From e95ef982036d3f4786ceb0a15b68dfb50a82f99c Mon Sep 17 00:00:00 2001 From: Jarvis Date: Sun, 12 Jul 2026 20:50:32 -0500 Subject: [PATCH] docs(tess): sync M1 ledger to merged state; M1-V Mos-owned All 10 TESS-M1 tasks merged to main (SEC-001..006 + M1-001/002/003 + OBS-001); mark each done with PR/head/ROR evidence. TESS-M1-V set to in-progress and owned by Mos (Mos runs the M1->M2 gate review directly via its own independent non-author reviewer; orchestrator does not dispatch a competing lane). Record the Mos-locked base=main convention. Refs #707 --- docs/tess/TASKS.md | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/docs/tess/TASKS.md b/docs/tess/TASKS.md index b536e96..e744332 100644 --- a/docs/tess/TASKS.md +++ b/docs/tess/TASKS.md @@ -3,22 +3,23 @@ > Mission: `tess-20260712` · Issue: #706 · PRD requirements: `TESS-*` > Orchestrator is sole writer. Workers must not modify this file. > `repo` contains one or more comma-separated repository-relative roots; every listed root must exist before dispatch. +> **BASE CONVENTION (Mos-locked 2026-07-12):** EVERY M1 dispatch targets `base=main` and branches from fresh `origin/main`. Do NOT base on `feat/tess-interaction-agent` — that is the STALE planning branch (merged via #712); basing on it yields `mergeable=False` + intervening-commit noise (cf. #723/SEC-005 re-base). Every dispatch brief must state base=main + branch-from-origin/main. | id | status | description | issue | agent | repo | branch | depends_on | estimate | notes | | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | | TESS-PLAN-001 | done | Finalize PRD, architecture, authority boundary, threat model, migration inventory, and verification matrix | #706 | sonnet | docs, packages/types, apps/gateway | feat/tess-interaction-agent | — | 22K | Independent gate PASS after two remediation rounds; completion effective when planning PR merges | -| TESS-M1-SEC-001 | not-started | Enforce command scopes/roles and durable exact-action approval for privileged/destructive commands | #707 | codex | apps/gateway | fix/tess-command-authz | TESS-PLAN-001 | 25K | TESS-SEC-002; security TDD | -| TESS-M1-SEC-002 | not-started | Enforce owner/tenant binding on session list/read/attach/send/terminate across REST and WS | #707 | codex | apps/gateway | fix/tess-session-ownership | TESS-PLAN-001 | 30K | TESS-SEC-003; security TDD | -| TESS-M1-SEC-003 | not-started | Bind MCP actor/tenant to authenticated context and add per-tool scopes | #707 | codex | apps/gateway | fix/tess-mcp-identity | TESS-PLAN-001 | 22K | TESS-SEC-004; security TDD | -| TESS-M1-SEC-004 | not-started | Add authenticated Discord service ingress, allowlists, correlation and replay protection | #707 | codex | plugins/discord, apps/gateway | fix/tess-discord-ingress | TESS-PLAN-001 | 28K | TESS-SEC-005; security TDD | -| TESS-M1-SEC-005 | not-started | Redact/classify secret and PII before persistence/egress; harden provider login flow | #707 | codex | apps/gateway, packages/log | fix/tess-redaction | TESS-PLAN-001 | 28K | TESS-SEC-006; seeded canary tests | -| TESS-M1-SEC-006 | not-started | Scope session GC/retention or separate authorized global retention job | #707 | codex | apps/gateway, packages/log | fix/tess-session-gc-scope | TESS-PLAN-001 | 18K | TESS-SEC-009; isolation TDD | -| TESS-M1-001 | not-started | Define AgentRuntimeProvider, capabilities, session tree, normalized stream events/errors, attach semantics | #707 | codex | packages/types, packages/agent | feat/tess-runtime-contract | TESS-PLAN-001 | 25K | TESS-ARP-001, TESS-TRN-001; contract TDD | -| TESS-M1-002 | not-started | Implement provider registry/service with immutable actor scope, approval, audit and correlation boundaries | #707 | codex | apps/gateway, packages/agent | feat/tess-provider-registry | TESS-M1-001,TESS-M1-SEC-001,TESS-M1-SEC-002,TESS-M1-SEC-003 | 30K | TESS-SEC-001..004,007; security TDD | -| TESS-M1-003 | not-started | Implement tmux/fleet runtime provider and safe attach/message/terminate capability policy | #707 | codex | packages/mosaic, packages/agent | feat/tess-fleet-provider | TESS-M1-002 | 30K | TESS-FLT-001; exact target/identity tests | -| TESS-M1-OBS-001 | not-started | Implement correlation propagation, structured runtime/provider/tool audit, health/readiness and safe effective-policy status | #707 | codex | apps/gateway, packages/agent, packages/log | feat/tess-observability | TESS-M1-002 | 24K | TESS-OBS-001; no credential material | -| TESS-M1-V | not-started | Independent architecture/security review and complete contract/abuse-suite verification | #707 | sonnet | apps/gateway, packages/agent, packages/log, plugins/discord | review/tess-m1 | TESS-M1-SEC-001,TESS-M1-SEC-002,TESS-M1-SEC-003,TESS-M1-SEC-004,TESS-M1-SEC-005,TESS-M1-SEC-006,TESS-M1-003,TESS-M1-OBS-001 | 20K | Gate M2 | -| TESS-M2-001 | not-started | Add Tess roster/profile/service pinned to GPT-5.6 Sol high with fail-fast config and observable effective policy | #708 | codex | packages/mosaic/framework | feat/tess-pi-service | TESS-M1-V | 22K | TESS-PI-001; explicit AC-TESS-03 test | +| TESS-M1-SEC-001 | done | Enforce command scopes/roles and durable exact-action approval for privileged/destructive commands | #707 | codex | apps/gateway | fix/tess-command-authz | TESS-PLAN-001 | 25K | TESS-SEC-002; diskhygiene-terra; PR #718 head e3d98d73 MERGED (ROR 16829) | +| TESS-M1-SEC-002 | done | Enforce owner/tenant binding on session list/read/attach/send/terminate across REST and WS | #707 | codex | apps/gateway | fix/tess-session-ownership | TESS-PLAN-001 | 30K | TESS-SEC-003; coder0; PR #715 head 43ffbe7b MERGED (ROR 16808) | +| TESS-M1-SEC-003 | done | Bind MCP actor/tenant to authenticated context and add per-tool scopes | #707 | codex | apps/gateway | fix/tess-mcp-identity | TESS-PLAN-001 | 22K | TESS-SEC-004; coder1; PR #717 head 9ab776f9 MERGED (ROR 16819) | +| TESS-M1-SEC-004 | done | Add authenticated Discord service ingress, allowlists, correlation and replay protection | #707 | codex | plugins/discord, apps/gateway | fix/tess-discord-ingress | TESS-PLAN-001 | 28K | TESS-SEC-005; coder4; PR #716 head 55ae77b6 MERGED (ROR 16830) | +| TESS-M1-SEC-005 | done | Redact/classify secret and PII before persistence/egress; harden provider login flow | #707 | codex | apps/gateway, packages/log | fix/tess-redaction | TESS-PLAN-001 | 28K | TESS-SEC-006; coder1 (Mos-routed from blocked wrapfix-terra); mis-based #723 CLOSED superseded. MERGED to main: PR #725 head 726f7ab7 (ROR 16880). Verified chat persistence + egress redaction hooks; canary tests split-secret/private-key/overflow/persistence classification; provider login no auth URL/raw token in chat output | +| TESS-M1-SEC-006 | done | Scope session GC/retention or separate authorized global retention job | #707 | codex | apps/gateway, packages/log | fix/tess-session-gc-scope | TESS-PLAN-001 | 18K | TESS-SEC-009; coder4; PR #720 base=main. MERGED to main: head 37be090e (ROR 16861). Both blockers fixed: glob metachar sessionIds escaped+regression; durable approval survives GC pass (create→GC→key remains→authz succeeds); /gc disabled, per-session log demotion, no fullCollect/sweepOrphans entry, legacy repeatable GC schedule removed | +| TESS-M1-001 | done | Define AgentRuntimeProvider, capabilities, session tree, normalized stream events/errors, attach semantics | #707 | codex | packages/types, packages/agent | feat/tess-runtime-contract | TESS-PLAN-001 | 25K | TESS-ARP-001, TESS-TRN-001; wrapfix-terra; PR #719 head 5c42e67f MERGED (ROR 16813) | +| TESS-M1-002 | done | Implement provider registry/service with immutable actor scope, approval, audit and correlation boundaries | #707 | codex | apps/gateway, packages/agent | feat/tess-provider-registry | TESS-M1-001,TESS-M1-SEC-001,TESS-M1-SEC-002,TESS-M1-SEC-003 | 30K | TESS-SEC-001..004,007; coder0; PR #722 head c529022d MERGED (ROR 16849) | +| TESS-M1-003 | done | Implement tmux/fleet runtime provider and safe attach/message/terminate capability policy | #707 | codex | packages/mosaic, packages/agent | feat/tess-fleet-provider | TESS-M1-002 | 30K | TESS-FLT-001; coder0; PR #724 base=main. MERGED to main: head 355d814f (ROR 16868). HARD BOUNDARY verified: writes/control default-deny before tmux probing unless write authority permits; final exact-target authz after roster/socket/runtime verification; exact target/prefix/runtime-drift tests; read-only attach with immutable scope handles; empty-msg/default-deny/unverified-target tests; no credential material | +| TESS-M1-OBS-001 | done | Implement correlation propagation, structured runtime/provider/tool audit, health/readiness and safe effective-policy status | #707 | codex | apps/gateway, packages/agent, packages/log | feat/tess-observability-terra | TESS-M1-002 | 24K | TESS-OBS-001; SOLE owner=diskhygiene-terra. MERGED to main at REBASED head: PR #726 head 53f5414 (re-ROR comment 16886, prior 16881@adfa5c06 discarded after head move), CI 1723 green. Both @mosaicstack/log barrel exports coexist (redaction + runtime-audit), metadata-only/SHA-256 audit intact, fail-closed audit-before-side-effects intact, safe status/effective-policy/readiness | +| TESS-M1-V | in-progress | Independent architecture/security review and complete contract/abuse-suite verification | #707 | mos-reviewer | apps/gateway, packages/agent, packages/log, plugins/discord | review/tess-m1 | TESS-M1-SEC-001,TESS-M1-SEC-002,TESS-M1-SEC-003,TESS-M1-SEC-004,TESS-M1-SEC-005,TESS-M1-SEC-006,TESS-M1-003,TESS-M1-OBS-001 | 20K | Gate M2. ALL deps done+merged to main (2026-07-12). OWNED BY MOS (Mos-directed 2026-07-12): Mos is running the M1→M2 gate review directly via its own independent non-author reviewer — orchestrator does NOT dispatch a competing M1-V lane; prior reviewer-lane dispatch RECALLED. Scope: re-run FULL merged M1 surface as integrated whole (runtime contracts + all 6 security controls + fleet-provider authority boundary + observability) + confirm no cross-PR regression, esp. packages/log barrel union from #725/#726 serialization. PASS unlocks M2 (#708); on Mos PASS signal, orchestrator fans out TESS-M2-001 then TESS-M2-002 | +| TESS-M2-001 | not-started | Add Tess roster/profile/service pinned to GPT-5.6 Sol high with fail-fast config and observable effective policy | #708 | codex | packages/mosaic/framework | feat/tess-pi-service | TESS-M1-V | 22K | TESS-PI-001; explicit AC-TESS-03 test. NAME-AS-CONFIG INVARIANT (MISSION-MANIFEST #6, b01fdf11): agent name = config parameter (default example only), NO hardcoded key/identifier/default; profile carries name as DATA; M2 exit gate must prove a DISTINCT name provisions cleanly with ZERO code change. Carry this AC into the M2 dispatch brief. | | TESS-M2-002 | not-started | Implement durable session identity, inbox/outbox, approval, checkpoint, handoff, compaction and restart recovery | #708 | codex | apps/gateway, packages/agent, packages/db | feat/tess-durable-state | TESS-M2-001 | 38K | TESS-STA-001, TESS-SEC-007..008; recovery TDD | | TESS-M2-V | not-started | Clean-host Pi launch plus model/policy status and restart/compaction/duplicate-side-effect verification | #708 | sonnet | apps/gateway/src/__tests__/integration, packages/mosaic/src | review/tess-m2 | TESS-M2-002 | 18K | Gate M3; AC-TESS-03/06 | | TESS-M3-001 | not-started | Bind dedicated Tess Discord channel with streaming, threads, attachments, pairing/RBAC and approvals | #709 | codex | plugins/discord, apps/gateway | feat/tess-discord | TESS-M2-V,TESS-M1-SEC-004 | 35K | TESS-DSC-001 |