Expose a bounded relation-atom query path so stored facts can be read through the same guarded daemon, client, and CLI boundary that ingests them.

Constraint: Public surfaces must not expose storage paths, internal relation names, arbitrary programs, or tracker metadata.
Rejected: General Datalog program upload | unsafe without evaluator budgets and reviewable rule packaging.
Rejected: Direct fact-store reads in wyctl | bypasses daemon authorization and audit boundaries.
Confidence: medium
Scope-risk: moderate
Directive: Keep query input as a parsed allowlisted atom until cancellation and recursion budgets exist.
Tested: full fact-enabled test suite; full default test suite
Not-tested: Audit-enabled fact query build; current local fact build has audit disabled.
Co-authored-by: OmX <omx@oh-my-codex.dev>