Unified access
control for React
RBAC, ABAC, policy engine, feature flags, A/B experiments, plan gating, and remote config in a single, type-safe, tree-shakeable package.
import { defineAccess, AccessProvider, Allow, Feature }
from 'react-access-engine'
const config = defineAccess({
roles: ['viewer', 'editor', 'admin'],
permissions: {
viewer: ['posts:read'],
editor: ['posts:read', 'posts:write'],
admin: ['*'],
},
features: {
'dark-mode': true,
'ai-assist': { allowedPlans: ['pro'] },
},
})
function App() {
return (
<AccessProvider config={config} user={user}>
<Allow permission="posts:write">
<Editor />
</Allow>
<Feature name="ai-assist">
<AIPanel />
</Feature>
</AccessProvider>
)
}Everything you need for access control
Stop stitching together RBAC libraries, feature flag services, and experiment platforms.
RBAC & ABAC
Role-based and attribute-based access control with wildcard permissions, namespace support, and composable rules.
Policy Engine
Declarative policy rules with allow/deny effects, priority ordering, custom conditions, and resource-level attribute checks.
Feature Flags
Declarative feature gates with role targeting, plan gating, environment scoping, dependencies, and deterministic rollouts.
Rollouts & Segments
Progressive percentage rollouts, user segmentation, and environment-based targeting for controlled feature releases.
A/B Experiments
SSR-safe experiment assignment with percentage-based bucketing, deterministic hashing, and variant tracking.
Plan Gating
Hierarchical subscription plans with automatic tier comparison. Gate features and UI by the user's current plan.
Remote Config
Load access configuration remotely with stale-while-revalidate caching, polling, and optional signature verification.
Plugin System
Extensible plugin architecture with hooks for access checks, feature evaluations, policy evaluations, and custom condition operators.
DevTools
Built-in devtools overlay with real-time access checks, feature evaluations, policy traces, and config inspection.
Type-Safe & SSR-Ready
Full TypeScript inference with InferRoles, InferPermissions, InferFeatures. SSR-safe — works with Next.js App Router.
Why react-access-engine?
Compare with combining separate RBAC libraries, feature flag services, and DIY solutions.
| Feature | RAE | RBAC Lib | Flag Service | DIY |
|---|---|---|---|---|
| RBAC with wildcard permissions | Partial | |||
| ABAC / Policy engine | Partial | |||
| Feature flags | ||||
| A/B Experiments | Partial | |||
| Plan / subscription gating | Partial | |||
| Remote config with polling | ||||
| Plugin system | ||||
| DevTools overlay | Partial | |||
| SSR-safe (Next.js) | Partial | Partial | Partial | |
| Tree-shakeable | ||||
| Zero dependencies | ||||
| Type-safe inference | Partial |