Utility scripts for the Security Envelopes project.
policy_lint.py validates YAML policy files for structural correctness and basic consistency with the Security Envelopes policy shape.
# Lint example policies
python scripts/policy_lint.py examples/*/policy.yaml
# Lint specific files
python scripts/policy_lint.py examples/01_simple_rbac/policy.yaml
# Strict mode (warnings fail the run)
python scripts/policy_lint.py examples/*/policy.yaml --strict- YAML syntax checks
- Required fields and shape for policies used in examples
- RBAC-oriented checks (roles, assignments) where applicable
The linter expects policies similar to:
version: "1.0"
metadata:
name: "Policy Name"
description: "Policy description"
author: "Author Name"
created: "2024-01-01T00:00:00Z"
roles:
- name: "role_name"
permissions:
- action: "allow" | "deny"
scope:
resource: "resource_name"
path: ["action1", "action2"]
assignments:
- principal: "user_id"
role: "role_name"
attributes:
key: "value"- Errors: must be fixed for a clean run
- Warnings: reported;
--strictturns warnings into failures
Runs via .github/workflows/policy-lint.yml on pushes and pull requests that touch relevant paths.