access-control-is-transitive-subset-gated
IN derived (depth 1)
Access control enforces transitive subset-based authorization: visibility requires the caller's tags to be a superset of the node's tags, derived nodes inherit the sorted union of all ancestor tags transitively, and enforcement occurs at read boundaries only — write operations are unrestricted.
Summary
The system controls who can see what using a tag-based permission model where you can only read a node if you hold all of its tags, not just some of them. Because derived nodes accumulate tags from everything they depend on, a conclusion that draws on restricted sources automatically becomes at least as restricted as its most restricted input. Notably, anyone can still create or modify nodes freely — the gate only blocks reading, so a user might write something they cannot later see.
Justifications
SL — Three access control properties (subset gate, transitive inheritance, read-boundary enforcement) form a complete authorization model
Antecedents (all must be IN):
- access-tags-subset-gate — A tagged node is visible only when its `access_tags` are a subset of the caller's `visible_to` set; partial overlap (intersection without containment) is insufficient for access.
- tag-inheritance-is-transitive-union — Derived nodes inherit the sorted union of all ancestor `access_tags`, propagating transitively through arbitrarily long justification chains including diamond dependencies.
- access-control-enforced-at-read-not-write — Access control (`_is_visible`) is enforced at read/query boundaries (`show_node`, `explain_node`, `trace_assumptions`) via `PermissionError`, but write operations (`add_node`, `retract_node`, `assert_node`) do not check visibility.
Dependents
These beliefs depend on this one:
- agent-isolation-spans-identity-and-authorization — Agent beliefs are isolated through two independent containment mechanisms at different system levels: namespace prefixing with relay pairs provides identity-level isolation (preventing ID collisions and enabling per-agent lifecycle control via kill-switch), while transitive subset-gated access tags provide authorization-level isolation (controlling per-caller visibility with tag inheritance).
- information-flow-is-authorization-and-budget-controlled — Information flow from the belief network is controlled along two independent dimensions: access tags gate which beliefs are visible to each caller (authorization control via transitive subset checks), while token budgets constrain how much of the visible network is emitted (volume control via priority-ordered truncation).
- information-pipeline-is-resource-governed-and-access-controlled — The complete information pipeline is governed along two orthogonal axes: token budgets accurately constrain both input (proportional derive allocation) and output (compact distillation with budget enforcement), while access tags enforce transitive subset-based authorization at every read boundary — every piece of information is simultaneously resource-bounded and access-controlled.