john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
942 commits 1 branch 0 tags 128 MiB
Commit graph

2 commits

Author SHA1 Message Date
TheFlow
51fd0bb6a3 chore(license): Phase B follow-on — relicense 3 scripts/ source files from Apache 2.0 to EUPL-1.2
Some checks are pending
CI / Run Tests (push) Waiting to run
Details
CI / Lint Code (push) Waiting to run
Details
CI / CSP Compliance Check (push) Waiting to run
Details 
Missed by Phase B (d600f6ed) which swept src/ headers but not scripts/ headers.
All 3 follow the Phase B precedent pattern:

  - scripts/check-attack-surface.js (the inst_084 validator hook itself)
  - scripts/sync-prod-audit-logs.js
  - scripts/migrate-to-schema-v3.js

Two header formats encountered:
  - Standard Apache 2.0 JS block header (first two files): full block swap to
    EUPL-1.2 equivalent with Licence/British spelling and EC canonical URL.
  - Brief JSDoc-style reference (migrate-to-schema-v3.js): short-form swap
    with Licence reference + URL line.

Other scripts/ files with Apache text references NOT in scope here:
  - scripts/relicense-apache-to-eupl.js (DATA: Apache patterns are search
    targets for the relicense tool itself)
  - scripts/fix-markdown-licences.js (DATA: Apache regex patterns for a
    migration script's find-and-replace)
  - scripts/migrate-licence-to-cc-by-4.js (DATA: Apache source patterns
    for a different migration workflow)
  - scripts/upload-document.js (DATA: Apache-2.0 is a valid SPDX tag for
    uploadable documents; retained as valid metadata option)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-20 10:54:10 +12:00
TheFlow
d854ac85e2 feat(research): add cross-environment audit log sync infrastructure 
Implements privacy-preserving synchronization of production audit logs
to development for comprehensive governance research analysis.

Backend Components:
- SyncMetadata.model.js: Track sync state and statistics
- audit-sanitizer.util.js: Privacy sanitization utility
  - Redacts credentials, API keys, user identities
  - Sanitizes file paths and violation content
  - Preserves statistical patterns for research
- sync-prod-audit-logs.js: CLI sync script
  - Incremental sync with deduplication
  - Dry-run mode for testing
  - Configurable date range
- AuditLog.model.js: Enhanced schema with environment tracking
  - environment field (development/production/staging)
  - sync_metadata tracking (original_id, synced_from, etc.)
  - New indexes for cross-environment queries
- audit.controller.js: New /api/admin/audit-export endpoint
  - Privacy-sanitized export for cross-environment sync
  - Environment filter support in getAuditLogs
- MemoryProxy.service.js: Environment tagging in auditDecision()
  - Tags new logs with NODE_ENV or override
  - Sets is_local flag for tracking

Frontend Components:
- audit-analytics.html: Environment filter dropdown
- audit-analytics.js: Environment filter query parameter handling

Research Benefits:
- Combine dev and prod governance statistics
- Longitudinal analysis across environments
- Validate framework consistency
- Privacy-preserving data sharing

Security:
- API-based export (not direct DB access)
- Admin-only endpoints with JWT authentication
- Comprehensive credential redaction
- One-way sync (production → development)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-27 12:11:16 +13:00