Write Path Policy
writePathPolicy lets a runtime decide whether writes may use both collection() and model(), or whether a namespace must be written through the Model layer.
The default is intentionally permissive: when writePathPolicy is omitted, collection APIs and Model APIs are both allowed. Enable this policy only for applications that want the runtime to enforce a stronger write boundary around schema defaults, hooks, timestamps, optimistic locking, soft delete, and other Model mutation rules.
Configuration
Rule Shape
Namespace Matching
Namespace rules are matched from most specific to least specific:
- Internal instance namespace, when present.
- Pool-scoped namespace:
poolName:dbName.collectionName. - Database namespace:
dbName.collectionName. - Collection name only.
default.
Prefer poolName:dbName.collectionName or dbName.collectionName in user configuration. They are stable across runtime instance IDs.
Inside namespaces, the key default is reserved for the fallback matcher and is rejected at construction time; use the top-level writePathPolicy.default field instead. If an actual collection is named default, configure it with a qualified key such as dbName.default or poolName:dbName.default. Namespace keys must not include leading or trailing whitespace.
Governed Operations
writePathPolicy applies to write-capable paths:
- Collection writes:
insertOne,insertMany,updateOne,updateMany,replaceOne,findOneAndUpdate,findOneAndReplace,findOneAndDelete,upsertOne,deleteOne,deleteMany. - Batch helpers:
insertBatch,updateBatch,deleteBatch,incrementOne. - Collection management: index creation/drop, collection creation/drop, validators,
renameCollection,collMod, and capped conversion. - Raw/db/legacy write surfaces:
collection.raw(),db.raw(),db.runCommand(),dropDatabase(), and legacy adapter writes. - Aggregation pipelines whose final stage writes with
$outor$merge; the policy is checked against the write target namespace.
Read-only queries are not governed by this policy.
Model-Only Example
Use namespace overrides for operational collections that intentionally remain native:
Boundary
This policy controls the API path used to issue writes. It does not make cache invalidation transaction-atomic, does not make Change Stream sync exactly-once, and does not replace application-level idempotency or authorization.