### Bash Script for Project Setup Source: https://github.com/authzed/docs/blob/main/app/spicedb/tutorials/agentic-rag/page.mdx A bash script to clone the reference implementation, start Docker services, install Python dependencies, configure environment variables, and initialize data. This is the primary setup guide for the application. ```bash # 1. Clone the reference implementation git clone https://github.com/authzed/agentic-rag-weaviate cd agentic-rag-weaviate # 2. Start services (Weaviate + SpiceDB) docker-compose up -d # 3. Install Python dependencies python3 -m venv venv source venv/bin/activate pip install -r requirements.txt # 4. Configure environment cp .env.example .env # Edit .env with your OpenAI API key # 5. Initialize data (loads schema, relationships, and documents) python3 examples/setup_environment.py # 6. Run example queries via CLI python3 examples/basic_example.py # 7. (Optional) Launch the web UI python3 run_ui.py # Opens http://localhost:8000 automatically ``` -------------------------------- ### SpiceDB Serve Examples Source: https://github.com/authzed/docs/blob/main/app/spicedb/concepts/commands/page.mdx Examples for starting the SpiceDB server with different configurations, including TLS and datastore settings. ```bash spicedb serve --grpc-preshared-key "somerandomkeyhere" ``` ```bash spicedb serve --grpc-preshared-key "realkeyhere" \ --grpc-tls-cert-path path/to/tls/cert --grpc-tls-key-path path/to/tls/key \ --http-enabled http-tls-cert-path path/to/tls/cert --http-tls-key-path path/to/tls/key \ --datastore-engine postgres \ --datastore-conn-uri "postgres-connection-string-here" ``` -------------------------------- ### Install Example SpiceDB Deployment with kubectl Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/install/kubernetes/page.mdx Applies an example SpiceDB deployment manifest using kubectl. This is a starting point for those who prefer writing their own Kubernetes manifests. ```sh kubectl apply --server-side -f https://raw.githubusercontent.com/authzed/examples/main/kubernetes/example.yaml ``` -------------------------------- ### Zed Relationship Create Examples Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Examples demonstrating how to create relationships with expiration times and caveats. ```bash zed relationship create document:budget view user:anne --expiration-time "2025-12-31T23:59:59Z" zed relationship create document:budget view user:anne --caveat ip_address:'{"ip": "192.168.0.1"}' ``` -------------------------------- ### Install langchain-spicedb Source: https://github.com/authzed/docs/blob/main/app/spicedb/integrations/langchain-spicedb/page.mdx Install the base library using pip. ```bash pip install langchain-spicedb ``` -------------------------------- ### Start FDW Proxy Server with Binary Source: https://github.com/authzed/docs/blob/main/app/spicedb/ops/postgres-fdw/page.mdx Starts the SpiceDB Postgres FDW proxy server using the SpiceDB binary. This method requires the SpiceDB binary to be installed and in your PATH. Configure SpiceDB API endpoint and access token. ```bash spicedb postgres-fdw \ --spicedb-api-endpoint localhost:50051 \ --spicedb-access-token-secret "somerandomkeyhere" \ --spicedb-insecure \ --postgres-endpoint ":5432" \ --postgres-username "postgres" \ --postgres-access-token-secret "fdw-password" ``` -------------------------------- ### Install SpiceDB using Snap Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/install/debian/page.mdx Installs SpiceDB using the snap package manager. This is a convenient one-command installation method. ```bash sudo snap install spicedb ``` -------------------------------- ### Install Go Authzed Client Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/protecting-a-blog/page.mdx Set up a new Go project and install the Authzed Go client libraries. This includes the main client and gRPC utility packages. ```go mkdir first_app && cd first_app go mod init first_app go get github.com/authzed/authzed-go go get github.com/authzed/grpcutil go mod tidy ``` -------------------------------- ### Install Project Dependencies Source: https://github.com/authzed/docs/blob/main/README.md Installs all necessary project dependencies using pnpm. This command should be run after installing pnpm. ```sh pnpm install ``` -------------------------------- ### Install Zed CLI Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/protecting-a-blog/page.mdx Install the Zed command-line interface using Homebrew and set up a context to connect to your SpiceDB instance. ```sh brew install authzed/tap/zed zed context set ``` -------------------------------- ### Zed CLI Relationship Read Example with Resource ID Prefix Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Example demonstrating how to filter returned relationships by a resource ID prefix using the '%' wildcard. ```bash # To filter returned relationships using a resource ID prefix, append a '%' to the resource ID. zed relationship read document:finance-% ``` -------------------------------- ### Install SpiceDB and Zed using Homebrew Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/install/macos/page.mdx Use this command to install both the SpiceDB server and the Zed command-line tool via Homebrew. ```shell brew install authzed/tap/spicedb authzed/tap/zed ``` -------------------------------- ### SpiceDB Local Instance Output Source: https://github.com/authzed/docs/blob/main/app/spicedb/tutorials/ai-agent-authorization/page.mdx Example output indicating a local SpiceDB instance is running successfully. This confirms the server has started and is ready to accept connections. ```log user @ mac % spicedb serve --grpc-preshared-key "agents" 1:33PM INF configured logging async=false format=auto log_level=info provider=zerolog 1:33PM INF GOMEMLIMIT is updated GOMEMLIMIT=25769803776 package=github.com/KimMachineGun/automemlimit/memlimit previous=922 3372036854775807 1:33PM INF configured opentelemetry tracing endpoint= insecure=false provider=none sampleRatio=0.01 service=spicedb v=0 1:33PM WRN this version of SpiceDB is out of date. See: https://github.com/authzed/spicedb/releases/tag/v1.44.4 latest-rele ased-version=v1.44.4 this-version=v1.42.1 1:33PM INF using memory datastore engine 1:33PM WRN in-memory datastore is not persistent and not feasible to run in a high availability fashion 1:33PM INF configured namespace cache defaultTTL=0 maxCost="32 MiB" numCounters=1000 1:33PM INF schema watch explicitly disabled 1:33PM INF configured dispatch cache defaultTTL=20600 maxCost="13 MiB" numCounters=10000 1:33PM INF configured dispatcher balancerconfig={"loadBalancingConfig":[{"consistent-hashring":{"replicationFactor":100," spread":1}}]} concurrency-limit-check-permission=50 concurrency-limit-lookup-resources=50 concurrency-limit-lookup-subjects=5 0 concurrency-limit-reachable-resources=50 1:33PM INF grpc server started serving addr=:50051 insecure=true network=tcp service=grpc workers=0 1:33PM INF configuration ClusterDispatchCacheConfig.CacheKindForTesting=(empty) ClusterDispatchCacheConfig.Enabled=true ClusterDispatchCacheConfig.MaxCost=70% ClusterDispatchCacheConfig.Metrics=true ClusterDispatchCacheConfig.Name=cluster_dispatch ClusterDispatchCacheConfig.NumCounters=100000 Datastore=nil DatastoreConfig.AllowedMigrations="(slice of size 0)" DatastoreConfig.BootstrapFileContents="(map of size 0)" DatastoreConfig.BootstrapFiles=[] DatastoreConfig.BootstrapOverwrite=false DatastoreConfig.BootstrapTimeout=10000 DatastoreConfig.ConnectRate=100 DatastoreConfig.CredentialsProviderName=(empty) DatastoreConfig.DisableStats=false DatastoreConfig.EnableConnectionBalancing=true DatastoreConfig.EnableDatastoreMetrics=true 1:33PM INF running server datastore=*schemacaching.definitionCachingProxy 1:33PM INF http server started serving addr=:9090 insecure=true service=metrics 1:33PM INF telemetry reporter scheduled endpoint=https://telemetry.authzed.com interval=1h0m0s next=38s ``` -------------------------------- ### Example Composable Schema with Imports and Partials Source: https://github.com/authzed/docs/blob/main/app/spicedb/modeling/composable-schemas/page.mdx Demonstrates how to structure a schema using `import` and `partial` declarations across multiple files. This example shows the source files and the resulting compiled schema. ```zed use import use partial import "./subjects.zed" partial view_partial { relation user: user permission view = user } definition resource { ...view_partial relation organization: organization permission manage = organization } ``` ```zed definition user {} definition organization {} ``` ```zed definition user {} definition organization {} definition resource { relation user: user relation organization: organization permission view = user permission manage = organization } ``` -------------------------------- ### Start Development Server Source: https://github.com/authzed/docs/blob/main/app/spicedb/tutorials/rag-motia-spicedb/page.mdx Starts the Motia development server using npm. This command is used to launch the application and access the Motia Workbench. ```bash npm run dev ``` -------------------------------- ### Install Zed on RPM-based Systems Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Installs the Zed CLI using `dnf` after configuring the Authzed yum repository. ```bash sudo dnf install -y zed ``` -------------------------------- ### Start SpiceDB with Docker (PostgreSQL) Source: https://github.com/authzed/docs/blob/main/app/spicedb/ops/postgres-fdw/page.mdx Starts a SpiceDB instance using Docker with a PostgreSQL datastore for production-ready use. Requires a valid PostgreSQL connection URI and a preshared key. ```bash docker run -d \ --name spicedb \ -p 50051:50051 \ authzed/spicedb serve \ --grpc-preshared-key "somerandomkeyhere" \ --datastore-engine postgres \ --datastore-conn-uri "postgres://user:password@localhost:5432/spicedb?sslmode=disable" ``` -------------------------------- ### Zed CLI Examples Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Demonstrates common Zed CLI commands for managing contexts and checking permissions. ```bash zed context list ``` ```bash zed context set dev localhost:80 testpresharedkey --insecure ``` ```bash zed context set prod grpc.authzed.com:443 tc_zed_my_laptop_deadbeefdeadbeefdeadbeefdeadbeef ``` ```bash zed context use dev ``` ```bash zed permission check --explain document:firstdoc writer user:emilia ``` -------------------------------- ### Install SpiceDB and zed using dnf Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/install/rhel/page.mdx Installs the SpiceDB server and the zed command-line tool using the dnf package manager after the repository has been added. ```sh sudo dnf install -y spicedb zed ``` -------------------------------- ### Datastore Connection Tuning Example Source: https://github.com/authzed/docs/blob/main/app/best-practices/page.mdx Example configuration for tuning SpiceDB connection pools to a datastore. This example assumes a database supporting 200 connections and a cluster with 4 SpiceDB instances, prioritizing read operations. ```sh spicedb serve # other flags here --datastore-conn-pool-read-max-open 30 --datastore-conn-pool-read-min-open 15 --datastore-conn-pool-write-max-open 20 --datastore-conn-pool-write-min-open 10 ``` -------------------------------- ### Install SpiceDB using APT Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/install/debian/page.mdx Installs the SpiceDB package after configuring the APT repository and updating the package cache. This is the standard way to install packages on Debian/Ubuntu. ```bash sudo apt update sudo apt install -y spicedb ``` -------------------------------- ### Start SpiceDB Server (TLS, HTTP, Postgres) Source: https://github.com/authzed/docs/blob/main/app/spicedb/concepts/commands/page.mdx Starts a SpiceDB server with TLS enabled for gRPC and HTTP, using a PostgreSQL datastore. Requires paths to TLS certificates and keys, and a PostgreSQL connection URI. ```bash spicedb serve --grpc-preshared-key "realkeyhere" \ --grpc-tls-cert-path path/to/tls/cert --grpc-tls-key-path path/to/tls/key \ --http-enabled http-tls-cert-path path/to/tls/cert --http-tls-key-path path/to/tls/key \ --datastore-engine postgres \ --datastore-conn-uri "postgres-connection-string-here" ``` -------------------------------- ### Install Zed with Homebrew on macOS Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Installs the Zed CLI on macOS by adding the Authzed Homebrew tap. ```bash brew install authzed/tap/zed ``` -------------------------------- ### Run SpiceDB Schema Setup Source: https://github.com/authzed/docs/blob/main/app/spicedb/tutorials/rag-motia-spicedb/page.mdx Executes the 'setup-spicedb-schema.ts' script using npm to write the authorization schema to SpiceDB. ```bash # Write schema to SpiceDB npm run spicedb:setup ``` -------------------------------- ### Zed CLI Relationship Touch Examples Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Examples of using the `zed relationship touch` command, including setting an expiration time and applying a caveat. ```bash zed relationship touch document:budget view user:anne --expiration-time "2025-12-31T23:59:59Z" zed relationship touch document:budget view user:anne --caveat ip_address:'{"ip": "192.168.0.1"}' ``` -------------------------------- ### Importing from Playground Link Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Example of importing schema and relationships from an Authzed Playground link. ```bash zed import https://play.authzed.com/s/iksdFvCtvnkR/schema ``` -------------------------------- ### SpiceDBCluster Configuration Example Source: https://github.com/authzed/docs/blob/main/app/spicedb/ops/operator/page.mdx This example shows how to configure a SpiceDB cluster using the `SpiceDBCluster` custom resource. It sets the number of replicas, the datastore engine, and the log level. ```yaml apiVersion: authzed.com/v1alpha1 kind: SpiceDBCluster metadata: name: dev spec: config: replicas: 2 datastoreEngine: cockroachdb logLevel: debug ``` -------------------------------- ### Importing from Local File (with prefix) Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Example of importing schema and relationships from a local file using the 'file://' prefix. ```bash zed import file:///Users/zed/Downloads/authzed-x7izWU8_2Gw3.yaml ``` -------------------------------- ### Importing from Pastebin Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Example of importing schema and relationships from a Pastebin URL. ```bash zed import https://pastebin.com/8qU45rVK ``` -------------------------------- ### Install Zed on Debian-based Systems Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Updates the package cache and installs the Zed CLI after configuring the Authzed APT repository. ```bash sudo apt update sudo apt install -y zed ``` -------------------------------- ### Start SpiceDB with Docker (In-Memory) Source: https://github.com/authzed/docs/blob/main/app/spicedb/ops/postgres-fdw/page.mdx Starts a SpiceDB instance using Docker with in-memory storage for development purposes. Ensure the port is exposed and note the preshared key. ```bash docker run -d \ --name spicedb \ -p 50051:50051 \ authzed/spicedb serve \ --grpc-preshared-key "somerandomkeyhere" \ --datastore-engine memory ``` -------------------------------- ### Install SpiceDB Testcontainer for Python Source: https://github.com/authzed/docs/blob/main/app/spicedb/integrations/testcontainers/page.mdx Install the necessary Python modules for using SpiceDB with Testcontainers and the Authzed client. ```bash pip install testcontainers-spicedb ``` ```bash pip install authzed ``` -------------------------------- ### Zed Validate Examples Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Examples demonstrating how to use the `zed validate` command with different sources like local files, gists, and pastebin links. ```bash zed validate file:///Users/zed/Downloads/authzed-x7izWU8_2Gw3.yaml ``` ```bash zed validate authzed-x7izWU8_2Gw3.yaml ``` ```bash zed validate https://gist.github.com/ecordell/8e3b613a677e3c844742cf24421c08b6 ``` ```bash zed validate https://play.authzed.com/s/iksdFvCtvnkR/schema ``` ```bash zed validate https://pastebin.com/8qU45rVK ``` -------------------------------- ### Start SpiceDB Server (No TLS, In-Memory) Source: https://github.com/authzed/docs/blob/main/app/spicedb/concepts/commands/page.mdx Starts a SpiceDB server using an in-memory datastore and no TLS encryption. A pre-shared key is required for gRPC authentication. ```bash spicedb serve --grpc-preshared-key "somerandomkeyhere" ``` -------------------------------- ### Importing from Gist Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Example of importing schema and relationships from a GitHub Gist. ```bash zed import https://gist.github.com/ecordell/8e3b613a677e3c844742cf24421c08b6 ``` -------------------------------- ### Importing with Schema Definition Prefix Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Example of importing schema with a specified prefix for its definitions. ```bash zed import --schema-definition-prefix=mypermsystem file:///Users/zed/Downloads/authzed-x7izWU8_2Gw3.yaml ``` -------------------------------- ### Connect to the FDW Source: https://github.com/authzed/docs/blob/main/app/spicedb/ops/postgres-fdw/page.mdx Example command to connect to the SpiceDB FDW using psql. ```bash psql -h localhost -p 5432 -U postgres -d ignored # Password: fdw-password ``` -------------------------------- ### Importing from Local File (no prefix) Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Example of importing schema and relationships from a local file without a prefix. ```bash zed import authzed-x7izWU8_2Gw3.yaml ``` -------------------------------- ### Rate Limit Configuration Examples Source: https://github.com/authzed/docs/blob/main/app/authzed/concepts/rate-limiting/page.mdx Define global, per-endpoint, and per-service-account rate limits using YAML. This includes examples for matching specific endpoints, multiple endpoints, and bucketing by service account. ```yaml rate_limits: # Global rate limit (applies to all requests) - id: "global-limit" displayName: "Global API Rate Limit" match: all: true limit: unit: "second" requests_per_unit: 1000 # Per-endpoint rate limit - id: "check-permission-limit" displayName: "CheckPermission Rate Limit" match: endpoint: ["CheckPermission"] limit: unit: "second" requests_per_unit: 500 # Multiple endpoints - id: "read-endpoints-limit" displayName: "Read Endpoints Rate Limit" match: endpoint: - "CheckPermission" - "ReadRelationships" limit: unit: "second" requests_per_unit: 1000 # Per-service-account with bucketing - id: "sa-limit" displayName: "Service Account Limit" match: service_account: ["high-volume-client"] bucket_by: service_account: true limit: unit: "minute" requests_per_unit: 10000 # Using headers for tenant-based rate limiting - id: "tenant-limit" displayName: "Per-Tenant Rate Limit" match: endpoint: - "CheckPermission" - "ReadRelationships" bucket_by: request: 'headers["x-tenant-id"]' limit: unit: "second" requests_per_unit: 100 ``` -------------------------------- ### Example Token Hash Source: https://github.com/authzed/docs/blob/main/app/authzed/concepts/restricted-api-access/page.mdx This is the output of the SHA256 hash command, which can be referenced in static configuration. ```text 71c73ba92f2032416b18a4f4fffb2a825755bea6a8430f2622ab1f3fb35a10d0 ``` -------------------------------- ### Start SpiceDB Dev MCP Server Source: https://github.com/authzed/docs/blob/main/app/mcp/authzed/spicedb-dev-mcp-server/page.mdx Run this command to start the local in-memory SpiceDB development server. The server is accessible via HTTP at http://localhost:9999/mcp. ```bash zed mcp experimental-run ``` -------------------------------- ### Install SpiceDB Node.js Client Source: https://github.com/authzed/docs/blob/main/app/spicedb/tutorials/rag-motia-spicedb/page.mdx Add the official Authzed Node.js client to your project dependencies. ```bash npm install @authzed/authzed-node ``` -------------------------------- ### Writing schema from a file Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Example of writing a schema definition from a local file named 'schema.zed'. ```bash zed schema write schema.zed ``` -------------------------------- ### Example CLI Output for Scenario 1 Source: https://github.com/authzed/docs/blob/main/app/spicedb/tutorials/agentic-rag/page.mdx Demonstrates the expected output from the `basic_example.py` script for a scenario involving department access, showing retrieved, authorized, and denied documents, followed by an AI-generated answer. ```text SCENARIO 1: Department Access - Engineering Query: What are our microservices architecture patterns? User: alice Results: - Retrieved: 3 documents - Authorized: 2 documents - Denied: 1 document Answer: Based on the engineering documents... ``` -------------------------------- ### Run Development Server Source: https://github.com/authzed/docs/blob/main/README.md Starts a local development server to preview the documentation website. The site will be accessible at http://localhost:3000. ```sh pnpm run dev ``` -------------------------------- ### Importing from Local Devtools Instance Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Example of importing schema and relationships from a local SpiceDB devtools instance. ```bash zed import https://localhost:8443/download ``` -------------------------------- ### Install pnpm Source: https://github.com/authzed/docs/blob/main/README.md Installs the pnpm package manager using Homebrew. This is a prerequisite for installing project dependencies. ```sh brew install pnpm ``` -------------------------------- ### Test SpiceDB Connectivity with Zed Source: https://github.com/authzed/docs/blob/main/app/spicedb/ops/postgres-fdw/page.mdx Command-line examples using the 'zed' tool to test connectivity and schema with SpiceDB. ```bash # Test SpiceDB connectivity using zed zed context set local localhost:50051 "somerandomkeyhere" --insecure zed schema read ``` -------------------------------- ### Start Docker Compose Stack Source: https://github.com/authzed/docs/blob/main/app/spicedb/ops/postgres-fdw/page.mdx Command to start the Docker Compose services in detached mode. ```bash docker-compose up -d ``` -------------------------------- ### Install SpiceDB Operator Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/install/kubernetes/page.mdx Installs the latest version of the SpiceDB Operator. This is the recommended method for production deployments. ```sh kubectl apply --server-side -f https://github.com/authzed/spicedb-operator/releases/latest/download/bundle.yaml ``` -------------------------------- ### WatchPermissionSets Request Source: https://github.com/authzed/docs/blob/main/app/authzed/concepts/authzed-materialize/page.mdx Optional starting revision for streaming changes. If omitted, streaming starts from the latest revision. ```json { "optional_starting_after": "the_zed_token" } ``` -------------------------------- ### Run SpiceDB Server Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/protecting-a-blog/page.mdx Start a local instance of the SpiceDB server with a preshared key for authentication. This is useful for local development and testing. ```bash # Using the binary spicedb serve --grpc-preshared-key "t_your_token_here_1234567deadbeef" ``` ```bash # Using Docker docker run --rm -p 50051:50051 authzed/spicedb serve --grpc-preshared-key "t_your_token_here_1234567deadbeef" ``` -------------------------------- ### Install Ruby Authzed Client Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/protecting-a-blog/page.mdx Install the Authzed Ruby gem. This is necessary for integrating SpiceDB with Ruby applications. ```ruby gem install authzed ``` -------------------------------- ### Create Sample Permissions in SpiceDB Source: https://github.com/authzed/docs/blob/main/app/spicedb/tutorials/rag-motia-spicedb/page.mdx Executes the 'create-sample-permissions.ts' script using npm to set up sample users and permissions in SpiceDB for testing purposes. ```bash npm run spicedb:sample ``` -------------------------------- ### Install cert-manager Source: https://github.com/authzed/docs/blob/main/app/spicedb/ops/eks/page.mdx Apply the official cert-manager manifests to install it on your EKS cluster. Ensure you have the correct context set. ```sh kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml ``` -------------------------------- ### Install tsx for Script Runner Source: https://github.com/authzed/docs/blob/main/app/spicedb/tutorials/rag-motia-spicedb/page.mdx Installs the 'tsx' package as a development dependency, which is used to run TypeScript scripts directly. ```bash npm install -D tsx ``` -------------------------------- ### Compile Schema Examples Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Demonstrates different ways to use the `zed schema compile` command, including outputting to stdout, redirected stdout, and a file. ```bash zed schema compile root.zed zed schema compile schema.zed 1> compiled.zed zed schema compile root.zed --out compiled.zed ``` -------------------------------- ### Install postgres_fdw Extension Source: https://github.com/authzed/docs/blob/main/app/spicedb/ops/postgres-fdw/page.mdx Installs the necessary postgres_fdw extension in your PostgreSQL database. Ensure the extension is available in your PostgreSQL environment. ```sql CREATE EXTENSION IF NOT EXISTS postgres_fdw; ``` -------------------------------- ### Install SpiceDB with Chocolatey Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/install/windows/page.mdx Use this command to install the latest version of SpiceDB using the Chocolatey package manager on Windows. ```powershell choco install spicedb ``` -------------------------------- ### Zed Backup Create Options Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Configure the backup creation process with options like page limit, prefix filtering, and prefix replacements. ```bash --page-limit uint32 defines the number of relationships to be read by requested page during backup --prefix-filter string include only schema definitions and relationships with a given prefix --prefix-replacements stringToString potentially modify the schema to replace desired prefixes (default []) ``` -------------------------------- ### SQL Filtering Clause Example Source: https://github.com/authzed/docs/blob/main/app/spicedb/modeling/protecting-a-list-endpoint/page.mdx An example of how the `accessible_resource_ids` from LookupResources can be used to construct a SQL WHERE clause for fetching resources from a database. ```sql WHERE id = ANY(ARRAY[]) ``` -------------------------------- ### Navigate to Motia Project Directory Source: https://github.com/authzed/docs/blob/main/app/spicedb/tutorials/rag-motia-spicedb/page.mdx Change into the newly created Motia project directory. ```bash cd harvest-logbook-rag ``` -------------------------------- ### Install Python Authzed Client Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/protecting-a-blog/page.mdx Install the Authzed Python client library using pip. This enables integration with Python applications. ```python pip install authzed ``` -------------------------------- ### SpiceDB Server Startup Logs Source: https://github.com/authzed/docs/blob/main/app/spicedb/ops/observability/page.mdx These logs show the initialization process of a SpiceDB server, including datastore configuration, cache settings, and server startup. They indicate the operational status and configuration choices made during startup. ```log [90m8:00PM [0m [32mINF [0m using memory datastore engine [90m8:00PM [0m [31mWRN [0m in-memory datastore is not persistent and not feasible to run in a high availability fashion [90m8:00PM [0m [32mINF [0m configured namespace cache [36mdefaultTTL= [0m0 [36mmaxCost= [0m"32 MiB" [36mnumCounters= [0m1000 [90m8:00PM [0m [32mINF [0m datastore driver explicitly asked to skip schema watch [36mdatastore-type= [0m*memdb.memdbDatastore [90m8:00PM [0m [32mINF [0m configured dispatch cache [36mdefaultTTL= [0m20600 [36mmaxCost= [0m"7.6 GiB" [36mnumCounters= [0m10000 [90m8:00PM [0m [32mINF [0m configured dispatcher [36mbalancerconfig= [0m{"loadBalancingConfig":[{"consistent-hashring":{"replicationFactor":100,"spread":1}}]} [36mconcurrency-limit-check-permission= [0m50 [36mconcurrency-limit-lookup-resources= [0m50 [36mconcurrency-limit-lookup-subjects= [0m50 [36mconcurrency-limit-reachable-resources= [0m50 [90m8:00PM [0m [32mINF [0m grpc server started serving [36maddr= [0m:50051 [36minsecure= [0mtrue [36mnetwork= [0mtcp [36mservice= [0mgrpc [36mworkers= [0m0 [90m8:00PM [0m [32mINF [0m running server [36mdatastore= [0m*proxy.observableProxy [90m8:00PM [0m [32mINF [0m checking for startable datastore [90m8:00PM [0m [32mINF [0m http server started serving [36maddr= [0m:9090 [36minsecure= [0mtrue [36mservice= [0mmetrics [90m8:00PM [0m [32mINF [0m telemetry reporter scheduled [36mendpoint= [0mhttps://telemetry.authzed.com [36minterval= [0m1h0m0s [36mnext= [0m1m35s [90m8:00PM [0m [32mINF [0m received interrupt [90m8:00PM [0m [32mINF [0m shutting down [90m8:00PM [0m [32mINF [0m http server stopped serving [36maddr= [0m:9090 [36mservice= [0mmetrics [90m8:00PM [0m [32mINF [0m grpc server stopped serving [36maddr= [0m:50051 [36mnetwork= [0mtcp [36mservice= [0mgrpc ``` -------------------------------- ### Example Restricted API Access Token Source: https://github.com/authzed/docs/blob/main/app/authzed/concepts/restricted-api-access/page.mdx This is an example of a Restricted API Access Token format. It should be provided in the Authorization header of API requests. ```text sdbst_h256_thisisnotaverysecuresecret ``` -------------------------------- ### Example CLI Output for Scenario 7 Source: https://github.com/authzed/docs/blob/main/app/spicedb/tutorials/agentic-rag/page.mdx Illustrates the expected output for an access denial scenario, where a user attempts to access restricted information. The output details the number of documents retrieved, authorized, and denied, along with a message indicating lack of access. ```text SCENARIO 7: Access Denial Query: What are all the sales playbooks? User: alice Results: - Retrieved: 3 documents - Authorized: 0 documents - Denied: 3 documents Answer: I don't have access to the sales documents needed to answer this question. This information is restricted to the sales department. Would you like help finding... ``` -------------------------------- ### Install Node.js Authzed Client Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/protecting-a-blog/page.mdx Install the Authzed Node.js client library using npm. This is required for integrating SpiceDB with JavaScript and TypeScript applications. ```sh # JavaScript and TypeScript npm i @authzed/authzed-node ``` -------------------------------- ### Install SpiceDB Operator using Helm Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/install/kubernetes/page.mdx Installs or upgrades the SpiceDB Operator using the community-maintained Helm chart. Use with caution as it is not officially supported. ```sh helm repo upgrade --install ... $RELEASE spicedb-operator-chart/spicedb-operator ``` -------------------------------- ### Build Zed from Source Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Builds the Zed binary from the cloned source code using Mage. ```bash cd zed go build ./cmd/zed ``` -------------------------------- ### CheckPermissionRequest Example Source: https://github.com/authzed/docs/blob/main/app/spicedb/ops/load-testing/page.mdx An example of a CheckPermissionRequest used to illustrate how relationship cardinality affects performance. This request checks if 'evan' has 'view' permission on 'document:somedocument'. ```proto CheckPermissionRequest { resource: ObjectReference { object_type: 'document' object_id: 'somedocument' } permission: 'view' subject: SubjectReference{ object: ObjectReference { object_type: 'user' object_id: 'evan' } } } ``` -------------------------------- ### Create and Populate Local Document Table Source: https://github.com/authzed/docs/blob/main/app/spicedb/ops/postgres-fdw/page.mdx Example of creating a local PostgreSQL table to store document metadata and inserting initial data. ```sql -- First, create a local table with document metadata CREATE TABLE document ( id text PRIMARY KEY, title text NOT NULL, contents text NOT NULL ); -- Insert some documents INSERT INTO document (id, title, contents) VALUES ('firstdoc', 'Document 1', 'Contents of document 1'), ('seconddoc', 'Document 2', 'Contents of document 2'), ('thirddoc', 'Document 3', 'Contents of document 3'); ``` -------------------------------- ### Start Postgres FDW with SpiceDB Binary Source: https://github.com/authzed/docs/blob/main/app/authzed/guides/postgres-fdw/page.mdx Launches the SpiceDB Postgres FDW proxy server using the SpiceDB binary. Replace placeholder values with your AuthZed endpoint and token. ```bash spicedb postgres-fdw \ --spicedb-api-endpoint grpc.authzed.com:443 \ --spicedb-access-token-secret "sdbst_h256_yoursecrettoken" \ --postgres-endpoint ":5432" \ --postgres-username "postgres" \ --postgres-access-token-secret "your-fdw-password" ``` -------------------------------- ### Run Local SpiceDB Instance Source: https://github.com/authzed/docs/blob/main/app/spicedb/tutorials/ai-agent-authorization/page.mdx Start a local instance of SpiceDB with a pre-shared key for secure communication. This command is used to set up the authorization backend for the AI agent. ```bash spicedb serve --grpc-preshared-key "agents" ``` -------------------------------- ### Bash Command to Start FastAPI Server Manually Source: https://github.com/authzed/docs/blob/main/app/spicedb/tutorials/agentic-rag/page.mdx Manually starts the FastAPI server using uvicorn for development or deployment. This command allows for hot-reloading and specifies the host and port. ```bash uvicorn api.main:app --reload --host 0.0.0.0 --port 8000 ``` -------------------------------- ### Basic Self-Hosted Rate Limiting Setup Source: https://github.com/authzed/docs/blob/main/app/authzed/concepts/rate-limiting/page.mdx Configure basic rate limiting for self-hosted SpiceDB Enterprise by specifying a path to a YAML configuration file. ```bash spicedb serve \ --rate-limit-config=/path/to/config.yaml \ ... ``` -------------------------------- ### Check Zed CLI Version Source: https://github.com/authzed/docs/blob/main/app/mcp/authzed/spicedb-dev-mcp-server/page.mdx Verify your Zed CLI installation by checking its version. This is a common first step in troubleshooting server startup issues. ```bash zed version ``` -------------------------------- ### Subject Relations Schema Example Source: https://github.com/authzed/docs/blob/main/app/spicedb/concepts/schema/page.mdx Illustrates how to define relationships using subject relations, allowing one definition to be connected to another via a relationship. This example shows users, groups, and document editors. ```zed definition user {} definition group { relation member: user } definition document { relation editor: group#member permission edit = editor } ``` -------------------------------- ### Start Jupyter Notebook Source: https://github.com/authzed/docs/blob/main/app/spicedb/tutorials/ai-agent-authorization/page.mdx Launch the AI agent authorization Jupyter Notebook locally. This notebook contains step-by-step instructions for implementing the RAG pipeline with SpiceDB. ```bash jupyter ai-agent-authz-v2.ipynb ``` -------------------------------- ### Importing Only Relationships Source: https://github.com/authzed/docs/blob/main/app/spicedb/getting-started/installing-zed/page.mdx Example of importing only the relationships from a local file. ```bash zed import --schema=false file:///Users/zed/Downloads/authzed-x7izWU8_2Gw3.yaml ```