Dependency Map — Identity & Access

What must exist before work can progress?

DEPENDENCY MAP: IDENTITY & ACCESS
════════════════════════════════════════════════════════════

                    ┌─────────────┐
                    │  TIER 0:    │
                    │  UNBLOCK    │
                    │  OWNER      │
                    └──────┬──────┘
                           │
          ┌────────────────┼────────────────┐
          │                │                │
          ▼                ▼                ▼
     ┌─────────┐     ┌─────────┐     ┌─────────┐
     │  H1:    │     │  H2:    │     │  H3:    │
     │ Fix     │     │ Seed    │     │ Break   │
     │ 22P02   │     │ Admin   │     │redirect │
     │ query   │     │ role    │     │ loop    │
     │ (eng)   │     │ (eng)   │     │ (eng)   │
     └────┬────┘     └────┬────┘     └────┬────┘
          │          ═════╪══════         │
          │               │              │
          └───────────────┼──────────────┘
                          │
                          ▼
                    ┌─────────────┐
                    │  TIER 1:    │
                    │  AUTO-      │
                    │  BOOTSTRAP  │
                    └──────┬──────┘
                           │
                           ▼
                    ┌─────────────┐
                    │  TIER 2:    │
                    │  RBAC       │
                    │  ENFORCED   │
                    └──────┬──────┘
                           │
              ┌────────────┼────────────┐
              │                         │
              ▼                         ▼
        ┌─────────┐              ┌─────────┐
        │  TIER 3: │              │  TIER 3: │
        │ Invites  │              │ Org      │
        │ (eng)    │              │ Switcher │
        │          │              │ (eng)    │
        └────┬────┘              └────┬────┘
             │                        │
             └────────────┬───────────┘
                          │
                          ▼
                    ┌─────────────┐
                    │  TIER 4:    │
                    │  BILLING +  │
                    │  SETTINGS   │
                    └──────┬──────┘
                           │
                           ▼
                    ┌─────────────┐
                    │  TIER 5:    │
                    │  HARDENING  │
                    └─────────────┘

  ─────── = Soft (can proceed with workaround)
  ═══════ = HARD (cannot proceed without)

════════════════════════════════════════════════════════════

Dependency Table

ID	Dependency	Type	Classification	Owner	Blocks	Status
H1	Fix 22P02 query (use systemUserId not Clerk userId)	Code	HARD	Engineering	ALL access	Blocked
H2	Seed Admin role in governance tables	Data	HARD	Engineering	Role assignment	Blocked
H3	Break redirect loop (error page not redirect)	Code	HARD	Engineering	Dashboard access	Blocked
S1	Set ADMIN_EMAILS env var in Vercel	Config	Soft	Wik	Workaround for H2	Not started
S2	Auto-provision assigns Admin role	Code	Soft (after H1+H2)	Engineering	Repeatable onboarding	Not started
S3	Switch defaultAllow to false	Config	Soft (after role data)	Engineering	Permission enforcement	Not started
S4	Define three roles + permissions	Data	Soft	Engineering	RBAC	Not started
S5	Invite-by-email flow	Feature	Soft (after RBAC)	Engineering	Multi-user onboarding	Not started
S6	Org switcher UI	Feature	Soft (after invites)	Engineering	Multi-org users	Not started
S7	Stripe billing on org	Integration	Soft	Engineering	Revenue collection	Not started
S8	Database-level RLS	Infrastructure	Soft	Engineering	Defense-in-depth	Not started

Critical Path

H1 (fix query) → H2 (seed roles) → H3 (break loop)
  → Tier 1 (auto-bootstrap)
    → Tier 2 (RBAC enforced)
      → Tier 3 (invites + org switching)

Minimum time Tier 0: 1 day engineering
Minimum time Tier 0-1: 2 days engineering
Minimum time Tier 0-2: 5 days engineering

H1, H2, H3 can run in parallel — three independent bugs with independent fixes. Critical path shrinks if parallelized.

External Dependencies

Dependency	External?	Risk	Mitigation
Clerk authentication	Yes (SaaS)	Low — Clerk is working	ClerkAuthAdapter abstracts provider
Vercel env vars	Yes (hosting)	Low — configuration only	Wik has admin access
Postgres (Supabase)	Yes (DBaaS)	Low — schema already deployed	Direct DB access for seed scripts

Downstream Impact

This PRD blocks everything that requires login:

Blocked PRD	Why	Unblocked At
Sales CRM & RFP	Can't access CRM if owner locked out	Tier 0
Sales Dev Agent	Blocked by Sales CRM	Tier 0
Content Amplifier	Needs authenticated API access	Tier 0
Agent Platform	Agent identity requires user identity	Tier 1
All ventures	Can't onboard paying customers	Tier 2

Parallelization

CURRENT (Sequential)              OPTIMIZED (Parallel)
────────────────────              ────────────────────

H1 ── H2 ── H3 ── T1             H1 ──┐
                                       ├──► T1 ── T2 ── T3
Lead time: 4 days              H2 ──┤
                                       │
                                  H3 ──┘

                                  Lead time: 2 days

Gate

Before moving to Capability Map:

All dependencies identified and classified — YES (11 items)
Hard vs soft classification complete — YES (3 hard, 8 soft)
Critical path identified — YES (H1→H2→H3→T1→T2→T3)
Risk matrix populated — YES (3 external dependencies assessed)
Parallelization opportunities documented — YES (H1/H2/H3 parallel)
Every blocker has an owner and escalation path — YES (Engineering team)

Context

Value Stream Map — Previous: where does time die
Capability Map — Next: what can we actually do
Dependency Map Template — The empty pattern

Dependency Table​

Critical Path​

External Dependencies​

Downstream Impact​

Parallelization​

Gate​

Context​