Skip to content
/ engine Public

The Authorization Database. High-performance, fine-grained access control at scale.

inferadb.com

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

inferadb/engine

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

457 Commits
.config
.config
 
 
.github
.github
 
 
.serena
.serena
 
 
api
api
 
 
crates
crates
 
 
docker
docker
 
 
docs
docs
 
 
grafana
grafana
 
 
helm
helm
 
 
k8s
k8s
 
 
prometheus
prometheus
 
 
proto @ bd081e2
proto @ bd081e2
 
 
scripts
scripts
 
 
terraform
terraform
 
 
tests/regression
tests/regression
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
.mise.toml
.mise.toml
 
 
.release-please-manifest.json
.release-please-manifest.json
 
 
.rustfmt.toml
.rustfmt.toml
 
 
AGENTS.md
AGENTS.md
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CLAUDE.md
CLAUDE.md
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
Dockerfile
Dockerfile
 
 
Dockerfile.integration
Dockerfile.integration
 
 
LICENSE-APACHE
LICENSE-APACHE
 
 
LICENSE-MIT
LICENSE-MIT
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
codecov.yml
codecov.yml
 
 
concept.ipl
concept.ipl
 
 
config.integration.yaml
config.integration.yaml
 
 
config.production.yaml
config.production.yaml
 
 
config.yaml
config.yaml
 
 
justfile
justfile
 
 
release-please-config.json
release-please-config.json
 
 
renovate.json
renovate.json
 
 
rust-toolchain.toml
rust-toolchain.toml
 
 

Repository files navigation

InferaDB Logo

InferaDB Authorization Engine

Discord CI Code Coverage License

ReBAC engine with declarative policies, graph evaluation, and sub-millisecond latency

Important

Under active development. Not production-ready.

Inspired by Google Zanzibar. AuthZEN compliant.

Quick Start

git clone https://github.com/inferadb/engine && cd engine
mise trust && mise install
cargo run --bin inferadb-engine

Check a permission:

curl -X POST http://localhost:8080/v1/evaluate \
  -H "Content-Type: application/json" \
  -d '{"evaluations": [{"subject": "user:alice", "resource": "doc:readme", "permission": "viewer"}]}'

Features

Feature Description
Complete API Check, Expand, ListResources, ListSubjects, Watch
Multi-Tenant Data isolation via Organizations and Vaults
Wildcards Model public resources with user:*
Observable Prometheus, OpenTelemetry, structured logs
Storage Memory (dev) or Ledger (prod)
Extensible WASM modules for custom logic

Architecture

graph TD
    Bin[inferadb-engine] --> API[inferadb-engine-api]
    API --> Core[inferadb-engine-core]
    API --> Auth[inferadb-engine-auth]
    Core --> Repo[inferadb-engine-repository]
    Core --> Cache[inferadb-engine-cache]
    Repo --> Store[inferadb-engine-store]
    Store --> Memory[(Memory)]
    Store --> Ledger[(InferaDB Ledger)]
Loading
Crate Purpose
inferadb-engine Binary entrypoint
inferadb-engine-api REST and gRPC endpoints
inferadb-engine-core Permission evaluation, IPL parser
inferadb-engine-auth JWT validation, JWKS, OAuth
inferadb-engine-repository Domain repositories
inferadb-engine-store Storage trait definitions
inferadb-engine-cache Result caching
inferadb-engine-config Configuration and secrets
inferadb-engine-types Shared type definitions
inferadb-engine-const Shared constants
inferadb-engine-observe Metrics, tracing, logging
inferadb-engine-wasm WebAssembly sandbox

Configuration

Configure via config.yaml or environment variables (INFERADB__ENGINE__ prefix):

engine:
  listen:
    http: "127.0.0.1:8080"
    grpc: "127.0.0.1:8081"

  storage: "ledger"  # or "memory" for dev

  ledger:
    endpoint: "http://ledger.inferadb:50051"
    client_id: "engine-prod-001"
    namespace_id: 1

  cache:
    enabled: true
    capacity: 100000
    ttl: 300

Development

just test        # Standard tests
just lint        # Clippy
just fmt         # Format

See just --list for all commands and CONTRIBUTING.md for guidelines.

License

Dual-licensed under MIT or Apache 2.0.

About

The Authorization Database. High-performance, fine-grained access control at scale.

inferadb.com

Topics

rust caching rest-api permissions grpc wasm authorization graph-database access-control policy-engine fine-grained-access-control zanzibar rebac inferadb

Resources

Readme

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

12 tags

Packages

 
 
 

Languages