access-control

41 beliefs (30 IN, 11 OUT)

The access-control topic covers how the belief network restricts visibility of nodes to authorized callers and how source integrity ensures the underlying data remains trustworthy. This matters because a shared knowledge base holding beliefs with different sensitivity levels needs fine-grained, principled controls over who sees what, without sacrificing the ability to write and maintain beliefs freely.

The core mechanism is a transitive subset gate (access-control-is-transitive-subset-gated, access-tags-subset-gate). Each node may carry access_tags in its metadata, and a caller's visible_to set must be a superset of those tags for the node to be visible — partial overlap is not enough (visibility-is-subset-check, visible-to-superset-semantics). Nodes without any access_tags are unconditionally public (untagged-always-visible, untagged-nodes-always-visible). When nodes are derived, their access_tags are computed as the sorted, deduplicated union of all ancestor tags across all justification chains, including through diamond dependencies (access-tags-union-inheritance, tag-inheritance-is-transitive-union). This propagation is dynamic: adding a new justification triggers a BFS cascade that recomputes tags on all downstream dependents (tag-propagation-is-dynamic). Enforcement happens exclusively at read boundaries — show_node, explain_node, and trace_assumptions raise PermissionError when the caller lacks sufficient tags (access-control-enforced-at-read-not-write, pg-access-control-raises-permission-error) — while write operations like add_node and retract_node are unrestricted. The visible_to parameter itself is optional; when absent, no filtering is applied (visible-to-is-optional-filter). A practical consequence is that list_gated omits superseded nodes even if they still have active blockers, keeping the blocker view clean (api-superseded-nodes-excluded-from-gated).

A substantial portion of this topic addresses source integrity — how the system tracks whether the external documents backing beliefs have changed on disk. Source references use a repo-alias/relative-path convention decoupled from absolute filesystem paths (source-path-format, source-paths-use-repo-alias-prefix), and resolution returns None rather than raising on missing files (source-resolution-is-convention-based-and-fail-safe). Integrity tracking uses full 64-character SHA-256 digests with additive backfill that never overwrites existing hashes (source-tracking-is-collision-resistant-and-safe), and a legacy 16-character truncated hash is recognized and optionally upgraded (truncated-hash-threshold-is-16-chars, truncated-hash-upgrade-opt-in). The pipeline from hashing through staleness detection is end-to-end fail-safe, with CI-ready nonzero exit codes when drift is found (source-pipeline-is-end-to-end-fail-safe, source-integrity-spans-hashing-through-detection). Source integrity and lifecycle governance form a closed, self-reinforcing loop: source integrity grounds governance decisions, while governance ensures no source verification gap exists (source-integrity-and-governance-form-closed-loop), and this loop is itself dually grounded in two independent evaluation chains (source-integrity-loop-is-dually-grounded, source-governance-loop-is-dually-grounded-and-deterministic).

A number of higher-level derived beliefs about information governance are currently OUT, including claims about end-to-end authorization-and-budget control (information-flow-is-authorization-and-budget-controlled), bidirectional information flow control (information-flow-is-controlled-in-both-directions), tripartite operational assurance (source-grounded-correction-has-tripartite-assurance), and the overarching claim that egress is simultaneously resilient, governed, and self-correcting (egress-is-resilient-governed-and-self-correcting). Their retraction suggests that these broad synthesizing claims — which attempted to unify access control, token budgets, determinism, and self-correction into single composite guarantees — have been found to overreach or depend on antecedents that no longer hold. The more concrete, mechanistic beliefs about how subset gating works, how tags propagate, and how source hashes are computed and checked all remain IN, indicating that the foundational access-control machinery is well-established while the grand unifying narratives built atop it have been retracted.