The split between a write-time gate and a retrieval-time gate is the part most designs skip, since people tend to sanitize on the way in and then trust whatever comes back out. I like that provenance and expiry travel with each entry, because a poisoned fact that survives across sessions is the failure mode nobody sees until a tool acts on it. How are you deciding trust downgrades over time, is it fixed expiry or does retrieval frequency factor in?