john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

security(docs): sanitize BI tools documentation to reduce attack surface

Browse source 
Removed specific implementation details from public-facing documentation.

Removed:
- Exact admin dashboard URL paths (/admin/audit-analytics.html)
- Exact API endpoint paths (/api/admin/audit-logs, etc.)
- Internal file paths (activity-classifier.util.js, validate-file-edit.js)

Replaced with:
- Generalized component names (Administrative Dashboard, Activity Classifier)
- Functional descriptions without implementation details
- Architecture concepts without revealing file structure

Security Rationale:
- Follows defense-in-depth principle (inst_072)
- Reduces attack surface by obscuring internal structure
- Maintains documentation value while protecting implementation

Changes:
- Section 5.1: Deployment Components (sanitized API endpoints)
- Implementation references (removed filenames)
- Architecture diagrams (removed specific paths)

This document is marked confidential:false, making this sanitization
critical for production security.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
TheFlow 2025-10-27 12:10:58 +13:00
parent 199582ce04
commit 03652dcd17
1 changed files with 17 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
docs/business-intelligence/governance-bi-tools.md
View file

@ -73,7 +73,7 @@ The framework automatically classifies every governance decision by:
- **Data Sensitivity**: Public → Internal → Confidential → Restricted - **Data Sensitivity**: Public → Internal → Confidential → Restricted
- **Reversibility**: Easy → Moderate → Difficult - **Reversibility**: Easy → Moderate → Difficult
**Implementation**: `activity-classifier.util.js` applies deterministic rules based on file paths, action metadata, and service patterns. **Implementation**: The activity classifier applies deterministic rules based on file paths, action metadata, and service patterns.
**Accuracy**: Classification logic is heuristic-based. Requires validation with real organizational data. **Accuracy**: Classification logic is heuristic-based. Requires validation with real organizational data.
@ -382,7 +382,7 @@ Cost = BaseCost(Severity) ×
**For Organizations Piloting BI Tools**: **For Organizations Piloting BI Tools**:
1. **Dashboard Access** (`/admin/audit-analytics.html`) 1. **Administrative Dashboard**
- Summary metrics (Total Actions, Allowed, Blocked, Violations) - Summary metrics (Total Actions, Allowed, Blocked, Violations)
- Cost Avoidance Calculator (with custom cost model) - Cost Avoidance Calculator (with custom cost model)
- Framework Maturity Score - Framework Maturity Score
@ -391,19 +391,21 @@ Cost = BaseCost(Severity) ×
- Enterprise Scaling Projections - Enterprise Scaling Projections
- Future Research Roadmap - Future Research Roadmap
2. **API Endpoints**: 2. **Data Access Layer**:
- `GET /api/admin/audit-logs` - Raw audit data - Authenticated API for retrieving audit data
- `GET /api/admin/audit-analytics` - Computed metrics - Computed analytics and metrics endpoints
- `GET /api/admin/cost-config` - Current cost factors - Cost model configuration interface
- `POST /api/admin/cost-config` - Update cost model - Role-based access controls (admin-only)
3. **Activity Classifier** (`src/utils/activity-classifier.util.js`) 3. **Activity Classification System**:
- Automatic governance decision classification - Automatic governance decision classification
- Business impact scoring (0-100 points) - Business impact scoring (0-100 points)
- Risk level assessment
4. **Enhanced Hook Validators**: 4. **Enforcement Integration**:
- `validate-file-edit.js` - Logs activity context to MongoDB - Enhanced hook validators with business intelligence logging
- Captures: activity type, risk level, stakeholder impact, business impact - Captures: activity type, risk level, stakeholder impact, business impact
- MongoDB-backed audit trail
### 5.2 Trial Deployment Checklist ### 5.2 Trial Deployment Checklist
@ -448,7 +450,7 @@ Organizations may need to customize file path patterns for their codebase struct
Example: If client-facing code is in `app/client/` instead of `public/`: Example: If client-facing code is in `app/client/` instead of `public/`:
```javascript ```javascript
// In activity-classifier.util.js // In activity classifier configuration
if (filePath.includes('app/client/') && !filePath.includes('admin/')) { if (filePath.includes('app/client/') && !filePath.includes('admin/')) {
activityType = ACTIVITY_TYPES.CLIENT_COMMUNICATION; activityType = ACTIVITY_TYPES.CLIENT_COMMUNICATION;
// ... // ...
@ -595,9 +597,9 @@ The Governance Business Intelligence tools represent a **novel approach to quant
``` ```
File Edit Action File Edit Action
Hook Validator (validate-file-edit.js) Hook Validator
Activity Classifier (activity-classifier.util.js) Activity Classifier
→ Classifies: Type, Risk, Impact, Sensitivity → Classifies: Type, Risk, Impact, Sensitivity
Business Impact Calculator Business Impact Calculator
@ -606,10 +608,10 @@ Business Impact Calculator
MongoDB Audit Log MongoDB Audit Log
→ Stores: Classification + Impact + Violations → Stores: Classification + Impact + Violations
Analytics Controller (audit.controller.js) Analytics Controller
→ Aggregates: Cost avoided, Maturity score, Team comparison → Aggregates: Cost avoided, Maturity score, Team comparison
Dashboard UI (audit-analytics.html) Administrative Dashboard
→ Displays: ROI metrics for executives → Displays: ROI metrics for executives
``` ```