glm-5.1
2b63cda1c7
Copy architecture docs, ADRs, storage domain specs, research, reviews, and 56 storage architecture tasks from the alkhub_ts monorepo. Adapt for standalone @alkdev/hub repo structure (src/ not packages/hub/). Sanitize all sensitive information: - Replace private IPs (10.0.0.1) with localhost defaults - Remove internal server hostnames (dev1, ns528096) - Replace /workspace/ private paths with npm package references - Remove hardcoded credentials from examples - Rewrite infrastructure.md without private network details Add Deno project scaffolding: deno.json (pinned deps), .gitignore, AGENTS.md, entry point. Migrate existing code stubs (crypto, config types, logger) with updated import paths.
1.1 KiB
1.1 KiB
id, name, status, depends_on, scope, risk, impact, level
| id | name | status | depends_on | scope | risk | impact | level |
|---|---|---|---|---|---|---|---|
| document-accesslevel-authorization | Document accessLevel Authorization and Identity Cross-References | completed | narrow | trivial | isolated | implementation |
Description
Two documentation gaps in the identity domain:
-
S01: Who can change
accounts.accessLevel? Can auserself-promote? The assumed invariants for application-level access control are undocumented. -
S06:
identity.md:12lists FK targets but omitssessions.accountId. Add it for completeness so the identity doc is a full reference.
Acceptance Criteria
identity.mddocuments authorization rules foraccessLevelchanges (e.g., onlyadmincan promote, users cannot self-promote)identity.mdFK target list includessessions.accountId → accounts.id- Rules are consistent with ADR-012 terminology
References
- docs/reviews/storage-architecture-review-2026-04-21.md#S01
- docs/reviews/storage-architecture-review-2026-04-21.md#S06
- docs/architecture/storage/identity.md
Notes
To be filled by implementation agent
Summary
To be filled on completion