ν.β E3 — Cedar policy authoring at scale — CLOSED 2026-05-04

Outcome

outcome-VALIDATED — kill condition NOT-MET on both legs.

Cedar production patterns survey (2026-05-04)

Pattern	Status	Evidence
AWS Verified Permissions	CONFIRMED production at scale	700M auth/month <1ms, Stedi case study; Bedrock AgentCore Cedar GA 2026-03-03
cedar-for-agents (cedar-policy/ org)	ALIVE, alpha-quality, NOT blocking	20 stars, 8 forks, pushed 2026-04-29; alpha scaffold; additive MCP tooling
Postgres + Cedar extension	DOES NOT EXIST (0 GitHub results)	Bespoke TEXT CRUD Phase-1 build task (~2d)
VSCode Cedar extension	MATURE v0.10.3 (2026-03-24)	Tracks Cedar 4.9.1; 4.10.0 support imminent in v0.10.4

Scaling benchmark results (real measurements)

Environment: Cedar CLI 4.10.0 + cedar-policy-symcc 0.4.0 + cvc5 1.2.1 (validated binary) + WSL2

Benchmark	N	Mean (ms)	Range (ms)	N trials
check-parse	10	20.1	18.3–21.4	5
check-parse	100	22.8	20.9–25.6	5
check-parse	1000	44.1	41.8–45.6	5
symcc equivalent (self-eq)	10	22.9	21.1–24.2	5
symcc equivalent (self-eq)	50	27.4	26.5–31.6	5
symcc equivalent (self-eq)	100	29.5	27.7–35.5	5
symcc never-errors (per-policy)	1	22.4	21.2–23.5	5
symcc never-errors (10-policy loop)	—	9.3 ms/policy	—	1 timed run

Key caveat

Self-equivalence benchmarks (SET1 == SET1) resolve trivially. Non-trivially divergent 1000-policy set equivalence is NOT measured — Phase-1.5+ dedicated spike required before Phase-5+ architecture decisions.

6-agent loop Phase-1.5+ trigger framework

Five triggers for Cedar-at-scale Phase-1.5+ activation:

T1: Policy sets per tenant >20
T2: >1 agent generating Cedar policies per estate
T3: First faith-pillar partner firm onboarded
T4: Spike D4 trigger-event Cedar policies in production
T5: Partner firms require amendment equivalence guarantees

T-file location

/home/richardd/off-github/library/projects/inherit/T-spike-nu-beta-E3-cedar-policy-authoring-at-scale-2026-05-04.md

TT Claude Memory

Explorer

ν.β E3 CLOSED — Cedar policy authoring at scale — outcome-VALIDATED