Max Mayfield
72a0f26a7b
Per-product surgical additions to existing epics (not cross-cutting): - P1 route: 8pts (key redaction, SSE billing, token math, CI runner) - P2 drift: 12pts (mTLS revocation, state lock recovery, pgmq visibility, RLS leak, entropy scrubber) - P3 alert: 10pts (HMAC replay, claim-check, out-of-order correlation, free tier, tenant isolation) - P4 portal: 9pts (partial scan recovery, ownership conflicts, Meilisearch rebuild, VCR freshness, free tier) - P5 cost: 7pts (concurrent baselines, remediation RBAC, Clock interface, property tests, Redis fallback) - P6 run: 15pts (shell AST parsing, canary suite, intervention TTL, streaming audit, crypto signatures) Total: 61 story points across 30 new stories
2.6 KiB
dd0c/route — Epic Addendum (BMad Review Findings)
Source: BMad Code Review (March 1, 2026) Approach: Surgical additions to existing epics — no new epics created.
Epic 1 Addendum: Proxy Engine
Story 1.5: API Key Redaction in Error Traces
As a security-conscious developer, I want all API keys scrubbed from panic traces, error logs, and telemetry events, so that a proxy crash never leaks customer credentials.
Acceptance Criteria:
- Custom panic handler intercepts all panics and runs
redact_sensitive()before logging. - Regex patterns cover
sk-*,sk-ant-*,sk-proj-*,Bearer *tokens. - Telemetry events never contain raw API keys (verified by unit test scanning serialized JSON).
- Error responses to clients never echo back the Authorization header value.
Estimate: 2 points
Story 1.6: SSE Disconnect Billing Accuracy
As an engineering manager, I want billing to reflect only the tokens actually streamed to the client, so that early disconnects don't charge for undelivered tokens.
Acceptance Criteria:
- When a client disconnects mid-stream, the proxy aborts the upstream connection within 1 second.
- Usage record reflects only tokens in chunks that were successfully flushed to the client.
- Disconnect during prompt processing (before first token) records 0 completion tokens.
- Provider connection count returns to 0 after client disconnect (no leaked connections).
Estimate: 3 points
Epic 2 Addendum: Router Brain
Story 2.5: Token Calculation Edge Cases
As a billing-accurate platform, I want token counting to handle Unicode, CJK, and emoji correctly per provider tokenizer, so that cost calculations match provider invoices within 1%.
Acceptance Criteria:
- Uses
cl100k_basefor OpenAI models, Claude tokenizer for Anthropic models. - Token count for emoji sequences (🌍🔥) matches provider's count within 1%.
- CJK characters tokenized correctly (each char = 1+ tokens).
- Property test: 10K random strings, our count vs mock provider count within 1% tolerance.
Estimate: 2 points
Epic 8 Addendum: Infrastructure & DevOps
Story 8.7: Dedicated CI Runner for Latency Benchmarks
As a solo founder, I want proxy latency benchmarks to run on a dedicated self-hosted runner (NAS), so that P99 measurements are reproducible and not polluted by shared CI noise.
Acceptance Criteria:
- GitHub Actions workflow triggers on pushes to
src/proxy/**. - Runs
cargo bench --bench proxy_latencyon self-hosted runner. - Fails the build if P99 exceeds 5ms.
- Results stored in
target/criterion/for trend tracking.
Estimate: 1 point
Total Addendum: 8 points across 4 stories