โ Open critical findings
doc-intel IntelligenceService gRPC missingsrc/server/__init__.py is empty (1 byte). api-gateway tree-review handlers connection-refused. CIT-358/359 โ kushal-claude implementing, blocked on cd #28
cd #28 halted โ schema-driftSQL migration built against fictional init.sql. Live DB diverged across document_trees, audits, audit_events. Path A/B/C decision pending
schema-drift sweep โ 3 critical tables, 8 missingdocument_trees, audits, audit_events all drift. 8 live tables not in init.sql. Past reviews approved against fiction
platform-services VerifyChainIntegrity unwiredReturns FailedPrecondition. JWT tenant_id metadata extraction missing. Compliance gap, ~30min fix
RLS partial on audit_findings (CIT-202)_set_tenant_context RPC prepared but FORCE ROW LEVEL SECURITY not enabled. Defense-in-depth only, service key bypasses
CIT-310 Hetzner secrets missingHETZNER_HOST + HETZNER_SSH_KEY not in citral-deploy GH secrets. Auto-deploys fail
โ
Resolved this session
L3 Opus auditor โ 419 lines in agent.py, NOT 0 (original inventory wrong)
Cross-section validator (CIT-64) โ 380 lines, NOT empty stub (original wrong)
Rules-as-prompt-string โ All rules from DB; no SOP injection (original wrong)
CIT-203 stuck audits โ Resolved Apr 12 per kushal-claude verification
ALCOA persistence โ audit_alcoa_scores table (PR #71)
L2 silent degradation โ pipeline_adapter (PR #72) bridges shapes
CIT-308b grpc_health_probe โ bundled in 6 of 6 gRPC services (orch + reg-k + cr + audit-engine + di-ingest + platform-svcs)
/readyz strict-mode โ OPTIONAL_BACKENDS env var (api-gw #34) tolerates MVP-disabled services