Static Analysis for Persistence-Layer Authorization: An Offline RLS Linter for pgrls
Row-Level Security is the one Postgres feature that fails silently. A wrong GRANT throws; a wrong RLS policy just returns the wrong rows — sometimes another tenant’s rows — and nothing in the database complains. Review catches the obvious mistakes and misses the structural ones, because the bug is usually a boolean that reads correctly and evaluates wrong. pgrls is a static analyzer for exactly that class of bug, and over the last couple of months I landed a few patches upstream. This is the write-up I wish I’d had going in. Two parts: first the map — what pgrls is and how it fits CI — then the contribution I care most about, an offline lint path that makes gating RLS in CI a zero-dependency step. ...