alien-permissions

Permission system for Alien. Compiles permission sets from JSONC definitions, evaluates policies, and interpolates cloud-specific IAM variables.

Permission sets are defined in permission-sets/ as JSONC files, specifying the cloud IAM permissions required for each resource type. Split into management (provisioning) and application (runtime) scopes.

Core Types

• PermissionContext — Builder for cloud permission variable context (AWS account/region, GCP project, Azure subscription, etc.)
• VariableInterpolator — Cross-cloud permission variable interpolation
• get_permission_set() / list_permission_set_ids() — Permission set registry operations