docs: update security manager handoff
All checks were successful
Codex Template Compliance / template-compliance (pull_request) Successful in 7s
Build / test-and-image (pull_request) Successful in 24s

This commit is contained in:
2026-07-05 21:43:16 +02:00
parent 0c7ddc53b4
commit b1b88eb129

View File

@@ -22,6 +22,12 @@ Last updated: 2026-07-05
- Gitea Actions runs 263-267 passed for the feature and production merge.
- Live Dockge verification on 2026-07-05 reported `telegramAiChat.enabled=true`. A real `heim-llm` question using current dashboard context completed in 34 seconds and the answer was delivered successfully through the configured Telegram bot.
- Current Telegram-chat implementation commit: `c86407d4f8bfb8a445bb7f4685ff545b479244a1`.
- PR #60 / issue #59 added the controlled Telegram terminal agent with 13 allowlisted tools, bounded multi-step decisions, chat-bound confirmation for mutations, `/tools`, `/trace`, and proactive sweep analysis.
- Tool-agent production commit: `d13652a70b77263f357b487d50bab3af5585a309`.
- Issue #61 is implemented on `codex/issue-61-security-manager-onboarding` in PR #62.
- Security Manager implementation commit: `0c7ddc5a6cb85487274a8bdf754d48a967ba2c84`.
- The Security Manager adds language-first Telegram onboarding, explicit consent/minimal setup, an AES-256-GCM encrypted profile under `runs/security-profile.enc`, profile commands, a read-only `get_security_profile` agent tool, location/personal relevance guidance, and deterministic alert-level/quiet-hours enforcement.
- Gitea Actions runs 883 and 884 passed for PR #62 (`test-and-image` and `template-compliance`). The production merge and registry publication are still pending at the time of this handoff edit.
## Repository State
@@ -43,7 +49,7 @@ upstream https://github.com/calesthio/Crucix.git
Current branch tip:
```text
Run `git rev-parse HEAD` after clone/pull. This handoff was updated by the `docs: sync issue tracker and handoff` commit after the implementation commit below.
Run `git rev-parse HEAD` after clone/pull. During PR #62 work, the current feature tip includes `0c7ddc5`; after merge, use the production branch tip reported by Gitea.
```
Production baseline before the current LiteLLM work:
@@ -86,6 +92,19 @@ Rules applied from the kit:
- Do not commit secrets, `.env`, private logs, tokens, or generated `runs/` data.
- Add report-only maintenance workflows for security, dependency checks, repo cleanup, release dry runs, and template compliance.
- Poll pushed Gitea Actions until terminal state when a token is available.
- Use only lightweight local checks (`node --check`, JSON parsing, Compose config, `git diff --check`). Run unit tests, builds, audits, and image publication on the Gitea Ubuntu runners.
### Security Manager
- First startup asks for `Deutsch` or `English` before any profile question.
- Consent offers full, minimal, or cancelled setup; `/skip` is available for profile inputs.
- Allowed profile scope: preferred name, country/region/city level, timezone, household counts, mobility, general travel pattern, risk priorities, critical dependencies, alert preference, and quiet hours.
- Exact addresses, identity documents, passwords/API keys, accounts, detailed diagnoses, booking data, and private contacts are explicitly excluded.
- `SECURITY_PROFILE_ENCRYPTION_KEY` must be a unique secret of at least 32 characters. It must be preserved across deployments or the encrypted profile cannot be read.
- Commands: `/profile`, `/onboarding`, `/language`, `/profile_delete`.
- Health and metrics expose only profile availability/configuration timestamps and errors, not profile contents.
- The configured LLM can obtain the approved profile only through the read-only `get_security_profile` allowlisted tool.
- Non-FLASH proactive messages respect the profile's alert preference and quiet hours. FLASH can override quiet hours.
## What Was Implemented
@@ -435,6 +454,8 @@ c2d572e fix: prepare runs volume before dropping privileges
e933586 merge: reconcile main with production branch
4262c7e docs: expand agent handoff
53470cc fix: load live dashboard data and add terminal actions
d13652a merge: controlled Telegram terminal agent (PR #60)
0c7ddc5 feat: add privacy-aware security manager onboarding
```
The large implementation commit `85f97bb` and the dashboard/action fix `53470cc` are contained in both:
@@ -460,10 +481,10 @@ git checkout codex/production-intelligence-terminal
git rev-parse HEAD
```
Expected:
Expected after PR #62 merges:
```text
The branch tip should include commit 53470cc701ec322080a89d220aef449b25850590 and the later `docs: sync issue tracker and handoff` commit.
The production branch should contain tool-agent commit d13652a and Security Manager commit 0c7ddc5 plus the handoff update/merge commit.
```
3. Read these files first:
@@ -502,6 +523,8 @@ docker pull git.wilkensxl.de/code-inc/intelligence-terminal:latest
- Browser-level visual verification of the full dashboard should be repeated after any future UI change.
- The project still inherits the original Crucix broad source surface. Future work should prefer focused source-by-source tests over broad refactors.
- If a new Codex environment sees non-fast-forward branch pushes, fetch first and preserve remote commits. Do not force-push without explicit approval.
- A production deployment must add `SECURITY_PROFILE_ENCRYPTION_KEY` before expecting first-start onboarding. A changed or lost key intentionally fails closed and does not overwrite existing ciphertext.
- PR #62 still needs merge, successful production publish runs, registry verification, and Dockge deployment verification if those steps are not recorded below by a later update.
## Operator Pull Command