Audience Projections
sharedPolicy for public/client/admin contract projections.
This policy ensures each audience receives only the fields it should see, with explicit contract schemas and adapter wiring.
Audience policy
public: safe public data only.client: authenticated end-user data for self-service flows.admin: operational/admin data for internal workflows.
Do not use a single universal DTO for all audiences.
Namespace mapping
| Audience | Router namespace | Typical consumer |
|---|---|---|
public | orpc.public.* | public pages, auth entry points |
client | orpc.client.* | apps/client-console |
admin | orpc.admin.* | apps/admin-console |
This mapping is required for new procedures.
Projection rules
- Output schemas are audience-specific by default.
- If two audiences truly share the same shape, reuse a shared schema intentionally.
- If fields diverge by permission, create separate output schemas.
Recommended naming:
*PublicViewSchema*ClientViewSchema*AdminViewSchema*BaseSchema(only for truly shared primitives)
Adapter and frontend rules
- Backend adapters:
- bind
.output(...)to audience projection schema - keep capability checks in guards/middleware
- map use-case output to audience view schemas
- bind
- Frontend:
- admin features call
orpc.admin.* - client features call
orpc.client.* - never import admin projections into client features
- admin features call
Review checklist
- Is output schema audience-specific?
- Does procedure namespace match intended audience?
- Are capability checks present where required?
- Are sensitive fields excluded from lower-audience projections?
- Were new output fields reviewed per audience instead of globally copied?
Anti-patterns
- Returning admin projection from a client procedure.
- Encoding role differences as optional fields in one large schema.
- Reusing persistence models directly as transport contracts.