agent-isolation-spans-identity-and-authorization

IN derived (depth 2)

Agent beliefs are isolated through two independent containment mechanisms at different system levels: namespace prefixing with relay pairs provides identity-level isolation (preventing ID collisions and enabling per-agent lifecycle control via kill-switch), while transitive subset-gated access tags provide authorization-level isolation (controlling per-caller visibility with tag inheritance).

Summary

Agent beliefs are kept separate through two complementary mechanisms working at different levels. Namespace prefixing and relay pairs handle identity, making sure agents cannot accidentally overwrite each other's data and can be individually shut down. Access tags handle authorization, controlling which callers can see which data by requiring that a caller's permissions be a superset of the data's tags. Together these ensure agents are both structurally separated and access-controlled.

Justifications

SL — Orthogonal isolation at namespace-identity and access-tag-authorization layers

Antecedents (all must be IN):

  • agent-isolation-through-namespace-and-relay — Agent beliefs are doubly isolated: namespace prefixing prevents ID collisions, while the active/inactive relay pair provides per-agent kill-switch semantics without cross-agent interference
  • access-control-is-transitive-subset-gated — Access control enforces transitive subset-based authorization: visibility requires the caller's tags to be a superset of the node's tags, derived nodes inherit the sorted union of all ancestor tags transitively, and enforcement occurs at read boundaries only — write operations are unrestricted.

Details