chore: initial open source release (v0.1.0)

.env.example

@@ -0,0 +1,60 @@
+# Environment
+KEYNETRA_ENVIRONMENT=development
+KEYNETRA_DEBUG=false
+
+# Core storage
+KEYNETRA_DATABASE_URL=sqlite+pysqlite:///./keynetra.db
+KEYNETRA_REDIS_URL=redis://localhost:6379/0
+
+# API auth
+KEYNETRA_API_KEYS=devkey
+# Optional: comma-separated SHA256 hashes instead of plain API keys
+# KEYNETRA_API_KEY_HASHES=
+KEYNETRA_JWT_SECRET=change-me
+KEYNETRA_JWT_ALGORITHM=HS256
+KEYNETRA_ADMIN_USERNAME=admin
+KEYNETRA_ADMIN_PASSWORD=admin123
+KEYNETRA_ADMIN_TOKEN_EXPIRY_MINUTES=60
+
+# CORS
+KEYNETRA_CORS_ALLOW_ORIGINS=http://localhost:5173,http://127.0.0.1:5173
+KEYNETRA_CORS_ALLOW_ORIGIN_REGEX=
+KEYNETRA_CORS_ALLOW_CREDENTIALS=true
+KEYNETRA_CORS_ALLOW_METHODS=*
+KEYNETRA_CORS_ALLOW_HEADERS=*
+
+# Policy/model loading
+# Optional inline policy JSON
+# KEYNETRA_POLICIES_JSON=
+# Optional comma-separated file/dir paths
+KEYNETRA_POLICY_PATHS=./examples/policies
+KEYNETRA_MODEL_PATHS=./examples/auth-model.yaml
+
+# Caching and resilience
+KEYNETRA_DECISION_CACHE_TTL_SECONDS=5
+KEYNETRA_SERVICE_TIMEOUT_SECONDS=2.0
+KEYNETRA_CRITICAL_RETRY_ATTEMPTS=3
+KEYNETRA_RESILIENCE_MODE=fail_closed
+KEYNETRA_RESILIENCE_FALLBACK_BEHAVIOR=static
+
+# Rate limiting
+KEYNETRA_RATE_LIMIT_PER_MINUTE=60
+KEYNETRA_RATE_LIMIT_BURST=60
+KEYNETRA_RATE_LIMIT_WINDOW_SECONDS=60
+
+# Runtime mode
+KEYNETRA_SERVICE_MODE=all
+KEYNETRA_AUTO_SEED_SAMPLE_DATA=true
+KEYNETRA_OTEL_ENABLED=false
+
+# Server defaults for CLI config mode
+KEYNETRA_SERVER_HOST=0.0.0.0
+KEYNETRA_SERVER_PORT=8000
+
+# Policy distribution
+KEYNETRA_POLICY_EVENTS_CHANNEL=keynetra:policy_events
+
+# Optional OIDC/JWKS
+# KEYNETRA_OIDC_JWKS_URL=
+# KEYNETRA_OIDC_AUDIENCE=
+# KEYNETRA_OIDC_ISSUER=

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @repo-owner

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,37 @@
+name: Bug report
+description: Report a reproducible issue in KeyNetra.
+title: "[Bug]: "
+labels:
+  - bug
+body:
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: Describe the issue as clearly as possible.
+      placeholder: What happened?
+    validations:
+      required: true
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps to reproduce
+      description: Provide the exact steps needed to reproduce the issue.
+      placeholder: 1. ...
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected behavior
+      description: Describe what you expected to happen.
+    validations:
+      required: true
+  - type: textarea
+    id: environment
+    attributes:
+      label: Environment
+      description: Include OS, Python version, deployment mode, and any relevant config.
+      placeholder: macOS, Python 3.11, SQLite, etc.
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,28 @@
+name: Feature request
+description: Suggest an improvement or new capability for KeyNetra.
+title: "[Feature]: "
+labels:
+  - enhancement
+body:
+  - type: textarea
+    id: proposal
+    attributes:
+      label: Proposal
+      description: Summarize the feature you want to add.
+      placeholder: What should KeyNetra do?
+    validations:
+      required: true
+  - type: textarea
+    id: use_case
+    attributes:
+      label: Use case
+      description: Explain the problem this feature solves.
+    validations:
+      required: true
+  - type: textarea
+    id: impact
+    attributes:
+      label: Impact
+      description: Describe the expected benefit or tradeoffs.
+    validations:
+      required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,18 @@
+## Summary
+
+Describe the purpose of this pull request.
+
+## Changes
+
+- 
+
+## Test Plan
+
+- 
+
+## Checklist
+
+- [ ] tests added
+- [ ] docs updated
+- [ ] migrations verified
+- [ ] backward compatibility preserved

.github/workflows/ci.yml

@@ -0,0 +1,58 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: CI / test (${{ matrix.python-version }})
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.11", "3.12", "3.13", "3.14"]
+
+    env:
+      KEYNETRA_DATABASE_URL: sqlite+pysqlite:///./.keynetra-ci.db
+      KEYNETRA_API_KEYS: testkey
+      PYTHONUNBUFFERED: "1"
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: "pip"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install -r requirements.txt
+          python -m pip install -r requirements-dev.txt
+          python -m pip install -e .
+
+      - name: Lint
+        run: |
+          ruff check .
+          black --check .
+          isort --check-only .
+
+      - name: Migration check
+        env:
+          PYTHONPATH: ${{ github.workspace }}
+        run: python -m keynetra.cli migrate --confirm-destructive
+
+      - name: Tests and coverage
+        env:
+          PYTHONPATH: ${{ github.workspace }}
+        run: |
+          python -m pytest -q --cov=keynetra --cov-fail-under=80

.github/workflows/release.yml

@@ -0,0 +1,57 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*"
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    env:
+      KEYNETRA_DATABASE_URL: sqlite+pysqlite:///./.keynetra-release.db
+      KEYNETRA_API_KEYS: testkey
+      PYTHONUNBUFFERED: "1"
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python 3.11
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install -r requirements.txt
+          python -m pip install -r requirements-dev.txt
+
+      - name: Build Python package
+        run: python -m build
+
+      - name: Run tests
+        run: pytest -q --cov=keynetra --cov-fail-under=80
+
+      - name: Attach release artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: keynetra-release-artifacts
+          path: |
+            dist/*.tar.gz
+            dist/*.whl
+
+      - name: Publish GitHub release
+        uses: softprops/action-gh-release@v2
+        with:
+          name: KeyNetra ${{ github.ref_name }}
+          body: |
+            Initial public release of the KeyNetra authorization engine.
+
+            Includes support for RBAC, ABAC, ACL, and ReBAC with a compiled authorization engine, distributed caching, policy simulation, impact analysis, and observability.
+          files: |
+            dist/*.tar.gz
+            dist/*.whl

.gitignore

@@ -0,0 +1,19 @@
+__pycache__/
+*.pyc
+.env
+.venv
+.vscode
+.idea
+dist/
+build/
+.coverage
+htmlcov/
+.pytest_cache/
+node_modules/
+.ruff_cache/
+.mypy_cache/
+*.db
+*.sqlite
+*.sqlite3
+.DS_Store
+docs-site

CHANGELOG.md

@@ -0,0 +1,19 @@
+# Changelog
+
+## v0.1.0
+
+Initial public release of the KeyNetra authorization engine.
+
+### Features
+
+- RBAC
+- ABAC
+- ACL
+- ReBAC
+- Authorization models
+- Policy simulation
+- Impact analysis
+- Distributed caching
+- Redis scaling
+- Prometheus metrics
+- Docker and Kubernetes deployment

CONTRIBUTING.md

@@ -0,0 +1,68 @@
+# Contributing to KeyNetra
+
+Thanks for contributing.
+This guide is optimized for first-time contributors.
+
+## Development setup
+
+```bash
+python3.11 -m venv .venv
+source .venv/bin/activate
+pip install -r requirements.txt -r requirements-dev.txt
+export KEYNETRA_API_KEYS=devkey
+```
+
+Start the API locally:
+
+```bash
+python -m keynetra.cli serve
+```
+
+## Run tests
+
+Run all tests:
+
+```bash
+PYTHONPATH=. python3.11 -m pytest -q
+```
+
+Run targeted tests:
+
+```bash
+PYTHONPATH=. python3.11 -m pytest -q tests/test_api.py
+```
+
+## Coding guidelines
+
+- Keep changes small and focused
+- Add tests for behavior changes
+- Keep documentation in sync with code
+- Prefer clear names over clever shortcuts
+- Do not add unrelated refactors in the same PR
+
+Formatting/linting tools used in this project:
+
+- `black`
+- `isort`
+- `ruff`
+
+## Pull request checklist
+
+1. Create a feature branch
+2. Implement change with tests
+3. Run test suite locally
+4. Update docs when behavior changes
+5. Open PR with clear summary:
+   - problem
+   - approach
+   - test evidence
+
+## Reporting bugs
+
+When opening an issue, include:
+
+- expected behavior
+- actual behavior
+- minimal reproducible request/payload
+- logs/error output
+- runtime info (Python version, OS)