Security and Architecture Convergence Addendum (2026-05-23)

Historical note: this addendum reflects the 2026-05-23 convergence review. Some cited gaps were later reduced or closed by subsequent tasks; for example, task-read authorization concerns here predate TSK-0055. Treat this page as historical rationale and cross-check current code/tasks before acting on any finding.

Intent

Blend security hardening and architecture simplification into one delivery stream so controls improve as complexity decreases, instead of layering more controls onto already oversized modules.

Why Convergence

Converged Findings

ID Theme Severity Confidence Summary Evidence
C-001 Secure refactoring boundary High 92% Oversized orchestration files (chat and maintenance) carry both behavior and authorization/governance decisions, making security regressions likely during refactor unless invariants are codified first. MemorySmith.App/Services/ChatServices.cs, MemorySmith.App/Services/MaintenanceAgentServices.cs, MemorySmith.App/Services/SecurityServices.cs
C-002 Configuration safety + architecture drift High 88% Security posture depends on many configuration switches; without architectural guardrails and profile governance, complexity drift can reopen insecure combinations. MemorySmith.App/Services/AdminSettingsService.cs, MemorySmith.App/appsettings.json, MemorySmith.App/Services/MemorySmithLocalDevelopmentPostConfigure.cs, MemorySmith.App/Properties/launchSettings.json
C-003 Test topology and trust guarantees Medium 86% Monolithic mixed-domain tests reduce the ability to prove security invariants at architectural seams. MemorySmith.Tests/PagesAndChatTests.cs, MemorySmith.Tests/SecurityAndSourceLinkTests.cs
C-004 Dependency and attack surface coupling Medium 79% Dependency hygiene is part of architecture health and security posture; stale packages increase maintenance and potential exposure. MemorySmith.App/MemorySmith.App.csproj, workspace package/use scan
C-005 Task-store fault containment High 90% Task loading now includes malformed-file fallback handling, but recovery behavior is still incomplete across mutation/error-contract paths; malformed artifacts can still degrade reliability and governance UX if endpoint mappings are inconsistent. MemorySmith.App/Services/TaskDomainService.cs, MemorySmith.App/Components/Pages/Tasks.razor, MemorySmith.App/Controllers/TasksController.cs, MemorySmith.App/bin/Debug/net10.0/logs/memorysmith-20260523.log
C-006 Task contract version drift Medium 91% Task records currently exist in mixed root property casing variants (25 PascalCase, 27 camelCase). Runtime tolerates both today, but tooling/migrations/validation paths can diverge without an explicit canonical format and compatibility tests. Data/Tasks/*.json audit, MemorySmith.App/Services/TaskDomainService.cs
C-007 Inconsistent task mutation error mapping High 93% Task service now blocks edits for malformed fallback records via EnsureTaskIsEditable (ArgumentException), but not all mutation endpoints map ArgumentException to 4xx, so some paths can still return 500 instead of actionable client errors. MemorySmith.App/Controllers/TasksController.cs, MemorySmith.App/Services/TaskDomainService.cs
C-008 Task read API authorization and disclosure posture High 95% Task read endpoints (GET /api/tasks, GET /api/tasks/{id}) have no explicit view policy and are reachable without auth headers in current runtime; combined with the remote-enabled LocalDevelopment profile this can expose task content and operational details unexpectedly. MemorySmith.App/Controllers/TasksController.cs, MemorySmith.App/Services/MemorySmithRequestGuardMiddleware.cs, MemorySmith.App/Services/MemorySmithLocalDevelopmentPostConfigure.cs, MemorySmith.App/Properties/launchSettings.json, runtime probe to /api/tasks

Converged Strategy

  1. Extract architecture seams where security decisions live (chat tool/write loop, maintenance proposal workflow).
  2. Add invariant tests before/with each extraction (authorization, approval gating, request guard behavior).
  3. Apply transport/remote hardening concurrently with service decomposition.
  4. Add complexity and security drift guardrails in CI/local validation.

Risk Register

Open Questions

Confidence