Risk Register
:::info Source
Sourced from services/sync-service/SERVICE_RISK_REGISTER.md in the documentation repo.
:::
| ID | Risk | Sev | Impact | Mitigation | Owner |
|---|---|---|---|---|---|
| R-SY-01 | Offline bundle tamper / device-binding bug | S1 | Content piracy; license bypass | HMAC verification; device binding; tamper event | Sync + Content + Security |
| R-SY-02 | VectorClock semantics regression | S1 | Data corruption; wrong resolution | Frozen (F06); property tests; never change semantics | Sync |
| R-SY-03 | Sync protocol breaking change | S1 | All offline clients broken | Frozen (F07); additive only; v2 if needed | Sync |
| R-SY-04 | Cross-tenant mutation injection | S1 | Data leak | JWT + RLS + scope validation; iso tests | Sync + Security |
| R-SY-05 | Yjs doc corruption (M5) | S2 | Author data loss | Periodic snapshots; replay from log; repair tool; pre-merge backup | Sync + Authoring |
| R-SY-06 | Delta projection lag → stale pulls | S2 | UX (stale data) | Autoscale projector; alert; documented eventual consistency | Sync + SRE |
| R-SY-07 | Full-resync wave (cursor bug) | S2 | System load spike | Rate limit; emergency fix; gradual resync scheduling | Sync + SRE |
| R-SY-08 | Client mutation loss (local store corruption) | S2 | Data loss | Client-side integrity checks; backup to secure storage; warn user | Sync + Client |
| R-SY-09 | Conflict resolution UX confusing | S3 | Author frustration | Clear side-by-side diff; AI suggestions; "keep mine" / "keep server" / "merge" | Sync + UX |
| R-SY-10 | Offline duration > 30 days → full resync | S3 | UX disruption | Warn at 7d; read-only at 14d; full-resync at 30d; progressive messaging | Sync + UX |
| R-SY-11 | HMAC verification false positive | S3 | Legitimate mutation rejected | Device re-key flow; manual override by admin | Sync + Security |
| R-SY-12 | Device health monitoring stale | S3 | Missed disconnected devices | health-monitor runs every 5 min; alert on stale > 48h | Sync + SRE |
| R-SY-13 | Multi-region sync routing latency | S3 | Slow sync for traveling users | Nearest-region routing; consider region affinity | Sync + SRE |
| R-SY-14 | GDPR erasure incomplete in sync tables | S1 | Regulator | Saga participation; replay test; cursors + mutations + conflicts deleted | Compliance + Sync |
| R-SY-15 | AI merge suggestion wrong | S3 | Author confusion | HITL mandatory; manual fallback; undo within 30 days | Sync + AI |
Governance
- Weekly: Sync Eng + Content + Security review.
- VectorClock property tests run on every PR.
- Protocol compliance verified against client SDKs every release.