Context: ROADMAP.md → Zero Trust control review
Doc area
Design / architecture (docs/design/)
Describe the issue
Roadmap calls for a standing design test in SECURITY.md: prefer controls that remove capability over friction-only mitigations (rate limits, observe-only DNS). No documented criterion for prioritizing DNS enforcement, credential scoping, and containment vs throttling.
Affected docs
docs/design/SECURITY.md (primary)docs/guides/DEVELOPER_GUIDE.md (link from security section)- ADR candidate if governance wants formal status
Suggested change
- Add section "Impossible vs tedious" with decision rubric and examples (DNS enforce mode, credential binding, circuit breaker vs turn caps only).
- Checklist for PR reviewers on security-sensitive changes.
- Cross-link behavioral circuit breaker and emergency containment drafts.
- Run
mise //docs:sync after edit.
Other information
- Lightweight doc issue; no runtime code required.
- Aligns with ADR-009 security posture themes.
Context: ROADMAP.md → Zero Trust control review
Doc area
Design / architecture (
docs/design/)Describe the issue
Roadmap calls for a standing design test in
SECURITY.md: prefer controls that remove capability over friction-only mitigations (rate limits, observe-only DNS). No documented criterion for prioritizing DNS enforcement, credential scoping, and containment vs throttling.Affected docs
docs/design/SECURITY.md(primary)docs/guides/DEVELOPER_GUIDE.md(link from security section)Suggested change
mise //docs:syncafter edit.Other information