NewCaveatNotFoundErr constructs a new caveat not found error.

NewDuplicateAllowedRelationErr constructs an error indicating that an allowed relation was defined more than once for a relation.

NewDuplicateRelationError constructs an error indicating that a relation was defined more than once in a namespace.

NewMissingAllowedRelationsErr constructs an error indicating that type information is missing for a relation.

NewNamespaceNotFoundErr constructs a new namespace not found error.

NewNamespaceTypeSystem returns a new type system for the given namespace.

NewPermissionsCycleErr constructs an error indicating that a cycle exists amongst permissions.

NewPermissionUsedOnLeftOfArrowErr constructs an error indicating that a permission was used on the left side of an arrow.

NewRelationNotFoundErr constructs a new relation not found error.

NewTransitiveWildcardErr constructs an error indicating that a transitive wildcard exists.

NewTypeWithSourceError creates a new type error at the specific position and with source code, wrapping the underlying error.

NewUnusedCaveatParameterErr constructs indicating that a parameter was unused in a caveat expression.

NewWildcardUsedInArrowErr constructs an error indicating that an arrow operated over a relation with a wildcard type.

ReachabilityGraphFor returns a reachability graph for the given namespace.

ReadNamespaceAndTypes reads a namespace definition, version, and type system and returns it if found.

ResolverForDatastoreReader returns a Resolver for a datastore reader.

ResolverForPredefinedDefinitions returns a resolver for predefined namespaces and caveats.

ResolverForSchema returns a resolver for a schema.

SourceForAllowedRelation returns the source code representation of an allowed relation.

AllowedNamespaceNotValid indicates that the specified subject namespace is not valid.

AllowedNamespaceValid indicates that the specified subject namespace is valid.

AllowedRelationNotValid indicates that the specified subject relation is not valid.

AllowedRelationValid indicates that the specified subject relation is valid.

DirectRelationNotValid indicates that the specified subject relation is not valid as part of a *direct* tuple on the relation.

DirectRelationValid indicates that the specified subject relation is valid as part of a *direct* tuple on the relation.

PublicSubjectAllowed indicates that the specified subject wildcard is valid as part of a *direct* tuple on the relation.

PublicSubjectNotAllowed indicates that the specified subject wildcard is not valid as part of a *direct* tuple on the relation.

UnknownIfAllowed indicates that no type information is defined for this relation.

UnknownIfAllowedNamespace indicates that no type information is defined for this relation.

UnknownIfPublicAllowed indicates that no type information is defined for this relation.

UnknownIfRelationAllowed indicates that no type information is defined for this relation.

CaveatNotFoundError occurs when a caveat was not found.

DuplicateAllowedRelationError indicates that an allowed relation was redefined on a relation.

DuplicateRelationError occurs when a duplicate relation was found inside a namespace.

MissingAllowedRelationsError occurs when a relation is defined without any type information.

NamespaceNotFoundError occurs when a namespace was not found.

PermissionsCycleError occurs when a cycle exists within permissions.

PermissionUsedOnLeftOfArrowError occurs when a permission is used on the left side of an arrow expression.

PredefinedElements are predefined namespaces and/or caveats to give to a resolver.

ReachabilityEntrypoint is an entrypoint into the reachability graph for a subject of particular type.

ReachabilityGraph is a helper struct that provides an easy way to determine all entrypoints for a subject of a particular type into a schema, for the purpose of walking from the subject to a specific resource relation.

RelationNotFoundError occurs when a relation was not found under a namespace.

TransitiveWildcardError occurs when a wildcard relation in turn references another wildcard relation.

TypeError wraps another error as a type error.

TypeSystem represents typing information found in a namespace.

UnusedCaveatParameterError indicates that a caveat parameter is unused in the caveat expression.

ValidatedNamespaceTypeSystem is validated type system for a namespace.

WildcardTypeReference represents a relation that references a wildcard type.

WildcardUsedInArrowError occurs when an arrow operates over a relation that contains a wildcard.

Resolver is an interface defined for resolving referenced namespaces and caveats when constructing and validating a type system.

AllowedDirectRelation indicates whether a relation is allowed on the right side of another relation.

AllowedNamespaceOption indicates whether an allowed namespace of a particular kind is allowed on the right side of another relation.

AllowedPublicSubject indicates whether a public subject of a particular kind is allowed on the right side of another relation.

AllowedRelationOption indicates whether an allowed relation of a particular kind is allowed on the right side of another relation.