Phase 1 Taskboard Reconciliation
The taskboard is the execution source of truth for OneProtect Phase 1. It must separate three different kinds of work:
- MVP proof: work needed to make the three pillars credible in demos and early customer validation.
- GA hardening: production depth needed before a broader release.
- AWS operations: deployment and environment work that keeps dev/staging/prod safe, but should not crowd out product-pillar progress.
Current Reconciliation
The board now treats AWS dev bootstrap and first protected Helm deployment as done based on the operator handoff. Public endpoint HTTPS/DNS validation remains open because Namecheap/ACM/CloudFront validation is an operator-controlled final step.
The immediate product sequence is:
- Time-boxed auditor session enforcement.
- SIEM deterministic rule expansion.
- Intune/M365 posture connector.
The following are not first-pull runtime tasks unless explicitly approved:
- OPA/ABAC runtime integration.
- Keycloak in AWS EKS.
- Browser SSH runtime.
- Endpoint agent binary implementation.
- SIEM syslog TLS receiver.
- 10K endpoint load testing.
Those tasks remain visible, but they are scoped as architecture decisions, runtime risk items, or GA hardening rather than automatic immediate P1 work.
Review Rule
When adding tasks, do not label every client-visible or production-useful item as immediate P1. First decide whether it is MVP proof, GA hardening, or AWS operations. Then add acceptance criteria narrow enough to finish in one branch.