Grist
A modern relational spreadsheet that combines Python-powered formulas, drag-and-drop dashboards, and granular access controls in a self-hostable, SQLite-backed data platform.
Grist is an open-source hybrid spreadsheet and database that gives teams the flexibility of a spreadsheet with the structure and rigor of a relational database. Every column is typed, references between tables are first-class citizens, and formulas are written in full Python with standard library access — making it far more capable than Excel or Google Sheets for teams managing complex, interrelated data.
Built around a portable SQLite document format, Grist stores every document as a self-contained file that any SQLite tool can inspect directly, making backups and migrations straightforward and vendor-independent. The platform deploys via Docker in minutes, supports S3-compatible external attachment storage, and integrates with OIDC, SAML, and the getgrist.com sign-in service for flexible authentication without running your own identity server.
Grist’s access control system goes beyond simple sharing: owners can define row-, column-, and table-level rules based on user attributes and cell values, enabling secure partial-data sharing with external parties or contractors. A REST API with interactive console, Zapier integration, configurable webhooks, and SCIM user provisioning make Grist a connectable part of existing workflows rather than a data silo.
The platform is actively developed by Grist Labs with significant contributions from French government organizations (ANCT and DINUM), ensuring strong OIDC/SAML support, high-contrast WCAG AA accessibility, HTTP long-polling for restrictive networks, and S3 external attachment storage. Recent releases add Airtable import, sign-in with getgrist.com, and AI-powered formula suggestions compatible with OpenAI, Llama, and OpenRouter-compatible endpoints.
What You Get
- Python Formula Engine - Write formulas using full Python syntax and the standard library, with Excel-compatible functions available alongside, and a formula timer to diagnose performance bottlenecks in complex calculations.
- AI Formula Assistant - Generate, explain, and debug formulas through a conversational interface compatible with OpenAI, Meta Llama, and any OpenRouter or OpenAI-compatible endpoint, reducing the learning curve for complex Python expressions.
- Portable SQLite Document Format - Every Grist document is a self-contained SQLite file readable by any SQLite tool, enabling straightforward backups, cross-host migrations, and long-term archival without proprietary formats.
- Drag-and-Drop Dashboard Builder - Compose views using charts, card layouts, calendar widgets, and summary tables; link widgets to filter data across multiple views simultaneously without duplicating underlying records.
- Two-Way References Between Tables - Define bidirectional relationships between tables that stay automatically synchronized, replacing manual lookup formulas with declarative, relational links.
- Granular Access Rules - Control which rows, columns, and tables each user or group can see or edit based on cell values and user attributes, enabling secure partial-data sharing with external collaborators.
- Native Forms with File Attachments - Create web forms that write directly into spreadsheet tables, with support for file uploads, hidden fields, and URL-based pre-population for intake and survey workflows.
- REST API with Interactive Console - A full REST API documented with an interactive console at docs.getgrist.com, plus Zapier triggers/actions, configurable webhooks with formula-based conditions, and service accounts for fine-grained API access.
- Multi-Mode Sandboxing - Run user Python formulas safely via gVisor (Linux), native macOS sandbox, or Wasm-based Deno/Pyodide sandbox on any OS including Windows, with configurable per-document sandbox levels.
- SCIM and SAML/OIDC SSO - Provision users and groups via the SCIM standard and authenticate via SAML or OIDC, with additional support for sign-in through getgrist.com accounts without configuring an identity server.
- External S3 Attachment Storage - Store file attachments in any S3-compatible object store to keep .grist document files small while retaining full access, versioning, and backup coverage for attached media.
- Incremental CSV Import with Deduplication - Re-import updated data exports by matching on unique key columns, merging only new or changed records without creating duplicates — ideal for recurring bank statement or inventory feed workflows.
- Collaborative Change Suggestions - Propose data changes that owners review and approve before they take effect, bringing source-control-style review workflows to non-technical teams working in shared documents.
- High-Contrast WCAG AA Theme - An accessibility-focused high-contrast UI theme meeting WCAG level AA standards, alongside 20-plus language translations, developed with French government contributions.
Common Use Cases
- Nonprofit donor and grant management - A nonprofit self-hosts Grist to maintain donor records, grant timelines, and volunteer logs with granular access rules keeping sensitive financial data visible only to finance staff, intake forms for new volunteers, and S3-backed document attachments for grant agreements.
- Research lab equipment and usage tracking - A university research group builds a relational database linking equipment, users, reservations, and usage logs, using Python formulas to compute utilization rates and drag-and-drop dashboards to visualize availability across lab sections.
- Legal case and deadline tracking - A small law firm replaces disconnected spreadsheets with a Grist document linking clients, cases, deadlines, and billable hours, using conditional formatting to highlight approaching deadlines and SAML-based authentication to keep client data accessible only to assigned attorneys.
- Finance team reporting and bank reconciliation - A finance team imports monthly bank statement CSVs using incremental import to merge only new transactions, applies Python formulas to categorize and aggregate expenses, and builds summary dashboards that generate P&L views without manual pivot-table maintenance.
- Construction project materials and vendor coordination - A construction company links materials, vendors, purchase orders, and project timelines in Grist, attaches blueprints and inspection photos via S3, and uses the REST API to sync project status updates to their ERP system.
- Internal IT asset inventory - An IT department tracks hardware assets, software licenses, assigned users, and renewal dates with Grist’s reference columns linking assets to employees, webhooks triggering Zapier automations for license renewal reminders, and row-level access rules preventing staff from viewing colleagues’ device details.
Under The Hood
Architecture Grist implements a multi-tier distributed architecture that cleanly separates home server responsibilities — user management, document routing, API request handling, and static asset serving — from document worker responsibilities: active document state management, Python sandbox orchestration, and SQLite I/O. The core action pipeline is the architectural centerpiece: User Actions (typed tuples representing intent) flow from browser clients via WebSocket to a Node.js layer, get forwarded to a sandboxed Python data engine, which produces immutable Doc Actions (simple data or schema changes) that update the in-memory document state, flush to SQLite, and broadcast back to all connected browsers simultaneously. This event-sourcing-inspired pipeline makes document comparison, action history, and change suggestions structurally natural rather than bolted on. The FlexServer orchestration layer composes multiple server roles (home, docs, static, app) into a single process for self-hosting or distributes them across a cluster for enterprise-grade scaling, offering operators a genuine operational spectrum without code changes.
Tech Stack
The server runs on Node.js 22 with TypeScript, using Express for HTTP routing and a custom WebSocket-based RPC system for real-time client-server communication. Documents are stored as SQLite files via a custom @gristlabs/sqlite3 binding, with optional S3-compatible cloud storage for versioning and external attachment management. Python formulas execute in isolated sandboxes — gVisor on Linux for container-level process isolation, Deno/Pyodide for Wasm-based sandboxing on any operating system, and native macOS sandbox — all exposing the full Python standard library to formula authors without server compromise risk. The frontend is built on GrainJS, Grist’s own reactive DOM library that enforces ownership-based subscription disposal, with legacy Knockout.js components present in older widgets; Webpack and Babel bundle the TypeScript client for production. PostgreSQL via TypeORM backs the home metadata database, Redis coordinates document-to-worker assignment in multi-node deployments, and Docker multi-stage builds support optional enterprise extension injection via build context overrides.
Code Quality
The codebase is backed by extensive test infrastructure spanning 467 TypeScript test files: unit tests via Mocha, server integration tests, and a substantial browser-level end-to-end suite using Selenium WebDriver, with a window.testGrist injection pattern enabling realistic browser state setup without heavyweight test doubles. Error handling uses typed ApiError classes with structured HTTP status codes and consistent logging. TypeScript coverage is strict throughout data models, permission layers, and caching abstractions, with discriminated union types defining every Doc Action variant. The GrainJS disposal pattern prevents the endemic class of subscription memory leaks in reactive UIs by tying observer lifetimes to explicit owner objects. ESLint configuration includes custom rules for project-specific patterns. Some legacy Knockout-based components coexist with newer GrainJS code, introducing pockets of stylistic inconsistency, but new code consistently follows documented patterns.
What Makes It Unique Grist occupies a genuinely distinct position: the only open-source tool that simultaneously provides typed relational columns, sandboxed Python formulas with full standard library access, row- and column-level access rules, and a portable SQLite document format that any database tool can read. The portable document format is architecturally elegant — it means every document is its own complete, inspectable database file, not a row in a multi-tenant SaaS database. GrainJS, developed in-house from Knockout lessons, introduces ownership-based disposal semantics that prevent the memory leak patterns common in reactive UI frameworks. The multi-sandbox strategy — gVisor, Pyodide, and native macOS — gives operators real security choices across operating systems, unusual in no-code tooling. The change suggestion workflow (propose → review → approve) brings source-control discipline to collaborative spreadsheet editing, and incremental CSV import with key-based deduplication solves a concrete, recurring pain point for teams receiving regular data exports.
Self-Hosting
Grist is released under the Apache License 2.0, a permissive open-source license that allows commercial use, modification, and distribution with no copyleft implications for your own data or applications. You are free to self-host Grist, build internal tools on top of it, and integrate it into commercial workflows without licensing fees or restrictions on the number of users or documents. The Apache 2.0 license does require preservation of copyright notices, and the source includes NOTICE.txt with attribution requirements for included third-party components.
Running Grist yourself means operating Node.js 22 and optionally Python for the sandbox processes — Docker is the recommended and most straightforward deployment path, packaging everything including sandbox binaries in a single image. For production use, you will want a PostgreSQL database for the home metadata store (SQLite can be used for minimal single-server setups), Redis for multi-worker document routing, and S3-compatible object storage for document versioning and external attachments. Authentication is your responsibility: OIDC and SAML are both supported in grist-core, or you can use sign-in with getgrist.com to avoid running an identity server entirely. Upgrades require pulling a new Docker image and running database migrations, which the platform handles automatically on startup.
Grist Labs sells a full edition of Grist with additional features not in grist-core, including Azure Blob Storage for document storage, GristConnect (Discourse-based SSO), and advanced enterprise support. Self-hosters on grist-core can access a free trial of the full edition’s features via the Admin Panel — the full edition is free for individuals and small organizations with less than US$1 million in total annual funding. The primary trade-offs of self-hosting versus getgrist.com are: you manage availability, backups, and upgrades yourself; you do not get Grist Labs’ managed support SLA; and enterprise features like Azure storage require either the full edition license or building from source with Grist Labs enterprise extensions.
Related Apps
n8n
Automation · No Code Platforms
Code when you need it, UI when you don't — the workflow automation platform built for technical teams who refuse to choose.
n8n
OtherDify
No Code Platforms · AI Development · Developer Tools
Visual LLM workflow platform with RAG pipelines, agent capabilities, and model management for building production AI applications.
Dify
OtherSupabase
Developer Tools · Databases · Search
The open-source Postgres development platform that replaces Firebase with authentication, real-time APIs, edge functions, storage, and vector embeddings — all built on PostgreSQL.