Skip to content

refactor(spec): remove dead compliance subsystems (ADR-0056 D8) + mark agent visibility EXPERIMENTAL (#1901)#2693

Merged
os-zhuang merged 1 commit into
mainfrom
claude/auth-lifecycle-gaps-248nvb
Jul 8, 2026
Merged

refactor(spec): remove dead compliance subsystems (ADR-0056 D8) + mark agent visibility EXPERIMENTAL (#1901)#2693
os-zhuang merged 1 commit into
mainfrom
claude/auth-lifecycle-gaps-248nvb

Conversation

@os-zhuang

Copy link
Copy Markdown
Contributor

What & why

Settles the two remaining honesty-debt items from the authorization gap map (umbrella #2561), per ADR-0049 ("never advertise a capability the runtime doesn't deliver") and ADR-0056 D8's standing instruction for the experimental surface: design + enforce, or remove.

Dispositions

Removed — declared-but-never-enforced, no runtime consumer

Subsystem Files Why removal (not keep-marked)
GDPR/HIPAA/PCI compliance configs system/compliance.zod.ts (+ tests) Compliance-grade config must never merely look live — a parsed-but-dead gdpr: block is a liability in an audit. A real compliance subsystem will be designed top-down (data-subject-rights engine, retention enforcer) when scheduled.
Role-based data masking system/masking.zod.ts (+ tests) FLS (plugin-security's field masker) is the enforced field-visibility path; a masking/deny layer would be redesigned with the ADR-0066 ⑦/⑧ muting work anyway — the dead config was pure drift risk. The per-field maskingRule prop was already pruned in 2026-06.
Global RLS config / audit events RLSConfigSchema / RLSAuditEventSchema / RLSAuditConfigSchema in security/rls.zod.ts The enforced RLS path (computeRlsFilter) never read them. Per-policy RowLevelSecurityPolicySchema — the live surface — is unchanged.

Kept [EXPERIMENTAL] — deliberate

  • EncryptionConfigSchema (at-rest field encryption): real enterprise roadmap item with a stable shape; carrying it marked costs less than remove-and-re-add (ADR-0087). The keep decision is now recorded in the conformance-matrix note.

Marked [EXPERIMENTAL — NOT ENFORCED]#1901

Ledger & docs

  • ADR-0056 D10 conformance matrix: compliance-configs / data-masking / rls-config-global flipped to removed with disposition notes; field-encryption note records the keep decision; new agent-visibility experimental row.
  • Generated reference docs regenerated (references/system/compliance.mdx, masking.mdx deleted; index/meta updated).
  • Hand-written docs synced: protocol/objectql/security.mdx (Data Masking section → removal note; RLS deny-default rewritten to cite the enforced fail-closed path instead of the removed global config; RLS-audit bullet), protocol/objectql/types.mdx, permissions/authorization.mdx lifecycle table.
  • Changeset carries the FROM→TO migration for each removed export (per AGENTS.md breaking-changeset rule).

Tests / verification

  • spec: 6659 passed (246 files) post-removal; API surface + factory signatures regenerated and re-checked ✓; property-liveness check ✓.
  • dogfood conformance-matrix companion test ✓ (matrix completeness + honest states).
  • Full workspace turbo build green — confirms nothing in the monorepo imported the removed exports.

Refs #2561 · ADR-0056 D8 · ADR-0049 · #1901

🤖 Generated with Claude Code

https://claude.ai/code/session_0187GeNqezxV6g5jiLiggfbt


Generated by Claude Code

…k agent visibility EXPERIMENTAL (#1901)

ADR-0056 D8 said "design + enforce, or remove" for the declared-but-never-
enforced surface. Dispositions:

REMOVED (no runtime path ever read them; compliance-grade config must never
merely look live):
- system/compliance.zod.ts (GDPR/HIPAA/PCI ComplianceConfig) + tests
- system/masking.zod.ts (MaskingRule/MaskingConfig) + tests — FLS is the
  enforced field-visibility path; a masking/deny layer arrives with
  ADR-0066 ⑦/⑧ if needed
- security/rls.zod.ts: RLSConfigSchema / RLSAuditEventSchema /
  RLSAuditConfigSchema — the enforced RLS path (computeRlsFilter) never read
  the global config; per-policy RowLevelSecurityPolicySchema is unchanged

KEPT [EXPERIMENTAL]: system/encryption.zod.ts — real enterprise roadmap item
with a stable shape; carrying it marked costs less than remove-and-re-add
(ADR-0087).

MARKED [EXPERIMENTAL — NOT ENFORCED] (#1901): AgentSchema.visibility — the
chat-access evaluator deliberately excludes it and the list route does not
filter by it, so `private` does not hide an agent. Schema description + the
authoring form now say so; access/permissions (enforced since #1884) are the
real gates.

Ledger: authz-conformance matrix rows flipped (3× removed with disposition
notes, field-encryption note records the keep decision, new agent-visibility
experimental row). Generated reference docs regenerated (compliance/masking
pages deleted); hand-written security/types/authorization docs synced.

Tests: spec 6659 passed (246 files) after removal; api-surface regenerated;
liveness ✓; conformance-matrix companion test ✓; full turbo build green.

Refs #2561, ADR-0056 D8, #1901

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_0187GeNqezxV6g5jiLiggfbt
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

📓 Docs Drift Check

This PR changes 2 package(s): @objectstack/dogfood, @objectstack/spec.

94 hand-written doc(s) reference the affected code and may need an implementation-accuracy re-verification:

  • content/docs/ai/agents.mdx (via @objectstack/spec)
  • content/docs/ai/skills-reference.mdx (via @objectstack/spec)
  • content/docs/ai/skills.mdx (via @objectstack/spec)
  • content/docs/api/client-sdk.mdx (via @objectstack/spec)
  • content/docs/api/environment-routing.mdx (via @objectstack/spec)
  • content/docs/api/error-catalog.mdx (via @objectstack/spec)
  • content/docs/api/error-handling-client.mdx (via @objectstack/spec)
  • content/docs/api/error-handling-server.mdx (via @objectstack/spec)
  • content/docs/api/index.mdx (via @objectstack/spec)
  • content/docs/automation/approvals.mdx (via packages/spec)
  • content/docs/automation/flows.mdx (via @objectstack/spec)
  • content/docs/automation/hook-bodies.mdx (via packages/spec)
  • content/docs/automation/hooks.mdx (via @objectstack/spec)
  • content/docs/automation/index.mdx (via @objectstack/spec)
  • content/docs/automation/webhooks.mdx (via @objectstack/spec)
  • content/docs/automation/workflows.mdx (via @objectstack/spec)
  • content/docs/concepts/architecture.mdx (via @objectstack/spec)
  • content/docs/concepts/design-principles.mdx (via packages/spec)
  • content/docs/concepts/index.mdx (via @objectstack/spec)
  • content/docs/concepts/metadata-driven.mdx (via @objectstack/spec)
  • content/docs/concepts/metadata-lifecycle.mdx (via packages/spec)
  • content/docs/concepts/north-star.mdx (via packages/spec)
  • content/docs/data-modeling/analytics.mdx (via @objectstack/spec)
  • content/docs/data-modeling/drivers.mdx (via @objectstack/spec)
  • content/docs/data-modeling/external-datasources.mdx (via @objectstack/spec)
  • content/docs/data-modeling/field-types.mdx (via @objectstack/spec)
  • content/docs/data-modeling/fields.mdx (via @objectstack/spec)
  • content/docs/data-modeling/formulas.mdx (via @objectstack/spec)
  • content/docs/data-modeling/index.mdx (via @objectstack/spec)
  • content/docs/data-modeling/objects.mdx (via @objectstack/spec)
  • content/docs/data-modeling/queries.mdx (via @objectstack/spec)
  • content/docs/data-modeling/schema-design.mdx (via @objectstack/spec)
  • content/docs/data-modeling/seed-data.mdx (via @objectstack/spec)
  • content/docs/data-modeling/validation-rules.mdx (via @objectstack/spec)
  • content/docs/data-modeling/validation.mdx (via @objectstack/spec)
  • content/docs/deployment/troubleshooting.mdx (via @objectstack/spec)
  • content/docs/getting-started/build-with-claude-code.mdx (via @objectstack/spec)
  • content/docs/getting-started/cli.mdx (via @objectstack/spec)
  • content/docs/getting-started/common-patterns.mdx (via @objectstack/spec)
  • content/docs/getting-started/examples.mdx (via @objectstack/spec)
  • content/docs/getting-started/quick-reference.mdx (via @objectstack/spec)
  • content/docs/getting-started/quick-start.mdx (via @objectstack/spec)
  • content/docs/getting-started/validating-metadata.mdx (via @objectstack/spec)
  • content/docs/kernel/cluster.mdx (via @objectstack/spec)
  • content/docs/kernel/contracts/auth-service.mdx (via packages/spec)
  • content/docs/kernel/contracts/cache-service.mdx (via packages/spec)
  • content/docs/kernel/contracts/data-engine.mdx (via @objectstack/spec)
  • content/docs/kernel/contracts/index.mdx (via @objectstack/spec)
  • content/docs/kernel/contracts/metadata-service.mdx (via packages/spec)
  • content/docs/kernel/contracts/storage-service.mdx (via packages/spec)
  • content/docs/kernel/index.mdx (via packages/spec)
  • content/docs/kernel/runtime-services/email-service.mdx (via packages/spec)
  • content/docs/kernel/runtime-services/index.mdx (via packages/spec)
  • content/docs/kernel/runtime-services/queue-service.mdx (via packages/spec)
  • content/docs/kernel/runtime-services/sharing-service.mdx (via packages/spec)
  • content/docs/kernel/runtime-services/storage-service.mdx (via packages/spec)
  • content/docs/kernel/services-checklist.mdx (via @objectstack/spec)
  • content/docs/permissions/authorization.mdx (via packages/dogfood, @objectstack/spec)
  • content/docs/permissions/permission-sets.mdx (via @objectstack/spec)
  • content/docs/permissions/permissions-matrix.mdx (via @objectstack/spec)
  • content/docs/permissions/profiles.mdx (via @objectstack/spec)
  • content/docs/permissions/roles.mdx (via @objectstack/spec)
  • content/docs/permissions/sharing-rules.mdx (via @objectstack/spec)
  • content/docs/plugins/adding-a-metadata-type.mdx (via @objectstack/spec)
  • content/docs/plugins/development.mdx (via @objectstack/spec)
  • content/docs/plugins/index.mdx (via @objectstack/spec)
  • content/docs/plugins/packages.mdx (via @objectstack/spec)
  • content/docs/protocol/backward-compatibility.mdx (via @objectstack/spec)
  • content/docs/protocol/diagram.mdx (via packages/spec)
  • content/docs/protocol/knowledge.mdx (via @objectstack/spec)
  • content/docs/protocol/objectos/config-resolution.mdx (via @objectstack/spec)
  • content/docs/protocol/objectos/i18n-standard.mdx (via @objectstack/spec)
  • content/docs/protocol/objectos/lifecycle.mdx (via @objectstack/spec)
  • content/docs/protocol/objectos/plugin-spec.mdx (via @objectstack/spec)
  • content/docs/protocol/objectos/runtime-capabilities.mdx (via @objectstack/spec)
  • content/docs/protocol/objectql/index.mdx (via packages/spec)
  • content/docs/protocol/objectql/query-syntax.mdx (via @objectstack/spec)
  • content/docs/protocol/objectql/schema.mdx (via @objectstack/spec)
  • content/docs/protocol/objectql/security.mdx (via packages/spec)
  • content/docs/protocol/objectql/state-machine.mdx (via @objectstack/spec)
  • content/docs/protocol/objectui/actions.mdx (via @objectstack/spec)
  • content/docs/protocol/objectui/concept.mdx (via @objectstack/spec)
  • content/docs/protocol/objectui/index.mdx (via @objectstack/spec)
  • content/docs/protocol/objectui/layout-dsl.mdx (via packages/spec)
  • content/docs/protocol/objectui/record-alert.mdx (via @objectstack/spec)
  • content/docs/protocol/objectui/widget-contract.mdx (via @objectstack/spec)
  • content/docs/releases/implementation-status.mdx (via @objectstack/spec)
  • content/docs/releases/index.mdx (via @objectstack/spec)
  • content/docs/releases/v9.mdx (via @objectstack/spec)
  • content/docs/ui/create-vs-edit-form.mdx (via @objectstack/spec)
  • content/docs/ui/dashboards.mdx (via @objectstack/spec)
  • content/docs/ui/forms.mdx (via @objectstack/spec)
  • content/docs/ui/index.mdx (via @objectstack/spec)
  • content/docs/ui/setup-app.mdx (via @objectstack/spec)

Advisory only. To re-verify, run the docs-accuracy-audit workflow scoped to these files:
node scripts/docs-audit/affected-docs.mjs origin/main → pass the list as args.docs.

@vercel

vercel Bot commented Jul 8, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
spec Ready Ready Preview, Comment Jul 8, 2026 4:29pm

Request Review

@os-zhuang os-zhuang marked this pull request as ready for review July 8, 2026 16:39
@os-zhuang os-zhuang merged commit 2bee609 into main Jul 8, 2026
17 checks passed
@os-zhuang os-zhuang deleted the claude/auth-lifecycle-gaps-248nvb branch July 8, 2026 16:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants