UAPI GLM 5.2 Unified Login First Wedge Risks 2026-06-22
GLM 5.2 risk register and mitigations for one login across UAI layers in the first wedge.
Promotion Metadata
- Source feedback id:
124 - Source feedback ids:
124 - Promotion request id:
55 - Feedback category:
beneficial - Feedback source:
[REDACTED:high-entropy] - Feedback created at:
2026-06-22T18:27:40.854700+00:00 - Target slug:
[REDACTED:high-entropy] - Review state:
review - Reviewer note: AI lane auto-promoted redacted feedback into internal catalog context.
Source Feedback Body
Feedback 124
- Product:
uapi - Category:
beneficial - Related slug:
[REDACTED:high-entropy] - Source:
[REDACTED:high-entropy] - Created at:
2026-06-22T18:27:40.854700+00:00
GLM 5.2 — Unified Login First Wedge Risks
Date: 2026-06-22 Lane: Unified login / auth (first wedge) Sources: contract-fit-review, adapter-boundary-and-demo-plan (same date), agent-work-queue-v1-scaleout. Assumptions: One login flows across Explorer, Cortex, Beacon, UAPI, Cadence/Interpreter, Conductor/Foundry. No Explorer auth used in this artifact.
Scope
A single LoginSession must gate access across six surfaces. Each surface has different trust assumptions and failure modes. Risks below assume the first wedge mock only — real provider activation is Grok-lane-gated.
Risks and Mitigations
R1: Cross-lane privilege escalation
- Risk: A principal authorized for Interpreter (embedding lane) replays the session against Conductor or Foundry and receives dispatch they should not have.
- Mitigation: LoginSession carries
lane. Every gate checks session lane against operation lane. See T9.
R2: Role explosion across surfaces
- Risk: Six surfaces × N roles each creates an unmanageable role matrix. Principals accumulate unintended permissions.
- Mitigation: Roles map to lanes, not surfaces. A role unlocks a lane; the lane determines which surfaces are reachable. Keep role set flat:
operator,viewer,service-provider,agent-dispatcher,device-endpoint,hardware-researcher.
R3: Session token leakage across surfaces
- Risk: One token accepted by all six surfaces means compromise at any surface exposes all lanes.
- Mitigation: Session carries
lanescoping. Surfaces must reject sessions whose lane does not match. Future: per-surface derived tokens from root session (post-wedge).
R4: Identity gate as single point of failure
- Risk: Interpreter owns identity validation. If Interpreter is unavailable, no login succeeds across any surface.
- Mitigation: First wedge is local-only; no HA requirement yet. Post-wedge: session validation must be cacheable with signed expiry so downstream surfaces can validate offline.
R5: Stale session after role revocation
- Risk: Principal has role revoked in Explorer but existing LoginSession remains valid until expiry.
- Mitigation: Short
expires_atin first wedge (minutes, not hours). Post-wedge: revocation channel from Explorer to Interpreter.
R6: AI-agent principal abuse
- Risk:
agent-dispatcherrole allows autonomous job submission. A compromised or buggy agent floods the queue. - Mitigation: Placement Gate enforces per-session rate limit. Conductor rejects if queue depth exceeds threshold for a single
correlation_idfamily.
R7: Device principal lane confusion
- Risk:
device-endpointrole onnuc-edge-07is accepted by a non-device surface (e.g., Cortex). - Mitigation: Lane field restricts device sessions to
device-local. Non-device surfaces rejectdevice-localsessions unconditionally.
R8: EventEnvelope correlation break across surfaces
- Risk: Events emitted by different surfaces lose the originating
correlation_id, breaking audit trail. - Mitigation:
correlation_idis copied from LoginSession at session creation and threaded through every EventEnvelope. Acceptance Gate validates lineage completeness.
Risk Posture
First wedge is acceptable with R1–R3 mitigated by lane scoping and R5 mitigated by short expiry. R4 and R6 are post-wedge concerns. No risk in this wedge requires Explorer auth or live infra.
Blockers
- Codex must confirm role enumeration and lane-to-role mapping before mitigations are testable.
- Session expiry window needs Codex decision (proposed: 15 minutes for wedge).
Next Handoff
→ Codex: confirm role set, lane mapping, session expiry. → GLM: update test matrix with expiry and rate-limit assertions once confirmed.