north-star-source-inventory
Note: This file was promoted from
.scratch/session-notes/sv0-platform/2026-05-16-northstar-source-inventory.mdon 2026-05-17 (R3 of Northstar readability cleanup). It is the underlying receipt layer for every clause ID innorth-star.md— each entry carries the verbatim Sergey quote, source citation, date, and durability tier. The.scratchfile is now superseded by this in-repo copy.
UX North Star Source Inventory
Generated: 2026-05-16
Scope: Overview / Brief / Chain surfaces only
Pilot trunk audited at: origin/redesign/v06-pilot (current branch: pr-972-review)
This is an inventory, not the first-read UX guide. Every direction below cites a specific source. The readable synthesis lives in north-star.md.
Revision log
- 2026-05-16: Initial audit, 65 entries.
- 2026-05-16: Audit-of-audit applied — 65 entries reclassified with Durability tier, 17 new entries added (O-18..O-19, B-18, C-18, X-15..X-27 — total now 82), 3 false-negative corrections (positioning-snapshot.md, terminology.md, differentiation.md). Final tier counts (entries may carry compound tags; sums >82 are expected): LOCKED-IN-CODE (any variant incl. LIVE DEFECT): 29. LOCKED-IN-DOC (any variant): 21. LOCKED-IN-SCRATCH-ONLY (any variant): 26. LOCKED-BUT-CONTRADICTED (any variant, includes 3 SCRATCH-ONLY with +CONTRADICTED tag): 9. LIVE DEFECT (orthogonal to lock status): 2. Conflicts surfaced beyond original inventory: 8 (5 N-question frameworks → X-15; 3 executionState vocabularies → X-16; founder-principles dangling reference → X-17; AGENTS.md→UX-GUIDE.md stale pointer → X-18; positioning trio access-chain qualifier conflict → X-21 sub-conflict; design-principles vs TLD-5 north-star quote → X-19 + X-6; vision.md 6-link chain framing competition → X-23; NarrativeFlag default-off gap → X-27).
- 2026-05-17: Moved from
docs/product/positioning/todocs/design/ux/because the North Star is UX-only guidance. This file is now a source appendix; the readable synthesis lives innorth-star.md. - 2026-05-18: Restored supplemental v1.0-draft receipts used by the readable UX guide (
B-19,C-19,C-22,X-33,X-34,Q-10) and added stable clause anchors for guide-to-inventory traceability.
Overview surface
O-1. Overview is a "ranked operational exposure queue", not a posture dashboard, finding dump, or remediation tracker
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-13-overview-v0.6/HANDOFF.md:9-20
Date: 2026-05-13 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source (echoed in memory project_canonical_overview_design_2026_05_13.md; OverviewPage.tsx:7-22 mentions Zone B/C removal but does not assert the queue framing as a contract)
Verbatim:
The Overview page should be a ranked operational exposure queue. It should not feel like: a posture-management dashboard, a finding dump, a remediation workflow tracker, a SIEM alert console, a long AI-written narrative surface.
Notes: Greg's "operational compression" feedback (rejected both thin posture and verbose narrative extremes). This supersedes the prior overview v0.5.html direction. Re-stated in memory project_canonical_overview_design_2026_05_13.md.
O-2. Overview must answer five CISO questions on first viewport
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-13-overview-v0.6/HANDOFF.md:25-31
Date: 2026-05-13 (Sergey)
Status: LOCKED
Durability: LOCKED-BUT-CONTRADICTED
Durable backstop: contradicted by /Users/mini1/dev/securityv0/repos/sv0-platform/UX-GUIDE.md §3 (Four Questions, different set; AGENTS.md:78 cites UX-GUIDE.md as MANDATORY), /Users/mini1/dev/securityv0/repos/sv0-skills/founder-principles/SKILL.md:45-54 (5-question test, different set), .claude/agents/ceo-reviewer.md:79-88 (4 questions, different set). See X-15.
Verbatim:
what is wrong · why it matters · what caused it · what proof supports it · what action should be reviewed next
Notes: Same set referenced in UX-GUIDE.md §3 ("Four Questions") — slightly different vocabulary; this 5-question set is the locked one for Overview.
O-3. Page IA — five sections, fixed order
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-13-overview-v0.6/HANDOFF.md:44-54
Date: 2026-05-13 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-CODE
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/pages/OverviewPage.tsx:1-30 (header comment names the 5-zone IA: Hero / Other briefs / Why surfaced / Related access paths / Telemetry-provenance)
Verbatim:
- Hero: top exposure 2. Other exposure briefs: ranks 02-04 3. Why these briefs surfaced 4. Related access paths 5. Telemetry / provenance, only if needed
Notes: Sergey rejected splitting ranked briefs across sections ("Rank 04 is still an exposure brief, not supporting evidence"). Implementation header at ui/src/pages/OverviewPage.tsx:1-30 confirms this is the rendered Zone shape.
O-4. Hero is the top decision object — fixed 8-field order
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-13-overview-v0.6/HANDOFF.md:60-69
Date: 2026-05-13 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-CODE
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/pages/OverviewPage.tsx:760-806 renders Risk → Root cause → Proof → Remediation plan dl grid (matches the 8-field order)
Verbatim:
- Top exposure label 2. Problem title 3. Severity / execution state 4. Risk 5. Root cause 6. Proof 7. Remediation plan 8. Buttons
Notes: "Risk comes first because it tells the CISO/IAM leader why the issue matters. Root cause follows because it explains why the exposure exists." Implementation confirmed: OverviewPage.tsx renders Risk → Root cause → Proof → Remediation plan dl grid (verified line 760-806 of v06-pilot HEAD).
O-5. Hero CTAs = exactly 3
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-13-overview-v0.6/HANDOFF.md:168-175 and memory/project_canonical_overview_design_2026_05_13.md:28
Date: 2026-05-13 (Sergey)
Status: LOCKED → DRIFTED (per issue #1011 reported 2026-05-16)
Durability: LOCKED-IN-CODE + LIVE DEFECT
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/pages/OverviewPage.tsx:799-825 renders exactly 3 CTAs in .brief-controls. In-code contract intact; deployed v06-pilot-6495ca5 bundle drifted per #1011.
Verbatim:
Hero primary:
Open brief· Hero secondary:Review remediation plan, if it opens the remediation section inside the Brief · Hero secondary:View access chain
Notes: Code at OverviewPage.tsx:799-825 (v06-pilot HEAD) renders exactly 3 CTAs in .brief-controls. Issue #1011 reports 5 CTAs on the deployed v06-pilot bundle (v06-pilot-6495ca5) but lists "Open brief →" appearing twice + a "View all access paths →" — those extras are NOT in the in-the-hero .brief-controls block; #1011's screenshot likely conflates the hero CTAs with row CTAs and the Related Access Paths card CTA. Needs a render-count assertion in tests as #1011 recommends.
O-6. Row CTAs = 1 (Open brief only)
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-13-overview-v0.6/HANDOFF.md:99-122 and memory/project_canonical_overview_design_2026_05_13.md:30
Date: 2026-05-13 (Sergey)
Status: LOCKED (supersedes v0.5 handoff which had 3 row CTAs)
Durability: LOCKED-IN-SCRATCH-ONLY (+CONTRADICTED)
Durable backstop: contradicted by 02-handoff-v0.6.md §3.1 (3-CTA row spec) which itself lives only in un-merged worktree (sv0-documentation#247). No in-repo source backs the 1-CTA-only row spec.
Verbatim:
Rows 02-04 are queue items, not mini Brief pages. Each row should show only: rank · concrete title · severity / execution or authority state · root cause fragment · action fragment · CTA: Open brief
Notes: Explicitly contradicts the older 02-handoff-v0.6.md §3.1 "Story rows" spec which required all three CTAs (Open brief →, Open chain →, Open tracker →) on every row. The 2026-05-13 HANDOFF supersedes.
O-7. Two-state execution model only (Execution confirmed / Standing authority); NO Dormant
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-13-overview-v0.6/HANDOFF.md:126-141
Date: 2026-05-13 (Sergey)
Status: LOCKED + CI-enforced
Durability: LOCKED-IN-CODE
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/scripts/check-banned-vocabulary.ts:128-140 bans Dormant on narrative-UI paths (CI gate). Conflict: founder-principles SKILL.md:60-67 retains a three-state model including Dormant — see X-16.
Verbatim:
Do not use
Dormant. Use only:Execution confirmed: SecurityV0 observed execution in the configured lookback window.Standing authority: no recent execution observed, but the authority/path remains live and callable.
Notes: Banned in scripts/check-banned-vocabulary.ts:128-140 for narrative-UI taxonomy surfaces. Also enforced in COMPONENTS.md (rejected <ActivityChip> for new surfaces). Memory reference_v06_narrative_vocab_contract.md confirms.
O-8. No SIEM controls on Overview (SIEM eligible, Send SIEM alert banned)
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-13-overview-v0.6/HANDOFF.md:144-156
Date: 2026-05-13 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. No CI gate for SIEM eligible / Send SIEM alert strings; no OverviewPage.tsx header comment forbids them.
Verbatim:
Do not put SIEM status or alert controls on the Overview unless a specific alerting workflow is intentionally being demonstrated. Avoid:
SIEM eligible,Send SIEM alert, explanatory Sentinel/Splunk notes on Overview.
Notes: SIEM affordance moves to Brief Q5 per #839 hybrid lock.
O-9. No remediation workflow CTAs (Route remediation, Assign owner, Open tracker, Track in tracker)
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-13-overview-v0.6/HANDOFF.md:158-175
Date: 2026-05-13 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. OverviewPage.tsx:7-22 header notes Zone B/C removal (KPI tiles, Strategic Context) — close but does not enforce a CTA-string ban.
Verbatim:
Overview should not feel like SecurityV0 is a remediation work-management system. Avoid prominent Overview CTAs:
Route remediation,Assign owner,Open tracker,Track in tracker.
Notes: "Resolution Tracker can remain in nav if required by the broader prototype, but the Overview should not hinge on it."
O-10. Ownership only as evidence fragments, never as workflow ownership
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-13-overview-v0.6/HANDOFF.md:177-196
Date: 2026-05-13 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. Strings IAM owner / remediation owner / story owner / routed / not routed not in any in-repo banned list.
Verbatim:
If ownership appears, it must refer to accountable owner of the automation, agent, service principal, workload, or related non-human identity. Prefer evidence fragments:
Accountable owner missing 38d,Technical owner missing · nimbus-ops-monitor,Owner evidence unavailable. Avoid:IAM owner,remediation owner,story owner,routed,not routed.
O-11. Labels — explicit allow/deny list for section + field headers
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-13-overview-v0.6/HANDOFF.md:197-220
Date: 2026-05-13 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. Explicit allow/deny label lists live only in HANDOFF.md.
Verbatim:
Preferred labels:
Top exposure·Other exposure briefs·Why these briefs surfaced·Related access paths·Telemetry / provenance·Risk·Root cause·Proof·Remediation plan. Avoid posture/dashboard labels:Posture,Risk score,Top clusters drive X%,Ownerless paths,Paths drifted, genericSupporting evidenceas a divider.
Notes: "Risk Clusters may still exist elsewhere in the broader app, but Overview should not lead with cluster/posture framing."
O-12. Visual scale — finite type ramp, 13" MacBook viewport target
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-13-overview-v0.6/HANDOFF.md:223-242
Date: 2026-05-13 (Sergey)
Status: LOCKED + CI-enforced (partial)
Durability: LOCKED-IN-CODE (partial)
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/scripts/check-banned-vocabulary.ts:156-174 partially enforces (no arbitrary tracking-[...], no sub-12px text-[<rem>], no tracking-widest) — scoped to ui/src/components/narrative/. Hero title 24px enforced by Codex E2E. Type ramp 12/14/16/18/24 not asserted in code beyond narrative-folder scope. See also /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/components/narrative/COMPONENTS-PORT-NOTES.md for design-token gaps.
Verbatim:
12px: metadata, chips, field labels · 14px: secondary/helper text · 16px: default body and fragments · 18px: row titles · 24px: hero title · no text below 12px · reduce uppercase letter spacing to roughly 0.06em · avoid 0.14em or 0.18em decorative tracking
Notes: Partially enforced: check-banned-vocabulary.ts:156-174 bans arbitrary tracking-[...], sub-12px text-[<rem>], and tracking-widest (0.1em > 0.06em cap) in ui/src/components/narrative/. Hero title at 24px enforced by Codex E2E review (W-2).
O-13. Implementation pre-flight checks (data contract)
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-13-overview-v0.6/HANDOFF.md:244-254
Date: 2026-05-13 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-CODE
Durable backstop: story.rootCause field added per #854. OverviewPage.tsx consumes leadStory.rootCause verbatim. In-code embodiment of the data contract.
Verbatim:
Verify current data can support
Risk,Root cause,Proof, andRemediation planwithout ad hoc string parsing. IfrootCauseis not present in the data contract, add a deterministic field or template. Do not treat the issue title as root cause.
Notes: story.rootCause field added (issue #854). Implementation at OverviewPage.tsx consumes leadStory.rootCause verbatim.
O-14. Non-Goals — explicit "do not add" list
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-13-overview-v0.6/HANDOFF.md:256-269
Date: 2026-05-13 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-CODE (partial)
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/pages/OverviewPage.tsx:7-22 header comment encodes Zone B/C removal. CSS-string-level "do not add" list lives only in HANDOFF.md (no CI gate).
Verbatim:
Do not add: dashboard KPI tiles · risk scores · SIEM alert panels · repeated Send Alert controls · remediation workflow routing controls · owner assignment flows · full access-chain diagrams in Overview · long narrative paragraphs.
Notes: Enforced in OverviewPage.tsx:7-22 header comment as "Zone B removed (KPI tiles), Zone C removed (Strategic Context posture/cluster framing)". Drops PR #851 v0.5 design that had a 4-card systemic-signal rail.
O-15. Overview audience = CISO / IAM leadership (executive scan)
Source: Issue #839 Sergey comment 2026-05-12 + memory/project_839_hybrid_lock.md:13-21
Date: 2026-05-12 (Sergey)
Status: LOCKED (arbitrated)
Durability: LOCKED-IN-DOC (memory + GH-only)
Durable backstop: GitHub Issue #839 comment + per-user memory note project_839_hybrid_lock.md. GH comments survive in github.com but not in-repo. No in-repo doc carries the per-surface audience model.
Verbatim (Sergey):
Overview is CISO/IAM leadership first.
Notes: Per-surface map, NOT uniform — see B-3 and C-3 below.
O-16. Hero kicker contract — SUPERSEDED
Source (original, 2026-05-11): 02-handoff-v0.6.md §3.1 (TLD-2 / WAC-10 / sv0-platform#770 arbitration) — required literal kicker GOVERNANCE · TOP 4 OF {M} STORIES, RANKED.
Source (superseding, 2026-05-13): Sergey 2026-05-13 HANDOFF (PR-D1 sv0-platform#893 + PR-D2 sv0-platform#895) retired the GOVERNANCE · TOP N OF M kicker strip in the shell rebuild and replaced it with the Top exposure hero eyebrow.
Date: Locked 2026-05-11; superseded 2026-05-13.
Status: SUPERSEDED
Durability: LOCKED-IN-CODE (post-supersession). Live render at /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/pages/OverviewPage.tsx:743-746 emits literal Top exposure. Regression-asserted at ui/src/pages/OverviewPage.test.tsx:446-457 (positive assertion on Top exposure; negative assertion on GOVERNANCE and STORIES, RANKED).
Resolution:
OverviewPage.tsxlines 670-671 contain an explanatory comment stating the oldGOVERNANCE · TOP 4 OF {M}strip is dropped per the 2026-05-13 handoff. TheMAX_CANONICAL_STORIES = 4cap survives at the rank-list level but is no longer surfaced as a kicker string.RANKED_EYEBROW_TEMPLATEconstant inui/src/design-contract.ts:118-119is dead code (no longer referenced byOverviewPage.tsx). Cleanup tracked separately as asv0-platformfollow-up.
Verbatim (original 2026-05-11 lock, retained for traceability):
The hero kicker (literal source contract for the v0.6 grep gate): GOVERNANCE · TOP 4 OF {M} STORIES, RANKED
Notes: Do NOT reintroduce the GOVERNANCE · TOP N OF M kicker. The Top exposure eyebrow is the locked direction; PR reviews that flag the absence of the GOVERNANCE strip should be rejected with reference to PR-D1 #893 / PR-D2 #895.
O-17. Hero headline is deterministically derived from real data (no probabilistic vocab)
Source: ui/src/pages/OverviewPage.tsx:24-29 (inline header) + buildPostureHeadline() at lines 102-189
Date: 2026-05-13+ (PR-D1+)
Status: LOCKED (implementation contract)
Durability: LOCKED-IN-CODE
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/pages/OverviewPage.tsx:24-29 + buildPostureHeadline() at lines 102-189. Pure, unit-testable composer.
Verbatim:
Headline source: deterministic, derived from real data via
buildPostureHeadline(). The illustrative example sentence in the Claude Design data prototype is NOT shipped — every clause traces to the lead story title, posture counts, and environment name. No probabilistic vocabulary.
Notes: Composer is pure, unit-testable. Traces to leadStory, posture delta, env name.
O-18. Overview must lead with access chain vocabulary
Source: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/positioning/terminology.md:48-50
Date: 2026-04-03
Status: LOCKED
Durability: LOCKED-IN-DOC
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/positioning/terminology.md:48-50 (Usage Rule). In-repo authoritative source.
Verbatim:
Lead with
access chainwhen describing the thing the customer investigates or acts on. Lead withexecution exposurewhen describing the risk condition that requires governance or remediation.
Notes: Cross-references O-11 (allow/deny label list) but is the in-repo authoritative source for the vocab choice, not the HANDOFF. Conflict: terminology.md uses 4 access-chain qualifiers (observed / potential / standing-authority-only / unknown binding) while v0.6 (O-7, B-7) collapses to 2 states (Execution confirmed / Standing authority) — see X-21.
O-19. "Finish the Sentence" — every Overview fragment must state the business conclusion
Source: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/design-principles.md:25-39
Date: 2026-03-16
Status: LOCKED
Durability: LOCKED-IN-DOC (NS-tagged in-repo)
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/design-principles.md:25-39 (Principle 1). Doc carries priority: critical, tags: [design-principles, ux, north-star, product-direction].
Verbatim:
Every finding, every remediation, every cluster summary must state the business conclusion — not just the technical fact. Test: Read the output aloud. If a non-technical VP would ask "so what?", the sentence is unfinished.
Notes: Direct cross-cutting principle the original inventory missed. Applies to O-4 Hero fields, O-13 deterministic data contract, the Brief Risk/Root-cause render at B-4, and the Chain top-decision block at C-6 (see also B-18, C-18).
Brief surface
B-1. Brief is the shared CISO+analyst landing surface (compact, not long narrative)
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-brief-v0.1/HANDOFF.md:8-25
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY (+CONTRADICTED)
Durable backstop: contradicted by /Users/mini1/dev/securityv0/repos/sv0-platform/UX-GUIDE.md (still carries older narrative framing; AGENTS.md:78 cites UX-GUIDE.md as MANDATORY). The TLD-4 retraction is encoded only in GH #839 + memory note + un-merged 02-handoff-v0.6.md. No in-repo doc supports the new framing.
Verbatim:
The Brief page is the shared landing surface for CISO/IAM leadership and analysts. It should be: leadership-readable · analyst-usable from a direct/SIEM-style landing path · evidence-backed · action-oriented · compact enough to scan without reading a report.
Notes: Reverses TLD-4's earlier "single-page narrative for CISO/IAM read above the fold" framing per Sergey #839 hybrid lock. Memory project_839_hybrid_lock.md. Word narrative retired from Brief framing — use compact landing or structured first screen.
B-2. Brief NON-Goals — what Brief is NOT
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-brief-v0.1/HANDOFF.md:20-25 + :414-426
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-CODE (partial)
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/pages/BriefPage.tsx:10-21 header has 6-section structure (structural Non-Goal). Banned-add list (KPI tiles · risk scores · SIEM alert controls · etc.) lives only in HANDOFF.md.
Verbatim:
It should not feel like: a long executive narrative · a posture dashboard · a single access-chain finding · a remediation workflow tracker · a SIEM alert page. Do not add: posture-dashboard KPI tiles · risk scores · SIEM alert controls · owner assignment workflow · tracker status panels · long narrative paragraphs · full access-chain graph exploration · invented business impact numbers.
B-3. Brief 5-question contract (Sergey verbatim)
Source: Issue #839 comment 2026-05-12 + memory/project_839_hybrid_lock.md:24-29 + handoff 02-handoff-v0.6.md TLD-4
Date: 2026-05-12 (Sergey)
Status: LOCKED (arbitrated)
Durability: LOCKED-BUT-CONTRADICTED
Durable backstop: GitHub Issue #839 comment + memory note + un-merged 02-handoff-v0.6.md TLD-4. BriefPage.tsx:275-284 resolves Q5 SIEM routing but does NOT assert "first screen answers these 5 questions" as a contract. Contradicted by /Users/mini1/dev/securityv0/repos/sv0-platform/UX-GUIDE.md §3 (different Four Questions framework). See X-15.
Verbatim (Sergey):
The Brief first screen should answer quickly: what is the root cause? · what is affected? · why does it matter now? · what is the recommended plan/action? · where should this be sent or tracked? (SIEM / Splunk / Sentinel / ServiceNow / Jira routing affordance — new in v0.6)
Notes: Q5 is the new-in-v0.6 SIEM routing affordance. Implementation at BriefPage.tsx:275-284 resolves Q5 via tenantConfig.ticketSystem.
B-4. Required top-block order = Title · Severity/Exec state · Risk · Root cause · Affected scope · Proof · Remediation plan · Actions
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-brief-v0.1/HANDOFF.md:58-72
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-CODE
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/pages/BriefPage.tsx:375-460 (5-row label grid: Risk · Root cause · Affected scope · Proof · Remediation plan) matches required order.
Verbatim:
The Brief top block must align with the latest Overview model. Required order: 1. Actionable issue title 2. Severity / execution state 3. Risk 4. Root cause 5. Affected scope 6. Proof 7. Remediation plan 8. Actions. Do not use the older order:
Root cause -> Affected scope -> Risk -> Proof -> Remediation plan.
Notes: Implementation at BriefPage.tsx:375-460 matches (5-row label grid: Risk · Root cause · Affected scope · Proof · Remediation plan).
B-5. Title is actionable, separate from root cause
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-brief-v0.1/HANDOFF.md:119-134
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-CODE (data contract)
Durable backstop: story.rootCause added per #854; /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/lib/brief-compute.ts consumes the deterministic field.
Verbatim:
The Brief opens with an actionable issue title, then renders a separate concise root-cause sentence or fragment. Do not derive root cause by reusing
story.title. If data support is missing, add a deterministic field/template such as:rootCause,risk,affectedScope,proof,remediationPlan.
Notes: Lock from #854 (Sergey 2026-05-12 Q1 arbitration).
B-6. Brief represents a clustered exposure, not a single chain
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-brief-v0.1/HANDOFF.md:136-166
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. "one exposure brief · 8 related access paths · one representative access chain" framing lives only in HANDOFF.md.
Verbatim:
The current
support-lambdaexample must read as: one exposure brief · 8 related access paths · one representative access chain shown as proof. Required language:Affected scopeshould establish the grouped exposure. The chain section should be titledRepresentative access chain. Include a compactRelated paths in this briefblock.
B-7. Execution state = two-state model only (same as Overview)
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-brief-v0.1/HANDOFF.md:169-196
Date: 2026-05-14 (Sergey)
Status: LOCKED + CI-enforced
Durability: LOCKED-IN-CODE
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/scripts/check-banned-vocabulary.ts:128-140 bans Dormant on narrative paths (BriefPage.tsx covered). Conflict with founder-principles skill — see X-16.
Verbatim:
Do not use
Dormant. Use only:Execution confirmed,Standing authority. Rules: If proof says0 executions in 30d, the state must beStanding authority. Do not showExecution confirmedunless execution was observed in the lookback.
B-8. Remediation plan is phased (Contain/Reduce/Validate), not advisory
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-brief-v0.1/HANDOFF.md:198-220
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. Phased Contain/Reduce/Validate language + CTA model live only in HANDOFF.md. No in-repo grammar gate.
Verbatim:
Use
Remediation plan, notRecommended action, in the Brief top block. The plan should be bounded and phased: Contain: ... Reduce: ... Validate: ... For some exposures,Investigatecan be a phase, but avoid making the whole plan feel optional or advisory. CTA model: Primary:Review remediation plan· Secondary:View access chain· Secondary/optional:Create ticket· Optional:Print / PDF.
B-9. NO workflow / tracker controls above the fold
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-brief-v0.1/HANDOFF.md:222-235
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. Above-the-fold workflow control bans live only in HANDOFF.md.
Verbatim:
Avoid above the fold:
Track in tracker,Open Resolution Tracker,Assign owner,Routing status,No owner,Routed / Not routed,Owned by ... target date .... Ticket creation is acceptable as a secondary action if the product route exists, but the Brief should not imply full remediation lifecycle ownership.
B-10. NO ownership rendering unless product-data backed
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-brief-v0.1/HANDOFF.md:237-250
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. Ownership rendering ban lives only in HANDOFF.md.
Verbatim:
Do not render an
Accountable owner,Accountable team, or ownership status element on the Brief unless that capability is explicitly supported in product data. Avoid:IAM owner,Accountable team,Technical owner,Remediation owner,Story owner,Owner missing.
B-11. Lower-page sequence = What changed → Consequence detail → Exposure state → Representative access chain → Evidence
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-brief-v0.1/HANDOFF.md:253-270
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-CODE
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/pages/BriefPage.tsx:10-21 header confirms 6-section structure.
Verbatim:
After the top decision block, use concise detail sections. Preferred sequence: 1.
What changed2.Consequence detail3.Exposure state4.Representative access chain5.Evidence / provenance.
Notes: Implementation header at BriefPage.tsx:10-21 confirms 6-section structure (with Exposure Summary as section 1).
B-12. Access chain section heading must be Representative access chain (not Access chain)
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-brief-v0.1/HANDOFF.md:304-322
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. "Representative access chain" heading enforced via HANDOFF.md only; no string-render assertion in code.
Verbatim:
Use:
Representative access chain. Do not use:Access chainas the only heading if the Brief represents multiple related paths. Keep the diagram. Do not replace it with a large graph. The full operator-proof version belongs on the Access Chain page.
B-13. SIEM-cold landing must work (no required Overview context)
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-brief-v0.1/HANDOFF.md:338-357 + BriefPage.tsx:6-9 header
Date: 2026-05-14 (Sergey) + #839 hybrid lock 2026-05-12
Status: LOCKED
Durability: LOCKED-IN-CODE (partial)
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/pages/BriefPage.tsx:6-9 header notes SIEM-cold landing supported. "no required Overview context" rule lives only in HANDOFF.md.
Verbatim (HANDOFF):
The Brief should work if an analyst lands from Sentinel/Splunk or another SIEM path. That means the top block must make the issue understandable without requiring Overview context: title · risk · root cause · affected scope · proof · remediation plan. Do not turn the Brief into a SIEM alert console. Avoid:
SIEM eligible,Send SIEM alert, repeated alert actions.
B-14. Breadcrumb framing: avoid Risk Clusters > [cluster] > [story kicker]
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-brief-v0.1/HANDOFF.md:359-374
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-CODE
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/pages/BriefPage.tsx:109-122 uses setOverride("brief", "Exposure briefs") for breadcrumb compliance.
Verbatim:
Brief breadcrumb should avoid posture/cluster-first framing. Prefer:
Nimbus · prod > Exposure briefs > support-lambda. Avoid:Risk Clusters > [cluster] > [story kicker].
Notes: Implementation at BriefPage.tsx:109-122 uses setOverride("brief", "Exposure briefs") for breadcrumb compliance.
B-15. Visual scale matches Overview (12/14/16/18/24 px, no text < 12px)
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-brief-v0.1/HANDOFF.md:377-397
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-CODE (partial)
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/scripts/check-banned-vocabulary.ts:156-174 partially enforces (tracking + sub-12px font-size rules scoped to ui/src/components/narrative/). Full type ramp not asserted in code.
Verbatim:
Type scale: 12px: metadata, chips, field labels · 14px: secondary/helper text and buttons · 16px: body/fragments · 18px: section titles if needed · 24px: main Brief title. Avoid text below 12px.
B-16. Implementation pre-flight checks (deterministic state derivation)
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-brief-v0.1/HANDOFF.md:399-412
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-CODE
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/lib/brief-compute.ts derives state from observed execution data.
Verbatim:
Confirm
Execution confirmedandStanding authorityderive from observed execution data, not label heuristics. ConfirmDormantis removed everywhere in Brief. ConfirmNo execution observed in 30ddoes not pair withExecution confirmed.
B-17. Brief copy / data composition is deterministic; archetype copy is fallback only
Source: ui/src/lib/brief-compute.ts:1-22 header + BriefPage.tsx:74-105 (narrative composer wiring)
Date: 2026-05-15+ (plan v3 ratified round-3)
Status: LOCKED → DRIFTED (per issue #1010 reported 2026-05-16)
Durability: LOCKED-IN-CODE + LIVE DEFECT
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/lib/brief-compute.ts:1-22 header + /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/pages/BriefPage.tsx:74-105 composer wiring. In-code contract intact; issue #1010 reports precedence drift (copy?.risk ?? rendered?.thesis flips deterministic preference).
Verbatim (brief-compute header):
Each composer returns either: a non-empty string with real content, OR
string[](composers that emit bullets), ORnull(caller hides the slot). No probabilistic vocabulary, no synthesized prose. Strings template directly off finite, observable fields.
Notes: Issue #1010: Overview hero precedence flips this — leadCopy?.proof ?? composeProof(...) prefers static archetype over deterministic composer, causing identical text across tenants. The Brief surface uses similar precedence (copy?.risk ?? rendered?.thesis), which #1010 implies needs the same audit. Q-5 later resolved the required-copy empty state: when required tenant-derived copy cannot be composed, render No tenant data - first scan pending; strict removal of archetype fallback remains tracked by sv0-platform#1054.
B-18. Brief must be partner-handout-ready — platform=engine, report=what partners present
Source: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/design-principles.md:105-119
Date: 2026-03-16
Status: LOCKED
Durability: LOCKED-IN-DOC (NS-tagged in-repo)
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/design-principles.md:105-119 (Principle 5).
Verbatim:
The platform is the engine. The report is what partners package, brand, and present to their clients. Executive output quality directly determines partner revenue. Test: Can a Deloitte manager take the assessment report output, put their logo on it, and present it to a Fortune 500 CISO without rewriting it?
Notes: Reinforces and predates B-1 ("shared CISO+analyst landing surface"). Predates v0.6 work but durable. Cited by ceo-reviewer.md as canonical.
B-19. Related paths in this brief — compact block
Source: 2026-05-14 Brief HANDOFF lines 154-164, restored from later v1.0-draft North Star synthesis.
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only the handoff text and later v1.0-draft synthesis preserve this as a clause.
Verbatim shape:
Related paths in this brief
- 8 access paths grouped by support-lambda-role scope drift
- 3 sensitive domains: customer, Salesforce, ServiceNow
- 5 destinations reachable through retained credentials / export path
Notes: The Brief must include a compact Related paths in this brief block when it represents a grouped exposure. Without this block, the Brief reads as a single-path finding, which conflicts with B-6. Counts and grouping labels come from the data layer, not authored copy.
Chain surface
C-1. Chain is the singular detail/proof page for ONE path (not clusters/posture)
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-access-chain-v0.1/HANDOFF.md:8-20
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. No in-repo embodiment of "singular detail/proof page for ONE path, not Clusters / posture / SIEM / narrative report" framing.
Verbatim:
Access Chain is the singular detail/proof page for one path. It is not: a Risk Clusters page · a posture dashboard · a generic findings page · a SIEM alert console · a long narrative report. The page should help an analyst validate one path, understand what it allows, understand why it matters, and immediately know what to do about it.
C-2. Chain audience = analyst/operator primary; CISO secondary (drills in from Brief)
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-access-chain-v0.1/HANDOFF.md:22-28 + #839 hybrid lock
Date: 2026-05-14 (Sergey) + 2026-05-12 (#839)
Status: LOCKED
Durability: LOCKED-IN-DOC (memory + GH-only)
Durable backstop: GitHub Issue #839 comment + per-user memory project_839_hybrid_lock.md. Audience model only in HANDOFF + GH comment + memory.
Verbatim (HANDOFF):
Primary: analyst/operator. Secondary: IAM/security engineering. CISO/IAM leadership may drill into it from a Brief, but the page should optimize for proof and action, not executive storytelling.
Notes: Per #839 hybrid lock: "operator/proof-first."
C-3. Page spine = 10 sections, fixed order
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-access-chain-v0.1/HANDOFF.md:30-46
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. 10-section page spine lives only in HANDOFF.md; no ExecutionChainDetailPage.tsx JSDoc enforces the order (no header comment parallel to OverviewPage.tsx / BriefPage.tsx).
Verbatim:
- Path identity and execution state 2. Root cause 3. What this path allows 4. Why this path matters 5. Recommended action 6. Ranked recommended actions 7. Observed access chain diagram 8. Path facts 9. Reach from this path 10. Evidence / provenance
Notes: First screen must answer: Is this path real? · What does it allow? · Why does it matter? · What is the narrowest useful action?
C-4. Chain 6 required elements (memory + #839 lock)
Source: Issue #839 Sergey comment 2026-05-12 + memory/project_839_hybrid_lock.md:30-36
Date: 2026-05-12 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-DOC (memory + GH-only)
Durable backstop: GitHub Issue #839 comment + per-user memory project_839_hybrid_lock.md. Same as O-15/B-3: GH-comment + memory only.
Verbatim (Sergey):
Access Chain is operator/proof-first. It should prove one path and show what action to take: what this path allows · why this path matters · deterministic chain · path facts · recommended actions · evidence.
Notes: 6-element checklist is a COVERAGE checklist, not a strict top-to-bottom layout — the listing order in Sergey's quote is enumerative. Recommended actions go ABOVE the diagram per §3.4 layout note.
C-5. Header model — breadcrumb + metadata + arrow-joined title
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-access-chain-v0.1/HANDOFF.md:52-72
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. Breadcrumb + metadata + title format live only in HANDOFF.md.
Verbatim:
Preferred breadcrumb:
Nimbus · prod > Exposure briefs > support-lambda exposure brief > Access chain. Preferred metadata:Path 1 of 8 · support-lambda exposure brief·High · Standing authority · no execution observed in 30d. Preferred title:support-router -> support-lambda-role -> Secrets Manager -> SaaS credentials. Do not frame the page asRisk Clusters.
C-6. Top decision block = 4 fields (Root cause / What allows / Why matters / Recommended action)
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-access-chain-v0.1/HANDOFF.md:92-123
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. 4-field top decision block lives only in HANDOFF.md.
Verbatim:
Use four fields: ### Root cause ... ### What this path allows ... ### Why this path matters ... ### Recommended action. Recommended action should be visually elevated enough to read as the main action, for example with subtle emphasis, a light tint, stronger text, or a left accent.
C-7. Ranked actions — up to 3, each typed (Remediate/Contain/Investigate)
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-access-chain-v0.1/HANDOFF.md:125-198
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-CODE
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/design-contract.ts:64 ACTION_TYPES: ["Investigate", "Contain", "Remediate"] survives in code.
Verbatim:
Recommended actions should appear directly after the top decision block. Show up to three ranked actions: 1. Primary 2. Alternative 3. Compensating control. Each action must have one action type:
Remediate,Contain,Investigate. Allowed primary action buttons:Create ticket,Open remediation plan. Do not show:Attach evidence,Open chainself-links,Auto-remediate, source-system write-back unless implemented.
C-8. Diagram = compact horizontal chain; Observed edge label acceptable; danger nodes use white text
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-access-chain-v0.1/HANDOFF.md:207-226
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. Diagram model + edge labels + danger node styling live only in HANDOFF.md.
Verbatim:
The diagram is the main proof object. Show a compact horizontal chain: Workload · Identity · Via · Resource. Labels: Use deterministic edge labels. For this mock,
Observedis acceptable. Do not show inferred edges. Resource/danger nodes with filled red backgrounds must use white text.
C-9. Path facts = compact factual rows (first seen, last observed, executions, state, baseline)
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-access-chain-v0.1/HANDOFF.md:228-241
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. Path facts row format lives only in HANDOFF.md.
Verbatim:
Use compact factual rows:
First seen: 2026-01-04·Last observed: 36 days ago·Executions · 30d: 0·Execution state: Standing authority·Baseline status: +2 secrets since baseline · 2026-03-28. Do not include unsupported owner workflow fields unless the product data is real and the ownership concept is clear.
C-10. Reach from this path = compact rows (sensitive domains, egress, paired, destinations, controls, ASI)
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-access-chain-v0.1/HANDOFF.md:243-255
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. Reach-from-this-path row format lives only in HANDOFF.md.
Verbatim:
Use compact factual rows:
Sensitive domains: 3 · customer · salesforce · servicenow·External egress: Yes·Paired paths: 7 other paths in this cluster·Destinations reachable: 5·Compensating controls: None observed in 30d·ASI mapping: ASI-02 · ASI-08 · ASI-10.
C-11. No standalone Findings attached section
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-access-chain-v0.1/HANDOFF.md:258-263
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. No-standalone-Findings-section rule lives only in HANDOFF.md.
Verbatim:
Do not include a standalone
Findings attachedsection. Rationale: at this level, the useful objects are the path, the control point, execution/authority state, recommended remediation, and evidence/provenance. If finding IDs are needed, put them inside the collapsed Evidence / provenance section as evidence metadata.
C-12. Evidence/provenance collapsed by default
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-access-chain-v0.1/HANDOFF.md:265-300
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. Evidence-collapsed-by-default rule lives only in HANDOFF.md; may be implemented in code, but no header comment cites it.
Verbatim:
Evidence belongs at the bottom of the page. Important implementation rule: evidence must be collapsed by default. Default state:
Evidence / provenance · CloudTrail events · IAM policy JSON · raw metadata · on demand · [Show evidence]. Do not render raw evidence open by default.
C-13. SIEM landing supported but page must NOT become a SIEM console
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-access-chain-v0.1/HANDOFF.md:302-308
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. SIEM-landing-but-not-console rule lives only in HANDOFF.md.
Verbatim:
This page must work if an analyst lands from Sentinel, Splunk, or another SIEM. Do not turn the page into a SIEM console. SIEM is an entry point. SecurityV0 is the system of record for chain context, evidence, and remediation. If SIEM status is shown, keep it as small metadata near the top or in provenance.
C-14. Do-not-reintroduce list (taxonomy / vocab guardrails)
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-access-chain-v0.1/HANDOFF.md:328-339
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-CODE (partial)
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/scripts/check-banned-vocabulary.ts covers Dormant (partial overlap). Other bans (Active · executing weekly, Attach evidence, Open chain self-link, Zone A/B/C labels) NOT in any CI gate.
Verbatim:
standalone findings section · Risk Clusters framing for the detail page · duplicate deterministic consequence block · Zone A / Zone B / Zone C labels ·
Dormant·Active · executing weekly·Attach evidence·Open chainself-link · long explanatory paragraphs · auto-remediation claims.
C-15. Per-path differentiation — 3 paths sharing a workload must render distinguishable content
Source: Issue #988 (Sergey 2026-05-16) + PRs #992 / #996 / #998 / #1003 / #1008
Date: 2026-05-16 (Sergey filed; multi-rev fix history)
Status: ARBITRATED + CI-enforced
Durability: LOCKED-IN-CODE
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/pages/__tests__/chain-per-path-differentiation.test.tsx (PR #1008) survives in CI.
Verbatim (#988):
If these are three distinct cluster instances they need to look distinct — different paths, different numbers, different recommended actions… presenting these three pages to a Deloitte partner will get the question 'are you actually doing analysis here, or just emitting templates?'
Notes: Acceptance: 3 distinct path IDs in the same cluster render 3 distinguishable Chain pages (different path entities, different proof, different recommended actions). PR #1008 added regression gate at ui/src/pages/__tests__/chain-per-path-differentiation.test.tsx asserting differentiation on 4 user-visible surfaces (title, root cause, recommended action, Reach > Destination).
C-16. Chain recommended-action copy must use imperative + named entity (no hedge phrasing)
Source: PR #1009 (merged 2026-05-16) + scripts/check-banned-vocabulary.ts (new chain-recommended-action-imperative rule)
Date: 2026-05-16 (post-#988 CEO Northstar cross-review)
Status: LOCKED + CI-enforced
Durability: LOCKED-IN-CODE
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/scripts/check-banned-vocabulary.ts chain-recommended-action-imperative rule (PR #1009).
Verbatim (PR #1009):
First sentence must contain a verb from {Remove, Restrict, Revoke, Move, Scope, Rotate, Detach, Confirm} AND a named entity (not 'it' / 'the role'). Hedge phrasing like 'Review and confirm that access to X via Y is still required' is a violation, not graceful degradation.
Notes: Two real defects surfaced and fixed inline: orphaned_sensitive.remediationPlan ("assign…" → "Contain: scope …"); composeRecommendedAction path-context fallback ("Review and confirm…" → "Scope ${dest} access…").
C-17. No raw MongoDB ObjectIds in chain user-facing copy
Source: PR #1003 (#988 rev4, merged 2026-05-16) + PR #1008 regression gate
Date: 2026-05-16 (post-#988 v5 validation)
Status: LOCKED + CI-enforced
Durability: LOCKED-IN-CODE
Durable backstop: PR #1003 fix + /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/pages/__tests__/chain-per-path-differentiation.test.tsx (PR #1008) regression test.
Verbatim (PR #1003):
Confirm no raw ObjectIds appear in user-visible copy (24-hex strings). When a path's destination resolves to an entity, the title shows the entity's
display_name(e.g.GP_Clinical_Notes) instead of a raw ObjectId (2c0da7d0bdaceac1adf5b6d2).
C-18. Chain remediation must acknowledge what could go wrong (no "just do this")
Source: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/design-principles.md:88-101
Date: 2026-03-16
Status: LOCKED
Durability: LOCKED-IN-DOC (NS-tagged in-repo)
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/design-principles.md:88-101 (Principle 4 "Remediation Must Be Safe to Follow").
Verbatim:
Remediation guidance must acknowledge that the fix might break something. Never present a remediation as "just do this" without stating what could go wrong. Test: Would a partner feel confident telling a client to execute this remediation? Would they feel embarrassed if it broke a production service?
Notes: Reinforces C-7 ranked-actions contract but adds a durable business-impact-caveat dimension. Predates v0.6 but durable.
C-19. Reach from this path — 6-row content contract
Source: 2026-05-14 Chain HANDOFF lines 242-253, restored from later v1.0-draft North Star synthesis.
Date: 2026-05-14 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only the handoff text and later v1.0-draft synthesis preserve this as a clause.
Verbatim shape:
Sensitive domains: 3 · customer · salesforce · servicenow External egress: Yes Paired paths: 7 other paths in this cluster Destinations reachable: 5 Compensating controls: None observed in 30d ASI mapping: ASI-02 · ASI-08 · ASI-10
Notes: The row schema is the contract; the example values are illustrative. Without this block, the operator can see one diagrammed path but not the reach context around that path.
C-22. Ranked-action body text contract
Source: 2026-05-14 Chain HANDOFF ranked-action structure, restored from later v1.0-draft North Star synthesis.
Date: 2026-05-16 (Sergey feedback synthesis)
Status: LOCKED
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only the handoff text and later v1.0-draft synthesis preserve this as a clause.
Verbatim rule: Each Primary / Alternative / Compensating-control action requires both a title and a body line. Title-only actions are incomplete.
Notes: This extends C-7 by defining the minimum content shape for each ranked action, and it pairs with C-16 for the imperative first-sentence requirement.
Cross-cutting (vocab, deterministic-source, visual canon)
X-1. CI-enforced banned vocabulary on narrative-UI paths
Source: /Users/mini1/dev/securityv0/repos/sv0-platform/scripts/check-banned-vocabulary.ts:100-216
Date: Wired 2026-05-13+; PR #1009 added imperative rule 2026-05-16
Status: LOCKED + CI-enforced (npm run check:vocab is third gate in npm run ci)
Durability: LOCKED-IN-CODE
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/scripts/check-banned-vocabulary.ts is in git, in CI.
Verbatim (script header):
Scans
src/**/*.{ts,tsx}andui/src/**/*.{ts,tsx}for the banned strings defined in02-handoff-v0.6.md §2. Exits 1 with a clearfile:line — banned "<term>" — replace with "<required>"table if any hit is found.
Notes: Banned terms list:
Autonomous identities/identity→Non-human identities/identity(TLD-6)Canonical stories/story→Governance stories/story(TLD-2, #770)Execution Chains(list page) →Access Chain(§3.4)Open Story 01→Open lead brief(TLD-6)Dormant→Standing authority(PR-D4, 2026-05-13 handoff) — scoped to narrative pathstracking-[...], sub-12pxtext-[<rem>],tracking-widest— type-token rules inui/src/components/narrative/could/might/may/likely/if compromised— banned on CC1_NARRATIVE_PATHS (BriefPage, RemediationBriefPage, ExecutionChainDetailPage,ui/src/data/,ui/src/components/narrative/)to accessed/to sent— generated-copy grammar artifactschain-recommended-action-imperativerule (PR #1009) — first sentence ofremediationPlan+composeRecommendedActionfallback must include allowed imperative verb + named entity, no hedge phrasing Bypass:// vocab-allow: <reason>inline.
X-2. PRINCIPLES.md — 10 design-iteration principles (pilot-level)
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-13-overview-v0.6/PRINCIPLES.md
Date: Bundle-included (pre-2026-05-13 anchored)
Status: LOCKED (pilot floor)
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: none — only .scratch source. Closest in-repo doc is /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/design-principles.md (6 different principles, 2026-03-16). See X-19.
Verbatim (section headers):
§1 Every new affordance names its backend reality · §2 Read paths and write paths are different specs · §3 No client-only state for things that should outlive a refresh · §4 New entities reconcile with the existing model before naming in UI · §5 Determinism in copy means determinism in source · §6 Every state that exists in the design exists in production · §7 Operator and CSO surfaces share data, not chrome · §8 Probabilistic language is a data bug, not a copy bug · §9 Print and screen are the same content in different layout · §10 Tweaks are for design comparison, not for shipping flexibility
Notes: §5 + §8 are the deterministic-vocab basis cited in every other anti-hedge directive. §6 enumerates required states: loading, empty, partial, error, permission-denied, stale.
X-3. COMPONENTS.md — primitive catalog + intentional gaps
Source: /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-13-overview-v0.6/COMPONENTS.md
Date: v0.5 (2026-05-06)
Status: LOCKED (pilot-only, with handoff-v0.6 supersedence on conflict)
Durability: LOCKED-IN-SCRATCH-ONLY (+ partial backstop in claude-design-pilot/)
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/claude-design-pilot/v0.3/, v0.2/, v0.1.final/ COMPONENTS.md siblings exist in-repo. These claude-design-pilot copies are the in-repo backstop. <ActivityChip> is retained for back-compat — see X-16.
Verbatim (key constraints):
- No
<Card>/<Panel>wrapper. Surfaces separate by tonal step, not borders. - No<Score>or<Gauge>. Posture is a sentence, not a number. - No<Icon>system. Chips use textual glyphs (●, ◐, →). - No modal / dialog. Every "detail" is a real page. - No toast / notification. This is a reading surface, not a workflow. - No charts / sparklines. Trend is told with a sentence and a deterministic signal.
Notes: Per memory project_canonical_overview_design_2026_05_13.md:32-36: 2026-05-13 HANDOFF supersedes COMPONENTS.md where the latter mentions Dormant. <ActivityChip> is retained for back-compat only; new surfaces use <ExecutionStateChip> directly.
X-4. Design is visual mockup, NOT data-correctness target
Source: memory/feedback_design_is_visual_mockup_not_data_target.md
Date: 2026-05-14 (Ivan correction)
Status: LOCKED (process rule)
Durability: LOCKED-IN-DOC (memory only)
Durable backstop: per-user memory note only (~/.claude-sv0/.../memory/MEMORY.md). No in-repo doc carries the "design is visual mockup, NOT data-correctness target" rule.
Verbatim (Ivan):
Design is always a mock-up, always fake data. We should use design as visual guidance for how tables are formatted, CSS, navigation, panels, alignments.
Notes: When auditing impl-vs-canonical, score gaps by visual/structural divergence (panel borders, grid columns, alignment, type scale) — NOT by content mismatch. When canonical names a specific workload/cluster/owner string, treat as authoring example for the AUTHORED COPY layer (e.g. governance-stories.ts), not a demand to make live data tree contain that exact entity.
X-5. v0.5 narrative HTML rejection lock (Sergey 2026-05-13)
Source: memory/project_canonical_overview_design_2026_05_13.md:37-48
Date: 2026-05-13 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-DOC (memory only)
Durable backstop: memory note project_canonical_overview_design_2026_05_13.md. /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/pages/OverviewPage.tsx:11-19 Zone-removal header comment partially captures the lock.
Verbatim:
Non-Goals — these were in older v0.5 narrative HTML, Sergey explicitly rejected them: 4-up totals/KPI strip · Strategic-context two-column section with Deterministic Signals 2x2 grid · "Above the line — Four governance stories, ranked." section header · Drift sentence callout · Resolution Tracker callout block · "Below the line — Supporting inventory" section · SIEM eligible / Send SIEM alert controls · Route remediation / Assign owner / Open tracker / Track in tracker CTAs · Risk score / posture / cluster framing on Overview.
Notes: Implementation OverviewPage.tsx:11-19 removed Zone B (KPI tiles), Zone C (Strategic Context). Zone E "Closer link" replaced with "Why these briefs surfaced" + "Related access paths."
X-6. TLD-5 Positioning — runtime governance / control plane, NOT posture/CNAPP/ITDR
Source: 02-handoff-v0.6.md TLD-5 (Sergey 2026-05-09)
Date: 2026-05-09 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-DOC
Durable backstop: 02-handoff-v0.6.md TLD-5 is in UN-MERGED worktree (sv0-documentation#247), BUT /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/positioning/positioning-snapshot.md (2026-04-18, status: active, priority: high) + /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/positioning/differentiation.md (2026-04-18, status: active) carry essentially the same "not posture / not CNAPP / runtime governance" framing. In-repo backstop EXISTS. See X-20 and X-22.
Verbatim:
Runtime governance / control plane for non-human identities, AI agents, and automations. Not posture management. Not CNAPP. Not ITDR. Not a posture-score dashboard. Page chrome, sidebar group labels, and hero eyebrows must reinforce the runtime-governance read.
Notes: Sidebar label = Governance, not Posture.
X-7. TLD-7 Greg/TPx workflow — SIEM-entry path is the funded reference
Source: memory/project_tpx_greg_workflow.md + 02-handoff-v0.6.md TLD-7
Date: 2026-05-12 (Sergey from Greg)
Status: LOCKED (compatibility) — NOT a binding constraint
Durability: LOCKED-IN-DOC (memory only)
Durable backstop: memory note project_tpx_greg_workflow.md. Memory survives this Mac only.
Verbatim (workflow):
SecurityV0 detects governance issue → SIEM alert (Splunk / Sentinel / ServiceNow) → analyst or bot opens the alert → clicks into SecurityV0 Brief → validates the finding → clicks into Access Chain → verifies the proof → executes Remediation Plan → tracks closure in Resolution Tracker
Notes: Sergey's word is "compatible with", not "binding constraint." Greg/TPx is one customer. Don't over-fit to TPx-specific routing details. Memory flags Synthesis A/B/C as team-pending, NOT Sergey-locked.
X-8. UX-GUIDE.md — older Three-Zone Model + Four Questions (predates v0.6 handoffs)
Source: /Users/mini1/dev/securityv0/repos/sv0-platform/UX-GUIDE.md
Date: Pre-2026-05-09 (cites Sergey March/April 2026 feedback)
Status: PARTIALLY SUPERSEDED by v0.6 surface-specific handoffs
Durability: LOCKED-BUT-CONTRADICTED (and underlying doc is LOCKED-IN-DOC)
Durable backstop: UX-GUIDE.md lives in git. BUT (a) UX-GUIDE.md itself has NO supersedence banner; (b) AGENTS.md:78 still cites UX-GUIDE.md as MANDATORY pre-UI read; (c) the supersedence chain (Four Questions → 5-question Overview/Brief) lives only in .scratch/HANDOFF.md + memory. See X-15, X-18.
Verbatim (key fragments):
§3 Four Questions: 1. What is proven versus inferred? 2. Why does it matter in business terms? 3. What is the safest first action? 4. Who should own that action? These must appear in this order. §4 Three-Zone Model: Zone A — Decision (above fold) · Zone B — Context (on scroll) · Zone C — Evidence (collapsed by default)
Notes: The "Three-Zone Model" is REJECTED for Chain page (HANDOFF.md "Do Not Reintroduce: Zone A / Zone B / Zone C labels"). The "Four Questions" predates the v0.6 5-question Brief contract. UX-GUIDE's terminology table (access chain, observed access chain, execution exposure, standing authority, scope drift) is still authoritative for vocabulary. AGENTS.md cites UX-GUIDE.md as source of truth — needs reconciliation with v0.6 handoffs in synthesis step.
X-9. ADR-019 — Narrative composition contract (backend) + cluster-overlay accountability
Source: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/architecture/decisions/adr-019-narrative-composition-and-cluster-overlay.md
Date: 2026-04-29
Status: ACCEPTED
Durability: LOCKED-IN-DOC
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/architecture/decisions/adr-019-narrative-composition-and-cluster-overlay.md in sv0-documentation/main. Genuine in-repo lock.
Verbatim (Decision 1):
The customer-visible narrative for a risk cluster is computed at query time as
template(idea) + slots(forcing-data): Idea template lives per cluster_key. Default in code (extendingRISK_CLUSTER_DEFSwith anidea_templatefield). Tenant overrides in a newcluster_narrativesMongoDB collection. Slot values are pure functions over deterministic graph state. Render is a pure function. Same template + same slot values → same rendered prose. LLM render mode is a future toggle over the same slot contract.
Notes: This is the backend contract behind useClusterNarrative and the brief-compute.ts composers. ADR-019 explicitly rejects pre-written prose blobs AND LLM-only narrative. Issue #1010 (tenant-agnostic hero copy) is a direct violation of this contract at the precedence-order level.
X-10. CC1-CC10 cross-cutting fence from 02-handoff-v0.6.md
Source: 02-handoff-v0.6.md §4 (referenced from PR #840 description)
Date: Locked 2026-05-10
Status: LOCKED (merge-gate spec)
Durability: LOCKED-IN-SCRATCH-ONLY (partial backstop)
Durable backstop: 02-handoff-v0.6.md §4 is in un-merged worktree. CC-1/CC-3/CC-4 land in-code via /Users/mini1/dev/securityv0/repos/sv0-platform/scripts/check-banned-vocabulary.ts (vocab gate). CC-2 (one HeroDecision per page) not asserted in code. CC-6 visual diff gate operates via scripts/visual-diff-report.ts but the <1% threshold rule lives only in handoff. CC-7/CC-8 noted superseded inline.
Verbatim (PR #840 §6):
CC-1 — Determinism vocab fence (
can/allowsonly; nowill/likely/may) · CC-2 — One<HeroDecision>per page, exactly · CC-3 — Banned vocabulary grep returns zero · CC-4 — Required vocabulary grep returns expected hits · CC-5 — Per-surface rejection criteria (§3.1-3.4) all clear · CC-6 — Visual diff against the locked design HTML — content area < 1% diff on PR-C/D · CC-7 —data.postureHeadline.sentencerendered verbatim (Overview) · CC-8 — Right rail + ChainDiagram embed present (Brief) · CC-9 — Tracker cardinality = N (uncapped) · CC-10 — Cross-PR copy-pin tests green.
Notes: CC-1, CC-3, CC-4 land as CI gates in PR-A (check-banned-vocabulary.ts). CC-5..CC-10 are per-surface manual + visual-qa.ts automated. CC-7 contract: render postureHeadline.sentence verbatim — superseded for Overview by 2026-05-13 handoff which uses buildPostureHeadline() composer instead of a prebaked sentence. CC-8 contract: right rail + ChainDiagram on Brief — the 2026-05-14 Brief HANDOFF dropped the "right rail" requirement; the Representative access chain ChainDiagram remains required.
X-11. WAC do-not-regress invariants (10 items)
Source: 02-handoff-v0.6.md §5 (WAC-1..10)
Date: 2026-05-10 (referenced)
Status: LOCKED (subset re-confirmed in 2026-05-13/14 handoffs)
Durability: LOCKED-IN-SCRATCH-ONLY
Durable backstop: WAC-1..10 invariants live only in 02-handoff-v0.6.md §5 (un-merged worktree). WAC-10 (Tracker cardinality uncapped) partially in-code via /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/design-contract.ts HERO_HEADLINE_TEMPLATE (line 144) which assumes uncapped N. WAC-6 (Chain reachable only via row drill-in) has no in-code assertion.
Verbatim (high-signal items):
WAC-10: Tracker cardinality never capped (per #770). WAC-6: Access Chain detail reachable only via row drill-in.
Notes: Full WAC list lives in 02-handoff-v0.6.md §5; only items binding on Overview/Brief/Chain repeated above.
X-12. Issue #770 lock — top 4 of N (governance stories), Sergey verbatim
Source: Issue #770 Sergey comment 2026-05-11 (https://github.com/SecurityV0/sv0-platform/issues/770#issuecomment-4419839599)
Date: 2026-05-11 (Sergey)
Status: LOCKED (arbitrated)
Durability: LOCKED-IN-DOC (GH-only)
Durable backstop: GitHub Issue #770 comment + memory. Reified in code via MAX_CANONICAL_STORIES = 4 constant in OverviewPage.tsx (per O-16 evidence).
Verbatim:
B. Overview should show the top 4 of N governance stories as the executive scan. Resolution Tracker should show all active governance stories so nothing is hidden from the operator/accountability workflow. "Canonical story" should describe the structure of the story, not a fixed count of exactly four. We should make the Overview copy explicit: top 4 of N, ranked.
X-13. Issue #839 lock — per-surface audience map (CISO / shared / operator)
Source: Issue #839 Sergey comment 2026-05-12 (https://github.com/SecurityV0/sv0-platform/issues/839#issuecomment-4431586238)
Date: 2026-05-12 (Sergey)
Status: LOCKED (arbitrated)
Durability: LOCKED-IN-DOC (GH-only)
Durable backstop: GitHub Issue #839 comment + memory. The per-surface audience map exists nowhere in-repo as a doc.
Verbatim:
Hybrid. Overview is CISO/IAM leadership first. Governance Brief is the shared landing surface. It should be leadership-readable, but not a long executive narrative, because an analyst may also enter it directly from a SIEM alert / Sentinel / Splunk workflow. That SIEM-entry path is not yet fully validated across customers, but Greg explicitly described it, so we should keep the design compatible with it. Access Chain is operator/proof-first. It should prove one path and show what action to take: what this path allows, why this path matters, deterministic chain, path facts, recommended actions, and evidence. So: CISO-first Overview; shared CISO/analyst Brief; operator-first Access Chain.
X-14. PR-D5 type-system tightening (narrative components only)
Source: scripts/check-banned-vocabulary.ts:142-174 (rules) + Sergey 2026-05-13 v0.5+ handoff
Date: 2026-05-13 (Sergey)
Status: LOCKED + CI-enforced
Durability: LOCKED-IN-CODE
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/scripts/check-banned-vocabulary.ts:142-174 rules survive in CI.
Verbatim (script comments):
Narrative-UI typography stays on the design-token scale (12-24px text, ≤0.06em letter-spacing on uppercase chips). Three sub-rules, all scoped to
ui/src/components/narrative/only.
Notes: (a) tracking-[<value>] banned (use tracking-tight | tracking-normal | tracking-wide | tracking-wider). (b) Sub-12px text-[<rem>] banned. (c) tracking-widest (0.1em) banned (use tracking-wider, 0.05em).
X-15. Five competing N-question frameworks (UNRESOLVED CONFLICT)
Source: Cross-reference across /Users/mini1/dev/securityv0/repos/sv0-platform/UX-GUIDE.md §3, /Users/mini1/dev/securityv0/repos/sv0-skills/founder-principles/SKILL.md:44-54, /Users/mini1/dev/securityv0/repos/sv0-platform/.claude/agents/ceo-reviewer.md:79-88, /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-13-overview-v0.6/HANDOFF.md:25-31, /Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-brief-v0.1/HANDOFF.md Q1-Q5
Date: 2026-05-16 (audit-of-audit surfaces conflict)
Status: DRIFTED — UNRESOLVED CONFLICT (must be reconciled in v1.0-DRAFT NS doc)
Durability: LOCKED-BUT-CONTRADICTED (each framework is itself locked in some source; they contradict at the cross-source level)
Durable backstop: all five sources cited above exist; conflict is between them. No in-repo authoritative reconciliation.
Verbatim (the five frameworks):
UX-GUIDE.md §3 "Four Questions": What is proven versus inferred? · Why does it matter in business terms? · What is the safest first action? · Who should own that action? founder-principles SKILL.md 5-question test: What executed? · What remains reachable? · What can it affect? · What evidence proves it? · What action is owned next? O-2 v0.6 Overview 5 questions: what is wrong · why it matters · what caused it · what proof supports it · what action should be reviewed next B-3 v0.6 Brief 5 questions: what is the root cause? · what is affected? · why does it matter now? · what is the recommended plan/action? · where should this be sent or tracked? ceo-reviewer "Four Questions for Every Screen": What is exposed? · Why does it matter? · Who owns it? · What needs action first?
Notes: The original inventory mentioned the O-2/UX-GUIDE conflict in passing (O-2 notes line) but did not surface it as a Cross-cutting entry. The audit-of-audit's note about design-principles.md "Triage decision rule" (investigate now · ticket now · watch · ignore) is a 4-action framework, NOT a 4-question framework — distinct artifact, not added here. v1.0 NS doc MUST pick a canonical reconciliation OR explicitly per-surface map (CISO scan / Brief landing / Chain operator) the way #839 hybrid-locked audience.
X-16. Three competing executionState vocabularies (UNRESOLVED CONFLICT)
Source: /Users/mini1/dev/securityv0/repos/sv0-skills/founder-principles/SKILL.md:60-67 vs /Users/mini1/dev/securityv0/repos/sv0-platform/scripts/check-banned-vocabulary.ts:128-140 vs <ActivityChip> back-compat (per X-3 inventory note + /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/components/narrative/ActivityChip.tsx)
Date: 2026-05-16
Status: DRIFTED — UNRESOLVED CONFLICT (partially-mitigated: CI gate scopes ban to narrative-UI paths only, leaving the skill and ActivityChip free)
Durability: LOCKED-BUT-CONTRADICTED (active contradiction — founder-principles skill is loaded every UI/copy/terminology task and tells agents to use Dormant, which the CI gate then bans on narrative paths)
Durable backstop: founder-principles SKILL.md is in sv0-skills git tree; check-banned-vocabulary.ts is in sv0-platform git tree; ActivityChip.tsx is in sv0-platform git tree. Conflict is between in-repo sources.
Verbatim:
founder-principles skill (SKILL.md:60-67): 3 states —
Execution confirmed(execution-backed) ·Standing authority(configuration-derived reach, no observed execution) ·Dormant(Authority exists; no recent activity, no confirmed execution) check-banned-vocabulary.ts: 2 states (Execution confirmed/Standing authority);DormantBANNED onui/src/components/narrative/,ui/src/data/,BriefPage.tsx,RemediationBriefPage.tsx,ExecutionChainDetailPage.tsx<ActivityChip>(claude-design-pilot v0.x COMPONENTS.md): retained for back-compat, still emitsDormant
Notes: The skill is loaded by Claude Code agents on every UI/copy task. It TELLS agents to use a three-state model that CI then bans on narrative paths. v1.0 NS doc must (a) update the skill to the 2-state model OR (b) explicitly carve out the narrative-UI vs general-UI scope difference. Needs Sergey decision before lock.
X-17. founder-principles skill cites non-existent doc (DANGLING REFERENCE)
Source: /Users/mini1/dev/securityv0/repos/sv0-skills/founder-principles/SKILL.md:151 cites sv0-documentation/docs/product/positioning/founder-operating-principles.md
Date: 2026-05-16
Status: DRIFTED — BROKEN POINTER (file confirmed absent)
Durability: LOCKED-BUT-CONTRADICTED (skill is in-repo and active; its pointer target is missing)
Durable backstop: Skill is in /Users/mini1/dev/securityv0/repos/sv0-skills/founder-principles/SKILL.md. Target file docs/product/positioning/founder-operating-principles.md does NOT exist (ls of /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/positioning/ returns only changes/, differentiation.md, positioning-snapshot.md, terminology.md).
Verbatim (SKILL.md:146-154):
For per-surface layout rules (Brief 8-step layout, Access Chain ranked actions, Resolution Tracker vs Remediation Plan layering, Risk Clusters subordinate model, Scope Drift row model, Access Paths story-linked index) and the full Decision Log, read:
sv0-documentation/docs/product/positioning/founder-operating-principles.md. Sections 6 (Per-surface invariants) and 9 (Decision Log) are the authoritative depth layer. This skill inlines the highest-frequency slices only.
Notes: The skill claims to defer to that doc as the "authoritative depth layer." Agents loading the skill cannot follow the pointer. Needs Sergey input on whether the doc should be created (consider reusing the filename for the canonical NS doc), the skill should be retired, or the skill should be repointed at the new NS doc once written.
X-18. AGENTS.md UI-Stack pointer to UX-GUIDE.md is stale (PARTIAL CONTRADICTION)
Source: /Users/mini1/dev/securityv0/repos/sv0-platform/AGENTS.md:78
Date: AGENTS.md most recently touched 2026-05-15
Status: DRIFTED — PARTIAL CONTRADICTION
Durability: LOCKED-BUT-CONTRADICTED
Durable backstop: AGENTS.md and UX-GUIDE.md both live in git. Contradiction is internal: AGENTS.md authoritatively points at UX-GUIDE.md as UI source of truth, but UX-GUIDE.md §3 (Four Questions) and §4 (Three-Zone Model) are explicitly superseded by v0.6 HANDOFFs (X-8). AGENTS.md does not cite the v0.6 supersedence chain (HANDOFFs, design-contract.ts, check-banned-vocabulary.ts, canonical 5-question contracts).
Verbatim (AGENTS.md:78):
Before starting any UI work, read
UX-GUIDE.md. It defines the product's terminology, page architecture, typography hierarchy, copy rules, and self-review checklist that all UI changes must follow.
Notes: This is the entry point every UI-touching Claude session reads first. If the NS doc lands, AGENTS.md needs a parallel pointer at minimum.
X-19. design-principles.md — 6 durable design principles (NS-tagged in-repo, MISSED by original inventory)
Source: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/design-principles.md
Date: 2026-03-16
Status: LOCKED (AUTHORITATIVE in-repo)
Durability: LOCKED-IN-DOC
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/design-principles.md — frontmatter tags: [design-principles, ux, north-star, product-direction], priority: critical, status: active. North Star quote in header.
Verbatim (the 6 principles, from section headers):
- Finish the Sentence · 2. Guide the Eye · 3. No Jargon Without Justification · 4. Remediation Must Be Safe to Follow · 5. Partners Sell the Report, Not the Tool · 6. Don't Add What Hasn't Been Asked For
Notes: The closest existing in-repo "Northstar" doc. Predates v0.6 but principles are durable. .claude/agents/ceo-reviewer.md:113-122 cites this as canonical. The pilot PRINCIPLES.md (X-2, 10 principles, .scratch-only) is a DIFFERENT set targeted at pilot-iteration discipline, not durable product direction. CONFLICT: design-principles.md header carries Sergey's 2026-03-16 quote — "CISOs and systems integrators come to SecurityV0 to pull data straight into their executive or board presentations." — which competes with X-6/TLD-5 (2026-05-09) "Runtime governance / control plane for non-human identities, AI agents, and automations. Not posture management. Not CNAPP." v1.0 NS doc must reconcile these two north-star quotes.
X-20. positioning-snapshot.md — in-repo durable backstop for TLD-5 positioning (FALSE-NEGATIVE CORRECTION)
Source: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/positioning/positioning-snapshot.md
Date: 2026-04-18
Status: LOCKED (AUTHORITATIVE in-repo)
Durability: LOCKED-IN-DOC
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/positioning/positioning-snapshot.md — frontmatter status: active, source: human, priority: high, tags: [positioning, product-marketing, access-chain, execution-exposure, runtime-authority].
Verbatim (key fragments):
SecurityV0 gives security teams operational proof and remediation guidance for AI agents already running in production. … SecurityV0 is not another place to review permissions. It is the system of record for what AI agents actually did with delegated authority. Differentiation: IAM = assigned access · DSPM = where sensitive data lives · CNAPP = cloud posture · SecurityV0 = what the AI agent actually did across systems, how it got there, and what decision is needed now
Notes: This is the in-repo durable backstop for X-6 (TLD-5 positioning). Original inventory said "planned — not yet created" — false. Re-verified by direct read 2026-05-16.
X-21. terminology.md — in-repo authoritative glossary for access-chain qualifiers (FALSE-NEGATIVE CORRECTION)
Source: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/positioning/terminology.md
Date: 2026-04-03
Status: LOCKED (AUTHORITATIVE in-repo)
Durability: LOCKED-IN-DOC (with internal conflict vs v0.6 two-state lock — see Notes)
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/positioning/terminology.md — status: active, source: human, priority: high.
Verbatim (Access Chain Qualifiers + Deprecated Terms):
Observed access chain: execution-backed and actually exercised. This is the default product and demo view. · Potential access chain: configuration-derived reach that could be exercised. This is supporting context, not the lead object. · Standing-authority-only: authority exists, but execution is not yet proven. · Unknown binding: execution or reach is visible, but the identity binding is not deterministic enough to claim a complete observed chain. Deprecated:
authority path→access chain;execution surface→execution exposure,standing authority, orpotential access chain.
Notes: This terminology is referenced inconsistently across the v0.6 HANDOFFs (which collapse Standing-authority-only to Standing authority as a 2-state model — see O-7/B-7). SUB-CONFLICT: terminology.md defines 4 qualifiers; v0.6 collapses to 2. v1.0 NS doc must either deprecate the four-qualifier model (and update terminology.md) or carve a "narrative-UI uses 2, deep glossary uses 4" rule.
X-22. differentiation.md — in-repo long-form differentiation doc (FALSE-NEGATIVE CORRECTION)
Source: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/positioning/differentiation.md
Date: 2026-04-18
Status: LOCKED (AUTHORITATIVE in-repo)
Durability: LOCKED-IN-DOC
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/positioning/differentiation.md — status: active, source: human, priority: high.
Verbatim (Category Line):
SecurityV0 gives security teams audit-ready evidence and governance for AI workflows in production.
Notes: The "audit-ready evidence and governance for AI workflows in production" category line is a STRONGER ICP framing than X-6's "runtime governance / control plane" framing. v1.0 NS doc needs to pick one or stack them. Long-form Vs DSPM / IAM-IGA / CNAPP differentiation sections add depth that the v0.6 HANDOFFs assume.
X-23. vision.md — durable in-repo product vision (MISSED by original inventory)
Source: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/strategy/vision.md
Date: 2026-03-08
Status: LOCKED (AUTHORITATIVE in-repo)
Durability: LOCKED-IN-DOC
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/strategy/vision.md — status: active, source: human, priority: high, tags: [vision, autonomous-execution, non-human-identity, governance, agentic-ai].
Verbatim (the chain):
SecurityV0 is building the system of record for autonomous execution authority. … SecurityV0 answers this deterministically by linking: Automation → Execution Identity → Standing Authority → Reachable Data → Egress Boundary → Human Accountability. Every exposure is backed by first-party evidence.
Notes: The 6-link chain is a different organizing model than the v0.6 5-question framings. Predates v0.6 but status: active. v1.0 NS doc must either subordinate or supersede explicitly. Referenced by review-ui skill as product vision source.
X-24. founder-feedback record (2026-03-31) — durable Sergey-direction predecessor to ADR-019 and TLD-5 (MISSED)
Source: /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/architecture/research/2026-03-31-founder-feedback-action-plan.md + /Users/mini1/dev/securityv0/repos/sv0-documentation/docs/architecture/research/2026-03-31-founder-response-access-path-grouping-execution-surface.md
Date: 2026-03-31
Status: LOCKED (AUTHORITATIVE in-repo Sergey direction record)
Durability: LOCKED-IN-DOC
Durable backstop: both files in sv0-documentation main branch. status: founder-feedback, source: sergey-founder-response, priority: high.
Verbatim (Sergey, from response doc lines 21-30, 75-80):
The paper is technically correct, but it stops at aggregation. The real product move is to define the unit of risk, control, remediation, and prioritization. That unit should be
Access Chain. The right model is:Access Chain= control and remediation primitive · observed execution = supporting evidence
Notes: This is the canonical predecessor to X-9 (ADR-019) and to the v0.6 Chain-as-detail framing. Predates the original inventory's earliest cited Sergey source (2026-05-09 TLD-5). Anchors the access-chain-as-unit decision that the v0.6 HANDOFFs assume.
X-25. COMPONENTS-PORT-NOTES.md — in-code primitive port log (MISSED)
Source: /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/components/narrative/COMPONENTS-PORT-NOTES.md
Date: 2026-04+ (per F1 / #430 reference)
Status: LOCKED (CANONICAL-IN-CODE port log)
Durability: LOCKED-IN-CODE
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/components/narrative/COMPONENTS-PORT-NOTES.md lives in git alongside the narrative components.
Verbatim (letter-spacing section):
The prototype uses several
letter-spacingvalues that don't line up with the Tailwind v4 default--tracking-*ramp: 0.08em → tracking-widest (0.1em); 0.12em → tracking-widest; 0.14em → tracking-widest; 0.18em → tracking-widest. We snapped all of these totracking-widest. The visual rhythm between "label / dateline / kicker" now collapses to a single tracking step — a minor regression from the pilot's editorial hierarchy, but acceptable for F1.
Notes: Documents WHY the narrative components carry specific design-token compromises (letter-spacing snapped to tracking-widest, headline 24px vs Tailwind text-2xl of 44px). Direct overlap with O-12, B-15, X-14 type-scale entries.
X-26. claude-design-pilot/ — durable in-repo pilot trail (MISSED)
Source: /Users/mini1/dev/securityv0/repos/sv0-platform/claude-design-pilot/ (PLAN.md, SESSION-HANDOFF.md, FOUNDER-COPY-WORKSHEET.md, README.md, v0.1/v0.1.final/v0.2/v0.3)
Date: 2026-04 through 2026-05
Status: LOCKED (In-repo, committed)
Durability: LOCKED-IN-CODE (SESSION-HANDOFF.md is self-marked EPHEMERAL and tagged for deletion before PR #420 merges, but currently in tree)
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/claude-design-pilot/PLAN.md etc. All in git.
Verbatim (PLAN.md "North star", lines 11-20):
Ship a version of Overview + Brief + Access-chain detail that: 1. Leads with four canonical governance stories, ranked by decision relevance · 2. Replaces KPI strips and gauges with deterministic sentences · 3. Puts What Happened + Am I Exposed? as the top zone of every brief · 4. Demotes path inventory to supporting evidence, not an entry point · 5. Keeps all copy deterministic — no
Likely, no probabilistic verdicts · 6. Passesvisual-diff-report.ts --agent-reportwith no regressions elsewhere
Notes: PLAN.md's North Star uses "canonical governance stories" (4 ranked) which directly anchors X-12 (#770 lock for top 4 of N). SESSION-HANDOFF.md "Hard guardrails" anchors the deterministic-copy rules across O-17, B-17, X-9. FOUNDER-COPY-WORKSHEET.md is the in-repo source of the verbatim Story-03 voice reference that B-3 / B-5 build on.
X-27. feature-flags-narrative-v2.md runbook governs which surfaces are NS-locked (MISSED)
Source: /Users/mini1/dev/securityv0/repos/sv0-platform/docs/runbooks/feature-flags-narrative-v2.md
Date: 2026-04+ (per #537/#538 reference)
Status: LOCKED (AUTHORITATIVE in-repo runbook)
Durability: LOCKED-IN-CODE
Durable backstop: /Users/mini1/dev/securityv0/repos/sv0-platform/docs/runbooks/feature-flags-narrative-v2.md + /Users/mini1/dev/securityv0/repos/sv0-platform/ui/src/lib/feature-flags.ts.
Verbatim (flags table lines 9-15):
NarrativeFlag.Overview(VITE_FF_NARRATIVE_OVERVIEW_V2 — Overview page redesign #436) ·NarrativeFlag.Brief(VITE_FF_NARRATIVE_BRIEF_V2 — Brief Balanced foundation #437) ·NarrativeFlag.Chain(VITE_FF_NARRATIVE_CHAIN_V2 — Chain ranked-actions redesign #438) ·NarrativeFlag.Tracker(VITE_FF_NARRATIVE_TRACKER_V2 — Resolution Tracker page #524). All flags default tofalse.
Notes: Every NS direction in the inventory applies ONLY when the corresponding flag is true. Defaults are off, so the in-production behavior may not embody any LOCKED entry. v1.0 NS doc must cite the flag → surface mapping and the rollout / default-on plan. CONFLICT: original inventory implicitly assumes the v0.6 contracts are the shipping shape; they only render when the flag is enabled in the build env.
X-33. SIEM-out write-OUT class permitted
Source: Sergey resolution on sv0-platform#1018, restored from later v1.0-draft North Star synthesis.
Date: 2026-05-17 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-DOC
Durable backstop: sv0-platform#1018 comment thread plus this inventory entry.
Verbatim direction: SIEM / ITSM emission is a distinct write-OUT class and is approved; the read-only connector rule applies to source systems, not OUT-class sinks.
Notes: Implementation must distinguish OUT-class sinks from source-system writeback in code paths, configuration UI, and tenant scope policy.
X-34. Remediation Plan as distinct surface
Source: Sergey resolution on sv0-platform#1018, restored from later v1.0-draft North Star synthesis.
Date: 2026-05-17 (Sergey)
Status: LOCKED
Durability: LOCKED-IN-DOC
Durable backstop: sv0-platform#1018 comment thread plus this inventory entry.
Verbatim direction: Remediation Plan is its own navigable page, not only an anchor or section inside the Brief.
Notes: The Brief's Remediation plan field remains the in-Brief summary; the standalone page carries operator-grade execution detail such as ordered actions, rollback strategy, validation checkpoints, and required evidence.
Open UX question receipt
Q-10. Chain path-layout direction remains open
Source: Sergey 2026-05-16 feedback as tracked on sv0-platform#1018, restored from later v1.0-draft North Star synthesis.
Date: 2026-05-16
Status: OPEN
Awaits: Sergey clarification.
Question: Does the requested vertical alignment change refer to the compact chain diagram, or to the four-field top decision block?
Conflict: C-8 locks the diagram as a compact horizontal chain. C-6 locks the four top decision fields but does not lock their internal layout. Until clarified, the readable guide keeps the compact horizontal chain and avoids expanding the page into a large graph.
Sources NOT FOUND but referenced
brief.htmlcanonical Brief design HTML in 2026-05-14 bundle. The bundle hasbrief-claude-design.html,brief-reference.png,stitch-bundle.zip,stitch-src/code.html+screen.png— but no top-levelbrief.html. The HANDOFF.md is the binding spec; the Stitchcode.htmlis the visual reference. Memory notefeedback_design_is_visual_mockup_not_data_target.mdcitesbrief-claude-design.html:173-179for sensitive-domains tile layout — found, present (~26KB).chain.htmlcanonical Access Chain design HTML in 2026-05-14 bundle. The 2026-05-14-access-chain-v0.1 bundle has ONLYHANDOFF.md+stitch-src/code.html. The HANDOFF.md is the binding spec. PR #840 description's reference tohttps://v06-pilot-design.sv0-reviews.pages.dev/chainis a Pages-deployed static mirror; not in the repo.02-handoff-v0.6.mdin the mainsv0-documentationworking tree. The doc exists only inside the worktree atrepos/sv0-documentation/.claude/worktrees/claude-design-v06-handoff/docs/plans/2026-05-10-claude-design-v06-handoff/02-handoff-v0.6.md. The PR sv0-documentation#247 is still open (un-merged). This is the upstream that several memory notes treat as "locked" but it has never landed onmain.docs/product/positioning/positioning-snapshot.md,terminology.md,differentiation.md— UX-GUIDE.md cites these as "planned — not yet created". Confirmed absent:find docs/productreturns no such files.findfrom wrong CWD or the files were added between scan and citation. Re-verified by directls:/Users/mini1/dev/securityv0/repos/sv0-documentation/docs/product/positioning/contains all three (positioning-snapshot.md 3353 bytes 2026-04-18, terminology.md 2569 bytes 2026-04-03, differentiation.md 3680 bytes 2026-04-18).- PR-D1+D2 PRs by number — the audit task references PR #893 (PR-D1+D2 Overview architecture). #893 is an issue, not a PR. The implementation landed in PR #894 ("feat(overview): PR-D1 — Overview shell rebuild"). Issue #893's body is the PR-D1 spec.
- PR #1003 / #1008 / #1009 are merged into
redesign/v06-pilotbut NOT yet intomain. Audit treatedorigin/redesign/v06-pilotas the v0.6 pilot trunk per AGENTS.md / project memory. brief-claude-design.htmldirect on disk — present at/Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-14-brief-v0.1/brief-claude-design.html. Not opened in detail in this audit; the HANDOFF.md is the canonical text spec. If synthesis needs visual structural details (panel grid, sub-card layout) beyond HANDOFF.md prose, this file is the source.overview v0.5.htmldirect on disk — present at/Users/mini1/dev/securityv0/.scratch/design-targets/2026-05-13-overview-v0.6/overview v0.5.html— REJECTED per memoryproject_canonical_overview_design_2026_05_13.md:58. Listed here as a sources-NOT-to-use anchor.
Recommendation (revised 2026-05-16)
Status: NEEDS REVISION → REVISED. Ready as input to v1.0-DRAFT NS doc at sv0-documentation/docs/design/ux/north-star.md.
LOCKED-IN-SCRATCH-ONLY entries (26 total, includes 3 +CONTRADICTED variants and 2 partial-backstop variants) require either elevation to in-repo durable sources during v1.0-DRAFT authoring OR explicit "authoring artifact only" footnoting in the canonical doc. Concrete elevation candidates: every Chain field-contract (C-3, C-5, C-6, C-8, C-9, C-10, C-11, C-12, C-13), every Overview/Brief vocab/affordance ban not yet in the CI gate (O-8, O-9, O-10, O-11, B-6, B-8, B-9, B-10, B-12), and the cross-cutting frameworks (X-2, X-10, X-11).
LOCKED-BUT-CONTRADICTED entries (9 total — O-2, O-6, B-1, B-3, X-8, X-15, X-16, X-17, X-18) require Sergey decisions before lock; v1.0-DRAFT should list them in an Open NS Questions table at the top of the doc. Key reconciliations needed:
- Which N-question framework wins, or per-surface mapping (X-15).
- Two-state vs three-state executionState — update founder-principles skill, or carve scope (X-16).
- Repoint or create
founder-operating-principles.mdreferenced by founder-principles skill (X-17). - AGENTS.md UI-Stack section: add pointer to NS doc alongside (or in place of) UX-GUIDE.md (X-18).
- design-principles.md "North Star" quote (2026-03-16) vs TLD-5 "Runtime governance / control plane" (2026-05-09) vs positioning-snapshot.md "system of record for what AI agents actually did" (2026-04-18) — three competing north-star sentences (X-19/X-6/X-20).
- terminology.md 4-qualifier model vs v0.6 2-state model (X-21).
- vision.md 6-link Automation → Egress chain vs v0.6 5-question framings (X-23).
- NarrativeFlag default-off vs inventory's implicit "v0.6 = shipping" framing (X-27).
Original inventory entries: 82 (65 original + 17 new). Supplemental v1.0-draft receipts restored 2026-05-18: B-19, C-19, C-22, X-33, X-34, Q-10. Tier totals for the original 82 entries (entries may carry compound tags): 29 LOCKED-IN-CODE (any variant; incl. 2 LIVE DEFECT — O-5, B-17 — where code holds and deployment drifted). 21 LOCKED-IN-DOC (any variant; incl. 6 genuine in-repo doc: ADR-019 / positioning-snapshot / terminology / differentiation / design-principles / vision / founder-feedback / COMPONENTS-PORT-NOTES / claude-design-pilot / feature-flags runbook = 8 unique in-repo docs cited as backstops; 8 memory-only or GH-comment-only — see X-4, X-5, X-7, O-15, C-2, X-12, X-13; 3 NS-tagged in-repo via design-principles — O-19, B-18, C-18; 2 with caveats). 26 LOCKED-IN-SCRATCH-ONLY (includes 3 +CONTRADICTED variants and 2 partial-backstop variants). 9 LOCKED-BUT-CONTRADICTED (in any variant; standalone or compound).