Authorization infrastructure
You added if-statements early on. They multiplied. Now nobody's quite sure what the rules are, the logic is scattered across your codebase, and when a customer asks who has access to their data you have to guess.
Ferri offloads your entire authorization layer, logs every access event, and keeps you audit-ready without adding infrastructure.
No spam. We'll reach out personally when we're ready for design partners.
You're on the list. We'll be in touch.
How it looks
// Install the SDK $ npm install @ferri/sdk // Compile your permission model into Postgres $ ferri migrate --db $DATABASE_URL // Check permissions anywhere in your app import { Ferri } from '@ferri/sdk' const ferri = new Ferri({ db: pool }) const { allowed } = await ferri.check({ subject: { type: 'user', id: userId }, permission: 'can_view', resource: { type: 'document', id: docId } }) // Every check is logged. Every event is auditable. // Returns: { allowed: true, latency: '380μs', eventId: 'evt_...' }
# Install the SDK $ pip install ferri-sdk # Compile your permission model into Postgres $ ferri migrate --db $DATABASE_URL # Check permissions anywhere in your app from ferri import Ferri ferri = Ferri(dsn=DATABASE_URL) result = ferri.check( subject={"type": "user", "id": user_id}, permission="can_view", resource={"type": "document", "id": doc_id} ) # Every check is logged. Every event is auditable. # Returns: { "allowed": True, "latency": "380μs", "event_id": "evt_..." }
The problem
Almost every engineering team starts with if-statements and ends up with a tangle of logic nobody fully understands. When a compliance audit asks "show us who has access to what and prove it" most teams panic.
The existing solutions require running a separate service alongside your application, syncing your data to it, managing another piece of infrastructure, and debugging failures across a network boundary. That overhead is why most teams still roll their own.
The insight
Your users, resources, and relationships already live in Postgres. Ferri compiles your permission model into SQL functions that run inside your existing database. No new service. No data sync. Permission checks in the same transaction as everything else.
And because every check runs through Ferri, every event is logged, structured, and ready to pipe into your audit trail or SIEM the moment you need it.
We're looking for a small number of teams to work with closely before public launch. Design partners get direct access to the roadmap and early compliance features.
How it works
01
Write your permission rules using a simple schema language. Editors can edit. Viewers can view. Permissions inherit through folders and roles. Express it once, clearly, in a file you can version control.
02
Run ferri migrate. The compiler analyses your model and generates specialised SQL functions, one per relation. The traversal logic is computed at compile time, not runtime. Nothing new to deploy or operate.
03
Call check() from any language via SDK or raw SQL. Sub-millisecond checks. Transaction-aware by default. Every decision logged automatically so you always know who accessed what and when.
Built for compliance
Every permission check, grant, and denial is logged with a structured event. No setup required. When your auditor asks who had access to what on a specific date, you have the answer immediately.
Pipe authorization events directly into Datadog, Splunk, Elastic, or your data lake. Ferri speaks structured JSON out of the box. Connect your security stack in minutes, not weeks.
Access control evidence is one of the most painful parts of a SOC 2 audit. Ferri generates the reports your auditor needs automatically. Stop scrambling when the audit window opens.
The difference
Early access
We're working with a small group of design partners before public launch. If your team runs Postgres and has been putting off fixing your permission model, we want to talk to you.
No spam. We'll reach out personally when we're ready for design partners.
You're on the list. We'll be in touch.