SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

got it - that makes sense. going back to a previous conversation - is there any performance penalty for sticking arbitrary metadata into the caveats? i'm wondering if this could be used instead of the `watch_metadata` idea i was proposing for audit information, with the understanding that it's a bit of a hack and outside of the intended use case.

for our purposes, we'd probably be putting `request_timestamp` and `authorizing_user_id` into the field.