repository

Scoped data-access patterns with Gleam/Elixir interoperability adapters.

Types

AccessError

Scoped access failures for authz-sensitive flows.

pub type AccessError {
  NotFound(id: String)
  Forbidden(actor_id: String, action: String, tenant_id: String)
}

Constructors

```
NotFound(id: String)
```

Forbidden(actor_id: String, action: String, tenant_id: String)

Adapter

Storage adapter profile used by one repository boundary.

pub type Adapter {
  GleamInMemory
  ElixirBridge(module: String)
  MixedBridge(read_module: String, write_module: String)
}

Constructors

```
GleamInMemory
```
```
ElixirBridge(module: String)
```

MixedBridge(read_module: String, write_module: String)

Record

One domain record persisted in a repository.

pub type Record {
  Record(
    id: String,
    tenant_id: String,
    owner_id: String,
    resource: String,
    payload: String,
  )
}

Constructors

Record(
  id: String,
  tenant_id: String,
  owner_id: String,
  resource: String,
  payload: String,
)

Repository

opaque

Deterministic repository state.

pub opaque type Repository

Role

Tenant-scoped role for data access policies.

pub type Role {
  Viewer
  Editor
  TenantAdmin
}

Constructors

```
Viewer
```
```
Editor
```
```
TenantAdmin
```

Scope

Access scope attached to one request actor.

pub type Scope {
  TenantScope(actor_id: String, tenant_id: String, role: Role)
  SystemScope(actor_id: String)
}

Constructors

TenantScope(actor_id: String, tenant_id: String, role: Role)

```
SystemScope(actor_id: String)
```

Values

adapter

pub fn adapter(repository: Repository) -> Adapter

Repository adapter profile.

adapter_label

pub fn adapter_label(adapter: Adapter) -> String

Stable adapter label for fixtures and migration signatures.

all

pub fn all(repository: Repository) -> List(Record)

All rows in stable order.

delete_by_id

pub fn delete_by_id(
  repository: Repository,
  scope: Scope,
  id: String,
) -> Result(Repository, AccessError)

Delete one row by id with scope validation.

error_label

pub fn error_label(error: AccessError) -> String

Stable error label.

fetch_by_id

pub fn fetch_by_id(
  repository: Repository,
  scope: Scope,
  id: String,
) -> Result(Record, AccessError)

Fetch one row by id with scope validation.

list_by_tenant

pub fn list_by_tenant(
  repository: Repository,
  scope: Scope,
  tenant_id: String,
) -> Result(List(Record), AccessError)

List rows by tenant with scope validation.

new

pub fn new(adapter: Adapter) -> Repository

Build an empty repository for one adapter profile.

role_label

pub fn role_label(role: Role) -> String

Stable role label.

scope_label

pub fn scope_label(scope: Scope) -> String

Stable scope label.

seed

pub fn seed(adapter: Adapter, rows: List(Record)) -> Repository

Build repository with seeded records.

system_scope

pub fn system_scope(actor_id: String) -> Scope

Build a system-scoped actor identity.

tenant_scope

pub fn tenant_scope(
  actor_id: String,
  tenant_id: String,
  role: Role,
) -> Scope

Build a tenant-scoped actor identity.

upsert

pub fn upsert(
  repository: Repository,
  scope: Scope,
  row: Record,
) -> Result(Repository, AccessError)

Upsert one row with scope validation.