MCPcopy Index your code
hub / github.com/Permify/permify

github.com/Permify/permify @v1.7.1 sqlite

repository ↗ · DeepWiki ↗ · release v1.7.1 ↗
5,506 symbols 13,907 edges 324 files 2,849 documented · 52%
README

github-banner

Exciting news: Permify has been acquired by FusionAuth! 🎉

<a href="https://permify.co/post/fusionauth-acquires-permify/" target="_blank">Permify Blog Post</a> | 
<a href="https://fusionauth.io/blog/fusionauth-permify-pr" target="_blank">Official Press Release</a> | 
<a href="https://fusionauth.io/blog/fusionauth-acquires-permify" target="_blank">FusionAuth Blog Post</a>




















<img alt="Permify logo" src="https://github.com/Permify/permify/raw/master/assets/logo-permify-light.png" width="40%">

Permify - Open Source Fine-Grained Authorization

Implement fine-grained, scalable and extensible access controls within minutes to days instead of months.


Inspired by Google’s consistent, global authorization system, <a href="https://permify.co/post/google-zanzibar-in-a-nutshell/" target="_blank">Zanzibar</a>







<a href="https://trendshift.io/repositories/5027" target="_blank"><img src="https://trendshift.io/api/badge/repositories/5027" alt="Permify%2Fpermify | Trendshift" style="width: 250px; height: 55px;" width="250" height="55"/></a>







<a href="https://github.com/Permify/permify" target="_blank"><img src="https://img.shields.io/github/go-mod/go-version/Permify/permify?style=for-the-badge&logo=go" alt="Permify Go Version" /></a>&nbsp;
<a href="https://goreportcard.com/report/github.com/Permify/permify" target="_blank"><img src="https://goreportcard.com/badge/github.com/Permify/permify?style=for-the-badge" alt="Permify Go Report Card" /></a>&nbsp;
<a href="https://github.com/Permify/permify" target="_blank"><img src="https://img.shields.io/github/license/Permify/permify?style=for-the-badge&logo=github" alt="Permify Licence" /></a>&nbsp;
<a href="https://discord.gg/permify" target="_blank"><img src="https://img.shields.io/discord/950799928047833088?style=for-the-badge&logo=discord&label=DISCORD" alt="Permify Discord Channel" /></a>&nbsp;
<a href="https://github.com/Permify/permify/releases" target="_blank"><img src="https://img.shields.io/github/v/release/permify/permify?style=for-the-badge&logo=github" alt="Permify Release" /></a>&nbsp;
<a href="https://github.com/Permify/permify/commits" target="_blank"><img src="https://img.shields.io/github/commit-activity/m/Permify/permify?style=for-the-badge&logo=github" alt="Permify Commit Activity" /></a>&nbsp;
<a href="https://github.com/Permify/permify/actions/workflows/release.yml" target="_blank"><img src="https://img.shields.io/github/actions/workflow/status/Permify/permify/release.yml?style=for-the-badge&logo=github-actions" alt="GitHub Workflow Status" /></a>&nbsp;
<a href="https://scrutinizer-ci.com/g/Permify/permify/?branch=master" target="_blank"><img src="https://img.shields.io/scrutinizer/quality/g/Permify/permify/master?style=for-the-badge" alt="Scrutinizer code quality (GitHub/Bitbucket)" /></a>&nbsp;
<a href="https://codecov.io/gh/Permify/permify" target="_blank"><img src="https://img.shields.io/codecov/c/github/Permify/permify?style=for-the-badge&logo=codecov" alt="Codecov" /></a>&nbsp;
<a href="https://gurubase.io/g/permify" target="_blank"><img src="https://img.shields.io/badge/Gurubase-Ask%20AI-006BFF?style=for-the-badge" alt="Gurubase - Ask AI" /></a>

permify-centralized

What is Permify?

Permify is an open-source authorization service for easily building and managing fine-grained, scalable, and extensible access controls for your applications and services. Inspired by Google’s consistent, global authorization system, Google Zanzibar

Our service makes authorization more secure and adaptable to changing needs, allowing you to get it up and running in just a few minutes to a couple of days—no need to spend months building out entire piece of infrastructure.

It works in run time and can respond to any type of access control checks (can user X view document Y?, which posts can members of team Y edit?, etc.) from any of your apps and services in tens of milliseconds.

With Permify, you can

🧪 Centralize & Standardize Your Authorization: Abstract your authorization logic from your codebase and application logic to easily reason, test, and debug your authorization. Behave your authorization as a sole entity and move faster with in your core development.

🔮 Build Granular Permissions For Any Case You Have: You can create granular (resource-specific, hierarchical, context aware, etc) permissions and policies using Permify's domain specific language that is compatible with RBAC, ReBAC and ABAC.

🔐 Set Authorization For Your Tenants By Default: Set up isolated authorization logic and custom permissions for your vendors/organizations (tenants) and manage them in a single place.

🚀 Scale Your Authorization As You Wish: Achieve lightning-fast response times down to 10ms for access checks with a proven infrastructure inspired by Google Zanzibar.

Getting Started

Permify Cloud vs Self-hosted?

Permify is open-source authorization service and we have a free and self-hosted solution called Permify Community Edition (CE). Here are the differences between Permify managed hosting in the cloud and the Permify CE:

Permify Cloud Permify Community Edition
Infrastructure management Easy and convenient. It takes minutes to start permissions systems deployed on secure Permify infrastructure with a high availability, backups, security and maintenance all done for you by us. We manage everything so you don’t have to worry about anything and can focus on your core development. You do it all yourself. You need to get a server and you need to manage your infrastructure. You are responsible for installation, maintenance, upgrades, server capacity, uptime, backup, security, stability, consistency, latency and so on.
Release schedule Continuously developed and improved with new features and updates multiple times per week. It's a long-term release published four times per year, so the latest features and improvements won’t be immediately available.
Premium features All features available as listed in our pricing plans. Selected premium features, such as observability dashboards and data synchronization are not available as we aim to maintain a protective barrier around our cloud offering.
Deployment regions You can select your preferred region, supported by AWS, GCP, or Azure to deploy your authorization system. Disaster recovery zones are strategically located to replicate data across regions, ensuring rapid recovery and continuous service during any incident. We also provide SLAs to ensure availability and latency. You have full control and can host your instance on any server in any country of your choice. This includes hosting on personal servers or with cloud providers.
Data privacy Permify Cloud is SOC2 and GDPR compliant, ensuring adherence to stringent data protection standards. You can check out our Trust Center for comprehensive insights into our data management, security measures, and compliance practices. Data privacy management is your responsibility. While you have full control over your data, it is up to you to implement and maintain necessary compliance measures, such as GDPR or SOC 2, as well as other security protocols.
Premium support Real support delivered by real human beings who build and maintain Permify. Premium support is not included. CE is community supported only.
Costs There’s a cost associated with providing an authorization service, so we base our pricing on the number of monthly active users you have. Your payments fund the further development of Permify. You need to pay for your server, CDN, backups, and other costs associated with running the infrastructure you need.

Interested in trying out Permify Cloud? Our team is happy to help. Schedule a quick demo session with our experts.

QuickStart

You can quickly start Permify on your local with running the docker command below:

docker run -p 3476:3476 -p 3478:3478 ghcr.io/permify/permify serve

This will start Permify with the default configuration options:

  • Port 3476 is used to serve the REST API.
  • Port 3478 is used to serve the GRPC Service.
  • Authorization data stored in memory.

See all of the options that you can use to set up and deploy Permify in your servers.

Test your connection

To verify that Permify is running correctly, make a GET request to the health check endpoint:

localhost:3476/healthz

🚀 Performance

We conducted a load test on Permify using 1000 VUs (Virtual Users) and 10,000 RPS (Requests per Second). The results demonstrate strong performance and reliability under heavy load, with 0% request failures and consistently low latency.

Metric Value / Stats
Total Checks ✅ 100.00% (74614 out of 74614)
Data Received 17 MB (168 kB/s)
Data Sent 27 MB (268 kB/s)
Dropped Iterations 272433 (2696.482348/s)
HTTP Request Duration avg=21.3ms min=428µs med=15.38ms max=617.85ms p(90)=45.7ms p(95)=58.99ms
HTTP Request Waiting Time avg=21.27ms min=399µs med=15.35ms max=617.83ms p(90)=45.67ms p(95)=58.96ms
HTTP Request Failed ❌ 0.00% (0 out of 74614)
Total HTTP Requests 74614 (738.51308/s)
Virtual Users (VUs) 114 avg (min=14, max=1000)

📄 Full Performance Test Report →

Community ♥️

Permify is a Cloud Native Computing Foundation member and a community-driven project supported by companies worldwide, from startups to Fortune 500 enterprises.

Your feedback helps shape the future of Permify, and we'd love to hear from you!

Share your use case, get the latest product updates, and feel free to ask any questions about Permify or authorization in a broader context by joining our conversation on Discord!

Join Our Discord! 

Contributing

The open source community thrives on contributions, offering an incredible space for learning, inspiration, and creation. Your contributions are immensely valued and appreciated!

Here are the ways to contribute to Permify:

  • Contribute to codebase: We're collaboratively working with our community to make Permify the best it can be! You can develop new features, fix existing issues or make third-party integrations/packages.
  • Improve documentation: Alongside our codebase, documentation one of the most significant part in our open-source journey. We're trying to give the best DX possible to explain ourselves and Permify. And you can help on that with importing resources or adding new ones.
  • Contribute to playground: Permify playground allows you to visualize and test your authorization logic. You can contribute to our playground by improving its user interface, fixing glitches, or adding new features.

Bounties

Open Bounties

We have a list of issues where you can contribute and gain bounty award! Bounties

Extension points exported contracts — how you extend this code

EncodedContinuousToken (Interface)
EncodedContinuousToken - [7 implementers]
pkg/database/token.go
Decoder (Interface)
Decoder - Decoder interface [9 implementers]
pkg/development/file/decoder.go
Statement (Interface)
Statement defines an interface for a statement node. [8 implementers]
pkg/dsl/ast/statements.go
SchemaReader (Interface)
SchemaReader - Reads schema definitions from the storage. [7 implementers]
internal/storage/storage.go
Check (Interface)
Check is an interface that defines a method for checking permissions. It requires an implementation of InvokeCheck that [11 …
internal/invoke/invoke.go
Member (Interface)
(no doc) [134 implementers]
pkg/consistent/consistent.go
EncodedSnapToken (Interface)
(no doc) [7 implementers]
pkg/token/token.go
Cache (Interface)
Cache - Defines an interface for a generic cache. [2 implementers]
pkg/cache/interfaces.go

Core symbols most depended-on inside this repo

String
called by 960
pkg/dsl/ast/node.go
Error
called by 455
internal/authn/openid/adapter.go
GetType
called by 290
pkg/dsl/ast/node.go
Error
called by 258
pkg/dsl/parser/parser.go
Context
called by 219
pkg/cmd/validate.go
Tuple
called by 203
pkg/tuple/tuple.go
Close
called by 174
pkg/cache/interfaces.go
Encode
called by 174
pkg/token/token.go

Shape

Method 4,056
Function 768
Struct 466
TypeAlias 137
Interface 53
FuncType 20
Class 6

Languages

Go97%
TypeScript3%
Java1%

Modules by API surface

pkg/pb/base/v1/service.pb.validate.go845 symbols
pkg/pb/base/v1/base.pb.validate.go624 symbols
pkg/pb/base/v1/service_vtproto.pb.go585 symbols
pkg/pb/base/v1/service.pb.go550 symbols
pkg/pb/base/v1/base_vtproto.pb.go502 symbols
pkg/pb/base/v1/base.pb.go490 symbols
pkg/pb/base/v1/service_grpc.pb.go191 symbols
internal/storage/storage.go75 symbols
pkg/pb/base/v1/service.pb.gw.go72 symbols
playground/src/wasm/wasm_exec.js49 symbols
pkg/dsl/ast/statements.go46 symbols
pkg/dsl/parser/parser.go38 symbols

Dependencies from manifests, versioned

4d63.com/gocheckcompilerdirectivesv1.3.0 · 1×
4d63.com/gochecknoglobalsv0.2.2 · 1×
buf.build/gen/go/bufbuild/bufplugin/protocolbuffers/gov1.36.10-20250718181 · 1×
buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/gov1.36.10-20250717185 · 1×
buf.build/gen/go/bufbuild/registry/connectrpc/gov1.19.0-202509241444 · 1×
buf.build/gen/go/bufbuild/registry/protocolbuffers/gov1.36.10-20250924144 · 1×
buf.build/gen/go/envoyproxy/protoc-gen-validate/protocolbuffers/gov1.36.11-20240617172 · 1×
buf.build/gen/go/grpc-ecosystem/grpc-gateway/protocolbuffers/gov1.36.11-20241220201 · 1×
buf.build/gen/go/permifyco/permify/grpc/gov1.6.1-2026041717002 · 1×
buf.build/gen/go/permifyco/permify/protocolbuffers/gov1.36.11-20260417170 · 1×
buf.build/gen/go/pluginrpc/pluginrpc/protocolbuffers/gov1.36.9-202410072020 · 1×
buf.build/go/appv0.1.0 · 1×

Datastores touched

permifyDatabase · 1 repos
db_nameDatabase · 1 repos
dbnameDatabase · 1 repos

For agents

$ claude mcp add permify \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact