access-control-enforced-at-read-not-write

IN premise

Access control (`_is_visible`) is enforced at read/query boundaries (`show_node`, `explain_node`, `trace_assumptions`) via `PermissionError`, but write operations (`add_node`, `retract_node`, `assert_node`) do not check visibility.

Summary

The system checks whether a user is allowed to see a piece of information only when they try to read it, not when they create or modify it. This means someone could potentially add, retract, or reassert nodes they shouldn't have access to, since write operations skip visibility checks entirely.

Dependents

These beliefs depend on this one:

Details

Sourceentries/2026/04/29/reasons_lib-api.md