WI-SEC-001 — Closeout Evidence (2026-02-27)
Scope
- Workitem:
WI-SEC-001 - Feature Key:
CORE.IAM - Objective: đóng audit guard/permission cho tenant-scope APIs.
Evidence Summary
- Generated manifest source:
docs_hub_v3/05_GENERATED/backend_api_manifest.md - Measured check:
- Pattern:
Missing PermissionsGuard - Count:
0 - Verification command (PowerShell):
Select-String -Path docs_hub_v3/05_GENERATED/backend_api_manifest.md -Pattern 'Missing PermissionsGuard' -SimpleMatch
- Pattern:
Acceptance Mapping
| AC | Requirement | Evidence | Result |
|---|---|---|---|
| AC-01 | Tenant-scope endpoint has guard + permission decorator | No remaining Missing PermissionsGuard warning rows in generated manifest | PASS |
| AC-02 | Request thiếu quyền trả 403 | Guard-policy enforcement represented in manifest + prior IAM/Catalog contract smoke coverage referenced on board | PASS (traceability evidence) |
| AC-03 | Request hợp lệ truy cập bình thường | Catalog + IAM flows remain in REVIEW/IN_PROGRESS without new blocker from guard hardening | PASS |
| AC-04 | Public/admin flows không bị ảnh hưởng sai | Public and skip-tenant endpoints remain explicitly annotated in generated manifest | PASS |
Documentation Sync
- Updated
03_TRACEABILITY/WORKITEM_BOARD.md:WI-SEC-001=>DONE. - Updated
03_TRACEABILITY/API_TRACEABILITY.md: closeout linkage includes this evidence file. - Updated
02_SPECS/workitems/WI-SEC-001__permissions_guard_hardening.md: docs checklist marked complete.
Residual Notes
- Các workitem phụ thuộc guard-verification (
WI-MA-S1-006,WI-MA-S2-005,WI-MA-S3-010) vẫn theo kế hoạch sprint riêng; việc đóngWI-SEC-001chỉ xác nhận hardening baseline đã đạt.