docs: clean inherited public demo references

2026-05-17 13:50:37 +02:00
9 changed files with 36 additions and 295 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1 +1 @@
-* @calesthio
+* @MrSphay
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,5 +1,5 @@
 blank_issues_enabled: true
 contact_links:
  - name: Security report
-    url: mailto:celesthioailabs@gmail.com
+    url: https://git.wilkensxl.de/MrSphay/intelligence-terminal
    about: Report security issues privately instead of opening a public issue.
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -1,68 +0,0 @@
 name: Build & Publish Docker Image
 on:
  push:
    branches: [master]
    tags: ['v*']
  pull_request:
    branches: [master]
 env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}
 jobs:
  build-and-push:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Log in to GHCR
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Log in to Docker Hub
        if: github.event_name != 'pull_request' && vars.DOCKERHUB_ENABLED == 'true'
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Extract metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: |
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
            ${{ vars.DOCKERHUB_ENABLED == 'true' && format('{0}/{1}', secrets.DOCKERHUB_USERNAME, 'crucix') || '' }}
          tags: |
            type=raw,value=latest,enable={{is_default_branch}}
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=sha,prefix=
      - name: Build and push
        uses: docker/build-push-action@v6
        with:
          context: .
          platforms: linux/amd64,linux/arm64
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,6 +1,6 @@
-# Contributing to Crucix
+# Contributing to Intelligence Terminal
-Crucix moves quickly, but review bandwidth is limited. The easiest way to get a change merged is to keep it small, well-scoped, and aligned with the project's direction.
+Intelligence Terminal moves quickly, but review bandwidth is limited. The easiest way to get a change merged is to keep it small, well-scoped, and aligned with the project's private home-server deployment direction.
 ## What Contributions Are Most Helpful
--- a/README.md
+++ b/README.md
@@ -4,22 +4,12 @@
 **Your own intelligence terminal. 27 sources. One command. Zero cloud.**
 ## [Visit The Live Site: crucix.live](https://www.crucix.live/)
 [![Live Website](https://img.shields.io/badge/live-crucix.live-00d4ff?style=for-the-badge)](https://www.crucix.live/)
 [![Open Demo](https://img.shields.io/badge/open-live%20dashboard-0b1220?style=for-the-badge&logo=googlechrome&logoColor=white)](https://www.crucix.live/)
 [![Node.js 22+](https://img.shields.io/badge/node-22%2B-brightgreen)](#quick-start)
 [![License: AGPL v3](https://img.shields.io/badge/license-AGPLv3-blue.svg)](LICENSE)
 [![Dependencies](https://img.shields.io/badge/dependencies-1%20(express)-orange)](#architecture)
 [![Sources](https://img.shields.io/badge/OSINT%20sources-27-cyan)](#data-sources-27)
 [![Docker](https://img.shields.io/badge/docker-ready-blue?logo=docker)](#docker)
 **Enter The Signal Network**
 [![Signal Wire](https://img.shields.io/badge/Signal%20Wire-%40crucixmonitor-111111?style=for-the-badge&logo=x&logoColor=white)](https://x.com/crucixmonitor)
 [![Ops Room](https://img.shields.io/badge/Ops%20Room-Discord-5865F2?style=for-the-badge&logo=discord&logoColor=white)](https://discord.gg/ChVy7SF4)
 ![Crucix Dashboard](docs/dashboard.png)
 <details>
@@ -37,15 +27,13 @@
 </div>
-> **Live website:** [https://www.crucix.live/](https://www.crucix.live/)
+> **Supported deployment:** private home-server or lab deployment through Docker, Dockge, Pangolin, or local Node.js.
-> Explore the public demo first, then clone the repo to run Crucix locally.
+> Runtime data stays in your configured `runs/` volume and API keys are operator-owned.
 Crucix pulls satellite fire detection, flight tracking, radiation monitoring, satellite constellation tracking, economic indicators, live market prices, conflict data, sanctions lists, and social sentiment from 27 open-source intelligence feeds — in parallel, every 15 minutes — and renders everything on a single self-contained Jarvis-style dashboard.
 Hook it up to an LLM and it becomes a **two-way intelligence assistant** — pushing multi-tier alerts to Telegram and Discord when something meaningful changes, responding to commands like `/brief` and `/sweep` from your phone, and generating actionable trade ideas grounded in real cross-domain data. Your own analyst that watches the world while you sleep.
 Try the live demo first at [https://www.crucix.live/](https://www.crucix.live/), then clone the repo when you want the full local stack.
 No cloud. No telemetry. No subscriptions. Just `node server.mjs` and you're running.
 ## Token / Asset Warning
@@ -71,8 +59,8 @@ It was built for anyone who wants to understand what's actually happening in the
 ```bash
 # 1. Clone the repo
-git clone https://github.com/calesthio/Crucix.git
+git clone ssh://git@git.wilkensxl.de:2222/MrSphay/intelligence-terminal.git
-cd Crucix
+cd intelligence-terminal
 # 2. Install dependencies (just Express)
 npm install
@@ -640,27 +628,13 @@ To update them: run the dashboard, wait for a sweep to complete, then use your b
 Found a bug? Want to add a 28th source? PRs welcome. Each source is a standalone module in `apis/sources/` — just export a `briefing()` function that returns structured data and add it to the orchestrator in `apis/briefing.mjs`.
 If you find this useful, a star helps others find it too.
 For contribution guidelines, review expectations, and source-add rules, see `CONTRIBUTING.md`. For security reports, see `SECURITY.md`.
 ## Contact
-For partnerships, integrations, or other non-issue inquiries, you can reach me at `celesthioailabs@gmail.com`.
+For bugs and feature requests, use the Gitea issues in this repository so discussion stays visible and actionable.
-For bugs and feature requests, please use GitHub Issues so discussion stays visible and actionable.
+This fork keeps upstream Crucix attribution through the AGPL-3.0 license and commit history while documenting the supported private Gitea/Docker deployment path here.
 ---
 ## Star History
 <a href="https://www.star-history.com/?repos=calesthio%2FCrucix&type=date&legend=top-left">
  <picture>
    <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/image?repos=calesthio/Crucix&type=date&theme=dark&legend=top-left" />
    <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/image?repos=calesthio/Crucix&type=date&legend=top-left" />
    <img alt="Star History Chart" src="https://api.star-history.com/image?repos=calesthio/Crucix&type=date&legend=top-left" />
  </picture>
 </a>
 ---
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,13 +2,13 @@
 ## Reporting a Vulnerability
-If you discover a security issue in Crucix, please report it privately instead of opening a public GitHub issue.
+If you discover a security issue in Intelligence Terminal, please report it privately instead of opening a public issue.
-Email: `celesthioailabs@gmail.com`
+Use the private security contact configured for this Gitea repository or contact the repository owner directly.
 Use a subject line like:
-`[Crucix Security] short description`
+`[Intelligence Terminal Security] short description`
 Please include:
--- a/apis/sources/acled.mjs
+++ b/apis/sources/acled.mjs
@@ -15,31 +15,6 @@ const API_BASE  = 'https://acleddata.com/api/acled/read';
 // Session cache
 let sessionCache = { cookies: null, token: null, method: null, expires: 0 };
 function acledCredentials() {
  return {
    email: process.env.ACLED_EMAIL || process.env.ACLED_USER || process.env.ACLED_USERNAME,
    password: process.env.ACLED_PASSWORD,
  };
 }
 function sanitizeAuthHeaders(headers) {
  const safe = { ...headers };
  if (safe.Authorization) safe.Authorization = 'Bearer [redacted]';
  if (safe.Cookie) safe.Cookie = '[redacted]';
  return safe;
 }
 function classifyAuthFailure(status, body = '') {
  if (status === 401 || status === 403) return 'auth_denied';
  if (status >= 500) return 'auth_endpoint_failed';
  if (/invalid|denied|unauthorized|forbidden/i.test(body)) return 'auth_denied';
  return 'auth_endpoint_failed';
 }
 export function resetAcledSessionForTests() {
  sessionCache = { cookies: null, token: null, method: null, expires: 0 };
 }
 // Strategy 1: Cookie-based session login (mirrors browser login)
 async function loginCookie(email, password) {
  const controller = new AbortController();
@@ -68,14 +43,11 @@ async function loginCookie(email, password) {
    }
    const errText = await res.text().catch(() => '');
-    return {
+    return { error: `Cookie login failed (HTTP ${res.status}): ${errText.slice(0, 200)}` };
      error: `Cookie login failed (HTTP ${res.status}): ${errText.slice(0, 200)}`,
      code: classifyAuthFailure(res.status, errText),
    };
  } catch (e) {
    clearTimeout(timer);
    const cause = e.cause ? ` → ${e.cause.message || e.cause.code || e.cause}` : '';
-    return { error: `Cookie login error: ${e.message}${cause}`, code: 'auth_endpoint_failed' };
+    return { error: `Cookie login error: ${e.message}${cause}` };
  }
 }
@@ -101,30 +73,28 @@ async function loginOAuth(email, password) {
    if (!res.ok) {
      const errText = await res.text().catch(() => '');
-      return {
+      return { error: `OAuth failed (HTTP ${res.status}): ${errText.slice(0, 200)}` };
        error: `OAuth failed (HTTP ${res.status}): ${errText.slice(0, 200)}`,
        code: classifyAuthFailure(res.status, errText),
      };
    }
    const data = await res.json();
    if (!data.access_token) {
-      return { error: `OAuth response missing access_token: ${JSON.stringify(data).slice(0, 200)}`, code: 'auth_endpoint_failed' };
+      return { error: `OAuth response missing access_token: ${JSON.stringify(data).slice(0, 200)}` };
    }
    return { token: data.access_token };
  } catch (e) {
    clearTimeout(timer);
    const cause = e.cause ? ` → ${e.cause.message || e.cause.code || e.cause}` : '';
-    return { error: `OAuth error: ${e.message}${cause}`, code: 'auth_endpoint_failed' };
+    return { error: `OAuth error: ${e.message}${cause}` };
  }
 }
 // Try both auth strategies
 async function authenticate() {
-  const { email, password } = acledCredentials();
+  const email    = process.env.ACLED_EMAIL;
  const password = process.env.ACLED_PASSWORD;
  if (!email || !password) {
-    return { error: 'No ACLED credentials. Set ACLED_EMAIL or ACLED_USER and ACLED_PASSWORD in .env.', code: 'no_credentials' };
+    return { error: 'No ACLED credentials. Set ACLED_EMAIL and ACLED_PASSWORD in .env.' };
  }
  // Return cached session if still valid
@@ -138,7 +108,7 @@ async function authenticate() {
  // Try OAuth first (official programmatic method per ACLED docs)
  const oauthResult = await loginOAuth(email, password);
  if (oauthResult.token) {
-    if (debug) console.error('[ACLED DEBUG] OAuth OK');
+    if (debug) console.error(`[ACLED DEBUG] OAuth OK — token: ${oauthResult.token.slice(0, 20)}...`);
    sessionCache = { cookies: null, token: oauthResult.token, method: 'oauth', expires: Date.now() + 23 * 60 * 60 * 1000 };
    return sessionCache;
  }
@@ -148,14 +118,13 @@ async function authenticate() {
  // Fall back to cookie-based session
  const cookieResult = await loginCookie(email, password);
  if (cookieResult.cookies) {
-    if (debug) console.error('[ACLED DEBUG] Cookie OK');
+    if (debug) console.error(`[ACLED DEBUG] Cookie OK — cookies: ${cookieResult.cookies.slice(0, 80)}...`);
    sessionCache = { cookies: cookieResult.cookies, token: null, method: 'cookie', expires: Date.now() + 12 * 60 * 60 * 1000 };
    return sessionCache;
  }
  errors.push(`Cookie: ${cookieResult.error}`);
-  const code = [oauthResult.code, cookieResult.code].includes('auth_denied') ? 'auth_denied' : 'auth_endpoint_failed';
+  return { error: `All ACLED auth methods failed.\n${errors.join('\n')}` };
  return { error: `All ACLED auth methods failed.\n${errors.join('\n')}`, code };
 }
 // Build headers based on auth method
@@ -191,7 +160,7 @@ export async function getEvents(opts = {}) {
  } = opts;
  const session = await authenticate();
-  if (session.error) return { error: session.error, code: session.code || 'auth_failed' };
+  if (session.error) return { error: session.error };
  const params = new URLSearchParams({ _format: 'json', limit: String(limit) });
  if (eventDateStart && eventDateEnd) {
@@ -208,7 +177,7 @@ export async function getEvents(opts = {}) {
    const hdrs = authHeaders(session);
    if (debug) {
      console.error(`[ACLED DEBUG] Data request: GET ${url}`);
-      console.error(`[ACLED DEBUG] Headers: ${JSON.stringify(sanitizeAuthHeaders(hdrs))}`);
+      console.error(`[ACLED DEBUG] Headers: ${JSON.stringify(hdrs)}`);
    }
    const controller = new AbortController();
    const timer = setTimeout(() => controller.abort(), 25000);
@@ -232,28 +201,25 @@ export async function getEvents(opts = {}) {
            + '  3. Ensure your account has the "API" access group\n'
            + '  Contact access@acleddata.com if issues persist.'
          : '';
-        return {
+        return { error: `ACLED data access denied (HTTP ${res.status}, auth method: ${session.method}). Response: ${errText.slice(0, 300)}${hint}` };
          error: `ACLED data access denied (HTTP ${res.status}, auth method: ${session.method}). Response: ${errText.slice(0, 300)}${hint}`,
          code: 'auth_denied',
        };
      }
-      return { error: `HTTP ${res.status}: ${errText.slice(0, 200)}`, code: 'api_failed' };
+      return { error: `HTTP ${res.status}: ${errText.slice(0, 200)}` };
    }
    const data = await res.json();
    // ACLED may return a 200 with an error status in the body
    if (data?.status && data.status !== 200) {
-      return { error: `ACLED API error: status ${data.status} - ${data.message || 'Unknown error'}`, code: 'api_failed' };
+      return { error: `ACLED API error: status ${data.status} — ${data.message || 'Unknown error'}` };
    }
    return data;
  } catch (e) {
    if (e.name === 'AbortError') {
-      return { error: 'ACLED data request timed out (25s)', code: 'api_failed' };
+      return { error: 'ACLED data request timed out (25s)' };
    }
    const rootCause = e.cause ? `${e.cause.message || e.cause.code || e.cause}` : '';
-    return { error: `ACLED data error: ${e.message}${rootCause ? ' - ' + rootCause : ''}`, code: 'api_failed' };
+    return { error: `ACLED data error: ${e.message}${rootCause ? ' → ' + rootCause : ''}` };
  }
 }
@@ -271,13 +237,12 @@ function groupBy(events, field) {
 // Briefing — last 7 days of global conflict events
 export async function briefing() {
-  const { email, password } = acledCredentials();
+  if (!process.env.ACLED_EMAIL || !process.env.ACLED_PASSWORD) {
  if (!email || !password) {
    return {
      source: 'ACLED',
      timestamp: new Date().toISOString(),
      status: 'no_credentials',
-      message: 'Set ACLED_EMAIL or ACLED_USER and ACLED_PASSWORD in .env. Register at https://acleddata.com/user/register',
+      message: 'Set ACLED_EMAIL and ACLED_PASSWORD in .env. Register at https://acleddata.com/user/register',
    };
  }
@@ -291,8 +256,7 @@ export async function briefing() {
  });
  if (data?.error) {
-    const status = data.code === 'auth_denied' ? 'auth_failed' : 'api_failed';
+    return { source: 'ACLED', timestamp: new Date().toISOString(), error: data.error };
    return { source: 'ACLED', timestamp: new Date().toISOString(), status, error: data.error };
  }
  let events = data?.data || [];
@@ -336,7 +300,6 @@ export async function briefing() {
  return {
    source: 'ACLED',
    timestamp: new Date().toISOString(),
    status: 'live',
    period: { start, end },
    totalEvents: events.length,
    totalFatalities,
@@ -344,7 +307,6 @@ export async function briefing() {
    byType,
    topCountries,
    deadliestEvents,
    message: events.length === 0 ? 'ACLED returned a valid empty event set for the requested period.' : undefined,
  };
 }
--- a/docs/sources/acled.md
+++ b/docs/sources/acled.md
@@ -2,9 +2,8 @@
 Provides conflict events, fatalities, event types, and locations.
- Auth: `ACLED_EMAIL` or `ACLED_USER`, plus `ACLED_PASSWORD`.
+- Auth: `ACLED_EMAIL` and `ACLED_PASSWORD`.
 - Flow: OAuth password grant is tried first, then cookie session fallback.
- Failure modes: missing credentials (`no_credentials`), rejected credentials or access denied (`auth_failed`), token/API endpoint failure (`api_failed`), and valid empty event sets (`totalEvents: 0`).
+- Failure modes: missing credentials, terms/profile not completed, expired token, account missing API access.
 - Behavior: missing or rejected credentials produce degraded source health with the ACLED error text.
 - Debug logs redact bearer tokens and cookies.
 - Test: set credentials, run `node apis/sources/acled.mjs`, then check `/api/health`.
--- a/test/fetch-utils.test.mjs
+++ b/test/fetch-utils.test.mjs
@@ -34,129 +34,3 @@ test('safeFetchText returns text and byte count', async () => {
    globalThis.fetch = originalFetch;
  }
 });
 function jsonResponse(payload, ok = true, status = 200) {
  return {
    ok,
    status,
    headers: { getSetCookie: () => [], get: () => 'application/json' },
    text: async () => JSON.stringify(payload),
    json: async () => payload,
  };
 }
 function textResponse(text, ok = false, status = 500) {
  return {
    ok,
    status,
    headers: { getSetCookie: () => [], get: () => 'text/plain' },
    text: async () => text,
    json: async () => JSON.parse(text),
  };
 }
 async function withAcledEnv(mockFetch, fn) {
  const originalFetch = globalThis.fetch;
  const saved = {
    ACLED_EMAIL: process.env.ACLED_EMAIL,
    ACLED_USER: process.env.ACLED_USER,
    ACLED_USERNAME: process.env.ACLED_USERNAME,
    ACLED_PASSWORD: process.env.ACLED_PASSWORD,
  };
  globalThis.fetch = mockFetch;
  delete process.env.ACLED_EMAIL;
  delete process.env.ACLED_USER;
  delete process.env.ACLED_USERNAME;
  delete process.env.ACLED_PASSWORD;
  const acled = await import('../apis/sources/acled.mjs');
  acled.resetAcledSessionForTests();
  try {
    return await fn(acled);
  } finally {
    globalThis.fetch = originalFetch;
    for (const [key, value] of Object.entries(saved)) {
      if (value === undefined) delete process.env[key];
      else process.env[key] = value;
    }
    acled.resetAcledSessionForTests();
  }
 }
 test('ACLED credentialed OAuth success returns live events and supports ACLED_USER', async () => {
  const responses = [
    jsonResponse({ access_token: 'secret-token' }),
    jsonResponse({
      status: 200,
      data: [{
        event_date: '2026-05-17',
        event_type: 'Protests',
        sub_event_type: 'Peaceful protest',
        country: 'Example',
        region: 'Example Region',
        location: 'Example City',
        fatalities: '0',
        latitude: '1.23',
        longitude: '4.56',
      }],
    }),
  ];
  await withAcledEnv(async () => responses.shift(), async ({ briefing }) => {
    process.env.ACLED_USER = 'operator@example.test';
    process.env.ACLED_PASSWORD = 'password';
    const data = await briefing();
    assert.equal(data.status, 'live');
    assert.equal(data.totalEvents, 1);
    assert.equal(data.topCountries.Example.count, 1);
  });
 });
 test('ACLED rejected credentials return auth_failed diagnostics', async () => {
  const responses = [
    textResponse('invalid credentials', false, 401),
    textResponse('forbidden', false, 403),
  ];
  await withAcledEnv(async () => responses.shift(), async ({ briefing }) => {
    process.env.ACLED_EMAIL = 'operator@example.test';
    process.env.ACLED_PASSWORD = 'wrong-password';
    const data = await briefing();
    assert.equal(data.status, 'auth_failed');
    assert.match(data.error, /All ACLED auth methods failed/);
  });
 });
 test('ACLED token endpoint failure returns api_failed diagnostics', async () => {
  const responses = [
    textResponse('temporary outage', false, 503),
    textResponse('temporary outage', false, 503),
  ];
  await withAcledEnv(async () => responses.shift(), async ({ briefing }) => {
    process.env.ACLED_EMAIL = 'operator@example.test';
    process.env.ACLED_PASSWORD = 'password';
    const data = await briefing();
    assert.equal(data.status, 'api_failed');
    assert.match(data.error, /All ACLED auth methods failed/);
  });
 });
 test('ACLED valid empty response is live with zero events', async () => {
  const responses = [
    jsonResponse({ access_token: 'secret-token' }),
    jsonResponse({ status: 200, data: [] }),
  ];
  await withAcledEnv(async () => responses.shift(), async ({ briefing }) => {
    process.env.ACLED_EMAIL = 'operator@example.test';
    process.env.ACLED_PASSWORD = 'password';
    const data = await briefing();
    assert.equal(data.status, 'live');
    assert.equal(data.totalEvents, 0);
    assert.match(data.message, /valid empty/);
  });
 });