> For the complete documentation index, see [llms.txt](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/sessions/phase16-session02-backend-endpoint-parity-write-safety/tasks.md).

# Task Checklist

**Session ID**: `phase16-session02-backend-endpoint-parity-write-safety` **Total Tasks**: 25 **Estimated Duration**: 3-4 hours **Created**: 2026-06-02

***

## Legend

* `[x]` = Completed
* `[ ]` = Pending
* `[P]` = Parallelizable (can run with other \[P] tasks)
* `[SNNMM]` = Session reference (NN=phase number, MM=session number)
* `TNNN` = Task ID

***

## Progress Summary

| Category       | Total  | Done   | Remaining |
| -------------- | ------ | ------ | --------- |
| Setup          | 3      | 3      | 0         |
| Foundation     | 6      | 6      | 0         |
| Implementation | 13     | 13     | 0         |
| Testing        | 3      | 3      | 0         |
| **Total**      | **25** | **25** | **0**     |

***

## Setup (3 tasks)

Initial state confirmation and session evidence preparation.

* [x] T001 \[S1602] Verify Session 01 prerequisite, Phase 16 source anchors, and current bridge extension points (`.spec_system/specs/phase16-session02-backend-endpoint-parity-write-safety/implementation-notes.md`)
* [x] T002 \[S1602] Map existing admin guardrails for reuse before adding writes (`.spec_system/specs/phase16-session02-backend-endpoint-parity-write-safety/implementation-notes.md`)
* [x] T003 \[S1602] Create implementation notes scaffold with endpoint inventory and validation log sections (`.spec_system/specs/phase16-session02-backend-endpoint-parity-write-safety/implementation-notes.md`)

***

## Foundation (6 tasks)

Core helper and fixture work needed before endpoint implementation.

* [x] T004 \[S1602] \[P] Add read endpoint response interfaces and safe local-reader constants for connections, profiles, templates, missions, and documents (`scripts/lib/hermes-dev-bridge.ts`)
* [x] T005 \[S1602] \[P] Add `confinePath(base, userValue)` plus bounded raw-body and confirmation helpers with explicit error mapping (`scripts/lib/hermes-admin-bridge.ts`)
* [x] T006 \[S1602] Refactor existing persona path resolution to reuse `confinePath` without changing current persona behavior (`scripts/lib/hermes-admin-bridge.ts`)
* [x] T007 \[S1602] Add shared spawn/git execution helper with argv arrays, timeout, output cap, redaction, and process cleanup (`scripts/lib/hermes-admin-bridge.ts`)
* [x] T008 \[S1602] \[P] Add dev bridge fixtures for Hermes home files, documents, missions, profiles, and connection metadata (`scripts/lib/__tests__/hermes-dev-bridge.test.ts`)
* [x] T009 \[S1602] \[P] Add admin bridge fixtures and shared assertions for preflight, body cap, traversal, confirmation, and spawn safety (`scripts/lib/__tests__/hermes-admin-bridge.test.ts`)

***

## Implementation (13 tasks)

Backend endpoint parity and write-safety implementation.

* [x] T010 \[S1602] Implement `/__hermes_connections` as a loopback-only bounded read with sanitized connection statuses and deterministic ordering (`scripts/lib/hermes-dev-bridge.ts`)
* [x] T011 \[S1602] Implement `/__hermes_profiles` and `/__hermes_pantheon_templates` reads with profile token gating, bounded parsing, fallback states, and no secret exposure (`scripts/lib/hermes-dev-bridge.ts`)
* [x] T012 \[S1602] Implement `/__hermes_missions` and `/__hermes_documents` GET/file/trash reads with bounded pagination, deterministic ordering, symlink refusal, and path confinement (`scripts/lib/hermes-dev-bridge.ts`)
* [x] T013 \[S1602] Implement `POST /__hermes_image_upload` with preflight, content-type allow-list, raw body cap, confined cache writes, unique filenames, and sanitized response fields (`scripts/lib/hermes-admin-bridge.ts`)
* [x] T014 \[S1602] Implement mission state helpers and `create`, `tick`, and `clear` writes with schema validation, atomic replacement, idempotent state handling, confirmation for clear, and explicit error mapping (`scripts/lib/hermes-admin-bridge.ts`)
* [x] T015 \[S1602] Implement `POST /__hermes_missions/optimize` with prompt bounds, skill-read fallback errors, argv-array Hermes spawn, timeout cleanup, output cap, JSON extraction, and redacted failures (`scripts/lib/hermes-admin-bridge.ts`)
* [x] T016 \[S1602] Implement `POST /__hermes_pantheon_sync` with confined mirror resolution, explicit confirmation, argv-array git operations, timeout cleanup, output cap, and sanitized audit logging (`scripts/lib/hermes-admin-bridge.ts`)
* [x] T017 \[S1602] Implement document delete, restore, and trash purge writes with reversible soft-delete, non-clobbering restore, confirmation gates, traversal refusal, symlink refusal, and compensation on failure (`scripts/lib/hermes-admin-bridge.ts`)
* [x] T018 \[S1602] Implement `POST /__hermes_obsidian` with explicit vault allow-list resolution, confined symlink/write behavior, confirmation gate, denied-vault handling, and sanitized output (`scripts/lib/hermes-admin-bridge.ts`)
* [x] T019 \[S1602] Register all new admin endpoints with method-aware fallthrough, endpoint/outcome audit logging, and no-store JSON responses (`scripts/lib/hermes-admin-bridge.ts`)
* [x] T020 \[S1602] Extend dev bridge tests for endpoint registration, method rejection, loopback rejection, profile token rejection, read fallback states, and document path refusal (`scripts/lib/__tests__/hermes-dev-bridge.test.ts`)
* [x] T021 \[S1602] Extend admin bridge tests for `confinePath`, image upload, mission create/optimize/tick/clear, preflight failures, body caps, traversal, confirmation, argv safety, and timeout cleanup (`scripts/lib/__tests__/hermes-admin-bridge.test.ts`)
* [x] T022 \[S1602] Extend admin bridge tests for Pantheon sync, document delete/restore/purge, Obsidian allow-list writes, git argv safety, symlink refusal, redaction, and sanitized errors (`scripts/lib/__tests__/hermes-admin-bridge.test.ts`)

***

## Testing (3 tasks)

Focused verification and closeout.

* [x] T023 \[S1602] Run focused Hermes bridge tests and fix failures (`scripts/lib/__tests__/hermes-admin-bridge.test.ts`)
* [x] T024 \[S1602] Run script typecheck and fix bridge TypeScript errors (`tsconfig.scripts.json`)
* [x] T025 \[S1602] Validate ASCII/LF, run `git diff --check`, and update final implementation notes (`.spec_system/specs/phase16-session02-backend-endpoint-parity-write-safety/implementation-notes.md`)

***

## Completion Checklist

Before marking session complete:

* [x] All tasks marked `[x]`
* [x] All tests passing
* [x] All files ASCII-encoded
* [x] implementation-notes.md updated
* [x] Ready for the validate workflow step

***

## Next Steps

Run the implement workflow step to begin AI-led implementation.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/sessions/phase16-session02-backend-endpoint-parity-write-safety/tasks.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
