§ 02 / Trust

How I handle knowledge a system has to keep.

Five positions on sensitivity, access, where compilation leaks, and how tiers link safely. Most are working positions with caveats. One is settled — and the rest of the architecture flows from it.

1. 01Filter First, Reason SecondThe invariant. The model never sees content the querying user can't access — and every other trust control in a KMS flows from that one rule.[ settled ]→
2. 02The Sensitivity GradientSensitivity is a property of knowledge, not a file permission on a folder. Handle it with a small, painfully-simple visibility vocabulary and an explicit rule for how sensitivity propagates through compilation.[ working position ]→
3. 03Local vs. Hosted ModelsThe right answer depends on tier and on what specifically is sensitive. For most knowledge work, hosted-with-strong-contracts beats local — but not always.[ position with caveats ]→
4. 04The Compiled-Artifact LeakMost of what people call "the compiled-artifact leak" is a permissions problem in disguise. A smaller, genuinely new residual is LLM-compiler-specific. Here's how to tell them apart — and what to do about each.[ largely settled, residual acknowledged ]→
5. 05Cross-Tier RiskWhen personal, team, and app-scoped knowledge layers link, the direction of read access is the control that matters. The default is unidirectional — personal reads team, not the other way around.[ default position ]→