Scrummed v1 across opus + kimi + gemini lineages via the new model
fleet. 3/3 reviewers said 'I would NOT build v1 as written.' 4
convergent blockers, all resolved in v2:
1. Migration order wrong — backfill before validation creates dark
database; if backfill bug, no production traffic catches it.
v2 inserts BIPA-prereq Step 0 + shadow-write before backfill +
shadow-read before cutover. 9-step migration with cryptographic
attestation of completeness at quarantine.
2. Master key on disk + legal token static file = 'security theater'
per all 3. v2: HashiCorp Vault Transit / AWS KMS for KEK (not
sealed file). Legal token: split-secret short-lived JWT (max 24h),
dual-control issuance (J + counsel both sign), revocable in <60s.
3. consent_status='inferred_existing' is BIPA prima facie violation
(kimi+gemini explicit). v2 backfill uses 'pending_backfill_review';
biometric data NEVER backfilled — separate consent stream.
4. Healthcare default 'general' = HIPAA exposure window for every
misclassified subject. v2 default 'unknown' with fail-closed
routing (treat unknown as healthcare-equivalent until classified
by manual review). Auto-escalation to healthcare on resume_text
pattern match.
Plus 12 single-reviewer additions:
- mTLS mandatory between gateway↔identityd (kimi)
- External anchor for audit chain: S3 Object Lock 7-year compliance
mode, hourly + on-event commits (all 3)
- Audit-log signing key separate from encryption KEK (opus)
- Field-level authorization via purpose_definitions table (kimi)
- Per-row encryption keys deferred to Phase 7 (kimi simplification)
- pii_access_log itself needs legal-tier read auth (opus)
- Synchronous cache invalidation pub/sub on RTBF (opus)
- Outbound NER pass for Langfuse defense-in-depth (opus TOCTOU)
- model_version_hash per decision row (gemini)
- /vertical minimal-disclosure endpoint (kimi HIPAA min-necessary)
- Auto-escalation healthcare on resume_text pattern (kimi)
- Rate limiting + token revocation list (opus)
- Oracle tests in audit_parity.sh (kimi SOC2 CC4.1)
Architecturally simplified per scrum:
- Per-row encryption keys deferred to Phase 7 (single DEK + HSM-
wrapped KEK + ciphertext deletion is equivalent practical erasure
with less complexity)
- PDF render deferred (JSON ships first)
- Training-safe export deferred (not critical path)
Estimated effort revised 8-10 → 12-15 days. Worth it — every
addition was a 3/3-reviewer convergent finding.
Re-scrum recommended before implementation starts to verify v2
addresses the v1 blockers.
No code changes.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
298fadce41