john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
691 commits 1 branch 0 tags 125 MiB
Commit graph

7 commits

Author SHA1 Message Date
TheFlow
bda0de0ceb fix(cache): standardize cache version across all HTML files 
Fixed inconsistent cache version parameters across admin pages.
All HTML files now use v=0.1.0.1761262254119 to ensure mobile
browsers fetch fresh assets.

Changes:
- Updated all 12 admin HTML files to consistent cache version
- Updated all 17 public HTML files via update-cache-version script
- Service worker version: 0.1.1
- Version.json: 0.1.1

This ensures service worker cache invalidation triggers properly
and all pages reference matching asset versions.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-24 12:34:39 +13:00
TheFlow
2298d36bed fix(submissions): restructure Economist package and fix article display 
- Create Economist SubmissionTracking package correctly:
  * mainArticle = full blog post content
  * coverLetter = 216-word SIR— letter
  * Links to blog post via blogPostId
- Archive 'Letter to The Economist' from blog posts (it's the cover letter)
- Fix date display on article cards (use published_at)
- Target publication already displaying via blue badge

Database changes:
- Make blogPostId optional in SubmissionTracking model
- Economist package ID: 68fa85ae49d4900e7f2ecd83
- Le Monde package ID: 68fa2abd2e6acd5691932150

Next: Enhanced modal with tabs, validation, export

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-24 08:47:42 +13:00
TheFlow
0dd4a5f6c8 refactor: reduce public repo to minimal implementation-only resource 
REMOVED: 267 non-implementation files (51% reduction)

Categories removed:
- Research documents & case studies (35 files)
- Planning/internal development docs (28 files)
- Website pages & assets (93 files - this is framework code, not website code)
- Audit reports (6 files)
- Non-essential admin UI (11 files)
- Markdown content duplicates (10 files)
- Internal development scripts (96 files)
- Internal setup docs (2 files)

RETAINED: 253 implementation-focused files
- Core framework services (src/)
- Test suite (tests/)
- API documentation (docs/api/)
- Deployment quickstart guide
- Essential admin UI (rule manager, dashboard, hooks dashboard)
- Architecture decision records
- Configuration files

PURPOSE: Public repo is now focused exclusively on developers
implementing Tractatus, not researchers studying it or users visiting
the website. All background/research content available at
https://agenticgovernance.digital

🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-21 21:09:34 +13:00
TheFlow
8667088c5f feat(admin): Phase 2 - standardize admin UI with unified navbar component 
SUMMARY:
Completed Phase 2 of admin UI overhaul: Created unified navbar component
for simple pages, standardized CSS versioning across all pages, and fixed
broken navigation. Pragmatic approach preserves valuable cross-page navigation
while ensuring consistency.

CHANGES - Simple Pages (Unified Navbar Component):
- newsletter-management.html: Replaced custom navbar with component
- hooks-dashboard.html: Replaced custom navbar with component
- audit-analytics.html: Fixed wrong navbar (was using public site component)

CHANGES - Complex Pages (Standardized CSS Only):
- case-moderation.html: Added CSS version v=1759833751
- media-triage.html: Added CSS version v=1759833751
- project-manager.html: Updated CSS version to v=1759833751
- rule-manager.html: Updated CSS version to v=1759833751
(These pages retained custom navbars to preserve cross-page navigation UX)

COMPONENT ENHANCEMENTS:
- navbar-admin.js: Added 'hooks' icon for Framework Hooks Dashboard
- Newsletter management JS: Removed manual admin-name and logout handling

CSS STANDARDIZATION:
Target version: /css/tailwind.css?v=1759833751
- 7 pages now use standardized version (was 3 different versions + missing)

RESULTS:
- All admin pages now have consistent navbar styling
- Simple pages use unified component (3 pages)
- Complex pages use standardized custom navbars (6 pages)
- All pages have correct CSS versioning
- audit-analytics.html fixed (was using wrong component)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-20 21:51:09 +13:00
TheFlow
9d390da76b style(ui): update theme, branding, and GitHub repository links 
Update UI across all pages with:
- New favicon and brand icons (favicon-new.svg, tractatus-icon-new.svg)
- Theme CSS integration (tractatus-theme.min.css)
- Correct GitHub repository links (AgenticGovernance/tractatus)
- PWA manifest updates
- Consistent branding colors and gradients

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-19 12:48:29 +13:00
TheFlow
8538dc5b66 security: harden admin panel before production deployment 
Critical Security Fixes:
1. Remove default credentials from login page (inst_012 compliance)
2. Create auth-check.js utility for client-side authentication
3. Add authentication redirects to all admin pages

Authentication Protection:
- All admin pages now check for valid JWT token on load
- Redirect to login if unauthenticated or token expired
- Token expiration validation (client-side check)
- Role verification (admin/moderator required)
- Periodic token validity checks (every 5 minutes)

Files Protected:
 /admin/dashboard.html
 /admin/rule-manager.html
 /admin/project-manager.html
 /admin/claude-md-migrator.html
 /admin/blog-curation.html
 /admin/audit-analytics.html
(login.html excluded - entry point)

Authentication Flow:
1. User accesses admin page
2. auth-check.js runs immediately
3. Check localStorage for admin_token
4. Parse JWT to verify expiration and role
5. If invalid: redirect to /admin/login.html with reason
6. If valid: allow page to load normally

API Security (already in place):
- All /api/admin/* endpoints require JWT
- authenticateToken middleware validates tokens
- requireRole middleware enforces admin/moderator access

Addresses security concerns:
- inst_012: No internal/confidential data exposure
- inst_013: No sensitive runtime data in public endpoints
- inst_014: No API surface enumeration
- inst_015: No internal documentation exposure

Remaining Recommendations:
- Change default admin password on production (MANUAL STEP)
- Consider IP whitelist for /admin/* (optional)
- Add rate limiting to /api/auth/login (future enhancement)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-11 17:26:50 +13:00
TheFlow
c96ad31046 feat: implement Rule Manager and Project Manager admin systems 
Major Features:
- Multi-project governance with Rule Manager web UI
- Project Manager for organizing governance across projects
- Variable substitution system (${VAR_NAME} in rules)
- Claude.md analyzer for instruction extraction
- Rule quality scoring and optimization

Admin UI Components:
- /admin/rule-manager.html - Full-featured rule management interface
- /admin/project-manager.html - Multi-project administration
- /admin/claude-md-migrator.html - Import rules from Claude.md files
- Dashboard enhancements for governance analytics

Backend Implementation:
- Controllers: projects, rules, variables
- Models: Project, VariableValue, enhanced GovernanceRule
- Routes: /api/projects, /api/rules with full CRUD
- Services: ClaudeMdAnalyzer, RuleOptimizer, VariableSubstitution
- Utilities: mongoose helpers

Documentation:
- User guides for Rule Manager and Projects
- Complete API documentation (PROJECTS_API, RULES_API)
- Phase 3 planning and architecture diagrams
- Test results and error analysis
- Coding best practices summary

Testing & Scripts:
- Integration tests for projects API
- Unit tests for variable substitution
- Database migration scripts
- Seed data generation
- Test token generator

Key Capabilities:
 UNIVERSAL scope rules apply across all projects
 PROJECT_SPECIFIC rules override for individual projects
 Variable substitution per-project (e.g., ${DB_PORT} → 27017)
 Real-time validation and quality scoring
 Advanced filtering and search
 Import from existing Claude.md files

Technical Details:
- MongoDB-backed governance persistence
- RESTful API with Express
- JWT authentication for admin endpoints
- CSP-compliant frontend (no inline handlers)
- Responsive Tailwind UI

This implements Phase 3 architecture as documented in planning docs.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-11 17:16:51 +13:00