {...}, "action": "...", "resource": {...}}'
# After (v0.3.2)
curl -X POST "http://localhost:8421/check" \
-H "Content-Type: application/json" \
-d '{"principal": {...}, "action": "...", "resource": {...}}'A new bulk authorization endpoint has been added for improved performance when checking multiple permissions:
curl -X POST "http://localhost:8421/check/bulk" \
-H "Content-Type: application/json" \
-d '[
{"principal": {...}, "action": "...", "resource": {...}},
{"principal": {...}, "action": "...", "resource": {...}}
]'