Ash Framework
Declarative resource-based framework for Elixir that generates entire business logic layers from resource definitions. An Ash resource (defresource MyApp.Post do) declares attributes, actions (CRUD + custom), policies, relationships, and calculations. Ash generates CRUD operations, validation, authorization policies, GraphQL (via AshGraphql), JSON:API (via AshJsonApi), and admin UIs (via AshAdmin) automatically. Think Rails scaffold × 10 with declarative policies.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Declarative policies prevent unauthorized access at resource level. Row-level security via policy expressions. AshAuthentication handles secure token storage. Authorization is checked before every action.
⚡ Reliability
Best When
You're building a data-driven Elixir backend with multiple API surfaces (REST, GraphQL), complex authorization requirements, and want to avoid writing repetitive CRUD code.
Avoid When
Your Elixir app has unusual business logic that doesn't fit resource-action patterns, or you need maximum control over each endpoint without framework conventions.
Use Cases
- • Build Elixir backend APIs for agent services 10x faster using Ash's resource-based code generation — define resource once, get REST + GraphQL + auth automatically
- • Implement fine-grained authorization for agent data access using Ash policies with row-level access control defined declaratively on resources
- • Expose agent data via GraphQL using AshGraphql — automatically generates a type-safe GraphQL schema from Ash resource definitions
- • Build internal admin dashboards for agent operations using AshAdmin — auto-generated Phoenix LiveView admin from resource definitions
- • Create audited agent data workflows with Ash's action lifecycle hooks, before/after action callbacks, and audit log integration
Not For
- • Simple CRUD apps without complex authorization — Ash's power is in authorization and generated APIs; Phoenix + Ecto is simpler for basic CRUD
- • Teams without Elixir experience — Ash's DSL and concepts add another layer on top of Elixir/Phoenix/Ecto learning curve
- • Highly custom domain logic that doesn't fit resource patterns — Ash excels at structured data resources; irregular business logic may fight the framework
Interface
Authentication
Ash has built-in policy authorization using policy blocks on resources. AshAuthentication extension provides plug-and-play authentication strategies (password, OAuth, magic link, JWT). Authorization is declarative at resource level.
Pricing
Ash Framework and all official extensions are MIT licensed. Maintained by Zach Daniel and community. Free for all use.
Agent Metadata
Known Gotchas
- ⚠ Ash DSL is a layer on top of Elixir macros — DSL errors sometimes surface as cryptic Elixir macro expansion errors; check Ash docs for exact DSL syntax before debugging macro issues
- ⚠ Policies are additive by default — multiple policy blocks all run, and all must pass; use policy bypass blocks for admin overrides; accidentally stacking restricting policies causes unexpected authorization failures
- ⚠ AshAuthentication setup requires multiple extension modules — AshAuthentication, AshAuthentication.Phoenix, and AshAuthentication.Strategy.Password are separate; forgetting one causes incomplete auth setup
- ⚠ Ash calculations are not database-backed by default — calculations run in Elixir unless using calculate with fragment/1 for SQL push-down; large datasets may cause N+1 if calculations load associations
- ⚠ Resource relationships require explicit loading — like Ecto, Ash doesn't lazy-load; relationships in actions must be declared with load: [:association] or loaded via Ash.load!/2 before access
- ⚠ Ash 2 to Ash 3 breaking changes — Ash 3 (2024) has significant API changes from Ash 2; blog posts and examples from before 2024 may use deprecated APIs; always check version in documentation
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Ash Framework.
Scores are editorial opinions as of 2026-03-06.