DEV Community

Sui Gn
Sui Gn

Posted on

Replace RBAC with Chemical Compounds

#machinelearning #ai #programming #datascience

Set-Chemistry

Permissions tables are technical debt.

The Primitive: Routes Are Compounds
Only those holding mutual .me refs + keys can derive the route.

For everyone else, the path doesn’t 403. It doesn’t exist.

Each added .me forges a fresh compound with its own resolution surface — private by construction, visible only to those holding the mutual keys.

You + Wife = New Compound
Route = A ∩ B ∩ Keys

If you’re not in the intersection: no route, no data, no attack surface.
Pure emergent, sovereign topology.
Enter fullscreen mode Exit fullscreen mode

The ciphertext is the boundary.

The Math: I = (path, ciphertext, T, A, C)
Every island of state is described by:

T = {office, iphone, backup}  // Topology: where it exists
A = {me, wife}   // Audience: who can interpret it  
C = {read, delete}   // Capability: what you can do
Enter fullscreen mode Exit fullscreen mode

The axiom: Encryption doesn’t define where the data is. It defines who can collapse its meaning.

// Replicated everywhere
T = {office, iphone, backup}
// Decryptable by two identities
A = {me, wife} 
// Result: widely distributed, narrowly perceived
Enter fullscreen mode Exit fullscreen mode

Access isn’t checked. You either intersect with A or you get nothing.

Sharing    = A  {bob}  // add bob to audience
Revocation = A \ {bob}  // remove bob  
Delegation = expand A   // all enforced by crypto
Enter fullscreen mode Exit fullscreen mode

Before RBAC vs After Set-Chemistry

*Before: * RBAC Hell

SELECT * FROM documents 
JOIN permissions ON documents.id = permissions.doc_id
JOIN user_roles ON permissions.role_id = user_roles.role_id  
WHERE user_roles.user_id = ? AND permissions.action = 'read'

-- + Redis cache
-- + Kafka invalidation  
-- + Cron job for expiry
-- + Pray
Enter fullscreen mode Exit fullscreen mode

After: Set-Chemistry

me.wallet["_"].secret = "seed"
// A = {self} by construction
// Path doesn't exist for others. No query. No check. No leak.
Enter fullscreen mode Exit fullscreen mode

Why This Kills RBAC for Agents

Agents need subspaces, not firehoses. friends[age > 18] should be resolvable only by callers in A.

In Set-Chemistry, the boundary is the data structure:

me.objects.canister7.type = "medical"
me.robots.surgeon.context["->"]("contexts.hospital")
me.robots.loader.context["->"]("contexts.warehouse")

me.robots.surgeon.canProceed // checks sterile, contaminated
me.robots.loader.canProceed  // checks weight < 50

// Same object. Different meaning. Zero if-else.
Enter fullscreen mode Exit fullscreen mode

Change sterile(true) → only hospital robots recompute. O(K), not O(N).

Benchmark: 1M node graph. 6 dependents recompute in 0.256ms. Rest untouched.

npm install this.me

Top comments (0)