api-enforces-typed-preconditions
OUT derived (depth 1)
API functions enforce preconditions at the system boundary with typed exceptions: duplicate node IDs raise ValueError, missing justification arguments raise ValueError, and unauthorized single-node access raises PermissionError — establishing a consistent error contract at every entry point.
Summary
The API validates inputs at every entry point and fails with specific, predictable exceptions rather than silently misbehaving. If you pass a duplicate ID, forget to specify a justification type, or try to access a node you lack clearance for, you get a clear typed error. This means callers can rely on a consistent error contract instead of checking for subtle corruption or silent failures. Currently marked OUT, meaning one or more of the underlying observations about specific error behaviors may no longer hold.
Justifications
SL — Three independent boundary validations share a systematic pattern of typed-exception precondition enforcement
Antecedents (all must be IN):
- duplicate-node-id-raises-valueerror — `api.add_node()` raises `ValueError` when given a node ID that already exists in the network — node IDs are unique.
- api-add-justification-requires-justification-arg — `api.add_justification` raises `ValueError` if none of `sl`, `cp`, or `unless` is provided — at least one justification specification is mandatory.
- single-node-api-raises-permissionerror — API functions that target a single node by ID (`show_node`, `explain_node`, `trace_assumptions`, `trace_access_tags`) raise `PermissionError` when the caller lacks clearance; collection endpoints silently filter instead.
Dependents
These beliefs depend on this one:
- input-validation-is-comprehensive-at-all-boundaries — Input validation is enforced at every system boundary through complementary mechanisms: typed exceptions (ValueError for duplicates, PermissionError for access violations) enforce API-level preconditions at the call boundary, while defense-in-depth reference validation (import normalization dropping unknown refs, nogood filtering skipping invalid nodes, hallucinated ID rejection) catches invalid node references at every data-acceptance boundary.