docs(specs): post-cutover-blog audit sync#111
Merged
Conversation
Spec hygiene from a spec-drift audit run after the cutover-blog +
screen-gaps work. No behavior changes — just bringing the specs in line
with what the code already does:
data-model.md TagAssignment.taggableType — adds `blog_post` (the
entity-overview diagram and the Zod schema both include it; only
the section body lagged behind).
screens/person-detail.md sidebar — drops the "(deferred
field)" qualifier on slackHandle (the field is now public and
rendered) and notes that the Contact section also shows email
for self+staff per the screen's existing Authorization table.
api/blog.md BlogPost shape — documents the
featuredImageUrl response field the serializer derives from
featuredImageKey.
api/people.md endpoints table — adds
PATCH /api/people/:slug/newsletter (already implemented).
behaviors/app-shell.md — corrects the typeahead
cap from 8 → 12 (4 per category × 3) to match what the SPA hook
actually returns, and adds the Blog link to footer Column 1.
architecture.md — adds five env vars
already wired in env.ts (SLACK_TEAM_HOST, RESEND_API_KEY,
CFP_NOTIFICATION_FROM, CFP_SITE_HOST, CFP_DATA_RELOAD_SECRET) plus
a Health-endpoints note documenting /api/health/ready's role as
the readiness probe.
The audit also flagged three "cutover-blocking" items that turned out
to be false positives — the auditor hallucinated against the code:
- legacy-redirect.ts /project-buzz/<slug> case: already implemented
at legacy-redirect.ts:134
- Person.bio Zod max(10000): already at person.ts:10
- /api/auth/* rate-limit cap 10/min: already at rate-limit.ts:79
Real functional gaps (sign-out-all-devices endpoint+UI exposing the
existing revocation sentinel; #33 account-level write endpoint) stay
as separate issues.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Spec hygiene from a spec-drift audit run after the cutover-blog + screen-gaps work. No behavior changes — just bringing the specs in line with what the code already does.
Audit false-positives flagged
For the record — the auditor reported three "cutover-blocking" findings that turned out to be already-implemented:
Real functional gaps (sign-out-all-devices endpoint+UI, #33 account-level write) stay as separate issues — not part of this PR.
Test plan
🤖 Generated with Claude Code