This is a submission for the Permit.io Authorization Challenge: Permissions Redefined

What I Built

Permission Testing Toolkit is a CLI utility built with TypeScript that allows teams to validate, simulate, and test their fine-grained access control logic using Permit.io.

✅ It supports both manual test cases via JSON and dynamic test generation using your live Permit.io schema.

✅ It’s perfect for CI pipelines or security-conscious teams that want to "test their policies before they break production."

✅ Oh — and it looks nice in your terminal too. 🎨

You write the rules. This CLI makes sure they're followed.

Demo

$ npm start

  ____                            ____ _               _    
 |  _ \ ___ _ __ _ __ ___        / ___| |__   ___  ___| | __
 | |_) / _ \ '__| '_ ` _ \ _____| |   | '_ \ / _ \/ __| |/ /
 |  __/  __/ |  | | | | | |_____| |___| | | |  __/ (__|   < 
 |_|   \___|_|  |_| |_| |_|      \____|_| |_|\___|\___|_|\_\

Running tests from config: test-cases/perm-config.json

📝 Permission Test Report:
========================================
1. Viewer can read a post
   ➤ User: viewer
   ➤ Resource: post
   ➤ Action: read
   ➤ Expected: allow, Actual: allow
   ➤ ✅ PASS

2. Editor cannot delete a post
   ➤ User: editor
   ➤ Resource: post
   ➤ Action: delete
   ➤ Expected: deny, Actual: deny
   ➤ ✅ PASS

✔️  2/2 tests passed.

perm-config.json:

{
  "tests": [
    {
      "user": "admin",
      "resource": "post",
      "action": "delete",
      "expected": "allow"
    },
    {
      "user": "editor",
      "resource": "post",
      "action": "delete",
      "expected": "deny"
    }
  ]
}

Output example:

...
Check delete for viewer
   ➤ User: Sam Smith
   ➤ Resource: Document_number_1
   ➤ Action: delete
   ➤ Expected: allow, Actual: deny
   ➤ ❌ FAIL
...
Summary:
✔ Passed: 4
✘ Failed: 4
Total: 8

Global CLI installation:

npm install -g .
perm-check --config path/to/perm-config.json

Project Repo

$ npm start
  ____                            ____ _               _    
 |  _ \ ___ _ __ _ __ ___        / ___| |__   ___  ___| | __
 

The README walks you through setup, usage, .env configuration, live schema fetching, and creating your own test cases.

You can even install the CLI globally using npm install -g . to run perm-check from anywhere.

My Journey

When I started, my goal was to not just use Permit.io for auth, but to test and trust my auth.

Highlights:

• Built a CLI using commander + chalk for clean UX.
• Added support for:
  • .json config file tests (great for version control)
  • Live schema inspection via @permit.io/sdk (dynamic users/actions/resources)
• Created a readable, colorful terminal test report 📊
• Packaged everything into a globally installable CLI

Challenges & Lessons:

• Learned how the Permit.io API & SDK expose actions/resources
• Discovered the value of “failing fast” in access control testing

Using Permit.io for Authorization

This CLI interacts with Permit.io in two major ways:

1. Static Testing:
   
   Load test cases from a .json config and check allow/deny against Permit.io’s PDP (Policy Decision Point) via REST.

2. Dynamic Schema Testing:
   
   Use the SDK to fetch all defined users, resources, and actions in your Permit.io project. Then simulate permission checks across the board.

📦 Future Potential
This project is not just a utility — it’s the foundation for a permission validation library that could:

• Be published as an NPM package
• Integrate into CI pipelines (e.g., GitHub Actions)
• Visualize permission coverage

🙌 Team or Solo
This was a solo project.

Huge thanks to Permit.io and DEV.to for organizing this challenge and providing excellent documentation and tooling.
This experience was both rewarding and empowering — it not only deepened my understanding of modern authorization workflows but also inspired me to build something perhaps useful for the developer community.