Auth & Security

Byline takes access control and provenance seriously by default rather than as a bolt-on. This section covers both halves: deciding what an actor is allowed to do, and keeping a faithful record of what actually happened.

Authentication & Authorization — actors and RequestContext, the ability registry, two-layer enforcement, read-side row scoping via beforeRead, field redaction via afterRead, and pluggable session providers. Includes worked access-control recipes.
Auditability — the per-version acting-user trail and the document-level audit log, plus the history and activity views built on top of them.