> For the complete documentation index, see [llms.txt](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/sessions/phase25-session06-active-mission-rail-progress/security-compliance.md).

# Security Compliance

**Session ID**: `phase25-session06-active-mission-rail-progress` **Created**: 2026-06-08 16:21 **Last Updated**: 2026-06-08 16:37

***

## Scope

This session adds presentation-only active mission rail and progress geometry inside the existing Mission Control read surface.

## Security Posture

* No bridge endpoint is added or changed.
* No mission read or write contract field is added or changed.
* Rail tick controls must call the existing Mission Control tick handler.
* Existing write guards remain owned by `useHermesAdmin`, `canWrite`, demo mode, token status, admin mode, and the parent component busy state.
* Browser-visible rail state may include mission titles, goal text, actor labels, estimates, and status only.
* Browser-visible rail state must not include tokens, auth headers, local paths, raw bridge errors, environment values, or private generated mission files.

## BQC Focus

* Duplicate action prevention: rail write/copy controls must respect existing in-flight busy state.
* State freshness on re-entry: selected rail goal must revalidate when mission identity or goal list changes.
* Failure path completeness: rail callbacks use existing parent feedback and bounded error paths.
* Accessibility: rail navigation must expose reachable, labeled controls.
* Resource cleanup: keyboard, scroll, or resize listeners must be removed when the rail unmounts or dependencies change.

## Verification Log

* Focused tests passed: 2 files, 43 tests.
* Typecheck passed: `bun run typecheck`.
* Lint passed: `bun run lint`.
* Diff whitespace passed: `git diff --check`.
* ASCII and LF validation passed for session-touched files.
* Desktop and mobile browser overflow review passed on `/agents/hermes` Mission tab: 0 px document overflow in both viewports, and no rail children exceeded rail bounds.
* No new bridge endpoint, storage path, mission contract field, token exposure, raw bridge error display, or admin-gate bypass was introduced.

***


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/sessions/phase25-session06-active-mission-rail-progress/security-compliance.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
