🌟 Community Feature Challenge: OpenFGA 🌟

[gemanor]

Are you using OpenFGA? Feeling like you can get better from it? This is one of our 10 community feature challenges, and we want your input on how we can enhance the usability of the OpenFGA service. This is a space for you to share your ideas on what would make this part of the CLI even better!

How to Participate

• Submit Your Proposal: Comment below with your detailed feature idea. Be sure to explain how it would work and why it would be valuable for users.
• Vote for Your Favorites: Show support for your favorite ideas by upvoting them. Your votes will help us identify the most impactful proposals.
• Win a Bounty: The idea with the most upvotes will be selected, and we’ll put a bounty on it! This means that you (or another contributor) could bring this feature to life and earn a reward.

Why Join In?

• Shape the Future: Your input will directly influence Permit CLI’s growth.
• Community Recognition: Contributing ideas or supporting others’ ideas lets you stand out as a valuable community member.
• Collaborative Ownership: Together, we’ll build a CLI that truly reflects the community’s needs and creativity.

What’s Next?

We’ll keep this challenge open for proposals and upvotes until November 10th, 2024. Once the top idea is chosen, we’ll update this issue with details on the bounty and the next steps for development.

Thank you for helping us make the Permit CLI even better. We can’t wait to see what you come up with! 🌟

[gemanor]

/bounty 200

[algora-pbc]

💎 $200 bounty • Permit.io

Steps to solve:

1. Start working: Comment /attempt #6 with your implementation plan
2. Submit work: Create a pull request including /claim #6 in the PR body to claim the bounty
3. Receive payment: 100% of the bounty is received 2-5 days post-reward. Make sure you are eligible for payouts

Thank you for contributing to permitio/permit-cli!

Add a bounty • Share on socials

Attempt	Started (GMT+0)	Solution
🔴 @35C4n0r	Oct 28, 2024, 4:00:38 PM	WIP
🟢 @lota02	Oct 29, 2024, 6:25:52 PM	WIP
🟢 @hoklims	Nov 20, 2024, 6:38:21 AM	WIP
🟢 @zelosleone	Dec 14, 2024, 4:00:52 PM	WIP

[35C4n0r]

/attempt #6

Algora profile	Completed bounties	Tech	Active attempts	Options
@35C4n0r	30 bounties from 5 projects	Python, TypeScript, HTML & more		Cancel attempt

[35C4n0r]

Cancelling my attempt, I accidentally commented on the wrong issue.

[lota02]

/attempt #6
Proposal: Enhanced Policy Visualization and Testing Tool
Description: Introduce a graphical interface within the OpenFGA CLI for visualizing and testing authorization policies.

How It will work

• Policy Visualization: Users can run a command like openfga visualize to generate a visual representation of the policy, showing relationships between users, roles, and resources. This could be a flowchart or graph format, making it easier to understand complex policies.
• Policy Testing: Implement a testing feature (openfga test ) that allows users to simulate scenarios by inputting user roles and actions to see if access is granted or denied. Users receive detailed feedback on the evaluation process.

BENEFITS
This enhancement simplifies the policy management process, making it easier for users to understand and validate their policies, leading to improved security and user experience.

Options

• Cancel my attempt

[hoklims]

/attempt #6

I've been using OpenFGA for a while now, and I've noticed that defining authorisation models through the CLI can be a bit daunting, especially for newbies. So I have an idea that I think could make everyone's life easier:

Interactive Model Wizard for OpenFGA CLI

The Problem: Let's face it - writing permission models from scratch can be tricky. We've all been there, staring at the terminal, trying to remember the exact syntax or wondering if our relationships make sense.

My Solution: What if we had an interactive CLI command that walked you through building your authorisation models? Think of it as having a friendly expert sitting next to you! Here's how it would work:

# Just type this to start the interactive experience
openfga model interactive

What would it do? 🛠️

1. Interactive Tutorial

   • Ask you simple questions about what you're trying to build
   • Suggests common patterns based on your needs
   • Validates your input as you go (no more syntax errors!)

2. Real-time Visualisation

   • Shows you a clean ASCII diagram of your model right in the terminal

   User ---(can_edit)---> Document
     |
     +--(member_of)---> Group ---(can_view)---> Document
   

   • Updates live as you make changes (super satisfying to watch!)

3. Built-in Validation

   • Catch errors before they become problems
   • Suggests fixes when something looks wrong
   • Automatically tests your model

Why You'll Love It ❤️

• Saves Time: No more googling for syntax or examples
• Reduces Errors: Validation as you go means fewer headaches later on
• Perfect for Learning: Great for beginners and experts alike
• Keeps You in the Flow: Everything happens right in your terminal

Implementation

This would be a focused addition to the CLI - something that could realistically be built as a bounty project. It's not trying to boil the ocean, just make our daily work with OpenFGA smoother and more enjoyable.

If you've ever wished for a more intuitive way to create authorisation models, vote this up! I'd also love to hear your thoughts and suggestions in the comments. Let's make OpenFGA even better together! 🚀

---

This version:

• ✅ Focuses strictly on CLI improvements
• ✅ Keeps it realistic for a bounty project
• ✅ Addresses a common pain point
• ✅ Uses a friendly, conversational tone
• ✅ Makes it easy to understand the value
• ✅ Encourages community involvement

Options

• Cancel my attempt

[gemanor]

Hey, @lota02 and @hoklims - your proposals look good, but they are too broad, IMO. Please provide a practical implementation guide/design review for your proposed feature here. We will go with the more coherent one/with the better timeline estimations.

[hoklims]

Hey, @lota02 and @hoklims - your proposals look good, but they are too broad, IMO. Please provide a practical implementation guide/design review for your proposed feature here. We will go with the more coherent one/with the better timeline estimations.

---

Proposal: An Interactive Model-Building Assistant for the OpenFGA CLI

Defining authorization models by hand in the CLI can feel like solving a puzzle in the dark. While OpenFGA is powerful, starting from scratch—especially for newcomers—often leads to trial and error. Let’s introduce an interactive assistant that guides you step-by-step, checks for errors, and even provides a visual map, all within the CLI.

Command Example:

openfga model interactive

Key Features

1. Guided Entity and Relationship Setup:
   The assistant asks about your main entities (e.g., User, Document, Group) and the permissions or relationships you want to establish. It’s a conversation, not a guessing game.

2. Common Patterns and Validation:
   Unsure about the right permissions? The assistant suggests common patterns and validates them on the spot, preventing logical missteps before they happen.

3. Real-Time ASCII Diagrams:
   Each time you add or adjust a relationship, an ASCII diagram updates in real-time. It’s a quick, visual sanity check—no more losing track of what connects where.

   For example:

   User ---(can_edit)---> Document
     |
     +--(member_of)---> Group ---(can_view)---> Document
   

4. Immediate Feedback and Error Checking:
   The assistant flags inconsistencies as you go. Think of it as a built-in proofreader, catching syntax and logic issues early.

5. Scenario Testing:
   Check if “Alice can edit Document X” right away, without leaving the CLI. Confirm your rules work as intended before rolling them out.

6. Easy Export:
   Once satisfied, export the finished model as JSON or YAML, ready to use. It’s a clean handoff from prototype to production.

Design & UX Considerations

• User-Friendly:
  Instead of memorizing syntax, you answer prompts and see immediate results. If something’s off, the assistant guides you back on track.

• Smart Suggestions:
  With common patterns and best-practice hints, you reduce the risk of granting unintended permissions.

• Seamless Integration:
  This enhances your existing workflow. It uses OpenFGA’s capabilities under the hood, so you’re not learning an entirely new tool—just a friendlier interface.

Implementation Roadmap

Phase 1 (2-3 weeks):

• Build a minimal prototype: entity definitions, basic relationships, simple ASCII diagram.
• Choose a CLI framework (e.g., Cobra for Go) and establish the workflow.

Phase 2 (3-4 weeks):

• Add advanced validation for semantic checks.
• Integrate scenario testing (“Can Alice do X?”) for immediate logic checks.
• Refine the UX: auto-suggestions, instant feedback, clearer error messages.

Phase 3 (2 weeks):

• Provide thorough documentation, examples, and quick-start guides.
• Conduct extensive testing—both automated and real-world—and fix any issues.
• Release a stable version.

Total Time Estimate: Approximately 7-9 weeks from concept to a stable release.

[gemanor]

@hoklims do you plan to add it yourself?

[hoklims]

@hoklims do you intend to add it yourself?

Not my self, I'm taking part just to respond to the community challenge

[zelosleone]

/attempt #6

Proposal: Enhanced PDP Analytics and Monitoring System for Permit CLI

Current State Analysis

Currently, project already has:

• Basic PDP check functionality
• Environment selection/management
• API integration layer
• Authentication handling

Explanation

Enhance the existing PDP functionality with real-time analytics, monitoring, and visualization capabilities.

Key Features

1. Extended PDP Commands

// Existing PDP check command
permit pdp check -u user -a action -r resource

// Proposed new commands
permit pdp monitor         // Real-time monitoring dashboard
permit pdp stats          // Historical analytics view
permit pdp alerts         // Alert configuration and viewing

2. Analytics Integration

Build upon existing API infrastructure to add:

• Decision tracking
• Pattern analysis
• Performance metrics
• Usage statistics

3. Real-Time Monitoring

Leverage existing environment management to provide:

• Live decision stream
• Resource access patterns
• Error rate tracking
• Latency monitoring

Implementation Timeline

Phase 1 (2 weeks)

• Extend PDP command structure
• Add basic metrics collection
• Implement data storage layer

Phase 2 (3 weeks)

• Build analytics engine
• Add visualization components
• Implement real-time updates

Phase 3 (2 weeks)

• Add alerting system
• Create reporting features
• Add configuration options

Phase 4 (1 week)

• Testing & documentation
• Performance optimization
• Release preparation

Technical Integration

Can leverage existing:

• API client architecture
• Authentication system
• Environment management
• CLI command structure

Business Value

1. Improved Visibility:

• Real-time access pattern monitoring
• Quick anomaly detection
• Usage trend analysis

2. Enhanced Security:

• Immediate policy violation alerts
• Access pattern anomaly detection
• Comprehensive audit trails

3. Better Operations:

• Performance monitoring
• Resource usage optimization
• Faster troubleshooting

Additional Comment

This enhancement would transform the CLI from a basic utility tool into a comprehensive monitoring and analytics platform, providing immediate value for security teams and developers.

Options

• Cancel my attempt

[gemanor]

Hey, @zelosleone , thanks for the proposal.
Unfortunately, this issue is about adding support in OpenFGA, and some of the features you proposed require deep integration with the PDP logs/stdout, which is not a priority right now.
I'm inviting you to join one of our other bounties. Looking forward to see you particiapting.