This version introduces fullstack support, allowing the same access control system to run across frontend and backend with a single shared configuration.
Define access once. Use it everywhere.
Highlights
- Fullstack support (React, Next.js, Node.js, APIs)
- Single shared config for frontend and backend
- Unified access logic (no duplication)
- RBAC, ABAC, feature flags, experiments, and plan gating in one system
- SSR-safe and deterministic evaluation
- Plugin system for analytics and audit logging
- Zero runtime dependencies
- Full TypeScript support
Included
- Core access engine (frontend + backend)
- React hooks (
useAccess) and components (<Allow />,<Can />,<Feature />,<Experiment />) - Backend engine APIs (
hasPermission,evaluatePolicy,evaluateFeature, etc.) - Express-style middleware patterns
- Example apps and fullstack usage patterns
- Documentation site and playground
- Extended test coverage
Core APIs
Frontend
AccessProvideruseAccess()<Allow /><Can /><Feature /><Experiment />
Backend
hasPermission()hasRole()evaluateFeature()evaluatePolicy()assignExperiment()hasPlanAccess()evaluateAllFeatures()
Notes
This is the first stable release of react-access-engine.
The core architecture is now in place and ready for production use. Future releases will focus on incremental improvements, ecosystem expansion, and developer experience.
Feedback
Feedback, issues, and contributions are welcome.
If this project helps you, consider starring ⭐ the repo.