README
¶
Melange
Fine-grained authorization for PostgreSQL applications.
Melange brings Zanzibar-style relationship-based access control directly into your PostgreSQL database. Define authorization schemas using the OpenFGA DSL, and Melange runs permission checks as efficient SQL queries against your existing data.
Why Melange?
Traditional authorization systems require syncing your application data to a separate service. Melange takes a different approach: permissions are derived from views over your existing tables. This means:
- Always in sync — No replication lag or eventual consistency
- Transaction-aware — Permission checks see uncommitted changes
- Zero runtime deps — Core library is pure Go stdlib
- Single query — No recursive lookups at runtime
Inspired by OpenFGA and built on ideas from pgFGA.
📚 Full Documentation
Visit melange.sh for comprehensive guides, API reference, and examples.
Installation
CLI
Homebrew (macOS and Linux):
brew install pthm/tap/melange
Go install:
go install github.com/pthm/melange/cmd/melange@latest
Pre-built binaries: Download from GitHub Releases (macOS binaries are code-signed)
Updating:
# Homebrew
brew upgrade melange
# Go install
go install github.com/pthm/melange/cmd/melange@latest
Melange automatically checks for updates and notifies you when a new version is available. Use --no-update-check to disable.
Go Runtime
go get github.com/pthm/melange/melange
The runtime module has zero external dependencies (Go stdlib only).
Quick Start
1. Define Your Schema
Create a schema file (schema.fga) using the OpenFGA DSL:
model
schema 1.1
type user
type repository
relations
define owner: [user]
define reader: [user] or owner
define can_read: reader
2. Generate Type-Safe Code
melange generate client --runtime go --schema schema.fga --output ./authz/
This generates constants and constructors for your schema:
package authz
// Generated type constants
const TypeUser melange.ObjectType = "user"
const TypeRepository melange.ObjectType = "repository"
// Generated relation constants
const RelOwner melange.Relation = "owner"
const RelCanRead melange.Relation = "can_read"
// Generated constructors
func User(id string) melange.Object { ... }
func Repository(id string) melange.Object { ... }
3. Check Permissions
import (
"github.com/pthm/melange/melange"
"yourapp/authz"
)
checker := melange.NewChecker(db)
// Check if user can read the repository
decision, err := checker.Check(ctx,
authz.User("alice"),
authz.RelCanRead,
authz.Repository("my-repo"),
)
if !decision.Allowed {
return ErrForbidden
}
CLI Reference
melange - PostgreSQL Fine-Grained Authorization
Commands:
generate client Generate type-safe client code from schema
migrate Apply schema to database
validate Validate schema syntax
status Show current schema status
doctor Run health checks on authorization infrastructure
Generate Client Code
# Generate Go code
melange generate client --runtime go --schema schema.fga --output ./authz/
# With custom package name
melange generate client --runtime go --schema schema.fga --output ./authz/ --package myauthz
# With int64 IDs instead of strings
melange generate client --runtime go --schema schema.fga --output ./authz/ --id-type int64
# Only generate permission relations (can_*)
melange generate client --runtime go --schema schema.fga --output ./authz/ --filter can_
Supported runtimes: go (TypeScript coming soon)
Apply Schema to Database
# Apply schema
melange migrate --db postgres://localhost/mydb --schemas-dir ./schemas/
# Dry run (show SQL without applying)
melange migrate --db postgres://localhost/mydb --schemas-dir ./schemas/ --dry-run
# Force re-apply even if unchanged
melange migrate --db postgres://localhost/mydb --schemas-dir ./schemas/ --force
Validate Schema
melange validate --schema schema.fga
Check Status
melange status --db postgres://localhost/mydb
Health Check
melange doctor --db postgres://localhost/mydb --verbose
Multi-Language Support
Melange supports generating client code for multiple languages:
| Language | Runtime Package | CLI Flag | Status |
|---|---|---|---|
| Go | github.com/pthm/melange/melange |
--runtime go |
Implemented |
| TypeScript | @pthm/melange |
--runtime typescript |
Planned |
See clients/ for language-specific runtime implementations.
Contributing
Contributions are welcome! Here's how to get started:
- Fork the repository and clone locally
- Create a branch for your changes
- Run tests with
just test - Submit a pull request with a clear description
Please ensure your code:
- Passes all existing tests
- Includes tests for new functionality
- Follows the existing code style
For bug reports and feature requests, please open an issue.
Resources
- Documentation — Guides, API reference, and examples
- OpenFGA — The authorization model Melange implements
- Zanzibar Paper — Google's original authorization system
- pgFGA — PostgreSQL FGA implementation that inspired this project
License
MIT License — see LICENSE for details.
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
melange
command
Package main provides the melange CLI for managing authorization schemas.
|
Package main provides the melange CLI for managing authorization schemas. |
|
internal
|
|
|
cli
Package cli provides shared configuration and utilities for the melange CLI.
|
Package cli provides shared configuration and utilities for the melange CLI. |
|
clientgen
Package clientgen provides a registry of language-specific client code generators.
|
Package clientgen provides a registry of language-specific client code generators. |
|
clientgen/go
Package gogen implements the Go client code generator for melange.
|
Package gogen implements the Go client code generator for melange. |
|
clientgen/typescript
Package typescript implements the TypeScript client code generator for melange.
|
Package typescript implements the TypeScript client code generator for melange. |
|
doctor
Package doctor provides health checks for melange authorization infrastructure.
|
Package doctor provides health checks for melange authorization infrastructure. |
|
sqlgen
Package sqlgen generates specialized SQL functions for OpenFGA authorization checks.
|
Package sqlgen generates specialized SQL functions for OpenFGA authorization checks. |
|
sqlgen/analysis
Package analysis provides relation analysis and strategy selection for SQL code generation.
|
Package analysis provides relation analysis and strategy selection for SQL code generation. |
|
sqlgen/inline
Package inline generates VALUES clauses for inlining metadata into SQL functions.
|
Package inline generates VALUES clauses for inlining metadata into SQL functions. |
|
sqlgen/plpgsql
Package plpgsql provides PL/pgSQL function builder types.
|
Package plpgsql provides PL/pgSQL function builder types. |
|
sqlgen/sqldsl
Package sqldsl provides a type-safe DSL for building PostgreSQL queries.
|
Package sqldsl provides a type-safe DSL for building PostgreSQL queries. |
|
sqlgen/tuples
Package tuples provides tuple-table specific builders and helpers.
|
Package tuples provides tuple-table specific builders and helpers. |
|
melange
module
|
|
|
pkg
|
|
|
clientgen
Package clientgen provides a public API for generating type-safe client code from authorization schemas.
|
Package clientgen provides a public API for generating type-safe client code from authorization schemas. |
|
compiler
Package compiler provides public APIs for compiling OpenFGA schemas to SQL.
|
Package compiler provides public APIs for compiling OpenFGA schemas to SQL. |
|
parser
Package parser provides OpenFGA schema parsing for melange.
|
Package parser provides OpenFGA schema parsing for melange. |
|
schema
Package schema provides OpenFGA schema types and transformation logic for melange.
|
Package schema provides OpenFGA schema types and transformation logic for melange. |
|
test
|
|
|
authz
Package authz contains generated types for the test authorization schema.
|
Package authz contains generated types for the test authorization schema. |
|
cmd/dumpinventory
command
Command dumpinventory produces an inventory report of relations that fall back to generic permission checking or list functions, grouped by the reason they cannot generate specialized SQL functions.
|
Command dumpinventory produces an inventory report of relations that fall back to generic permission checking or list functions, grouped by the reason they cannot generate specialized SQL functions. |
|
cmd/dumpsql
command
Command dumpsql dumps the generated SQL for a specific OpenFGA test case.
|
Command dumpsql dumps the generated SQL for a specific OpenFGA test case. |
|
cmd/dumptest
command
Command dumptest dumps OpenFGA test cases in a human-readable format.
|
Command dumptest dumps OpenFGA test cases in a human-readable format. |
|
cmd/explaintest
command
Command explaintest runs EXPLAIN ANALYZE on OpenFGA test cases to show query execution plans, buffer statistics, and performance metrics.
|
Command explaintest runs EXPLAIN ANALYZE on OpenFGA test cases to show query execution plans, buffer statistics, and performance metrics. |
|
openfgatests
Package openfgatests provides an adapter to run the official OpenFGA test suite against the melange authorization implementation.
|
Package openfgatests provides an adapter to run the official OpenFGA test suite against the melange authorization implementation. |
|
testutil
Package testutil provides shared test utilities for Melange integration tests.
|
Package testutil provides shared test utilities for Melange integration tests. |
|
tooling
module
|
Click to show internal directories.
Click to hide internal directories.