PolicyBind

AI Policy as Code Enforcement Platform for Organizational AI Governance

PolicyBind is a comprehensive framework for defining, managing, and enforcing policies that govern AI usage within organizations. It provides the infrastructure needed to implement responsible AI practices at scale.

Why PolicyBind?

As organizations adopt AI systems, they face critical governance challenges:

Challenge	Impact	PolicyBind Solution
Lack of Visibility	No centralized view of AI deployments	Model Registry with full inventory
Inconsistent Controls	Different teams apply different standards	Unified policy-as-code enforcement
Reactive Security	Violations discovered after the fact	Real-time policy enforcement
Compliance Burden	Manual effort for EU AI Act, NIST, SOC 2	Automated compliance mapping and reporting
Access Sprawl	API credentials proliferate without control	Scoped tokens with automatic expiration

Features

Policy Engine

Define AI usage policies in human-readable YAML:

name: enterprise-ai-policy
version: "1.0.0"

rules:
  - name: block-pii-external
    description: PII data cannot go to external providers
    match:
      and:
        - provider: { not_in: [internal, on-premise] }
        - data_classification: { contains: pii }
    action: DENY
    priority: 800

  - name: allow-engineering
    match:
      department: engineering
    action: ALLOW
    priority: 500

  - name: default-deny
    action: DENY
    priority: 0

SDK Integrations

PolicyBind provides transparent policy enforcement for 9 major AI providers. Wrap your existing SDK clients to automatically enforce policies without changing application code.

Provider	Integration	Features
OpenAI	openai_integration	Chat, completions, embeddings, streaming
Anthropic	anthropic_integration	Messages, streaming, tool use
Google	google_integration	Gemini, Vertex AI, streaming
Cohere	cohere_integration	Chat, generate, embed, rerank
Mistral AI	mistral_integration	Chat, streaming, embeddings
AWS Bedrock	bedrock_integration	Converse, invoke model, streaming
Ollama	ollama_integration	Local models, chat, generate, embeddings
Hugging Face	huggingface_integration	Chat, text generation, embeddings
LangChain	langchain_integration	Callbacks and LLM wrappers

Example: OpenAI Integration

from openai import OpenAI
from policybind.integrations.openai_integration import create_policy_client

# Create a policy-enforced OpenAI client
client = create_policy_client(
    policy_set=policy_set,
    user_id="user@example.com",
    department="engineering",
)

# Use normally - policies are automatically enforced
response = client.chat.completions.create(
    model="gpt-4",
    messages=[{"role": "user", "content": "Hello!"}]
)

Example: Anthropic Integration

from policybind.integrations.anthropic_integration import create_policy_client

client = create_policy_client(
    policy_set=policy_set,
    user_id="user@example.com",
    department="engineering",
)

response = client.messages.create(
    model="claude-3-opus-20240229",
    max_tokens=1024,
    messages=[{"role": "user", "content": "Hello!"}]
)

Example: LangChain Integration

from langchain_openai import ChatOpenAI
from policybind.integrations.langchain_integration import wrap_llm

# Wrap any LangChain LLM
llm = wrap_llm(
    llm=ChatOpenAI(model="gpt-4"),
    policy_set=policy_set,
    user_id="user@example.com",
)

# Use normally - policies automatically enforced
response = llm.invoke("Hello!")

Model Registry

Track and manage all AI deployments:

# Register a deployment
policybind registry register \
  --name "customer-support-bot" \
  --provider openai \
  --model gpt-4 \
  --owner "support-team" \
  --data-categories "customer-data,pii"

# Assess risk
policybind registry risk-assess dep_abc123

# Approve for production
policybind registry approve dep_abc123 --ticket JIRA-456

Token-Based Access Control

Issue scoped tokens with fine-grained permissions:

# Create a token with natural language
policybind token create \
  --subject "marketing-analytics" \
  --permissions "Allow GPT-3.5 and Claude for content generation, \
                 max $50/day budget, no PII data"

# Or with explicit options
policybind token create \
  --subject "data-science-team" \
  --models "gpt-4,claude-3-*" \
  --budget 100 \
  --budget-period daily \
  --expires 30

Incident Management

Track and resolve policy violations:

# View incidents
policybind incident list --status open --severity high

# Generate incident report
policybind incident report inc_xyz789 --format pdf

Compliance Reporting

Generate evidence for auditors:

# Compliance status report
policybind report compliance --framework eu-ai-act

# Export audit trail
policybind audit export --start 2024-01-01 --end 2024-01-31 --format json

Installation

Requirements

• Python 3.10 or higher
• SQLite 3.x (included with Python)

Install from PyPI

pip install policybind

Install from Source

git clone https://github.com/clay-good/policybind.git
cd policybind
pip install -e .

Install with Server Support

pip install policybind[server]

Verify Installation

policybind --version
policybind --help

Quick Start

1. Initialize PolicyBind

# Create a new project
mkdir my-ai-governance
cd my-ai-governance

# Initialize PolicyBind
policybind init

# Check status
policybind status

2. Create Your First Policy

Create policies/main.yaml:

name: my-first-policy
version: "1.0.0"
description: Basic AI governance policy

rules:
  - name: allow-approved-models
    description: Allow access to approved models
    match:
      model:
        in:
          - gpt-4
          - gpt-3.5-turbo
          - claude-3-sonnet
    action: ALLOW
    priority: 100

  - name: default-deny
    description: Deny all other requests
    action: DENY
    priority: 0

3. Load the Policy

policybind policy load policies/main.yaml
policybind policy show

4. Test Enforcement

# Test a request that should be allowed
policybind policy test policies/main.yaml \
  --request '{"provider": "openai", "model": "gpt-4"}'

# Test a request that should be denied
policybind policy test policies/main.yaml \
  --request '{"provider": "openai", "model": "davinci"}'

5. Use as a Library

from policybind.engine.parser import PolicyParser
from policybind.engine.pipeline import EnforcementPipeline
from policybind.models.request import AIRequest

# Load policy
parser = PolicyParser()
result = parser.parse_file("policies/main.yaml")
policy_set = result.policy_set

# Create pipeline
pipeline = EnforcementPipeline(policy_set)

# Enforce a request
request = AIRequest(
    provider="openai",
    model="gpt-4",
    user_id="user-123",
    department="engineering",
)

response = pipeline.process(request)

if response.is_allowed():
    print("Request allowed")
else:
    print(f"Request denied: {response.reason}")

Documentation

Guide	Description
Getting Started	Installation and first steps
Concepts	Core concepts and philosophy
Policy Reference	Complete policy syntax
Architecture	System design and components
Deployment	Production deployment guide
Security	Security model and best practices
Performance	Performance tuning and benchmarks
Troubleshooting	Common issues and solutions
API Reference	HTTP API documentation
Integration Guide	SDK integration details

CLI Commands

Command	Description
policybind init	Initialize a new PolicyBind project
policybind status	Show system status
policybind policy load	Load a policy file
policybind policy show	Display current policies
policybind policy validate	Validate policy syntax
policybind policy test	Test policy against a request
policybind registry list	List registered deployments
policybind registry register	Register a new deployment
policybind token create	Create an access token
policybind token list	List all tokens
policybind incident list	List incidents
policybind audit query	Query audit logs
policybind serve	Start the HTTP server

Run policybind <command> --help for detailed usage.

Performance

PolicyBind is designed for production workloads:

Metric	Target	Typical
Matcher latency (P99)	< 1ms	0.1-0.5ms
Pipeline latency (P99)	< 10ms	1-5ms
Throughput	> 10,000 req/s	20,000+ req/s

See the Performance Guide for tuning recommendations.

Development

Setting Up Development Environment

# Clone the repository
git clone https://github.com/clay-good/policybind.git
cd policybind

# Create virtual environment
python3 -m venv .venv
source .venv/bin/activate

# Install development dependencies
pip install -e ".[dev]"

Running Tests

# Run all tests
pytest

# Run with coverage
pytest --cov=policybind

# Run specific test file
pytest tests/test_engine.py

# Run tests in parallel
pytest -n auto

Code Quality

# Run linter
ruff check policybind/

# Run type checker
mypy policybind/

# Format code
ruff format policybind/

Architecture Overview

┌─────────────────────────────────────────────────────────────┐
│                      Applications                           │
│  (OpenAI, Anthropic, Google, LangChain, etc.)              │
└────────────────────┬────────────────────────────────────────┘
                     │
    ┌────────────────┼────────────────┐
    │                │                │
    v                v                v
┌─────────────┐ ┌──────────────┐ ┌─────────┐
│ Python SDK  │ │  HTTP API    │ │   CLI   │
│ (wrappers)  │ │  (aiohttp)   │ │(argparse)│
└────────────┬┘ └──────────┬───┘ └────┬────┘
             │             │          │
             └─────────────┼──────────┘
                           v
                 ┌──────────────────────────┐
                 │   PolicyBind Core        │
                 │  (Enforcement Engine)    │
                 └──────┬───────────────────┘
                        │
        ┌───────┬───────┼───────┬────────┬──────────┐
        │       │       │       │        │          │
        v       v       v       v        v          v
    ┌──────┬────────┬──────┬────────┬────────┬──────────┐
    │Policy│ Model  │Token │Incident│ Audit  │ Reports  │
    │Engine│Registry│Manager│Manager│ Logger │Generator │
    └──────┴────────┴──────┴────────┴────────┴──────────┘
                        │
                        v
                 ┌──────────────────┐
                 │   SQLite DB      │
                 │   (WAL mode)     │
                 └──────────────────┘

Project Structure

policybind/
├── engine/          # Policy parsing, matching, and execution
├── integrations/    # SDK wrappers for AI providers
├── models/          # Data models (Policy, Request, Response)
├── server/          # HTTP API (aiohttp-based)
├── cli/             # Command-line interface
├── storage/         # SQLite database layer
├── registry/        # Model deployment registry
├── tokens/          # Access token management
├── incidents/       # Incident tracking and workflows
├── reports/         # Compliance and audit reports
└── config/          # Configuration management

Contributing

Contributions are welcome! Please follow these steps:

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Make your changes
4. Run tests (pytest)
5. Run linter (ruff check policybind/)
6. Commit your changes (git commit -m 'Add amazing feature')
7. Push to the branch (git push origin feature/amazing-feature)
8. Open a Pull Request

Please ensure all tests pass and code follows the project style guidelines.

Security

PolicyBind is designed with security in mind:

• Deny-by-default: Requests without matching policies are denied
• Token hashing: Tokens are stored as hashes, never in plaintext
• Parameterized queries: All database queries use parameterization
• Input validation: All inputs are validated before processing
• Audit logging: Complete audit trail of all decisions

For security concerns, please see SECURITY.md or contact the maintainers.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Support

• Documentation: docs/
• Issues: GitHub Issues
• Discussions: GitHub Discussions

Acknowledgments

PolicyBind is built on these excellent open-source projects:

• PyYAML - YAML parsing
• aiohttp - Async HTTP server
• pytest - Testing framework