Show HN: ZenStack – access control at the ORM layer, built for coding agents

carlual1 pts0 comments

Hi HN, I m Jiasheng, co-creator of ZenStack.Access control usually ends up scattered across app code instead of living with the data model — and that s riskier when the code is written by an agent, since it s easy to ship a query with a missing or incomplete authorization check. ZenStack enforces policy (RBAC/ABAC/relation-based) directly at the ORM layer, on top of Kysely, so every query gets checked the same way regardless of who wrote it and who is calling it.Postgres RLS is an option too, but it s hard to maintain and scale, and it s Postgres-only — ZenStack s approach is database-agnostic.One of our users, MermaidChart, put it well after launching their team feature on ZenStack: much cleaner and easier to maintain than writing RLS policies or application-level checks that will surely leak after some time. Happy to answer anything.

zenstack access control layer code query

Related Articles