docs: update security manager handoff
This commit is contained in:
@@ -22,6 +22,12 @@ Last updated: 2026-07-05
|
||||
- Gitea Actions runs 263-267 passed for the feature and production merge.
|
||||
- Live Dockge verification on 2026-07-05 reported `telegramAiChat.enabled=true`. A real `heim-llm` question using current dashboard context completed in 34 seconds and the answer was delivered successfully through the configured Telegram bot.
|
||||
- Current Telegram-chat implementation commit: `c86407d4f8bfb8a445bb7f4685ff545b479244a1`.
|
||||
- PR #60 / issue #59 added the controlled Telegram terminal agent with 13 allowlisted tools, bounded multi-step decisions, chat-bound confirmation for mutations, `/tools`, `/trace`, and proactive sweep analysis.
|
||||
- Tool-agent production commit: `d13652a70b77263f357b487d50bab3af5585a309`.
|
||||
- Issue #61 is implemented on `codex/issue-61-security-manager-onboarding` in PR #62.
|
||||
- Security Manager implementation commit: `0c7ddc5a6cb85487274a8bdf754d48a967ba2c84`.
|
||||
- The Security Manager adds language-first Telegram onboarding, explicit consent/minimal setup, an AES-256-GCM encrypted profile under `runs/security-profile.enc`, profile commands, a read-only `get_security_profile` agent tool, location/personal relevance guidance, and deterministic alert-level/quiet-hours enforcement.
|
||||
- Gitea Actions runs 883 and 884 passed for PR #62 (`test-and-image` and `template-compliance`). The production merge and registry publication are still pending at the time of this handoff edit.
|
||||
|
||||
## Repository State
|
||||
|
||||
@@ -43,7 +49,7 @@ upstream https://github.com/calesthio/Crucix.git
|
||||
Current branch tip:
|
||||
|
||||
```text
|
||||
Run `git rev-parse HEAD` after clone/pull. This handoff was updated by the `docs: sync issue tracker and handoff` commit after the implementation commit below.
|
||||
Run `git rev-parse HEAD` after clone/pull. During PR #62 work, the current feature tip includes `0c7ddc5`; after merge, use the production branch tip reported by Gitea.
|
||||
```
|
||||
|
||||
Production baseline before the current LiteLLM work:
|
||||
@@ -86,6 +92,19 @@ Rules applied from the kit:
|
||||
- Do not commit secrets, `.env`, private logs, tokens, or generated `runs/` data.
|
||||
- Add report-only maintenance workflows for security, dependency checks, repo cleanup, release dry runs, and template compliance.
|
||||
- Poll pushed Gitea Actions until terminal state when a token is available.
|
||||
- Use only lightweight local checks (`node --check`, JSON parsing, Compose config, `git diff --check`). Run unit tests, builds, audits, and image publication on the Gitea Ubuntu runners.
|
||||
|
||||
### Security Manager
|
||||
|
||||
- First startup asks for `Deutsch` or `English` before any profile question.
|
||||
- Consent offers full, minimal, or cancelled setup; `/skip` is available for profile inputs.
|
||||
- Allowed profile scope: preferred name, country/region/city level, timezone, household counts, mobility, general travel pattern, risk priorities, critical dependencies, alert preference, and quiet hours.
|
||||
- Exact addresses, identity documents, passwords/API keys, accounts, detailed diagnoses, booking data, and private contacts are explicitly excluded.
|
||||
- `SECURITY_PROFILE_ENCRYPTION_KEY` must be a unique secret of at least 32 characters. It must be preserved across deployments or the encrypted profile cannot be read.
|
||||
- Commands: `/profile`, `/onboarding`, `/language`, `/profile_delete`.
|
||||
- Health and metrics expose only profile availability/configuration timestamps and errors, not profile contents.
|
||||
- The configured LLM can obtain the approved profile only through the read-only `get_security_profile` allowlisted tool.
|
||||
- Non-FLASH proactive messages respect the profile's alert preference and quiet hours. FLASH can override quiet hours.
|
||||
|
||||
## What Was Implemented
|
||||
|
||||
@@ -435,6 +454,8 @@ c2d572e fix: prepare runs volume before dropping privileges
|
||||
e933586 merge: reconcile main with production branch
|
||||
4262c7e docs: expand agent handoff
|
||||
53470cc fix: load live dashboard data and add terminal actions
|
||||
d13652a merge: controlled Telegram terminal agent (PR #60)
|
||||
0c7ddc5 feat: add privacy-aware security manager onboarding
|
||||
```
|
||||
|
||||
The large implementation commit `85f97bb` and the dashboard/action fix `53470cc` are contained in both:
|
||||
@@ -460,10 +481,10 @@ git checkout codex/production-intelligence-terminal
|
||||
git rev-parse HEAD
|
||||
```
|
||||
|
||||
Expected:
|
||||
Expected after PR #62 merges:
|
||||
|
||||
```text
|
||||
The branch tip should include commit 53470cc701ec322080a89d220aef449b25850590 and the later `docs: sync issue tracker and handoff` commit.
|
||||
The production branch should contain tool-agent commit d13652a and Security Manager commit 0c7ddc5 plus the handoff update/merge commit.
|
||||
```
|
||||
|
||||
3. Read these files first:
|
||||
@@ -502,6 +523,8 @@ docker pull git.wilkensxl.de/code-inc/intelligence-terminal:latest
|
||||
- Browser-level visual verification of the full dashboard should be repeated after any future UI change.
|
||||
- The project still inherits the original Crucix broad source surface. Future work should prefer focused source-by-source tests over broad refactors.
|
||||
- If a new Codex environment sees non-fast-forward branch pushes, fetch first and preserve remote commits. Do not force-push without explicit approval.
|
||||
- A production deployment must add `SECURITY_PROFILE_ENCRYPTION_KEY` before expecting first-start onboarding. A changed or lost key intentionally fails closed and does not overwrite existing ciphertext.
|
||||
- PR #62 still needs merge, successful production publish runs, registry verification, and Dockge deployment verification if those steps are not recorded below by a later update.
|
||||
|
||||
## Operator Pull Command
|
||||
|
||||
|
||||
Reference in New Issue
Block a user