> For the complete documentation index, see [llms.txt](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/sessions/phase21-session01-pricing-daily-activity-accuracy/security-compliance.md).

# Security Compliance

**Session ID**: `phase21-session01-pricing-daily-activity-accuracy` **Created**: 2026-06-02 13:53 **Last Updated**: 2026-06-02 14:31

***

## Scope

This session changes local usage aggregation, pricing metadata, validation, and home transforms. It does not add network calls, credential access, database schema changes, or new client dependencies.

***

## Privacy Posture

* Scanner changes must keep raw JSONL prompts, transcripts, command output, credentials, and private paths out of browser-visible generated data.
* Daily session counts may use JSONL file paths as in-memory identity keys, but emitted `daily[]` rows expose only aggregate counts, tokens, messages, costs, and dates.
* The committed `src/data/live-data.example.json` update must use sanitized example values only. `src/data/live-data.json` remains generated private data and must not be committed by this session.
* Pricing warnings may identify model IDs already present in model-usage aggregate rows, but must not expose transcript content, file paths, or credential-derived details.

***

## Degradation Posture

* Exact current AI OS prices remain authoritative.
* Claude-family fallback prices are counted only for Claude Opus, Sonnet, and Haiku model names.
* Genuinely unknown models return an unpriced state and are excluded from spend totals instead of being silently reported as a priced zero-dollar row.
* Aggregate output must continue when malformed JSONL rows, missing timestamps, unknown models, or legacy daily rows are encountered.

***

## BQC Coverage

* **Trust boundary enforcement**: Live-data validation accepts optional `daily[].sessions` only when it is a finite non-negative number.
* **Failure path completeness**: Unknown pricing emits warning metadata while preserving token and message visibility.
* **Contract alignment**: Types, validator, example data, aggregate emission, and home transforms are updated together.
* **Error information boundaries**: Browser-visible output continues to expose aggregate metadata only, not raw scanner inputs.

***

## Sign-off

Final implementation sign-off complete. Focused tests, full Vitest, app typecheck, script typecheck, ASCII validation, and LF validation passed.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/sessions/phase21-session01-pricing-daily-activity-accuracy/security-compliance.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
