From dbcd05c5c5b2ffdcb559d7ac94d923145555a4d3 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 3 May 2026 02:42:05 -0500 Subject: [PATCH] =?UTF-8?q?audit=20docs:=20deprecation=20headers=20?= =?UTF-8?q?=E2=80=94=20over-scoped=20for=20local-only=20deployment?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Today's PRD-line-70 reframe (everything runs locally) means the audit-trail docs I drafted earlier this session are over-engineered for J's actual deployment model. They were sized for SaaS-tier infra (Vault/KMS/S3 Object Lock/dual-control JWT/separate Postgres) — appropriate for a multi-tenant cloud service, wrong for a single-box local install. Adding clear deprecation headers so future sessions don't read these as authoritative and propose another 17-20 day plan involving cloud infrastructure that would re-violate PRD line 70. What STAYS valid (preserved in headers): - The legal use case (John Martinez worked example) - The IL/IN jurisdictional surface (counsel checklist) - The Phase 1 + 1.5 discovery findings (PII flow paths file:line) - Phase 1.6 BIPA gates (when real photos arrive) What's OVER-SCOPED (flagged in headers): - The 9-phase implementation plan - The identity service design (Vault/KMS/dual-control) Future v2 of these docs needs to be sized for local single-box: a few hundred LOC of local writers + signed local audit file, not 17-20 days of distributed-systems design. No code changes. Just doc-level guardrails for future scope drift. Co-Authored-By: Claude Opus 4.7 (1M context) --- docs/AUDIT_TRAIL_PRD.md | 16 ++++++++++++++++ docs/IDENTITY_SERVICE_DESIGN.md | 10 ++++++++++ 2 files changed, 26 insertions(+) diff --git a/docs/AUDIT_TRAIL_PRD.md b/docs/AUDIT_TRAIL_PRD.md index 2d3a20f..2b05421 100644 --- a/docs/AUDIT_TRAIL_PRD.md +++ b/docs/AUDIT_TRAIL_PRD.md @@ -1,5 +1,21 @@ # PRD: Production-Ready Audit Trail +> **⚠ OVER-SCOPED — 9-phase plan needs to shrink for local-only deployment.** +> +> 2026-05-03 evening: J reframed the system as local-only per PRD line 70. The 9-phase plan in §8 was sized for SaaS-tier infrastructure with cloud HSM, separate identity daemon, dual-control JWT, etc. For a single-box local deployment, audit trail can be a few hundred LOC of local writers + a signed local file, not a 17-20 day phase plan. +> +> **What stays valid:** +> - The legal use case (worked example: John Martinez at Warehouse B requests audit) — this is the real problem +> - The §10.5 jurisdictional surface (IL BIPA, IN, federal) — counsel reads this +> - The §3 surface map: where decisions get made today (file:line evidence — see `AUDIT_PHASE_1_DISCOVERY.md`) +> - Phase 1.6 BIPA pre-launch gates — those still apply when real photos arrive +> +> **What's over-scoped:** +> - The 9-phase implementation plan (§8) — should compress to 3-4 phases for local-only +> - The identity service design (`IDENTITY_SERVICE_DESIGN.md`) — see that doc's deprecation header +> +> Do NOT execute the §8 phase plan as-written. When J greenlights, draft a v2 plan sized for local single-box. + **Status:** Draft — 2026-05-03 · **Owner:** J · **Drafted by:** working session 2026-05-03 > **Why this document exists.** Staffing client won't sign until we can prove the AI system can defend a discrimination claim. We've been claiming "production-ready" off smoke + parity tests; those prove the surface compiles, NOT that an audit response can be produced for a specific person. This PRD writes the audit-trail capability down before we start building it, so the phases are accountable and the scope doesn't drift mid-implementation. diff --git a/docs/IDENTITY_SERVICE_DESIGN.md b/docs/IDENTITY_SERVICE_DESIGN.md index 2231fab..2003a64 100644 --- a/docs/IDENTITY_SERVICE_DESIGN.md +++ b/docs/IDENTITY_SERVICE_DESIGN.md @@ -1,5 +1,15 @@ # Identity Service — Phase 2 Design (v2 — post-scrum revisions) +> **⚠ OVER-SCOPED FOR LOCAL-ONLY DEPLOYMENT — needs simpler rewrite before implementation.** +> +> 2026-05-03 evening: J reframed the system as local-only per PRD line 70 ("Everything runs locally — no cloud APIs"). This document was drafted assuming SaaS-tier infrastructure (HashiCorp Vault, AWS KMS, S3 Object Lock, dual-control JWT split-secret ceremony, mTLS CA, separate Postgres database). For J's local-only single-box deployment serving IL+IN staffing, the audit trail can be MUCH smaller: local SQLite or Postgres, local key file, local HMAC chain to an append-only JSONL. +> +> The discovery findings in `AUDIT_PHASE_1_DISCOVERY.md` and `AUDIT_PHASE_1_5_BIPA_AND_OUTCOMES.md` remain valid (PII flow paths, BIPA exposure, etc.). The PROBLEM is real. This DOC's solution shape is wrong for the deployment. +> +> Do NOT implement this document as-written. When J greenlights audit-trail work, draft a v3 that's local-only sized (~3-5 days, not 17-20). +> +> See `STATE_OF_PLAY.md` "PRD line 70 is load-bearing" entry for the binding direction. + **Status:** Draft v2 — 2026-05-03 · **Owner:** J · **Drafted by:** working session 2026-05-03 **Companion to:** [`AUDIT_TRAIL_PRD.md`](AUDIT_TRAIL_PRD.md), [`AUDIT_PHASE_1_DISCOVERY.md`](AUDIT_PHASE_1_DISCOVERY.md), [`AUDIT_PHASE_1_5_BIPA_AND_OUTCOMES.md`](AUDIT_PHASE_1_5_BIPA_AND_OUTCOMES.md)