I find this troubling. The repository layer is offering an implied guarantee to the domain layer - that a bundled operation inside Atomic() will be performed as an all-or-nothing transaction - and yet you're saying it's acceptable not to implement that guarantee. Shouldn't the onus fall on the repository layer to find some other way to implement this guarantee? Otherwise, what's the point of providing the Atomic() interface, and the domain layer correctly using it?

I also wonder about other data integrity constraints which are traditionally implemented by the database - e.g. value uniqueness or foreign key existence. Does it become the domain layer's responsibility to check these explicitly, via extra queries to the repository layer? (This is inherently prone to races, as well as inefficient). Or should the repository layer implement them? In the latter case, it has the implied responsibility to return "uniqueness violation" errors and similar - which it could check either in code or database schema configuration as appropriate. Therefore, these errors have to be defined as part of the interface.