Aegis Guard
Dynamic, database driven RBAC and ABAC for the web. The permission engine is framework agnostic; the first binding targets Next.js App Router.
- Server first: gate content in React Server Components before it reaches the client.
- Database agnostic: bring your own adapter for Prisma, Drizzle, raw SQL, or anything else.
- Explainable: every check returns a decision with the reason and the matched and missing roles.
- Validated: opt in, fail closed runtime validation with any library, or none.
- Auto discovery: Shield registers resources in your database during development.
Install
npm install aegis-guardPeer dependencies: next >= 16, react >= 18, react-dom >= 18.
How it works
Permissions live in your database, not in code, so they change at runtime with no redeploy. You provide a small adapter that answers two questions: which roles a user has, and which roles a resource allows. Aegis Guard does the rest: gating Server Components, guarding API routes and middleware, and serving an admin dashboard to edit permissions.
Live demo
The playground app is a full interactive demo: protected pages, a role switcher, the decision inspector, and the fail closed validators page. Run it from the monorepo:
pnpm --filter playground devNext steps
- Getting Started wires Aegis Guard into a Next.js app.
- Shield component gates Server Components.
- Universal guard covers decisions and request scoped checks.
- Runtime validation validates adapter output, fail closed.
- API Reference lists every export.
Last updated on