Cedar policy pack library for common agent governance patterns

[tomjwxf]

Problem

Agent governance policies need to be shareable, composable, and version-controlled. protect-mcp supports Cedar policies via --cedar ./policies/, but we need a curated library of battle-tested patterns.

Proposed policy pack categories

Security (CVE-anchored)

• clinejection.cedar — Prevent MCP OAuth proxy hijack (CVE-2025-6514)
• data-exfiltration.cedar — Block outbound data theft via tool abuse
• github-mcp-hijack.cedar — Prevent prompt injection via crafted issues

Compliance

• financial-safe.cedar — SOC 2 compliant financial transaction controls
• pii-guard.cedar — GDPR-aligned PII handling for tool calls
• eu-ai-act.cedar — EU AI Act Article 14 human oversight requirements

Operational

• rate-limit-tiered.cedar — Progressive rate limiting by trust tier
• approval-gates.cedar — Human-in-the-loop for high-risk tools
• read-only-default.cedar — Deny-by-default with explicit write permits

Usage

# Use a single policy pack
npx protect-mcp --cedar ./policies/cedar/clinejection.cedar --enforce -- node server.js

# Compose multiple packs
npx protect-mcp --cedar ./policies/cedar/ --enforce -- node server.js

Every decision is receipted

Cedar allow/deny decisions produce Ed25519-signed receipts:

npx @veritasacta/verify .protect-mcp-receipts.jsonl

Contributing

PRs welcome for new policy packs. Each pack needs:

1. The .cedar policy file
2. A corresponding test in policies/cedar/tests/
3. A one-paragraph description for the README table