Introducing Declarative Policies

Today I am introducing the Feature Policy API, a declarative policy system that gives our SaaS starter kit a plug-and-play way to express business rules.

It launches with team invitations. More features will be migrated to it in the future.

Why Declarative Policies Matter

SaaS teams rarely share the same rulebook. Enterprise customers want domain restrictions, startups want viral invites, and regulated teams need audit trails.

Hardcoding these paths inside controllers forces you to branch or fork the codebase. Makerkit optimizes for extensibility - teams should layer new logic without rewriting internals unless a special case demands it.

The Feature Policy API keeps everything orchestrated in a central registry so you can:

Swap policies without rewriting the core flow
Stage rules for different steps in a journey (preliminary vs submission)
Test policies in isolation
Let customers layer their own requirements without losing upgradeability

FeaturePolicy complements (and never replaces) your database guarantees. Keep enforcing core invariants with Postgres constraints, Supabase policies, and transactional checks—FeaturePolicy orchestrates the API/front-end logic that sits on top of them.

Teams Invitations: the first feature to use Feature Policy

We started with the most common multi-tenant pain point: invitations.

Different teams have different rules for invitations:

Some want to restrict the number of invitations per team
Some want to restrict the number of invitations per subscription status or plan
Others want to validate the email domain
etc.

A SaaS Starter Kit such as Makerkit cannot assume what rules you want to apply to invitations.

Therefore, we have created a declarative policy system that allows you to customize invitations without rewriting internals - e.g. updating the hot paths in the codebase for customizing this behavior.

Registry: packages/features/team-accounts/src/server/policies/invitation-policies.ts
Server usage: Every invitation call now runs through createInvitationsPolicyEvaluator()
DX: Policies return structured allow()/deny() results so you can surface actionable messages in product and logs

API documentation

You can read the full API guide in our documentation.

Roadmap: More Features Using Feature Policy

Invitations are just the start. We are actively staging the same declarative approach for more features.

If there is a flow you want using the new Feature Policy API next, please let me know.

Happy building!

Today I am introducing the Feature Policy API, a declarative policy system that gives our SaaS starter kit a plug-and-play way to express business rules.

It launches with team invitations. More features will be migrated to it in the future.

Why Declarative Policies Matter

SaaS teams rarely share the same rulebook. Enterprise customers want domain restrictions, startups want viral invites, and regulated teams need audit trails.

The Feature Policy API keeps everything orchestrated in a central registry so you can:

Swap policies without rewriting the core flow
Stage rules for different steps in a journey (preliminary vs submission)
Test policies in isolation
Let customers layer their own requirements without losing upgradeability

FeaturePolicy complements (and never replaces) your database guarantees. Keep enforcing core invariants with Postgres constraints, Supabase policies, and transactional checks—FeaturePolicy orchestrates the API/front-end logic that sits on top of them.

Teams Invitations: the first feature to use Feature Policy

We started with the most common multi-tenant pain point: invitations.

Different teams have different rules for invitations:

Some want to restrict the number of invitations per team
Some want to restrict the number of invitations per subscription status or plan
Others want to validate the email domain
etc.

A SaaS Starter Kit such as Makerkit cannot assume what rules you want to apply to invitations.

Registry: packages/features/team-accounts/src/server/policies/invitation-policies.ts
Server usage: Every invitation call now runs through createInvitationsPolicyEvaluator()
DX: Policies return structured allow()/deny() results so you can surface actionable messages in product and logs

API documentation

You can read the full API guide in our documentation.

Roadmap: More Features Using Feature Policy

Invitations are just the start. We are actively staging the same declarative approach for more features.

If there is a flow you want using the new Feature Policy API next, please let me know.

Happy building!

Introducing Declarative Policies

The Feature Policy API brings registry-based, declarative business rules to Makerkit. Customize flows without rewriting internals.

Why Declarative Policies Matter

Teams Invitations: the first feature to use Feature Policy

API documentation

Roadmap: More Features Using Feature Policy

Some other posts you might like...

Introducing Declarative Policies

The Feature Policy API brings registry-based, declarative business rules to Makerkit. Customize flows without rewriting internals.

Why Declarative Policies Matter

Teams Invitations: the first feature to use Feature Policy

API documentation

Roadmap: More Features Using Feature Policy

Some other posts you might like...