Alice Chen

Log in as alice@example.com and edit this post. Log in as bob and PATCH the same id — Bunderstack returns 403. That is row-level security.

Follows, likes, retweets, and threaded replies — all plain Drizzle tables with ownerColumn access. Compose Twitter-style UX on top.

Use defineAccess() when conventions are not enough: follows use followerId, auth tables stay sealed unless exposeAuthTable.

Add a userId column and owner-scoped update/delete kick in automatically. Public list/get, authenticated create, owner mutations.

Define tables in Drizzle — Bunderstack mounts GET/POST/PATCH/DELETE at /api/:table. No hand-written route boilerplate.