W01 engineering annex (DW10) — input for the 16:00 IST W05 review#39
Merged
Conversation
Task 6 of today. Friday 15:30 IST DW10 cadence — the engineering half of the W05 Friday review packet. Covers: - Headline: Week 1 over-shipped by ~3 weeks vs the brainstorm's schedule (Week 6 dashboard + Week 2 verifier + Week 7 audit log all landed in Week 1). - 14 PRs to main this week, listed in order with one-line summaries of impact. Plus cross-repo work in pulkitpareek18/ZeroAuth-Governance. - Component status table: API, dashboard, marketing site, verifier service, email infra, audit logs (Postgres + verifier SQLite), threat model, governance repo, runbooks. - Open issues + debt carried into Week 2 with severity, owner, next step. F-2 v2, ADR-0005 counsel engagement, verifier ops (chain-verify cron + off-host backup), vkey signing, security-reviewer wiring, cadence gaps. - Discipline-gates scorecard Day 1 → Day 5. Honest read: the only consistently-skipped gate this week was the security-reviewer subagent. Wired into Week 2 day 1 as the first remediation. - What blocks SOW signing — ordered by criticality. Counsel engagement first, F-2 byte-identical fix second, vkey signing third, chain-verify cron + backup fourth, compliance counsel review fifth. - Proposed Week 2 deliverables — five items, three shipping + two spec-only. Realistic load for 1 engineer + 1 founder. - Operational notes for Amit (Brevo, env runbook, status page decision, brand language). - Confidence statement with three watch-items: single-engineer concentration, counsel velocity, verifier soak window. No code changes. Pure doc. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
pulkitpareek18
added a commit
that referenced
this pull request
May 15, 2026
Task 6 of today. Friday 15:30 IST DW10 cadence — the engineering half of the W05 Friday review packet. Covers: - Headline: Week 1 over-shipped by ~3 weeks vs the brainstorm's schedule (Week 6 dashboard + Week 2 verifier + Week 7 audit log all landed in Week 1). - 14 PRs to main this week, listed in order with one-line summaries of impact. Plus cross-repo work in pulkitpareek18/ZeroAuth-Governance. - Component status table: API, dashboard, marketing site, verifier service, email infra, audit logs (Postgres + verifier SQLite), threat model, governance repo, runbooks. - Open issues + debt carried into Week 2 with severity, owner, next step. F-2 v2, ADR-0005 counsel engagement, verifier ops (chain-verify cron + off-host backup), vkey signing, security-reviewer wiring, cadence gaps. - Discipline-gates scorecard Day 1 → Day 5. Honest read: the only consistently-skipped gate this week was the security-reviewer subagent. Wired into Week 2 day 1 as the first remediation. - What blocks SOW signing — ordered by criticality. Counsel engagement first, F-2 byte-identical fix second, vkey signing third, chain-verify cron + backup fourth, compliance counsel review fifth. - Proposed Week 2 deliverables — five items, three shipping + two spec-only. Realistic load for 1 engineer + 1 founder. - Operational notes for Amit (Brevo, env runbook, status page decision, brand language). - Confidence statement with three watch-items: single-engineer concentration, counsel velocity, verifier soak window. No code changes. Pure doc.
pulkitpareek18
pushed a commit
that referenced
this pull request
May 28, 2026
These three documents land Agent #39's Week-1/Week-2 deliverables under the Phase 0 + Phase 1 privacy scaffold: - docs/compliance/privacy/data-inventory-v1.md Canonical inventory of every data element ZeroAuth processes. One row per DB column (twelve tables in src/services/db.ts, including the audit_anchors row scheduled for Phase 1 C-016 backfill), every audit_events.metadata JSONB field, every API payload field, every Winston log field, every Caddy access-log field, the on-device transient SHA-256 of the biometric template (classified TRANSIENT-SECRET, retention 0), and the OPAQUE-CRYPTOGRAPHIC artefacts (commitment, DID, did_sha256). Classifications use the five-value taxonomy NON-PII / PII / SENSITIVE-PII (DPDP §17) / SECRET / OPAQUE-CRYPTOGRAPHIC + the TRANSIENT-SECRET edge case. - docs/compliance/privacy/pia-template-v0.md Privacy Impact Assessment template covering subject, PIA ID, authors + reviewers (DPO + privacy engineer + product role mandatory), description of processing, data flow diagram, data elements affected (referenced by inventory row ID), lawful basis under DPDP §6 + RBI sectoral, cross-border treatment, retention, five-risk likelihood × impact matrix, mitigations, residual risk acceptance signed by DPO + CCO, optional DPDP §5 notice updates, and threat-model rows touched. - docs/compliance/privacy/data-retention-policy-v0.md Default retention rules per classification (NON-PII 7 years, PII 3 years from last contact, SENSITIVE-PII 2 years, SECRET rotated quarterly, OPAQUE-CRYPTOGRAPHIC same as PII conservatively until counsel signs off on the §2(t) memo, TRANSIENT-SECRET 0 days), per-table retention table for every table in src/services/db.ts, bank-specific override JSON via tenants.security_policy.retention_overrides, nightly cleanup-job spec (implementation lands Phase 1 sprint 4), DPDP §13 right-to-erasure cascade flow, and the five exception classes (court order, regulator inspection, security investigation, bank audit, litigation hold). Cross-references: - The OPAQUE-CRYPTOGRAPHIC classification of commitments + DIDs + did_sha256 rests on the framework in docs/compliance/dpdp-2t-commitments-memo-v0.md §5 Argument-A. The retention policy holds these artefacts at the conservative PII bar until counsel signs off on memo v2. - The PII handling on audit_events.metadata + the desktop_ip / desktop_user_agent columns on proof_pairing_sessions traces to docs/threat_model.md A-22 (PII in pairing logs). - The 90-day Caddy access-log retention with query strings stripped on /api/console/* paths references docs/threat_model.md A-28 (JWT-in-URL log leak, CLOSED in C-005). - The schema-purity column allowlist in tests/schema-purity.test.ts is the source of the per-table column lists in §3 of the inventory. [no-test] markdown-only; no source or test changes.
pulkitpareek18
pushed a commit
that referenced
this pull request
May 28, 2026
These three documents land Agent #39's Week-1/Week-2 deliverables under the Phase 0 + Phase 1 privacy scaffold: - docs/compliance/privacy/data-inventory-v1.md Canonical inventory of every data element ZeroAuth processes. One row per DB column (twelve tables in src/services/db.ts, including the audit_anchors row scheduled for Phase 1 C-016 backfill), every audit_events.metadata JSONB field, every API payload field, every Winston log field, every Caddy access-log field, the on-device transient SHA-256 of the biometric template (classified TRANSIENT-SECRET, retention 0), and the OPAQUE-CRYPTOGRAPHIC artefacts (commitment, DID, did_sha256). Classifications use the five-value taxonomy NON-PII / PII / SENSITIVE-PII (DPDP §17) / SECRET / OPAQUE-CRYPTOGRAPHIC + the TRANSIENT-SECRET edge case. - docs/compliance/privacy/pia-template-v0.md Privacy Impact Assessment template covering subject, PIA ID, authors + reviewers (DPO + privacy engineer + product role mandatory), description of processing, data flow diagram, data elements affected (referenced by inventory row ID), lawful basis under DPDP §6 + RBI sectoral, cross-border treatment, retention, five-risk likelihood × impact matrix, mitigations, residual risk acceptance signed by DPO + CCO, optional DPDP §5 notice updates, and threat-model rows touched. - docs/compliance/privacy/data-retention-policy-v0.md Default retention rules per classification (NON-PII 7 years, PII 3 years from last contact, SENSITIVE-PII 2 years, SECRET rotated quarterly, OPAQUE-CRYPTOGRAPHIC same as PII conservatively until counsel signs off on the §2(t) memo, TRANSIENT-SECRET 0 days), per-table retention table for every table in src/services/db.ts, bank-specific override JSON via tenants.security_policy.retention_overrides, nightly cleanup-job spec (implementation lands Phase 1 sprint 4), DPDP §13 right-to-erasure cascade flow, and the five exception classes (court order, regulator inspection, security investigation, bank audit, litigation hold). Cross-references: - The OPAQUE-CRYPTOGRAPHIC classification of commitments + DIDs + did_sha256 rests on the framework in docs/compliance/dpdp-2t-commitments-memo-v0.md §5 Argument-A. The retention policy holds these artefacts at the conservative PII bar until counsel signs off on memo v2. - The PII handling on audit_events.metadata + the desktop_ip / desktop_user_agent columns on proof_pairing_sessions traces to docs/threat_model.md A-22 (PII in pairing logs). - The 90-day Caddy access-log retention with query strings stripped on /api/console/* paths references docs/threat_model.md A-28 (JWT-in-URL log leak, CLOSED in C-005). - The schema-purity column allowlist in tests/schema-purity.test.ts is the source of the per-table column lists in §3 of the inventory. [no-test] markdown-only; no source or test changes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Task 6 of today. Friday 15:30 IST DW10 cadence — the engineering half of the W05 Friday review packet.
Covers Week 1 (Mon 2026-05-11 → Fri 2026-05-15):
No code change. Pure doc. Safe to fast-merge so it's on main in time for the 16:00 IST review.
🤖 Generated with Claude Code