reference-validation-is-defense-in-depth

OUT derived (depth 1)

Every system boundary that accepts node ID references validates them against the actual network: import normalization drops unknown antecedent/outlist refs, nogood recording skips invalid node IDs, and LLM-returned negative-list IDs are filtered against existing nodes.

Summary

When outside data flows into the system — whether from file imports, recorded contradictions, or LLM outputs — any referenced node IDs that don't actually exist in the network are quietly dropped rather than causing errors or creating broken links. This layered validation at each entry point prevents bad references from corrupting the dependency graph, regardless of where they originate.

Justifications

SL — Three boundaries validated; gated on full boundary audit (issue #126)

Antecedents (all must be IN):

  • normalization-drops-unknown-refs — Both `_normalize_markdown` and `_normalize_json` silently drop antecedent/outlist references to IDs not present in the import set, preventing dangling edges in the dependency graph.
  • nogoods-require-valid-nodes — Nogoods whose `Affects` list references node IDs not present in the network are silently skipped rather than raising an error during import
  • api-list-negative-filters-hallucinated-ids — `list_negative()` discards any node IDs returned by the LLM that don't exist in the database, preventing hallucinated IDs from appearing in results.

Unless (any of these IN defeats this justification):

  • issue-126-reference-validation-audit — Issue #126: Audit all node ID reference boundaries for validation — three specific boundaries do not establish coverage of every boundary

Dependents

These beliefs depend on this one:

Details