Casbin Roadmap #1608
Description
Casbin Roadmap
This document outlines where we're heading with Casbin. Some of these are actively being worked on, others are more exploratory. Contributions and feedback are always welcome!
Core Engine Improvements
We're looking at making the core engine more powerful and faster.
- Performance Optimization [feature] improve enforcement performance #1616 — There's room to squeeze more performance out of enforcement. Precompiling matcher expressions is one idea, but we're open to other approaches too. If you've profiled Casbin and found bottlenecks, let us know.
- Multi-line Matcher Support [feature] support multiple lines of matcher #1603 — Right now matchers have to be on a single line which can get ugly when they're complex. We want to support splitting them across multiple lines for better readability.
- Rate Limiting Effect [feature] add a new Effect to support rate limiting #1619 — Currently effects are binary (allow/deny). We're exploring adding a rate-based effect so you can say "allow, but only N times per period". This would make Casbin useful for quota enforcement, not just access control.
- Separate Users and Roles [feature] separate users and roles in Casbin #1621 — In the current model, users and roles are kind of treated the same way. We want to make them more distinct which should make RBAC policies cleaner and easier to reason about.
- Effect Conflict Detector [feature] add second default detector: EffectConflictDetector #1666 — Add a second default detector (
EffectConflictDetector) to detect “allow vs explicit deny” conflicts (e.g., a user is allowed directly but denied via a role).
Developer Experience
Making Casbin easier to use and integrate.
- Model Builder [feature] Programmatic model builder #1622 — Writing model files by hand can be error-prone. A programmatic model builder API would help developers construct models in code with proper validation.
- Model Presets [feature] Add experimental RBAC model preset (and optional helpers) #1623 — Most people use one of a few common patterns (basic RBAC, ABAC, etc). We should ship ready-to-use model presets so you don't have to write the same model.conf from scratch every time.
- Test Helpers [feature] Add lightweight authorization test helpers #1624 — Testing authorization logic involves a lot of repetitive
Enforcecalls with limited failure context. We're thinking about a smallauthztestpackage with helpers likeAssertAllow(t, e, "alice", "data1", "read")that give better error messages when things fail.
Observability
Better insight into what Casbin is doing.
- Logger Interface Refactor [feature] refactor the Logger interface to support tracing + metrics + logs of structured JSON, Prometheus, OpenTelemetry #1601 — The current Logger interface is pretty basic. We want to redesign it to support structured logging, tracing, and metrics. Think OpenTelemetry integration, Prometheus exporters, that kind of thing. This would make debugging production issues much easier.
- Prometheus Logger [feature] implement the PrometheusLogger by following the Logger interface #1649 — Implement a
PrometheusLoggerfollowing the (new/updated) Logger interface; planned to live in a separate repo (casbin-prometheus-logger).
Ecosystem & Integrations
Expanding where Casbin can be used.
- MCP Gateway [feature] add the code for mcp-gateway casbin-mcp-gateway#1 — With MCP (Model Context Protocol) becoming a thing for AI tools, we're building a gateway that can authorize MCP requests using Casbin policies. Early days on this one.
- Kubernetes Admission Webhook https://github.com/casbin/casbin-admission-webhook — For folks running Kubernetes, we have an admission webhook that lets you use Casbin policies to control what gets deployed. Still being actively developed.
- Kubernetes CRD-backed Persistence Adapter [feature] add a Kubernetes CRD-backed persistence adapter (casbin-k8s-crd-adapter) for Go Casbin #1674 — Add a Go adapter that loads Casbin policy from Kubernetes Custom Resources (CRDs), emphasizing read-only “CRDs as source of truth” behavior and solid testing.
- Kubernetes Informer-based Watcher for CRD Policy Updates [feature] add a Kubernetes informer-based watcher for CRD policy updates (casbin-k8s-informer-watcher) #1675 — Add a watcher that uses Kubernetes informers/watch primitives to react to CRD changes and keep enforcement state updated safely (incl.
SyncedEnforcercompatibility and tests).
What's Next?
This roadmap isn't set in stone. If there's something you'd like to see, open an issue or start a discussion. PRs are of course welcome for any of the above.