frontpage.

I'm currently exploring a lightweight approach to access control in an event sourcing database (Genesis DB): https://www.genesisdb.io. Authentication is handled via Bearer tokens atm. In the future, authentication and authorization could be entirely declarative, through a policy.json that defines privilege targets, roles, and grants/denies.

Here's a simplified example: https://gist.githubusercontent.com/patriceckhart/ec6f90e80e4dba3c500564fe96101621/raw/ac495628a37a8ab9c60edff7af1015cb1a9f96ae/gistfile1.txt

The idea is that this policy.json can be injected via an environment variable or mounted into the container meaning policies stay versioned, declarative, and inspectable. Every request goes through the same decision layer, with default-deny semantics and clear role separation.

It's not meant to replace external IAM systems, but to give small self-contained deployments a simple, auditable policy mechanism.

I'm curious how others view this approach:

• Is injecting a policy file like this too static for real-world setups?

• Would you prefer a dynamic store or API for policies instead?

• Any pitfalls you’ve seen with file-based or declarative access-control systems?

Thanks! I'd really appreciate feedback from anyone who's built fine-grained access control before.

VCF West: Whirlwind Software Restoration – Guy Fedorkow [video]

Show HN: COGext – A minimalist, open-source system monitor for Chrome (<550KB)

FOSDEM 26 – My Hallway Track Takeaways

Show HN: Env-shelf – Open-source desktop app to manage .env files

Show HN: Almostnode – Run Node.js, Next.js, and Express in the Browser

Dell support (and hardware) is so bad, I almost sued them

Project Pterodactyl: Incremental Architecture

Styling: Search-Text and Other Highlight-Y Pseudo-Elements

Crypto firm accidentally sends $40B in Bitcoin to users

Magnetic fields can change carbon diffusion in steel

Fantasy football that celebrates great games

Show HN: Animalese

StrongDM's AI team build serious software without even looking at the code

John Haugeland on the failure of micro-worlds

Show HN: Velocity - Free/Cheaper Linear Clone but with MCP for agents

Corning Invented a New Fiber-Optic Cable for AI and Landed a $6B Meta Deal [video]

Show HN: XAPIs.dev – Twitter API Alternative at 90% Lower Cost

Near-Instantly Aborting the Worst Pain Imaginable with Psychedelics

Show HN: Nginx-defender – realtime abuse blocking for Nginx

The Super Sharp Blade

Smart Homes Are Terrible

What I haven't figured out

KPMG pressed its auditor to pass on AI cost savings

Open-source Claude skill that optimizes Hinge profiles. Pretty well.

First Proof

I squeezed a BERT sentiment analyzer into 1GB RAM on a $5 VPS

Kagi Translate

Building Interactive C/C++ workflows in Jupyter through Clang-REPL [video]

Tactical tornado is the new default

Full-Circle Test-Driven Firmware Development with OpenClaw