v1 retro gate-miss recurred as a near-miss in v1.1: when a design says "behind X auth filter" / "RBAC enforced", the plan can wire a weaker gate that shape-matches. v1.1 plan review caught (only on cycle 2) that client-supplied evidence.granted_permissions made write-tier RBAC theater — the fix was server-side authz.Enforce(authenticatedSubject, ...).
Ask: add a plan-phase bug class — "auth/authz chain composition: walk the design's middleware/filter/permission chain component-by-component vs the plan's wiring; verify each gate is enforced server-side against an authenticated principal, not client-asserted." Source: infra-admin v1 retro + v1.1 plan-review cycle 2.
v1 retro gate-miss recurred as a near-miss in v1.1: when a design says "behind X auth filter" / "RBAC enforced", the plan can wire a weaker gate that shape-matches. v1.1 plan review caught (only on cycle 2) that client-supplied
evidence.granted_permissionsmade write-tier RBAC theater — the fix was server-sideauthz.Enforce(authenticatedSubject, ...).Ask: add a plan-phase bug class — "auth/authz chain composition: walk the design's middleware/filter/permission chain component-by-component vs the plan's wiring; verify each gate is enforced server-side against an authenticated principal, not client-asserted." Source: infra-admin v1 retro + v1.1 plan-review cycle 2.