Decompose architecture into 35 atomic tasks across 10 generations for implementation

tasks/review/core-foundation.md

@@ -0,0 +1,45 @@
+---
+id: review/core-foundation
+name: Review core foundation — transport traits, auth, error types, key loading
+status: pending
+depends_on:
+  - meta/transport-layer
+  - meta/auth-layer
+  - setup/test-infrastructure
+scope: broad
+risk: low
+impact: phase
+level: review
+---
+
+## Description
+
+Review the core foundation layer before proceeding to server/client implementation. Verify that transport abstractions match architecture, auth logic is correct, errors follow the layered pattern, and key loading handles all spec'd formats.
+
+This is the critical review before building the higher-level server and client components on top of these foundations.
+
+## Acceptance Criteria
+
+- [ ] Transport trait matches transport.md: correct bounds, object-safety, describe() method
+- [ ] TransportAcceptor matches transport.md: returns TransportInfo with correct metadata
+- [ ] TCP, TLS, iroh transports all produce correct stream types per implementations table
+- [ ] ACME integration with TLS works (or feature gates correctly prevent compilation without it)
+- [ ] Key loading handles file paths and in-memory data, rejects PEM format
+- [ ] authorized_keys parsing handles cert-authority entries with options
+- [ ] Server auth: Ed25519 key matching (constant-time), cert-authority validation (signature, expiry, principal)
+- [ ] Client auth: key pair presentation, Handler implementation
+- [ ] Error types cover all four layers (transport, auth, channel, config)
+- [ ] All tests pass: `cargo test --workspace`
+- [ ] `cargo clippy --workspace` passes with no warnings
+
+## References
+
+- docs/architecture/transport.md, docs/architecture/client.md, docs/architecture/server.md
+
+## Notes
+
+> To be filled by implementation agent
+
+## Summary
+
+> To be filled on completion