Namespaces
Organizational structure is a first-class concept in Loom — not a setting buried three menus deep. Pick a node below. Inheritance, direct grants, effective role, and live agent activity are resolved in place.
Every subject with access at the selected scope, resolved from the cascade. A grant defined higher up the tree reaches every descendant; a deeper grant wins only when it raises access.
Cascade is the default
A grant on a parent namespace flows to every descendant — no need to repeat the grant on each repo. When the org changes, you update one scope, not twelve.
Overrides work only in one direction: a more specific grant raises access, never silently strips it. If something must be locked down, lock it at a visible scope, not via an implicit subtraction.
Effective permission
Every action runs against the effective role for the viewer at the exact scope they're acting on. When access fails, Loom tells you which layer said no — token scope, namespace policy, or repo grant — and surfaces the direct and inherited edges behind the decision.
Hosted governance
One coherent hierarchy — parents, children, repositories, inherited roles, and effective access. The teams that scale cleanly are the ones that can see their own structure.