b920203314
Address Hans' workflow feedback - make it actionable
...
1. Created QUICKSTART.md (60 second read vs 1295 line handbook)
- Who you are, 4 session-start actions, critical rules
- All CLAUDE.md files now reference QUICKSTART first
2. Created scripts/daily-review.sh (automates Part 4 checks)
- Runs Section A, F, G checks automatically
- Reports PASS/FAIL with colors
- Fails fast on foundation violations
3. Added workflow section to handbook
- Where to find tasks (git.clavitor.ai)
- Priority order (CRITICAL > HIGH > MEDIUM)
- Engineer vs Reviewer responsibilities
4. Created tasks skill (.claude/skills/tasks/SKILL.md)
- For querying Gitea issues programmatically
- Will integrate with agent workflow
5. Updated all 11 CLAUDE.md files with concise headers
- Quickstart link (60s)
- Deep reference link (handbook Section V)
- Agent identity + daily script command
Hans' feedback addressed:
- ✅ Handbook too long → QUICKSTART.md
- ✅ Daily review manual → automated script
- ✅ Vague instructions → specific script + task query
- ✅ No task queue → skill created
2026-04-09 01:10:39 -04:00
9860a679d4
Update all CLAUDE.md files to reference CLAVITOR-AGENT-HANDBOOK.md
...
Updated 13 CLAUDE.md files across all subprojects:
- Root CLAUDE.md → Section I (Culture)
- clavis-vault/CLAUDE.md → Section V: clavis-vault (Sarah)
- clavis-cli/CLAUDE.md → Section V: clavis-cli (Charles)
- clavis-chrome/firefox/safari/CLAUDE.md → Section V: Browser extensions (James)
- clavis-crypto/CLAUDE.md → Section V: clavis-crypto (Maria)
- clavis-ios/android/CLAUDE.md → Section V: Mobile (James)
- clavis-telemetry/CLAUDE.md → Section V: clavis-telemetry (Hans)
- clavitor.ai/CLAUDE.md → Section V: clavitor.ai/admin (Emma)
- clavitor.ai/admin/CLAUDE.md → Section V: clavitor.ai/admin (Emma)
- clavis-vault/edition/CLAUDE.md → Section V: clavis-vault (Sarah)
All references now point to the 5-section handbook structure.
2026-04-08 15:24:51 -04:00
5cf089a58e
Multi-project update: import system, edition system, web UI, CLI, website, POP sync
...
Vault: importer refactor with mapping-driven parsers, auth.js login flow,
edition system enhancements (commercial features), agent UI fixes,
mTLS improvements, schema and handler updates.
CLI: cvt protocol updates, keystore changes, JS bridge additions.
Website (clavitor.ai): expanded main.go with new routes/templates,
admin panel with Paddle checkout and credentials API.
POP sync: mTLS CA support, command examples.
Marketing: pricing architecture doc.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-05 06:40:40 -04:00
48bf5d8aa0
Security hardening v2: Edition system + 24 security fixes
...
EDITION SYSTEM (Community/Commercial):
- Add edition/ package with build-time separation
- Community: No telemetry, local logging only, AGPL
- Commercial: Centralized alerting to clavitor.ai, managed POPs
- Build: go build ./cmd/clavitor/ (community) or -tags commercial
SECURITY FIXES (Issues 1-24):
1. L3 field protection in batch import - agents can't overwrite tier 3
2. FQDN lookup caching - 5min TTL prevents DNS DoS
3. IP whitelist race documented and accepted
4. Admin token consumption - accepted UX limitation
5. Type guard now returns 403 (not silent skip)
6. Agents blocked entirely from batch import
7. IP whitelist DB errors return 500 + telemetry
8. L3 protection in upsert
9. DeleteEntry scope check added
10. CreateEntry scope validation for agents
11. SearchEntries audit logging
13. CSP tightened - removed unused tailwind, img-src restricted
15. Backup path validation (isValidVaultName)
17. Request body size limit - 64KB max, binary content blocked
18. WebAuthn auth challenge verification
19. RestoreBackup requires admin auth
20. TOTP scope check (already existed)
21. PRF-only enforcement (no non-PRF fallbacks)
22. Empty scopes documented as quarantine feature
23. Scope format validation with operator alerts
24. DB errors surfaced via edition.AlertOperator()
OPERATOR ALERTS:
- edition.Current.AlertOperator() routes to local logs (community)
- or POSTs to /v1/alerts (commercial)
- Alerts: auth_system_error, data_corruption
NEW DOCUMENTATION:
- edition/CLAUDE.md - full edition system docs
- GIT_WORKFLOW.md - Zurich-only Git policy
2026-04-02 00:36:31 -04:00
0922dde30a
chore: auto-commit uncommitted changes
2026-03-26 06:03:15 -04:00
James