datomic

braai engineer 2026-03-15T21:24:56.677989Z

http://explorer.eacl.dev/ is now online, demoing the latest https://github.com/theronic/eacl v7 (Enterprise Access ControL). EACL is a situated ReBAC authorization library based on SpiceDB, built in Clojure and backed by Datomic. EACL is tuned for Datomic Pro, but I ported EACL to DataScript this week so you can play with it in the browser (mainly because it saves me money on hosting a Datomic cluster.) The performance of EACL DataScript scales similarly to Datomic Pro because it's heterogeneous tuples all the way down, but Datomic Pro or Datomic Cloud is way faster, because concurrency ๐Ÿ™‚. Typically 0.5-3ms for eacl/lookup-resources to query 20 items from 700k resources (typical workloads). For a super admin (who can see everything), you can expect 30-100ms for page of 20. But you won't fit 700k resources into client-side DataScript. You should be able to go up to 200k client-side. Rationale for EACL here: http://eacl.dev.

๐Ÿ‘ 2
๐Ÿ†’ 3
โค๏ธ 1
onetom 2026-03-17T06:17:07.303719Z

pretty cool! Q1. how about datomic cloud (`datomic.client.api`) support? i see u use some d/entity calls, which might need to be expressed as recursive datalog queries. there are some d/entid calls, which can be replaced with (:db/id (dc/pull db-val [:db/id] e)). the readme mentions the use of d/seek-datoms for performance reasons. do u have any immediate idea why such a variant would be tricky to implement? Q2. why is the negation operator not implemented? 1. is it just the lack of immediate need? 2. is it because it's tricky to get it right? 3. is it because it's hard to get its performance acceptable?

onetom 2026-03-17T06:34:25.267649Z

my colleague has just pointed out the mention of Datomic Cloud on https://eacl.dev/ > What is EACL good for? > EACL is suitable for Clojure & Datomic Pro and Datomic Cloud applications. is that a mistake, since i don't see any mentions of datomic.client.api in the source code?

braai engineer 2026-03-17T08:15:59.563959Z

@onetom EACL Datomic Cloud support is aspirational, but possible. Iโ€™m not sure itโ€™ll be fast enough though, so Iโ€™ll remove the mention for now. The Negation Operator is hard and slow without a cache. EACL only has no permission cache (only path caching), but Iโ€™ll add a good cache eventually. d/entid is fast in Datomic Pro.

๐Ÿ™ 1