Skip to content

AdventuringGhost/Covenant

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
app
app
 
 
docker
docker
 
 
docs
docs
 
 
infra
infra
 
 
opa
opa
 
 
tests
tests
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
CLAUDE.md
CLAUDE.md
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Covenant

Secure RAG pipeline with OPA-enforced RBAC. Policy gates every query before Claude Sonnet generates a single token.

Built by Skipper — portfolio project for adventuringghost.com.

Architecture

┌─────────┐   JWT    ┌──────────┐   OPA check   ┌─────┐
│  Client ├─────────►│  FastAPI ├──────────────►│ OPA │
└─────────┘          └────┬─────┘               └──┬──┘
                          │ allow=true             │
                     ┌────▼──────┐                 │ deny → 403
                     │ pgvector  │                 │
                     └────┬──────┘                 │
                          │ chunks                  │
                     ┌────▼──────┐
                     │  Claude   │
                     │  Sonnet   │
                     └──────────-┘

Roles

Role Can Do
admin Query all documents, view all metadata
user Query documents at or below their clearance
auditor Read audit logs — no document access

Quick Start

cp .env.example .env        # fill in secrets
docker compose -f docker/docker-compose.yml up -d
pytest tests/ -v

API docs available at http://localhost:8000/docs once running.

Stack

Python · FastAPI · PostgreSQL · pgvector · OPA · Claude Sonnet · JWT · Docker · Terraform · Azure

License

MIT

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages