Skip to content

feat: allow underscore prefix for private identifiers #156

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ivanauth wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: allow underscore prefix for private identifiers #156

ivanauth wants to merge 1 commit into from

Conversation

@ivanauth
Copy link

@ivanauth ivanauth commented Dec 19, 2025
edited
Loading

Summary

  • Enable underscore prefix (_) for definition, relation, and permission identifiers
  • Updates regex patterns across all API protos to match authzed/spicedb#2733

Description

This PR updates the validation regex patterns to allow identifiers to begin with an underscore. This establishes a convention for marking identifiers as "private" or "internal".

Use cases:

  • Synthetic permissions: Permissions that exist only to compose other permissions
  • Internal relations: Relations not meant to be directly referenced by application code
  • Implementation details: Parts of your schema that may change without affecting the public API

Example Usage

definition document {
    relation viewer: user
    relation _internal_viewer: user
    
    // Private synthetic permission
    permission _can_view = viewer + _internal_viewer
    
    // Public permission
    permission view = _can_view
}

Changes

  • Updated regex patterns in core.proto to allow underscore-prefixed identifiers
  • Updated regex patterns in permission_service.proto
  • Updated regex patterns in experimental_service.proto
  • Updated regex patterns in watch_service.proto

Related

@ivanauth @claude
feat: allow underscore prefix for definition, relation, and permissio…
902798a 
…n identifiers

Updates regex patterns across all API protos to allow identifiers to
begin with an underscore (`_`). This enables a convention for marking
identifiers as "private" or "internal".

Use cases:
- **Synthetic permissions**: Permissions that exist only to compose other permissions
- **Internal relations**: Relations not meant to be directly referenced by application code
- **Implementation details**: Parts of your schema that may change without affecting the public API

Example:
```zed
definition document {
    relation viewer: user
    relation _internal_viewer: user

    // Private synthetic permission
    permission _can_view = viewer + _internal_viewer

    // Public permission
    permission view = _can_view
}
```

Companion PR to authzed/spicedb#2733

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Establish a convention for public/private

1 participant

@ivanauth