spicedb icon indicating copy to clipboard operation
spicedb copied to clipboard
verified publisher icon authzed

feat: allow underscore prefix for private identifiers

Open ivanauth opened this issue 3 months ago • 1 comments

Summary

  • Enable underscore prefix (_) for definition, relation, and permission identifiers
  • Establishes a convention for marking identifiers as "private" or "internal"

Description

This PR implements the feature requested in issue #2066 by updating the identifier regex patterns from [a-z] to [a-z_] to allow identifiers to begin with an underscore.

This is useful for:

  • Synthetic permissions: Permissions that exist only to compose other permissions
  • Internal relations: Relations not meant to be directly referenced by application code
  • Implementation details: Parts of your schema that may change without affecting the public API

Changes

  • Updated regex patterns in proto validation to allow underscore-prefixed identifiers
  • Updated corresponding test expectations

Example Usage

definition document {
    relation viewer: user
    relation _internal_viewer: user
    
    // Private synthetic permission
    permission _can_view = viewer + _internal_viewer
    
    // Public permission
    permission view = _can_view
}

Note

End-user documentation for this feature should be added to authzed/docs at pages/spicedb/concepts/schema.mdx.

Fixes #2066

ivanauth avatar Nov 26 '25 23:11 ivanauth

Codecov Report

:white_check_mark: All modified and coverable lines are covered by tests. :white_check_mark: Project coverage is 77.60%. Comparing base (e7390fe) to head (b624462). :warning: Report is 22 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2733      +/-   ##
==========================================
+ Coverage   77.05%   77.60%   +0.55%     
==========================================
  Files         464      471       +7     
  Lines       49188    49564     +376     
==========================================
+ Hits        37896    38458     +562     
+ Misses       8504     8262     -242     
- Partials     2788     2844      +56

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov[bot] avatar Nov 26 '25 23:11 codecov[bot]