tractatus

john/tractatus

Fork 0

Commit graph

Author	SHA1	Message	Date
TheFlow	8538dc5b66	security: harden admin panel before production deployment Critical Security Fixes: 1. Remove default credentials from login page (inst_012 compliance) 2. Create auth-check.js utility for client-side authentication 3. Add authentication redirects to all admin pages Authentication Protection: - All admin pages now check for valid JWT token on load - Redirect to login if unauthenticated or token expired - Token expiration validation (client-side check) - Role verification (admin/moderator required) - Periodic token validity checks (every 5 minutes) Files Protected: ✅ /admin/dashboard.html ✅ /admin/rule-manager.html ✅ /admin/project-manager.html ✅ /admin/claude-md-migrator.html ✅ /admin/blog-curation.html ✅ /admin/audit-analytics.html (login.html excluded - entry point) Authentication Flow: 1. User accesses admin page 2. auth-check.js runs immediately 3. Check localStorage for admin_token 4. Parse JWT to verify expiration and role 5. If invalid: redirect to /admin/login.html with reason 6. If valid: allow page to load normally API Security (already in place): - All /api/admin/* endpoints require JWT - authenticateToken middleware validates tokens - requireRole middleware enforces admin/moderator access Addresses security concerns: - inst_012: No internal/confidential data exposure - inst_013: No sensitive runtime data in public endpoints - inst_014: No API surface enumeration - inst_015: No internal documentation exposure Remaining Recommendations: - Change default admin password on production (MANUAL STEP) - Consider IP whitelist for /admin/* (optional) - Add rate limiting to /api/auth/login (future enhancement) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-11 17:26:50 +13:00
TheFlow	fdd2df6fcb	feat: Session 3 - Audit analytics dashboard Created comprehensive audit analytics dashboard for monitoring governance decisions from MemoryProxy audit trail. Features: - Real-time dashboard with summary metrics - Decisions by action type (bar chart) - Timeline visualization (hourly distribution) - Recent decisions table with filtering - Apache 2.0 licensed Components: - Frontend: /admin/audit-analytics.html - JavaScript: /js/admin/audit-analytics.js - Backend API: /api/admin/audit-logs - Backend API: /api/admin/audit-analytics Metrics Displayed: - Total decisions count - Allowed rate percentage - Violations count - Active services count Visualizations: - Action type distribution - Timeline (decisions over time) - Recent decisions log (last 50) Session 3 Achievement: Advanced monitoring and insights for governance framework 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-10 13:05:14 +13:00

Author

SHA1

Message

Date

TheFlow

8538dc5b66

security: harden admin panel before production deployment

Critical Security Fixes:
1. Remove default credentials from login page (inst_012 compliance)
2. Create auth-check.js utility for client-side authentication
3. Add authentication redirects to all admin pages

Authentication Protection:
- All admin pages now check for valid JWT token on load
- Redirect to login if unauthenticated or token expired
- Token expiration validation (client-side check)
- Role verification (admin/moderator required)
- Periodic token validity checks (every 5 minutes)

Files Protected:
✅ /admin/dashboard.html
✅ /admin/rule-manager.html
✅ /admin/project-manager.html
✅ /admin/claude-md-migrator.html
✅ /admin/blog-curation.html
✅ /admin/audit-analytics.html
(login.html excluded - entry point)

Authentication Flow:
1. User accesses admin page
2. auth-check.js runs immediately
3. Check localStorage for admin_token
4. Parse JWT to verify expiration and role
5. If invalid: redirect to /admin/login.html with reason
6. If valid: allow page to load normally

API Security (already in place):
- All /api/admin/* endpoints require JWT
- authenticateToken middleware validates tokens
- requireRole middleware enforces admin/moderator access

Addresses security concerns:
- inst_012: No internal/confidential data exposure
- inst_013: No sensitive runtime data in public endpoints
- inst_014: No API surface enumeration
- inst_015: No internal documentation exposure

Remaining Recommendations:
- Change default admin password on production (MANUAL STEP)
- Consider IP whitelist for /admin/* (optional)
- Add rate limiting to /api/auth/login (future enhancement)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-11 17:26:50 +13:00

TheFlow

fdd2df6fcb

feat: Session 3 - Audit analytics dashboard

Created comprehensive audit analytics dashboard for monitoring governance
decisions from MemoryProxy audit trail.

Features:
- Real-time dashboard with summary metrics
- Decisions by action type (bar chart)
- Timeline visualization (hourly distribution)
- Recent decisions table with filtering
- Apache 2.0 licensed

Components:
- Frontend: /admin/audit-analytics.html
- JavaScript: /js/admin/audit-analytics.js
- Backend API: /api/admin/audit-logs
- Backend API: /api/admin/audit-analytics

Metrics Displayed:
- Total decisions count
- Allowed rate percentage
- Violations count
- Active services count

Visualizations:
- Action type distribution
- Timeline (decisions over time)
- Recent decisions log (last 50)

Session 3 Achievement: Advanced monitoring and insights for governance framework

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-10 13:05:14 +13:00

2 commits