Expand description
Namespace-Scoped Query API (Task 2)
This module enforces mandatory namespace scoping at the type level, making cross-workspace data leakage impossible by construction.
§The Problem
When namespace/tenant scoping is treated as an optional filter parameter, developers can accidentally:
- Query across workspaces by forgetting to add the namespace filter
- Reuse a handle across workspaces in local-first scenarios
- Mix data from different tenants in multi-tenant deployments
§The Solution
Make namespace a required part of the query identity, not an
optional filter. The type system enforces:
Namespaceis required in every query requestNamespacemust be validated against the capability token- “No namespace” is not a valid state
§Multi-Namespace Queries
For legitimate multi-namespace queries, use NamespaceScope::Multiple
which requires explicit authorization for each namespace.
§Example
ⓘ
// This compiles - namespace is required
let query = ScopedQuery::new(
Namespace::new("production"),
QueryOp::VectorSearch { ... }
);
// This won't compile - no namespace
let query = ScopedQuery::new(QueryOp::VectorSearch { ... }); // ERROR!Structs§
- Database
Id - A database within a namespace.
- Namespace
- A validated namespace identifier
- Namespace
Registry - Registry tracking the namespace → database → table hierarchy.
- Qualified
Table - A fully qualified table path:
namespace/database/table. - Query
Request - A complete query request with authentication
- Scoped
Query - A query that is always scoped to a namespace
Enums§
- Namespace
Error - Errors that can occur when creating a namespace
- Namespace
Scope - Scope for a query - either single namespace or explicitly multiple
- Scope
Error - Errors related to namespace scope