diff --git a/docs/native-kanban-sot/TASKS.md b/docs/native-kanban-sot/TASKS.md index c0e10ef..d868545 100644 --- a/docs/native-kanban-sot/TASKS.md +++ b/docs/native-kanban-sot/TASKS.md @@ -70,19 +70,21 @@ No consumer implementation begins before KBN-105. No schema work begins before K ### KBN-000 — Remediate and publish canon -- **Owner:** Mos / publication control plane. -- **Mode:** SERIAL; publication gate in progress. +- **Status:** COMPLETE — PR #752 squash-merged as `49e8a54`; issue #751 closed; post-merge pipeline #1798 terminal success. +- **Owner:** Mosaic publication control plane. +- **Mode:** SERIAL; completed. - **IN:** Resolve KCR-001–016 in requirements, schema, health, Coordinator, recovery, migration map, and slices; independent re-review. - **OUT:** Feature implementation. - **Depends on:** none. - **Contract surfaces:** all canon. -- **Evidence:** strict TS; Prettier; per-finding traceability; independent author≠reviewer GO. +- **Evidence:** strict TS; Prettier; per-finding traceability; independent author≠reviewer GO; Ultron GO; terminal-green CI. ### KBN-010 — Threat, authorization, and constraint-impact gate -- **Owner:** coder3; independent `secrev`. +- **Status:** IN PROGRESS — issue [#753](https://git.mosaicstack.dev/mosaicstack/stack/issues/753). +- **Owner:** `kbn-coder3`; independent `secrev`. - **Mode:** SERIAL prerequisite of KBN-100. -- **Exclusive files:** Mos-selected threat/auth docs only. +- **Exclusive files:** `docs/native-kanban-sot/KBN-010-THREAT-AUTH-CONSTRAINT-GATE.md` and task scratchpad only. - **IN:** Cross-workspace owners/principals/evidence; active membership; stale/forged health; approval forgery; fence monotonicity; audit retention; proposal target/audit-event forgery; service tokens; DB/Valkey outage. - **OUT:** Runtime/schema edits. - **Depends on:** KBN-000 independent re-review GO. diff --git a/docs/scratchpads/753-kbn010-threat-gate.md b/docs/scratchpads/753-kbn010-threat-gate.md new file mode 100644 index 0000000..b1f4df1 --- /dev/null +++ b/docs/scratchpads/753-kbn010-threat-gate.md @@ -0,0 +1,30 @@ +# Issue #753 — KBN-010 threat, authorization, and constraint-impact gate + +## Objective + +Complete the mandatory threat/auth/constraint-impact analysis that gates KBN-100 schema implementation. + +## Scope + +- In: threat matrix, frozen-control mapping, schema/API/test impact inventory, security evidence plan. +- Out: runtime, schema, migration, API, dependency, CI, deployment, and secret changes. +- Canonical requirements: `docs/requirements/native-kanban-sot.md`. +- Frozen contract: `docs/native-kanban-sot/SHARED-CONTRACT.md` and `contracts/*.v1.ts`. +- Tracking: Mosaic Stack issue #753. + +## Plan + +1. Independently inspect current-main implementation and frozen canon. +2. Enumerate tenant, identity, health-proof, approval, fencing, proposal, audit, token, and outage threats. +3. Map every threat to required constraints, command behavior, negative tests, and owning future slice. +4. Surface any unresolved schema impact as a blocker; do not silently amend the frozen contract. +5. Run documentation/static validation and submit for independent SecReview. + +## Execution log + +- 2026-07-14: KBN-000 completed through PR #752 and post-merge pipeline #1798. +- 2026-07-14: KBN-010 issue #753 created; task marked in progress; fresh GPT worker pending dispatch. + +## Verification evidence + +Pending worker validation, independent SecReview, Ultron gate, PR merge, post-merge CI, and issue closure.