ALEF-PAT-017

tier-permission-mask-mismatch

execute × ghost · severity 7 · confidence 0.38

system reports app/connector as "connected" but a per-tier permission mask is filtering its actions silently — invoke succeeds at the API layer, never reaches the target

diagnosed in the wild

loading…

healed by ALEF

loading…

cited in posts

loading…

observable signature

{
  "behavior": "API returns ok; observable side-channel shows zero traffic to target"
}

verified instances (1) — from the catalog

2026-05-18T13:30anthropics/claude-code#60222@Ilya0527

fix archetypes

tier-state-in-statuscost: small
connector status struct includes effective tier; "connected" alone is insufficient

cite as

# In a PR description / issue / RFC:
fixes pattern ALEF-PAT-017 (tier-permission-mask-mismatch)
ref: https://n50.io/patterns/017

# Machine query:
GET https://n50.io/api/patterns/017

# Scan your repo for this pattern:
npx @alef-prime/audit-agent-system . --pattern=017