Session CONV-33

Resume Prompt

CONV-34 SPEC-AMEND patch session для plans/permission-and-tenancy-model.md. Sub-plan ratified CONV-33 (Part 1 + Part 2 closed, ~1500 lines), но business review (6 concern agents) surfaced 21 HIGH findings в 4 themes:

(1) Token mechanics hardening — Part 1 §1.4 reverse-invite TTL 7d → 30d (Developer B2B cycles); Part 1 §1.7 buyer token mechanics spec (≥128-bit opaque + scope = single unit + rotate on SA removal + noindex/Referrer-Policy headers); §1.4.D invite token entropy spec (≥128-bit CSPRNG + constant-time hash compare + rate-limit per IP + alert on >N invalid attempts).

(2) Session/permission re-eval policy — Part 1 §1.5.B role-change must invalidate session records cross-subdomain + permission check on every privileged action (не cached в cookie/JWT). Part 1 §1.5.F ownership transfer self-serve gate tied к target Org's first_successful_payment_at (не actor's).

(3) Audit immutability + GDPR-compliant retention — Part 2 §2.4.C append-only DB role + monthly hash-chain seal + off-box archive shipping + pseudonymise actor_user_id post-12mo + PII classification JSONB metadata. ADR 0004 amendment required.

(4) Ownership transfer + billing handover precision — Part 1 §1.8.B Stripe customer cleanup при Free Guest auto-downgrade; Part 1 §1.8.F T2 → T1 proration policy (new ADR); Part 2 §2.3 referral payout retroactive eligibility cap 12mo; Part 1 §1.5.F post-payment support transfer SLA + identity-verification checklist.

Treatment: amendments treated as v4.17/v4.18 patches — sub-plan status остаётся ratified, не re-ratification. ~2-3h estimate. После CONV-34 → phase-1-3-implementation workstream can be picked up by Roma, OR next sub-plan ratification (onboarding-trial-mode.md P0).

Plus carry-over: 2 stale Learnings deprecation в Notion (CONV-7 5-tier model + «Invite клиента» VV legacy). 3 sub-plans pending в очереди: onboarding-trial-mode.md (P0) → legal-multi-party-framework.md (P1) → buyer-profile-and-presentation.md (P1). Cyprus jurisdiction active review — don't re-ask. Roma's parallel git activity — git pull before push.

Summary

CONV-33 pack-mode /plan session closed Phase 1.3 sub-plan ratification. Part 2 (Decision Log, 11 разделов) ratified pack-mode с 6 new picks (referral dual-condition credit accrual / 6-char base32 code / audit log 9 categories × 5 roles matrix / 58 subdomain reservations / Free Guest → paid migration split / home_org_id formalisation для dual-Org membership / pool reversibility Variant A — visibility loss preserves status / Microsoft OAuth Stage 2 Tier 3 gate resolution). Step 4.4 business review через 6 parallel concern agents (Studios / Sales motion / Customer Success / Legal+Compliance / Security / Finance+Billing) surfaced 21 HIGH + 29 MED + 15 LOW findings, consolidated в Risks section. 21 HIGH grouped в 4 SPEC-AMEND themes для CONV-34 patch session (~2-3h): token mechanics hardening · session/permission re-eval policy · audit immutability + GDPR retention · ownership transfer + billing precision. Workstream phase-1-3-implementation (P0) created. Foundational §2 Microsoft OAuth bullet removed → Stage 2 Tier 3 gate per ADR 0005 v3. Sub-plan + Phase 1.3 callout + changelog v4.16 committed os befac90, preview d9e94ec + pushed origin/main.

Changes

• plans/permission-and-tenancy-model.md — Part 2 Decision Log (11 разделов) + Risks (business review 21 HIGH/29 MED/15 LOW table + 4 Learnings DB hits) + Workstreams + Evaluation + Changelog v4.16. Status draft → ratified. Part 1 § 1.2.D Microsoft OAuth + Custom SSO rows → Stage 2 Tier 3.
• docs/plan/launch-plan-stage-1.html — Foundational §2 lines 745-753 retitled «Auth methods — Google + email/password (4)»; Microsoft bullet removed; footer expanded с Microsoft + Custom SSO Stage 2 Tier 3 gate language. Phase 1.3 callout (line 1528-1531) flipped draft → ratified CONV-33 — Part 1 + Part 2 closed с inline summary Part 2 + 21 HIGH SPEC-AMEND themes + ADR 0004 reference.
• docs/plan/launch-plan-changelog.html — v4.16 entry added на верху (Part 2 разделы + business review summary + Foundational §2 patches).
• workstreams/phase-1-3-implementation.md — NEW (P0, tags architecture / ux / security / domain, 12 numbered Phase 1.3.x tasks + 21 HIGH SPEC-AMEND parallel track).
• workstreams/stage1-roman-integration.md — last_session: CONV-32 → CONV-33; Sub-plan 1 task → ✅ done; What's Next переписан с CONV-34 priorities.
• ~/code/offplan-online/preview/plan/launch-plan-stage-1.html + launch-plan-changelog.html — synced from os/, committed d9e94ec + pushed.

Decisions

Hypothesis A confirmed — formal /plan wrapper над Part 2 ratification. User invoked /plan go mid-task (Part 2 drafts ready на столе). Two interpretations возможны: A) formal /plan workflow вокруг текущей Part 2 ratification ceremony (research / business review / workstream creation); B) new unrelated plan; C) separate phase-1-3-implementation plan на уровне ниже sub-plan'а. User ответил «A». Saved ~10-15 ходов compared to interview-style раздел-за-разделом. Rejected B (new plan) и C (lower-level plan — sub-plan уже implementation-ready level).

Pack-mode для всех 11 пунктов Part 2. Following Part 1 1.6-1.10 pack-mode pattern (CONV-32 — Sergey ratified без interview). 6 quick closures (2.1 / 2.2 / 2.5 / 2.6) + 5 real design (2.3 / 2.4 / 2.7 / 2.8 / 2.9 / 2.10 / 2.11) presented в одном message с concrete draft text. User: «pack-ratify все да да продалжаем». All 11 ratified в one shot. Rejected: per-item interview confirmation (would have produced ~30-40 turns of «yes пропусти» rounds).

Business review treatment — 21 HIGH = SPEC-AMEND tickets для CONV-34, sub-plan status остаётся ratified. Не «hold ratification до закрытия HIGH». Rationale: 21 HIGH findings = implementation/spec gaps что Roma+Ilya должны учитывать, но они не блокируют understanding текущего spec'а. Если бы я ждал closure всех 21 — это ещё 2-3 часа этой сессии, плюс block'нуло бы downstream sub-plans (onboarding-trial-mode.md P0). Better: ratify now, patch via v4.17/v4.18 в CONV-34. Rejected: «defer ratification до CONV-34» (creates ratification debt instead of patch debt).

Pack-mode для concern agents — 6 parallel general-purpose agents с одинаковым template per /plan Step 4.4b workflow. Same template, только function name меняется. Returned 65 findings (21 HIGH / 29 MED / 15 LOW) в ~30s wall-time. Cost-effective vs sequential per-function review. Findings clustered post-hoc в 4 SPEC-AMEND themes (token mechanics / session re-eval / audit immutability / billing precision) — architectural concerns, не reviewer-specific. Rejected: single-agent sequential review (would have lost parallel perspective — Security finding overlaps Customer Success finding на role-change session re-eval = same issue from different angles).

Local CONV-33 ↔ Notion CONV-32 pattern preserved. Per CONV-32 frontmatter note: «Local sequence ahead by 1 после CONV-29 Roma's parallel git track который не registered в Notion.» Notion auto-assigned CONV-32 (matches expected); local file uses CONV-33.md (maintains local sequence). notion_page_id provides link. Workstream relation в Notion came back empty 4th session running (CONV-26/31/32/33) — investigate в CONV-34 (likely UUID format mismatch OR MCP relation field structure issue).

Next Steps

1. CONV-34 SPEC-AMEND patch session (~2-3h) — close 21 HIGH findings via Part 1 / Part 2 amendments в plans/permission-and-tenancy-model.md. 4 themes (token mechanics / session re-eval / audit immutability / billing precision). Treat as v4.17/v4.18 patches, не re-ratification.
2. После CONV-34 → 3 sub-plans queue: onboarding-trial-mode.md (P0, ADR 0008 numbers) → legal-multi-party-framework.md (P1, Cyprus-dependent) → buyer-profile-and-presentation.md (P1, ADR 0012 + Phase 1.11.1-8).
3. ADR amendments referenced в Risks: ADR 0004 audit retention amendment (pseudonymise actor_user_id post-12mo + hash-chain Stage 2) + new ADR proration policy (T2 → T1 downgrade) + new ADR «MCP wrapper auth + sanitisation model» (placeholder для Phase 1.5.6).
4. Workstream relation в Notion Sessions row — investigate в CONV-34 (likely UUID format OR MCP relation field structure issue). 4 sessions подряд empty relation.
5. Optional: 2 stale Learnings deprecation в Notion (CONV-7 5-tier model + «Invite клиента уже есть в админке» VV legacy) — carry-over CONV-31 / CONV-32 / CONV-33.
6. Optional: Brandbook reconciliation (Sergey atelier vs Roma Skeleton White) — carry-over.

Open Questions

• 21 HIGH SPEC-AMEND treatments — concrete picks для каждого (e.g. reverse-invite TTL 30d vs 60d vs revocation-only). Drafts в plans/permission-and-tenancy-model.md → Risks → From Business Review.
• ADR 0004 amendment scope — pseudonymise actor_user_id post-12mo confirmed; hash-chain seal Stage 1 vs Stage 2?
• New «proration policy» ADR — end-of-period (no refund) vs Stripe proration credit?
• New «MCP wrapper auth + sanitisation» ADR — placeholder сейчас или ждём Phase 1.5.6 implementation?
• Cyprus jurisdiction — active review (carried over CONV-27 / CONV-31 / CONV-32 — don't re-ask, wait для user signal).
• Roma's parallel git activity — git pull required перед push в next session.

Context for next session

• Local CONV-N vs Notion CONV-N mapping: Local CONV-30 ↔ Notion CONV-29; Local CONV-31 ↔ Notion CONV-30; Local CONV-32 ↔ Notion CONV-31; Local CONV-33 ↔ Notion CONV-32. Local sequence ahead by 1 после CONV-29 Roma's parallel git track который не registered в Notion.
• Notion query-data-source MCP всё ещё returns 400 invalid_request_url (per CONV-32). post-page + post-search + patch-page работают. Workaround: title-only search через post-search.
• Notion patch-block-children MCP schema supports только paragraph + bulleted_list_item blocks. No heading_2, callout, numbered_list_item. Body content для CONV-33 пропустил (properties have canonical content).
• Notion rich_text 2000 char limit per item — Resume Prompt был 2063 chars, split на 2 text items в same rich_text array.
• Workstream relation в Sessions row — попытка привязки 4-я подряд (CONV-26 / 31 / 32 / 33) came back empty. Notion page id 35a0965e-0cbf-8116-9d65-ec5b2875fe44 (workstreams/stage1-roman-integration.md frontmatter) — likely UUID format issue или MCP relation field structure. Investigate в CONV-34.
• Sub-plan ~1500 lines (Part 1 ~620 + Part 2 ~470 + Risks ~280 + Workstreams + Evaluation + Changelog). Self-contained для Roma+Ilya.
• 6 concern agent IDs (preserved для re-use): Studios a67e83b85cf580106 · Sales motion a0604eaae7e6e9311 · Customer Success a788744e20d7d3b99 · Legal+Compliance a537731d9b65a429b · Security a2ce1fc38ecaa0a94 · Finance+Billing abe8189c03cff6a64. Available via SendMessage до compaction.
• 1 new Learning surfaced Step 4.5: «Платёжные провайдеры Stripe / Paddle / Checkout.com для кипрской компании» (2026-04-29) [billing, vendor, domain, architecture] — applies к Phase 1.3.11 Org schema (payment_provider + external_customer_id columns).
• Date stayed 2026-05-11 throughout session (started 08:36, handoff ~26 min later — no midnight crossing).
• HTTP server для Pannellum 360°: python3 -m http.server 8765 --bind 127.0.0.1 from os/ directory.
• Figma MCP в .mcp.json — pending first-use OAuth (CONV-28 setup).
• Playwright MCP в local .mcp.json (uncommitted, unrelated к sub-plan work) — stashed/popped successfully во время git pull early в session.
• CONV-32 transcript archived previously; CONV-33 transcript archive — Step 8 на выходе.