gsdd-cli 0.18.5 → 0.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (100) hide show
  1. package/LICENSE +21 -21
  2. package/README.md +609 -608
  3. package/agents/DISTILLATION.md +421 -421
  4. package/agents/README.md +62 -62
  5. package/agents/approach-explorer.md +361 -361
  6. package/agents/debugger.md +82 -82
  7. package/agents/executor.md +394 -394
  8. package/agents/integration-checker.md +318 -318
  9. package/agents/mapper.md +103 -103
  10. package/agents/planner.md +313 -313
  11. package/agents/researcher.md +84 -84
  12. package/agents/roadmapper.md +296 -296
  13. package/agents/synthesizer.md +236 -236
  14. package/agents/verifier.md +337 -337
  15. package/bin/adapters/agents.mjs +34 -34
  16. package/bin/adapters/claude.mjs +191 -191
  17. package/bin/adapters/codex.mjs +85 -85
  18. package/bin/adapters/index.mjs +20 -20
  19. package/bin/adapters/opencode.mjs +278 -278
  20. package/bin/gsdd.mjs +123 -116
  21. package/bin/lib/cli-utils.mjs +28 -28
  22. package/bin/lib/evidence-contract.mjs +112 -112
  23. package/bin/lib/file-ops.mjs +186 -144
  24. package/bin/lib/health-truth.mjs +181 -178
  25. package/bin/lib/health.mjs +246 -226
  26. package/bin/lib/init-flow.mjs +247 -231
  27. package/bin/lib/init-prompts.mjs +248 -247
  28. package/bin/lib/init-runtime.mjs +191 -190
  29. package/bin/lib/init.mjs +17 -17
  30. package/bin/lib/lifecycle-preflight.mjs +347 -325
  31. package/bin/lib/lifecycle-state.mjs +351 -267
  32. package/bin/lib/manifest.mjs +116 -114
  33. package/bin/lib/models.mjs +411 -411
  34. package/bin/lib/phase.mjs +360 -358
  35. package/bin/lib/plan-constants.mjs +30 -30
  36. package/bin/lib/provenance.mjs +109 -106
  37. package/bin/lib/rendering.mjs +115 -83
  38. package/bin/lib/runtime-freshness.mjs +214 -214
  39. package/bin/lib/templates.mjs +225 -224
  40. package/bin/lib/workspace-root.mjs +2 -1
  41. package/distilled/DESIGN.md +2333 -2323
  42. package/distilled/EVIDENCE-INDEX.md +394 -392
  43. package/distilled/README.md +196 -193
  44. package/distilled/SKILL.md +86 -85
  45. package/distilled/templates/agents.block.md +21 -21
  46. package/distilled/templates/agents.md +6 -6
  47. package/distilled/templates/approach.md +232 -232
  48. package/distilled/templates/auth-matrix.md +78 -78
  49. package/distilled/templates/brownfield-change/CHANGE.md +99 -0
  50. package/distilled/templates/brownfield-change/HANDOFF.md +38 -0
  51. package/distilled/templates/brownfield-change/VERIFICATION.md +56 -0
  52. package/distilled/templates/codebase/architecture.md +110 -110
  53. package/distilled/templates/codebase/concerns.md +95 -95
  54. package/distilled/templates/codebase/conventions.md +193 -193
  55. package/distilled/templates/codebase/stack.md +96 -96
  56. package/distilled/templates/delegates/approach-explorer.md +25 -25
  57. package/distilled/templates/delegates/mapper-arch.md +26 -26
  58. package/distilled/templates/delegates/mapper-concerns.md +27 -27
  59. package/distilled/templates/delegates/mapper-quality.md +28 -28
  60. package/distilled/templates/delegates/mapper-tech.md +25 -25
  61. package/distilled/templates/delegates/plan-checker.md +68 -68
  62. package/distilled/templates/delegates/researcher-architecture.md +30 -30
  63. package/distilled/templates/delegates/researcher-features.md +30 -30
  64. package/distilled/templates/delegates/researcher-pitfalls.md +30 -30
  65. package/distilled/templates/delegates/researcher-stack.md +30 -30
  66. package/distilled/templates/delegates/researcher-synthesizer.md +31 -31
  67. package/distilled/templates/research/architecture.md +57 -57
  68. package/distilled/templates/research/features.md +23 -23
  69. package/distilled/templates/research/pitfalls.md +46 -46
  70. package/distilled/templates/research/stack.md +45 -45
  71. package/distilled/templates/research/summary.md +67 -67
  72. package/distilled/templates/roadmap.md +74 -62
  73. package/distilled/templates/spec.md +110 -110
  74. package/distilled/workflows/audit-milestone.md +275 -271
  75. package/distilled/workflows/complete-milestone.md +336 -332
  76. package/distilled/workflows/execute.md +454 -449
  77. package/distilled/workflows/map-codebase.md +253 -253
  78. package/distilled/workflows/new-milestone.md +242 -238
  79. package/distilled/workflows/new-project.md +398 -398
  80. package/distilled/workflows/pause.md +160 -156
  81. package/distilled/workflows/plan-milestone-gaps.md +183 -183
  82. package/distilled/workflows/plan.md +451 -447
  83. package/distilled/workflows/progress.md +227 -223
  84. package/distilled/workflows/quick.md +351 -347
  85. package/distilled/workflows/resume.md +220 -212
  86. package/distilled/workflows/verify-work.md +260 -260
  87. package/distilled/workflows/verify.md +431 -429
  88. package/docs/BROWNFIELD-PROOF.md +95 -95
  89. package/docs/RUNTIME-SUPPORT.md +80 -69
  90. package/docs/USER-GUIDE.md +394 -386
  91. package/docs/VERIFICATION-DISCIPLINE.md +59 -59
  92. package/docs/claude/context-monitor.md +98 -98
  93. package/docs/proof/consumer-node-cli/README.md +37 -37
  94. package/docs/proof/consumer-node-cli/ROADMAP.md +14 -14
  95. package/docs/proof/consumer-node-cli/SPEC.md +17 -17
  96. package/docs/proof/consumer-node-cli/brief.md +9 -9
  97. package/docs/proof/consumer-node-cli/phases/01-foundation/01-01-PLAN.md +34 -34
  98. package/docs/proof/consumer-node-cli/phases/01-foundation/01-01-SUMMARY.md +10 -10
  99. package/docs/proof/consumer-node-cli/phases/01-foundation/01-VERIFICATION.md +30 -30
  100. package/package.json +62 -61
@@ -1,6 +1,6 @@
1
- # AGENTS.md - GSDD Governance
2
-
3
- <!-- BEGIN GSDD -->
4
- {{GSDD_BLOCK}}
5
- <!-- END GSDD -->
6
-
1
+ # AGENTS.md - GSDD Governance
2
+
3
+ <!-- BEGIN GSDD -->
4
+ {{GSDD_BLOCK}}
5
+ <!-- END GSDD -->
6
+
@@ -1,232 +1,232 @@
1
- # Phase Approach Template
2
-
3
- Template for `.planning/phases/XX-name/{phase_num}-APPROACH.md` — captures implementation decisions and validated assumptions for a phase.
4
-
5
- **Purpose:** Document decisions that downstream agents need. Planner uses this to know WHAT choices are locked vs flexible. Plan-checker verifies plans honor these decisions.
6
-
7
- **Key principle:** The top-level structure (`<domain>`, `<decisions>`, `<assumptions>`, `<deferred>`) is fixed. Section names WITHIN `<decisions>` emerge from what was actually discussed for THIS phase — a CLI phase has CLI-relevant sections, a UI phase has UI-relevant sections.
8
-
9
- **Downstream consumers:**
10
- - `planner` — Reads decisions to constrain implementation choices. Locked decisions must be implemented. Agent's Discretion items allow planner flexibility.
11
- - `plan-checker` — Reads decisions to verify plans implement chosen approaches (approach_alignment dimension). Flags plans that contradict explicit user choices.
12
-
13
- ---
14
-
15
- ## File Template
16
-
17
- ```markdown
18
- # Phase [X]: [Name] - Approach
19
-
20
- **Explored:** [date]
21
- **Status:** Ready for planning
22
-
23
- <domain>
24
- ## Phase Boundary
25
-
26
- [Clear statement of what this phase delivers — the scope anchor. This comes from ROADMAP.md and is fixed. Discussion clarifies implementation within this boundary.]
27
-
28
- </domain>
29
-
30
- <decisions>
31
- ## Implementation Decisions
32
-
33
- ### [Gray Area 1 that was discussed]
34
- **Chosen approach:** [name]
35
- **Alternatives considered:** [Option B], [Option C]
36
- **Why this one:** [reasoning from research + user preference]
37
- - [Specific decision from questioning]
38
- - [Another decision if applicable]
39
-
40
- ### [Gray Area 2 that was discussed]
41
- **Chosen approach:** [name]
42
- **Alternatives considered:** [Option B]
43
- **Why this one:** [reasoning]
44
- - [Specific decision]
45
-
46
- ### Agent's Discretion
47
- [Areas where user explicitly said "you decide" — the agent has flexibility here during planning/implementation]
48
-
49
- </decisions>
50
-
51
- <assumptions>
52
- ## Validated Assumptions
53
-
54
- ### Confirmed
55
- - [confident] [assumption confirmed by user]
56
-
57
- ### Accepted (not challenged)
58
- - [assuming] [assumption user didn't challenge — planner should still honor but note it]
59
-
60
- ### Corrected
61
- - [corrected] [original assumption] → [user's correction]
62
-
63
- </assumptions>
64
-
65
- <deferred>
66
- ## Deferred Ideas
67
-
68
- [Ideas that came up during discussion but belong in other phases. Captured here so they're not lost, but explicitly out of scope for this phase.]
69
-
70
- [If none: "None — discussion stayed within phase scope"]
71
-
72
- </deferred>
73
-
74
- ---
75
-
76
- *Phase: XX-name*
77
- *Approach explored: [date]*
78
- ```
79
-
80
- ## Good Examples
81
-
82
- **Example 1: Visual feature (Dashboard)**
83
-
84
- ```markdown
85
- # Phase 3: Interactive Dashboard - Approach
86
-
87
- **Explored:** 2026-03-22
88
- **Status:** Ready for planning
89
-
90
- <domain>
91
- ## Phase Boundary
92
-
93
- Build an interactive dashboard with configurable widgets. Users can view metrics and rearrange layout. Widget creation and custom data sources are separate phases.
94
-
95
- </domain>
96
-
97
- <decisions>
98
- ## Implementation Decisions
99
-
100
- ### Chart rendering
101
- **Chosen approach:** Recharts
102
- **Alternatives considered:** D3 + custom components, Chart.js
103
- **Why this one:** React-native, SSR-friendly, good defaults. Matches existing React patterns. D3 would give more control but requires more code for standard charts.
104
- - Bar charts and line charts for metrics — no pie charts in v1
105
- - Charts should be interactive (hover tooltips) but not editable
106
- - Responsive: charts resize with widget container
107
-
108
- ### Widget layout
109
- **Chosen approach:** react-grid-layout
110
- **Alternatives considered:** CSS Grid + custom drag, @dnd-kit grid
111
- **Why this one:** Purpose-built for dashboard grids. Layout serialization to JSON for persistence. Mature production usage.
112
- - Drag-to-reorder enabled
113
- - Resize handles on bottom-right corner
114
- - 12-column grid, responsive breakpoints
115
- - Layout persisted to localStorage (not server)
116
-
117
- ### Agent's Discretion
118
- - Loading skeleton design
119
- - Exact spacing and typography within widgets
120
- - Error state handling for failed data fetches
121
-
122
- </decisions>
123
-
124
- <assumptions>
125
- ## Validated Assumptions
126
-
127
- ### Confirmed
128
- - [confident] Using existing Tailwind patterns from Phase 1-2
129
-
130
- ### Accepted (not challenged)
131
- - [assuming] Dashboard data comes from static JSON for v1 (no real API)
132
-
133
- ### Corrected
134
- - [corrected] Dashboard is read-only → Widgets DO need drag reorder
135
-
136
- </assumptions>
137
-
138
- <deferred>
139
- ## Deferred Ideas
140
-
141
- - Real-time data updates — future phase
142
- - Custom widget creation — add to backlog
143
- - Dashboard sharing/export — out of scope for v1
144
-
145
- </deferred>
146
-
147
- ---
148
-
149
- *Phase: 03-dashboard*
150
- *Approach explored: 2026-03-22*
151
- ```
152
-
153
- **Example 2: API feature (Authentication)**
154
-
155
- ```markdown
156
- # Phase 1: Authentication - Approach
157
-
158
- **Explored:** 2026-03-22
159
- **Status:** Ready for planning
160
-
161
- <domain>
162
- ## Phase Boundary
163
-
164
- Users can register and log in with email/password. Session management via JWT. OAuth and MFA are separate phases.
165
-
166
- </domain>
167
-
168
- <decisions>
169
- ## Implementation Decisions
170
-
171
- ### Session handling
172
- **Chosen approach:** HTTP-only cookies with JWT
173
- **Alternatives considered:** localStorage JWT, session-based (server-side)
174
- **Why this one:** HTTP-only cookies prevent XSS token theft. JWT avoids server-side session storage. Standard pattern for Next.js apps.
175
- - Access token: 15-minute expiry
176
- - Refresh token: 7-day expiry, rotation on use
177
- - Logout clears both tokens
178
-
179
- ### Error responses
180
- **Chosen approach:** Structured JSON errors
181
- **Alternatives considered:** Plain text errors, RFC 7807 Problem Details
182
- **Why this one:** Consistent with existing API patterns. RFC 7807 is overkill for this project size.
183
- - Always include: status code, error code, user-facing message
184
- - Never include: stack traces, internal IDs
185
- - Rate limit errors: include retry-after header
186
-
187
- ### Agent's Discretion
188
- - Password hashing library (bcrypt vs argon2)
189
- - Exact JWT payload structure
190
- - Email validation regex vs library
191
-
192
- </decisions>
193
-
194
- <assumptions>
195
- ## Validated Assumptions
196
-
197
- ### Confirmed
198
- - [confident] Email/password only for v1 (no OAuth)
199
-
200
- ### Accepted (not challenged)
201
- - [assuming] No email verification required for v1
202
-
203
- ### Corrected
204
- - [corrected] Single-device sessions → Allow multi-device (don't invalidate other sessions on login)
205
-
206
- </assumptions>
207
-
208
- <deferred>
209
- ## Deferred Ideas
210
-
211
- - OAuth providers (Google, GitHub) — Phase 4
212
- - MFA/2FA — add to backlog
213
-
214
- </deferred>
215
-
216
- ---
217
-
218
- *Phase: 01-authentication*
219
- *Approach explored: 2026-03-22*
220
- ```
221
-
222
- ## Guidelines
223
-
224
- **This template captures DECISIONS for downstream agents.**
225
-
226
- The output should answer: "What choices are locked for the planner? Where does the planner have discretion?"
227
-
228
- **After creation:**
229
- - File lives in phase directory: `.planning/phases/XX-name/{phase_num}-APPROACH.md`
230
- - Planner reads decisions to constrain implementation tasks
231
- - Plan-checker verifies approach_alignment: plans must implement chosen approaches
232
- - Downstream agents should NOT need to ask the user again about captured decisions
1
+ # Phase Approach Template
2
+
3
+ Template for `.planning/phases/XX-name/{phase_num}-APPROACH.md` — captures implementation decisions and validated assumptions for a phase.
4
+
5
+ **Purpose:** Document decisions that downstream agents need. Planner uses this to know WHAT choices are locked vs flexible. Plan-checker verifies plans honor these decisions.
6
+
7
+ **Key principle:** The top-level structure (`<domain>`, `<decisions>`, `<assumptions>`, `<deferred>`) is fixed. Section names WITHIN `<decisions>` emerge from what was actually discussed for THIS phase — a CLI phase has CLI-relevant sections, a UI phase has UI-relevant sections.
8
+
9
+ **Downstream consumers:**
10
+ - `planner` — Reads decisions to constrain implementation choices. Locked decisions must be implemented. Agent's Discretion items allow planner flexibility.
11
+ - `plan-checker` — Reads decisions to verify plans implement chosen approaches (approach_alignment dimension). Flags plans that contradict explicit user choices.
12
+
13
+ ---
14
+
15
+ ## File Template
16
+
17
+ ```markdown
18
+ # Phase [X]: [Name] - Approach
19
+
20
+ **Explored:** [date]
21
+ **Status:** Ready for planning
22
+
23
+ <domain>
24
+ ## Phase Boundary
25
+
26
+ [Clear statement of what this phase delivers — the scope anchor. This comes from ROADMAP.md and is fixed. Discussion clarifies implementation within this boundary.]
27
+
28
+ </domain>
29
+
30
+ <decisions>
31
+ ## Implementation Decisions
32
+
33
+ ### [Gray Area 1 that was discussed]
34
+ **Chosen approach:** [name]
35
+ **Alternatives considered:** [Option B], [Option C]
36
+ **Why this one:** [reasoning from research + user preference]
37
+ - [Specific decision from questioning]
38
+ - [Another decision if applicable]
39
+
40
+ ### [Gray Area 2 that was discussed]
41
+ **Chosen approach:** [name]
42
+ **Alternatives considered:** [Option B]
43
+ **Why this one:** [reasoning]
44
+ - [Specific decision]
45
+
46
+ ### Agent's Discretion
47
+ [Areas where user explicitly said "you decide" — the agent has flexibility here during planning/implementation]
48
+
49
+ </decisions>
50
+
51
+ <assumptions>
52
+ ## Validated Assumptions
53
+
54
+ ### Confirmed
55
+ - [confident] [assumption confirmed by user]
56
+
57
+ ### Accepted (not challenged)
58
+ - [assuming] [assumption user didn't challenge — planner should still honor but note it]
59
+
60
+ ### Corrected
61
+ - [corrected] [original assumption] → [user's correction]
62
+
63
+ </assumptions>
64
+
65
+ <deferred>
66
+ ## Deferred Ideas
67
+
68
+ [Ideas that came up during discussion but belong in other phases. Captured here so they're not lost, but explicitly out of scope for this phase.]
69
+
70
+ [If none: "None — discussion stayed within phase scope"]
71
+
72
+ </deferred>
73
+
74
+ ---
75
+
76
+ *Phase: XX-name*
77
+ *Approach explored: [date]*
78
+ ```
79
+
80
+ ## Good Examples
81
+
82
+ **Example 1: Visual feature (Dashboard)**
83
+
84
+ ```markdown
85
+ # Phase 3: Interactive Dashboard - Approach
86
+
87
+ **Explored:** 2026-03-22
88
+ **Status:** Ready for planning
89
+
90
+ <domain>
91
+ ## Phase Boundary
92
+
93
+ Build an interactive dashboard with configurable widgets. Users can view metrics and rearrange layout. Widget creation and custom data sources are separate phases.
94
+
95
+ </domain>
96
+
97
+ <decisions>
98
+ ## Implementation Decisions
99
+
100
+ ### Chart rendering
101
+ **Chosen approach:** Recharts
102
+ **Alternatives considered:** D3 + custom components, Chart.js
103
+ **Why this one:** React-native, SSR-friendly, good defaults. Matches existing React patterns. D3 would give more control but requires more code for standard charts.
104
+ - Bar charts and line charts for metrics — no pie charts in v1
105
+ - Charts should be interactive (hover tooltips) but not editable
106
+ - Responsive: charts resize with widget container
107
+
108
+ ### Widget layout
109
+ **Chosen approach:** react-grid-layout
110
+ **Alternatives considered:** CSS Grid + custom drag, @dnd-kit grid
111
+ **Why this one:** Purpose-built for dashboard grids. Layout serialization to JSON for persistence. Mature production usage.
112
+ - Drag-to-reorder enabled
113
+ - Resize handles on bottom-right corner
114
+ - 12-column grid, responsive breakpoints
115
+ - Layout persisted to localStorage (not server)
116
+
117
+ ### Agent's Discretion
118
+ - Loading skeleton design
119
+ - Exact spacing and typography within widgets
120
+ - Error state handling for failed data fetches
121
+
122
+ </decisions>
123
+
124
+ <assumptions>
125
+ ## Validated Assumptions
126
+
127
+ ### Confirmed
128
+ - [confident] Using existing Tailwind patterns from Phase 1-2
129
+
130
+ ### Accepted (not challenged)
131
+ - [assuming] Dashboard data comes from static JSON for v1 (no real API)
132
+
133
+ ### Corrected
134
+ - [corrected] Dashboard is read-only → Widgets DO need drag reorder
135
+
136
+ </assumptions>
137
+
138
+ <deferred>
139
+ ## Deferred Ideas
140
+
141
+ - Real-time data updates — future phase
142
+ - Custom widget creation — add to backlog
143
+ - Dashboard sharing/export — out of scope for v1
144
+
145
+ </deferred>
146
+
147
+ ---
148
+
149
+ *Phase: 03-dashboard*
150
+ *Approach explored: 2026-03-22*
151
+ ```
152
+
153
+ **Example 2: API feature (Authentication)**
154
+
155
+ ```markdown
156
+ # Phase 1: Authentication - Approach
157
+
158
+ **Explored:** 2026-03-22
159
+ **Status:** Ready for planning
160
+
161
+ <domain>
162
+ ## Phase Boundary
163
+
164
+ Users can register and log in with email/password. Session management via JWT. OAuth and MFA are separate phases.
165
+
166
+ </domain>
167
+
168
+ <decisions>
169
+ ## Implementation Decisions
170
+
171
+ ### Session handling
172
+ **Chosen approach:** HTTP-only cookies with JWT
173
+ **Alternatives considered:** localStorage JWT, session-based (server-side)
174
+ **Why this one:** HTTP-only cookies prevent XSS token theft. JWT avoids server-side session storage. Standard pattern for Next.js apps.
175
+ - Access token: 15-minute expiry
176
+ - Refresh token: 7-day expiry, rotation on use
177
+ - Logout clears both tokens
178
+
179
+ ### Error responses
180
+ **Chosen approach:** Structured JSON errors
181
+ **Alternatives considered:** Plain text errors, RFC 7807 Problem Details
182
+ **Why this one:** Consistent with existing API patterns. RFC 7807 is overkill for this project size.
183
+ - Always include: status code, error code, user-facing message
184
+ - Never include: stack traces, internal IDs
185
+ - Rate limit errors: include retry-after header
186
+
187
+ ### Agent's Discretion
188
+ - Password hashing library (bcrypt vs argon2)
189
+ - Exact JWT payload structure
190
+ - Email validation regex vs library
191
+
192
+ </decisions>
193
+
194
+ <assumptions>
195
+ ## Validated Assumptions
196
+
197
+ ### Confirmed
198
+ - [confident] Email/password only for v1 (no OAuth)
199
+
200
+ ### Accepted (not challenged)
201
+ - [assuming] No email verification required for v1
202
+
203
+ ### Corrected
204
+ - [corrected] Single-device sessions → Allow multi-device (don't invalidate other sessions on login)
205
+
206
+ </assumptions>
207
+
208
+ <deferred>
209
+ ## Deferred Ideas
210
+
211
+ - OAuth providers (Google, GitHub) — Phase 4
212
+ - MFA/2FA — add to backlog
213
+
214
+ </deferred>
215
+
216
+ ---
217
+
218
+ *Phase: 01-authentication*
219
+ *Approach explored: 2026-03-22*
220
+ ```
221
+
222
+ ## Guidelines
223
+
224
+ **This template captures DECISIONS for downstream agents.**
225
+
226
+ The output should answer: "What choices are locked for the planner? Where does the planner have discretion?"
227
+
228
+ **After creation:**
229
+ - File lives in phase directory: `.planning/phases/XX-name/{phase_num}-APPROACH.md`
230
+ - Planner reads decisions to constrain implementation tasks
231
+ - Plan-checker verifies approach_alignment: plans must implement chosen approaches
232
+ - Downstream agents should NOT need to ask the user again about captured decisions
@@ -1,78 +1,78 @@
1
- # Authorization Matrix Template
2
-
3
- > OWASP-style authorization matrix for systematic auth verification.
4
- > Create `.planning/AUTH_MATRIX.md` using this template when your project has multiple user roles or protected resources.
5
-
6
- ## When to Create This Matrix
7
-
8
- Create an authorization matrix when your project has:
9
- - Multiple user roles (e.g., anonymous, user, admin, owner)
10
- - Protected resources that vary by role
11
- - Ownership-scoped data (users can only access their own records)
12
- - Admin or operator surfaces that must be restricted
13
-
14
- Skip this matrix for single-role projects or projects with no auth requirements.
15
-
16
- ## Matrix Format
17
-
18
- Use the OWASP pivot format: rows are resources, columns are roles, cells are permissions.
19
-
20
- ### Permission Values
21
-
22
- | Value | Meaning |
23
- |-------|---------|
24
- | ALLOW | Role can perform this action on any matching resource |
25
- | DENY | Role must be explicitly rejected (not just "no route") |
26
- | OWN | Role can perform this action only on resources they own |
27
- | N/A | Action does not apply to this resource |
28
-
29
- ### Matrix Table
30
-
31
- ```markdown
32
- | Resource | Action | anonymous | user | admin |
33
- |----------|--------|-----------|------|-------|
34
- | /login | POST | ALLOW | ALLOW| ALLOW |
35
- | /profile | GET | DENY | OWN | ALLOW |
36
- | /profile | PUT | DENY | OWN | ALLOW |
37
- | /users | GET | DENY | DENY | ALLOW |
38
- | /users | DELETE | DENY | DENY | ALLOW |
39
- | /posts | GET | ALLOW | ALLOW| ALLOW |
40
- | /posts | POST | DENY | ALLOW| ALLOW |
41
- | /posts | DELETE | DENY | OWN | ALLOW |
42
- ```
43
-
44
- Adapt the table to your project's actual resources, actions, and roles. Add or remove columns as needed.
45
-
46
- ## Sensitive Surfaces
47
-
48
- The following resource categories MUST have matrix coverage when they exist in your project:
49
-
50
- - **User-scoped data** (profiles, settings, personal records) — require OWN or DENY
51
- - **Admin surfaces** (user management, system config, audit logs) — require DENY for non-admin roles
52
- - **Financial data** (billing, payments, subscriptions) — require explicit DENY or OWN
53
- - **Destructive actions** (delete, bulk operations, account removal) — require explicit role gates
54
- - **API keys and credentials** — require DENY for non-owner roles
55
-
56
- If a sensitive surface exists in your codebase but is missing from the matrix, the integration checker's narrative auth check (Step 4) will still flag it — Step 4 runs unconditionally regardless of whether this matrix exists. Step 4a only verifies cells that are already in the matrix.
57
-
58
- ## How the Integration Checker Uses This Matrix
59
-
60
- During milestone audits, the integration checker (Step 4a) will:
61
-
62
- 1. Parse each row of the matrix table(s)
63
- 2. For each cell (resource x role x expected permission):
64
- - **ALLOW**: Verify the role can access the resource (no auth gate blocks it)
65
- - **DENY**: Verify explicit rejection exists (middleware, guard, or policy denies access)
66
- - **OWN**: Verify ownership check is enforced (not just auth, but scoped to the user's records)
67
- 3. Report each cell as:
68
- - **VERIFIED**: Implementation matches the matrix expectation
69
- - **MISMATCH**: Implementation contradicts the matrix (e.g., DENY expected but no guard found)
70
- - **UNTESTED**: Cannot determine from static analysis (e.g., dynamic policy evaluation)
71
-
72
- The narrative auth check (Step 4) always runs regardless of whether this matrix exists.
73
-
74
- ## File Location
75
-
76
- Save your project's authorization matrix as `.planning/AUTH_MATRIX.md`.
77
-
78
- The integration checker will automatically detect and consume it when present. No configuration needed.
1
+ # Authorization Matrix Template
2
+
3
+ > OWASP-style authorization matrix for systematic auth verification.
4
+ > Create `.planning/AUTH_MATRIX.md` using this template when your project has multiple user roles or protected resources.
5
+
6
+ ## When to Create This Matrix
7
+
8
+ Create an authorization matrix when your project has:
9
+ - Multiple user roles (e.g., anonymous, user, admin, owner)
10
+ - Protected resources that vary by role
11
+ - Ownership-scoped data (users can only access their own records)
12
+ - Admin or operator surfaces that must be restricted
13
+
14
+ Skip this matrix for single-role projects or projects with no auth requirements.
15
+
16
+ ## Matrix Format
17
+
18
+ Use the OWASP pivot format: rows are resources, columns are roles, cells are permissions.
19
+
20
+ ### Permission Values
21
+
22
+ | Value | Meaning |
23
+ |-------|---------|
24
+ | ALLOW | Role can perform this action on any matching resource |
25
+ | DENY | Role must be explicitly rejected (not just "no route") |
26
+ | OWN | Role can perform this action only on resources they own |
27
+ | N/A | Action does not apply to this resource |
28
+
29
+ ### Matrix Table
30
+
31
+ ```markdown
32
+ | Resource | Action | anonymous | user | admin |
33
+ |----------|--------|-----------|------|-------|
34
+ | /login | POST | ALLOW | ALLOW| ALLOW |
35
+ | /profile | GET | DENY | OWN | ALLOW |
36
+ | /profile | PUT | DENY | OWN | ALLOW |
37
+ | /users | GET | DENY | DENY | ALLOW |
38
+ | /users | DELETE | DENY | DENY | ALLOW |
39
+ | /posts | GET | ALLOW | ALLOW| ALLOW |
40
+ | /posts | POST | DENY | ALLOW| ALLOW |
41
+ | /posts | DELETE | DENY | OWN | ALLOW |
42
+ ```
43
+
44
+ Adapt the table to your project's actual resources, actions, and roles. Add or remove columns as needed.
45
+
46
+ ## Sensitive Surfaces
47
+
48
+ The following resource categories MUST have matrix coverage when they exist in your project:
49
+
50
+ - **User-scoped data** (profiles, settings, personal records) — require OWN or DENY
51
+ - **Admin surfaces** (user management, system config, audit logs) — require DENY for non-admin roles
52
+ - **Financial data** (billing, payments, subscriptions) — require explicit DENY or OWN
53
+ - **Destructive actions** (delete, bulk operations, account removal) — require explicit role gates
54
+ - **API keys and credentials** — require DENY for non-owner roles
55
+
56
+ If a sensitive surface exists in your codebase but is missing from the matrix, the integration checker's narrative auth check (Step 4) will still flag it — Step 4 runs unconditionally regardless of whether this matrix exists. Step 4a only verifies cells that are already in the matrix.
57
+
58
+ ## How the Integration Checker Uses This Matrix
59
+
60
+ During milestone audits, the integration checker (Step 4a) will:
61
+
62
+ 1. Parse each row of the matrix table(s)
63
+ 2. For each cell (resource x role x expected permission):
64
+ - **ALLOW**: Verify the role can access the resource (no auth gate blocks it)
65
+ - **DENY**: Verify explicit rejection exists (middleware, guard, or policy denies access)
66
+ - **OWN**: Verify ownership check is enforced (not just auth, but scoped to the user's records)
67
+ 3. Report each cell as:
68
+ - **VERIFIED**: Implementation matches the matrix expectation
69
+ - **MISMATCH**: Implementation contradicts the matrix (e.g., DENY expected but no guard found)
70
+ - **UNTESTED**: Cannot determine from static analysis (e.g., dynamic policy evaluation)
71
+
72
+ The narrative auth check (Step 4) always runs regardless of whether this matrix exists.
73
+
74
+ ## File Location
75
+
76
+ Save your project's authorization matrix as `.planning/AUTH_MATRIX.md`.
77
+
78
+ The integration checker will automatically detect and consume it when present. No configuration needed.