john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
333 commits 1 branch 0 tags 125 MiB
Commit graph

4 commits

Author SHA1 Message Date
TheFlow
4b7e50962d fix(admin): Phase 1 - critical auth and navigation fixes 
SUMMARY:
Fixed 3 broken admin pages (newsletter, hooks dashboard, migrator) and
standardized navigation links. These pages were completely non-functional
due to localStorage key mismatches.

CRITICAL FIXES:
1. newsletter-management.js:
   - token → admin_token (5 occurrences)
   - admin → admin_user (2 occurrences)
   - Now matches login.js localStorage keys

2. hooks-dashboard.js:
   - tractatus_admin_token → admin_token
   - Now uses correct auth token

3. claude-md-migrator.js:
   - auth_token → admin_token (2 occurrences)
   - Added missing apiRequest() helper function
   - Fixed logout to clear both admin_token and admin_user

NAVIGATION FIXES:
4. newsletter-management.html:
   - dashboard.html → /admin/dashboard.html (absolute path)

5. claude-md-migrator.html:
   - ../css/tailwind.css → /css/tailwind.css?v=1759833751 (absolute + version)
   - Added tractatus-theme.min.css

BEFORE (BROKEN):
- Newsletter Management:  Auth failed (wrong token key)
- Hooks Dashboard:  Auth failed (wrong token key)
- CLAUDE.md Migrator:  Auth failed + missing apiRequest()

AFTER (WORKING):
- Newsletter Management:  Auth works, all API calls function
- Hooks Dashboard:  Auth works, metrics load
- CLAUDE.md Migrator:  Auth works, API requests function

NEXT STEPS (Phase 2):
- Create unified admin navbar component
- Standardize CSS versioning across all pages
- Verify/create missing API endpoints

🤖 Generated with Claude Code (https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-20 21:33:50 +13:00
TheFlow
52cbbb1e3a style(ui): update theme, branding, and GitHub repository links 
Update UI across all pages with:
- New favicon and brand icons (favicon-new.svg, tractatus-icon-new.svg)
- Theme CSS integration (tractatus-theme.min.css)
- Correct GitHub repository links (AgenticGovernance/tractatus)
- PWA manifest updates
- Consistent branding colors and gradients

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-19 12:48:29 +13:00
TheFlow
c6b792c542 security: harden admin panel before production deployment 
Critical Security Fixes:
1. Remove default credentials from login page (inst_012 compliance)
2. Create auth-check.js utility for client-side authentication
3. Add authentication redirects to all admin pages

Authentication Protection:
- All admin pages now check for valid JWT token on load
- Redirect to login if unauthenticated or token expired
- Token expiration validation (client-side check)
- Role verification (admin/moderator required)
- Periodic token validity checks (every 5 minutes)

Files Protected:
 /admin/dashboard.html
 /admin/rule-manager.html
 /admin/project-manager.html
 /admin/claude-md-migrator.html
 /admin/blog-curation.html
 /admin/audit-analytics.html
(login.html excluded - entry point)

Authentication Flow:
1. User accesses admin page
2. auth-check.js runs immediately
3. Check localStorage for admin_token
4. Parse JWT to verify expiration and role
5. If invalid: redirect to /admin/login.html with reason
6. If valid: allow page to load normally

API Security (already in place):
- All /api/admin/* endpoints require JWT
- authenticateToken middleware validates tokens
- requireRole middleware enforces admin/moderator access

Addresses security concerns:
- inst_012: No internal/confidential data exposure
- inst_013: No sensitive runtime data in public endpoints
- inst_014: No API surface enumeration
- inst_015: No internal documentation exposure

Remaining Recommendations:
- Change default admin password on production (MANUAL STEP)
- Consider IP whitelist for /admin/* (optional)
- Add rate limiting to /api/auth/login (future enhancement)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-11 17:26:50 +13:00
TheFlow
91aea5091c feat: implement Rule Manager and Project Manager admin systems 
Major Features:
- Multi-project governance with Rule Manager web UI
- Project Manager for organizing governance across projects
- Variable substitution system (${VAR_NAME} in rules)
- Claude.md analyzer for instruction extraction
- Rule quality scoring and optimization

Admin UI Components:
- /admin/rule-manager.html - Full-featured rule management interface
- /admin/project-manager.html - Multi-project administration
- /admin/claude-md-migrator.html - Import rules from Claude.md files
- Dashboard enhancements for governance analytics

Backend Implementation:
- Controllers: projects, rules, variables
- Models: Project, VariableValue, enhanced GovernanceRule
- Routes: /api/projects, /api/rules with full CRUD
- Services: ClaudeMdAnalyzer, RuleOptimizer, VariableSubstitution
- Utilities: mongoose helpers

Documentation:
- User guides for Rule Manager and Projects
- Complete API documentation (PROJECTS_API, RULES_API)
- Phase 3 planning and architecture diagrams
- Test results and error analysis
- Coding best practices summary

Testing & Scripts:
- Integration tests for projects API
- Unit tests for variable substitution
- Database migration scripts
- Seed data generation
- Test token generator

Key Capabilities:
 UNIVERSAL scope rules apply across all projects
 PROJECT_SPECIFIC rules override for individual projects
 Variable substitution per-project (e.g., ${DB_PORT} → 27017)
 Real-time validation and quality scoring
 Advanced filtering and search
 Import from existing Claude.md files

Technical Details:
- MongoDB-backed governance persistence
- RESTful API with Express
- JWT authentication for admin endpoints
- CSP-compliant frontend (no inline handlers)
- Responsive Tailwind UI

This implements Phase 3 architecture as documented in planning docs.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-11 17:16:51 +13:00