Files
stack/docs/native-kanban-sot/INDEX.md
jason.woltje 49e8a54105
All checks were successful
ci/woodpecker/push/publish Pipeline was successful
ci/woodpecker/push/ci Pipeline was successful
docs(#751): Publish native Kanban/SOT canon (#752)
2026-07-14 17:08:09 +00:00

9.0 KiB
Raw Blame History

Native Kanban/SOT Canon

Status: KCR-001016 independently cleared; canonical publication is in progress under issue #751 Date: 2026-07-14 Implementation hold: no feature implementation starts until this canon is squash-merged to main with terminal-green CI; after merge, every slice remains held until its KBN prerequisite graph is satisfied.

Artifacts

Artifact Purpose
Canonical requirements Canonical P0P3 requirements, all seven ratified decisions, fixed invariants, thin MVP, recovery tiers, non-goals, and per-requirement acceptance criteria
MISSION-MANIFEST.md Mission/authority boundaries, exact role chain, gate model, mandatory SecReview triggers, Certifier final/no-merge rule, and collision-free slice ownership
TASKS.md Dependency-ordered, bounded P0P3 slices with IN/OUT scope, dependencies, shared contracts, file ownership, evidence, and USC coder2/3/4/5 parallelization
SHARED-CONTRACT.md Remediated v1 integration contract: proof authority, exact failures/routes/DTOs/MCP ownership, concrete current-main field migration map, relational invariants, Coordinator split, recovery delivery
contracts/kanban-schema.v1.ts Drizzle target declarations including exact owner/principal membership, project congruence, tags/archive, proposals, persisted assignments, monotonic fences, durable retry, immutable evidence/audit
contracts/mechanical-coordinator.v1.ts Pure snapshot decision engine separated from persistence/service adapter; ID-bound approvals, bigint-safe fences, durable retry/quarantine, artifact-backed checkpoints, exact failures
contracts/health-state.v1.ts Discriminated public health, separate branded transaction-local write proof, and non-overlapping denial/transport/version-conflict mappings
contracts/recovery-posture.v1.ts Provider-neutral shape schema plus normative runtime refinement, cross-field constraints, and Lite/Standard/High-assurance defaults
tsconfig.json Strict no-emit project scope for linting and compiling the four frozen TypeScript contracts against the current Stack Drizzle declarations
DOCUMENTATION-CHECKLIST.md Publication documentation gate and implementation-slice deferrals
Initial independent review KCR-001016 findings that blocked the first draft
Final independent re-review Closure matrix, reproducible validation evidence, and GO verdict
Ultron final gate Final requirements, authority, schema, migration, recovery, decomposition, and evidence review GO
Lane Natural seam Exclusive ownership
coder2 Schema + migrations + recovery slice Unified Drizzle schema, migration SQL/meta/journal/tests, then recovery parser/mechanism/runbook files
coder3 Domain + Gateway + MCP server Workspace-safe repositories, DTOs/controllers/services, exact apps/gateway/src/mcp/** files, health proof, proposals, Coordinator persistence adapter
coder4 Pure Coordinator + tooling packages/coord mechanical engine, CLI/MCP consumers, generated projection, one-way importer and cutover tooling; lane-serialized internally
coder5 Web Tasks/Projects Kanban/List/detail and later Coordinator/migration-review UI
Mos Serialized integration Canon publication, frozen-contract changes, shared-root/exports, integration gates, merge authority

The safe order is KBN-010 → KBN-100 → KBN-105, then coder3 Gateway/MCP server, coder4 CLI/projection, coder5 web, and coder2 recovery can proceed on disjoint files. coder4 then runs pure Coordinator → importer → cutover tooling serially. No two active slices edit the same files.

Recovery defaults

Tier RPO / RTO WAL / PITR Base backup Restore / break-glass Off-cluster
Lite 24h / 24h disabled / disabled daily quarterly / annual encrypted separate target
Standard 1h / 8h q15m / 14d daily quarterly / semiannual encrypted separate object storage
High-assurance 15m / 4h q5m / 35d daily monthly / quarterly encrypted base+WAL, separate failure domain

These knobs affect recovery posture only. PostgreSQL remains the sole writable SOT in every tier. Fail-closed writes, generated-file non-authority, attributable post-recovery proposals, non-LLM Coordinator limits, and Certifier final-gate/no-merge authority are fixed for every tier.

Non-blocking implementation sub-decisions for Mos

The source plan and ratified seven decisions resolve all build-blocking product choices. The following implementation-local selections remain for the owning slices/Mos and must not weaken v1:

  1. Exact PostgreSQL write-health probe SQL and bounded proof lifetime; authority and failures are frozen.
  2. Dependency-cycle serialization mechanism (recursive CTE plus transaction/advisory lock or equivalent); required behavior is frozen.
  3. Whether RLS lands in the first migration or immediately after the tested session-context pattern; workspace constraints/repository authorization are required from migration one.
  4. Concrete off-cluster backup provider/bucket and selected production recovery tier; High-assurance minima are frozen if selected.
  5. Cutover reconciliation thresholds and stabilization duration, to be owner-approved before P3 execution.

None authorizes a second writer, dual sync, LLM scheduling, Coordinator gate waiver/merge, or Certifier merge authority.

Publication validation evidence

  • Concrete TypeScript contracts are formatted with repository Prettier.
  • All four contracts pass strict TypeScript no-emit checking against the current Stack Drizzle toolchain.
  • Contract remediation and KCR-001016 traceability are recorded in the issue scratchpad and linked review reports.
  • Independent re-review returned GO with KCR-001016 closed; implementation remains held until canon merge and the dependency-ordered KBN prerequisites complete.