Milestone 1.1.5: Permission Bitmap Contract and ADR

Status: Complete
Goal: 1.1 Persistence and auth data plane
Phase: 1 — Core Platform

Summary

Lock the 64-bit permission bitmap in ADR-0009 and packages/permissions so auth, proxy, and future services share one source of truth. Resolve the Phase 2 proxy minimum permission set in decisions.md.

Branch

chore/m1-1-5-permission-bitmap

PR title

chore(auth): permission bitmap contract and ADR (m1.1.5)

Estimated effort

2–3 days

Prerequisites

1.1.2 merged

Tasks

Add ADR-0009 (full bit layout; not ADR-0007/0008)
Create packages/permissions with constants, predefined sets, helpers
Unit tests: Has, HasAny, RequiresMFA, group non-overlap, reserved bits 56–63
Document ProxyChatCompletion minimum for Phase 2 proxy
Update SECURITY.md §4.3 and decisions.md
Contributor execution materials prepared
Do not change ValidateTokenResponse field numbers (ADR-0006)

Files affected

Path	Action
`packages/permissions/permissions.go`	Add
`packages/permissions/permissions_test.go`	Add
`docs/adr/ADR-0009-permission-bitmap.md`	Add
`docs/SECURITY.md`	Update §4.3
`docs/app/content/roadmap/phase-1-core-platform/decisions`	Resolve pending decision

Definition of done

ADR-0009 accepted with full bit layout
go test ./packages/permissions/... passes
No bit overlap between groups (tested)
ProxyChatCompletion subset of AgentDefault (tested)
decisions.md proxy minimum resolved

Risks

Risk	Mitigation
Bit layout changes after adoption	ADR change policy; reserved bits 56–63

← Back to roadmap overview

Edit on GitHub

Last updated on

Previous1.1.4 Token Creation Next1.1.6 Argon2id Parameters

On this page

Summary
Branch
PR title
Estimated effort
Prerequisites
Tasks
Files affected
Definition of done
Risks