The facet-driven gate. Apply once (after identity is resolved, before the handlers): every operation is then
enforced at the level its x-suluk-access declares. FAIL-CLOSED throughout — a missing facet denies (deny-by-
default), an unknown/mis-cased requires denies, and a non-owner scope is enforced even when requires is
"anyone" (a named scope implies authentication). Non-contract paths (operationOf → undefined) pass untouched;
a consumer's operationOf MUST be at least as strict as the router and MUST fail closed if it can't resolve.
The facet-driven gate. Apply once (after identity is resolved, before the handlers): every operation is then enforced at the level its
x-suluk-accessdeclares. FAIL-CLOSED throughout — a missing facet denies (deny-by- default), an unknown/mis-casedrequiresdenies, and a non-ownerscopeis enforced even whenrequiresis "anyone" (a named scope implies authentication). Non-contract paths (operationOf → undefined) pass untouched; a consumer's operationOf MUST be at least as strict as the router and MUST fail closed if it can't resolve.