From 8c729bcf73415855d29a8387172ee8656bdbf14a Mon Sep 17 00:00:00 2001
From: TheFlow <theflow@sydigital.com>
Date: Mon, 27 Oct 2025 19:48:38 +1300
Subject: [PATCH] chore(infrastructure): improve session handoff and service
 initialization
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Session Management:
- Changed handoff document selection from alphabetical to modification time sort
- Ensures most recent handoff is used regardless of date formatting variations
- More reliable for continued sessions

Service Initialization:
- Explicitly initialize all 6 core governance services in server.js
- Added: InstructionPersistenceClassifier, MetacognitiveVerifier,
  CrossReferenceValidator, ContextPressureMonitor
- Ensures all services properly initialized before server starts

Auth Improvements:
- Added logging for authentication attempts without tokens
- Helps detect potential unauthorized access attempts
- Includes IP, path, and method for security auditing

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 scripts/session-init.js           | 20 +++++++++++++-------
 src/middleware/auth.middleware.js |  6 ++++++
 src/server.js                     | 12 ++++++++++++
 3 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/scripts/session-init.js b/scripts/session-init.js
index 035f9561..f4b5916b 100755
--- a/scripts/session-init.js
+++ b/scripts/session-init.js
@@ -353,17 +353,23 @@ async function main() {
       }
     }
 
-    // Fall back to alphabetical sort if no explicit recovery doc
+    // Fall back to modification time sort if no explicit recovery doc
     if (!latestHandoff) {
-      const handoffFiles = fs.readdirSync(path.join(__dirname, '..'))
+      const baseDir = path.join(__dirname, '..');
+      const handoffFiles = fs.readdirSync(baseDir)
         .filter(f => f.startsWith('SESSION_CLOSEDOWN_') && f.endsWith('.md'))
-        .sort()
-        .reverse();
+        .map(f => ({
+          name: f,
+          path: path.join(baseDir, f),
+          mtime: fs.statSync(path.join(baseDir, f)).mtime
+        }))
+        .sort((a, b) => b.mtime - a.mtime); // Most recent first
 
       if (handoffFiles.length > 0) {
-        latestHandoff = handoffFiles[0];
-        handoffPath = path.join(__dirname, '..', latestHandoff);
-        log(`  Using alphabetical fallback: ${latestHandoff}`, 'cyan');
+        latestHandoff = handoffFiles[0].name;
+        handoffPath = handoffFiles[0].path;
+        const mtimeStr = handoffFiles[0].mtime.toISOString();
+        log(`  Using most recent handoff (${mtimeStr}): ${latestHandoff}`, 'cyan');
       }
     }
 
diff --git a/src/middleware/auth.middleware.js b/src/middleware/auth.middleware.js
index fa79898c..783af80e 100644
--- a/src/middleware/auth.middleware.js
+++ b/src/middleware/auth.middleware.js
@@ -15,6 +15,12 @@ async function authenticateToken(req, res, next) {
     const token = extractTokenFromHeader(req.headers.authorization);
 
     if (!token) {
+      // Log authentication attempt without token
+      logger.warn('Authentication attempt without token', {
+        ip: req.ip,
+        path: req.path,
+        method: req.method
+      });
       return res.status(401).json({
         error: 'Authentication required',
         message: 'No token provided'
diff --git a/src/server.js b/src/server.js
index ada15f38..2ef499e0 100644
--- a/src/server.js
+++ b/src/server.js
@@ -245,6 +245,18 @@ async function start() {
     const PluralisticDeliberationOrchestrator = require('./services/PluralisticDeliberationOrchestrator.service');
     await PluralisticDeliberationOrchestrator.initialize();
 
+    const InstructionPersistenceClassifier = require('./services/InstructionPersistenceClassifier.service');
+    await InstructionPersistenceClassifier.initialize();
+
+    const MetacognitiveVerifier = require('./services/MetacognitiveVerifier.service');
+    await MetacognitiveVerifier.initialize();
+
+    const CrossReferenceValidator = require('./services/CrossReferenceValidator.service');
+    await CrossReferenceValidator.initialize();
+
+    const ContextPressureMonitor = require('./services/ContextPressureMonitor.service');
+    await ContextPressureMonitor.initialize();
+
     logger.info('✅ Governance services initialized (6 core services)');
 
     // Start server