mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
b13ff68e224da294ad56e8cb66acd780c971cac1
stack/docs/scratchpads/ms21-multi-tenant-rbac-data-migration-20260228.md
Jason Woltje 127bf61fe2 chore(orchestrator): Fix TASKS.md schema + correct TEST-003/MIG-004 status (#572) 
Co-authored-by: Jason Woltje <jason@diversecanvas.com>
Co-committed-by: Jason Woltje <jason@diversecanvas.com>
2026-02-28 20:16:31 +00:00

3.2 KiB
Raw Blame History

Mission Scratchpad — MS21 Multi-Tenant RBAC Data Migration

Append-only log. NEVER delete entries. NEVER overwrite sections.

Original Mission Prompt

Build multi-tenant user/workspace/team management with admin UI, break-glass
local authentication (bypass OIDC for emergencies), enforce RBAC across all
UI surfaces, and migrate jarvis-brain data (95 tasks, 106 projects) into
Mosaic Stack PostgreSQL. This unlocks multi-user access for Melanie and
USC employees.

Planning Decisions

2026-02-28 — Initial Planning (Orchestrator: Jarvis/OpenClaw)

  1. Phase order: Schema+API first, then break-glass auth, then data migration, then UI, then RBAC enforcement, then verification. Rationale: Backend must exist before frontend can wire to it; migration can run independently once schema is ready.

  2. Worker strategy: Up to 6 parallel workers (2 Claude, 2 Codex, 2 GLM). Claude for complex multi-file implementations. Codex for targeted single-file tasks. GLM for documentation and test writing.

  3. Phase 1 parallelization plan:

    • Worker A (Claude): MS21-DB-001 (Prisma migration) — must complete first
    • After DB-001 done:
      • Worker B (Claude): MS21-API-001 + MS21-API-002 (AdminModule + user endpoints)
      • Worker C (Codex): MS21-API-003 (workspace member management)
      • Worker D (Codex): MS21-API-004 (team management)
      • Worker E (Claude): MS21-API-005 (admin workspace endpoints)
      • Worker F (GLM): MS21-TEST-001 (unit tests for admin module)

  4. PRD location: docs/PRD-MS21.md (separate from main PRD.md to preserve history)

  5. Orchestrator is Jarvis (OpenClaw) — not a Claude Code session. This is the first hybrid orchestration: OpenClaw manages mission, dispatches workers via mosaic yolo claude, codex exec, and OpenClaw subagents.

Session Log

Session Date Milestone Tasks Done Outcome
S1 2026-02-28 Planning MS21-PLAN-001 PRD written, mission init, TASKS.md populated

Open Questions

  • BetterAuth credential provider config alongside OIDC — needs verification in worker task
  • Exact sidebar items to gate behind admin role — review during RBAC phase

Corrections

(none yet) | S2 | 2026-02-28 | Phase 3 | MS21-TEST-003, MS21-MIG-004 | PRs #566 and #567 merged, CI green. Post-coding reviews run (0 blockers both). |

E2E Compliance — Session 2 Remediation (2026-02-28)

Identified and corrected gaps from session 1:

  • Phase issues created: #568 (P3), #569 (P4), #570 (P5), #571 (P6)
  • TASKS.md schema updated with all required columns (depends_on, blocks, estimate, used, started_at, completed_at, issue, branch)
  • MS21-TEST-003 and MS21-MIG-004 correctly marked done with PR/CI evidence
  • Post-coding reviews confirmed: 0 blockers on both tasks
  • CI verified green: f99107f (head of main after both merges)

Review Evidence

  • MS21-TEST-003: code review verdict=request-changes, 0 blockers, 2 should-fix (brittle harness), security=none
  • MS21-MIG-004: code review verdict=request-changes, 0 blockers, 4 should-fix (race conditions, validation gaps), security=medium (no audit logging — not blocking)
Reference in New Issue View Git Blame Copy Permalink