Visibility and Policy
Default to private. Only choose public or mixed when your app requirements are explicit.
Mixed visibility definition
mixed means public/* is readable publicly and private/* remains private via signed or server-authorized reads.
-- Example pattern only; adapt to your generated schema
-- Keep writes authenticated; scope read rules by object path prefix