schema is: definition user {} caveat time_in_range(timerange timestamp, req_timerange timestamp) { req_timerange >= timerange } definition clock { relation owner: user relation allowed_users: user with time_in_range permission view = owner + allowed_users } and I have two test relationships (clocks A and B, allowed to user maria), and if I do: zed permission check clock:a view user:maria --caveat-context {"req_timerange":"2025-02-26T17:36:51Z"} --explain true ✓ clock:a view (999.936µs) ├── ✓ req_timerange >= timerange time_in_range │ └── { │ "req_timerange": "2025-02-26T17:36:51Z", │ "timerange": "2025-02-26T17:35:51Z" │ } ├── ⨉ clock:a owner (0s) └── ✓ clock:a allowed_users (0s) └── ✓ req_timerange >= timerange time_in_range └── { "req_timerange": "2025-02-26T17:36:51Z", "timerange": "2025-02-26T17:35:51Z" if I do zed permission lookup-resources clock view user:maria --caveat-context {"req_timerange":"2025-02-25T17:36:51Z"} --consistency-full I get nothing, while if I do: zed permission lookup-resources clock view user:maria --consistency-full I get: a (caveated, missing context: req_timerange) b (caveated, missing context: req_timerange)