This library provides a simple way to define and enforce policies within your application. Policies are defined as a set of rules that determine whether a specific action can be performed based on a given context.
The API surface is small:
definePolicy
: Define a policy, the core primitivedefinePolicies
: Define a policy set (a collection of policies created withdefinePolicy
)check
: Test a policy conditionassert
: Assert a policy condition (throws if condition is not met)
// somewhere in your app
type MyContext = { userId: string; rolesByOrg: Record<string, "user" | "admin" | "superadmin"> };
// define all your policies
import { assert, check, definePolicies, definePolicy, matchSchema, notNull, or } from "comply";
import { z } from "zod";
const OrgPolicies = definePolicies((context: MyContext) => (orgId: string) => {
const currentUserOrgRole = context.rolesByOrg[orgId];
return [
definePolicy("can administrate", or(currentUserOrgRole === "admin", currentUserOrgRole === "superadmin")),
definePolicy("is superadmin", currentUserOrgRole === "superadmin"),
];
});
const UserPolicies = definePolicies((context: MyContext) => (userId: string) => [
definePolicy("can edit profile", context.userId === userId),
]);
// create and export a 'guard' that contains all your policies, scoped by domain
export const Guard = (context: MyContext) => ({
org: OrgPolicies(context),
user: UserPolicies(context),
});
// use - example with Remix Run
import { matchSchema, notNull, definePolicy, definePolicies, check, assert } from 'comply';
// route: /orgs/:orgId
const ParamsSchema = z.object({ orgId: z.string() });
export function loader({ request, context, params }: LoaderFunctionArgs) {
const guard = Guard(context);
// define an implicit policy on the fly!
assert("params are valid", matchSchema(ParamsSchema), params);
// params is now typed as { orgId: string }
// 👇 type-safe 👇 type-safe
if (check(guard.org(params.orgId).policy("can administrate"))) {
console.log("User can administrate the IT department.");
} else {
console.log("User cannot administrate the IT department.");
}
assert(guard.org(params.orgId).policy("can administrate"));
// context.rolesByOrg[params.orgId] === "admin"
// otherwise it throws an error
}
Accessing policies by name from policy sets is type-safe.
For example, with guard.org(params.orgId).policy("can administrate")
, "can administrate"
will be suggested by Typescript.
If the condition requires a parameter, assert
and check
will require it.
Finally, if the condition is a type guard, the parameter you pass will be inferred automatically.
To define policies, you create a policy set using the definePolicies
function.
Each policy definition is created using the definePolicy
function, which takes a policy name and a callback that defines the policy logic (or a boolean value).
Important
For convenience, the condition can be a boolean value but you will lose type inference
If you want TS to infer something (not null, union, etc), use a condition function
The callback logic can receive a unique parameter (scalar or object) and return a boolean value or a a type predicate.
You can also provide an error factory to the policy (3rd argument) to customize the error message.
definePolicies
returns a policy set (a collection of policies you can invoke with .policy("name")
) or a policy set factory (a function that takes a parameter and returns a policy set).
You can then use this set to check if a condition is met and/or assert it with check
and assert
.
definePolicies
accepts an array of policies created with definePolicy
.
Primary use case: simple policies that can be defined inline and are 'self-contained' (don't need a context or a factory).
const policies = definePolicies([
// built-in type guards
definePolicy("is not null", notNull),
definePolicy('params are valid', matchSchema(z.object({ name: z.string() }))),
// type guard
definePolicy("is a string", (v: unknown): v is string => typeof v === "string"),
]);
definePolicies
can take a callback that receives a context (whatever you want to pass to your policies) and returns a policy set or a policy set factory.
A policy set factory is a function that takes a parameter (scalar or object) and returns a policy set.
The primary purpose of this is to simplify the definition of policies that depend on a parameter (e.g. a userId, orgId, etc.).
Here's a quick example:
// 1️⃣
type Context = { userId: string; rolesByOrg: Record<string, "user" | "admin" | "superadmin">; appRole: "admin" | "user" };
const AdminPolicies = definePolicies((context: Context) => [
definePolicy("has app admin role", context.appRole === "admin")
]);
// 2️⃣
const OrgPolicies = definePolicies((context: MyContext) => (orgId: string) => {
const adminGuard = AdminPolicies(context);
const currentUserOrgRole = context.rolesByOrg[orgId];
return [
definePolicy("can administrate", () =>
or(
() => currentUserOrgRole === "admin",
() => currentUserOrgRole === "superadmin",
() => check(adminGuard.policy("has app admin role"))
),
definePolicy("is superadmin", () => currentUserOrgRole === "superadmin"),
];
});
// other policies...
// 3️⃣
// create and export a 'guard' that contains all your policies, scoped by domain
export const Guard = (context: Context) => ({
org: OrgPolicies(context),
});
Let's break it down:
We define a context type that includes the necessary information for our policies.
It's up to you what you put in it, depending on what framework you're using and what information you need in your policies.
We create a policy set factory that takes a orgId
and returns a policy set.
This way, we can 'scope' our policies to a specific organization and benefit from the closure feature (all policies share the same currentUserOrgRole
variable).
We also can invoke other policy sets factories (e.g. AdminPolicies
) and compose new policies.
We create and export a Guard
function (arbitrary name) that takes a context and returns an object containing all our policies.
We choose to scope our policies by domain (e.g. org
, user
, params
, etc.) to avoid conflicts and make the code more organized.
To use your policies, invoke the Guard
factory with the context and then use the returned object to access your policies.
Here's an example with a Remix Run loader but it works the same with any other framework.
import { matchSchema, notNull, definePolicy, definePolicies, check, assert } from 'comply';
// route: /orgs/:orgId
const ParamsSchema = z.object({ orgId: z.string() });
export function loader({ request, context, params }: LoaderFunctionArgs) {
const guard = Guard(context);
// 1️⃣ define an implicit policy on the fly!
assert("params are valid", matchSchema(ParamsSchema), params)
// params is now typed as { orgId: string }
// 2️⃣ 👇 type-safe 👇 type-safe
if (check(guard.org(params.orgId).policy("can administrate"))) {
console.log("User can administrate the IT department.");
} else {
console.log("User cannot administrate the IT department.");
}
// 3️⃣
assert(guard.org(params.orgId).policy("can administrate"))
// context.rolesByOrg[params.orgId] === "admin"
// otherwise it throws an error
}
Let's break it down:
Just to demonstrate that we can, we define an implicit policy on the fly!
It's a quick way to name an assert/check in your code flow.
It works the same for check
and it's equivalent to defining a policy with definePolicy
.
We use check
and pass it the policy we want to evaluate. We are telling a story here: "check if the user can administrate this specific organization".
We use assert
to assert a policy condition. It passes or it throws an error.
The library does not support async policy evaluation because TypeScript does not support async type guards. (microsoft/TypeScript#37681).
Of course, we can use async check but not directly in policy conditions.
Here's an example:
type Context = { userId: string; rolesByOrg: Record<string, "user" | "admin"> };
const OrgPolicies = definePolicies((context: Context) => (orgId: string) => [
definePolicy("can administrate org", (stillOrgAdmin: boolean) =>
and(context.rolesByOrg[orgId] === "admin", stillOrgAdmin)
),
]);
// fake server check
async function checkIfStillOrgAdmin(orgId: string, userId: string) {
// ...
}
// route: /orgs/:orgId
const ParamsSchema = z.object({ orgId: z.string() });
export async function loader({ request, context, params }: LoaderFunctionArgs) {
const guard = Guard(context);
assert("params are valid", matchSchema(ParamsSchema), params)
assert(guard.org(params.orgId).policy("can administrate org"), await checkIfStillOrgAdmin(params.orgId, context.userId))
}
In this example, our policy condition requires a parameter (stillOrgAdmin
, boolean, but can be any type).
Then we use inversion of control to pass the parameter to the policy condition.
This is not what I really want, but it's a temporary limitation we have to live with until TypeScript implements async type guards.
I prefer to preserve the type guard/inference benefits of assert
and check
instead of supporting async policy conditions.
Core primitive to define a policy.
type PolicyError = Error;
type PolicyErrorFactory<T extends PolicyError = PolicyError> = (arg: unknown) => T;
type PolicyConditionWithArg<T = any> = (arg: T) => boolean;
type PolicyConditionArg<P extends PolicyCondition> = P extends PolicyConditionWithArg<infer T> ? T : never;
type PolicyConditionTypeGuard<T = any, U extends T = T> = (arg: T) => arg is U;
type PolicyConditionTypeGuardResult<P extends PolicyCondition> = P extends PolicyConditionTypeGuard<any, infer U>
? U
: PolicyConditionArg<P>;
type PolicyConditionNoArg = (() => boolean) | boolean;
type PolicyCondition<T = any, U extends T = T> =
| PolicyConditionTypeGuard<T, U>
| PolicyConditionWithArg<T>
| PolicyConditionNoArg;
function definePolicy(name: string, condition: PolicyCondition, errorFactory?: PolicyErrorFactory)
Example:
const postHasCommentsPolicy = definePolicy(
"post has comments",
(post: Post) => post.comments.length > 0,
() => new Error("Post has no comments")
);
Core primitive to define a policy set (collection of policies).
function definePolicies<T extends AnyPolicies>(policies: T): PolicySet<T>;
type AnyPolicy = Policy<PolicyName, PolicyCondition>;
type AnyPolicies = AnyPolicy[];
type PolicyFactory = (...args: any[]) => AnyPolicies;
type PoliciesOrFactory = AnyPolicies | PolicyFactory;
type PolicySetOrFactory<T extends PoliciesOrFactory> = T extends AnyPolicies
? PolicySet<T>
: T extends PolicyFactory
? (...args: Parameters<T>) => PolicySet<ReturnType<T>>
: never;
type WithRequiredContext<T> = T extends (arg: infer A) => any ? (unknown extends A ? never : T) : never;
function definePolicies<Context, T extends PoliciesOrFactory>(
define: WithRequiredContext<(context: Context) => T>
): (context: Context) => PolicySetOrFactory<T>;
Example:
const PostPolicies = definePolicies((context: Context) => [
definePolicy("post has comments", (post: Post) => post.comments.length > 0),
definePolicy("is author", (post: Post) => post.authorId === context.userId)
]);
export const Guard = (context: Context) => ({
post: PostPolicies(context),
});
function assert(name: string, condition: PolicyConditionNoArg): void;
function assert<TPolicyCondition extends PolicyConditionTypeGuard<any> | PolicyConditionWithArg<any>>(
name: string,
condition: TPolicyCondition,
arg: TPolicyCondition extends PolicyConditionNoArg ? never : PolicyConditionArg<TPolicyCondition>
): asserts arg is TPolicyCondition extends PolicyConditionNoArg
? never
: PolicyConditionTypeGuardResult<TPolicyCondition>;
function assert<TPolicyCondition extends PolicyConditionNoArg>(
policy: Policy<PolicyName, TPolicyCondition, PolicyErrorFactory>
): void;
function assert<TPolicyCondition extends PolicyConditionTypeGuard<any> | PolicyConditionWithArg<any>>(
policy: Policy<PolicyName, TPolicyCondition, PolicyErrorFactory>,
arg: TPolicyCondition extends PolicyConditionNoArg ? never : PolicyConditionArg<TPolicyCondition>
): asserts arg is TPolicyCondition extends PolicyConditionNoArg
? never
: PolicyConditionTypeGuardResult<TPolicyCondition>;
Example:
const guard = Guard(context);
const post = await fetchPost(id);
assert(guard.post.policy("is author"), post);
// post.authorId === context.userId
function check(name: string, condition: PolicyConditionNoArg): boolean;
function check<TPolicyCondition extends PolicyConditionTypeGuard<any> | PolicyConditionWithArg<any>>(
name: string,
condition: TPolicyCondition,
arg: TPolicyCondition extends PolicyConditionNoArg ? never : PolicyConditionArg<TPolicyCondition>
): arg is TPolicyCondition extends PolicyConditionNoArg ? never : PolicyConditionTypeGuardResult<TPolicyCondition>;
function check<TPolicyCondition extends PolicyConditionNoArg>(
policy: Policy<PolicyName, TPolicyCondition>
): boolean;
function check<TPolicyCondition extends PolicyConditionTypeGuard<any> | PolicyConditionWithArg<any>>(
policy: Policy<PolicyName, TPolicyCondition>,
arg: TPolicyCondition extends PolicyConditionNoArg ? never : PolicyConditionArg<TPolicyCondition>
): arg is TPolicyCondition extends PolicyConditionNoArg ? never : PolicyConditionTypeGuardResult<TPolicyCondition>;
Example:
const guard = Guard(context);
const post = await fetchPost(id);
if (check(guard.post.policy("post has comments"), post)) {
console.log("Post has comments");
}
Evaluates all the policies with check
and returns a snapshot with the results.
It's useful to serialize policies.
It takes an array of policies. If a policy does not take an argument, it can be passed as is. Policies that take an argument have to be passed as a tuple with the argument.
type PolicyTuple =
| Policy<string, PolicyConditionNoArg>
| readonly [string, PolicyConditionNoArg]
| readonly [Policy<string, PolicyConditionNoArg>]
| readonly [Policy<string, PolicyConditionWithArg>, any];
type InferPolicyName<TPolicyTuple> = TPolicyTuple extends readonly [infer name, any]
? name extends Policy<infer Name, any>
? Name
: name extends string
? name
: never
: TPolicyTuple extends readonly [Policy<infer Name, any>]
? Name
: TPolicyTuple extends Policy<infer Name, any>
? Name
: never;
type PoliciesSnapshot<TPolicyName extends string> = { [K in TPolicyName]: boolean };
export function checkAllSettle<
const TPolicies extends readonly PolicyTuple[],
TPolicyTuple extends TPolicies[number],
TPolicyName extends InferPolicyName<TPolicyTuple>,
>(policies: TPolicies): PoliciesSnapshot<TPolicyName>
Example:
// TLDR
const snapshot = checkAllSettle([
[guard.post.policy("is my post"), post], // Policy with argument
["post has comments", post.comments.length > 0], // Implicit policy with no argument
definePolicy("post has likes", post.likes.length > 0), // Policy without argument
]);
// Example
const PostPolicies = definePolicies((context: Context) => {
const myPostPolicy = definePolicy(
"is my post",
(post: Post) => post.userId === context.userId,
() => new Error("Not the author")
);
return [
myPostPolicy,
definePolicy("published post or mine", (post: Post) =>
or(check(myPostPolicy, post), post.status === "published")
),
];
});
const guard = {
post: PostPolicies(context),
};
const snapshot = checkAllSettle([
[guard.post.policy("is my post"), post],
["post has comments", post.comments.length > 0],
definePolicy("post has likes", post.likes.length > 0),
]);
console.log(snapshot); // { "is my post": boolean; "post has comments": boolean; "post has likes": boolean }
console.log(snapshot["is my post"]) // boolean
Logical OR operator for policy conditions.
function or(...conditions: (() => Policy<PolicyName, PolicyCondition, PolicyConditionArg<PolicyCondition>> | boolean)[])
Example:
const PostPolicies = definePolicies((context: Context) => {
const myPostPolicy = definePolicy(
"my post",
(post: Post) => post.userId === context.userId,
() => new Error("Not the author")
);
return [
myPostPolicy,
definePolicy("all published posts or mine", (post: Post) =>
or(
() => check(myPostPolicy, post),
() => post.status === "published"
)
),
definePolicy("[lazy] all published posts or mine", (post: Post) =>
or(check(myPostPolicy, post), post.status === "published")
),
];
});
Logical AND operator for policy conditions.
function and(
...conditions: (() => Policy<PolicyName, PolicyCondition, PolicyConditionArg<PolicyCondition>> | boolean)[]
)
Example:
const PostPolicies = definePolicies((context: Context) => {
const myPostPolicy = definePolicy(
"my post",
(post: Post) => post.userId === context.userId,
() => new Error("Not the author")
);
return [
myPostPolicy,
definePolicy("my published post", (post: Post) =>
and(
() => check(myPostPolicy, post),
() => post.status === "published"
)
),
definePolicy("[lazy] my published post", (post: Post) =>
and(check(myPostPolicy, post), post.status === "published")
),
];
});