Kilpi
Authorization made simple
Kilpi is the open-source TypeScript authorization library designed for developers who need flexible, powerful, and intuitive authorization.
Make your authorization a one-liner.
await Kilpi.authorize("docs:update", doc);<Access to="docs:update" on={doc}>
<EditDocumentButton doc={doc} />
</Access>if (await Kilpi.isAuthorized("docs:create"))const doc = await getDocument.protect();Designed and created by Jussi Nevavuori with ❤️ in Brisbane & Helsinki
Help support development for the price of a coffee. Read more.
Your authorization layer with everything your need.
Designed to solve real problems for real applications, Kilpi was born after solving the same problem time after time, for client after client.
Framework agnostic
Bring any framework. Kilpi works seamlessly with your existing tech stack, with or without an existing integration.
Server-first authorization
Kilpi is designed for server-first applications and runs all authorizations on the server for security.
Any auth provider
Better-auth, Next-auth, Lucia, Auth0, Clerk or rolled your own? We support all auth providers via the Subject API.
Policies as code
Implement policies in type-safe TypeScript for better maintainability, readability and the most flexible authorization API.
Async policies
All policies are functions, allowing you to fetch data from your database, API, or any other source.
All authorization models
Supports RBAC, ABAC, ReBAC and any authorization model as simple or as complex as you need.
Protected queries
Wrap your queries in a protective layer to ensure no-one can ever access data without authorization (optional).
Client-side authorization
Performant solution for fetching your subject and authorization decisions from the server with deduping, batching and caching.
Plugin API & Library
Extend Kilpi with ready-made & custom plugins to fit your use case. See below for list of plugins.
Developer-friendly API
Clean, simple, and intuitive API designed with developer experience in mind. We aim to make authorization a one-liner.
Hassle-free type-safety
Minimal type definitions. Maximal inference. Type-safe everything. Subject narrowing. We promise the best TypeScript authorization experience.
Production tested
Battle-tested in production environments to ensure reliability and validate the design.
Plugins to fit your use case
Frameworks
Adapt your UI to your authorization policies.
Utilities
Plugins to extend the features of Kilpi.
Installation guides
With or without plugins, see how to start using Kilpi with your favorite framework.
Couldn't find yours?
Kilpi is framework agnostic and can always be used without any plugins or component libraries. You may also request a new integration, feature, or plugin or contact me to request support.
Latest articles
By Jussi Nevavuori·Friday, March 28th 2025This article introduces you to using Kilpi to authorize your server actions.
By Jussi Nevavuori·Thursday, March 27th 2025Introducing the Protected Query Pattern for secure data access
How to protect your data in full-stack applications
This article introduces the protected query pattern for authorizing your data queries with a clean and powerful API.
By Jussi Nevavuori·Monday, March 24th 2025I'm proud to announce that I've finally finished polishing, open-sourcing and documenting the first version of Kilpi!
Ready to Get Started?
Dive into our comprehensive documentation and start implementing Kilpi in your project today.