diff --git a/container-stack/svalinn/src/auth/AuthTypes.affine b/container-stack/svalinn/src/auth/AuthTypes.affine
index de16fe7..aa07720 100644
--- a/container-stack/svalinn/src/auth/AuthTypes.affine
+++ b/container-stack/svalinn/src/auth/AuthTypes.affine
@@ -116,18 +116,18 @@ pub struct UserContext {
 }
 
 fn perm(resource: String, actions: [PermissionAction]) -> Permission {
-  Permission { resource: resource, actions: actions }
+  Permission #{ resource: resource, actions: actions }
 }
 
 // Default RBAC roles (== AuthTypes.res defaultRoles).
 pub fn default_roles() -> [Role] {
   [
-    Role {
+    Role #{
       name: "admin",
       description: Some("Full access to all resources"),
       permissions: [perm("*", [Create, Read, Update, Delete, Execute])]
     },
-    Role {
+    Role #{
       name: "operator",
       description: Some("Can manage containers but not policies"),
       permissions: [
@@ -136,7 +136,7 @@ pub fn default_roles() -> [Role] {
         perm("policies", [Read])
       ]
     },
-    Role {
+    Role #{
       name: "viewer",
       description: Some("Read-only access"),
       permissions: [
@@ -145,7 +145,7 @@ pub fn default_roles() -> [Role] {
         perm("policies", [Read])
       ]
     },
-    Role {
+    Role #{
       name: "auditor",
       description: Some("Can view logs and audit trail"),
       permissions: [
diff --git a/container-stack/svalinn/src/gateway/RateLimiter.affine b/container-stack/svalinn/src/gateway/RateLimiter.affine
index e8711c7..d698ffc 100644
--- a/container-stack/svalinn/src/gateway/RateLimiter.affine
+++ b/container-stack/svalinn/src/gateway/RateLimiter.affine
@@ -14,7 +14,7 @@ pub struct Config {
 }
 
 pub fn default_config() -> Config {
-  Config { window_ms: 60000, max_requests: 100 }
+  Config #{ window_ms: 60000, max_requests: 100 }
 }
 
 // Outcome of a check. `count`/`window_start` are the values the host must
@@ -36,7 +36,7 @@ fn ceil_div(a: Int, b: Int) -> Int {
 pub fn check(cfg: Config, count: Int, window_start: Int, now_ms: Int) -> Decision {
   // New client, or expired window → start a fresh window.
   if window_start == 0 || now_ms - window_start > cfg.window_ms {
-    return Decision {
+    return Decision #{
       allowed: true,
       count: 1,
       window_start: now_ms,
@@ -48,7 +48,7 @@ pub fn check(cfg: Config, count: Int, window_start: Int, now_ms: Int) -> Decisio
   if count < cfg.max_requests {
     let new_count = count + 1;
     let rem = cfg.max_requests - new_count;
-    return Decision {
+    return Decision #{
       allowed: true,
       count: new_count,
       window_start: window_start,
@@ -60,7 +60,7 @@ pub fn check(cfg: Config, count: Int, window_start: Int, now_ms: Int) -> Decisio
   // Limited.
   let reset_at = window_start + cfg.window_ms;
   let ms_left = reset_at - now_ms;
-  Decision {
+  Decision #{
     allowed: false,
     count: count,
     window_start: window_start,