SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

one thing that we're running into is a desire for audit metadata associated with individual relations - an authorizing user, write time, that kind of thing. we wouldn't need or want them to be a part of check requests - the idea is more that it would be attached to the relation during write and visible in a `WatchService` stream such that we could go dump it into an audit topic in kafka. I don't think we'd need to see the metadata anywhere else. it would mean that we don't need to worry about maintaining this information in separate streams (e.g. a second database that we need to sync with SpiceDB). is this possible/desired/somewhere on the roadmap?