SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

So I've got a rule on `deal` that says `permission view = investment->view + sponsor`. I do the permission check using `at_least_as_fresh` set to the max zedtoken of the deal and the user. This doesn't always work right away, because if an investment is added _after_ the deal is created/modified, it has a later zedtoken than either deal or user, and when using `at_least_as_fresh`, spicedb queries postgres based on the max of that zedtoken and whatever _it_ thinks is the latest transaction (e.g. if it hasn't updated from postgres since the last write to `relation_tuple_transaction`)