Introduction
Application-level row-level authorization for any database layer.
RowGate provides consistent, application-level row-level authorization for your data layer.
RowGate
RowGate is a lightweight TypeScript library that enforces row-level authorization in your application layer.
Instead of manually adding filters like WHERE user_id = ? across services, controllers, and repositories,
RowGate lets you define centralized policies that automatically apply to queries — no matter which adapter you use.
Why application-level RLS?
While some databases offer row-level security, many stacks need:
- Database independence (Postgres, MySQL, SQLite, serverless providers, etc.)
- Consistent authorization rules across services, queues, and background jobs
- TypeScript-native logic that evolves with your codebase
- Predictable behavior for ORMs, query builders, or raw drivers
RowGate brings predictable row-level security to any app, without relying on database-specific features.
Core workflow
Choose your adapter
RowGate integrates into your existing database access layer through adapters. The adapter rewrites queries to enforce your policies.
Define the context
The “actor” performing operations — often { userId, role }.
Define policies
Policies describe which rows the actor can read, insert, update, or delete.
Adapter ecosystem
RowGate supports multiple data layers through adapters:
- Kysely — production-ready
- Prisma — coming soon
- Drizzle ORM — coming soon
Next steps
Choose what you want to learn:
- Understand core ideas → Concepts
- Start defining policies → Core: Getting started