Documentation

Core Concepts

The core flow is backend data to AccessModel to PermissionProvider to AccessDecision to UI.

AccessModel

AccessModel is the normalized access shape for the current authenticated user. It may contain user roles, permissions, feature flags, navigation items, and isLoading.

PermissionProvider

PermissionProvider stores the model in React Context. usePermission reads from that context; checkPermission is pure and requires access data to be passed manually.

Matching Rules

Wildcards are optional and segment-based. Feature flags are exact-match only and are checked with { flag: 'features.name' }.

Matching Rules

matchPermission("users.*", "users.create"); // true
matchPermission("users.*", "users.profile.edit"); // false
checkPermission({ flags: ["features.audit"] }, { flag: "features.audit" });