# Scratchpad — TESS-M1-SEC-006 Session GC scope - **Task / issue:** TESS-M1-SEC-006 / #707 - **Branch:** `fix/tess-session-gc-scope` from `origin/main` at `59e49cfd` - **Objective:** Make session cleanup session-scoped and prevent automatic global retention/GC without an authorized, auditable operation. - **Scope:** `apps/gateway`, `packages/log`, admin/developer operations documentation. - **Budget:** Task estimate 18K; no explicit hard cap supplied. - **Assumption:** No authorized global retention service exists today. Existing full/sweep GC must therefore be disabled from startup and cron paths, while single-session cleanup remains available. ## Plan 1. Add failing isolation tests proving single-session cleanup only demotes its own logs and automatic startup/scheduled GC cannot globally delete session data. 2. Add session-scoped log repository retention and make `collect(sessionId)` use it. 3. Remove automatic full/sweep GC invocation; preserve any future global operation behind an explicit authorization/audit seam. 4. Document the operational boundary, run gates, review, and commit without push. ## Verification evidence - Isolation TDD: `pnpm --filter @mosaicstack/gateway test -- session-gc.service.spec.ts commands.integration.spec.ts command-executor-p8012.spec.ts` — 61 passed. - `pnpm typecheck` — passed. - `pnpm lint` — passed. - `pnpm format:check` remains red only on the known pre-existing Tess documentation debt; changed files are Prettier-clean.