Skip to content
Accessly logo
Open-source developer tool

Accessly — explainable access control for React and Next.js.

An open-source permission layer for React and Next.js applications, built around normalized access models, declarative UI gating, backend adapters, RBAC expansion, feature flags, wildcard permissions, navigation filtering, and explainable allow/deny decisions.

GitHubnpmDocsLab
Accessly access-control developer tooling preview

TypeScript

React / Next.js

Access control

RBAC

Feature flags

Backend adapters

Navigation filtering

Explainable decisions

Problem

Frontend access logic often starts as simple conditionals and grows into scattered role checks, duplicated permission strings, inconsistent navigation rules, and unclear allow/deny behavior.

Solution

Accessly gives React and Next.js apps one consistent way to ask access questions, render protected UI, normalize backend permission responses, and understand why access was allowed or denied.

Example
import { PermissionProvider, Can } from "accessly";

export function App() {
  return (
    <PermissionProvider
      access={{
        user: { id: "user_1", roles: ["admin"] },
        permissions: ["users.create", "reports.view"],
        flags: ["features.new-dashboard"],
      }}
    >
      <Can permission="users.create" fallback={<span>Read only</span>}>
        <button>Create user</button>
      </Can>
    </PermissionProvider>
  );
}
Security note

Accessly controls frontend rendering and UI access decisions. It does not replace server-side authorization. Sensitive actions, private API routes, mutations, billing operations, and admin actions must still be authorized on the server.

Features
PermissionProvider
Can / Cannot / ProtectedRoute
usePermission
useAccessDecision
useAccessModel
RBAC expansion with rolePermissions
wildcard permissions such as users.*, reports.*, and *
feature flag checks
backend adapters with createAdapter
navigation filtering with nested menu support
debug utilities for access decisions
TypeScript declarations
ESM and CJS support
zero runtime dependencies
tree-shaking friendly
Developer value
reduces scattered permission checks
keeps access logic consistent
supports backend response normalization
helps teams understand permission decisions
improves maintainability in dashboards and internal systems
useful for SaaS dashboards, admin panels, enterprise apps, and role-based UI