TSK-010-01 Repository ownership audit and directory classification

[ClarusIubar]

TSK-010-01 Repository ownership audit and directory classification

Branch: web-front-ownership-audit
Scope: ownership audit only for repository boundary classification
In scope: src, test, scripts, docs, backend, deploy/api-worker-shell, infra, root config files, GitHub workflows
Out-of-scope: README/Wiki edits, CI changes, runtime refactors, directory removals, API/DB/OAuth behavior changes
Public behavior: unchanged
Interface or data flow: repository tree -> ownership audit -> classification table -> follow-up docs and CI child issues
Required validation commands: git status --short --branch, rg --files, targeted rg -n lookups, git diff --check
Required evidence: classification table, PR link, merge SHA, validation outcomes, parent issue readback
Fail-closed failure modes: stop if runtime contract changes are required; stop if workspace/branch mismatch appears
Canonical Skill Or Policy Source: AGENTS.md, UNIFIED_AGENT_CONSTITUTION.md, LLM_CODE_GENERATION_PROTOCOL.md, to-issues

1. One-Sentence Summary

Audit this repository and fix the baseline ownership map so later work can separate Web Front service ownership from transitional backend and worker assets without changing runtime behavior.

2. Why This Work Exists

The repository was split with the intent of becoming a Web Front service repository, but the actual tree still contains backend, deploy/api-worker-shell, infrastructure, mixed tests, and mixed operational documentation. If this baseline is not fixed first, later documentation or CI guardrails will be arbitrary and future changes can keep mixing provider-side implementation into the Web Front repository.

3. Current Context

• Operating path: Cloudflare Pages -> Web Front -> provider API
• Primary backend/frontend/module: src is the intended Web Front boundary; backend and deploy/api-worker-shell remain transitional assets inside the same repository.
• Current branch: web-front-ownership-audit
• Parent issue: TSK-010-00 Epic: Web Front service ownership hardening #369
• Relevant sub-issues: TSK-010-02 README/Wiki ownership alignment #371, TSK-010-03 CI and repository boundary guardrails #372, TSK-010-04 Traceability and completion evidence #373
• Recent known failures: repository split intent and actual directory ownership do not match; current dirty branch typescript-coverage-95 must not be mixed into this work.

4. Problem Statement

Problem	Why it matters
Ownership is not fixed at the directory level	Docs and CI cannot enforce the correct boundary without a baseline
Provider-side assets still live beside Web Front code	Future agents can accidentally modify backend/worker code in this repo
Current workspace is dirty on another child issue	Implementation can mix unrelated work unless isolated

5. Decisions Already Made

Decision	Rule
Branch	web-front-ownership-audit
API contract	unchanged
DB schema	unchanged
User-facing copy	unchanged unless explicitly scoped
Auth/OAuth path	preserve known-working path
GitHub workflow	do not mix with dirty typescript-coverage-95 workspace
Behavioral guardrails	audit first, then docs, then CI guardrails

6. Scope And Non-Goals

In scope:

• Inventory src, test, scripts, docs, backend, deploy/api-worker-shell, infra, root config files, and GitHub workflows.
• Produce a keep / migrate / remove-candidate / reference-only classification table.
• Write the baseline ownership rules that later child issues must follow.

Out of scope:

• README or Wiki edits.
• CI/workflow behavior changes.
• Removing directories.
• Runtime code refactors.

Stop and ask before:

• Changing API contract, DB schema, OAuth flow, or any provider-side runtime behavior.

7. Target Design

repository tree
-> ownership audit
-> classification table
-> Web Front ownership baseline
-> later docs and CI child issues

Architecture Boundary Gate

Durability: durable
Architecture profile: documented sections
Responsibility map: this child issue owns the stable ownership baseline; later child issues own docs, CI, and traceability changes
Dependency direction: audit reads repository structure and feeds later docs/CI work; no runtime dependency changes
External dependency boundary: GitHub issue/checklist and local repository tree only
Validation seam: inventory output, classification table, and git diff/test-free audit evidence
Scope map: audit document and issue evidence only
Architecture risk: misclassification of transitional backend/worker assets
Single-file exception: none

8. Issue Structure

Parent issue:

• TSK-010-00 Epic: Web Front service ownership hardening #369 TSK-010-00 Epic: Web Front service ownership hardening

Sub-issues:

• TSK-010-01 Repository ownership audit and directory classification #370 TSK-010-01 Repository ownership audit and directory classification
• TSK-010-02 README/Wiki ownership alignment #371 TSK-010-02 README/Wiki ownership alignment
• TSK-010-03 CI and repository boundary guardrails #372 TSK-010-03 CI and repository boundary guardrails
• TSK-010-04 Traceability and completion evidence #373 TSK-010-04 Traceability and completion evidence

9. Implementation Order

Order	Issue	Intent	Completion evidence
1	#370	capture the ownership baseline	classification table and audit output
2	#371	align README and Wiki to the baseline	docs diff and validation
3	#372	enforce repository boundary guardrails	CI/source-quality checks
4	#373	record final evidence	PR/merge/validation links

10. Validation Plan

Validation target: later child issues can consume the ownership baseline without changing runtime behavior.

Test gate: audit-only child issue, no runtime behavior test changes in this slice.

Required local checks:

• git status --short --branch
• rg --files
• targeted rg -n lookups for ownership-related paths
• git diff --check

Required remote checks:

• GitHub issue readback for TSK-010-00 Epic: Web Front service ownership hardening #369 and TSK-010-01 Repository ownership audit and directory classification #370

Required manual checks:

• verify the classification table matches the actual top-level directories and workflow intent

11. Completion Evidence

The work is complete only when these are recorded:

• Scope-first report filename
• Scope-ID and required report metadata
• PR link
• Commit SHA
• Test command outputs
• CI links if any
• Security/quality review result if any
• Main merge commit SHA
• Release note or documentation link if required

12. Handoff Checklist

Before implementation, the agent must confirm:

• I am on the correct branch.
• I have read the relevant repository instructions.
• I know the parent issue and sub-issue.
• I know what must not change.
• I know the simplest acceptable implementation path.
• I know which files or boundaries I must not touch.
• I know what evidence is required before completion.
• I will stop if the task crosses an out-of-scope boundary.

[ClarusIubar]

Audit readback on origin/main / branch web-front-ownership-audit:

Top-level findings

• backend/ is not present on current origin/main.
• deploy/ currently contains only wrangler.pages.toml and should remain Web Front deployment config.
• The main remaining ambiguity is not runtime implementation, but legacy docs and boundary guardrails.
• The dirty local branch typescript-coverage-95 still contains backend-related files, so this audit must stay isolated from that workspace.

Initial ownership classification

keep

• src/
• test/
• scripts/
• .github/workflows/
• deploy/wrangler.pages.toml
• infra/docker/frontend
• infra/docker/node-cache
• infra/nginx
• preview/
• reports/completion/
• root frontend/tooling config files such as package.json, tsconfig*.json, vitest.config.ts, playwright.config.ts, eslint.config.mjs

migrate

• docs/growgardens-deploy-runbook.md
• docs/data-operations-runbook.md
• any docs that still describe Worker secrets, FastAPI local runtime, backend reset/reload procedures as current operational truth

reference-only

• legacy backend analysis and historical traceability docs that still mention backend/app, FastAPI snapshots, Worker-first transitional structure, or old same-repo architecture
• examples already observed: docs/code-flow-diagrams.md, docs/notification-sse-architecture.md, docs/issue-55-improved.md, several worker-* and interface-locality-* traceability docs

remove-candidate

• none confirmed yet at root level on current origin/main
• possible candidates must be justified later; this audit does not remove directories

Immediate doc mismatch

• README.md still renders with mojibake in the current workspace output and needs normalization under child issue #371.
• docs/api-contract-ownership.md and docs/README.md already describe Web Front ownership correctly.
• many other docs still preserve backend-era paths and should be explicitly marked reference-only or moved to the admin repo if they are still operational runbooks.

Next baseline for follow-up issues

• #371 should align README and Wiki with this classification.
• #372 should add guardrails so provider-side runtime changes do not silently re-enter this repo.