Codebase Audit Task Vetting - 2026-05-23

Scope

Evidence Reviewed

Findings

ID Domain Severity Confidence Summary Evidence
F-001 Backlog governance Medium 94% The non-Themasonx backlog is entirely the imported tracker-import set, and many records still carry placeholder descriptions rather than sprint-ready acceptance criteria. Data/Tasks/*.json, README.md, TaskDomainService.cs
F-002 Backlog accuracy Medium 96% TSK-0009 is stale: editable admin settings are already implemented and documented. README.md, AdminSettingsService.cs, project-wiki-admin-auth-hardening
F-003 Quality gates Medium 88% Core routes are documented and tested at API/component levels, but no dedicated browser smoke workflow was found for the main workbench routes. README.md, MemorySmith.Tests/*, imported TSK-0002
F-004 Data validation High 86% The live Data/Memories corpus is used as product content and test fixture input, but no dedicated whole-wiki validation task or command was found. README.md, ProjectWikiTestbaseTests.cs, imported TSK-0003
F-005 Chat governance High 91% Proposal approval for safe page writes can still fail because chat approvals are effectively coupled to maintenance write-root rules. logs/agent-smith-20260523-mcp-tooling-audit.md, imported TSK-0016
F-006 Chat state integrity High 90% Recent testing still reports stale pending counts and badges after mixed approval outcomes, even after batch-approval improvements. logs/agent-smith-20260523-chat-agent-testing-tracker.md, imported TSK-0017, TSK-0018
F-007 Remote hardening High 89% Remote API exposure is guarded and diagnosed, but current behavior remains warning-first rather than enforced hardening when AllowRemoteApi=true without an API key. MemorySmithRequestGuardMiddleware.cs, OperationalDiagnosticsService.cs, SecurityAndSourceLinkTests.cs, imported TSK-0023
F-008 Task-system governance gap Medium 84% The task system preserves provenance through reporter, but there is no explicit review-state workflow for imported tasks, making backlog trust maintenance too manual. TaskDomainService.cs, Data/Tasks/*.json

Task Actions

Sprint Plan - Stability First Backlog Triage

Sprint Objective

Reduce delivery risk on active governance surfaces before taking additional net-new feature work.

Capacity Assumptions

Committed Items

Stretch Items

Exit Criteria

Demo Targets

Risk Register

Open Questions

Confidence