The Sensitivity Gradient

Sensitivity is a property of knowledge, not a file permission on a folder. The working position — tested in production at team scale — is that every concept, decision, dossier, and playbook carries an explicit visibility tag at write time; that tag drives access at query time; and the vocabulary of tags is deliberately small.

Few values, well-defined

After trying larger taxonomies that degraded into noise within a year, the vocabulary I now ship with has five values:

• visibility: team-wide — anyone with a system login can see it
• visibility: department:{name} — only the named department, plus executives
• visibility: leadership — only executives and department leads
• visibility: restricted:{role} — only the named specialist role
• visibility: private:{user} — only the named user, typically for personal briefings

Five values is chosen over fifty for the same reason four priority tiers is chosen over fourteen: the taxonomy has to stay legible to humans and auditable without a manual. Per-user permission matrices become uneditable — no one remembers why Pat has access to the Finance folder but not the HR subfolder — and end up being fixed by copying Pat's access to the next hire. Role-with-tags scales; per-user matrices don't.

The propagation rule

When the LLM compiles raw notes into a concept, a decision, or a dossier, the compiled artifact inherits the maximum sensitivity of its sources. A digest compiled from one leadership note and three team-wide notes is leadership, not team-wide. The rule is applied at compilation time by the promoter, not by a reviewer later, and it is non-overridable except by explicit declassification.

This sounds obvious and is routinely gotten wrong. The failure mode is a summary that takes on the visibility of its loosest source because the compiler was asked "make this accessible to the team" and the cost of a small leak was invisible to the compiler.

The honesty rule

When a query touches gated content the user is not cleared for, the system acknowledges the existence of the gated context and points the user to the right human. "There is additional context in finance that I can't share with your role. Talk to the finance lead if you need it."

Hiding the existence of restricted material has historically been worse than acknowledging it — because users learn the system is sometimes wrong but never learn why, and stop trusting it altogether. A system that is transparent about its blind spots earns more trust than one that silently truncates.

Worked example

In the team KMS, the five-value vocabulary ships as-is and drives every access decision. A concept tagged visibility: department:finance is filtered out of the candidate set for any user whose role is not finance or executive, and the refusal is explicit rather than silent.

At a regulated client, the same vocabulary can carry additional scoping — case_scope: assigned_only, region_scope: home_region — without changing shape. The vocabulary stays the same; what changes is what maps onto each tag. The operational discipline stays identical across sectors, which is the point.

A financial firewall layered on top of the same system adds one rule: any concept tagged with revenue, salary, cash position, margin, or contract values is gated by the finance role and requires an audit-logged read. Even executives touching that material generate a log entry. The audit trail is the honesty rule applied to time.

Caveats

The heuristic the bouncer uses at ingest time to guess initial visibility is imperfect. An incoming note about "our upcoming restructuring" is probably department:ops but could be leadership — the bouncer picks the stricter tag and lets the user declassify explicitly, rather than the other way around. The cost of over-restriction is friction; the cost of under-restriction is exposure. The asymmetry favours restriction.

At the personal tier, where there is no department vocabulary, a two-value collapse (public vs. private) is usually enough; the full five-value system is overbuilt for a single-user store. The principle is unchanged; the cardinality scales with the organisational surface.