docs(security): #215 Track 1 — declare MCP-transport trust boundary (SOC2-01)

[Knapp-Kevin]

Summary

Closes Track 1 of BicameralAI/bicameral-daemon#9 (SOC 2 audit gap SOC2-01, P0/H). Track 2 (auth shim design) remains open; gated on team-mode evolving into a server-mediated tier per the operator's 2026-05-14 team-server priority directive.

This PR ships docs only — the compliance posture statement that closes the perception gap an SOC 2 reviewer flags immediately. The substantive gap (no auth on shared-deployment MCP transports) is closed by Track 2's auth shim, which depends on team-mode evolving past the v0 pull-based BackendAdapter posture.

What's in the canonical doc

`docs/policies/threat-model-and-trust-boundary.md` (new, ~140 lines) contains:

• Load-bearing scope statement: ""bicameral-mcp is a local-install developer tool. The trust boundary is the OS user account. Multi-user, hosted, or shared-machine deployments are out of scope; team-mode requires the Track 2 auth shim before such activation.""
• In/out-of-scope deployment table (single-laptop, team-mode via Google Drive / local-folder, shared dev VM, shared CI runner, hosted multi-team instance, future team-server tier).
• The MCP stdio transport surface — what's enforced server-side and where the trust terminates.
• v0 team-mode posture (post-chore(team-server): scale down to v0-conformant remote event-log store; remove self-hosted server runtime #242): BackendAdapter from [v0-productization §3] Pull-based meeting ingestion — sync-and-brief CLI + SessionStart hook + source pullers #279 Phase 2 inherits filesystem-ACL trust but does NOT elevate the MCP transport's trust boundary.
• Why Track 1 ships now vs. why Track 2 is deferred (and on what activation gate).
• Operator pre-deployment checklist.

Anchors (cross-refs only — no duplication)

• `SECURITY.md` gains a one-section ""Threat model and trust boundary"" anchor with the load-bearing sentence + link to the canonical doc.
• `docs/policies/acceptable-use.md` § 3 (existing ""Multi-tenant deployment without an auth shim"") links to the canonical doc.
• `docs/policies/host-trust-model.md` disambiguates host-side vs. transport-side trust concerns and points at the new doc.

Compliance evidence

• `docs/research-brief-compliance-audit-2026-05-06.md` SOC2-01 row annotated with ""Track 1 completed 2026-05-14"" + Track 2 status.

BicameralAI/bicameral-daemon#34 doctrine

`governance-gates.yaml` is intentionally not updated in this cycle. There is no deterministic enforcement code to point at until Track 2 ships the auth shim. Adding a no-enforcement gate entry would invert the doctrine. Track 2's plan will be the cycle that adds the gate entry.

Test plan

• Manual review of all five doc files
• `python scripts/lint_skill_governance.py` clean (no regression from this cycle)
• No code changes; no tests required by the audit gate

Plan + audit

• Plan: `plan-215-trust-boundary-track1.md` (not committed; lives in the operator's local workspace per `c206ad4` policy)
• Audit: `qor-judge` PASS at L1

🤖 Generated with Claude Code

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a0e050a8-cf92-4c66-8776-a6b3bdbf399e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/215-trust-boundary-track1

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}