Reading the Authzed blog posts, I've seen you guys mention that

permissions

should be used as the application-facing API to query for permissions. Is it an anti-pattern to also use

relation

querying to resolve some things? i.e., are there any performance concerns with this, or even, design caveats I'm not seeing?