Platform
Data Guardrails (ACL related)
Protect memory access with route-level policy gates and node-level ACL governance.
Data protection in MuBit has two layers: route policy controls external lane access, and ACL controls node-level visibility.
If your team treats guardrails as a late-stage concern, failures usually appear first in production as policy denials or unexpected visibility. Define direct-lane policy and ACL ownership early. Then enforce those choices in code paths and operational runbooks.
Guardrail layer 1: route policy
/v2/core/healthand/v2/core/auth/*are always available./v2/core/searchrequiresMUBIT_CORE_ENABLE_DIRECT_SEARCH.- Other external
/v2/core/*routes are denied by default middleware.
Guardrail layer 2: ACL operations
| Route | Purpose |
|---|---|
POST /v2/core/acl/grant | Grant read/write/delete permissions |
POST /v2/core/acl/revoke | Remove permissions |
POST /v2/core/acl/check | Verify permission state |
Failure modes and troubleshooting
| Symptom | Root cause | Fix |
|---|---|---|
| Direct method denied | Lane policy off | Use routed control query or enable lane intentionally |
| Unexpected visibility | ACL model incomplete | Validate grant/revoke/check flow |
| Broad blast radius | Policies enabled globally | Roll out lane flags per environment |
Next steps
- See policy details at Core direct lanes policy.
- See authentication setup at Authentication.