glm-5.1
2b63cda1c7
Copy architecture docs, ADRs, storage domain specs, research, reviews, and 56 storage architecture tasks from the alkhub_ts monorepo. Adapt for standalone @alkdev/hub repo structure (src/ not packages/hub/). Sanitize all sensitive information: - Replace private IPs (10.0.0.1) with localhost defaults - Remove internal server hostnames (dev1, ns528096) - Replace /workspace/ private paths with npm package references - Remove hardcoded credentials from examples - Rewrite infrastructure.md without private network details Add Deno project scaffolding: deno.json (pinned deps), .gitignore, AGENTS.md, entry point. Migrate existing code stubs (crypto, config types, logger) with updated import paths.
38 lines
1.1 KiB
Markdown
38 lines
1.1 KiB
Markdown
---
|
|
id: document-accesslevel-authorization
|
|
name: Document accessLevel Authorization and Identity Cross-References
|
|
status: completed
|
|
depends_on: []
|
|
scope: narrow
|
|
risk: trivial
|
|
impact: isolated
|
|
level: implementation
|
|
---
|
|
|
|
## Description
|
|
|
|
Two documentation gaps in the identity domain:
|
|
|
|
1. **S01**: Who can change `accounts.accessLevel`? Can a `user` self-promote? The assumed invariants for application-level access control are undocumented.
|
|
|
|
2. **S06**: `identity.md:12` lists FK targets but omits `sessions.accountId`. Add it for completeness so the identity doc is a full reference.
|
|
|
|
## Acceptance Criteria
|
|
|
|
- [ ] `identity.md` documents authorization rules for `accessLevel` changes (e.g., only `admin` can promote, users cannot self-promote)
|
|
- [ ] `identity.md` FK target list includes `sessions.accountId → accounts.id`
|
|
- [ ] Rules are consistent with ADR-012 terminology
|
|
|
|
## References
|
|
|
|
- docs/reviews/storage-architecture-review-2026-04-21.md#S01
|
|
- docs/reviews/storage-architecture-review-2026-04-21.md#S06
|
|
- docs/architecture/storage/identity.md
|
|
|
|
## Notes
|
|
|
|
> To be filled by implementation agent
|
|
|
|
## Summary
|
|
|
|
> To be filled on completion |