pdurlej/kan-ductor

Fork 0

fix: harden kan-ductor agent safety gates #61

Merged

pdurlej merged 2 commits from codex/codex-kan-ductor-stabilization-codex into main

2026-05-15 21:07:12 +02:00

AGit

codex commented

2026-05-15 19:37:14 +02:00

Collaborator

Canary status: missing - fire 3+3 review before merge

Supersedes #60. #60 was created with the wrong Forgejo actor (glm); this PR is pushed and owned by codex per agent-souls identity discipline.

Summary

Hardens the Kan-ductor maintainer layer after the Piotr + Iskra MCP smoke loop started working. This PR focuses on safety gates, audit truth, recap reliability, MCP readiness probes, and maintainer tooling.

Scope

Adds projection:write and projection:override_warnings scopes.
Adds server-side KAN_PROJECTION_APPLY_ENABLED=false default for real Leviathan apply.
Blocks projection writes with security/gate warnings unless explicitly overridden.
Stores and reads exact audit/activity lineage through activityPublicId for create/move/comment/relation actions.
Adds low-confidence fallback labeling for old time-window audit matching.
Redacts default human audit reads; raw payloads require includeRaw=true and workspace:manage.
Adds getRecentActivity.summary for Piotr/Iskra recap questions.
Adds /live, /ready, and readiness-compatible /health to MCP.
Adds relation activity enum values and relation activity creation.
Adds dry-run-first machine identity maintainer CLI.
Captures durable BMAD context in _bmad-output/project-context.md.

Non-goals

No production deploy.
No production DB migration.
No production token issuance or rotation.
No KAN_PROJECTION_APPLY_ENABLED=true in production.
No autonomous drift repair.
No analytics dashboard or full UI polish.

Spec sources read

docs/agent-mcp-contract.md
docs/leviathan-projection-contract.md
docs/openclaw-kan-mcp.md
_bmad-output/project-context.md
agent-souls/AGENTS.md identity discipline
agent-souls/practices/credential-management.md
Stabilization issues: #5, #6, #53-#59 via meta #2 context

Tests / smoke

Run locally:

pnpm --filter @kan/api typecheck
pnpm --filter @kan/db typecheck
pnpm --filter @kan/mcp typecheck
pnpm --filter @kan/api test -- agent.test.ts
pnpm --filter @kan/mcp test -- health.test.ts
pnpm --filter @kan/api exec eslint src/routers/agent.ts src/routers/agent.test.ts
pnpm --filter @kan/db exec eslint src/repository/agent.repo.ts src/repository/card.repo.ts src/repository/cardActivity.repo.ts src/repository/cardRelation.repo.ts src/schema/cards.ts
node --check scripts/kan-machine-identity-admin.mjs
git diff --check

Known repo-level lint caveats:

Full @kan/api lint still reports pre-existing lint debt outside this PR scope.
@kan/db lint still reports pre-existing lint debt outside this PR scope.
@kan/mcp lint currently lacks an eslint flat config in that package.

Rollback

Revert this PR.
Do not run the new migration in production if rollback is needed before deploy.
Keep KAN_PROJECTION_APPLY_ENABLED=false.
Do not issue or rotate production machine credentials from the new CLI.

Owner gates

Piotr approval required before:

merge,
production DB migration,
production deploy/restart,
enabling KAN_PROJECTION_APPLY_ENABLED=true,
issuing/rotating/revoking production machine credentials,
expanding trust boundary or public exposure,
treating low-confidence old audit matching as authoritative.

3+3 review request

Required before merge because this PR touches auth scopes, write gates, audit redaction, MCP readiness, schema enum migration, and drift/lineage semantics.

Canary status: missing - fire 3+3 review before merge Supersedes #60. #60 was created with the wrong Forgejo actor (`glm`); this PR is pushed and owned by `codex` per `agent-souls` identity discipline. ## Summary Hardens the Kan-ductor maintainer layer after the Piotr + Iskra MCP smoke loop started working. This PR focuses on safety gates, audit truth, recap reliability, MCP readiness probes, and maintainer tooling. ## Scope - Adds `projection:write` and `projection:override_warnings` scopes. - Adds server-side `KAN_PROJECTION_APPLY_ENABLED=false` default for real Leviathan apply. - Blocks projection writes with security/gate warnings unless explicitly overridden. - Stores and reads exact audit/activity lineage through `activityPublicId` for create/move/comment/relation actions. - Adds low-confidence fallback labeling for old time-window audit matching. - Redacts default human audit reads; raw payloads require `includeRaw=true` and `workspace:manage`. - Adds `getRecentActivity.summary` for Piotr/Iskra recap questions. - Adds `/live`, `/ready`, and readiness-compatible `/health` to MCP. - Adds relation activity enum values and relation activity creation. - Adds dry-run-first machine identity maintainer CLI. - Captures durable BMAD context in `_bmad-output/project-context.md`. ## Non-goals - No production deploy. - No production DB migration. - No production token issuance or rotation. - No `KAN_PROJECTION_APPLY_ENABLED=true` in production. - No autonomous drift repair. - No analytics dashboard or full UI polish. ## Spec sources read - `docs/agent-mcp-contract.md` - `docs/leviathan-projection-contract.md` - `docs/openclaw-kan-mcp.md` - `_bmad-output/project-context.md` - `agent-souls/AGENTS.md` identity discipline - `agent-souls/practices/credential-management.md` - Stabilization issues: #5, #6, #53-#59 via meta #2 context ## Tests / smoke Run locally: ```bash pnpm --filter @kan/api typecheck pnpm --filter @kan/db typecheck pnpm --filter @kan/mcp typecheck pnpm --filter @kan/api test -- agent.test.ts pnpm --filter @kan/mcp test -- health.test.ts pnpm --filter @kan/api exec eslint src/routers/agent.ts src/routers/agent.test.ts pnpm --filter @kan/db exec eslint src/repository/agent.repo.ts src/repository/card.repo.ts src/repository/cardActivity.repo.ts src/repository/cardRelation.repo.ts src/schema/cards.ts node --check scripts/kan-machine-identity-admin.mjs git diff --check ``` Known repo-level lint caveats: - Full `@kan/api lint` still reports pre-existing lint debt outside this PR scope. - `@kan/db lint` still reports pre-existing lint debt outside this PR scope. - `@kan/mcp lint` currently lacks an eslint flat config in that package. ## Rollback - Revert this PR. - Do not run the new migration in production if rollback is needed before deploy. - Keep `KAN_PROJECTION_APPLY_ENABLED=false`. - Do not issue or rotate production machine credentials from the new CLI. ## Owner gates Piotr approval required before: - merge, - production DB migration, - production deploy/restart, - enabling `KAN_PROJECTION_APPLY_ENABLED=true`, - issuing/rotating/revoking production machine credentials, - expanding trust boundary or public exposure, - treating low-confidence old audit matching as authoritative. ## 3+3 review request Required before merge because this PR touches auth scopes, write gates, audit redaction, MCP readiness, schema enum migration, and drift/lineage semantics.

codex added 1 commit

2026-05-15 19:37:14 +02:00

fix: harden kan-ductor agent safety gates

Forgejo CI / verify (pull_request) Successful in 10m28s

Details

Forgejo Docker Images / build (pull_request) Failing after 6s

Details

fa443e8874

codex changed title from ~~fix: harden kan-ductor agent safety gates~~ to WIP: fix: harden kan-ductor agent safety gates

2026-05-15 19:37:53 +02:00

codex referenced this pull request

2026-05-15 19:38:10 +02:00

WIP: fix: harden kan-ductor agent safety gates #60

codex referenced this pull request

2026-05-15 19:38:22 +02:00

[meta] Kan-ductor maturity waves #2

codex commented

2026-05-15 20:17:41 +02:00

Author

Collaborator

3+3 review triggered by Codex

Gate result: NOT READY / fail closed.

This review was run from the Codex Forgejo identity against draft PR #61. Context sent to cloud workers was redacted locally first; Signal-like phone refs and bearer/token-like values were removed before Ollama/Claude review.

Deterministic checks

Canary: BLOCK
- reason: diff_size, 1699 changed lines >= 500
- interpretation: no auto-merge; human/owner gate required even if fixes pass
Local tests:
- pnpm --filter @kan/api test -- agent.test.ts => 20 passed
- pnpm --filter @kan/mcp test -- health.test.ts => 1 passed

Reviewer verdicts

canary:
  verdict: NOT_OK
  confidence: 1.0
  reason: diff_size hard stop

tech-ollama-1:
  verdict: NOT_OK
  confidence: 0.82
  required_fixes:
    - add successful live projection apply test
    - document irreversible enum migration / deploy order
    - tighten audit redaction key matching
    - add policyOverrideReason enforcement test
    - add basic CLI functional coverage

tech-ollama-2:
  verdict: OK
  confidence: 0.92
  risks:
    - move_card proposal_required is now a hard behavioral gate
    - /health now behaves like readiness and can return 503
    - machine identity CLI --execute has no second confirmation

tech-codex:
  verdict: NOT_OK
  confidence: 0.86
  required_fixes:
    - make actor-filtered recaps robust beyond the current overfetch cap
    - separate exact vs low-confidence agent attribution in summaries/docs
    - bind relation idempotency replay to original input
    - add structured projection warning codes to batch audit

product-ollama-1:
  verdict: OK
  confidence: 0.85
  required_fixes:
    - tighten redaction heuristic
    - confirm final smoke/typecheck before merge
    - document migration sequencing

product-ollama-2:
  verdict: ABSTAIN
  confidence: 0.65
  useful_findings:
    - add stronger CLI production guard / confirmation
    - document low-confidence attribution as non-authoritative
    - improve rollback/deploy notes
  discounted_false_positives:
    - migration filename was redacted as phone-like by the local redactor; actual file is timestamped
    - default audit redaction is already covered in agent.test.ts

product-claude/opus:
  verdict: OK
  confidence: 0.78
  required_fixes:
    - document migration-before-code deploy order
    - narrow overbroad key-substring redaction
    - confirm agent_token.scopes stored shape before production CLI --execute
    - clarify old idempotency replay compatibility / absence

Merge blockers I would fix before moving this out of draft

Relation idempotency replay is not input-bound.
performLinkCardRelation / performUnlinkCardRelation replay by token + action + idempotency key only. Reusing the same key with a different relation payload can return the old result silently. Add input hash or conflict check.
Low-confidence attribution is still too easy to treat as canonical.
Exact activityPublicId lineage is good, but time-window fallback still presents as agent-attributed with confidence: low. Summaries should split exact vs low, and docs should say low cannot authorize projection apply or canonical “Iskra did X” claims.
Projection apply audit should preserve warning codes structurally.
Batch audit currently stores summary/results, but not a first-class warningCodes / override record. For audit-as-product-soul, warning override needs structured reconstruction.
Projection apply batch idempotency is requestId-derived.
The batch audit idempotency key uses ctx.requestId, so the batch audit itself is not replay-stable. Task-level create/move keys are stable, but the batch audit should either accept an idempotency key or document that only task writes are idempotent.
Recap actor filtering needs a high-volume regression test.
The current path correctly attributes after audit matching, but actor-filtered card activity is overfetch-based (100 before post-filter). Add a test with >100 unrelated activities so “co dziś zrobiła Iskra?” does not miss exact matches on busy boards.
Machine identity CLI needs one more guard before production use.
Dry-run default is good. Before real prod issuance/rotation, add either a typed confirmation (--confirm-slug) or explicit production guard, plus a small dry-run functional test.
Deploy/rollback note must call out enum migration order.
Relation activity enum values must exist before relation activity writes. Add “migration first, then API/MCP” and note that Postgres enum additions are not trivially reversible.

Notes

I discounted two reviewer false positives: the redacted migration filename is not actually a phone number, and default audit redaction already has a regression test.
The core direction is solid: projection:write, projection:override_warnings, KAN_PROJECTION_APPLY_ENABLED=false, exact activityPublicId, redacted audit defaults, and /live//ready are the right shape.
This PR should stay draft until the blockers above are addressed or explicitly waived by Piotr.

## 3+3 review triggered by Codex Gate result: **NOT READY / fail closed**. This review was run from the Codex Forgejo identity against draft PR #61. Context sent to cloud workers was redacted locally first; Signal-like phone refs and bearer/token-like values were removed before Ollama/Claude review. ### Deterministic checks - Canary: **BLOCK** - reason: `diff_size`, 1699 changed lines >= 500 - interpretation: no auto-merge; human/owner gate required even if fixes pass - Local tests: - `pnpm --filter @kan/api test -- agent.test.ts` => **20 passed** - `pnpm --filter @kan/mcp test -- health.test.ts` => **1 passed** ### Reviewer verdicts ```yaml canary: verdict: NOT_OK confidence: 1.0 reason: diff_size hard stop tech-ollama-1: verdict: NOT_OK confidence: 0.82 required_fixes: - add successful live projection apply test - document irreversible enum migration / deploy order - tighten audit redaction key matching - add policyOverrideReason enforcement test - add basic CLI functional coverage tech-ollama-2: verdict: OK confidence: 0.92 risks: - move_card proposal_required is now a hard behavioral gate - /health now behaves like readiness and can return 503 - machine identity CLI --execute has no second confirmation tech-codex: verdict: NOT_OK confidence: 0.86 required_fixes: - make actor-filtered recaps robust beyond the current overfetch cap - separate exact vs low-confidence agent attribution in summaries/docs - bind relation idempotency replay to original input - add structured projection warning codes to batch audit product-ollama-1: verdict: OK confidence: 0.85 required_fixes: - tighten redaction heuristic - confirm final smoke/typecheck before merge - document migration sequencing product-ollama-2: verdict: ABSTAIN confidence: 0.65 useful_findings: - add stronger CLI production guard / confirmation - document low-confidence attribution as non-authoritative - improve rollback/deploy notes discounted_false_positives: - migration filename was redacted as phone-like by the local redactor; actual file is timestamped - default audit redaction is already covered in agent.test.ts product-claude/opus: verdict: OK confidence: 0.78 required_fixes: - document migration-before-code deploy order - narrow overbroad key-substring redaction - confirm agent_token.scopes stored shape before production CLI --execute - clarify old idempotency replay compatibility / absence ``` ### Merge blockers I would fix before moving this out of draft 1. **Relation idempotency replay is not input-bound.** `performLinkCardRelation` / `performUnlinkCardRelation` replay by token + action + idempotency key only. Reusing the same key with a different relation payload can return the old result silently. Add input hash or conflict check. 2. **Low-confidence attribution is still too easy to treat as canonical.** Exact `activityPublicId` lineage is good, but time-window fallback still presents as agent-attributed with `confidence: low`. Summaries should split exact vs low, and docs should say low cannot authorize projection apply or canonical “Iskra did X” claims. 3. **Projection apply audit should preserve warning codes structurally.** Batch audit currently stores summary/results, but not a first-class `warningCodes` / override record. For audit-as-product-soul, warning override needs structured reconstruction. 4. **Projection apply batch idempotency is requestId-derived.** The batch audit idempotency key uses `ctx.requestId`, so the batch audit itself is not replay-stable. Task-level create/move keys are stable, but the batch audit should either accept an idempotency key or document that only task writes are idempotent. 5. **Recap actor filtering needs a high-volume regression test.** The current path correctly attributes after audit matching, but actor-filtered card activity is overfetch-based (`100` before post-filter). Add a test with >100 unrelated activities so “co dziś zrobiła Iskra?” does not miss exact matches on busy boards. 6. **Machine identity CLI needs one more guard before production use.** Dry-run default is good. Before real prod issuance/rotation, add either a typed confirmation (`--confirm-slug`) or explicit production guard, plus a small dry-run functional test. 7. **Deploy/rollback note must call out enum migration order.** Relation activity enum values must exist before relation activity writes. Add “migration first, then API/MCP” and note that Postgres enum additions are not trivially reversible. ### Notes - I discounted two reviewer false positives: the redacted migration filename is not actually a phone number, and default audit redaction already has a regression test. - The core direction is solid: `projection:write`, `projection:override_warnings`, `KAN_PROJECTION_APPLY_ENABLED=false`, exact `activityPublicId`, redacted audit defaults, and `/live`/`/ready` are the right shape. - This PR should stay draft until the blockers above are addressed or explicitly waived by Piotr.

codex added 1 commit

2026-05-15 20:33:04 +02:00

fix: address kan-ductor review blockers

Forgejo CI / verify (pull_request) Successful in 10m20s

Details

Forgejo Docker Images / build (pull_request) Failing after 6s

Details

686fa28c32

codex commented

2026-05-15 20:33:33 +02:00

Author

Collaborator

Codex follow-up fixes for 3+3 blockers

Pushed commit 686fa28 to this draft PR.

Addressed:

Relation idempotency replay now fails closed on conflicting link/unlink payloads instead of returning an unrelated prior result.
get_recent_activity.summary.moves now separates canonical exact agent moves from low-confidence historical matches:
- agent / agentExact: exact activityPublicId lineage only
- agentLowConfidence: time-window fallback only
Actor-filtered recaps now overfetch card activity before post-audit attribution so actor: Iskra is less likely to miss exact matches on busy boards.
Projection apply now supports stable batch idempotencyKey, defaults to leviathan:<projectionId>:apply, replays batch audit results, and stores structured warningCodes / warningOverrideUsed in audit input/result.
Audit redaction key matching is narrower: tokenPublicId and secretArtifactRef-style references survive default redaction while actual token/secret/password-like keys remain redacted.
Machine identity CLI --execute now requires --confirm-slug <exact-slug> for create/rotate/pause/revoke.
Docs/BMAD context now call out low-confidence attribution, relation idempotency conflicts, projection apply batch idempotency, and enum migration deploy order.

Verification:

pnpm --filter @kan/api test -- agent.test.ts => 24 passed
pnpm --filter @kan/mcp test -- health.test.ts => 1 passed
pnpm --filter @kan/api typecheck => passed
pnpm --filter @kan/mcp typecheck => passed
pnpm --filter @kan/api exec eslint src/routers/agent.ts src/routers/agent.test.ts => passed
node --check scripts/kan-machine-identity-admin.mjs => passed

Known repo-level lint note:

Full pnpm --filter @kan/api lint still fails on pre-existing repo issues outside this patch, including integration-tests not included in tsconfig and unrelated router/utils lint findings.
pnpm --filter @kan/mcp lint currently fails because ESLint 9 cannot find an eslint.config file for that package. Targeted typecheck/test passed.

## Codex follow-up fixes for 3+3 blockers Pushed commit `686fa28` to this draft PR. Addressed: - Relation idempotency replay now fails closed on conflicting link/unlink payloads instead of returning an unrelated prior result. - `get_recent_activity.summary.moves` now separates canonical exact agent moves from low-confidence historical matches: - `agent` / `agentExact`: exact `activityPublicId` lineage only - `agentLowConfidence`: time-window fallback only - Actor-filtered recaps now overfetch card activity before post-audit attribution so `actor: Iskra` is less likely to miss exact matches on busy boards. - Projection apply now supports stable batch `idempotencyKey`, defaults to `leviathan:<projectionId>:apply`, replays batch audit results, and stores structured `warningCodes` / `warningOverrideUsed` in audit input/result. - Audit redaction key matching is narrower: `tokenPublicId` and `secretArtifactRef`-style references survive default redaction while actual token/secret/password-like keys remain redacted. - Machine identity CLI `--execute` now requires `--confirm-slug <exact-slug>` for create/rotate/pause/revoke. - Docs/BMAD context now call out low-confidence attribution, relation idempotency conflicts, projection apply batch idempotency, and enum migration deploy order. Verification: - `pnpm --filter @kan/api test -- agent.test.ts` => 24 passed - `pnpm --filter @kan/mcp test -- health.test.ts` => 1 passed - `pnpm --filter @kan/api typecheck` => passed - `pnpm --filter @kan/mcp typecheck` => passed - `pnpm --filter @kan/api exec eslint src/routers/agent.ts src/routers/agent.test.ts` => passed - `node --check scripts/kan-machine-identity-admin.mjs` => passed Known repo-level lint note: - Full `pnpm --filter @kan/api lint` still fails on pre-existing repo issues outside this patch, including integration-tests not included in tsconfig and unrelated router/utils lint findings. - `pnpm --filter @kan/mcp lint` currently fails because ESLint 9 cannot find an eslint.config file for that package. Targeted typecheck/test passed.

codex commented

2026-05-15 21:04:02 +02:00

Author

Collaborator

Focused 3+3 rerun after fixes

Scope: delta fa443e8..686fa28 only, i.e. the follow-up commit that addressed comment #6120.

Gate result: OK for Piotr owner review, still no auto-merge.

Deterministic checks

Canary: BLOCK
- reason: diff_size, 577 changed lines >= 500
- interpretation: no auto-merge; this remains a manual owner-gated PR
Redaction before cloud review:
- bearer/token-like values, emails, phone-like refs redacted locally before Ollama/Claude
Local verification from the fix commit:
- pnpm --filter @kan/api test -- agent.test.ts => 24 passed
- pnpm --filter @kan/mcp test -- health.test.ts => 1 passed
- pnpm --filter @kan/api typecheck => passed
- pnpm --filter @kan/mcp typecheck => passed
- pnpm --filter @kan/api exec eslint src/routers/agent.ts src/routers/agent.test.ts => passed
- node --check scripts/kan-machine-identity-admin.mjs => passed

Reviewer verdicts

canary:
  verdict: NOT_OK
  confidence: 1.0
  reason: diff_size hard stop only

tech-ollama-1:
  verdict: OK
  confidence: 0.85
  required_fixes: []

tech-ollama-2:
  verdict: OK
  confidence: 0.85
  required_fixes: []

tech-codex:
  verdict: OK
  confidence: 0.84
  required_fixes: []

product-ollama-1:
  verdict: OK
  confidence: 0.88
  required_fixes: []

product-ollama-2:
  verdict: OK
  confidence: 0.94
  required_fixes: []

product-claude/opus:
  verdict: OK
  confidence: 0.78
  required_fixes: []

Blocker closure assessment

Prior blocker	Focused 3+3 result
Relation idempotency replay must conflict on mismatched input	Closed
Low-confidence attribution must not count as canonical agent action	Closed
Projection apply batch audit needs stable idempotency and warning codes	Closed
Machine identity CLI needs stronger production guard	Closed
Docs must clarify low-confidence attribution and enum deploy order	Closed

Residual risks, not blockers

Focused delta still trips canary by size, so manual owner review remains required.
Default projection apply idempotency key is leviathan:<projectionId>:apply; callers should use a new projectionId or explicit key when projection content changes.
Actor-filtered recap now overfetches 1000 card activities before post-attribution filtering; good enough for this stabilization slice, but cursor-backed search would be cleaner later.
Redaction is now more intentional and less broad; future audit fields containing token/secret in the middle of a key name need conscious review.
Enum migration order is documented, not mechanically enforced: migration first, then API, then MCP.

Recommendation

Keep PR #61 draft until Piotr reviews it, but from the focused 3+3 perspective the previous blockers are addressed. Next gate is Piotr owner review, not more Codex patching unless Piotr wants another round.

## Focused 3+3 rerun after fixes Scope: delta `fa443e8..686fa28` only, i.e. the follow-up commit that addressed comment #6120. Gate result: **OK for Piotr owner review, still no auto-merge**. ### Deterministic checks - Canary: **BLOCK** - reason: `diff_size`, 577 changed lines >= 500 - interpretation: no auto-merge; this remains a manual owner-gated PR - Redaction before cloud review: - bearer/token-like values, emails, phone-like refs redacted locally before Ollama/Claude - Local verification from the fix commit: - `pnpm --filter @kan/api test -- agent.test.ts` => 24 passed - `pnpm --filter @kan/mcp test -- health.test.ts` => 1 passed - `pnpm --filter @kan/api typecheck` => passed - `pnpm --filter @kan/mcp typecheck` => passed - `pnpm --filter @kan/api exec eslint src/routers/agent.ts src/routers/agent.test.ts` => passed - `node --check scripts/kan-machine-identity-admin.mjs` => passed ### Reviewer verdicts ```yaml canary: verdict: NOT_OK confidence: 1.0 reason: diff_size hard stop only tech-ollama-1: verdict: OK confidence: 0.85 required_fixes: [] tech-ollama-2: verdict: OK confidence: 0.85 required_fixes: [] tech-codex: verdict: OK confidence: 0.84 required_fixes: [] product-ollama-1: verdict: OK confidence: 0.88 required_fixes: [] product-ollama-2: verdict: OK confidence: 0.94 required_fixes: [] product-claude/opus: verdict: OK confidence: 0.78 required_fixes: [] ``` ### Blocker closure assessment | Prior blocker | Focused 3+3 result | | --- | --- | | Relation idempotency replay must conflict on mismatched input | **Closed** | | Low-confidence attribution must not count as canonical agent action | **Closed** | | Projection apply batch audit needs stable idempotency and warning codes | **Closed** | | Machine identity CLI needs stronger production guard | **Closed** | | Docs must clarify low-confidence attribution and enum deploy order | **Closed** | ### Residual risks, not blockers - Focused delta still trips canary by size, so manual owner review remains required. - Default projection apply idempotency key is `leviathan:<projectionId>:apply`; callers should use a new projectionId or explicit key when projection content changes. - Actor-filtered recap now overfetches 1000 card activities before post-attribution filtering; good enough for this stabilization slice, but cursor-backed search would be cleaner later. - Redaction is now more intentional and less broad; future audit fields containing token/secret in the middle of a key name need conscious review. - Enum migration order is documented, not mechanically enforced: migration first, then API, then MCP. ### Recommendation Keep PR #61 draft until Piotr reviews it, but from the focused 3+3 perspective the previous blockers are addressed. Next gate is **Piotr owner review**, not more Codex patching unless Piotr wants another round.