Documentation hub
@siremzam/sentinel is a TypeScript-first authorization engine for SaaS applications.
Web site: vegtelenseg.github.io/sentinel (search, sidebar, dark mode). This page mirrors the site for browsing in the repo.
Use the sections below or the sidebar to find what you need.
Start here
| I want to… | Go to |
|---|---|
| Understand what Sentinel is and whether it fits my app | What is Sentinel? |
| Install and run my first evaluation in five minutes | Quickstart |
See why teams pick Sentinel over scattered if (role) checks | Why Sentinel? |
| Try policies in the browser without installing anything | Interactive playground |
| Upgrade between versions | Upgrading |
| Wire Sentinel into Express, Fastify, Hono, or NestJS | Frameworks below |
Getting started
- Installation — add the package, understand exports and bundle size
- Quickstart — schema, policies, evaluation, and tenant context in one walkthrough
After the quickstart, read How evaluation works before diving into advanced features.
Core concepts
| Concept | What you will learn |
|---|---|
| The schema | How one TypeScript interface drives autocomplete and compile-time safety across the entire API |
| Subjects and roles | Who is asking for access, how roles are assigned, and global vs tenant-scoped roles |
| Actions and resources | Domain verbs (invoice:approve) instead of CRUD, and why that matters |
| Policy rules | The atomic unit of authorization — allow, deny, conditions, priority |
| How evaluation works | The full decision pipeline: role resolution, matching, sorting, first-match-wins |
| Multitenancy | Per-tenant roles, strict mode, and preventing cross-tenant leaks |
| Conditions (ABAC) | Attribute-based rules, sync vs async, fail-closed semantics |
| Role hierarchy | Inheritance, expansion at evaluation time, cycle detection |
| Priority and deny resolution | Why deny wins at equal priority and how to override broad denies |
Guides
Writing and managing policies
- The policy factory —
createPolicyFactoryand fluentallow()/deny()builders - Wildcard actions —
invoice:*,*:read, and compile-time patterns - Async conditions — database lookups, quotas, and the async evaluation APIs
- JSON policy serialization — store rules in a database with
ConditionRegistry - Testing policies — table-driven tests with
explain()traces
Observability and UX
- Debugging with
explain()— per-rule traces when access breaks in production - Audit logging —
onDecision,toAuditEntry(), and structured events - UI permissions —
permitted()for buttons, menus, and route guards - Evaluation cache — when caching is safe and when it is not
Frameworks
Ready-made middleware and guards — import for your stack instead of writing authorization middleware yourself.
- Middleware reference — exports, options, and shared types
- Express
- Fastify
- Hono
- NestJS
- Server mode — HTTP microservice for polyglot stacks
Patterns
- Ownership and resource-scoped access
- Common recipes — time gates, feature flags, deny-with-override, IP restrictions
Comparisons and migration
| From | Guide |
|---|---|
| CASL | Migrating from CASL |
| Casbin | Migrating from Casbin |
| accesscontrol | Migrating from accesscontrol |
| All libraries | Feature comparison |
Reference
AccessEngineRuleBuilder/createPolicyFactory- Types —
Subject,Decision,EvaluationContext, and more - Middleware
- Server
- Serialization
Other resources
- When not to use Sentinel
- Security model
- Performance and benchmarks
- Examples — runnable
standaloneandexpress-multi-tenantprojects - CHANGELOG
- CONTRIBUTING
- Something missing or unclear? Open an issue