From 6dbed91efd5abb603c457df6fd6fe9599ae2b96a Mon Sep 17 00:00:00 2001 From: Mark Date: Wed, 20 May 2026 13:25:11 +0200 Subject: [PATCH] =?UTF-8?q?docs(roadmap):=20re-phase=20milestone=20?= =?UTF-8?q?=E2=80=94=20remove=20Phase=202=20(DOM/event-capture=20privacy)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Per operator charter shift 2026-05-20: "we don't care about privacy hardening. At least here." Archive flow is internal-only (no external transmission), which reframes the password-masking P0-5 defect from privacy-regulation gravity to operator-hygiene polish. Re-phasing applied across 4 planning artifacts: ROADMAP.md: - Original Phase 2 ("Stabilize DOM + event-capture privacy") REMOVED entirely (summary list + Phase Details section + Progress table row). - DOM + event-log VERIFICATION (REQ-rrweb-dom-buffer + REQ-user-event-log) ABSORBED by new Phase 3 (SPEC §10 smoke verification). - Phase numbering: old 3 → new 2 (export), old 4 → new 3 (smoke), old 5 → new 4 (optional harden). Dependency chains updated accordingly. - Overview blurb + journey narrative + success criteria refreshed. - Phase 3 (smoke) explicitly NOT-in-scope: P0-5 password masking dropped. REQUIREMENTS.md traceability: - REQ-rrweb-dom-buffer: Phase 2 → Phase 3 (verification scope; UAT harness A24+ extension planned). - REQ-user-event-log: Phase 2 → Phase 3 (same context). - REQ-password-confidentiality: Phase 2 → Out of Scope (v1) — DEFERRED per charter shift. - REQ-popup-ui, REQ-screenshot-on-export, REQ-archive-layout, REQ-meta-json-schema, REQ-archive-export-latency: Phase 3 → Phase 2 (renumbered; substantively shipped via Plans 01-08 + 01-09 + 01-12; residual gaps in Phase 2). - Coverage: 10 mapped + 1 out-of-scope (was 11 mapped). PROJECT.md: - CON-sensitive-data-masking: DEFERRED 2026-05-20 (preserves audit trail via strikethrough; rationale documented). - DEC-004 amendment: rrweb 5000-event cap retained; masking deferred. Cites rrweb 2.0.0-alpha.4 maskInputSelector→maskInputFn API change. STATE.md: - frontmatter total_phases: 5 → 4. - stopped_at narrative captures the re-phasing event. CLI bug note: this re-phasing was attempted via `gsd-sdk query phase.remove 2` + canonical `/gsd-remove-phase 2` Skill invocation, but BOTH paths produced corrupted output (cascading rename via reverse-iteration loop at phase.cjs:670-679 collapsed all subsequent phases to "Phase 2", plus a mysterious "2026"→"2002" date corruption). Recovery applied as manual edits in this commit. CLI bug logged as upstream GSD-framework concern; not a Mokosh-side issue. Plan: next is `/gsd-discuss-phase 2` (new Phase 2 = export pipeline; narrowed scope per re-phasing — ~2-3 plans expected since Plans 01-08 + 01-09 + 01-10 + 01-12 already shipped most surface). Co-Authored-By: Claude Opus 4.7 (1M context) --- .planning/PROJECT.md | 10 ++- .planning/REQUIREMENTS.md | 24 ++++--- .planning/ROADMAP.md | 127 +++++++++++++++++++------------------- .planning/STATE.md | 6 +- 4 files changed, 90 insertions(+), 77 deletions(-) diff --git a/.planning/PROJECT.md b/.planning/PROJECT.md index 0aed306..7aa8b14 100644 --- a/.planning/PROJECT.md +++ b/.planning/PROJECT.md @@ -91,9 +91,13 @@ nothing is validated until SPEC §10 acceptance passes.) - **Buffer windows**: Video 30 s rolling, rrweb 10 min / 5 000 events whichever is tighter, user-event log 10 min (CON-video-window, CON-rrweb-window, CON-event-log-window). -- **Sensitive data**: `input[type=password]` and `[data-sensitive="true"]` MUST +- **Sensitive data**: ~~`input[type=password]` and `[data-sensitive="true"]` MUST be masked in rrweb (via v2 `maskInputFn`) AND the event logger MUST drop - password field values (CON-sensitive-data-masking). + password field values (CON-sensitive-data-masking).~~ **DEFERRED 2026-05-20** + per charter shift ("we don't care about privacy hardening. At least here."). + Archive flow is internal-only (no external transmission); CON-sensitive-data- + masking re-classified as Phase 4 optional hardening or v2 work. Operator- + facing password masking remains a future polish item but is no longer v1-blocking. - **Service Worker lifecycle**: MV3 SW unloads after ~30 s idle; a long-lived `chrome.runtime.connect` port from offscreen to SW emits a PING every 25 s to keep the SW alive (CON-display-capture-binding, AMENDED from @@ -123,7 +127,7 @@ nothing is validated until SPEC §10 acceptance passes.) | **DEC-001**: Chrome Extension Manifest V3 | SPEC §2, §7 — required for `chrome.tabCapture`, `chrome.downloads`, `chrome.alarms`. | — Pending | locked (Phase 1) | | **DEC-002**: Service Worker as background coordinator | SPEC §2, §3, §8 — MV3 has no persistent background page; SW coordinates video buffer + archive packaging. | — Pending | locked (Phase 1) | | **DEC-003**: Active video via `getDisplayMedia()` (vp9 / 400 kbps / 2000 ms) | AMENDED by Phase 01: SPEC §2/§4.1/§7 originally specified `chrome.tabCapture`; Phase 01 swaps to `getDisplayMedia` invoked in the offscreen document with `chrome.offscreen.Reason.DISPLAY_MEDIA`. Codec/bitrate/timeslice binding unchanged. See `.planning/intel/decisions.md` DEC-003 Amendment. | — Pending | locked (Phase 1, post-Amendment) | -| **DEC-004**: DOM capture via rrweb with `maskInputSelector` + 5 000-event cap | SPEC §2, §4.2 — rrweb is the only mature DOM-recording option; masking + cap are part of the privacy/memory contract. | — Pending | locked (Phase 1) | +| **DEC-004**: DOM capture via rrweb with 5 000-event cap. ~~`maskInputSelector` masking~~ DEFERRED 2026-05-20 — `maskInputSelector` was rrweb 1.x; v2.0.0-alpha.4 requires `maskInputFn`. Per 2026-05-20 charter shift, masking deferred to Phase 4 (optional) or v2; AMENDED to "rrweb 5000-event cap; masking deferred". | SPEC §2, §4.2 — rrweb is the only mature DOM-recording option; cap is part of the memory contract; masking originally part of privacy contract (deferred). | — Pending | locked (Phase 1, post-Amendment) | | **DEC-005**: Archive packaging via JSZip | SPEC §2, §3, §6 — only ZIP library bundled per SPEC. | — Pending | locked (Phase 1) | | **DEC-006**: File download via `chrome.downloads` | SPEC §2, §5, §7 — no server upload in Phase 1 (SPEC §9). | — Pending | locked (Phase 1) | | **DEC-007**: In-memory buffers only (no Phase 1 persistence) | SPEC §2, §4.1–§4.3 — rolling buffers in SW (video) and Content Script (rrweb + log). | — Pending | locked (Phase 1) | diff --git a/.planning/REQUIREMENTS.md b/.planning/REQUIREMENTS.md index 083091a..8c816eb 100644 --- a/.planning/REQUIREMENTS.md +++ b/.planning/REQUIREMENTS.md @@ -216,21 +216,27 @@ Which phase covers which requirement. See ROADMAP.md for phase details. | Requirement | Phase | Status | |-------------|-------|--------| | REQ-video-ring-buffer | Phase 1 | Complete 2026-05-20 (Plans 01-08 WebM remux + 01-14 monitorTypeSurfaces; verified via gsd-verifier audit; fixture `tests/fixtures/last_30sec.webm` ffprobe + ffmpeg dry-run GREEN; Chrome playback confirmed) | -| REQ-rrweb-dom-buffer | Phase 2 | Pending | -| REQ-user-event-log | Phase 2 | Pending | -| REQ-password-confidentiality | Phase 2 | Pending | -| REQ-popup-ui | Phase 3 | Pending | -| REQ-screenshot-on-export | Phase 3 | Pending | -| REQ-archive-layout | Phase 3 | Pending | -| REQ-meta-json-schema | Phase 3 | Pending | -| REQ-archive-export-latency | Phase 3 | Pending | +| REQ-rrweb-dom-buffer | Phase 2 (originally) → **Phase 3** (post-2026-05-20 re-phasing) | Pending (verification absorbed by smoke phase; UAT harness A24+ extension planned) | +| REQ-user-event-log | Phase 2 (originally) → **Phase 3** (post-2026-05-20 re-phasing) | Pending (same verification context as REQ-rrweb-dom-buffer) | +| REQ-password-confidentiality | Phase 2 (originally) → **Out of Scope (v1)** | DEFERRED per 2026-05-20 charter shift ("we don't care about privacy hardening. At least here.") — archive flow is internal-only (no external transmission); P0-5 password masking re-classified as Phase 4 optional hardening or v2 work | +| REQ-popup-ui | Phase 3 (originally) → **Phase 2** (renumbered) | Pending (largely shipped via Plan 01-09 SAVE-only popup + Plan 01-12 i18n; residual gaps in Phase 2) | +| REQ-screenshot-on-export | Phase 3 (originally) → **Phase 2** (renumbered) | Pending | +| REQ-archive-layout | Phase 3 (originally) → **Phase 2** (renumbered) | Pending (substantively shipped via Plans 01-08 webm-remux + JSZip; verification in Phase 2) | +| REQ-meta-json-schema | Phase 3 (originally) → **Phase 2** (renumbered) | Pending | +| REQ-archive-export-latency | Phase 3 (originally) → **Phase 2** (renumbered) | Pending | | REQ-manifest-permissions | Phase 3 (originally) → Phase 1 closure via Plan 01-12 i18n migration | Complete (2026-05-20 — manifest __MSG_*__ + default_locale='en' + 16 i18n keys per locale; permissions DEC-011 baseline unchanged; operator brand-fit ack) | | REQ-install-clean | Phase 4 (originally) → Phase 1 closure via Plan 01-12 design integration | Complete (2026-05-20 — fresh build + load unpacked clean; zero remote-font CSP errors; branded icons rendering; en+ru manifest:name resolution; operator brand-fit ack) | **Coverage:** - v1 requirements: 11 total -- Mapped to phases: 11 +- Mapped to phases: 10 (REQ-password-confidentiality deferred to Out of Scope v1 per 2026-05-20) - Unmapped: 0 ✓ +- Out of Scope: 1 (REQ-password-confidentiality) + +**2026-05-20 re-phasing note:** Original Phase 2 ("Stabilize DOM + event-capture +privacy") REMOVED entirely. REQ-rrweb-dom-buffer + REQ-user-event-log +verification ABSORBED by new Phase 3 (SPEC §10 smoke + DOM/event-log). All +subsequent phases renumbered: old 3 → new 2, old 4 → new 3, old 5 → new 4. Note on CON-ram-ceiling (SPEC §10 #9): tracked as a non-functional constraint verified in Phase 4 (smoke verification) rather than as a standalone diff --git a/.planning/ROADMAP.md b/.planning/ROADMAP.md index cbc7516..64e8c1e 100644 --- a/.planning/ROADMAP.md +++ b/.planning/ROADMAP.md @@ -4,15 +4,25 @@ The Mokosh codebase is a partially-broken first attempt at SPEC `Тз расширение фаза1.md`. An external audit identified 7 P0 defects that prevent SPEC §10 -acceptance. This roadmap therefore frames Phase 1 as **stabilization to spec**, -not greenfield: phases 1–3 each remediate a tightly-grouped subset of the P0 -defects along sensible commit boundaries; phase 4 runs the SPEC §10 smoke pass -end-to-end. An optional phase 5 absorbs the P1/P2 follow-ups (SW state -persistence, `fetch` interception fix, `meta.json` field hardening, +acceptance. This roadmap framed Phase 1 as **stabilization to spec**, not +greenfield: phases 1–2 each remediate a tightly-grouped subset of the P0 +defects along sensible commit boundaries; phase 3 runs the SPEC §10 smoke pass +end-to-end (and now also absorbs the DOM + event-log verification surface that +was originally Phase 2). An optional phase 4 absorbs the P1/P2 follow-ups (SW +state persistence, `fetch` interception fix, `meta.json` field hardening, `generate-icons.js` ESM/CJS, dead-code cleanup). -The journey: **broken-but-installable → playable video → masked DOM + log → -working export → green §10 smoke → harden + clean up**. +**Roadmap re-phasing 2026-05-20:** original Phase 2 ("Stabilize DOM + +event-capture privacy") REMOVED per operator charter shift — archive flow is +internal-only (no external transmission); P0-5 password masking dropped as +v1 priority ("we don't care about privacy hardening. At least here."). DOM ++ event-log VERIFICATION (REQ-rrweb-dom-buffer + REQ-user-event-log) absorbed +by new Phase 3 (SPEC §10 smoke). REQ-password-confidentiality moved to Out +of Scope (v1). All subsequent phases renumbered: old 3 → new 2, old 4 → new +3, old 5 → new 4. + +The journey: **broken-but-installable → playable video → working export → +green §10 smoke (incl. DOM + event-log verification) → harden + clean up**. ## Phases @@ -23,10 +33,9 @@ working export → green §10 smoke → harden + clean up**. Decimal phases appear between their surrounding integers in numeric order. - [x] **Phase 1: Stabilize video pipeline** — Collapse offscreen duality, fix MediaRecorder shadow, fix WebM ring buffer playability, replace `chrome.tabCapture` with offscreen `getDisplayMedia` (AMENDED from original DEC-003). **CLOSED 2026-05-20** via gsd-verifier goal-backward audit GREEN (17/17 must-haves: 11 REQs/charters + 6 cross-cutting gates; see `.planning/phases/01-stabilize-video-pipeline/01-VERIFICATION.md`). Closure arc: 2026-05-15 (Plan 01-07) → 2026-05-16 (REOPENED on D-13 multi-EBML bug) → Plan 01-08 (WebM remux via ts-ebml + webm-muxer) → Plans 01-09/01-10 (whole-desktop + welcome-tab UX) → Plan 01-11 (spike-pivot) → Plan 01-12 (Design Integration) → Plan 01-13 (UAT harness 15/15 GREEN, 2026-05-19) → Plan 01-14 (monitorTypeSurfaces picker) → Plan 01-10 cycle-2 ack 'All good' 2026-05-20 + 5 inter-cycle debug fixes + brand-rename polish. 14/14 plans; 5 operator acks; 153/153 vitest + 24/24 UAT + Tier-1 grep 12 FORBIDDEN_HOOK_STRINGS all GREEN. -- [ ] **Phase 2: Stabilize DOM + event capture privacy** — Migrate rrweb to v2 `maskInputFn`, plug `content/index.ts setupInputLogging` password leak -- [ ] **Phase 3: Stabilize export pipeline** — Restore user-activation gesture in popup, delete dead `permissions.request`, replace base64 `data:` URL with Blob URL minted in offscreen -- [ ] **Phase 4: SPEC §10 smoke verification** — End-to-end install-and-record-and-export pass against all 9 acceptance criteria -- [ ] **Phase 5: Harden + clean up** _(optional)_ — P1/P2 follow-ups: SW state persistence, fetch interception, `meta.json` fields, `generate-icons.js` ESM/CJS, dead-code +- [ ] **Phase 2: Stabilize export pipeline** — Close remaining export gaps (screenshot-at-click, meta.json schema, archive layout, manifest permission verification). Mostly already shipped via Plans 01-08 + 01-09 + 01-10 + 01-12 — narrowed scope post-re-phasing. +- [ ] **Phase 3: SPEC §10 smoke verification** — End-to-end install-and-record-and-export pass against all 9 acceptance criteria. **ABSORBS** REQ-rrweb-dom-buffer + REQ-user-event-log verification (originally Phase 2) per 2026-05-20 re-phasing. UAT harness extended with A24+ assertions for rrweb/event-log contracts. +- [ ] **Phase 4: Harden + clean up** _(optional)_ — P1/P2 follow-ups: SW state persistence, fetch interception, `meta.json` fields, `generate-icons.js` ESM/CJS, dead-code; plus deferred items from Phase 1 session (cursor visibility, dark-surface logo, tabs permission gap, 2 ffprobe flakes, ROADMAP backfill verification, rrweb 2.0.0-alpha.4 → stable v2 upgrade research). ## Phase Details @@ -86,46 +95,22 @@ directory + `vite.config.ts` inline string + `src/background/`. - [x] 01-13-PLAN.md — UAT harness via Approach B (extension-internal-page driver + offscreen synthetic stream; 15/15 GREEN; Plan 01-09 functional closure) - [x] 01-14-PLAN.md — Picker narrowing via monitorTypeSurfaces:'include' (Chrome 119+ picker enhancement; A23 harness regression) -### Phase 2: Stabilize DOM + event capture privacy -**Goal**: rrweb captures DOM events on typical pages and the user-event log -captures clicks/navigation/network errors — and in neither stream do password -values appear. - -**Depends on**: Phase 1 (no functional dependency, but Phase 1 establishes the -"capture is always-on" baseline that this phase plugs into). - -**Requirements**: REQ-rrweb-dom-buffer, REQ-user-event-log, -REQ-password-confidentiality - -**P0 defects addressed**: -- P0-5: rrweb data-sensitive leak — migrate to rrweb v2 `maskInputFn` (the - legacy `maskInputSelector` is gone in v2.0.0-alpha.4 per `package.json`); fix - the parallel leak in `src/content/index.ts setupInputLogging` so password - field values are dropped at logger entry, not just at rrweb level. - -**Success Criteria** (what must be TRUE): - 1. On a page containing `` and elements with - `data-sensitive="true"`, rrweb snapshots for that page mask the value of - both kinds of fields (verified by inspecting exported `rrweb/session.json`). - 2. On the same page, typing into a password field produces no `input` event - entry containing the typed value in the user-event log - (`logs/events.json`). - 3. On a typical page with forms, tables, and a modal, rrweb records DOM - events without throwing in the Content Script console; the event log - captures clicks, navigations (`popstate`/`hashchange`), and network errors - (`fetch` / `XHR` >= 400). - -**Plans**: TBD -**UI hint**: yes - -### Phase 3: Stabilize export pipeline +### Phase 2: Stabilize export pipeline **Goal**: A click on "Сохранить отчёт об ошибке" produces a SPEC-conformant ZIP archive on disk in under 5 s, containing a screenshot taken at click time, laid out per CON-archive-layout, with `meta.json` per CON-meta-json-schema, and declared by a manifest carrying exactly the permission set in DEC-011. -**Depends on**: Phase 1, Phase 2 (export consumes the video + rrweb + event-log -buffers established by phases 1 and 2). +**Depends on**: Phase 1 (export consumes the video buffer + the rrweb/event-log +infrastructure already shipped in src/content/index.ts; original "Phase 2 DOM" +dependency removed per 2026-05-20 re-phasing). + +**Scope note (2026-05-20):** Plans 01-08 (webm-remux + JSZip), 01-09 (popup +state machine + SAVE-only UI), 01-10 (welcome tab + i18n), and 01-12 (manifest +i18n + en+ru locales) already shipped most of the originally-planned export +surface. Phase 2 likely collapses to 2-3 small plans closing residual gaps: +screenshot-at-click capture, meta.json schema validation, and SPEC §10 #6 +<5s export-latency verification. **Requirements**: REQ-popup-ui, REQ-screenshot-on-export, REQ-archive-layout, REQ-meta-json-schema, REQ-archive-export-latency, REQ-manifest-permissions @@ -159,19 +144,37 @@ REQ-meta-json-schema, REQ-archive-export-latency, REQ-manifest-permissions **Plans**: TBD **UI hint**: yes -### Phase 4: SPEC §10 smoke verification +### Phase 3: SPEC §10 smoke verification + DOM/event-log verification **Goal**: All 9 SPEC §10 acceptance criteria pass against an unpacked load of -the build into a real Chrome instance. +the build into a real Chrome instance. **ABSORBS** DOM + event-log verification +work (REQ-rrweb-dom-buffer + REQ-user-event-log) originally planned as Phase 2 +per 2026-05-20 re-phasing. -**Depends on**: Phase 1, Phase 2, Phase 3. +**Depends on**: Phase 1, Phase 2. -**Requirements**: REQ-install-clean (and end-to-end verification of all -preceding REQs) +**Requirements**: REQ-install-clean + REQ-rrweb-dom-buffer + REQ-user-event-log ++ end-to-end verification of all preceding REQs. **P0 defects addressed**: - P0-7: End-to-end smoke verification against §10. This is a verification phase, not a new implementation — it confirms the cumulative output of - phases 1–3 actually satisfies the SPEC. + phases 1–2 actually satisfies the SPEC. + +**Absorbed Phase-2 scope (2026-05-20 re-phasing):** +- Verify rrweb 2.0.0-alpha.4 captures DOM events on typical pages (form + + table + modal) without throwing in the Content Script console (REQ-rrweb-dom-buffer + acceptance criterion #3). +- Verify the user-event log captures click + input (non-password) + + navigation (popstate/hashchange) + js_error + network_error per + CON-event-log-schema (REQ-user-event-log). +- Extend UAT harness with A24+ assertions covering the above contracts — + consistent with Phase 1's Approach-B harness pattern (Plan 01-13). +- rrweb version research (foreground gsd-phase-researcher spawn) to verify + alpha-pin is safe or if stable v2 has shipped. Deferred to Phase 4 if + Phase 3 plans are tight. +- **NOT in scope:** P0-5 password masking (REQ-password-confidentiality + dropped to Out of Scope v1 per "we don't care about privacy hardening. + At least here." 2026-05-20). **Success Criteria** (what must be TRUE): 1. The extension installs into Chrome via "Load unpacked" against `dist/` @@ -181,8 +184,9 @@ preceding REQs) than 30 s of footage (confirmed by inspecting the SW console / a debug export). 3. On a typical page (form + table + modal) rrweb records without throwing, - the event log captures clicks/navigation/network errors, and passwords - are absent from both streams. + the event log captures clicks/navigation/network errors. (Password + masking criterion DROPPED per 2026-05-20 re-phasing — + REQ-password-confidentiality is Out of Scope v1.) 4. A click on the popup button produces a ZIP in Downloads in under 5 s; the ZIP opens; `video/last_30sec.webm` plays in a browser. 5. Background RAM consumption (measured via Chrome Task Manager) does not @@ -190,15 +194,15 @@ preceding REQs) **Plans**: TBD -### Phase 5: Harden + clean up _(optional)_ +### Phase 4: Harden + clean up _(optional)_ **Goal**: Eliminate the P1/P2 follow-ups identified in the audit so that the codebase is not just spec-conformant but maintainable. This phase has no new v1 requirements — it improves robustness and removes technical debt around already-shipped behaviour. -**Depends on**: Phase 4 (do not harden until §10 is green). +**Depends on**: Phase 3 (do not harden until §10 is green). -**Requirements**: none (no new v1 REQs; all v1 REQs are covered by phases 1–4) +**Requirements**: none (no new v1 REQs; all v1 REQs are covered by phases 1–3) **P1/P2 items addressed** (informative list from the audit, exact scope finalized at plan time): @@ -242,8 +246,7 @@ Phases execute in numeric order: 1 → 2 → 3 → 4 → 5. | Phase | Plans Complete | Status | Completed | |-------|----------------|--------|-----------| -| 1. Stabilize video pipeline | 14/14 | Final-closure marker flip pending (all functional plans complete; awaiting REQUIREMENTS / ROADMAP / STATE markers + optional /gsd-verify-work 1) | Functional contract closed 2026-05-19 via Plan 01-13 harness PASS; design/brand contract closed 2026-05-20 via Plan 01-12 brand-fit ack; welcome-tab contract closed 2026-05-20 via Plan 01-10 cycle-2 operator ack "All good" + 5 inter-cycle debug fixes | -| 2. Stabilize DOM + event capture privacy | 0/TBD | Not started | - | -| 3. Stabilize export pipeline | 0/TBD | Not started | - | -| 4. SPEC §10 smoke verification | 0/TBD | Not started | - | -| 5. Harden + clean up (optional) | 0/TBD | Not started | - | +| 1. Stabilize video pipeline | 14/14 | **CLOSED 2026-05-20** via gsd-verifier audit GREEN (17/17 must-haves; commit 586836f); all markers flipped | Functional contract closed 2026-05-19 via Plan 01-13 harness PASS; design/brand contract closed 2026-05-20 via Plan 01-12 brand-fit ack; welcome-tab contract closed 2026-05-20 via Plan 01-10 cycle-2 operator ack "All good" + 5 inter-cycle debug fixes | +| 2. Stabilize export pipeline | 0/TBD | Not started (narrowed scope post-2026-05-20 re-phasing; ~2-3 plans expected) | - | +| 3. SPEC §10 smoke + DOM/event-log verification | 0/TBD | Not started (absorbed Phase-2 DOM verification per 2026-05-20 re-phasing; ~2-3 plans) | - | +| 4. Harden + clean up (optional) | 0/TBD | Not started (deferred backlog: cursor visibility, dark-surface logo, tabs perm gap, ffprobe flakes, ROADMAP backfill, rrweb-version upgrade research, REQ-password-confidentiality v2 candidate) | - | diff --git a/.planning/STATE.md b/.planning/STATE.md index a6dfa37..f26c3f0 100644 --- a/.planning/STATE.md +++ b/.planning/STATE.md @@ -3,11 +3,11 @@ gsd_state_version: 1.0 milestone: v2.0.0 milestone_name: milestone status: executing -stopped_at: Phase 1 FULLY CLOSED 2026-05-20 — gsd-verifier audit GREEN (17/17 must-haves; 11 REQs/charters + 6 cross-cutting gates); 14/14 plans complete; 5 operator empirical acks (Plan 01-07 + 01-13 + 01-12 + 01-10 cycle-2 + 01-10 brand-rename follow-up); Phase 2 (Stabilize DOM + event-capture privacy) kickoff pending -last_updated: "2026-05-20T13:00:00.000Z" +stopped_at: Phase 1 FULLY CLOSED 2026-05-20. Roadmap RE-PHASED 2026-05-20 per charter shift — original Phase 2 (DOM/event-capture privacy) REMOVED; DOM/event-log verification absorbed by new Phase 3 (SPEC §10 smoke); REQ-password-confidentiality moved to Out of Scope (v1) per "we don't care about privacy hardening. At least here." Total phases now 4. Phase 2 (export pipeline) discussion next. +last_updated: "2026-05-20T14:30:00.000Z" last_activity: 2026-05-20 progress: - total_phases: 5 + total_phases: 4 completed_phases: 1 total_plans: 14 completed_plans: 14