> For the complete documentation index, see [llms.txt](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/sessions/phase29-session12-security-lens/tasks.md).

# Task Checklist

**Session ID**: `phase29-session12-security-lens` **Total Tasks**: 23 **Estimated Duration**: 3-4 hours **Created**: 2026-06-21

***

## Legend

* `[x]` = Completed
* `[ ]` = Pending
* `[P]` = Parallelizable (can run with other \[P] tasks)
* `[SNNMM]` = Session reference (NN=phase number, MM=session number)
* `TNNN` = Task ID

***

## Progress Summary

| Category       | Total  | Done   | Remaining |
| -------------- | ------ | ------ | --------- |
| Setup          | 2      | 2      | 0         |
| Foundation     | 5      | 5      | 0         |
| Implementation | 12     | 12     | 0         |
| Testing        | 4      | 4      | 0         |
| **Total**      | **23** | **23** | **0**     |

***

## Setup (2 tasks)

Initial configuration and environment preparation.

* [x] T001 \[S2912] Verify analyzer state, completed prerequisite sessions, Phase 29 progress, and Session 12 stub scope before implementation (`.spec_system/PRD/phase_29/session_12_security_lens.md`)
* [x] T002 \[S2912] Inspect current keyword-pack, source-breakdown, schema, Workbench, static Brief, QA, payload-size, and test patterns before editing (`scripts/lib/ai-runtime/source-breakdown.ts`)

***

## Foundation (5 tasks)

Core structures and base implementations.

* [x] T003 \[S2912] \[P] Create security-lens helper contract with schema-validated input, severity/action constants, bounded citations, deterministic ordering, and explicit unavailable output (`scripts/lib/ai-runtime/security-lens.ts`)
* [x] T004 \[S2912] \[P] Add `TrendSecurityRelevance` constants, schema, defaults, type exports, topic field, cited-evidence validation, and required-derived-field registration (`src/extensions/trend-finder/schema.ts`)
* [x] T005 \[S2912] \[P] Add security relevance labels, tones, summaries, action-item chips, and export-safe projection helpers (`src/extensions/trend-finder/view-model.ts`)
* [x] T006 \[S2912] Add source-breakdown integration for security relevance derivation with cleanup on scope exit for all acquired resources and unavailable fallback on derivation errors (`scripts/lib/ai-runtime/source-breakdown.ts`)
* [x] T007 \[S2912] Add Signal Workbench security filter state, facets, summaries, row fields, and revalidation on new run payload (`src/extensions/trend-finder/signal-workbench-model.ts`)

***

## Implementation (12 tasks)

Main feature implementation.

* [x] T008 \[S2912] Reuse the existing reviewed `security` keyword category for matching without widening source declarations or mutating keyword packs (`scripts/extensions/trend-finder/sources/keyword-packs.ts`)
* [x] T009 \[S2912] Implement security evidence matching across normalized topic/evidence/source fields with bounded pagination, validated filters, deterministic ordering, and privacy-safe field access (`scripts/lib/ai-runtime/security-lens.ts`)
* [x] T010 \[S2912] Implement severity selection and named informational action items with bounded taxonomy, exhaustive reason handling, and no executable-remediation copy (`scripts/lib/ai-runtime/security-lens.ts`)
* [x] T011 \[S2912] Project security relevance into Brief export documents with cited evidence labels and browser-safe action-item text (`src/extensions/trend-finder/brief-export-model.ts`)
* [x] T012 \[S2912] Include security lens rows in the static Brief report contract with schema-validated input and explicit unavailable mapping (`scripts/extensions/trend-finder/static-brief-export.ts`)
* [x] T013 \[S2912] Add accessible Signal Workbench security filter controls with state reset or revalidation on re-entry (`src/extensions/trend-finder/components/signal-workbench-controls.tsx`)
* [x] T014 \[S2912] Render bounded security severity and action chips in Workbench rows with platform-appropriate accessibility labels, focus management, and input support (`src/extensions/trend-finder/components/signal-workbench-table.tsx`)
* [x] T015 \[S2912] Render static Brief security lens callout and empty state with bounded citations and no raw source payload access (`scripts/extensions/trend-finder/static-brief-renderer.ts`)
* [x] T016 \[S2912] Add static Brief QA for security lens rows with private-field rejection, cited-evidence validation, and explicit error mapping (`scripts/extensions/trend-finder/static-brief-qa.ts`)
* [x] T017 \[S2912] Add payload-size tracking for `data.topics[].securityRelevance` with branch size visibility in normal payload reports (`scripts/extensions/trend-finder/measure-payload-size.ts`)
* [x] T018 \[S2912] Document the security-lens derivation, source boundary, unavailable states, and privacy behavior without claiming new sources (`docs/extensions/trend-finder-pipeline.md`)
* [x] T019 \[S2912] Document the Workbench filter and static Brief security callout behavior as shipped UI, not planned behavior (`docs/extensions/trend-finder-ui-surfaces.md`)

***

## Testing (4 tasks)

Verification and quality assurance.

* [x] T020 \[S2912] \[P] Add security-lens and source-breakdown tests for security fixtures, non-security unavailable output, severity/action bounds, deterministic ordering, and private-string rejection (`scripts/lib/ai-runtime/__tests__/security-lens.test.ts`)
* [x] T021 \[S2912] \[P] Add schema, view-model, and Signal Workbench tests for legacy defaults, required-derived registration, filtering, facets, row chips, re-entry reset, and empty states (`src/extensions/trend-finder/__tests__/signal-workbench-model.test.ts`)
* [x] T022 \[S2912] \[P] Add static Brief export, renderer, QA, and payload-size tests for security callout rendering, cited-evidence bounds, branch visibility, and privacy cleanliness (`scripts/extensions/trend-finder/__tests__/static-brief-renderer.test.ts`)
* [x] T023 \[S2912] Run focused Vitest suites, script typecheck if runtime files change, payload-size reporting, static Brief privacy checks, and ASCII validation for session files (`package.json`)

***

## Completion Checklist

Before marking session complete:

* [x] All tasks marked `[x]`
* [x] All tests passing
* [x] All files ASCII-encoded
* [x] implementation-notes.md updated
* [x] Ready for the validate workflow step

***

## Next Steps

Run the validate workflow step to verify session completeness.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/sessions/phase29-session12-security-lens/tasks.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
