tractatus

john/tractatus

Fork 0

Commit graph

Author	SHA1	Message	Date
TheFlow	9d390da76b	style(ui): update theme, branding, and GitHub repository links Update UI across all pages with: - New favicon and brand icons (favicon-new.svg, tractatus-icon-new.svg) - Theme CSS integration (tractatus-theme.min.css) - Correct GitHub repository links (AgenticGovernance/tractatus) - PWA manifest updates - Consistent branding colors and gradients 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-19 12:48:29 +13:00
TheFlow	8538dc5b66	security: harden admin panel before production deployment Critical Security Fixes: 1. Remove default credentials from login page (inst_012 compliance) 2. Create auth-check.js utility for client-side authentication 3. Add authentication redirects to all admin pages Authentication Protection: - All admin pages now check for valid JWT token on load - Redirect to login if unauthenticated or token expired - Token expiration validation (client-side check) - Role verification (admin/moderator required) - Periodic token validity checks (every 5 minutes) Files Protected: ✅ /admin/dashboard.html ✅ /admin/rule-manager.html ✅ /admin/project-manager.html ✅ /admin/claude-md-migrator.html ✅ /admin/blog-curation.html ✅ /admin/audit-analytics.html (login.html excluded - entry point) Authentication Flow: 1. User accesses admin page 2. auth-check.js runs immediately 3. Check localStorage for admin_token 4. Parse JWT to verify expiration and role 5. If invalid: redirect to /admin/login.html with reason 6. If valid: allow page to load normally API Security (already in place): - All /api/admin/* endpoints require JWT - authenticateToken middleware validates tokens - requireRole middleware enforces admin/moderator access Addresses security concerns: - inst_012: No internal/confidential data exposure - inst_013: No sensitive runtime data in public endpoints - inst_014: No API surface enumeration - inst_015: No internal documentation exposure Remaining Recommendations: - Change default admin password on production (MANUAL STEP) - Consider IP whitelist for /admin/* (optional) - Add rate limiting to /api/auth/login (future enhancement) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-11 17:26:50 +13:00
TheFlow	c96ad31046	feat: implement Rule Manager and Project Manager admin systems Major Features: - Multi-project governance with Rule Manager web UI - Project Manager for organizing governance across projects - Variable substitution system (${VAR_NAME} in rules) - Claude.md analyzer for instruction extraction - Rule quality scoring and optimization Admin UI Components: - /admin/rule-manager.html - Full-featured rule management interface - /admin/project-manager.html - Multi-project administration - /admin/claude-md-migrator.html - Import rules from Claude.md files - Dashboard enhancements for governance analytics Backend Implementation: - Controllers: projects, rules, variables - Models: Project, VariableValue, enhanced GovernanceRule - Routes: /api/projects, /api/rules with full CRUD - Services: ClaudeMdAnalyzer, RuleOptimizer, VariableSubstitution - Utilities: mongoose helpers Documentation: - User guides for Rule Manager and Projects - Complete API documentation (PROJECTS_API, RULES_API) - Phase 3 planning and architecture diagrams - Test results and error analysis - Coding best practices summary Testing & Scripts: - Integration tests for projects API - Unit tests for variable substitution - Database migration scripts - Seed data generation - Test token generator Key Capabilities: ✅ UNIVERSAL scope rules apply across all projects ✅ PROJECT_SPECIFIC rules override for individual projects ✅ Variable substitution per-project (e.g., ${DB_PORT} → 27017) ✅ Real-time validation and quality scoring ✅ Advanced filtering and search ✅ Import from existing Claude.md files Technical Details: - MongoDB-backed governance persistence - RESTful API with Express - JWT authentication for admin endpoints - CSP-compliant frontend (no inline handlers) - Responsive Tailwind UI This implements Phase 3 architecture as documented in planning docs. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-11 17:16:51 +13:00

Author

SHA1

Message

Date

TheFlow

9d390da76b

style(ui): update theme, branding, and GitHub repository links

Update UI across all pages with:
- New favicon and brand icons (favicon-new.svg, tractatus-icon-new.svg)
- Theme CSS integration (tractatus-theme.min.css)
- Correct GitHub repository links (AgenticGovernance/tractatus)
- PWA manifest updates
- Consistent branding colors and gradients

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-19 12:48:29 +13:00

TheFlow

8538dc5b66

security: harden admin panel before production deployment

Critical Security Fixes:
1. Remove default credentials from login page (inst_012 compliance)
2. Create auth-check.js utility for client-side authentication
3. Add authentication redirects to all admin pages

Authentication Protection:
- All admin pages now check for valid JWT token on load
- Redirect to login if unauthenticated or token expired
- Token expiration validation (client-side check)
- Role verification (admin/moderator required)
- Periodic token validity checks (every 5 minutes)

Files Protected:
✅ /admin/dashboard.html
✅ /admin/rule-manager.html
✅ /admin/project-manager.html
✅ /admin/claude-md-migrator.html
✅ /admin/blog-curation.html
✅ /admin/audit-analytics.html
(login.html excluded - entry point)

Authentication Flow:
1. User accesses admin page
2. auth-check.js runs immediately
3. Check localStorage for admin_token
4. Parse JWT to verify expiration and role
5. If invalid: redirect to /admin/login.html with reason
6. If valid: allow page to load normally

API Security (already in place):
- All /api/admin/* endpoints require JWT
- authenticateToken middleware validates tokens
- requireRole middleware enforces admin/moderator access

Addresses security concerns:
- inst_012: No internal/confidential data exposure
- inst_013: No sensitive runtime data in public endpoints
- inst_014: No API surface enumeration
- inst_015: No internal documentation exposure

Remaining Recommendations:
- Change default admin password on production (MANUAL STEP)
- Consider IP whitelist for /admin/* (optional)
- Add rate limiting to /api/auth/login (future enhancement)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-11 17:26:50 +13:00

TheFlow

c96ad31046

feat: implement Rule Manager and Project Manager admin systems

Major Features:
- Multi-project governance with Rule Manager web UI
- Project Manager for organizing governance across projects
- Variable substitution system (${VAR_NAME} in rules)
- Claude.md analyzer for instruction extraction
- Rule quality scoring and optimization

Admin UI Components:
- /admin/rule-manager.html - Full-featured rule management interface
- /admin/project-manager.html - Multi-project administration
- /admin/claude-md-migrator.html - Import rules from Claude.md files
- Dashboard enhancements for governance analytics

Backend Implementation:
- Controllers: projects, rules, variables
- Models: Project, VariableValue, enhanced GovernanceRule
- Routes: /api/projects, /api/rules with full CRUD
- Services: ClaudeMdAnalyzer, RuleOptimizer, VariableSubstitution
- Utilities: mongoose helpers

Documentation:
- User guides for Rule Manager and Projects
- Complete API documentation (PROJECTS_API, RULES_API)
- Phase 3 planning and architecture diagrams
- Test results and error analysis
- Coding best practices summary

Testing & Scripts:
- Integration tests for projects API
- Unit tests for variable substitution
- Database migration scripts
- Seed data generation
- Test token generator

Key Capabilities:
✅ UNIVERSAL scope rules apply across all projects
✅ PROJECT_SPECIFIC rules override for individual projects
✅ Variable substitution per-project (e.g., ${DB_PORT} → 27017)
✅ Real-time validation and quality scoring
✅ Advanced filtering and search
✅ Import from existing Claude.md files

Technical Details:
- MongoDB-backed governance persistence
- RESTful API with Express
- JWT authentication for admin endpoints
- CSP-compliant frontend (no inline handlers)
- Responsive Tailwind UI

This implements Phase 3 architecture as documented in planning docs.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-11 17:16:51 +13:00

3 commits