Authorization for Ruby on Rails.

Name: Pundit
Author: Varvet

Pundit — open source since 2012

Authorization through plain Ruby objects. No DSLs, no magic, no framework to fight. Just classes you already understand.

Plain objects. No magic.

Pundit does authorization and nothing else. Each policy is a Ruby class you own, test, and reason about. No DSL to learn, no magic to debug.

Born from a real problem.

We built Pundit on client projects in 2012, when authorization kept turning into a tangle no one could read. We wanted policies that stayed clear as the codebase grew, so we wrote them as objects we already understood.

The standard, because it works.

Pundit became the de facto way to handle authorization in Rails. Not because we marketed it. Because it holds up.

100M+Downloads

38,000+Dependent projects

8,500+GitHub Stars

126Contributors

One thing, done well.

Pundit is open source and ships as a gem.

View on RubyGems · Source on GitHub

Pundit is built and maintained by Varvet, a product studio in Sweden. We build Ruby on Rails products. We've kept Pundit small and sharp for over a decade: one tool that does one thing well, not a framework. If you want the people behind it on your Rails codebase, we should talk.

Pundit originated from our blog post on simple authorization in Ruby on Rails apps. What started as a pattern we kept reaching for on client projects became an open source library used by tens of thousands of Rails applications worldwide.