• Blog
  • Documentation
  • Courses
  • Changelog
  • AI Starters
  • UI Kit
  • FAQ
  • Supamode
    New
  • Pricing

Launch your next SaaS in record time with Makerkit, a React SaaS Boilerplate for Next.js and Supabase.

Makerkit is a product of Makerkit Pte Ltd (registered in the Republic of Singapore)Company Registration No: 202407149CFor support or inquiries, please contact us

About
  • FAQ
  • Contact
  • Verify your Discord
  • Consultation
  • Open Source
  • Become an Affiliate
Product
  • Documentation
  • Blog
  • Changelog
  • UI Blocks
  • Figma UI Kit
  • AI SaaS Starters
License
  • Activate License
  • Upgrade License
  • Invite Member
Legal
  • Terms of License

Introducing Declarative Policies

Sep 30, 2025

The Feature Policy API brings registry-based, declarative business rules to Makerkit. Customize flows without rewriting internals.

changelog

Today I am introducing the Feature Policy API, a declarative policy system that gives our SaaS starter kit a plug-and-play way to express business rules.

It launches with team invitations. More features will be migrated to it in the future.

Why Declarative Policies Matter

SaaS teams rarely share the same rulebook. Enterprise customers want domain restrictions, startups want viral invites, and regulated teams need audit trails.

Hardcoding these paths inside controllers forces you to branch or fork the codebase. Makerkit optimizes for extensibility - teams should layer new logic without rewriting internals unless a special case demands it.

The Feature Policy API keeps everything orchestrated in a central registry so you can:

  • Swap policies without rewriting the core flow
  • Stage rules for different steps in a journey (preliminary vs submission)
  • Test policies in isolation
  • Let customers layer their own requirements without losing upgradeability

FeaturePolicy complements (and never replaces) your database guarantees. Keep enforcing core invariants with Postgres constraints, Supabase policies, and transactional checks—FeaturePolicy orchestrates the API/front-end logic that sits on top of them.

Teams Invitations: the first feature to use Feature Policy

We started with the most common multi-tenant pain point: invitations.

Different teams have different rules for invitations:

  • Some want to restrict the number of invitations per team
  • Some want to restrict the number of invitations per subscription status or plan
  • Others want to validate the email domain
  • etc.

A SaaS Starter Kit such as Makerkit cannot assume what rules you want to apply to invitations.

Therefore, we have created a declarative policy system that allows you to customize invitations without rewriting internals - e.g. updating the hot paths in the codebase for customizing this behavior.

  • Registry: packages/features/team-accounts/src/server/policies/invitation-policies.ts
  • Server usage: Every invitation call now runs through createInvitationsPolicyEvaluator()
  • DX: Policies return structured allow()/deny() results so you can surface actionable messages in product and logs

API documentation

You can read the full API guide in our documentation.

Roadmap: More Features Using Feature Policy

Invitations are just the start. We are actively staging the same declarative approach for more features.

If there is a flow you want using the new Feature Policy API next, please let me know.

Happy building!