Skip to main content

Database to ,
In Minutes

A TypeScript toolkit that supercharges Prisma ORM with a powerful access control layer and unleashes its full power for full-stack development.

Built Above Prismafile_type_light_prisma
More Than ORM

Easy Access Control

Easy Access Control

Access control policies right inside your data model. No more brittle imperative authorization code. No more complex SQL Row-Level-Security rules.

Generated API & Hooks

Generated API & Hooks

CRUD APIs and frontend hooks are automatically generated. With access control support, the APIs are safe to be called directly from the frontend.

E2E Type Safety

E2E Type Safety

No more duplicating type definitions and syncing changes. Use one single toolkit to generate types for your entire stack and enjoy flawless auto-completion.

Empower Every Layer of Your Stack


ORM With Access Control

ZenStack extends Prisma ORM with a powerful access control layer. By defining policies right inside the data model, your schema becomes the single source of truth. By using a policy-enabled database client, you can enjoy the same Prisma API you already love, with ZenStack automagically enforcing access control rules. Its core is framework-agnostic and runs wherever Prisma runs.

supercharged ormLearn More →

Automatic CRUD API

Wrapping APIs around a database is tedious and error-prone. ZenStack can introspect the schema and install CRUD APIs to the framework of your choice with just a few lines of code. Thanks to the built-in access control support, the APIs are fully secure and can be directly exposed to the public. What about documentation? Turn on a plugin, and an OpenAPI specification will be generated in seconds.

express.js server adapter
swagger uiLearn More →

Frontend Query Code Generation

Data query and mutation are one of the toughest topics for frontend development. ZenStack simplifies it by generating fully-typed client-side data access code (aka hooks) targeting the data query library of your choice (SWR, TanStack Query, etc.). The hooks call into the automatically generated APIs, which are secured by the access policies.

client hooksLearn More →

Integrated With The Tools You Love

Server & Full-stack


Data Query Client




Voice of Developers

👀 This project by @jiashenggo and @ymcao9 looks really interesting!

✅ Data access rules in the Prisma schema
✅ Custom attributes in the Prisma schema
✅ Fullstack with E2E type-safety

profile picture
Nikolas BurkPrisma

We've launched MermaidChart's team feature using ZenStack.

Thanks for creating such a wonderful product! It was a breeze to adopt, and everyone in the team loves how easy writing the policies are.

profile picture

This library on top of @prisma and @trpcio seems pretty sweet.

Like REALLY nice

Maybe the future

profile picture
Mike Alche ☀️

Authentication and setting policy in ORM layer???

🤯 This is really crazy.

profile picture
Faruk Abdulla MunshiCodebuddy

We have a fairly complex authorization model, and I'm really impressed that ZenStack has the flexibility to support it!

profile picture
LeevisCofounder Ptmind

Thank you @ymc9 and @jiasheng for all the hard work 👏. It's great to have so many features already for a beta. Can't wait for version 1.0 😄.

profile picture