Waltham-Data-Science · audriB · May 12, 2026 · May 12, 2026 · May 12, 2026 · May 12, 2026
diff --git a/.gitignore b/.gitignore
@@ -64,6 +64,12 @@ test-results/
 /[0-9][0-9]-*.jpg
 /[0-9][0-9]-*.yml
 
+# Audit subdirectory at repo root — agents bucket their per-session
+# screenshots under `audit/<YYYY-MM-DD-topic>/` so the root-level
+# `/audit-*.png` patterns above don't catch them. Anchor the dir
+# itself so the whole tree is ignored.
+/audit/
+
 # macOS Finder duplicate files + directories (caught by hygiene CI; should
 # never reach repo). Cover both extension-bearing files (`Foo 2.tsx`) and
 # extension-less files (`pre-push 2`, `.npmrc 2`) and dup-named dirs
@@ -81,3 +87,8 @@ test-results/
 " 2".*
 " 3".*
 .vercel
+
+# Local Playwright snapshot artifacts (never commit)
+workspace-snapshot.md
+.playwright-mcp/
+.env*.local
diff --git a/.gitleaksignore b/.gitleaksignore
@@ -0,0 +1,26 @@
+# gitleaks per-commit allowlist
+# https://github.com/gitleaks/gitleaks#gitleaksignore
+#
+# All entries below are findings in HISTORICAL commits that are no
+# longer reachable from any branch HEAD after the 2026-05-15 BFG
+# history scrub (see SECURITY-INCIDENT-2026-05-14.md for the
+# incident write-up). They remain reachable only via the
+# `gitleaks-pre-scrub-2026-05-15-rollback` tag, which is the
+# emergency-rollback safety belt and will be deleted ~7 days after
+# the scrub once production has burned in cleanly.
+#
+# The findings are test stubs — fake keys shaped like the Voyage AI
+# `pa-` prefix but with literal fixture values like
+# `pa-test-key-1234567890`. Inline `// gitleaks:allow` annotations
+# have been added to the live versions of those test files, so the
+# fingerprints below stop being findings once the rollback tag is
+# deleted.
+
+# voyage-client.test.ts (line 18 of commit 080b66b0) — test stub
+080b66b0262dd6ef68775547873747bf3653b913:apps/web/tests/unit/ai/voyage-client.test.ts:generic-api-key:18
+
+# semantic-search-tool.test.ts (line 40 of commit 080b66b0) — test stub
+080b66b0262dd6ef68775547873747bf3653b913:apps/web/tests/unit/ai/semantic-search-tool.test.ts:generic-api-key:40
+
+# semantic-search-tool.test.ts (line 96 of commit ae20dd72) — test stub
+ae20dd7245310a1a4694db9f2657a70e4f2b1353:apps/web/tests/unit/ai/semantic-search-tool.test.ts:generic-api-key:96
diff --git a/CLAUDE.md b/CLAUDE.md
diff --git a/apps/web/.env.example b/apps/web/.env.example
@@ -3,15 +3,83 @@
 #
 # Phase 4 wires UPSTREAM_API_URL into next.config.ts rewrites.
 # Phase 3a wires INTERNAL_API_URL into RSC server-side prefetches.
-# Phase 5 wires EDGE_CONFIG into lib/flags.ts.
+# The /ask experimental chat reads ANTHROPIC_API_KEY, VOYAGE_API_KEY,
+# DATABASE_URL, and NEXT_PUBLIC_ASK_ENABLED.
+# The cron warm-cache route reads CRON_SECRET.
 
-# FastAPI proxy base (Railway) — required for /api/* rewrite (Phase 4)
+# ──────────────────────────────────────────────────────────────────
+# Backend (FastAPI proxy on Railway) — required for /api/* rewrite
+# ──────────────────────────────────────────────────────────────────
+
+# Public/edge rewrite target — Vercel proxies `/api/*` here.
 UPSTREAM_API_URL=https://ndb-v2-production.up.railway.app
 
 # Same as UPSTREAM_API_URL in production. Used by RSC server-side fetches
 # to bypass the Vercel rewrite layer (avoids double-hop). Phase 3a.
 INTERNAL_API_URL=https://ndb-v2-production.up.railway.app
 
-# Vercel Edge Config connection string (Phase 5).
-# Get from Vercel dashboard → Edge Config → Connection String.
-# EDGE_CONFIG=https://edge-config.vercel.com/...
+# ──────────────────────────────────────────────────────────────────
+# Cron — /api/cron/warm-cache shared secret
+# ──────────────────────────────────────────────────────────────────
+
+# Bearer secret that external cron callers must echo as
+# `Authorization: Bearer ${CRON_SECRET}`. Vercel's own cron (set in
+# vercel.json) sets `x-vercel-cron: 1` and bypasses this — so the
+# variable can be unset for Vercel-managed cron only.
+# CRON_SECRET=<random 32+ char hex>
+
+# ──────────────────────────────────────────────────────────────────
+# /ask experimental chat (anonymous-public on feat/experimental-ask-chat)
+# ──────────────────────────────────────────────────────────────────
+
+# Anthropic API key (Sonnet 4.x). When unset OR empty, /api/ask returns
+# 503 and /ask renders a "coming soon" notice. Min length 20 chars.
+# ANTHROPIC_API_KEY=sk-ant-api03-...
+
+# Public flag toggling the "Ask" link in the marketing header. Set
+# to '1' to surface the tab; '0' or unset hides it. Decoupled from
+# ANTHROPIC_API_KEY so the key can be deployed without the tab
+# visible to general visitors.
+# NEXT_PUBLIC_ASK_ENABLED=0
+
+# Voyage AI key for query-time embedding + reranking (voyage-4-large +
+# voyage rerank-2.5). Same key shape as vh-lab + shrek-lab chatbots.
+# When unset, semantic_search_datasets returns an error and Claude
+# falls back to structured catalog tools. Min length 10 chars.
+# VOYAGE_API_KEY=pa-...
+
+# Postgres + pgvector connection string for the /ask RAG store.
+# Each chatbot owns its own Railway-hosted pgvector instance.
+# Required at runtime when semantic_search_datasets is exercised, and
+# at build time when running `pnpm build-ask-index`.
+# DATABASE_URL=postgresql://user:pass@host:port/dbname?sslmode=require
+
+# ──────────────────────────────────────────────────────────────────
+# GitHub Template workflow (ADR-010)
+# ──────────────────────────────────────────────────────────────────
+# Powers the "Open in GitHub" + "Download as ZIP" buttons on every
+# workspace panel + chat tool message. The buttons let users derive
+# their own private repo from `Waltham-Data-Science/ndi-analysis-template`
+# pre-populated with `current_analysis.py` matching the panel they
+# were inspecting. See apps/web/docs/architecture/decisions/010-...
+#
+# GITHUB_CLIENT_ID + GITHUB_CLIENT_SECRET come from a GitHub OAuth App
+# (Settings → Developer settings → OAuth Apps). Authorization callback
+# URL must include `/api/github/oauth/callback` on every deploy. When
+# either is unset, the "Open in GitHub" button renders disabled with
+# a tooltip; the "Download as ZIP" button still works if GITHUB_APP_TOKEN
+# is set. Min length 10 chars (GitHub IDs are ~20 chars).
+# GITHUB_CLIENT_ID=Iv1.deadbeefdeadbeef
+# GITHUB_CLIENT_SECRET=<github-oauth-app-secret>
+
+# Server-side PAT used to read the PRIVATE template repo for the
+# "Download as ZIP" flow (no user OAuth). Scopes: `repo` (read).
+# When unset, the /api/github/download-analysis-zip route returns
+# 503 with a typed envelope. Min length 20 chars.
+# GITHUB_APP_TOKEN=ghp_<token>
+
+# Public flag that the OpenInGitHubButton reads to decide whether to
+# render enabled or disabled. Mirrors GITHUB_CLIENT_ID presence on the
+# server. Decoupled so staging can set the secrets server-side while
+# still hiding the button from end users. Set to '1' to enable.
+# NEXT_PUBLIC_GITHUB_INTEGRATION_ENABLED=0
diff --git a/apps/web/.gitignore b/apps/web/.gitignore
@@ -0,0 +1 @@
+.vercel
diff --git a/apps/web/COMPLIANCE.md b/apps/web/COMPLIANCE.md
@@ -1,4 +1,18 @@
-# Compliance posture — `ndi-cloud-app` (2026-04-26)
+# Compliance posture — `ndi-cloud-app` (internal, 2026-04-26)
+
+> **2026-05-15 update — this document is now SUPPLEMENTARY.**
+> The authoritative externally-distributable compliance posture is
+> **`apps/web/docs/compliance/posture.md`** (Stream 2.6 deliverable).
+> The control-by-control mapping of how each §164.312 requirement is
+> realized in code lives in
+> **`apps/web/docs/operations/hipaa-technical-safeguards.md`**
+> (Stream 2.1 deliverable).
+>
+> This file is preserved for the data-residency / encryption / audit-trail
+> reference tables which the externalized doc summarizes but does not
+> reproduce in full. Internal contributors should use this file; external
+> reviewers (IRB, CISO, prospective enterprise partners) should be sent
+> the doc under `docs/compliance/`.
 
 This document records the data-handling, encryption, access-control,
 audit-trail, and regulatory-fit posture of the unified
@@ -254,8 +268,15 @@ scratch.
   audit, O5 origin enforcement, O6 IDOR investigation.
   (`Waltham-Data-Science/ndi-data-browser-v2/docs/plans/cross-repo-unification-2026-04-24.md`)
 
-## 8. Update history
+## 8. External services
+
+| Service | Purpose | Data shared | Direction |
+|---|---|---|---|
+| **GitHub (OAuth + REST)** | "Open in GitHub" + "Download as ZIP" — ADR-010 | The user's own OAuth token (HttpOnly cookie, encrypted at rest with `GITHUB_TOKEN_ENCRYPTION_KEY`); the panel args + datasetName when the user clicks. No PHI; the dataset args are pointer references the user just saw in the workspace. | Outbound only; GitHub never reads cloud-app data. |
+
+## 9. Update history
 
 | Date | Change | Reason |
 |---|---|---|
 | 2026-04-26 | First draft. | Phase 6.7 Sequence 5 audit follow-up A10. |
+| 2026-05-19 | Added §8 External services for GitHub OAuth + PAT. | ADR-010 — GitHub Template workflow. |