This is a submission for the Permit.io Authorization Challenge: Permissions Redefined
What I Built
Permission Testing Toolkit is a CLI utility built with TypeScript that allows teams to validate, simulate, and test their fine-grained access control logic using Permit.io.
β
It supports both manual test cases via JSON and dynamic test generation using your live Permit.io schema.
β
Itβs perfect for CI pipelines or security-conscious teams that want to "test their policies before they break production."
β
Oh β and it looks nice in your terminal too. π¨
You write the rules. This CLI makes sure they're followed.
Demo
$ npm start
____ ____ _ _
| _ \ ___ _ __ _ __ ___ / ___| |__ ___ ___| | __
| |_) / _ \ '__| '_ ` _ \ _____| | | '_ \ / _ \/ __| |/ /
| __/ __/ | | | | | | |_____| |___| | | | __/ (__| <
|_| \___|_| |_| |_| |_| \____|_| |_|\___|\___|_|\_\
Running tests from config: test-cases/perm-config.json
π Permission Test Report:
========================================
1. Viewer can read a post
β€ User: viewer
β€ Resource: post
β€ Action: read
β€ Expected: allow, Actual: allow
β€ β
PASS
2. Editor cannot delete a post
β€ User: editor
β€ Resource: post
β€ Action: delete
β€ Expected: deny, Actual: deny
β€ β
PASS
βοΈ 2/2 tests passed.
perm-config.json:
{
"tests": [
{
"user": "admin",
"resource": "post",
"action": "delete",
"expected": "allow"
},
{
"user": "editor",
"resource": "post",
"action": "delete",
"expected": "deny"
}
]
}
Output example:
...
Check delete for viewer
β€ User: Sam Smith
β€ Resource: Document_number_1
β€ Action: delete
β€ Expected: allow, Actual: deny
β€ β FAIL
...
Summary:
β Passed: 4
β Failed: 4
Total: 8
Global CLI installation:
npm install -g .
perm-check --config path/to/perm-config.json
Project Repo
π¦ Permission Testing Toolkit
Permission Testing Toolkit is a blazing-fast CLI tool that helps developers automatically test access rules (RBAC/ABAC) configured in Permit.io across multiple users, resources, and actions β using both custom test cases and live schema introspection.
β Built with performance, automation, and CI/CD integration in mind β no UI needed.
π¦ Features
- β Custom Permission Tests β Define explicit test cases for users, actions, and expected results.
- π Live Schema Introspection β Auto-generate permission tests based on your Permit.io policy schema.
- π§ Role Coverage Testing β Dynamically test every role against every action on every resource.
- π₯ CI/CD Friendly β Easily integrate into pipelines to prevent policy regressions.
- π οΈ Developer-First β CLI-only experience, blazing-fast, fully written in TypeScript.
πΈ Demo Output
$ npm start
____ ____ _ _
| _ \ ___ _ __ _ __ ___ / ___| |__ ___ ___| | __
β¦The README walks you through setup, usage,
.envconfiguration, live schema fetching, and creating your own test cases.
You can even install the CLI globally usingnpm install -g .to runperm-checkfrom anywhere.
My Journey
When I started, my goal was to not just use Permit.io for auth, but to test and trust my auth.
Highlights:
- Built a CLI using
commander+chalkfor clean UX. - Added support for:
-
.jsonconfig file tests (great for version control) - Live schema inspection via
@permit.io/sdk(dynamic users/actions/resources)
-
- Created a readable, colorful terminal test report π
- Packaged everything into a globally installable CLI
Challenges & Lessons:
- Learned how the Permit.io API & SDK expose actions/resources
- Discovered the value of βfailing fastβ in access control testing
Using Permit.io for Authorization
This CLI interacts with Permit.io in two major ways:
Static Testing:
Load test cases from a.jsonconfig and checkallow/denyagainst Permit.ioβs PDP (Policy Decision Point) via REST.Dynamic Schema Testing:
Use the SDK to fetch all definedusers,resources, andactionsin your Permit.io project. Then simulate permission checks across the board.
π¦ Future Potential
This project is not just a utility β itβs the foundation for a permission validation library that could:
- Be published as an NPM package
- Integrate into CI pipelines (e.g., GitHub Actions)
- Visualize permission coverage
π Team or Solo
This was a solo project.
Huge thanks to Permit.io and DEV.to for organizing this challenge and providing excellent documentation and tooling.
This experience was both rewarding and empowering β it not only deepened my understanding of modern authorization workflows but also inspired me to build something perhaps useful for the developer community.
Top comments (2)
Bro, have you tried the Permit CLI? I have a hard times working with the CLI, your idea is a good way to contribute to Permit CLI, nice content!
Thanks a lot, thatβs kind of you! π I really just wanted to build something simple, useful, and easy to pick up β especially if someone has problems with the CLI ;-)