Toride

Appearance

Getting Started

Toride is a relation-aware authorization engine for TypeScript. You define policies in YAML, provide resolvers — simple functions that return attributes from any data source — and the engine handles permission checks, including partial evaluation for data filtering.

Prerequisites

  • Node.js 20 or later
  • A TypeScript project
  • A package manager (pnpm, npm, or yarn)

Installation

Core Package

Install the core toride package to get started:

bash
pnpm add toride
bash
npm install toride
bash
yarn add toride

ORM Adapters (Optional)

If you need data filtering (partial evaluation), install the adapter for your ORM:

bash
pnpm add @toride/prisma
bash
pnpm add @toride/drizzle

These adapters translate authorization constraints into query-level WHERE clauses so you can efficiently filter data based on permissions.

Code Generation (Optional)

For type-safe resolvers generated from your policy file, install the codegen package as a dev dependency:

bash
pnpm add -D @toride/codegen

This generates TypeScript types from your YAML policy, ensuring your resolver implementation stays in sync with your policy definitions.

Package Overview

PackageDescription
torideCore authorization engine — policy loading, permission checks, partial evaluation
@toride/prismaPrisma adapter — converts constraints to Prisma where clauses
@toride/drizzleDrizzle adapter — converts constraints to Drizzle where clauses
@toride/codegenCode generation — produces typed resolver interfaces from YAML policies

Project Setup

A typical Toride project has three parts:

  1. A YAML policy file that defines your authorization rules (actors, resources, roles, permissions, and conditions)
  2. Resource resolvers that tell the engine how to fetch attributes for each resource type from any data source
  3. The engine that evaluates permission checks against the policy using the resolver

Here is a minimal project structure:

my-app/
├── policy.yaml          # Authorization policy
├── src/
│   ├── auth/
│   │   ├── resolver.ts  # Resource resolvers
│   │   └── engine.ts    # Engine setup
│   └── ...
└── package.json

Next Steps

Ready to build your first authorization check? Head to the Quickstart guide for a step-by-step walkthrough.