An opinionated, stack-specific bundle for NestJS + TypeORM multi-tenant SaaS, built on top of @casl/ability.

nest-warden is a bundle, not a replacement for CASL. Three additions that the underlying tools don't ship today, plus the integration glue most NestJS + TypeORM teams end up writing themselves:

Relationship graph + $relatedTo — register relationships once; rules express multi-hop access ("Alice is an agent of Merchant M of Tenant X → Alice can approve M's payments"); the TypeORM compiler emits correlated EXISTS subqueries.
Runtime tenant-predicate guarantee — every emitted rule auto-pins the tenant predicate, and validateTenantRules throws at .build() time if any rule is missing it and isn't explicitly crossTenant. Type-level patterns catch static misuse; this catches everything else (as any, generic abilities, library boundaries).
accessibleBy() for TypeORM — same shape as @casl/prisma.accessibleBy(), adapted to TypeORM's QueryBuilder, with multi-hop $relatedTo paths and tenant scope folded in.

Plus a NestJS module + global guard + four decorators + a TypeORM subscriber + an RLS hook — the wiring, packaged and tested in a real example app.

Where to start

Introduction — what nest-warden is and isn't.
Why nest-warden? — what it adds, what it doesn't, the boundaries.
When (not) to use — Zanzibar trade-offs.
Installation — get the package into your project.
Tenant Context — the central abstraction.
$relatedTo operator — the headline graph feature.
NestJS integration — wiring up the module.