tractatus

john/tractatus

Fork 0

Commit graph

Author	SHA1	Message	Date
TheFlow	44a91e7fcf	feat: add case submission portal admin interface and i18n support Case Submission Portal (Admin Moderation Queue): - Add statistics endpoint (GET /api/cases/submissions/stats) - Enhance filtering: status, failure_mode, AI relevance score - Add sorting options: date, relevance, completeness - Create admin moderation interface (case-moderation.html) - Implement CSP-compliant admin UI (no inline event handlers) - Deploy moderation actions: approve, reject, request-info - Fix API parameter mapping for different action types Internationalization (i18n): - Implement lightweight i18n system (i18n-simple.js, ~5KB) - Add language selector component with flag emojis - Create German and French translations for homepage - Document Te Reo Māori translation requirements - Add i18n attributes to homepage - Integrate language selector into navbar Bug Fixes: - Fix search button modal display on docs.html (remove conflicting flex class) Page Enhancements: - Add dedicated JS modules for researcher, leader, koha pages - Improve page-specific functionality and interactions Documentation: - Add I18N_IMPLEMENTATION_SUMMARY.md (implementation guide) - Add TE_REO_MAORI_TRANSLATION_REQUIREMENTS.md (cultural sensitivity guide) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-16 14:50:47 +13:00
TheFlow	059dd43b72	security: complete Phase 0 Quick Wins implementation Phase 0 Complete (QW-1 through QW-8): ✅ Enhanced input validation with HTML sanitization ✅ Form rate limiting (5 req/min on all submission endpoints) ✅ Modern CSRF protection (SameSite cookies + double-submit pattern) ✅ Security audit logging (CSRF violations captured) ✅ Applied to all public form endpoints: - /api/cases/submit (case studies) - /api/media/inquiries (media inquiries) - /api/newsletter/subscribe (newsletter) New Middleware: - csrf-protection.middleware.js (replaces deprecated csurf package) - Enhanced input-validation.middleware.js applied to all forms Security Features Active: - Security headers (CSP, HSTS, X-Frame-Options, etc.) - Rate limiting (100 req/15min public, 5 req/min forms) - CSRF protection (double-submit cookie pattern) - HTML sanitization (XSS prevention) - Response sanitization (hide stack traces) - Security event logging Implements: inst_041, inst_042, inst_043, inst_044, inst_045, inst_046 Refs: docs/plans/security-implementation-roadmap.md Phase 0	2025-10-14 15:32:54 +13:00
TheFlow	682bfa2f5c	feat: implement AI-powered features (Phase 1 Core) Three Public Features: - Media Inquiry System: Press/media can submit inquiries with AI triage (Phase 2) - Case Study Submissions: Community can submit real-world AI safety failures - Blog Curation: Admin-only topic suggestions with AI assistance (Phase 2) Backend Implementation: - Media routes/controller: /api/media/inquiries endpoints - Cases routes/controller: /api/cases/submit endpoints - Blog routes/controller: Already existed, documented - Human oversight: All submissions go to moderation queue - Tractatus boundaries: BoundaryEnforcer integration in blog controller Frontend Forms: - /media-inquiry.html: Public submission form for press/media - /case-submission.html: Public submission form for case studies - Full validation, error handling, success messages Validation Middleware Updates: - Support nested field validation (contact.email, submitter.name) - validateEmail(fieldPath) now parameterized - validateRequired() supports dot-notation paths Phase 1 Status: - AI triage: Manual (Phase 2 will add Claude API integration) - All submissions require human review and approval - Moderation queue operational - Admin dashboard endpoints ready Files Added: - public/media-inquiry.html - public/case-submission.html - src/controllers/media.controller.js - src/controllers/cases.controller.js - src/routes/media.routes.js - src/routes/cases.routes.js Files Modified: - src/routes/index.js (registered new routes) - src/routes/auth.routes.js (updated validateEmail call) - src/middleware/validation.middleware.js (nested field support) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-08 00:14:00 +13:00

Author

SHA1

Message

Date

TheFlow

44a91e7fcf

feat: add case submission portal admin interface and i18n support

Case Submission Portal (Admin Moderation Queue):
- Add statistics endpoint (GET /api/cases/submissions/stats)
- Enhance filtering: status, failure_mode, AI relevance score
- Add sorting options: date, relevance, completeness
- Create admin moderation interface (case-moderation.html)
- Implement CSP-compliant admin UI (no inline event handlers)
- Deploy moderation actions: approve, reject, request-info
- Fix API parameter mapping for different action types

Internationalization (i18n):
- Implement lightweight i18n system (i18n-simple.js, ~5KB)
- Add language selector component with flag emojis
- Create German and French translations for homepage
- Document Te Reo Māori translation requirements
- Add i18n attributes to homepage
- Integrate language selector into navbar

Bug Fixes:
- Fix search button modal display on docs.html (remove conflicting flex class)

Page Enhancements:
- Add dedicated JS modules for researcher, leader, koha pages
- Improve page-specific functionality and interactions

Documentation:
- Add I18N_IMPLEMENTATION_SUMMARY.md (implementation guide)
- Add TE_REO_MAORI_TRANSLATION_REQUIREMENTS.md (cultural sensitivity guide)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-16 14:50:47 +13:00

TheFlow

059dd43b72

security: complete Phase 0 Quick Wins implementation

Phase 0 Complete (QW-1 through QW-8):
✅ Enhanced input validation with HTML sanitization
✅ Form rate limiting (5 req/min on all submission endpoints)
✅ Modern CSRF protection (SameSite cookies + double-submit pattern)
✅ Security audit logging (CSRF violations captured)
✅ Applied to all public form endpoints:
   - /api/cases/submit (case studies)
   - /api/media/inquiries (media inquiries)
   - /api/newsletter/subscribe (newsletter)

New Middleware:
- csrf-protection.middleware.js (replaces deprecated csurf package)
- Enhanced input-validation.middleware.js applied to all forms

Security Features Active:
- Security headers (CSP, HSTS, X-Frame-Options, etc.)
- Rate limiting (100 req/15min public, 5 req/min forms)
- CSRF protection (double-submit cookie pattern)
- HTML sanitization (XSS prevention)
- Response sanitization (hide stack traces)
- Security event logging

Implements: inst_041, inst_042, inst_043, inst_044, inst_045, inst_046
Refs: docs/plans/security-implementation-roadmap.md Phase 0

2025-10-14 15:32:54 +13:00

TheFlow

682bfa2f5c

feat: implement AI-powered features (Phase 1 Core)

**Three Public Features:**
- Media Inquiry System: Press/media can submit inquiries with AI triage (Phase 2)
- Case Study Submissions: Community can submit real-world AI safety failures
- Blog Curation: Admin-only topic suggestions with AI assistance (Phase 2)

**Backend Implementation:**
- Media routes/controller: /api/media/inquiries endpoints
- Cases routes/controller: /api/cases/submit endpoints
- Blog routes/controller: Already existed, documented
- Human oversight: All submissions go to moderation queue
- Tractatus boundaries: BoundaryEnforcer integration in blog controller

**Frontend Forms:**
- /media-inquiry.html: Public submission form for press/media
- /case-submission.html: Public submission form for case studies
- Full validation, error handling, success messages

**Validation Middleware Updates:**
- Support nested field validation (contact.email, submitter.name)
- validateEmail(fieldPath) now parameterized
- validateRequired() supports dot-notation paths

**Phase 1 Status:**
- AI triage: Manual (Phase 2 will add Claude API integration)
- All submissions require human review and approval
- Moderation queue operational
- Admin dashboard endpoints ready

**Files Added:**
- public/media-inquiry.html
- public/case-submission.html
- src/controllers/media.controller.js
- src/controllers/cases.controller.js
- src/routes/media.routes.js
- src/routes/cases.routes.js

**Files Modified:**
- src/routes/index.js (registered new routes)
- src/routes/auth.routes.js (updated validateEmail call)
- src/middleware/validation.middleware.js (nested field support)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-08 00:14:00 +13:00

3 commits