jarvis/dd0c
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add BMad review epic addendums for all 6 products

Browse Source 
Per-product surgical additions to existing epics (not cross-cutting):
- P1 route: 8pts (key redaction, SSE billing, token math, CI runner)
- P2 drift: 12pts (mTLS revocation, state lock recovery, pgmq visibility, RLS leak, entropy scrubber)
- P3 alert: 10pts (HMAC replay, claim-check, out-of-order correlation, free tier, tenant isolation)
- P4 portal: 9pts (partial scan recovery, ownership conflicts, Meilisearch rebuild, VCR freshness, free tier)
- P5 cost: 7pts (concurrent baselines, remediation RBAC, Clock interface, property tests, Redis fallback)
- P6 run: 15pts (shell AST parsing, canary suite, intervention TTL, streaming audit, crypto signatures)

Total: 61 story points across 30 new stories
This commit is contained in:
Max Mayfield
2026-03-01 02:27:55 +00:00
parent cc003cbb1c
commit 72a0f26a7b
6 changed files with 449 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
products/04-lightweight-idp/epics/epic-addendum-bmad.md Normal file
View File

@@ -0,0 +1,76 @@
# dd0c/portal — Epic Addendum (BMad Review Findings)
**Source:** BMad Code Review (March 1, 2026)
**Approach:** Surgical additions to existing epics — no new epics created.
---
## Epic 1 Addendum: AWS Discovery Engine
### Story 1.7: Partial Scan Failure Recovery
As a catalog operator, I want partial discovery scan failures (timeout, rate limit) to preserve existing catalog entries, so that a flaky AWS API call doesn't delete half my service catalog.
**Acceptance Criteria:**
- Partial AWS scan (500 of 1000 resources) stages results without committing; all 1000 existing entries preserved.
- Partial GitHub scan (rate limited at 50 of 100) preserves all 100 ownership mappings.
- Scan failure triggers admin alert (not silent failure).
**Estimate:** 3 points
---
## Epic 2 Addendum: GitHub Discovery
### Story 2.6: Ownership Conflict Resolution
As a catalog operator, I want explicit ownership sources (CODEOWNERS/config) to override implicit sources (AWS tags) and heuristics (commit history), so that ownership is deterministic and predictable.
**Acceptance Criteria:**
- Priority: Explicit (CODEOWNERS/config) > Implicit (AWS tags) > Heuristic (commits).
- Concurrent discovery from two sources does not create duplicate catalog entries.
- Heuristic inference does not override an explicitly set owner.
**Estimate:** 2 points
---
## Epic 4 Addendum: Search Engine
### Story 4.5: Meilisearch Zero-Downtime Index Rebuild
As a catalog user, I want Cmd+K search to work during index rebuilds, so that reindexing doesn't cause downtime.
**Acceptance Criteria:**
- Search returns results during active index rebuild (swap-based rebuild).
- Rebuild failure does not corrupt the active index.
- Cmd+K prefix search from Redis cache returns in <10ms.
**Estimate:** 2 points
---
## Epic 8 Addendum: Infrastructure & DevOps
### Story 8.7: VCR Cassette Freshness CI
As a maintainer, I want VCR cassettes re-recorded weekly against real AWS, so that API response drift is caught before it breaks integration tests.
**Acceptance Criteria:**
- Weekly CI job (Monday 6 AM UTC) re-records cassettes with real AWS credentials.
- Creates PR if any cassettes changed (API drift detected).
- Diff summary shows which cassettes changed and by how much.
**Estimate:** 1 point
---
## Epic 9 Addendum: Onboarding & PLG
### Story 9.6: Free Tier Enforcement (50 Services)
As a PLG product, I want free tier tenants limited to 50 services, so that the free tier is sustainable.
**Acceptance Criteria:**
- 50th service creation succeeds; 51st returns 403 with upgrade prompt.
**Estimate:** 1 point
---
**Total Addendum:** 9 points across 5 stories