[Documentation] Guide KB still references decommissioned QDS_ADMIN role (follow-up to incident#253) #10

Closed
opened 2026-07-08 15:34:33 -04:00 by hiveiq · 0 comments
Owner

Guide KB still documents QDS_ADMIN after the code purge (stale docs)

Follow-up to hiveops-incident#253 (Remove decommissioned QDS_ADMIN role from 5 backends), which is done and mergedQDS_ADMIN is now gone from the SecurityConfig/InstitutionContext of hiveops-incident, hiveops-recon, hiveops-devices, hiveops-guide, hiveops-transactions on develop, and it was already removed from the hiveops-auth Role enum (972a28a) so no JWT can carry it.

#253 deliberately scoped out the Guide's knowledge-base content. As a result the Guide now describes role-gates that no longer exist in code — e.g. several modules quote hasAnyRole('USER','CUSTOMER','ADMIN','MSP_ADMIN','QDS_ADMIN','BCOS_ADMIN') verbatim, but the real SecurityConfig no longer lists QDS_ADMIN. Doc-accuracy defect, not a runtime issue.

Scope — strip QDS_ADMIN from Guide content (26 refs / 23 files)

Remove QDS_ADMIN from role/allow-list mentions; keep the surviving roles (USER, CUSTOMER, ADMIN, MSP_ADMIN, BCOS_ADMIN, plus AGENT/SYSTEM where relevant) exactly as-is.

  • analytics/incidents: claude.md, internal.md
  • dashboard/cash-stats: claude.md, internal.md
  • devices/config-audit: claude.md, internal.md
  • incident/incident-tracker: claude.md, internal.md
  • incident/journal-events: architect.md, claude.md, internal.md
  • msp/institution-keys: claude.md, internal.md
  • platform/auth: overview.md ("Admin roles are MSP_ADMIN, BCOS_ADMIN (and QDS_ADMIN)")
  • recon/cash-reconciliation: claude.md, internal.md
  • recon/device-cycle-mgmt: claude.md, internal.md
  • technical/transactions: overview.md (x2)
  • transactions/customer-journey: claude.md, internal.md
  • transactions/journal-parsing: architect.md
  • transactions/reparse: internal.md

Also (separate repo, minor)

hiveops-src/SECURITY_AUDIT_2026-05-08.md — the QDS_ADMIN row was reworded to "legacy, pending purge"; now that the purge is complete it could read "removed (decommissioned)". Dated audit doc, low priority.

Notes

  • Zero runtime change — the role is unissuable.
  • Verify hiveops-guide/scripts/coverage-reconcile.py still passes after edits.
  • Branch off develop, PR -> develop.
## Guide KB still documents `QDS_ADMIN` after the code purge (stale docs) Follow-up to **hiveops-incident#253** (*Remove decommissioned QDS_ADMIN role from 5 backends*), which is **done and merged** — `QDS_ADMIN` is now gone from the `SecurityConfig`/`InstitutionContext` of hiveops-incident, hiveops-recon, hiveops-devices, hiveops-guide, hiveops-transactions on `develop`, and it was already removed from the hiveops-auth `Role` enum (`972a28a`) so **no JWT can carry it**. #253 deliberately scoped **out** the Guide's knowledge-base content. As a result the Guide now describes role-gates that no longer exist in code — e.g. several modules quote `hasAnyRole('USER','CUSTOMER','ADMIN','MSP_ADMIN','QDS_ADMIN','BCOS_ADMIN')` verbatim, but the real `SecurityConfig` no longer lists `QDS_ADMIN`. Doc-accuracy defect, not a runtime issue. ### Scope — strip `QDS_ADMIN` from Guide content (26 refs / 23 files) Remove `QDS_ADMIN` from role/allow-list mentions; keep the surviving roles (`USER, CUSTOMER, ADMIN, MSP_ADMIN, BCOS_ADMIN`, plus `AGENT`/`SYSTEM` where relevant) exactly as-is. - analytics/incidents: claude.md, internal.md - dashboard/cash-stats: claude.md, internal.md - devices/config-audit: claude.md, internal.md - incident/incident-tracker: claude.md, internal.md - incident/journal-events: architect.md, claude.md, internal.md - msp/institution-keys: claude.md, internal.md - platform/auth: overview.md ("Admin roles are MSP_ADMIN, BCOS_ADMIN (and QDS_ADMIN)") - recon/cash-reconciliation: claude.md, internal.md - recon/device-cycle-mgmt: claude.md, internal.md - technical/transactions: overview.md (x2) - transactions/customer-journey: claude.md, internal.md - transactions/journal-parsing: architect.md - transactions/reparse: internal.md ### Also (separate repo, minor) `hiveops-src/SECURITY_AUDIT_2026-05-08.md` — the `QDS_ADMIN` row was reworded to "legacy, *pending* purge"; now that the purge is complete it could read "removed (decommissioned)". Dated audit doc, low priority. ### Notes - Zero runtime change — the role is unissuable. - Verify `hiveops-guide/scripts/coverage-reconcile.py` still passes after edits. - Branch off `develop`, PR -> `develop`.
hiveiq self-assigned this 2026-07-08 15:34:33 -04:00
hiveiq added the Documentation label 2026-07-08 15:36:51 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: hiveiq-src/hiveops-guide#10