Raxx · internal docs

internal · gated ↑ index

Grooming summary — 2026-05-03 (Velvet pass) Run by: raxx-ops-bot

Cards groomed

Velvet epic sub-cards (#908–#918)

All 11 sub-cards promoted from needs-grooming to groomed. PM-authored cards were well-formed: user story, scoped work, acceptance criteria checklist, parent epic reference (#907 -> #81), and three-label minimum all present. Dependency graph verified against epic card slate (below).

Card	Title	Label change
#908 (V1)	Scaffold Heroku app pair + Postgres add-on	needs-grooming -> groomed
#909 (V2)	GET /tokens/{name} read-through proxy	needs-grooming -> groomed
#910 (V3)	rotation_jobs Postgres schema + migration	needs-grooming -> groomed
#911 (V4)	POST /tokens/{name}/rotate kickoff + poll endpoint	needs-grooming -> groomed
#912 (V5)	Service-token auth middleware + rotation-authz matrix	needs-grooming -> groomed
#913 (V6)	AWS SSM Parameter Store integration	needs-grooming -> groomed
#914 (V7)	Postmark rotation handler	needs-grooming -> groomed
#915 (V8)	Heroku rotation handler	needs-grooming -> groomed
#916 (V9)	Cloudflare User API token handler	needs-grooming -> groomed
#917 (V10)	Migrate first console callsite to Velvet	needs-grooming -> groomed
#918 (V11)	Operator runbook + handler-author guide	needs-grooming -> groomed

Architect H12 sub-cards (#901–#905)

All 5 cards promoted to groomed (no prior grooming label; filed without one).

Card	Title	Label change	Notes
#901	Remove synchronous run_id poll; return 202	added groomed	Covered by PR #921; will close on merge
#902	Lazy run_id resolution in GET /deploys/	added groomed	Covered by PR #921
#903	Modal JS: accept 202; show waiting-for-run	added groomed	Minor: body formatting thin; size:s label vs "XS" in body (cosmetic)
#904	Callback back-fill run_id when row is null	added groomed	Minor: single-paragraph body; ACs readable but unformatted
#905	Reconciler secondary match by (surface+time)	added groomed	Non-blocking; can land after flag is on in prod

Mobile UX cards (#892–#897)

All 6 already carried groomed from yesterday's pass. Labels confirmed intact. No action required.

Minor observation: #892 carries type:infrastructure but is a frontend UX enhancement. Not worth a re-touch on an already-groomed card; flag for cleanup if a label-hygiene pass runs.

Yesterday's sandbox-blocked cards (#801, #803, #804, #806, #807)

Labels confirmed present as of this run. All 5 still carry needs-grooming. The blocking issues are substantive (missing acceptance criteria / epic links / unclear scope) and require human input before they can advance. No change made; status unchanged from yesterday's groomer report.

Velvet dependency graph verification

Epic #907 card slate vs. actual issue numbers:

Slot	Filed as	Issue	Deps declared in body	Matches epic?
V1	#908	Scaffold app pair	none	correct
V2	#909	GET /tokens proxy	#908 (V1)	correct
V3	#910	rotation_jobs schema	#908 (V1)	correct
V4	#911	POST /rotate kickoff	#909 (V2) + #910 (V3)	correct
V5	#912	Auth middleware	#908 (V1)	correct
V6	#913	SSM integration	#909 (V2)	correct
V7	#914	Postmark handler	#911 (V4)	correct
V8	#915	Heroku handler	#914 (V7) + console #891 PR	correct (extra dep on #891 fix noted)
V9	#916	CF token handler	#914 (V7)	correct
V10	#917	Migrate first callsite	#909 (V2)	correct
V11	#918	Runbook + author guide	#914 (V7) + #915 (V8) + #916 (V9)	correct

Dependency graph in #907 is correct. No diff required.

Open decisions to flag for human review

D2 (SSM path shape): Not resolved. V6 (#913) is explicitly gated on D2 confirmation. Do not pull V6 until /raxx/{env}/{vendor}/{name} path prefix is confirmed or an alternative is chosen. Decision needed before M2.
D3 (auth model): Not resolved. V5 (#912) stubs with a single VELVET_API_KEY. All Velvet endpoints in prod will share one key until D3 is resolved. V5 comment notes this explicitly. Low risk for M1 internal use; needs resolution before any external caller is added.
#891 (Heroku handler CLI bug): V8 (#915) cannot start until the console PR fixing #891 merges. That PR ports the CLI-free implementation. If #891 is still open at M3 sprint planning, flag as a blocker.
PR #921 / #901-#903: Three architect cards land as one PR. When #921 merges, close #901, #902, #903. Do not close prematurely.

Structural concerns

None. Velvet epic is well-designed: clear milestones (M1/M2/M3), atomic cards, no "and" issues, full AC coverage. The parallel migration strategy (D5) is sound — vault.py stays live during transition, per-credential flags route new cards through Velvet one at a time.

Summary

Scanned: 16 target issues (11 Velvet + 5 architect; mobile UX and blocked cards confirmed by label check only)
Marked ready (groomed): #908, #909, #910, #911, #912, #913, #914, #915, #916, #917, #918, #901, #902, #903, #904, #905 (16 total)
Marked needs-grooming: 0 new this pass
Proposed splits: none
Skipped (already groomed): #892-#897, #907
Blocked (no change): #801, #803, #804, #806, #807

Human decisions needed: - D2: confirm SSM path shape before V6 (#913) is pulled - D3: plan auth model resolution; V5 (#912) stub is M1-acceptable, not prod-long-term - #891: confirm console PR is merged before V8 (#915) sprint planning - #921: close #901, #902, #903 when PR merges

Auto-generated from docs/ in raxx-app/TradeMasterAPI. Gated behind Cloudflare Access. Re-deployed on every push to main.