glm-5.1
2b63cda1c7
Copy architecture docs, ADRs, storage domain specs, research, reviews, and 56 storage architecture tasks from the alkhub_ts monorepo. Adapt for standalone @alkdev/hub repo structure (src/ not packages/hub/). Sanitize all sensitive information: - Replace private IPs (10.0.0.1) with localhost defaults - Remove internal server hostnames (dev1, ns528096) - Replace /workspace/ private paths with npm package references - Remove hardcoded credentials from examples - Rewrite infrastructure.md without private network details Add Deno project scaffolding: deno.json (pinned deps), .gitignore, AGENTS.md, entry point. Migrate existing code stubs (crypto, config types, logger) with updated import paths.
32 lines
952 B
Markdown
32 lines
952 B
Markdown
---
|
|
id: security-specs
|
|
name: Security Specs
|
|
status: completed
|
|
depends_on: [specify-key-rotation-protocol, specify-client-config-validation, document-payload-redaction, specify-payload-truncation, document-sha256-tradeoff]
|
|
scope: moderate
|
|
risk: high
|
|
impact: phase
|
|
level: review
|
|
---
|
|
|
|
## Description
|
|
|
|
All security-related spec fixes. This group addresses security-critical specification gaps: key rotation protocol, client config validation rules, payload redaction and truncation policies, and the sha256 indexing tradeoff. These must be specified before implementation to avoid shipping insecure defaults.
|
|
|
|
## Acceptance Criteria
|
|
|
|
- [ ] All dependent tasks are completed
|
|
- [ ] Cross-references between completed tasks are consistent
|
|
- [ ] No remaining contradictions in the covered domain
|
|
|
|
## References
|
|
|
|
- docs/reviews/storage-architecture-review-2026-04-21.md
|
|
|
|
## Notes
|
|
|
|
> To be filled by implementation agent
|
|
|
|
## Summary
|
|
|
|
> To be filled on completion |