docs(#753): start KBN-010 threat gate

This commit is contained in:
Hermes Agent
2026-07-14 12:17:01 -05:00
parent 49e8a54105
commit 9b55de0f91
2 changed files with 37 additions and 5 deletions

View File

@@ -70,19 +70,21 @@ No consumer implementation begins before KBN-105. No schema work begins before K
### KBN-000 — Remediate and publish canon
- **Owner:** Mos / publication control plane.
- **Mode:** SERIAL; publication gate in progress.
- **Status:** COMPLETE — PR #752 squash-merged as `49e8a54`; issue #751 closed; post-merge pipeline #1798 terminal success.
- **Owner:** Mosaic publication control plane.
- **Mode:** SERIAL; completed.
- **IN:** Resolve KCR-001016 in requirements, schema, health, Coordinator, recovery, migration map, and slices; independent re-review.
- **OUT:** Feature implementation.
- **Depends on:** none.
- **Contract surfaces:** all canon.
- **Evidence:** strict TS; Prettier; per-finding traceability; independent author≠reviewer GO.
- **Evidence:** strict TS; Prettier; per-finding traceability; independent author≠reviewer GO; Ultron GO; terminal-green CI.
### KBN-010 — Threat, authorization, and constraint-impact gate
- **Owner:** coder3; independent `secrev`.
- **Status:** IN PROGRESS — issue [#753](https://git.mosaicstack.dev/mosaicstack/stack/issues/753).
- **Owner:** `kbn-coder3`; independent `secrev`.
- **Mode:** SERIAL prerequisite of KBN-100.
- **Exclusive files:** Mos-selected threat/auth docs only.
- **Exclusive files:** `docs/native-kanban-sot/KBN-010-THREAT-AUTH-CONSTRAINT-GATE.md` and task scratchpad only.
- **IN:** Cross-workspace owners/principals/evidence; active membership; stale/forged health; approval forgery; fence monotonicity; audit retention; proposal target/audit-event forgery; service tokens; DB/Valkey outage.
- **OUT:** Runtime/schema edits.
- **Depends on:** KBN-000 independent re-review GO.

View File

@@ -0,0 +1,30 @@
# Issue #753 — KBN-010 threat, authorization, and constraint-impact gate
## Objective
Complete the mandatory threat/auth/constraint-impact analysis that gates KBN-100 schema implementation.
## Scope
- In: threat matrix, frozen-control mapping, schema/API/test impact inventory, security evidence plan.
- Out: runtime, schema, migration, API, dependency, CI, deployment, and secret changes.
- Canonical requirements: `docs/requirements/native-kanban-sot.md`.
- Frozen contract: `docs/native-kanban-sot/SHARED-CONTRACT.md` and `contracts/*.v1.ts`.
- Tracking: Mosaic Stack issue #753.
## Plan
1. Independently inspect current-main implementation and frozen canon.
2. Enumerate tenant, identity, health-proof, approval, fencing, proposal, audit, token, and outage threats.
3. Map every threat to required constraints, command behavior, negative tests, and owning future slice.
4. Surface any unresolved schema impact as a blocker; do not silently amend the frozen contract.
5. Run documentation/static validation and submit for independent SecReview.
## Execution log
- 2026-07-14: KBN-000 completed through PR #752 and post-merge pipeline #1798.
- 2026-07-14: KBN-010 issue #753 created; task marked in progress; fresh GPT worker pending dispatch.
## Verification evidence
Pending worker validation, independent SecReview, Ultron gate, PR merge, post-merge CI, and issue closure.