Squidie.ReadModel.Visibility (squidie v0.1.2)

Copy Markdown View Source

Actor-scoped read-model redaction helpers.

Visibility is a host-owned authorization boundary. Squidie keeps durable history immutable and returns factual read models; host applications can call this module at their HTTP, LiveView, CLI, or dashboard boundary to derive a less-sensitive view for a specific actor.

Summary

Types

policy()
scope()
visibility_error()

Functions

redact(view, actor, policy \\ :external)

Applies a host-owned visibility policy to a read-model view.

Types

policy()

@type policy() ::
  scope()
  | module()
  | {module(), term()}
  | (term(), term() -> scope() | {:ok, scope()})

scope()

@type scope() :: :external | :operator | :auditor

visibility_error()

@type visibility_error() ::
  {:invalid_visibility_policy,
   :missing_callback | {:scope, term()} | {:policy, term()}}

Functions

redact(view, actor, policy \\ :external)

@spec redact(term(), term(), policy()) :: {:ok, term()} | {:error, visibility_error()}

Applies a host-owned visibility policy to a read-model view.

Supported policy forms:

  • :external, :operator, or :auditor

  • a two-arity function (actor, view -> scope | {:ok, scope})

  • a module exporting visibility_scope/2
  • {module, opts} for modules exporting visibility_scope/3

:auditor returns the original view. :external and :operator preserve high-level status and current/manual task shape while removing payloads, command history, claim metadata, attempt inputs/results/errors, and other nested runtime evidence.