Skip to content

docs: Phase 4a auth + security proper-fix spec & plan#174

Merged
rz1989s merged 1 commit intomainfrom
docs/phase4a-auth-fix-spec-plan
May 7, 2026
Merged

docs: Phase 4a auth + security proper-fix spec & plan#174
rz1989s merged 1 commit intomainfrom
docs/phase4a-auth-fix-spec-plan

Conversation

@rz1989s
Copy link
Copy Markdown
Member

@rz1989s rz1989s commented May 6, 2026

Summary

Captures the architectural fix design surfaced by /quality:qa Phase 1 (dev-QA) against sipher.sip-protocol.org devnet beta on 2026-05-06.

  • Spec (586 lines) — 11 locked decisions D1-D11 covering FE AuthSync architecture, JWT lifecycle (24h TTL + /api/auth/refresh + 401 interceptor), SIWS-then-signMessage fallback, BE auth surface hardening, ephemeral state centralization, and SENTINEL safe-default.
  • Plan (4,137 lines) — 40 tasks across 5 phases. Phase A (PR 1, 18 tasks) = FE AuthSync architecture; Phase B (PR 2, 19 tasks) = BE auth surface hardening; Phase C = verification; Phase D = launch event; Phase E (optional) = polish.

Why

/quality:qa Phase 1 surfaced 13 high-priority bugs (6 frontend + 7 backend) plus 14 next-refactor + 12 polish + 7 architectural patterns. The bugs are not 13 independent issues — they are symptoms of architectural gaps:

  • FE X-1: no single source of truth for auth state (wallet-adapter + Zustand + JWT mixed ad-hoc per component)
  • BE X-1: module-state pattern (security-critical maps as module-scope let)
  • BE X-2: process.env.SOLANA_NETWORK drift (13 backend files leak it)
  • BE X-4: fail-open as default (/pay/:id/confirm returns {valid:true} on RPC error)

Patching the symptoms individually leaves the patterns alive. Proper-fix takes ~1.5 extra days vs. hotfix (~3 days vs. ~1.5) but eliminates same-class regressions and provides a foundation for the Phase 4b mainnet launch without inheriting devnet-beta debt.

Trade-off

Launch slips from "tonight" to ~2026-05-09/10. X thread #1 has not been published yet; no external commitment. Devnet beta soak is >=3 days minimum anyway, so the slip does not push out the mainnet timeline.

Test plan

This PR is docs-only; no code changes. Reviewer focus:

  • Spec D1-D11 decisions read as locked (no open [TBD] items)
  • Plan tasks A0-A18 + B0-B19 + C0-C3 + D0-D2 + E0-E2 each have clear scope, files-touched list, and verification criteria
  • Acceptance criteria in spec are testable (no aspirational language)
  • Risk register R1-R12 covers the architectural patterns being fixed
  • Dependencies / cross-links to predecessor spec (Phase 4 split, 2026-05-05) resolve

Predecessors

  • Spec: docs/superpowers/specs/2026-05-05-phase4-split-devnet-beta-mainnet-design.md
  • Plan: docs/superpowers/plans/2026-05-05-phase4-split-devnet-beta-mainnet.md
  • Handoff: ~/Documents/secret/claude-strategy/sip-protocol/sipher/session-handoff-2026-05-06-d.md

@rz1989s
docs(superpowers): Phase 4a auth + security proper-fix spec & plan
9d650a9 
Captures the architectural-fix design surfaced by /quality:qa Phase 1
(dev-QA) against sipher.sip-protocol.org devnet beta on 2026-05-06.

Spec (586 lines) — 11 locked decisions D1-D11:
- D1: proper-fix over hotfix (architectural patterns FE X-1, BE X-1/X-2/X-4)
- D2: 2 PRs in sipher (FE AuthSync + BE auth surface), reviewable in parallel
- D3: AuthSync provider as single source of truth for wallet ↔ JWT ↔ store
- D4: 24h JWT TTL + /api/auth/refresh + global 401 interceptor
- D5: SIWS-then-signMessage fallback (unblocks Jupiter / OKX / older wallets)
- D6: desktop wallet pill dropdown (plain Tailwind/Phosphor, no Radix dep)
- D7: /pay/:id/confirm fail-closed with fallback RPC + retry
- D8: ESLint rule banning direct process.env.SOLANA_NETWORK reads
- D9: SENTINEL_MODE default flips from 'yolo' to 'advisory'
- D10: centralized ephemeral state module (Redis-backed-with-fallback)
- D11: Solscan link wiring deferred to UI revamp

Plan (4,137 lines) — 40 tasks across Phases A-E:
- Phase A (PR 1): 18 tasks A0-A18 — FE AuthSync + dropdown + JWT lifecycle
- Phase B (PR 2): 19 tasks B0-B19 — BE auth surface hardening
- Phase C: integration verification + /quality:qa re-run
- Phase D: launch event (X thread #1 publish, Steave DM, gate check)
- Phase E (optional): error envelope unification + structured logging

Trigger: /quality:qa Phase 1 surfaced 13 high-priority bugs (6 FE + 7 BE)
plus 14 next-refactor + 12 polish + 7 architectural patterns. X thread #1
launch HELD pending this fix per CLAUDE.md priors (quality > urgency).
Devnet beta soak is >=3 days minimum anyway, so fix slip does not push
out the mainnet timeline.

Predecessor: docs/superpowers/specs/2026-05-05-phase4-split-devnet-beta-mainnet-design.md
@rz1989s rz1989s mentioned this pull request May 7, 2026
Merged
5 tasks
@rz1989s rz1989s merged commit 547fd5a into main May 7, 2026
4 checks passed
@rz1989s rz1989s deleted the docs/phase4a-auth-fix-spec-plan branch May 7, 2026 00:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rz1989s