Open Source

AI-Authorization-as-a-Service

In addition to advisory and expert-guiding work, Nura offers FlowPilot — an authorization engine for GenAI-enabled and agentic systems where traditional IAM, RBAC and even ABAC/PBAC models no longer suffice.

FlowPilot allows workflows to run under a strict, auditable, and privacy-preserving policy regime, without hard-coding authorization logic into application code.

It evaluates who may do what, on whose behalf, and under which constraints, using declarative policies, real-world personas, and a first-class delegation model that spans both people and AI agents.

At a glance:

  • Designed for agentic and delegated workflows
  • Offers policy-based, persona-driven authorization with full explainability
  • Integrates with existing identity providers (Okta, Firebase, Keycloak, etc.)
  • Built with scale, security, privacy, auditability, and compliance as first-class concerns

You can dive into the technical documentation at:

https://docs.nura.pro

and explore a live demonstration using a travel-booking workflow metaphor at:

https://travel.nura.pro

Offered as Open Source

FlowPilot is released as open source. You can dive into the source code at:

https://github.com/schuppnura/FlowPilot

This is a deliberate choice. At Nura, we believe that authorization for agentic AI is a foundational problem, not a proprietary trick. As AI systems gain autonomy and act on behalf of users and organizations, the question of who may do what, on whose behalf, and under which constraints becomes too important to hide behind closed platforms.

By open-sourcing FlowPilot, we want to enable enterprises, founders, and the broader developer community to study, experiment with, and improve real-world authorization models for agentic systems. Nura’s role is to help organisations think seriously about authorization: how policies are expressed, how delegation is governed, how decisions are audited, and how privacy is preserved. Open sourcing FlowPilot allows these discussions to happen transparently, grounded in working code rather than abstract theory.

We welcome contributions, critical review, and experimentation. Whether you are building an AI-powered product, operating a regulated platform, or exploring new authorization paradigms, FlowPilot is intended as a shared foundation for responsible, policy-driven agentic AI.

Built for GenAI-friendly policy authoring

Modern applications increasingly involve:

  • AI agents acting on behalf of users
  • Delegated authority across people, agents, and workflows
  • Context‑dependent delegated authorisation (task, risk, time, effort, cost, mandate)
  • Strict privacy, audit, and compliance requirements

Traditional approaches break down under this complexity. FlowPilot provides a dedicated authorization layer that evaluates who may do what, on whose behalf, and under which constraints. In real time and with full explainability.

FlowPilot is explicitly designed to work with modern GenAI-assisted policy development (“vibe coding”) rather than against them. In fact, GenAI has proven to be very useful in defining, refining, testing and debugging FlowPilot policies.

Enriching Rego

FlowPilot deliberately builds on Rego as its policy evaluation language because Rego excels at real-time, deterministic authorization decisions with explainable outcomes. It has proven to be well suited for high-throughput, low-latency enforcement and integrates naturally with modern cloud-native systems.

At the same time, Rego is intentionally not an ontology or domain-modelling language. It does not natively define concepts such as personas, mandates, ownership, consent, or delegation, nor delegation to autonomous or agentic AI. Encoding these concepts directly in Rego quickly leads to opaque, brittle policies that are hard to reason about, govern, or audit.

FlowPilot therefore introduces an explicit domain and delegation layer on top of Rego. Personas and delegation relationships between people, and between people and AI agents are defined declaratively using typed manifests. These manifests define the domain semantics, validation rules, defaults, and constraints that Rego itself deliberately omits, while keeping the policy logic clean and focused on decision-making.

Compiling ODRL

For semantic expressiveness, FlowPilot leverages ODRL where it is strong: as a language for modelling rights, duties, constraints, and consent. ODRL provides the ontology and intent that Rego lacks, but on its own is less suited for performant, real-time authorization and complex rule evaluation.

FlowPilot bridges both worlds by compiling ODRL policies into Rego, combining ODRL’s semantic richness with Rego’s execution strength. Policies can be authored and reasoned about at a high semantic level, while still being enforced efficiently and predictably at runtime.

Interfacing using AuthZEN

Authorization requests themselves are expressed using the AuthZEN protocol, providing a standardised and explicit contract between applications and the authorization engine. AuthZEN cleanly separates what is being asked from how it is decided, making integrations predictable, interoperable, and well suited for GenAI-assisted (“vibe coding”) development.

Together, this results in a layered authorization model where:

  • AuthZEN standardises authorization requests and responses
  • ODRL expresses intent, consent, and domain semantics
  • Manifests define personas, delegation models, and validation
  • Rego evaluates authorization decisions deterministically and at scale

Built for provable governance & audit

FlowPilot embeds this model in a GitOps-style policy governance framework. Policies, manifests, and mappings are version-controlled, reviewed, tested, and deployed using established DevOps practices. This enables dry-runs, staged deployments, full audit trails, and safe rollbacks. This way, the authorization policy is treated as first-class, governable infrastructure rather than embedded application logic.

The result is an authorization system designed for agentic AI, delegated authority, and regulated environments — without forcing any single language or standard to do what it was never designed for.

Built for resilient operations & scale

FlowPilot is designed with defence-in-depth as a core architectural principle. All authorization requests are subject to strict input and output validation to protect against malformed, malicious, or rogue inputs, a critical requirement when dealing with delegated authority and autonomous agents.

To ensure this level of validation does not introduce latency, FlowPilot combines aggressive validation with intelligent caching and pre-computation, allowing authorization decisions to remain fast and predictable even under load. In addition, FlowPilot issues its own pseudonymous ‘on-behalf-of’ access tokens, optimised specifically for authorisation use cases, enabling blazingly fast policy evaluation without propagating personally identifiable information across backend services.

FlowPilot integrates with, and does not replace existing identity providers and directories such as Okta, Firebase, Keycloak. Authentication, user lifecycle management, and identity proofing remain with the customer’s chosen IdP, while FlowPilot focuses exclusively on authorization. This clean separation reduces attack surface, avoids duplication of privacy-sensitive data, and aligns with zero-trust and least-privilege design principles.

Commercial Model

FlowPilot is not positioned as a multi‑tenant external SaaS that processes your authorization decisions in a third‑party cloud.

Instead:

  • FlowPilot is deployed in your own cloud or environment
  • Runs alongside your existing architecture
  • Integrates with your identity provider (Firebase, Auth0, Keycloak, etc.)
  • Keeps authorization logic and sensitive context under your control

Because FlowPilot runs inside your environment, there is no recurring per‑user or per‑request SaaS fee. FlowPilot is fundamentally licensed as open source.

Obviously, we can guide and assist you with expert services to cover:

  • Architecture & policy design
  • Integration with existing systems
  • Initial policy authoring and governance setup
  • Knowledge transfer to internal teams

Next Steps

If you are exploring advanced authorization models, delegated authority, or AI‑driven workflows and want to avoid building a custom authorization engine from scratch, FlowPilot can serve as your authorization backbone.

Contact Nura to discuss suitability, deployment options, and licensing.