Data Guardrails (ACL related)

Data protection in MuBit has two layers: route policy controls external lane access, and ACL controls node-level visibility. If your team treats guardrails as a late-stage concern, failures usually appear first in production as policy denials or unexpected visibility. Define direct-lane policy and ACL ownership early. Then enforce those choices in code paths and operational runbooks.

Guardrail layer 1: route policy

/v2/core/health and /v2/core/auth/* are always available.
/v2/core/search requires MUBIT_CORE_ENABLE_DIRECT_SEARCH.
Other external /v2/core/* routes are denied by default middleware.

Guardrail layer 2: ACL operations

Route	Purpose
`POST /v2/core/acl/grant`	Grant read/write/delete permissions
`POST /v2/core/acl/revoke`	Remove permissions
`POST /v2/core/acl/check`	Verify permission state

Failure modes and troubleshooting

Symptom	Root cause	Fix
Direct method denied	Lane policy off	Use routed control query or enable lane intentionally
Unexpected visibility	ACL model incomplete	Validate grant/revoke/check flow
Broad blast radius	Policies enabled globally	Roll out lane flags per environment

Next steps

See policy details at Core direct lanes policy.
See authentication setup at Authentication.

Overview

Learn the basics

Build with MuBit

Go deeper

Platform

Help

Data Guardrails (ACL related)

Guardrail layer 1: route policy

Guardrail layer 2: ACL operations

Failure modes and troubleshooting

Next steps

Overview

Learn the basics

Build with MuBit

Go deeper

Platform

Help

​Guardrail layer 1: route policy

​Guardrail layer 2: ACL operations

​Failure modes and troubleshooting

​Next steps

Guardrail layer 1: route policy

Guardrail layer 2: ACL operations

Failure modes and troubleshooting

Next steps