john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
691 commits 1 branch 0 tags 125 MiB
Commit graph

7 commits

Author SHA1 Message Date
TheFlow
bda0de0ceb fix(cache): standardize cache version across all HTML files 
Fixed inconsistent cache version parameters across admin pages.
All HTML files now use v=0.1.0.1761262254119 to ensure mobile
browsers fetch fresh assets.

Changes:
- Updated all 12 admin HTML files to consistent cache version
- Updated all 17 public HTML files via update-cache-version script
- Service worker version: 0.1.1
- Version.json: 0.1.1

This ensures service worker cache invalidation triggers properly
and all pages reference matching asset versions.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-24 12:34:39 +13:00
TheFlow
2298d36bed fix(submissions): restructure Economist package and fix article display 
- Create Economist SubmissionTracking package correctly:
  * mainArticle = full blog post content
  * coverLetter = 216-word SIR— letter
  * Links to blog post via blogPostId
- Archive 'Letter to The Economist' from blog posts (it's the cover letter)
- Fix date display on article cards (use published_at)
- Target publication already displaying via blue badge

Database changes:
- Make blogPostId optional in SubmissionTracking model
- Economist package ID: 68fa85ae49d4900e7f2ecd83
- Le Monde package ID: 68fa2abd2e6acd5691932150

Next: Enhanced modal with tabs, validation, export

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-24 08:47:42 +13:00
TheFlow
1c7e1c0e36 CRITICAL: Remove 27 internal files + fix SyDigital reference 
SECURITY CLEANUP - Phase 2:
Removed internal development files that should never have been public:

INTERNAL SESSION DOCS (11 files):
- docs/research/phase-5-session*.md (9 files)
- docs/markdown/phase-5-session*.md (2 files)

INTERNAL ADMIN TOOLS (2 files):
- public/admin/claude-md-migrator.html
- public/js/admin/claude-md-migrator.js

INTERNAL STRIPE SCRIPTS (6 files):
- scripts/check-stripe-bank-account.js
- scripts/setup-stripe-products.js
- scripts/stripe-webhook-setup.sh
- scripts/test-stripe-connection.js
- scripts/test-stripe-integration.js
- scripts/verify-stripe-portal.js

INTERNAL TEST FILES (3 files):
- scripts/test-deliberation-session.js
- scripts/test-session*.js (2 files)

INTERNAL PDF DOCS (5 files):
- claude-code-framework-enforcement.pdf
- concurrent-session-architecture-limitations.pdf
- framework-governance-in-action*.pdf
- ai-governance-business-case-template.pdf
- comparison-matrix*.pdf

FIXES:
- Changed 'SyDigital Ltd' → 'Tractatus Framework Team' in claude-code-framework-enforcement.md
- Added .gitignore patterns to prevent re-adding these files

TOTAL: 27 internal files removed from public tracking
 2025-10-21 20:35:34 +13:00
TheFlow
3525c83dd2 fix(admin): Phase 1 - critical auth and navigation fixes 
SUMMARY:
Fixed 3 broken admin pages (newsletter, hooks dashboard, migrator) and
standardized navigation links. These pages were completely non-functional
due to localStorage key mismatches.

CRITICAL FIXES:
1. newsletter-management.js:
   - token → admin_token (5 occurrences)
   - admin → admin_user (2 occurrences)
   - Now matches login.js localStorage keys

2. hooks-dashboard.js:
   - tractatus_admin_token → admin_token
   - Now uses correct auth token

3. claude-md-migrator.js:
   - auth_token → admin_token (2 occurrences)
   - Added missing apiRequest() helper function
   - Fixed logout to clear both admin_token and admin_user

NAVIGATION FIXES:
4. newsletter-management.html:
   - dashboard.html → /admin/dashboard.html (absolute path)

5. claude-md-migrator.html:
   - ../css/tailwind.css → /css/tailwind.css?v=1759833751 (absolute + version)
   - Added tractatus-theme.min.css

BEFORE (BROKEN):
- Newsletter Management:  Auth failed (wrong token key)
- Hooks Dashboard:  Auth failed (wrong token key)
- CLAUDE.md Migrator:  Auth failed + missing apiRequest()

AFTER (WORKING):
- Newsletter Management:  Auth works, all API calls function
- Hooks Dashboard:  Auth works, metrics load
- CLAUDE.md Migrator:  Auth works, API requests function

NEXT STEPS (Phase 2):
- Create unified admin navbar component
- Standardize CSS versioning across all pages
- Verify/create missing API endpoints

🤖 Generated with Claude Code (https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-20 21:33:50 +13:00
TheFlow
9d390da76b style(ui): update theme, branding, and GitHub repository links 
Update UI across all pages with:
- New favicon and brand icons (favicon-new.svg, tractatus-icon-new.svg)
- Theme CSS integration (tractatus-theme.min.css)
- Correct GitHub repository links (AgenticGovernance/tractatus)
- PWA manifest updates
- Consistent branding colors and gradients

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-19 12:48:29 +13:00
TheFlow
8538dc5b66 security: harden admin panel before production deployment 
Critical Security Fixes:
1. Remove default credentials from login page (inst_012 compliance)
2. Create auth-check.js utility for client-side authentication
3. Add authentication redirects to all admin pages

Authentication Protection:
- All admin pages now check for valid JWT token on load
- Redirect to login if unauthenticated or token expired
- Token expiration validation (client-side check)
- Role verification (admin/moderator required)
- Periodic token validity checks (every 5 minutes)

Files Protected:
 /admin/dashboard.html
 /admin/rule-manager.html
 /admin/project-manager.html
 /admin/claude-md-migrator.html
 /admin/blog-curation.html
 /admin/audit-analytics.html
(login.html excluded - entry point)

Authentication Flow:
1. User accesses admin page
2. auth-check.js runs immediately
3. Check localStorage for admin_token
4. Parse JWT to verify expiration and role
5. If invalid: redirect to /admin/login.html with reason
6. If valid: allow page to load normally

API Security (already in place):
- All /api/admin/* endpoints require JWT
- authenticateToken middleware validates tokens
- requireRole middleware enforces admin/moderator access

Addresses security concerns:
- inst_012: No internal/confidential data exposure
- inst_013: No sensitive runtime data in public endpoints
- inst_014: No API surface enumeration
- inst_015: No internal documentation exposure

Remaining Recommendations:
- Change default admin password on production (MANUAL STEP)
- Consider IP whitelist for /admin/* (optional)
- Add rate limiting to /api/auth/login (future enhancement)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-11 17:26:50 +13:00
TheFlow
c96ad31046 feat: implement Rule Manager and Project Manager admin systems 
Major Features:
- Multi-project governance with Rule Manager web UI
- Project Manager for organizing governance across projects
- Variable substitution system (${VAR_NAME} in rules)
- Claude.md analyzer for instruction extraction
- Rule quality scoring and optimization

Admin UI Components:
- /admin/rule-manager.html - Full-featured rule management interface
- /admin/project-manager.html - Multi-project administration
- /admin/claude-md-migrator.html - Import rules from Claude.md files
- Dashboard enhancements for governance analytics

Backend Implementation:
- Controllers: projects, rules, variables
- Models: Project, VariableValue, enhanced GovernanceRule
- Routes: /api/projects, /api/rules with full CRUD
- Services: ClaudeMdAnalyzer, RuleOptimizer, VariableSubstitution
- Utilities: mongoose helpers

Documentation:
- User guides for Rule Manager and Projects
- Complete API documentation (PROJECTS_API, RULES_API)
- Phase 3 planning and architecture diagrams
- Test results and error analysis
- Coding best practices summary

Testing & Scripts:
- Integration tests for projects API
- Unit tests for variable substitution
- Database migration scripts
- Seed data generation
- Test token generator

Key Capabilities:
 UNIVERSAL scope rules apply across all projects
 PROJECT_SPECIFIC rules override for individual projects
 Variable substitution per-project (e.g., ${DB_PORT} → 27017)
 Real-time validation and quality scoring
 Advanced filtering and search
 Import from existing Claude.md files

Technical Details:
- MongoDB-backed governance persistence
- RESTful API with Express
- JWT authentication for admin endpoints
- CSP-compliant frontend (no inline handlers)
- Responsive Tailwind UI

This implements Phase 3 architecture as documented in planning docs.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-11 17:16:51 +13:00