# Mission Scratchpad — MS21 Multi-Tenant RBAC Data Migration

> Append-only log. NEVER delete entries. NEVER overwrite sections.

## Original Mission Prompt

```
Build multi-tenant user/workspace/team management with admin UI, break-glass
local authentication (bypass OIDC for emergencies), enforce RBAC across all
UI surfaces, and migrate jarvis-brain data (95 tasks, 106 projects) into
Mosaic Stack PostgreSQL. This unlocks multi-user access for Melanie and
USC employees.
```

## Planning Decisions

### 2026-02-28 — Initial Planning (Orchestrator: Jarvis/OpenClaw)

1. **Phase order**: Schema+API first, then break-glass auth, then data migration, then UI, then RBAC enforcement, then verification. Rationale: Backend must exist before frontend can wire to it; migration can run independently once schema is ready.

2. **Worker strategy**: Up to 6 parallel workers (2 Claude, 2 Codex, 2 GLM). Claude for complex multi-file implementations. Codex for targeted single-file tasks. GLM for documentation and test writing.

3. **Phase 1 parallelization plan**:
   - Worker A (Claude): MS21-DB-001 (Prisma migration) — must complete first
   - After DB-001 done:
     - Worker B (Claude): MS21-API-001 + MS21-API-002 (AdminModule + user endpoints)
     - Worker C (Codex): MS21-API-003 (workspace member management)
     - Worker D (Codex): MS21-API-004 (team management)
     - Worker E (Claude): MS21-API-005 (admin workspace endpoints)
     - Worker F (GLM): MS21-TEST-001 (unit tests for admin module)

4. **PRD location**: docs/PRD-MS21.md (separate from main PRD.md to preserve history)

5. **Orchestrator is Jarvis (OpenClaw)** — not a Claude Code session. This is the first hybrid orchestration: OpenClaw manages mission, dispatches workers via mosaic yolo claude, codex exec, and OpenClaw subagents.

## Session Log

| Session | Date       | Milestone | Tasks Done    | Outcome                                       |
| ------- | ---------- | --------- | ------------- | --------------------------------------------- |
| S1      | 2026-02-28 | Planning  | MS21-PLAN-001 | PRD written, mission init, TASKS.md populated |

## Open Questions

- BetterAuth credential provider config alongside OIDC — needs verification in worker task
- Exact sidebar items to gate behind admin role — review during RBAC phase

## Corrections

(none yet)
| S2 | 2026-02-28 | Phase 3 | MS21-TEST-003, MS21-MIG-004 | PRs #566 and #567 merged, CI green. Post-coding reviews run (0 blockers both). |

## E2E Compliance — Session 2 Remediation (2026-02-28)

Identified and corrected gaps from session 1:

- Phase issues created: #568 (P3), #569 (P4), #570 (P5), #571 (P6)
- TASKS.md schema updated with all required columns (depends_on, blocks, estimate, used, started_at, completed_at, issue, branch)
- MS21-TEST-003 and MS21-MIG-004 correctly marked `done` with PR/CI evidence
- Post-coding reviews confirmed: 0 blockers on both tasks
- CI verified green: f99107f (head of main after both merges)

### Review Evidence

- MS21-TEST-003: code review verdict=request-changes, 0 blockers, 2 should-fix (brittle harness), security=none
- MS21-MIG-004: code review verdict=request-changes, 0 blockers, 4 should-fix (race conditions, validation gaps), security=medium (no audit logging — not blocking)