Postgres-native identity, configuration, metering, and job queues. Auth, permissions, versioned config, usage tracking, and scheduled tasks - no external services.
| Module | Schema | Purpose |
|---|---|---|
| authz | authz |
Authorization (ReBAC permissions) |
| authn | authn |
Authentication (users, sessions, tokens) |
| config | config |
Versioned configuration (prompts, flags, secrets) |
| meter | meter |
Usage metering (quotas, reservations, ledger) |
| queue | queue |
Job queues (scheduling, retries, dead letters) |
Each module is independent -- use what you need.
Requires PostgreSQL 14+.
git clone https://github.com/varunchopra/postkit.git
cd postkit
make build
# Install everything
psql $DATABASE_URL -f dist/postkit.sql
# Or individual modules
psql $DATABASE_URL -f dist/authz.sql
psql $DATABASE_URL -f dist/authn.sql
psql $DATABASE_URL -f dist/config.sql
psql $DATABASE_URL -f dist/meter.sql
psql $DATABASE_URL -f dist/queue.sqlWorks with any language or driver:
cursor.execute("SELECT authz.check(%s, %s, %s, %s, %s)", ("user", user_id, "read", "doc", doc_id))await pool.query("SELECT authz.check($1, $2, $3, $4, $5)", ["user", userId, "read", "doc", docId]);db.QueryRow(ctx, "SELECT authz.check($1, $2, $3, $4, $5)", "user", userID, "read", "doc", docID).Scan(&ok)Optional typed client (requires Python 3.10+):
pip install git+https://github.com/varunchopra/postkit.git#subdirectory=sdk# authz: permission checks
authz.grant("admin", resource=("repo", "api"), subject=("user", "alice"))
authz.check(("user", "alice"), "read", ("repo", "api")) # True
# authn: user management
user_id = authn.create_user("alice@example.com", password_hash)
authn.create_session(user_id, token_hash)
# config: versioned configuration
config.set("prompts/bot", {"template": "You are...", "model": "claude-sonnet-4-20250514"})
config.rollback("prompts/bot")
# meter: usage tracking with reservations
meter.allocate("alice", "llm_call", 10000, "tokens")
res = meter.reserve("alice", "llm_call", 4000, "tokens")
meter.commit(res["reservation_id"], 2347)
# queue: job scheduling
queue.push("email", {"to": "alice@example.com", "subject": "Welcome"})
job = queue.pull("email", worker_id="worker-1")
queue.ack(job["id"])See sdk/ for details.
| App | Description |
|---|---|
| postkit-notes | Multi-tenant notes app with auth, permissions, teams, and impersonation |
See docs/ for full API reference with function signatures, parameters, and examples.
make setup # Start Postgres in Docker
make build # Build dist/postkit.sql, dist/authz.sql, dist/authn.sql, dist/config.sql, dist/meter.sql, dist/queue.sql
make test # Run tests
make docs # Generate API documentation
make clean # CleanupWe've structured the docs and SDK so you can point an agent like Claude Code at AGENTS.md in this repo and it'll figure out how to set up identity for your app.
Or you can try out this Claude Code skill in your project.
Apache 2.0