From da09c974f94b9439a1cc722df152d993bd53b72a Mon Sep 17 00:00:00 2001
From: mkrause612 <mkrause612@gmail.com>
Date: Mon, 16 Feb 2026 06:56:02 -0600
Subject: [PATCH] Create scoped-gitea-token task

Task 7 (Tier 1 Security).
Pokerole isolation.

Date: 2026-02-16
---
 docs/tasks/scoped-gitea-token/README.md | 27 +++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 docs/tasks/scoped-gitea-token/README.md

diff --git a/docs/tasks/scoped-gitea-token/README.md b/docs/tasks/scoped-gitea-token/README.md
new file mode 100644
index 0000000..323b3ed
--- /dev/null
+++ b/docs/tasks/scoped-gitea-token/README.md
@@ -0,0 +1,27 @@
+# Scoped Gitea Token for Pokerole Project
+
+**Status:** Ready  
+**Priority:** Tier 1 - Security  
+**Time:** 15 minutes  
+**Depends:** Vaultwarden operational  
+**Last Updated:** 2026-02-16
+
+## Overview
+Create scoped Gitea API token limited to Pokerole repos only. Replace master token with defense-in-depth boundary enforcement.
+
+## Problem
+Pokerole project currently uses master Gitea token with "honor system" scoping. Iron Wall principle: enforce technically, not socially.
+
+## Actions
+1. Create new Gitea token scoped to 4 Pokerole repos only
+2. Store in Vaultwarden
+3. Update `pokerole-project/misc-docs/SESSION-START-PROMPT.md`
+4. Test Claudius access (Pokerole repos ONLY)
+5. Remove master token reference
+
+## Success Criteria
+- ✅ Scoped token created and stored
+- ✅ Claudius isolated from Firefrost infrastructure
+- ✅ Defense in depth enforced
+
+**Fire + Frost + Foundation** 💙🔥❄️