# Mission Scratchpad — MS21 Multi-Tenant RBAC Data Migration

> Append-only log. NEVER delete entries. NEVER overwrite sections.

## Original Mission Prompt

```
Build multi-tenant user/workspace/team management with admin UI, break-glass
local authentication (bypass OIDC for emergencies), enforce RBAC across all
UI surfaces, and migrate jarvis-brain data (95 tasks, 106 projects) into
Mosaic Stack PostgreSQL. This unlocks multi-user access for Melanie and
USC employees.
```

## Planning Decisions

### 2026-02-28 — Initial Planning (Orchestrator: Jarvis/OpenClaw)

1. **Phase order**: Schema+API first, then break-glass auth, then data migration, then UI, then RBAC enforcement, then verification. Rationale: Backend must exist before frontend can wire to it; migration can run independently once schema is ready.

2. **Worker strategy**: Up to 6 parallel workers (2 Claude, 2 Codex, 2 GLM). Claude for complex multi-file implementations. Codex for targeted single-file tasks. GLM for documentation and test writing.

3. **Phase 1 parallelization plan**:
   - Worker A (Claude): MS21-DB-001 (Prisma migration) — must complete first
   - After DB-001 done:
     - Worker B (Claude): MS21-API-001 + MS21-API-002 (AdminModule + user endpoints)
     - Worker C (Codex): MS21-API-003 (workspace member management)
     - Worker D (Codex): MS21-API-004 (team management)
     - Worker E (Claude): MS21-API-005 (admin workspace endpoints)
     - Worker F (GLM): MS21-TEST-001 (unit tests for admin module)

4. **PRD location**: docs/PRD-MS21.md (separate from main PRD.md to preserve history)

5. **Orchestrator is Jarvis (OpenClaw)** — not a Claude Code session. This is the first hybrid orchestration: OpenClaw manages mission, dispatches workers via mosaic yolo claude, codex exec, and OpenClaw subagents.

## Session Log

| Session | Date       | Milestone | Tasks Done    | Outcome                                       |
| ------- | ---------- | --------- | ------------- | --------------------------------------------- |
| S1      | 2026-02-28 | Planning  | MS21-PLAN-001 | PRD written, mission init, TASKS.md populated |

## Open Questions

- BetterAuth credential provider config alongside OIDC — needs verification in worker task
- Exact sidebar items to gate behind admin role — review during RBAC phase

## Corrections

(none yet)