Current state

Currently recipes make claims about their constituent particles and nodes. These claims are taken as facts without modelling trust of the parties providing those claims. This means that any recipe can state any fact, which could potentially allow a recipe to modify core type checking information (e.g. facts about a language), introducing unwanted behavior.

Future work

Add/modify primitives to model all recipe 'facts' as having a 'speaker' and ensure that all claims are allowed by the 'speaking' party.

For more info, see aferr's "Authorization Logic ~1-Page Summary" doc.