firestore_access_policy 0.1.0

Declarative Firestore access policies in Dart — generate security rules, tests, and optional client guards from a single CRUD + membership model.

firestore_access_policy

Define who can read, create, update, and delete Firestore documents in Dart, then generate firestore.rules (and tests) from one source of truth.

Designed for production apps with membership maps, parent resources (e.g. group → list), field immutability, and member-diff rules. Patterns are informed by collaborative apps such as NoteTogether.

Status

Early development. Roadmap:

Step	Focus
1	Package scaffold + core policy types (this release)
2	Conditions & access primitives (auth, owner, map membership)
3	Rules language emitter
4	Patterns: parent resource, member diff, quotas
5	Rules unit-test generator + CLI
6	Reference example (lists / groups)

Install

dependencies:
  firestore_access_policy: ^0.1.0

Quick start

import 'package:firestore_access_policy/firestore_access_policy.dart';

final listPolicy = AccessPolicy(
  path: ResourcePath.parse('lists/{listId}'),
  description: 'Collaborative list documents',
  permissions: {
    PolicyAction.read: 'list member or parent group member',
    PolicyAction.create: 'authenticated creator with valid schema',
    PolicyAction.update: 'list member with allowed member-map diff',
    PolicyAction.delete: 'createdBy only',
  },
);

Step 1 defines the policy model only. Rule generation arrives in later steps.

Development

dart pub get
dart test
dart analyze
dart pub publish --dry-run

Related work

• firebase_rules — type-safe Rules DSL that mirrors the Rules language closely.
• firestore_access_policy — higher-level access policies (CRUD matrix, membership, relations) that emit Rules.

License

MIT — see LICENSE.