Files
stack/docs/scratchpads/753-kbn010-threat-gate.md
2026-07-14 12:31:05 -05:00

4.3 KiB

Issue #753 — KBN-010 threat, authorization, and constraint-impact gate

Objective

Complete the mandatory threat/auth/constraint-impact analysis that gates KBN-100 schema implementation.

Scope

  • In: threat matrix, frozen-control mapping, schema/API/test impact inventory, security evidence plan.
  • Out: runtime, schema, migration, API, dependency, CI, deployment, and secret changes.
  • Canonical requirements: docs/requirements/native-kanban-sot.md.
  • Frozen contract: docs/native-kanban-sot/SHARED-CONTRACT.md and contracts/*.v1.ts.
  • Tracking: Mosaic Stack issue #753.

Plan

  1. Independently inspect current-main implementation and frozen canon.
  2. Enumerate tenant, identity, health-proof, approval, fencing, proposal, audit, token, and outage threats.
  3. Map every threat to required constraints, command behavior, negative tests, and owning future slice.
  4. Surface any unresolved schema impact as a blocker; do not silently amend the frozen contract.
  5. Run documentation/static validation and submit for independent SecReview.

Execution log

  • 2026-07-14: KBN-000 completed through PR #752 and post-merge pipeline #1798.
  • 2026-07-14: KBN-010 issue #753 created; task marked in progress; fresh GPT worker pending dispatch.

Verification evidence

Pending worker validation, independent SecReview, Ultron gate, PR merge, post-merge CI, and issue closure.

2026-07-14 worker analysis checkpoint

  • Inspected issue #753, canonical requirements, all frozen v1 contracts, and actual origin/main at 49e8a54 across DB schema, Better Auth scope, project/task/mission/team repositories/controllers, fleet backlog, and TASKS.md parsing/writing.
  • Confirmed the worker branch has no source/runtime/schema delta from origin/main; orchestrator-owned .mosaic state remains dirty and untouched.
  • Authored the threat, authorization, constraint-impact, negative-test, and requirements-traceability analysis in docs/native-kanban-sot/KBN-010-THREAT-AUTH-CONSTRAINT-GATE.md.
  • Gate decision: BLOCKED by KBN010-SI-001. missionsV1 lacks a unique candidate key on (workspace_id, id), while artifacts_workspace_mission_fk and approval_decisions_workspace_mission_fk both reference that exact pair. PostgreSQL cannot create the frozen composite foreign keys as declared.
  • Decision: do not select or apply a schema fix. Contract authority must version either a (workspace_id, id) mission candidate key or project-congruent child keys, then obtain independent re-review before KBN-100.
  • Additional risks are controlled by frozen transaction/API behavior but require the exact future negative tests cataloged in the deliverable, especially active membership, service-token revocation, same-workspace semantic evidence checks, no-oracle behavior, and serialized parent/DAG cycle checks.
  • OpenBrain startup recall was attempted but unavailable because /home/hermes/.config/mosaic/credentials.json is absent; no project state was written to an alternate memory silo.
  • TDD: not applicable; this slice changes documentation/test-plan analysis only and implements no runtime behavior.

Validation log

  • pnpm exec prettier --check docs/native-kanban-sot/KBN-010-THREAT-AUTH-CONSTRAINT-GATE.md docs/scratchpads/753-kbn010-threat-gate.md — PASS.
  • Changed-doc link validator — PASS (relative_links=0, one external issue link); curl -fsSIL https://git.mosaicstack.dev/mosaicstack/stack/issues/753 — PASS.
  • The first inline link-validator invocation had a Python f-string syntax error; corrected once and rerun successfully without changing the deliverable.
  • pnpm format:check — PASS.
  • pnpm lint — PASS (23 tasks successful).
  • pnpm typecheck — PASS (42 tasks successful).
  • pnpm exec tsc -p docs/native-kanban-sot/tsconfig.json --noEmit — PASS.
  • Scoped diff review — PASS: authored delta is limited to the exclusive deliverable and this scratchpad; no runtime/schema/config/dependency/CI/deployment file is changed, and docs/native-kanban-sot/TASKS.md has no worker worktree delta from tracking commit 9b55de0.
  • Independent SecReview remains pending and cannot return PASS until contract authority resolves KBN010-SI-001.
  • Final formatting/diff/test-ID completeness review — PASS (all catalog prefixes contiguous with no duplicate IDs).
  • Remaining: scoped commit, queue guard, and push.