Skip to main content
Compendium · Atoms · Specs & Documents

Specs & Documents

Items
68
of 1002 total

Atomic primitives in the specs & documents family. Click any tile for the live render, the spec it was built from, and the code that fell out.

Atoms · 17
#001 do
SPEC-014 v1.3.0
@author

Authenticate via OAuth

Issue a session for verified Google identities. Reject everything else without disclosing why.

  • Verified emails create a session
  • Unverified emails are rejected silently
  • Sessions expire after 24 hours
ICS 78
approved
SEALED

Spec Card

STA
atoms · card · stamp · real-content
#002 de
82 / 100
ICS READY

ICS Gauge

STA
atoms · svg · gauge · animated
#011 do

Authenticate via OAuth so verified identities can act, and unverified ones cannot — silently.

SPEC-014 · INTENT @platform / 2026-05-21

Intent Statement

STA
atoms · card · real-content · dark-mode-tested
#012 do

SPEC-014 / v1.3.0

Authenticate via OAuth. Verified emails create a 24-hour session. Unverified emails are rejected silently. Rate-limit at 10 attempts per minute per identity. p99 latency must remain ≤ 200ms.

APPROVED
@platform · 2026-05-21

Approval Stamp

STA
atoms · stamp · real-content · dark-mode-tested
#281 do
SPEC-014
v1.3.0

Spec ID Stamp

STA
atoms · stamp · badge · real-content
#282 do

spec lifecycle

  • DRAFT
  • REVIEW
  • IN-PROGRESS ← HERE
  • IMPLEMENTED

Spec Status Pill

STA
atoms · badge · real-content · dark-mode-tested
#283 do
A
@author
PLATFORM ARCHITECT
spec author SPEC-014

Spec Author Handle

STA
atoms · badge · real-content · dark-mode-tested
#284 do
P1

URGENT — THIS QUARTER

SPEC-014 / priority

Spec Priority Flag

STA
atoms · badge · real-content · dark-mode-tested
#285 do
line budget TIGHT
75%
SPEC-014 187 / 250 lines

Spec Line Budget Meter

STA
atoms · gauge · real-content · dark-mode-tested
#286 do
+
feature
new capability, new acceptance
kind SPEC-014

Spec Kind Badge

STA
atoms · badge · real-content · dark-mode-tested
#287 do
SPEC-014 DEPENDS ON SPEC-038
cross-reference spec graph edge

Spec Link Chip

STA
atoms · badge · real-content · dark-mode-tested
#288 do
TL;DR

Verified Google identities create a 24-hour session; unverified emails are rejected silently; rate limit at 10 attempts per minute per identity. Not in scope: SSO providers beyond Google.

SPEC-014 · v1.3.0 @author · 2026-05-21

Spec TL;DR Card

STA
atoms · card · real-content · dark-mode-tested
#289 do

spec domains

  • #auth @platform
  • #payments @gatekeeper
  • #notifications @author

Spec Domain Tag

STA
atoms · badge · real-content · dark-mode-tested
#290 do
token cost NOMINAL
4,280 tokens
SPEC-014 13% of 32k context

Spec Token Counter

STA
atoms · badge · real-content · dark-mode-tested
#291 do
SPEC-014 v1.3.0

Authenticate via OAuth

snapshot @author

Spec Snapshot Mini

STA
atoms · card · real-content · dark-mode-tested
#292 do

spec touches

DO
CO
DE
GO
SPEC-014 DO + GO

Spec Pillar Overlay

STA
atoms · badge · real-content · dark-mode-tested
#293 do

NEEDS GOVERNANCE REVIEW

SPEC-014 · readiness @gatekeeper

Spec Readiness Light

STA
atoms · badge · real-content · dark-mode-tested
Criteria & Constraints · 17
#003 do
SPEC-014 / AC 5 CLAUSES
  • AC-01 Verified email creates a session
  • AC-02 Unverified email returns 401 within 200ms
  • AC-03 Session expires after 24 hours of inactivity
  • AC-04 Does NOT log credentials to any sink
  • AC-05 Rate-limit triggers at 10 attempts / minute
FILED 2026-05-21 // @platform

Acceptance Criteria Checklist

STA
criteria-and-constraints · list · real-content · dark-mode-tested
#004 go
EXHIBIT B / THREAT MODEL v1.3.0
SEV THREAT MITIGATION OUT-OF-SCOPE
HIGH Credential stuffing on /auth Rate-limit + lockout @ 10/min Botnet behind residential proxies
MED Session token replay Bind to UA + IP fingerprint Mobile NAT roaming churn
LOW OAuth open-redirect Allowlist redirect domains Subdomain takeover detection
HIGH PII in error responses Sanitise + opaque error codes Error timing oracles

Threat Model Table

STA
criteria-and-constraints · list · real-content · dark-mode-tested
#007 go
CONSTRAINT HARD
p99 ≤ 200ms
WHY: Auth latency above 200ms causes mobile retry storms.

Constraint Pin

STA
criteria-and-constraints · stamp · badge · real-content
#301 do
AC-07
GIVEN a verified session WHEN the user posts /checkout THEN tax is computed at the billing-address rate

AC Row (GIVEN/WHEN/THEN)

STA
criteria-and-constraints · real-content · dark-mode-tested · responsive
#302 do
AC-N-03
MUST NOT log credentials or session tokens to any sink WHEN the request body contains an Authorization header
×

Negative AC Row

STA
criteria-and-constraints · real-content · dark-mode-tested · responsive
#303 go
4 MIT
T
Tampering covered

Threat Coverage Cell (STRIDE)

STA
criteria-and-constraints · badge · real-content · dark-mode-tested
#304 do
EDGE AC-09 leap-second tick skips the cache TTL window

Edge Case Tag

STA
criteria-and-constraints · badge · real-content · dark-mode-tested
#305 do
Stripe Tax
last probe 03:42 UTC
TAX-2024-08 every 15m

Integration Assurance Row

STA
criteria-and-constraints · real-content · dark-mode-tested · responsive
#306 do
GUARD
INC-1842 AC-12
silent cart-line drop on retry

Regression Signal Chip

STA
criteria-and-constraints · badge · real-content · dark-mode-tested
#307 go
OUT OF SCOPE
OOS-04 cross-region replication consistency

Out-of-Scope Pill

STA
criteria-and-constraints · badge · real-content · dark-mode-tested
#308 do
FAILURE MODE / FM-03 HIGH
TRIGGER
identity provider returns 5xx mid-flow
BLAST
all new sessions, until IdP recovers
CONTAINED BY
AC-11

Failure Mode Card (Mini)

STA
criteria-and-constraints · card · real-content · dark-mode-tested
#309 do
PASS
AC-08 · CI-7741 · 2026-05-21

AC Pass/Fail Stamp

STA
criteria-and-constraints · stamp · real-content · dark-mode-tested
#310 go
CONSTRAINTS — SPEC-014
p99 ≤ 200ms payload ≤ 256 KB retention 90d region EU only pii none

Constraint Tag Cloud Row

STA
criteria-and-constraints · badge · list · real-content
#311 do
cart.qty BOUNDARY
probe @ 0 probe @ 100

Boundary Condition Marker

STA
criteria-and-constraints · svg · real-content · dark-mode-tested
#312 do
ASSUMPTION ASM-02

Stripe Tax computes rates within 50ms p95 in EU regions

stale after 2026-09-01 @platform

Assumption Pin

STA
criteria-and-constraints · card · stamp · real-content
#313 do
PRE session.verified == true
AC-07

Precondition Tag

STA
criteria-and-constraints · badge · real-content · dark-mode-tested
#314 do
AC-07
POST session.expiresAt == now + 24h

Postcondition Tag

STA
criteria-and-constraints · badge · real-content · dark-mode-tested
Analysis & Lint · 17
#005 go
FAILURE MODES & EFFECTS FMEA
  1. FM-01 Auth provider outage — no degraded path defined
  2. FM-02 Clock skew on session expiry between regions
  3. FM-03 Race: two concurrent logins from same identity
  4. FM-04 Localised error string leaks server-side enum
  5. FM-05 Stale OAuth state nonce kept in memory > 5 min

Failure Modes (FMEA)

STA
analysis-and-lint · list · real-content · dark-mode-tested
#006 do
- v1.2.0RETIRED
+ v1.3.0APPROVED
## Intent
## Intent
Authenticate via OAuth.
Authenticate via OAuth.
Session lifetime: 7 days.
Session lifetime: 24 hours.
Rate limit: 100/min.
Rate limit: 10/min per identity.
- [ ] Verified email -> session
- [ ] Verified email -> session

Spec Diff Viewer

STA
analysis-and-lint · list · real-content · dark-mode-tested
#010 do
SPEC-LINTER · FAIL 4 ISSUES
  • ERR SL001 Missing ## Acceptance Criteria section
  • ERR SL014 Vague term: "secure" — replace with measurable property
  • WARN SL022 No negative criteria (does NOT…) found
  • WARN SL031 Constraint lacks rationale
$ spec-linter specs/SPEC-014.md

Spec Lint Result

STA
analysis-and-lint · list · real-content · dark-mode-tested
#014 de
ICS BREAKDOWN SPEC-014
CLARITY 88VERIFIABILITY 72COMPLETENESS 80CONSTRAINTS 65LINEAGE 95

ICS Scoring Breakdown

STA
analysis-and-lint · svg · chart · real-content
#321 do
// lint finding
SL014 specs/SPEC-038.md:42

Vague term "secure" — replace with measurable property

Lint Finding Row

STA
analysis-and-lint · list · real-content · dark-mode-tested
#322 do
// severity scale
! BLOCKER * IMPORTANT . NICE

Closed set. Every finding is exactly one tier.

Lint Severity Pip

STA
analysis-and-lint · badge · real-content · dark-mode-tested
#323 do
COMPLETENESS 72/100
0 ICS axis 100

ICS Dimension Bar

STA
analysis-and-lint · chart · gauge · real-content
#324 do
ACCEPTANCE COVERAGE 84/100
0 CCS axis 100

CCS Dimension Bar

STA
analysis-and-lint · chart · gauge · real-content
#325 do
// SDS strider cell
TESTABILITY
78 ↑ +6
vs last week

SDS Strider Cell

STA
analysis-and-lint · card · real-content · dark-mode-tested
#326 do
// CSG conflict UNRESOLVED
SPEC-038 vs SPEC-061
surface auth/session.ttl

SPEC-038 mandates 24h; SPEC-061 mandates 12h

CSG Conflict Card

STA
analysis-and-lint · card · real-content · dark-mode-tested
#327 do
// spec health status
HEALTHY WATCH DEGRADED

One pill per spec. Roll-up of ICS, lint, and drift signals.

SHS Status Pill

STA
analysis-and-lint · badge · real-content · dark-mode-tested
#328 do
// SCR vitality
18
specs touched / 7d

SCR Vitality Dot

STA
analysis-and-lint · animated · reduced-motion · badge
#329 do
// spec corpus
24
READY
9
DRAFTING
3
STALE

Spec Corpus Overview Chip

STA
analysis-and-lint · badge · real-content · dark-mode-tested
#330 do
// triggered rules
  • SL001 requires acceptance section
  • SL014 no vague terms
  • SL022 requires negative criteria
  • SL031 constraint needs rationale

Lint Rule Stamp

STA
analysis-and-lint · stamp · badge · real-content
#331 do
LINT SUMMARY SPEC-038
Σ BLOCKERS
2
Σ IMPORTANT
5
Σ NICE
11

Lint Summary Strip

STA
analysis-and-lint · banner · real-content · dark-mode-tested
#332 do
// lint · 12 runs TREND
8 findings

Lint Trend Sparkline (Mini)

STA
analysis-and-lint · svg · chart · real-content
#333 do
// suggested fix SL014
was
must be secure
try
rejects unsigned tokens within 200ms

Fix Suggestion Arrow

STA
analysis-and-lint · svg · navigation · real-content
Lifecycle · 17
#008 do
SPEC-014 v1.2.0
v 1.3.0
APPROVED

Version Pin

STA
lifecycle · stamp · badge · real-content
#009 do
TZ
@author OWNER
The Governor
DO · AUTHOR
LAST TOUCHED 2026-05-21 14:32Z

Spec Owner Card

STA
lifecycle · card · badge · real-content
#013 do
SPEC-014 / INDEX 123 LINES
  1. I Intent 012
  2. II Acceptance Criteria 028
  3. III Constraints 014
  4. IV Failure Modes 022
  5. V Threat Model 031
  6. VI Out-of-Scope 009
  7. VII Approvals & Lineage 007

Spec Index

STA
lifecycle · list · navigation · real-content
#015 go
RE-SPEC REQUIRED 2/5 TRIGGERS
  • RX-01 Acceptance criteria changed upstream
  • ! RX-02 p99 latency drift exceeds 20% over 30 days
  • RX-03 New regulatory constraint applies
  • RX-04 Downstream consumer added a hard dependency
  • ! RX-05 Failure mode FM-01 fired in production

Re-Spec Trigger

STA
lifecycle · list · badge · real-content
#341 do

// lifecycle pip

DRAFT
SPEC-341
SINCE 2026-05-14
Open · mutable · not binding

Draft State Pip

STA
lifecycle · badge · stamp · real-content
#342 do

// lifecycle pip

REVIEW GATE
SPEC-342
4 REVIEWERS · DAY 2/5
Frozen for reading

Review State Pip

STA
lifecycle · badge · stamp · real-content
#343 do

// lifecycle pip

62% DONE
IN-PROGRESS
SPEC-343 · 5/8 CRITERIA

In-Progress State Pip

STA
lifecycle · badge · stamp · real-content
#344 do

// lifecycle pip

100% GREEN
IMPLEMENTED
SPEC-344 · LOAD-BEARING

Implemented State Pip

STA
lifecycle · badge · stamp · real-content
#345 do

SPEC-148 / v2.4.1

Legacy session ttl policy. Superseded by tighter audit controls; retained until consumers migrate.

DEPRECATED
SEE SPEC-204 · SUNSET 2026-09-30

Deprecated State Stamp

STA
lifecycle · stamp · real-content · dark-mode-tested
#346 do

SPEC-077 / v3.0.0 (final)

v1 telemetry pipeline contract. Closed after the v3 fleet cutover; retained for lineage only.

ARCHIVED
CLOSED 2025-11-04 · LINEAGE ONLY

Archived Stamp

STA
lifecycle · stamp · real-content · dark-mode-tested
#347 do

// spec age

14 DAYS
DRAFTED AGO SPEC-347

Spec Age Chip

STA
lifecycle · badge · real-content · dark-mode-tested
#348 do

// re-spec window

5 DAYS
RE-SPEC DUE TRIGGER RX-02 · SPEC-348

Re-Spec Due Stamp

STA
lifecycle · stamp · badge · real-content
#349 do

// transition

REVIEW approve IN-PROG
state → state

Transition Arrow

STA
lifecycle · svg · navigation · real-content
#350 do

// ownership handoff

FROM
AUTHOR
TO
ARCHITECT
2026-05-21 09:14Z

Spec Ownership Handoff Row

STA
lifecycle · list · badge · real-content
#351 do
// lifecycle · spec-351
day 1 IN-PROG day 30

Lifecycle Timeline Dot

STA
lifecycle · svg · timeline · real-content
#352 do

// version bump

FROM v1.3.0
TO v1.4.0
MINOR BUMP

Version Bump Stamp

STA
lifecycle · stamp · badge · real-content
#353 do

SPEC-353 / v1.4.0

Public retention contract. Visible on the consumer portal; pinnable by downstream callers from this moment.

PUBLISHED
2026-05-21 · v1.4.0

Publish Stamp

STA
lifecycle · stamp · real-content · dark-mode-tested
Alpha · Honest about it

The framework is real.
The community is forming now.

DoCoDeGo is in Alpha. The framework is documented, the practices are battle-tested at small scale, and the next release is being shaped in public.

If it produces anything, it should produce engineers and teams who think more clearly about what they are building and why.

Two doors in
Join the Discord

Discord is where specs are debated, the framework gets sharper, and decisions land in writing. The conversation is the artefact.