Files
alknet/tasks/vault/spec-sync-remove-drift.md
glm-5.2 098fd8b9b9 tasks: decompose vault, core, call crates into 28 atomic implementation tasks
Break down the three initial crates (alknet-vault, alknet-core, alknet-call)
into dependency-ordered task files for implementation agents.

Structure:
- tasks/vault/ (10 tasks) — drift fixes from ADR-025/026 refactor, review,
  spec sync. Vault is independent and can run fully in parallel with core/call.
- tasks/core/ (6 tasks) — crate init, core types, config, auth, endpoint,
  review. Core is foundational; call depends on it.
- tasks/call/ (12 tasks) — split into registry/ and protocol/ topic subdirs
  reflecting the two subsystems. CallAdapter is the merge point.

Key decisions:
- Drifts 3+9+10 grouped as one task (key-versioning-rotation) — the complete
  ADR-021 rotation feature that doesn't compile in pieces
- Reviews injected at end of each crate phase (vault, core, call)
- Vault spec-sync task removes the drift table and bumps doc status to stable
- ACME deferred in core/endpoint (noted as TODO; X509 manual certs for now)
- OperationEnv kept as a trait (load-bearing for ADR-024 layering)

Validated: 28 tasks, no cycles, 11 generations of parallel work.
Critical path runs through call (11 tasks). Vault completes by generation 4.
6 high-risk tasks identified (21%): irpc-removal, endpoint, operation-context,
operation-env, call-adapter, abort-cascade.
2026-06-23 12:41:47 +00:00

4.7 KiB

id, name, status, depends_on, scope, risk, impact, level
id name status depends_on scope risk impact level
vault/spec-sync-remove-drift Update vault specs to remove drift table and security-constraint drift prose, bump doc status pending
vault/review-vault-sync
narrow low component implementation

Description

After the vault review confirms all drift is resolved, update the vault architecture docs to remove the drift tracking artifacts and reflect the completed state. The drift table and the "known drift" prose in the security constraints sections were tracking tools during the spec-to-implementation sync — now that the sync is complete, they should be cleaned up.

What to update

  1. vault/README.md:

    • Remove the "Known Source Drift" section (the entire table and its intro paragraph). The drift is resolved; the table is no longer needed.
    • Remove the "Security Constraints" drift prose — the items that said "The current source uses rand::random() — this is a known drift" etc. Keep the constraint statements themselves (OsRng for IVs, zeroized drop, no unwrap, etc.) — those are permanent implementation requirements. Remove only the "current source uses X, this is a known drift" sentences.
    • Bump status: draftstatus: stable in the frontmatter (per the Document Lifecycle in the architecture README: stable = implementation complete and verified).
  2. vault/encryption.md:

    • In Security Constraints, remove the "The current source uses rand::random() for IV generation (encryption.rs line 133) — this is a known drift from the spec and must be corrected during implementation sync." sentence. Keep the "OsRng for IVs" constraint.
    • In Key Versioning, remove the "The current source uses CURRENT_KEY_VERSION = 1 with HD derivation and does not implement version-indexed paths or rotate. These are drift items to be corrected during implementation sync." paragraph.
    • Bump status: draftstatus: stable.
  3. vault/service.md:

    • In Security Constraints, remove the drift prose about rand::random(), unwrap() on RwLock, and KeyCache::clear() verification. Keep the constraint statements.
    • Bump status: draftstatus: stable.
  4. vault/protocol.md:

    • Remove the "to be updated per ADR-025 — remove VaultProtocol enum and irpc usage" note in References.
    • Remove the "postcard tests to be removed" note in References.
    • Bump status: draftstatus: stable.
  5. vault/mnemonic-derivation.md:

    • Bump status: draftstatus: stable (no drift prose to remove here, but the doc should reflect stable status).
  6. architecture/README.md:

    • Update the vault crate doc status entries in the Architecture Documents table from draft to stable.
    • Update the Current State paragraph to reflect vault implementation is complete (remove "pending ADR-025/026 refactor" language).

What NOT to change

  • Do not remove the Security Constraints sections themselves — they are permanent implementation requirements, not drift tracking.
  • Do not change the ADRs — they record decisions, not implementation status.
  • Do not remove the Public API section — it's a living reference.

Scope

This task touches only documentation files — no source code changes. It depends on the review task (which depends on all drift fixes).

Acceptance Criteria

  • "Known Source Drift" table removed from vault/README.md
  • Drift prose removed from Security Constraints sections (constraint statements kept)
  • All vault doc frontmatter bumped from status: draft to status: stable
  • architecture/README.md vault doc statuses updated to stable
  • architecture/README.md Current State updated (no "pending refactor" language)
  • No drift-tracking language remains anywhere in vault docs
  • Security constraint statements (OsRng, zeroize, no unwrap, etc.) preserved
  • Public API section preserved in vault/README.md

References

  • docs/architecture/crates/vault/README.md — Known Source Drift, Security Constraints, Public API
  • docs/architecture/crates/vault/encryption.md — Security Constraints, Key Versioning
  • docs/architecture/crates/vault/service.md — Security Constraints
  • docs/architecture/crates/vault/protocol.md — References
  • docs/architecture/README.md — Document Lifecycle, Architecture Documents table, Current State

Notes

This is the doc cleanup that closes out the vault phase. The drift table and "known drift" prose were tracking tools during spec-to-implementation sync; now that the sync is complete, they're noise. Keep the permanent constraint statements — they guide future implementation agents who touch the vault.

Summary

To be filled on completion