Security Section Migration

[Ethan-Arrowood]

Security Section Migration

Summary

Migration of Security documentation from versioned_docs into the new reference_versioned_docs/version-v4/security/ structure.

Files Created

• reference_versioned_docs/version-v4/security/overview.md
• reference_versioned_docs/version-v4/security/basic-authentication.md
• reference_versioned_docs/version-v4/security/jwt-authentication.md
• reference_versioned_docs/version-v4/security/mtls-authentication.md
• reference_versioned_docs/version-v4/security/certificate-management.md
• reference_versioned_docs/version-v4/security/certificate-verification.md
• reference_versioned_docs/version-v4/security/cors.md
• reference_versioned_docs/version-v4/security/ssl.md
• reference_versioned_docs/version-v4/security/users-and-roles.md
• migration-context/link-placeholders/security-link-placeholders.md

Source Files Used

overview.md

• versioned_docs/version-4.7/developers/security/index.md (primary)
• versioned_docs/version-4.7/developers/security/configuration.md (CORS/SSL overview)

basic-authentication.md

• versioned_docs/version-4.7/developers/security/basic-auth.md (primary)

jwt-authentication.md

• versioned_docs/version-4.7/developers/security/jwt-auth.md (primary)

mtls-authentication.md

• versioned_docs/version-4.7/developers/security/mtls-auth.md (primary)
• release-notes/v4-tucker/4.3.0.md (confirmed mTLS introduction)

certificate-management.md

• versioned_docs/version-4.7/developers/security/certificate-management.md (primary)
• release-notes/v4-tucker/4.4.0.md (dynamic certificate management)
• release-notes/v4-tucker/4.5.0.md (certificate revocation)

certificate-verification.md

• versioned_docs/version-4.7/developers/security/certificate-verification.md (primary)
• release-notes/v4-tucker/4.5.0.md (revocation support)
• release-notes/v4-tucker/4.7.0.md (OCSP support confirmed)

cors.md

• versioned_docs/version-4.7/developers/security/configuration.md (CORS section, primary)

ssl.md

• versioned_docs/version-4.7/developers/security/configuration.md (SSL section, primary)
• versioned_docs/version-4.7/developers/security/certificate-management.md

users-and-roles.md

• versioned_docs/version-4.7/developers/security/users-and-roles.md (primary)
• versioned_docs/version-4.7/developers/operations-api/users-and-roles.md (operations API reference)
• versioned_docs/version-4.7/reference/roles.md (roles config file format)
• release-notes/v4-tucker/4.5.0.md (password hashing upgrade)

Version Annotations Added

High Confidence (Confirmed via release notes)

• mTLS Authentication: Added in v4.3.0
• Dynamic Certificate Management: Added in v4.4.0
• Certificate Revocation: Added in v4.5.0
• OCSP Support: Added in v4.7.0
• Password Hashing (sha256, argon2id): Added in v4.5.0
• HTTP/2 Support: Added in v4.5.0

Needs Verification

• Basic Auth available since v4.1.0 (inferred from migration map; source files for v4.1 security not found in repo)
• JWT Auth available since v4.1.0 (same note)
• Cookie-based sessions noted in migration map as v4.2.0 but not documented in ssl.md — may need a dedicated section or note

Link Placeholders Created

See migration-context/link-placeholders/security-link-placeholders.md for complete list.

Summary:

• 3 placeholders to replication/clustering section (mTLS for replication)
• 3 already resolved (cli/commands.md, http/configuration.md, http/tls.md)

Conflicts & Questions for Human Review

Uncertainties

• v4.1 source files not found: The migration map listed versioned_docs/version-4.1/security/basic-authentication.md and versioned_docs/version-4.1/security/jwt.md as additional sources, but these files do not exist in the repo. The "Available since v4.1.0" annotations are inferred from the migration map and need verification.
• Cookie-based sessions (v4.2.0): The migration map notes cookie-based sessions were added in v4.2.0, but the source docs don't appear to mention them in the security section. This may warrant adding a note to users-and-roles.md or another page — needs human review.
• server.authenticateUser API: Added in v4.5.0; it's documented in http/api.md (already migrated). The jwt-authentication.md and users-and-roles.md pages don't currently reference it — may be worth a cross-reference.

Migration Map Status

Updated all 9 security section entries to "In Progress"

Checklist for Human Reviewer

• Verify v4.1.0 "available since" annotations for Basic Auth and JWT
• Confirm cookie-based sessions (v4.2.0) — does it need documentation in this section?
• Review users-and-roles.md completeness — operations API examples match source
• Check inline source comments are accurate
• Ensure link placeholders to replication/clustering make sense
• Update migration-map.md status to "Complete" after merge

🤖 Generated with Claude Code

[github-actions]

🚀 Preview Deployment

Your preview deployment is ready!

🔗 Preview URL: https://preview.harper-documentation.harperfabric.com/pr-452

This preview will update automatically when you push new commits.