Authorization made simple
Kilpi is the open-source TypeScript authorization library designed for developers who need flexible, powerful, and intuitive authorization.
The simplest and most powerful authorization API
await Kilpi.authorize("docs:update", doc);<Access to="comments:update" on={comment}> <EditDocumentForm comment={comment} /></Access>if (await Kilpi.isAuthorized("orgs:create")) {}const message = await getMessage.protect();Designed and created by Jussi Nevavuori with ❤️ in Brisbane & Helsinki
Your authorization layer with everything your need.
Designed to solve real problems for real applications, Kilpi was born after solving the same problem time after time, for client after client.
Framework agnostic
Bring any framework. Kilpi works seamlessly with your existing tech stack, with or without an existing integration.
Server-first authorization
Kilpi is designed for server-first applications and runs all authorizations on the server for security.
Any auth provider
Better-auth, Next-auth, Lucia, Auth0, Clerk or rolled your own? We support all auth providers via the Subject API.
Policies as code
Implement policies in type-safe TypeScript for better maintainability, readability and the most flexible authorization API.
Async policies
All policies are functions, allowing you to fetch data from your database, API, or any other source.
All authorization models
Supports RBAC, ABAC, ReBAC and any authorization model as simple or as complex as you need.
Protected queries
Wrap your queries in a protective layer to ensure no-one can ever access data without authorization (optional).
Client-side authorization
Performant solution for fetching your subject and authorization decisions from the server with deduping, batching and caching.
Plugin API & Library
Extend Kilpi with ready-made & custom plugins to fit your use case. See below for list of plugins.
Developer-friendly API
Clean, simple, and intuitive API designed with developer experience in mind. We aim to make authorization a one-liner.
Hassle-free type-safety
Minimal type definitions. Maximal inference. Type-safe everything. Subject narrowing. We promise the best TypeScript authorization experience.
Production tested
Battle-tested in production environments to ensure reliability and validate the design.
Plugins to fit your use case
Frameworks
Adapt your UI to your authorization policies.
Utilities
Plugins to extend the features of Kilpi.
Installation guides
With or without plugins, see how to start using Kilpi with your favorite framework.
Couldn't find yours?
Kilpi is framework agnostic and can always be used without any plugins or component libraries. You may also request a new integration, feature, or plugin or contact me to request support.
Latest articles
By Jussi Nevavuori · Friday, March 28th 2025 Introducing the Protected Query Pattern for secure data access
How to protect your data in full-stack applications
By Jussi Nevavuori · Thursday, March 27th 2025 By Jussi Nevavuori · Monday, March 24th 2025 
Help support development for the price of a coffee. Read more here .
Ready to Get Started?
Dive into our comprehensive documentation and start implementing Kilpi in your project today.