docs(project): plan for async permission propagation and RBAC hardening#5144
docs(project): plan for async permission propagation and RBAC hardening#5144rschlaefli wants to merge 3 commits into
Conversation
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Confidence Score: 5/5This looks safe to merge.
|
| Filename | Overview |
|---|---|
| project/2026-07-07-pr-5144-async-permission-propagation-plan.md | Adds a detailed implementation plan for permission propagation performance work and RBAC hardening, with no executable changes. |
Reviews (1): Last reviewed commit: "docs(project): link plan to PR 5144" | Re-trigger Greptile
What This Adds
This PR adds the implementation plan for reworking permission propagation and hardening the RBAC/sharing check path — docs only, no code changes:
Permission/DerivedPermissionmodel, the synchronous recursive recompute bottleneck (14 sharing mutations with{ timeout: 60000 }transactions), and four verified auth-check findings.transaction-concept): its diagnosis and invariants are adopted (fail-closedDerivedPermission-only checks, revoke > grant priority, idempotency keys); itsPendingPermissionOperationqueue mechanism is not — it reschedules the same O(users x hierarchy) per-row work instead of reducing it, and its infra options predate Hatchet in this repo. [CONCEPT] New suggested approach for asynchronous permission propagation #4808 stays open for reference per maintainer decision.How It Was Built
agy/Gemini review approved by the maintainer (8 accepted, 1 rebutted with evidence).Important Details
changeElementStatusstaying READ-gated is a confirmed intentional design (reviewers move element status without write permissions) — recorded in the plan as an invariant to document, not a gap to fix.checkAccessempty-array pass-through) are described at the design level; hardening is Slice 2 of the follow-up implementation.Branch Coverage
v3bfdf8c20c611494666initial plan,bfdf8c20creview-round integration), diff: 1 file, +187 lines, docs only.Review Focus
$executeRaw) — guardrails: parameterized-only, permanent equivalence test as schema-drift tripwire, per-moduleON CONFLICTtargets on the shared 8-constraintDerivedPermissiontable.Verification
Current head:
pnpm run check:all+pnpm run build-> pass (pre-commit and pre-push hooks, docs-only change).Not run:
Security / Privacy
$security-reviewgate is planned before the implementation PR, not this docs PR.Blocking Before Merge
Follow-Up After Merge