Start a project
← All work
Product · 2025

Fine-Grained Authorization Spike with Permit.io

Overview

A small internal spike evaluating Permit.io for externalized, fine-grained authorization in a Node/Express service. It exists to validate a policy-as-a-service approach to permissions before committing it to production codebases.

Why It Exists

Hand-rolled role checks scattered through controllers are hard to audit and evolve. The studio wanted to assess whether an external authorization provider (Permit.io) could centralize policy decisions, RBAC/ABAC, resources, and actions, and keep enforcement out of business logic. This repo is the throwaway harness for that evaluation.

What We Built

A minimal Express server wired to the permitio SDK, exercising permission checks against Permit.io’s policy decision point. The footprint is intentionally tiny, an Express app plus the Permit client, focused on proving the integration pattern (define resources/actions/roles, then call permit.check(...) at enforcement points) rather than building a full product.

Technologies & Approach

JavaScript on Express for the host service, with Permit.io providing the externalized authorization layer. The point of the exercise was to keep enforcement (the PEP) thin and push policy definition out to a managed PDP.

Outcome / Impact

A focused build that validated how cleanly Permit.io slots into an Express request flow, giving the team a reference for adopting policy-as-a-service authorization in future projects.

Capabilities Demonstrated

  • Externalized, fine-grained authorization (PDP/PEP separation)
  • Permit.io integration in a Node/Express service
  • Rapid evaluation of security tooling before production adoption
More work See all →
Product 2026

Agentic Local-Network Scanner (Claude Code)

Security
Infrastructure 2026

Edge LLM gateway, multi-provider routing, budget tokens and cost metering

AI/ML
Client engagement 2025

Card-Issuing API Integration & Secure Card-Data Decryption (Python)

Banking/Fintech