Prose2Policy (P2P): A Practical LLM Pipeline for Translating Natural-Language Access Policies into Executable Rego

Prose2Policy (P2P): A Practical LLM Pipeline for Translating Natural-Language Access Policies into Executable Rego V atsal Gupta Apple Cupertino, California, USA vatsal_gupta@apple.com Darshan Sreenivasamurthy Apple Cupertino, California, USA dtumkursreenivas@apple.com Abstract Prose2Policy (P2P) is a LLM-base d practical tool that translates natural-language access control policies (NLACPs) into e xecutable Rego code (the p olicy language of Open Policy Agent, OP A). It provides a modular , end-to-end pipeline that performs policy detec- tion, component extraction, schema validation, linting, compilation, automatic test generation and execution. Prose2Policy is designed to bridge the gap between human-readable access requirements and machine-enforceable policy-as-code (PaC) while emphasizing deployment reliability and auditability . W e evaluated Prose2Policy on the A CRE dataset and demonstrated a 95.3% compile rate for ac- cepted policies, with automate d testing achieving a 82.2% positive- test pass rate and a 98.9% negative-test pass rate. These results indicate that Prose2Policy produces syntactically robust and be- haviorally consistent Rego policies suitable for Zero Trust and compliance-driven environments. CCS Concepts • Security and privacy → Access control . Ke ywords Access Control, ABA C, LLM, Rego A CM Reference Format: V atsal Gupta and Darshan Sreenivasamurthy . . Prose2Policy (P2P): A Prac- tical LLM Pipeline for Translating Natural-Language Access Policies into Executable Rego. In Proceedings of . ACM, Ne w Y ork, N Y , USA, 6 pages. 1 Introduction Access control is foundational to security , and it has b ecome increas- ingly critical with rapid digital transformation and the emergence of autonomous systems. Traditional models that har dcode autho- rization logic inside applications are ill-suited to today’s distributed, dynamic environments b ecause they tightly couple decisions to code, making changes hard to update, audit, and scale, and forcing full deployment/testing cycles for every policy change [ 2 ]. Conse- quently , organizations are shifting to externalized access control with continuous validation. A s Kumar et al. note, Zero T rust access control framew orks rely on external policy engines and centralized verication [14]. One of the mechanisms to externalize authorization is by imple- menting policy-as-co de (PaC), wher e policies are stored as code and evaluated by a decision engine to return allow/deny outcomes for authorization requests [ 9 ]. Authoring these p olicies is a highly man- ual and code-centric task to day , demanding expertise in languages such as eXtensible access control markup language (XACML) [ 21 ], , next-generation access control (NGA C) from NIST [ 9 ], Rego [ 22 ], or Ce dar [ 3 ]. Typically , business stakeholders like analysts, auditors and managers have a better understanding of the access control requirements and can express the intent as natural language access control policies (NLACPs). Ho wever , the learning cur ve associated with coding these in policy languages creates a gap between human- dened intent and machine-enforced authorization. As computing systems scale across hybrid and multi-agent ecosystems, organi- zations require a unied framework capable of translating human intent into machine-enforceable policies. T o address this challenge, we introduce Prose2Policy , an agentic ow that interprets NLACPs, converts them into machine-enforceable Rego policies, analyzes them for quality and style ( lints them), com- piles them, and tests them. The agent builds on previous r esearch by Y ang et al. [ 31 ] and Lawal et al. [ 15 ] to use LLMs as the mech- anism to extract policy components. It extends existing research prototypes such as RA Gent [ 12 ], ARPaCCino [ 25 ], and A utoP AC [ 8 ] by introducing a structured, r eproducible prompting framework and a feedback-enabled linting and testing mechanism to ensure real-world enforceability . For practitioners, Prose2Policy oers a pragmatic, end-to-end path from NLA CP to Rego as it extracts critical elements from NLA CPs, validates them against an organization schema, and emits executable Rego with default-deny semantics plus executable unit tests. This ensures that they can pilot policy-as-co de without re- training models or rewriting applications. For researchers, the tool decouples three crucial problem components in the space: policy identication (detecting which statements express access policies), component extraction (breaking down each policy into its key elements such as subject, action, resource, etc.), and e xecutable syn- thesis (generating and validating policy code from these elements). This enables independent evaluation of each module and supp orts reproducible experiments. The pipeline’s modular prompting and validation stages provide a controlled setting to study prompting strategies, error taxonomies, and guardrail eectiveness, while the testing module enables behavior-level evaluation beyond corpus F1. 2 Background and Related W ork This section discusses research related to converting NLA CPs into executable policies that Prose2Policy builds upon. 2.1 Evolution and Policy Engine ering Narouei et al. [ 18 ] note d that the manual process of translating NLA CPs into formal p olicies is laborious, expensive, and error prone. A s also highlighted by Jayasundara et al. [ 12 ], natural lan- guage policy documents are inherently ambiguous, resulting in , , V atsal Gupta and Darshan Sreenivasamurthy error-prone, inconsistent enforcement when manually converted to formal policy code. Similarly , Y ang et al. [ 31 ] demonstrated that developing policies from high-level organizational requirements is labor intensive and error prone . This led to the use of natural lan- guage processing (NLP), deep learning, and large language mo dels (LLMs) to automate the task of converting NLA CPs into machine- enforceable policies. Early work in automated access control policy generation, such as T ext2Policy proposed by Xiao et al. [ 29 ] and A CRE from Slankas and Williams [ 26 ], relied on rule-base d extraction using dep en- dency structures. Later , Narouei and T akabi [ 19 ] introduced top- down policy engineering frameworks leveraging semantic role labeling and neural models. Abdelgawad et al. [ 1 ] advance d this with natural-language-to-NGA C graph generation. Recent work such as AutoP A C [ 8 ] and multi-agent code-orchestrated genera- tion [ 13 ] extends this trajectory by using LLMs to autonomously generate enforceable policies and infrastructure-as-code (IaC) con- gurations. Howev er , most previous work was not accurate enough to ex- tract the necessary elements like subject, resource, and action fr om NLA CPs [ 11 , 18 – 20 ]. Furthermore, prior r esearch [ 1 , 9 , 15 , 18 , 31 ] did not focus on extracting purpose hidden in these statements, which is a crucial component to support authorization for AI agents [28]. 2.2 LLM-Based Policy Generation With advances in LLMs, several studies have e xplored their usage to automate translation [ 10 , 13 , 15 , 16 , 31 , 32 ] with impro ved extrac- tion results, but they often lack domain-specic knowledge which results in extraction of invalid subjects or resources. Some r ecent works [ 8 , 12 , 25 ] employ retrieval-augmented generation (RAG) methods that rely on organization-sp ecic corp ora to ground policy synthesis in domain context. While this improves rele vance, it can reduce exibility for large enterprises where individual application teams seek lightweight integration. Such pipelines typically need reindexing when organizational data or terminology changes, and prompt templates may require adaptation or netuning dep ending on implementation. Also, most prior research [ 11 , 18 – 20 ] reported limited accuracy on comp onent extraction and entity grounding, particularly for complex or multi-clause policies. Moreover , as Chen et al. [ 5 ] and Y ang et al. [ 31 ] obser ve, LLMs may hallucinate entities, in- fer non-existent attributes, or yield inconsistent outputs without domain-level guardrails. These factors highlight the need for reli- able, schema-aware mechanisms that ensure essential policy ele- ments are accurately extracted and veriable. Finally , limited re- search [ 12 , 17 ] focuses on validating generate d policies and improv- ing them based on linter feedback. 2.3 Policy Externalization and AI Delegation Policy externalization has been a point of research interest with emphasis on modularity and veriability . Xu and Zhang [ 30 ] high- lighted attribute-based access control (ABA C) for collab oration across multi-user and cross-organizational environments, where dynamic sharing requires ne-graine d and context-aware de ci- sions. Adeyinka [ 2 ] showed that embedding authorization within applications limits scalability and auditability in hybrid systems, motivating externalized PaC frameworks. Ferraiolo et al. [ 9 ] also em- phasized that separating policies is valuable in distribute d systems where authorization depends on dynamic attributes and context. Governance-as-a-service [ 10 ] and work by Chopra [ 7 ] extend this to multi-agent authorization, aligning with Prose2Policy’s concep- tualization of the policy generator as a governed AI agent. Building on this, South et al. [ 27 ] proposed an authenticated dele- gation frame work extending O A uth 2.0 and Op enID Connect for AI agents, enabling veriable delegation from humans to agents. Their work introduces the concept of translating natural-language per- missions into auditable access contr ol congurations, aligning with Prose2Policy’s obje ctive of bridging intent and machine-enforceable authorization. 3 Design Rationale and T echnical Choices This section explains the key design decisions that shape our ap- proach, specically the prompting strategy used for translating natural-language access control requirements into executable poli- cies and the choice of policy language. 3.1 Prompt Engineering for Policy Extraction A distinguishing aspect of Prose2Policy is its structured prompting mechanism designed to address a main limitation of LLM-base d policy generation: lack of control and reproducibility [ 5 , 15 , 31 ]. While our modular prompting and schema/lint/test guardrails r e- duce hallucinations and enforce structural validity , LLM inference can remain non-deterministic: repeated runs on the same NLA CP may yield dierent e xtracted representations or dierent ( yet valid) Rego implementations. Prose2Policy therefore emphasizes deploya- bility checks (schema validation, linting, compilation, and unit tests) and auditability of intermediate artifacts rather than guaranteeing identical outputs across runs. This prompt chaining strategy , aug- mented by verication fee dback, encourages more consistent and in- terpretable outputs by constraining each step to a xed schema and by rejecting invalid generations. Few studies have e xplored prompt design as a formal control me chanism. Y ang et al. [ 31 ] and Lawal et al. [ 15 ] used heuristic text-to-JSON prompts, whereas Prose2Policy formalizes prompt orchestration into a schema-go verned workow with post-generation validation via Regal [ 24 ] and OP A compila- tion/testing. In Prose2Policy , prompt chaining supports: • Intent identication : specially crafted prompts based on few-shot prompting [ 4 ] and program-of-thought prompting [ 6 ] identify whether input represents a policy , simplify it, and extract multiple policies from provided input. • Elements extraction : prompts extract decision, subject, ac- tion, resource, condition, and purpose (DSARCP) and return structured JSON for each recognized policy statement. • Rego synthesis : prompts conv ert extracted elements into Rego policies. 3.2 Rego as Policy Language Most recent r esearch around translating NLACPs focuses on NGAC [ 1 , 9 , 12 , 30 ] and XA CML [ 15 , 18 , 20 , 21 , 31 ]. For our pipeline, we chose Rego due to its declarative , human-readable syntax, enabling Prose2Policy (P2P): A Practical LLM Pip eline for Translating Natural-Language Access Policies into Exe cutable Rego , , Figure 1: Prose2Policy Architecture non-technical users to validate output and provide human-in-the- loop feedback. Rego is the policy language of Open Policy Agent (OP A) [ 22 ], which is widely used and compatible with multiple projects [ 23 ] such as Kubernetes, Envoy , Express, T erraform, and Linux-P AM. Given adoption of Rego, Prose2Policy can be useful for a large set of practitioners. 4 System Architecture and Pip eline Prose2Policy is a modular and exible tool-chain that converts natural-language access control policies into executable Rego code. The pipeline is organized into four modules: (a) pre-processing, (b) component extraction, (c) schema validation, and (d) Rego gener- ation, renement, and testing. Each module can be invoked indi- vidually through the command line interface or or chestrated as a continuous ow through a user interface. 4.1 Pre-processing The pre-processing module performs: • Policy detection by identifying if the statement represents one or multiple policies. The dete ction logic uses an explicit denition: an access control policy describes who (subject) can or cannot perform an action on a resource , sometimes under conditions or for a purpose . This ltering improves precision during pre-processing. • Co-reference resolution by resolving pronouns and im- plicit references. • T ext segmentation by breaking input text into multiple policy statements. By combining co-reference resolution and text segmentation, an input such as “Nurses are allowed to read pr escriptions, but they are not allowed to change them” becomes two NLACPs: “Nurses are allowed to read prescriptions” and “Nurses are not allow ed to change prescriptions. ” Unlike T e xt2Policy [ 29 ] and ACRE [ 26 ], which rely on hand- crafted syntactic patterns, Prose2Policy couples prompt-based in- tent detection with deterministic normalization, providing a trans- parent pre-processing audit trail. 4.2 Component Extraction The extraction module identies core access control components using prompts to an LLM following few-shot me chanisms. The system extracts: • Decision : allow/deny determination (e.g., "allow" , "permit" , "deny") • Subject : actor to whom the p olicy applies (e.g., "administra- tors" , "users") • Action : operation being regulated ( e.g., "access" , "modify" , "view") • Resource : protected asset (e.g., " database " , "les", "r ecords") • Condition : contextual constraints e.g., " during business hours" , "with appr oval") • Purpose : intended goal of the action(e .g., "for maintenance " , "for auditing") 4.3 Schema V alidation The schema validation module ensures extracted DSARCP compo- nents conform to predened organization-sp ecic schemas ( JSON) listing valid values for each component. If crucial comp onents like subject, action, or resource are not identied, the ow stops and missing attribute details are shar ed with the policy administrator . This stage is congurable and can be disabled for research use. Prose2Policy includes multiple schemas based on datasets used in prior research [12] which can be modied as neede d. 4.4 Rego Generation, Renement, and T esting The generator emits Rego modules that follow a deny-by-default pattern and annotates rules with extracted DSARCP for auditability . If multiple policy statements are identied, the output is a single Rego module with all statements encoded. Generated Rego is validated by a Rego linter and style checker (Regal) [ 24 ]; feedback is incorporate d to improve generated policy code. Policies are then compiled to ensure OP A compatibility and tested against dynamically generated p ositive and negative test cases executed via opa test . Unit tests are automatically generate d by the system based on extracted policy components, minimizing manual intervention. This testing approach provides condence in generated policies before deployment. While RA Gent [ 12 ] and ARPaCCino [ 25 ] emphasize generation quality and policy feedback, Prose2Policy fo cuses on deployment r eliability by integrating static checks and unit tests. 5 Prose2Policy Features Prose2Policy provides a web-based interface that unies the mo du- lar pipeline into an interactive environment. The design supports practitioners who author , validate, and deploy policies, and re- searchers who experiment with prompting, e valuation, and schema conguration. 5.1 Understanding and Experimenting with the Flow The single-policy view serves as an e xploratory environment for understanding how natural language statements e volve into e xe- cutable Rego policies. A user can paste a statement and obser ve , , V atsal Gupta and Darshan Sreenivasamurthy each stage from policy detection and DSARCP extraction to schema validation and code synthesis. The interface displays intermediate reasoning and explanations for transparency . Practitioners can use this mo de to ne-tune access rules and verify logic, while researchers can analyze prompt behavior and evaluate extraction accuracy . The same interface allows editing outputs generated by modules, enabling controlled experimentation with alternative phrasing, few-shot examples, or context windows. 5.2 Batch Processing and Corpus Preparation The batch processing feature enables users to run Prose2Policy across large text or groups of policy statements, following the congured ow for all statements. This is valuable for teams on- boarding to policy-based access control or extracting policies from design docs, user stories, or functional requirement documents, as highlighted by Lawal et al. [ 15 ]. Users can download generate d Rego modules and import them into version control systems. For researchers, this tab supports experiments comparing prompting variants or model congurations across identical datasets. 5.3 T esting and V alidation of Generated Policies Once policies are generated, the testing and validation feature veri- es correctness and deployment readiness. Prose2Policy runs each policy through opa check and linting (Regal) followed by unit tests executed using opa test . It generates p ositive and negative test cases derived from DSARCP components. This test suite bridges generation accuracy with runtime semantics, ensuring p olicies are both syntactically valid and operationally sound. Prose2Policy oers users the choice between LLM-based and Rule-based test generation modes. While both mo des are eective for standard DSARCP structures, test generation faces challenges with policies referencing external constants, nested or compound conditions, contextual variables, type conversions, or time-based evaluations. These limitations impact test generation logic rather than the correctness of generated Rego code. The LLM-based mode provides improved handling of some complex cases, but certain challenges persist in both modes. 5.4 Conguration and Prompt Customization The conguration tab provides control over how policies are ex- tracted, validated, generated and tested. Users can select among LLM providers based on cost, accuracy , or privacy requirements, can toggle schema validation and Rego validation, and can also decide if they want to use LLM or rules to generate test cases. Users can also customize prompts by editing prompt templates to rene behavior for sp ecic domains or datasets. This makes Prose2Policy adaptable for production and extensible for research experimenta- tion without modifying the core engine. 6 Evaluation and Results Prose2Policy was evaluated on the A CRE dataset [ 26 ], which has been use d in prior research such as Narouei et al. [ 18 ] and RAGent [ 12 ]. W e used the output le generated by RA Gent, consisting of 485 access control statements, as input for our tool. Because Prose2Policy lters out ambiguous statements without explicit authorization intent, it accepte d 389 statements as valid NLA CPs and generated Rego policies for them. It is w orth noting that the RA Gent output le contains only access control statements, and our pipeline applies stricter ltering to identify valid NLA CPs, resulting in a lower acceptance rate but higher policy realism. Fur- thermore, the output formats of prior tools such as RA Gent dier from Prose2Policy: pre vious work typically focused on policy identi- cation or extraction and did not generate Rego code or e xecutable unit tests. As a result, a direct, line-by-line comparison of generated Rego policies or test results is not possible. Of these, 18 policies failed to produce valid Rego due to syntax-related issues intro- duced during automated generation, resulting in 371 successfully compiled policies leading to 95.3% (371/389) compile rate. Each policy was evaluated using automatically generated posi- tive and negative unit tests derived from its DSARCP elements. With the LLM-driven test generation mechanism, Prose2Policy achieved a 82.2% positive-test pass rate (305/371) and a 98.9% negativ e-test pass rate (367/371). When compared with rule-based test cases, Prose2Policy achieve 62.1% p ositive-test pass rate and a 97.1% negative-test pass rate. The high negative-test pass rate demon- strates strong enforcement of deny-by-default semantics, while the positive-test failures primarily reect limitations of automate d test generation for more complex policies, rather than defe cts in the generated Rego code itself. 7 Conclusion and Future W ork Prose2Policy democratizes the translation of natural-language ac- cess requirements into executable, auditable policies. Its modular pipeline enables both precision and adaptability in enterprise envi- ronments while allowing resear chers to improve the performance and accuracy of the translation process. In uniting these two audi- ences, Prose2Policy functions as both a policy-as-co de workbench and a research testbed. It lays a foundation for reproducible experi- ments and practical deployment. Future enhancements will focus on improving adaptability , scal- ability , and reliability: • Advanced schema support : W e plan to enhance schema validation to supp ort wildcards, pattern-based matching, and hierarchical structures, making the tool more scalable for large or dynamic domains and r educing the need for manual enumeration of values. • Independent test generation : T o further increase trust in automated validation, we aim to de couple policy and test generation, potentially by using separate LLMs or human- in-the-loop processes, to reduce the risk of correlated errors. • Enhanced support for complex policies : W e will improve the robustness of test generation and policy synthesis for policies with nested conditions, contextual variables, or ref- erences to external constants. • Multi-language output : W e plan to extend supp ort be- yond Rego to other policy languages such as Cedar , XA CML, and NGA C, enabling broader adoption across diverse access control ecosystems. • Deterministic and semantically stable outputs : W e plan to r educe run-to-run variability by enfor cing canonical Rego templates (e .g., input-injected context such as time) and by evaluating semantic equivalence across repeated runs. Prose2Policy (P2P): A Practical LLM Pip eline for Translating Natural-Language Access Policies into Exe cutable Rego , , • Feedback-driven renement : Finally , we aim to imple- ment a feedback loop that uses test outcomes and deploy- ment feedback to automatically rene subsequent policy generations. , , V atsal Gupta and Darshan Sreenivasamurthy References [1] Mahmoud Abdelgawad, Indrajit Ray , and Saleh Alqurashi. 2023. Synthesizing and Analyzing ABAC Models from Natural Language Policies. In Proceedings of the ACM Symposium on Access Control Models and T echnologies (SACMA T ’23) . [2] Adebayo Adeyinka. 2023. Automated Compliance Management in Hybrid Cloud Architectures: A Policy-as-Code Approach. ResearchGate. [3] Amazon W eb Services. 2023. Cedar Policy Language Documentation. https: //www.cedarpolicy .com/en [4] T om B. Br own, Benjamin Mann, Nick Ry der , et al . 2020. Language Models are Few-Shot Learners. In Advances in Neural Information Processing Systems (NeurIPS 2020) . [5] Mark Chen, Jerr y T worek, Heewoo Jun, et al. 2021. Evaluating Large Language Models Trained on Code. arXiv preprint arXiv:2107.03374 (2021). [6] Minhao Chen, Denny Zhou, Nathanael Schärli, and Lei Hou. 2023. Program of Thoughts Prompting: Disentangling Computation from Reasoning for Numerical Reasoning T asks. arXiv preprint arXiv:2305.20050 (2023). [7] Vikram Chopra. 2025. OA uth Is Not Enough: A uthorization Challenges for Autonomous AI A gents. TechRxiv (2025). [8] Neha Chowdhary, Tanmoy Dutta, and Subhrendu Chattopadhyay. 2025. Au- toP A C: Exploring LLMs for A utomating Policy to Code Conversion in Business Organizations. In IEEE Conference Proceedings . [9] David F. Ferraiolo, Ravi Sandhu, and D. Richard Ferraiolo. 2016. The Policy Machine: A Novel Architecture and Framework for Access Control Policy Speci- cation and Enforcement. Journal of Systems and Software 89 (2016), 1–17. [10] Saurabh Gaurav, Jussi Heikkonen, and Jatin Chaudhary. 2025. Governance- as-a-Service: A Multi-A gent Framework for AI System Compliance and Policy Enforcement. arXiv preprint arXiv:2508.18765 (2025). [11] Sakuna Harinda Jayasundara, Nalin Asanka Gamagedara Arachchilage, and Giovanni Russello . 2023. SoK: Access Control Policy Generation from High-Level Natural Language Requirements. arXiv preprint arXiv:2310.03292 (2023). [12] Sakuna Harinda Jayasundara, Nalin Asanka Gamagedara Arachchilage, and Gio- vanni Russello. 2024. RAGent: Retrieval-Based A ccess Control Policy Generation. arXiv preprint arXiv:2409.07489 (2024). https://arxiv .org/abs/2409.07489 [13] R. N. H. Khan, Danish W asif, Joon-Hyuk Cho, and Amna Butt. 2025. Multi-Agent Code-Orchestrated Generation for Reliable Infrastructure-as-Code. arXiv preprint arXiv:2510.03902 (2025). [14] Vinay Kumar , W alee d Alasmary, and Md. Mahmud Hossain. 2024. Zero Trust Access Control: A Survey and Research Dir ections. IEEE Access (2024). [15] Samuel Lawal, Xin Zhao, Alberto Rios, Ram Krishnan, and David Ferraiolo. 2024. Translating Natural Language Specications into Access Control Policies by Leveraging Large Language Models. In IEEE Conference on Trust, Privacy and Security in Intelligent Systems and A pplications (TPS ’24) . [16] Karan Madan. 2025. ArGen: Auto-Regulation of Generative AI via GRPO and Policy-as-Code. arXiv preprint arXiv:2509.07006 (2025). [17] Ankit Mittal and V enkata V enkatesan. 2025. Practical Integration of Large Lan- guage Models into Enterprise CI/CD Pipelines for Se curity Policy V alidation. IEEE Access (2025). [18] Masoud Narouei, Hamed Khanp our , Hassan Takabi, et al . 2017. T owar ds a T op-down Policy Engineering Framework for ABA C. In Proceedings of the ACM Symposium on Access Control Models and T echnologies (SA CMA T ’17) . [19] Masoud Narouei and Hassan T akabi. 2015. Automatic T op-Down Role Engi- neering Framework Using Natural Language Processing T echniques. In IFIP International Conference on Information Security Theory and Practice . Springer , 137–152. [20] Masoud Narouei, Hassan T akabi, and Rodney Nielsen. 2018. A utomatic Extraction of Access Control Policies from Natural Language Documents. IEEE Transactions on Dependable and Se cure Computing 17, 3 (2018), 506–517. [21] OASIS Standar d. 2013. eXtensible Access Control Markup Language (XA CML) V ersion 3.0 Core Sp ecication. https://docs.oasis- open.org/xacml/3.0/xacml- 3.0- core- spe c- os- en.html [22] Open Policy Agent Contributors. 2016. Open Policy Agent. https://www. openpolicyagent.org/ [23] Open Policy Agent Contributors. 2023. OPA Ecosystem REST API Integrations. https://www.openpolicyagent.org/ecosystem/rest- api- integration/ [24] Open Policy Agent Ecosystem. 2024. Regal: Rego Policy Linter . https://www. openpolicyagent.org/ecosystem/entr y/regal [25] Francesco Romeo, Luigi Arena, Francesco Blefari, and Francesco Aurelio Pironti. 2025. ARPaCCino: An Agentic-RAG for Policy as Code Compliance. Springer (2025). [26] John Slankas and Laurie Williams. 2013. Access Control Policy Extraction from Unconstrained Natural Language T ext. In International Conference on Social Computing . [27] Thomas South, Stefano Marro, Thomas Hardjono, et al . 2025. Authenticated Delegation and Authorized AI A gents. arXiv preprint arXiv:2501.09674 (2025). [28] Pranav Subramaniam and Suresh Krishnan. 2024. Intent-Based Access Con- trol: Using LLMs to Intelligently Manage Access Control. arXiv preprint arXiv:2402.07332 (2024). [29] Xusheng Xiao, Amit Paradkar , Suresh Thummalapenta, and Tao Xie. 2012. Au- tomated Extraction of Security Policies from Natural-Language Software Doc- uments. In Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE ’12) . [30] Ding Xu and Yan Zhang. 2014. Specication and Analysis of Attribute-Based Access Control Policies: An Overview . In IEEE SERE-C . [31] Mian Y ang, Vijayalakshmi Atluri, Shamik Sural, and Ashish Kundu. 2025. Extrac- tion of Machine Enforceable ABA C Policies from Natural Language T ext using LLM Knowledge Distillation. In Proceedings of the ACM Symposium on Access Control Models and T echnologies (SACMA T ’25) . doi:10.1145/3734436.3734447 [32] Tianyi Zhang, Shidong Pan, Zhenchang Xing, and Xiaoyu Sun. 2025. Deployability-Centric Infrastructure-as-Code Generation: An LLM-based Itera- tive Framework. arXiv preprint arXiv:2506.05623 (2025). A Additional Resources and Details This appendix provides supplementar y material intended to supp ort reproducibility and does not intr oduce new technical contributions. A.1 Example NLACP to Rego Translation The diagram shows how a p olicy statement go es through the dier- ent modules, along with the inputs and outputs for each module. Figure 2: Inputs and outputs of each comp onent Note : Co de for the to ol describ ed in this paper will be made publicly available upon acceptance, in accor dance with SA CMA T policy .