§ 02 / Trust

How I handle knowledge a system has to keep.

Five positions on sensitivity, access, where compilation leaks, and how tiers link safely. Most are working positions with caveats. One is settled. The rest of the architecture flows from it.

1. 01Filter First, Reason SecondThe invariant. The model never sees content the querying user can't access, and every other trust control in a KMS flows from that one rule.[ settled ]→
2. 02The Sensitivity GradientSensitivity is a property of knowledge, not a file permission on a folder. Handle it with a small, painfully-simple visibility vocabulary and an explicit rule for how sensitivity propagates through compilation.[ working position ]→
3. 03Local vs. Hosted ModelsThe right answer depends on tier and on what specifically is sensitive. For most knowledge work, hosted-with-strong-contracts beats local, but not always.[ position with caveats ]→
4. 04The Compiled-Artifact LeakMost of what people call "the compiled-artifact leak" is a permissions problem in disguise. A smaller, genuinely new residual is LLM-compiler-specific. Here's how to tell them apart, and what to do about each.[ largely settled, residual acknowledged ]→
5. 05Cross-Tier RiskWhen personal, team, and app-scoped knowledge layers link, the direction of read access is the control that matters. The default is unidirectional: personal reads team, not the other way around.[ default position ]→