roadmap: php-tenant production readiness #38
Labels
No labels
P1
P2
P3
PHP
agent-ready
bug
clotho
discovery
docs
epic
refactor
review
security
testing
athena
athena-gemini
audit
clotho
clotho-gemini
codex
darbs-claude
security
wiki
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: core/php-tenant#38
Loading…
Add table
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Overview
This is the production readiness tracker for
core/php-tenant. Generated by automated discovery scan (issue #3) on 2026-02-20.Critical / Security (P1)
All P1 items resolved in January 2026:
New P1 findings (from Feb 2026 scan):
WorkspaceInvitation::findByTokenO(n) timing attack surface (loads 1000 records + bcrypt)High Priority (P2)
Resolved in January 2026:
declare(strict_types=1)in all PHP filesOpen P2 items:
hub.host.uk.comfrom EntitlementApiControllerhub.host.uk.comfrom WorkspaceControllernamespaces.workspace_idcascade-on-delete decisionuser_workspace(workspace_id, role)feature_codeinusage_alert_historyreferential integrityNamespaceService::groupedForUserMedium Priority (P3)
Low Priority (P4)
host-uk/coreto stable version (currentlydev-main)Nice to Have (P5)
Backlog / Ideas (P6)
Summary Statistics
Total open items: ~34
Generated by Clotho automated scan — issue #3, 2026-02-20
Update — additional issues found (second pass)
Four additional issues were identified during background analysis pass:
entitlement_features.parent_feature_idnullOnDelete silently orphans child features (breaks EntitlementService hierarchical pooling)entitlement_webhook_deliveries—(webhook_id, resend_at)andstatusEntitlementServiceusage recording — concurrent requests can exceed limits#42 (race condition) is particularly important as usage limits can be exceeded under concurrent load — promoted to P2.
Updated total: 38 individual issues + 1 roadmap = 39 issues
Charon referenced this issue2026-02-20 23:57:34 +00:00