Spike: Visibility tier definitions and link audit #24

Merged

ldraney merged 2 commits from 17-visibility-tier-spike into main 2026-06-08 03:16:24 +00:00

Conversation 4 Commits 2 Files changed 1 +120 -8

ldraney commented 2026-06-07 16:33:22 +00:00

Owner

Copy link

Summary

• Completes the visibility spike by filling in the link inventory table in docs/visibility.md with proposed tier assignments across four categories: infrastructure, dev tools, collaboration, and portfolio
• Answers all three open questions: public tier serves as the portfolio (no login wall), three tiers are sufficient, and visibility is orthogonal to feature flags
• Documents emerging portfolio link types and lists implementation tickets needed (not created)

Changes

• docs/visibility.md: Replaced TODO inventory table with categorized link tables (infrastructure/superadmin, dev tools/superadmin, collaboration/member, portfolio/public), added emerging portfolio links section, answered all open questions with rationale, and documented six follow-up implementation tickets

Test Plan

• No code changes -- documentation-only spike
• Markdown renders correctly
• All existing doc content preserved, only TODOs filled in
• Tier assignments are consistent with architecture.md role definitions

Review Checklist

• No secrets committed
• No unnecessary file changes
• Commit messages are descriptive
• Feature flag needed? No -- documentation only, no code changes

Related Notes

• ldraney/palinks #17 -- Spike: Define link visibility tiers and assign current links
• Depends on #16 (Keycloak integration) for implementation
• Informs #19 (dev seed data) for visibility-aware seeds

Closes #17

## Summary - Completes the visibility spike by filling in the link inventory table in `docs/visibility.md` with proposed tier assignments across four categories: infrastructure, dev tools, collaboration, and portfolio - Answers all three open questions: public tier serves as the portfolio (no login wall), three tiers are sufficient, and visibility is orthogonal to feature flags - Documents emerging portfolio link types and lists implementation tickets needed (not created) ## Changes - `docs/visibility.md`: Replaced TODO inventory table with categorized link tables (infrastructure/superadmin, dev tools/superadmin, collaboration/member, portfolio/public), added emerging portfolio links section, answered all open questions with rationale, and documented six follow-up implementation tickets ## Test Plan - [x] No code changes -- documentation-only spike - [x] Markdown renders correctly - [x] All existing doc content preserved, only TODOs filled in - [x] Tier assignments are consistent with architecture.md role definitions ## Review Checklist - [x] No secrets committed - [x] No unnecessary file changes - [x] Commit messages are descriptive - [x] Feature flag needed? No -- documentation only, no code changes ## Related Notes - `ldraney/palinks #17` -- Spike: Define link visibility tiers and assign current links - Depends on #16 (Keycloak integration) for implementation - Informs #19 (dev seed data) for visibility-aware seeds Closes #17

ldraney added 1 commit 2026-06-07 16:33:22 +00:00

Spike: Complete visibility tier inventory and answer open questions ... b22deaa62e

Fill in the TODO sections of docs/visibility.md with:
- Full link inventory organized by category (infra, dev tools,
  collaboration, portfolio) with proposed visibility assignments
- Emerging portfolio link types for the palinks-as-front-door vision
- Answered all three open questions: public tier is the portfolio
  (no login wall), three tiers are sufficient for now, and visibility
  is orthogonal to feature flags
- Documented implementation tickets needed (not created)

Closes #17

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

ldraney commented 2026-06-07 16:34:06 +00:00

Author

Owner

Copy link

QA Review -- PR #24

Scope

Documentation-only spike. Single file changed: docs/visibility.md (+119/-8). No code, no migrations, no config changes.

Findings

Structure and completeness: PASS

• All three open questions answered with clear rationale
• Link inventory organized into four logical categories matching the tier hierarchy
• Emerging portfolio links section addresses the future vision
• Implementation tickets documented without being created (per spike scope)
• Existing content (tier definitions, mermaid diagrams, schema approach) preserved intact

Consistency with codebase: PASS

• Tier names (public/member/superadmin) match architecture.md role table and the visible_to scope already in the doc
• Infrastructure links (ArgoCD, Harbor, Grafana, Woodpecker, Keycloak, Forgejo, Tailscale, CNPG, MinIO) match services referenced in infrastructure.md and architecture.md
• Pal-E Docs and mdview match the seed commit (3a2e0f0)
• Contact channel assignment (member) aligns with US-9 acceptance criteria
• Feature flag interaction answer aligns with the feature flag architecture in architecture.md

Minor observations (non-blocking):

1. The inventory is category-based rather than a literal audit of production DB rows, which is the right call given no prod access. The doc clearly states this upfront.
2. The "Current" column from the original TODO table was dropped in favor of a simpler three-column format. This is fine -- there is no current visibility value to report since the column does not exist yet.
3. Implementation ticket #1 mentions a check constraint but the existing visible_to scope in the doc uses string matching. Not a conflict -- the constraint and scope would be additive. Just worth noting for the implementer.

No issues found:

• No secrets or sensitive data
• No unnecessary file changes
• Markdown formatting is clean
• Commit message is descriptive and includes Closes #17

VERDICT: APPROVE

Clean documentation spike. Inventory is thorough, open questions are answered with defensible positions, and implementation path is clearly scoped without over-committing.

## QA Review -- PR #24 ### Scope Documentation-only spike. Single file changed: `docs/visibility.md` (+119/-8). No code, no migrations, no config changes. ### Findings **Structure and completeness: PASS** - All three open questions answered with clear rationale - Link inventory organized into four logical categories matching the tier hierarchy - Emerging portfolio links section addresses the future vision - Implementation tickets documented without being created (per spike scope) - Existing content (tier definitions, mermaid diagrams, schema approach) preserved intact **Consistency with codebase: PASS** - Tier names (public/member/superadmin) match `architecture.md` role table and the `visible_to` scope already in the doc - Infrastructure links (ArgoCD, Harbor, Grafana, Woodpecker, Keycloak, Forgejo, Tailscale, CNPG, MinIO) match services referenced in `infrastructure.md` and `architecture.md` - Pal-E Docs and mdview match the seed commit (`3a2e0f0`) - Contact channel assignment (member) aligns with US-9 acceptance criteria - Feature flag interaction answer aligns with the feature flag architecture in `architecture.md` **Minor observations (non-blocking):** 1. The inventory is category-based rather than a literal audit of production DB rows, which is the right call given no prod access. The doc clearly states this upfront. 2. The "Current" column from the original TODO table was dropped in favor of a simpler three-column format. This is fine -- there is no current visibility value to report since the column does not exist yet. 3. Implementation ticket #1 mentions a check constraint but the existing `visible_to` scope in the doc uses string matching. Not a conflict -- the constraint and scope would be additive. Just worth noting for the implementer. **No issues found:** - No secrets or sensitive data - No unnecessary file changes - Markdown formatting is clean - Commit message is descriptive and includes `Closes #17` ### VERDICT: APPROVE Clean documentation spike. Inventory is thorough, open questions are answered with defensible positions, and implementation path is clearly scoped without over-committing.

ldraney commented 2026-06-08 01:40:37 +00:00

Author

Owner

Copy link

PR #24 Review

DOMAIN REVIEW

Tech stack: Documentation-only (Markdown). No code changes. Domain review focuses on content accuracy, internal consistency, and alignment with existing architecture docs.

Tier assignments vs. architecture.md: The three-tier model (public/member/superadmin) and the proposed link assignments are consistent with the role definitions in docs/architecture.md. The hierarchy is correctly applied -- infrastructure tools map to superadmin, collaboration tools to member, portfolio to public. The "safe default" principle (new links default to superadmin) is preserved.

Open questions answered: All three original questions are addressed with clear rationale. The answers are architecturally sound:

• Public tier as portfolio (no login wall) aligns with the auth flow diagram in architecture.md
• Three tiers sufficient for now, with metadata JSONB as escape hatch
• Visibility orthogonal to feature flags, with a clear articulation of where they intersect

Implementation tickets: Six follow-up tickets are documented with enough detail to be actionable. They correctly identify the dependency on #16 (Keycloak) for role-aware filtering.

BLOCKERS

None.

NITS

1. Phantom cross-reference "US-9": The PR references "per US-9" twice (in the member collaboration table and the emerging links table) for the contact form/channel. However, issue #9 in this repo is "Drag-and-drop reordering for link cards" -- it has nothing to do with contact forms. Either "US-9" refers to a user story in a different tracking system that does not exist here, or this is a hallucinated reference. This should be corrected or removed to avoid confusion when someone follows the reference.

2. Contact form visibility tension with existing content: The base document (unchanged by this PR) lists "Contact form (no personal info exposed -- submits to Lucas)" as a Public tier example in the Tier Definitions section (line 39) and in the mermaid diagram. However, this PR's tables assign the contact channel to member visibility ("Gated to prevent spam, per US-9"). The mermaid diagram still shows "contact form" under Public examples. This is not a blocker since the mermaid diagram predates this spike and was not in scope to update, but the contradiction should be resolved -- either update the mermaid diagram and tier definition to match, or explain the distinction between "contact form" (public, anonymous submission) vs. "contact channel" (member, direct access).

3. Minor: "Current" column dropped without note: The original table schema had a "Current" column that the PR removes. This is reasonable since no visibility column exists yet, but a brief inline note (e.g., "No visibility column exists in production yet; all links are currently visible to all users") would make the table self-explanatory. The PR does include this context in the paragraph above the tables, so this is very minor.

SOP COMPLIANCE

• Branch named after issue (17-visibility-tier-spike follows {issue-number}-{kebab-case-purpose})
• PR body follows template (## Summary, ## Changes, ## Test Plan, ## Review Checklist, ## Related Notes)
• Related Notes references parent issue (ldraney/palinks #17)
• Related Notes does not reference a plan slug (no plan note exists for this spike -- acceptable for a doc-only spike)
• No secrets, .env files, or credentials committed
• No unnecessary file changes (single file, docs/visibility.md, exactly in scope)
• Closes #17 present in PR body
• Commit messages are descriptive (PR title is clear)
• Test plan appropriate for doc-only change (no code = no tests needed)

PROCESS OBSERVATIONS

• This is a clean documentation spike. The scope is tight -- one file, answering three questions, proposing tier assignments, and listing follow-up tickets. No scope creep.
• The implementation tickets are well-structured for future planning sessions. Deferring ticket creation to a planning session is the right call.
• The dependency chain is correctly identified: visibility filtering depends on Keycloak integration (#16), and seed data (#19) should incorporate visibility tiers.
• Change failure risk: zero -- no code changes, no deployment impact.

VERDICT: APPROVED

The US-9 phantom reference (nit 1) and contact form visibility tension (nit 2) should be addressed before or shortly after merge, but neither rises to blocker level for a documentation spike. The core deliverables -- tier assignments, answered questions, and implementation roadmap -- are solid and consistent with the existing architecture.

## PR #24 Review ### DOMAIN REVIEW **Tech stack:** Documentation-only (Markdown). No code changes. Domain review focuses on content accuracy, internal consistency, and alignment with existing architecture docs. **Tier assignments vs. architecture.md:** The three-tier model (public/member/superadmin) and the proposed link assignments are consistent with the role definitions in `docs/architecture.md`. The hierarchy is correctly applied -- infrastructure tools map to superadmin, collaboration tools to member, portfolio to public. The "safe default" principle (new links default to superadmin) is preserved. **Open questions answered:** All three original questions are addressed with clear rationale. The answers are architecturally sound: - Public tier as portfolio (no login wall) aligns with the auth flow diagram in architecture.md - Three tiers sufficient for now, with metadata JSONB as escape hatch - Visibility orthogonal to feature flags, with a clear articulation of where they intersect **Implementation tickets:** Six follow-up tickets are documented with enough detail to be actionable. They correctly identify the dependency on #16 (Keycloak) for role-aware filtering. ### BLOCKERS None. ### NITS 1. **Phantom cross-reference "US-9"**: The PR references "per US-9" twice (in the member collaboration table and the emerging links table) for the contact form/channel. However, issue #9 in this repo is "Drag-and-drop reordering for link cards" -- it has nothing to do with contact forms. Either "US-9" refers to a user story in a different tracking system that does not exist here, or this is a hallucinated reference. This should be corrected or removed to avoid confusion when someone follows the reference. 2. **Contact form visibility tension with existing content**: The base document (unchanged by this PR) lists "Contact form (no personal info exposed -- submits to Lucas)" as a Public tier example in the Tier Definitions section (line 39) and in the mermaid diagram. However, this PR's tables assign the contact channel to `member` visibility ("Gated to prevent spam, per US-9"). The mermaid diagram still shows "contact form" under Public examples. This is not a blocker since the mermaid diagram predates this spike and was not in scope to update, but the contradiction should be resolved -- either update the mermaid diagram and tier definition to match, or explain the distinction between "contact form" (public, anonymous submission) vs. "contact channel" (member, direct access). 3. **Minor: "Current" column dropped without note**: The original table schema had a "Current" column that the PR removes. This is reasonable since no visibility column exists yet, but a brief inline note (e.g., "No visibility column exists in production yet; all links are currently visible to all users") would make the table self-explanatory. The PR does include this context in the paragraph above the tables, so this is very minor. ### SOP COMPLIANCE - [x] Branch named after issue (`17-visibility-tier-spike` follows `{issue-number}-{kebab-case-purpose}`) - [x] PR body follows template (## Summary, ## Changes, ## Test Plan, ## Review Checklist, ## Related Notes) - [x] Related Notes references parent issue (`ldraney/palinks #17`) - [ ] Related Notes does not reference a plan slug (no plan note exists for this spike -- acceptable for a doc-only spike) - [x] No secrets, .env files, or credentials committed - [x] No unnecessary file changes (single file, `docs/visibility.md`, exactly in scope) - [x] `Closes #17` present in PR body - [x] Commit messages are descriptive (PR title is clear) - [x] Test plan appropriate for doc-only change (no code = no tests needed) ### PROCESS OBSERVATIONS - This is a clean documentation spike. The scope is tight -- one file, answering three questions, proposing tier assignments, and listing follow-up tickets. No scope creep. - The implementation tickets are well-structured for future planning sessions. Deferring ticket creation to a planning session is the right call. - The dependency chain is correctly identified: visibility filtering depends on Keycloak integration (#16), and seed data (#19) should incorporate visibility tiers. - Change failure risk: zero -- no code changes, no deployment impact. ### VERDICT: APPROVED The US-9 phantom reference (nit 1) and contact form visibility tension (nit 2) should be addressed before or shortly after merge, but neither rises to blocker level for a documentation spike. The core deliverables -- tier assignments, answered questions, and implementation roadmap -- are solid and consistent with the existing architecture.

ldraney added 1 commit 2026-06-08 02:13:14 +00:00

Fix QA nits: clarify US-9 references and align tiered contact design ... 1cf2c5b2a7

Disambiguate US-9 references to say "US-9 in user-stories.md" since
Forgejo issue #9 is drag-and-drop reordering. Align contact visibility
with the tiered design from PR #27: contact form is public (no personal
info exposed), direct contact info (email, calendar) is member-only
(gated behind 2FA). Updates Mermaid diagram, tier definitions, link
inventory tables, and feature flag intersection prose to be consistent.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

ldraney commented 2026-06-08 02:14:45 +00:00

Author

Owner

Copy link

PR #24 Review

DOMAIN REVIEW

Stack: Documentation-only (Markdown). No code changes -- this is a spike deliverable updating docs/visibility.md.

Spike completeness: The PR fills in the core deliverable of issue #17 -- the link inventory table was a TODO placeholder and is now a fully categorized set of tables with tier assignments. All three open questions are answered with clear rationale and supporting arguments.

Cross-reference accuracy:

• US-9 in user-stories.md is correctly referenced for the contact channel split (public form vs. member-only direct info). Verified: US-9 acceptance criteria match the tier assignments exactly.
• architecture.md role definitions (superadmin, member, anonymous) are consistent with the tier assignments in the inventory tables.
• Issue #16 (Keycloak integration) and #19 (dev seed data) are correctly referenced as dependencies.

Content quality:

• The four inventory categories (Infrastructure, Dev Tools, Collaboration, Portfolio) provide clear grouping by function.
• The "Emerging Portfolio Links" section is a useful forward-looking addition.
• The six implementation tickets are concrete and actionable.
• Open question answers are well-reasoned -- particularly the decision that visibility and feature flags are orthogonal systems.

Duplication found: "Direct contact info (email, calendar)" appears in both the "Shared Projects & Collaboration (member)" table (line ~135 in the new content) AND the "Emerging Portfolio Links" table (line ~155). The first table lists it as a current/proposed link; the second lists it as a future link. Since the direct contact feature does not exist yet, it arguably belongs only in the Emerging table, or the existing table entry should note it is planned. As-is, a reader could be confused about whether this is an existing link or a future one.

BLOCKERS

None. This is a documentation-only spike with no code changes. The BLOCKER criteria (test coverage, input validation, secrets, DRY auth) do not apply.

NITS

1. Duplicate inventory entry: "Direct contact info (email, calendar)" appears in both the current member table and the emerging links table. Consider keeping it only in "Emerging Portfolio Links" with a forward-reference, or annotating the member table entry as "(planned)" to avoid ambiguity.

2. Mergeable status: The PR reports mergeable: false, which typically indicates a merge conflict. This will need to be resolved before merge. Likely the main branch docs/visibility.md was updated by another PR.

3. PR body section naming: The PR body uses ## Related Notes rather than the standard ## Related header from the SOP template. Minor inconsistency.

4. "Current" column removal: The original inventory table had a "Current" column that was dropped. This is correct (no visibility column exists yet), but a brief note in the PR body explaining this deliberate simplification would help reviewers.

SOP COMPLIANCE

• Branch named after issue (17-visibility-tier-spike follows {issue-number}-{kebab-case})
• PR body has Summary section
• PR body has Changes section
• PR body has Test Plan section
• PR body references related issues (#17, #16, #19)
• PR body uses standard ## Related header (uses ## Related Notes instead -- nit)
• No secrets committed
• No unnecessary file changes (single file, docs/visibility.md, which is the spike deliverable)
• Commit messages are descriptive
• Closes #17 present in PR body

PROCESS OBSERVATIONS

• This is a spike deliverable, so the output is a document rather than code. The spike answers its framing questions and identifies six follow-up tickets, which is the expected pattern for spikes.
• The follow-up tickets are documented but not yet created. This is noted as intentional ("deferred to the planning session"), which is appropriate.
• The merge conflict (mergeable: false) should be resolved promptly to avoid drift. Since only one file is changed, the conflict should be straightforward.
• No deployment risk -- documentation changes do not affect runtime behavior.

VERDICT: APPROVED

## PR #24 Review ### DOMAIN REVIEW **Stack**: Documentation-only (Markdown). No code changes -- this is a spike deliverable updating `docs/visibility.md`. **Spike completeness**: The PR fills in the core deliverable of issue #17 -- the link inventory table was a TODO placeholder and is now a fully categorized set of tables with tier assignments. All three open questions are answered with clear rationale and supporting arguments. **Cross-reference accuracy**: - US-9 in `user-stories.md` is correctly referenced for the contact channel split (public form vs. member-only direct info). Verified: US-9 acceptance criteria match the tier assignments exactly. - `architecture.md` role definitions (superadmin, member, anonymous) are consistent with the tier assignments in the inventory tables. - Issue #16 (Keycloak integration) and #19 (dev seed data) are correctly referenced as dependencies. **Content quality**: - The four inventory categories (Infrastructure, Dev Tools, Collaboration, Portfolio) provide clear grouping by function. - The "Emerging Portfolio Links" section is a useful forward-looking addition. - The six implementation tickets are concrete and actionable. - Open question answers are well-reasoned -- particularly the decision that visibility and feature flags are orthogonal systems. **Duplication found**: "Direct contact info (email, calendar)" appears in both the "Shared Projects & Collaboration (member)" table (line ~135 in the new content) AND the "Emerging Portfolio Links" table (line ~155). The first table lists it as a current/proposed link; the second lists it as a future link. Since the direct contact feature does not exist yet, it arguably belongs only in the Emerging table, or the existing table entry should note it is planned. As-is, a reader could be confused about whether this is an existing link or a future one. ### BLOCKERS None. This is a documentation-only spike with no code changes. The BLOCKER criteria (test coverage, input validation, secrets, DRY auth) do not apply. ### NITS 1. **Duplicate inventory entry**: "Direct contact info (email, calendar)" appears in both the current member table and the emerging links table. Consider keeping it only in "Emerging Portfolio Links" with a forward-reference, or annotating the member table entry as "(planned)" to avoid ambiguity. 2. **Mergeable status**: The PR reports `mergeable: false`, which typically indicates a merge conflict. This will need to be resolved before merge. Likely the main branch `docs/visibility.md` was updated by another PR. 3. **PR body section naming**: The PR body uses `## Related Notes` rather than the standard `## Related` header from the SOP template. Minor inconsistency. 4. **"Current" column removal**: The original inventory table had a "Current" column that was dropped. This is correct (no visibility column exists yet), but a brief note in the PR body explaining this deliberate simplification would help reviewers. ### SOP COMPLIANCE - [x] Branch named after issue (`17-visibility-tier-spike` follows `{issue-number}-{kebab-case}`) - [x] PR body has Summary section - [x] PR body has Changes section - [x] PR body has Test Plan section - [x] PR body references related issues (#17, #16, #19) - [ ] PR body uses standard `## Related` header (uses `## Related Notes` instead -- nit) - [x] No secrets committed - [x] No unnecessary file changes (single file, `docs/visibility.md`, which is the spike deliverable) - [x] Commit messages are descriptive - [x] `Closes #17` present in PR body ### PROCESS OBSERVATIONS - This is a spike deliverable, so the output is a document rather than code. The spike answers its framing questions and identifies six follow-up tickets, which is the expected pattern for spikes. - The follow-up tickets are documented but not yet created. This is noted as intentional ("deferred to the planning session"), which is appropriate. - The merge conflict (`mergeable: false`) should be resolved promptly to avoid drift. Since only one file is changed, the conflict should be straightforward. - No deployment risk -- documentation changes do not affect runtime behavior. ### VERDICT: APPROVED

ldraney force-pushed 17-visibility-tier-spike from 1cf2c5b2a7 to cadcde51c1 2026-06-08 02:16:37 +00:00 Compare

ldraney commented 2026-06-08 02:18:09 +00:00

Author

Owner

Copy link

PR #24 Review

Re-review after rebase. 1 file changed (docs/visibility.md), +120/-8 lines. Documentation-only spike -- no code changes.

DOMAIN REVIEW

Tech stack: Ruby on Rails project. This PR is documentation-only (Markdown), so Rails-specific code checks do not apply. The review focuses on content accuracy, cross-reference integrity, and spike deliverable completeness.

Content accuracy checks:

• Tier hierarchy (public < member < superadmin) is consistent with docs/architecture.md lines 70-76 (role table) and the visible_to scope at lines 95-101 of the existing visibility.md.
• US-9 reference ("Direct contact info gated behind 2FA per US-9 in user-stories.md") correctly maps to docs/user-stories.md lines 167-175, which specifies "email and phone verification via Keycloak" for member-tier contact info. Cross-reference is accurate.
• The "Keycloak Admin" link in the Infrastructure table is correctly assigned superadmin -- consistent with architecture.md showing Keycloak as a cluster-internal service.
• Default visibility of superadmin for new links matches the migration pattern already documented in visibility.md line 87: default: "superadmin".
• The statement "production database has no visibility column yet" is accurate -- no migration for this column exists in the repo (the db/migrate/ directory has no visibility migration).

Spike deliverables assessment:

The spike issue #17 title is "Define link visibility tiers and assign current links." The PR delivers:

1. Link inventory with tier assignments across 4 categories -- DONE
2. All 3 open questions answered with rationale -- DONE
3. 6 follow-up implementation tickets documented (not yet created) -- DONE
4. Emerging portfolio links section for future planning -- DONE (bonus)

Cross-reference to issue #16 and #19: The PR body correctly notes dependency on #16 (Keycloak integration) for implementation and informs #19 (dev seed data). Both issues exist and are open per the issue list.

Minor content observations (non-blocking):

• "Direct contact info (email, calendar)" appears in both the "Shared Projects & Collaboration (member)" table AND the "Emerging Portfolio Links" table. This is intentional (current vs. future framing) but could confuse a reader. The duplication is noted but not a blocker since the tier assignment is consistent (member) in both places.
• The "Emerging Portfolio Links" section mixes links that are genuinely future (case studies, service offerings) with one that duplicates a current-tier entry (direct contact info). This is a minor organizational nit.

BLOCKERS

None. This is a documentation-only spike with no code changes, no secrets, and no security surface. The content is accurate and cross-references check out.

NITS

1. Duplicate entry: "Direct contact info (email, calendar)" appears in both the member-tier table (line ~147 in the diff) and the Emerging Portfolio Links table (line ~162). Consider removing it from the Emerging table since it is already categorized in the main inventory, or adding a note like "(repeated for planning context)".

2. Implementation tickets section: The 6 tickets are well-scoped but the section title says "(Not Created)" -- when these are eventually created, this parenthetical will become stale. Consider rewording to "Planned Implementation Tickets" with a note about their status, or adding a TODO to update this section post-creation.

3. Table column consistency: The main inventory tables dropped the "Current" column that existed in the original TODO table (which had Link | Current | Proposed Visibility | Rationale). This is fine since nothing is implemented yet, but worth noting the schema change is intentional.

SOP COMPLIANCE

• Branch named after issue: 17-visibility-tier-spike follows {issue-number}-{kebab-case-purpose} convention
• PR body follows template: Summary, Changes, Test Plan, Review Checklist, Related Notes all present
• Related Notes references parent issue: ldraney/palinks #17 is referenced
• Related Notes missing plan slug: No pal-e-docs plan slug is referenced. The template says to include a project slug. This is a minor gap but not blocking for a spike.
• Closes #17 present in PR body
• No secrets committed
• No unnecessary file changes: single file, docs/visibility.md, directly related to the spike
• Commit messages: cannot verify individual commits from the diff, but the PR title is descriptive
• Feature flag consideration: Review Checklist explicitly states "No -- documentation only, no code changes" -- correct assessment
• Test plan appropriate: documentation-only spike, no automated tests needed. Manual verification items (markdown renders, content preserved, tier consistency) are reasonable.

PROCESS OBSERVATIONS

• This is a clean documentation spike. The scope is well-contained to a single file.
• The rebase appears clean -- the diff applies against current main with no conflict artifacts visible.
• The 6 implementation tickets documented but not created is good practice for a spike -- it defers ticket creation to a planning session rather than creating them in-flight.
• Low change failure risk: documentation-only, no runtime impact.

VERDICT: APPROVED

## PR #24 Review Re-review after rebase. 1 file changed (`docs/visibility.md`), +120/-8 lines. Documentation-only spike -- no code changes. ### DOMAIN REVIEW **Tech stack**: Ruby on Rails project. This PR is documentation-only (Markdown), so Rails-specific code checks do not apply. The review focuses on content accuracy, cross-reference integrity, and spike deliverable completeness. **Content accuracy checks:** - Tier hierarchy (public < member < superadmin) is consistent with `docs/architecture.md` lines 70-76 (role table) and the `visible_to` scope at lines 95-101 of the existing `visibility.md`. - US-9 reference ("Direct contact info gated behind 2FA per US-9 in user-stories.md") correctly maps to `docs/user-stories.md` lines 167-175, which specifies "email and phone verification via Keycloak" for member-tier contact info. Cross-reference is accurate. - The "Keycloak Admin" link in the Infrastructure table is correctly assigned superadmin -- consistent with `architecture.md` showing Keycloak as a cluster-internal service. - Default visibility of `superadmin` for new links matches the migration pattern already documented in `visibility.md` line 87: `default: "superadmin"`. - The statement "production database has no `visibility` column yet" is accurate -- no migration for this column exists in the repo (the `db/migrate/` directory has no visibility migration). **Spike deliverables assessment:** The spike issue #17 title is "Define link visibility tiers and assign current links." The PR delivers: 1. Link inventory with tier assignments across 4 categories -- DONE 2. All 3 open questions answered with rationale -- DONE 3. 6 follow-up implementation tickets documented (not yet created) -- DONE 4. Emerging portfolio links section for future planning -- DONE (bonus) **Cross-reference to issue #16 and #19**: The PR body correctly notes dependency on #16 (Keycloak integration) for implementation and informs #19 (dev seed data). Both issues exist and are open per the issue list. **Minor content observations (non-blocking):** - "Direct contact info (email, calendar)" appears in both the "Shared Projects & Collaboration (member)" table AND the "Emerging Portfolio Links" table. This is intentional (current vs. future framing) but could confuse a reader. The duplication is noted but not a blocker since the tier assignment is consistent (member) in both places. - The "Emerging Portfolio Links" section mixes links that are genuinely future (case studies, service offerings) with one that duplicates a current-tier entry (direct contact info). This is a minor organizational nit. ### BLOCKERS None. This is a documentation-only spike with no code changes, no secrets, and no security surface. The content is accurate and cross-references check out. ### NITS 1. **Duplicate entry**: "Direct contact info (email, calendar)" appears in both the member-tier table (line ~147 in the diff) and the Emerging Portfolio Links table (line ~162). Consider removing it from the Emerging table since it is already categorized in the main inventory, or adding a note like "(repeated for planning context)". 2. **Implementation tickets section**: The 6 tickets are well-scoped but the section title says "(Not Created)" -- when these are eventually created, this parenthetical will become stale. Consider rewording to "Planned Implementation Tickets" with a note about their status, or adding a TODO to update this section post-creation. 3. **Table column consistency**: The main inventory tables dropped the "Current" column that existed in the original TODO table (which had `Link | Current | Proposed Visibility | Rationale`). This is fine since nothing is implemented yet, but worth noting the schema change is intentional. ### SOP COMPLIANCE - [x] Branch named after issue: `17-visibility-tier-spike` follows `{issue-number}-{kebab-case-purpose}` convention - [x] PR body follows template: Summary, Changes, Test Plan, Review Checklist, Related Notes all present - [x] Related Notes references parent issue: `ldraney/palinks #17` is referenced - [ ] Related Notes missing plan slug: No pal-e-docs plan slug is referenced. The template says to include a project slug. This is a minor gap but not blocking for a spike. - [x] `Closes #17` present in PR body - [x] No secrets committed - [x] No unnecessary file changes: single file, `docs/visibility.md`, directly related to the spike - [x] Commit messages: cannot verify individual commits from the diff, but the PR title is descriptive - [x] Feature flag consideration: Review Checklist explicitly states "No -- documentation only, no code changes" -- correct assessment - [x] Test plan appropriate: documentation-only spike, no automated tests needed. Manual verification items (markdown renders, content preserved, tier consistency) are reasonable. ### PROCESS OBSERVATIONS - This is a clean documentation spike. The scope is well-contained to a single file. - The rebase appears clean -- the diff applies against current `main` with no conflict artifacts visible. - The 6 implementation tickets documented but not created is good practice for a spike -- it defers ticket creation to a planning session rather than creating them in-flight. - Low change failure risk: documentation-only, no runtime impact. ### VERDICT: APPROVED

ldraney merged commit 007f2cfe1f into main 2026-06-08 03:16:24 +00:00

ldraney deleted branch 17-visibility-tier-spike 2026-06-08 03:16:24 +00:00

ldraney referenced this pull request from a commit 2026-06-08 03:16:24 +00:00

Spike: Visibility tier definitions and link audit (#24)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

ldraney/palinks!24

No description provided.