Skip to content
Pore docs

Namespaces

Namespaces are scoping containers for object and subject identifiers. They exist to:

  • Prevent identifier collisions across domains: document:42 and project:42 are distinct.
  • Scope configuration: which relations exist, which inheritance rules apply.
  • Scope authorization policy within a tenant.

Tenant-local

Section titled “Tenant-local”

Namespaces are tenant-local. Two tenants may have namespaces with the same name; they are distinct. Tenant isolation is a load-bearing invariant — operations on tenant A must never affect operations on tenant B.

Creating a namespace

Section titled “Creating a namespace”

Namespaces are created implicitly by the first grant that references them:

await pore.grants.create({
  subject: "user:alice",
  relation: "owner",
  object: "document:42", // creates the `document` namespace if absent
});

You can also create a namespace explicitly via POST /v1/namespaces. Explicit creation is useful when you want to validate configuration before accepting grants.

Listing namespaces

Section titled “Listing namespaces”
const { namespaces } = await pore.namespaces.list();