Skip to main content

Module access_tier

vela_protocol

Module access_tier 

Source
Expand description

v0.51: Access tiers — the dual-use deposition channel.

The Constellations essay’s hardest paragraph commits the substrate to a governed channel for content where readability is itself part of the harm: gain-of-function trial readouts, model-generated protein designs in dual-use space, certain synthesis routes for controlled compounds. Today most scientific repositories are either fully open or fully closed — not “open by default with a permissioned tier above it.”

v0.51 ships the structural shape so any future maintainer consortium can plug in a real DURC review pipeline without renegotiating the protocol surface.

Three tiers, ordered by sensitivity:

  • Public (default) — open read. The substrate’s normal mode.
  • Restricted — read access requires an ActorRecord with access_clearance >= Restricted. The IBC review level: dual-use research that the host institution has declared subject to incident-response review but not capability-gated.
  • Classified — read access requires an ActorRecord with access_clearance == Classified. Aligned with the federal DURC framework and the capability gates frontier AI labs already publish under their own safety frameworks (Anthropic’s Responsible Scaling Policy, OpenAI’s Preparedness Framework, Google DeepMind’s Frontier Safety Framework). Content above those internal thresholds is excluded from public deposit entirely; the substrate’s openness default fails closed on ambiguous cases, with the operational cost borne by depositors.

The composition risk — capability uplift from aggregation across the dependency graph rather than any single deposit — is the harder problem and v0.51 does not claim to solve it. Treating it as solved would be the wrong move. v0.51 carries the per-object tier; the composition graph is a follow-up.

Enums§

AccessTier
Access tier — the read-side gate on a single kernel object.

Functions§

actor_may_read
Whether an actor with the given clearance is permitted to read an object with the given tier. The check is tier <= clearance. Anonymous reads (clearance None) are equivalent to clearance Some(Public) — they may read public-tier objects only.
redact_for_actor
Apply the read gate to a Project, producing a redacted clone containing only the kernel objects readable under the requesting actor’s clearance. Used by serve.rs MCP/HTTP handlers and any external client that wants to surface “what would actor X see?”