README.md

April 28, 2026 ยท View on GitHub

Hack23 Logo

๐Ÿ•ต๏ธ Citizen Intelligence Agency

Swedish Political Intelligence Platform โ€” democratic transparency, evidence-based analysis, and OSINT-powered accountability for the Riksdag, the Government, and Swedish public agencies.
๐Ÿ•ต๏ธ Political intelligence ยท ๐Ÿ” Radical transparency ยท ๐Ÿ“Š 50+ years of evidence ยท ๐Ÿ›ก๏ธ ISMS-aligned ยท โš–๏ธ Independent & non-partisan

Maven Site Features DeepWiki Releases

Owner Classification Java Source Java Runtime Review Cycle

OpenSSF Scorecard CII Best Practices SLSA 3 FOSSA Status License GitHub Release Ask DeepWiki CLA assistant

CodeQL Verify & Release OpenSSF Scorecard Action Dependency Review ZAP Scan Site Generation Javadoc Validate JSON Schemas Validate View Documentation

Quality Gate Status Code Coverage Security Rating Reliability Rating Maintainability Rating Vulnerabilities Lines of Code Technical Debt

ISMS ISO 27001 NIST CSF CIS Controls GDPR EU CRA Threat Model Security Architecture


๐ŸŽฏ Mission

Strengthen Swedish democracy through systematic transparency.

The Citizen Intelligence Agency (CIA) is an independent, volunteer-driven, open-source-intelligence (OSINT) platform that puts rigorous, evidence-based political intelligence in the hands of every citizen, journalist, researcher, and policymaker. It monitors Sweden's Riksdag (Parliament), the Government (Regeringskansliet), and public agencies (Myndigheter) โ€” applying structured intelligence techniques (ACH, SWOT, MITRE ATT&CK, STRIDE, political-risk scoring) to the full open-data corpus going back to 1971.

We deliver:

  • ๐Ÿ“Š Financial performance metrics for politicians and government bodies
  • โš ๏ธ Risk assessment analytics โ€” 50 behavioral detection rules across politicians, parties, committees, ministries and decisions
  • ๐Ÿ“ˆ Political trend analysis โ€” temporal, comparative, pattern-recognition, predictive, network and decision intelligence frameworks
  • ๐Ÿ† Politician scoreboards & rankings with multi-decade longitudinal coverage
  • ๐Ÿ“‰ Performance comparisons โ€” party effectiveness, committee productivity, ministry oversight
  • ๐Ÿ” Transparency insights โ€” every metric traces back to a primary parliamentary source

The platform is strictly independent, non-partisan, and Apache 2.0 licensed, operated under the public Hack23 ISMS with full ISO 27001:2022 / NIST CSF 2.0 / CIS Controls v8.1 alignment. It does not collect end-user PII, does not run ads, and does not push narratives.


๐ŸŒ Hack23 Civic Tech Ecosystem

CIA is the canonical data backbone for Hack23's growing portfolio of democratic-transparency platforms. Each repository is independently auditable, ISMS-aligned, and cross-linked through open data products and the public ISMS.

ProjectRoleStackStatus
๐Ÿ•ต๏ธ Citizen Intelligence Agency (this repo)Sweden โ€” full data backbone, 110 DB views, 50 risk rules, JSON export specificationsJava 26 / Spring / Vaadin / PostgreSQL 18Scorecard
๐Ÿ—ณ๏ธ Riksdagsmonitor ยท riksdagsmonitor.comSweden โ€” public news & dashboards, AI agentic newsroom (14 languages), consumes CIA exports nightlyTypeScript / Vite / Chart.js / D3 / GitHub Actions Agentic WorkflowsScorecard
๐Ÿ›๏ธ EU Parliament Monitor ยท euparliamentmonitor.comEuropean Parliament โ€” political intelligence, AI newsroom (14 languages)TypeScript / Vite / GitHub Actions Agentic WorkflowsScorecard
๐Ÿค– European Parliament MCP ServerEP Open Data MCP server โ€” 60+ tools, OSINT analytics for AI agentsTypeScript / Model Context ProtocolScorecard
๐Ÿ›ก๏ธ Hack23 ISMS-PUBLICThe apex Information Security Management System โ€” 32+ public policies governing all repositoriesMarkdown / Mermaid / GitHub-nativeโ€”
๐ŸŒ Hack23 Homepage ยท hack23.comCorporate site, blog, agent biographies, feature showcaseTypeScript / Staticโ€”

Data flow: CIA โ†’ JSON export specs (json-export-specs/) โ†’ Riksdagsmonitor consumes via update-cia-csv-data.yml โ†’ AI newsroom publishes daily articles in 14 languages, every claim traceable to a dok_id in the CIA corpus.


โœจ Features at a Glance

Explore the comprehensive feature showcase on hack23.com:

  • ๐Ÿ“Š Interactive political dashboards (๐Ÿ‡ฌ๐Ÿ‡ง English ยท ๐Ÿ‡ธ๐Ÿ‡ช Svenska)
  • ๐Ÿ† Politician scoreboards and ranking systems
  • ๐Ÿ“ˆ 50 risk rules ยท 110 database views ยท 6 analytical frameworks
  • ๐Ÿ” Transparency metrics across 49 Maven modules (1,300+ Java files)
  • โš–๏ธ Accountability measures spanning Riksdag, Government, agencies
  • ๐Ÿ“ฑ Data-driven insights backed by official Swedish open data
  • ๐Ÿ•ต๏ธ Full OSINT pipeline โ€” Riksdagen API, Valmyndigheten, World Bank, ESV
  • ๐Ÿ” Defense-in-depth security, OpenSSF Scorecard 7.2/10, zero critical CVEs for 5+ years

For the conceptual model, see ARCHITECTURE.md and MINDMAP.md.


๐Ÿ“Š Intelligence Metrics (v1.36.0)

CategoryCountDescription
๐Ÿง  Analysis Frameworks6Temporal ยท Comparative ยท Pattern Recognition ยท Predictive ยท Network ยท Decision Intelligence
โš ๏ธ Risk Rules5024 politician ยท 10 party ยท 4 committee ยท 4 ministry ยท 5 decision ยท 3 other
๐Ÿ—„๏ธ Database Views11077 regular + 33 materialized โ€” see DATABASE_VIEW_INTELLIGENCE_CATALOG.md
๐ŸŒ OSINT Data Sources4Riksdagen ยท Valmyndigheten ยท World Bank ยท ESV
๐Ÿ“ฐ Intelligence Products10+Scorecards ยท Coalition analysis ยท Risk assessments ยท Trend reports ยท Decision tracking
๐Ÿงฉ Maven Modules49+Multi-module, layered architecture
๐Ÿค– Custom Copilot Agents6task-agent ยท stack-specialist ยท ui-enhancement-specialist ยท intelligence-operative ยท business-development-specialist ยท marketing-specialist
๐Ÿง  Copilot Skills80+Security ยท Compliance ยท Testing ยท Architecture ยท Intelligence ยท UI/UX ยท Cloud (see .github/skills/)

Coverage policy: per the Hack23 Secure Development Policy, we maintain โ‰ฅ 80 % line coverage and โ‰ฅ 70 % branch coverage across all modules. Live JaCoCo: hack23.github.io/cia/jacoco/.


๐Ÿ“š Authoritative Data Sources

CIA's analyses are powered exclusively by authoritative Swedish government and international open data:

SourceScopeModule
๐Ÿ›๏ธ Swedish Parliament Open DataMembers, committees, motions, propositions, votes, documentsservice.external.riksdagen
๐Ÿ—ณ๏ธ Swedish Election Authority โ€” ValmyndighetenElection results, voter turnout, electoral statisticsservice.external.val
๐ŸŒ World Bank Open DataGlobal economic, governance and demographic indicatorsservice.external.worldbank
๐Ÿ’น Ekonomistyrningsverket โ€” ESVGovernment finances, budget execution, agency spendingservice.external.esv

All data is processed under GDPR Art. 6(1)(e) (public interest) and Art. 9(2)(e)/(g) (manifestly made public / substantial public interest) for the political opinions of public officials. No end-user PII is collected.


๐Ÿ—๏ธ Architecture & Documentation Map

Full system architecture (C4 Context / Container / Component / Dynamic views) lives in ARCHITECTURE.md (v1.1, 2026-04-20).

Current state

DocumentFocusDescription
๐Ÿ›๏ธ ArchitectureC4 modelCurrent system structure
๐Ÿ“Š Data ModelDataDatabase schema, entity relationships
๐Ÿ”„ FlowchartsProcessData processing workflows
๐Ÿ”„ State DiagramsBehaviorSystem state transitions
๐Ÿ—บ๏ธ MindmapsConceptComponent relationships
๐Ÿ’ผ SWOT AnalysisBusinessStrategic assessment
๐Ÿ›ก๏ธ Security ArchitectureSecurityDefense-in-depth implementation
๐ŸŽฏ Threat ModelSecuritySTRIDE / MITRE ATT&CK analysis
๐Ÿ›ก๏ธ CRA AssessmentComplianceEU Cyber Resilience Act conformity
๐Ÿ” ISMS Compliance MappingISMS32 ISMS policies โ†’ CIA controls
๐Ÿ’ฐ Financial Security PlanCostAWS security cost & ROI
๐Ÿ“‹ Business Continuity PlanResilienceRTO / RPO targets
๐Ÿ’ผ Business Product DocumentBusinessData-product strategy
โš™๏ธ CI/CD WorkflowsDevOpsAutomation processes
๐Ÿงช Unit Test PlanTestingStrategy & coverage
๐ŸŒ E2E Test PlanTestingEnd-to-end testing
๐Ÿ“… End-of-Life StrategyLifecycleMaintenance and EOL planning
๐Ÿ“ Documentation Naming ConventionStandardsNaming standards

Future state (2026 โ†’ 2037)

DocumentFocus
๐Ÿš€ Future ArchitectureFuture C4 model
๐Ÿ“Š Future Data ModelEnhanced data architecture
๐Ÿ”„ Future FlowchartsAI-driven workflows
๐Ÿ”„ Future State DiagramsAdaptive transitions
๐Ÿ—บ๏ธ Future MindmapsCapability evolution
๐Ÿ’ผ Future SWOTStrategic opportunities
๐Ÿ›ก๏ธ Future Security ArchitecturePQC / AI-augmented controls
๐ŸŽฏ Future Threat ModelAI / PQC threat landscape
โš™๏ธ Future WorkflowsML-enhanced CI/CD

๐Ÿ” Intelligence & Analytics Documentation

CIA's intelligence operations (INTOP) and OSINT capabilities are documented and version-controlled. Every framework, rule, and view has a public source of truth.

Intelligence changelog

DocumentFocusDescription
๐Ÿ“œ Intelligence Evolution ChangelogUnifiedComprehensive tracking of intelligence capabilities, views, risk rules, frameworks

Core intelligence documentation

DocumentFocusHighlights
๐ŸŽฏ Data Analysis โ€” INTOP / OSINTFrameworks6 frameworks (Temporal, Comparative, Pattern, Predictive, Network, Decision)
๐Ÿ”ด Risk Rules โ€” INTOP / OSINTRules50 behavioral detection rules across 6 categories
๐Ÿ—„๏ธ Database View Intelligence CatalogViews110 views (77 regular + 33 materialized)
๐Ÿ“Š Data Quality Monitoring DashboardQualityOSINT, DB-health, view-validation metrics
๐Ÿ—บ๏ธ Intelligence Data Flow MapPipelineFramework-to-view relationships
๐Ÿ—„๏ธ Liquibase Intelligence AnalysisSchemaDatabase schema evolution from intelligence perspective
โš™๏ธ Drools Risk RulesEngineDrools rules engine documentation

Intelligence automation

ToolPurposeLocation
Intelligence Changelog GeneratorAuto-detection of view / rule / framework changesgenerate-intelligence-changelog.sh
GitHub Actions WorkflowOn-demand changelog generationgenerate-intelligence-changelog.yml
# Generate intelligence changelog from recent changes
.github/scripts/generate-intelligence-changelog.sh

# Compare specific commits
.github/scripts/generate-intelligence-changelog.sh <prev_commit> <current_commit>

Documentation navigation by role

๐Ÿ“Š For Data Analysts

  1. Start: Data Analysis Frameworks
  2. Then: Database View Catalog
  3. Reference: Intelligence Data Flow Map

๐Ÿ—„๏ธ For Database Administrators

  1. Start: Schema Maintenance Guide
  2. Then: Data Quality Dashboard
  3. Reference: Database View Catalog
  4. Track: Intelligence Changelog

๐Ÿ•ต๏ธ For Intelligence Operatives

  1. Start: Intelligence Data Flow Map
  2. Then: Data Analysis Frameworks
  3. Deep dive: Risk Rules

๐Ÿ“ˆ For Product Managers

  1. Start: Business Product Document
  2. Then: Data Analysis Frameworks
  3. Explore: Database View Catalog

๐Ÿ” Security, Privacy & ISMS Compliance

Full controls in SECURITY_ARCHITECTURE.md ยท threat analysis in THREAT_MODEL.md ยท CRA conformity in CRA-ASSESSMENT.md ยท ISMS-PUBLIC โ‡„ CIA mapping in ISMS_COMPLIANCE_MAPPING.md (32 policies, 100+ controls).

Security through transparency

"Our commitment to transparency extends to our security practices โ€” demonstrating that true security comes from robust processes, continuous improvement, and a culture where security is integrated into every business decision."
โ€” James Pether Sรถrling, CISSP, CISM, CEO/Founder, Hack23 AB

๐Ÿ“‹ Public ISMS Repository

Complete Information Security Management System

ISMS Public Repository

๐Ÿ”’ Information Security Policy

The apex policy governing every Hack23 repository

Information Security Policy

Classification (per Hack23 Classification Framework)

DimensionLevelNote
๐Ÿ”’ Confidentiality๐ŸŸข PublicOpen civic-transparency platform; all source data intentionally disclosed
โœ… Integrity๐ŸŸ  HighAutomated validation, GPG-signed commits, SLSA 3 build provenance, Javers auditing
โฑ๏ธ Availability๐ŸŸก ModerateMulti-AZ AWS deployment with RDS Multi-AZ, ALB, automated patching
๐Ÿท๏ธ Privacy๐ŸŸ  Personal (public officials only)GDPR Art. 6(1)(e/f) ยท Art. 9(2)(e)/(g); no end-user PII, no accounts forced, no ads, no tracking
โฑ๏ธ RTO / RPO1โ€“4 h / 1โ€“4 hAutomated backups, multi-region disaster recovery
๐Ÿ’ฐ Business impact๐ŸŸข Negligible (financial) ยท ๐ŸŸ  High (reputational) ยท ๐ŸŸก Moderate (regulatory)Open-source, volunteer-driven

Compliance frameworks

  • โœ… ISO 27001:2022 โ€” Annex A controls implemented (see ISMS_COMPLIANCE_MAPPING.md)
  • โœ… NIST CSF 2.0 โ€” 6 functions aligned (Govern ยท Identify ยท Protect ยท Detect ยท Respond ยท Recover)
  • โœ… CIS Controls v8.1 โ€” implementation tracked
  • โœ… GDPR โ€” public-interest / legitimate-interest grounds for public-official data; political opinions under Art. 9(2)(e)/(g)
  • โœ… EU Cyber Resilience Act (CRA) โ€” self-assessment in CRA-ASSESSMENT.md
  • โœ… OpenSSF Best Practices โ€” Project #770
  • โœ… AWS Well-Architected โ€” Security pillar aligned

Defence-in-depth highlights

  • ๐Ÿ” Authentication & authorization โ€” Spring Security 5.8.16, MFA, role-based access control, login blocking, Passay password policies
  • ๐Ÿงฑ Network security โ€” AWS VPC with private subnets, NACLs, NAT Gateway, VPC Flow Logs, AWS WAF (OWASP rule set), VPC Endpoints
  • ๐Ÿ”’ Cryptography โ€” TLS 1.3 (HTTPS-only, HSTS), AES-256 encryption at rest (KMS-managed keys), Bouncy Castle 1.84
  • ๐Ÿ“œ Audit & integrity โ€” Javers data auditing, pgaudit, CloudTrail, immutable Git history, GPG-signed commits
  • ๐Ÿ•ต๏ธ Threat detection โ€” AWS GuardDuty, Security Hub, CloudWatch alarms, CodeQL, OWASP Dependency-Check, ZAP DAST scans
  • ๐Ÿ›ก๏ธ Supply chain security โ€” SHA-pinned actions, Dependabot, secret scanning, dependency review, SLSA 3 attestations, FOSSA license analysis
  • ๐Ÿค– AI governance โ€” agent operations governed by Hack23 AI Policy (OWASP LLM + EU AI Act alignment)

Public security evidence

EvidenceStatusLink
๐Ÿ” OpenSSF Scorecard7.2 / 10scorecard.dev
๐Ÿ›ก๏ธ CodeQL Scanningโœ… ActiveSecurity tab
๐Ÿšจ Dependabotโœ… ActiveVulnerability alerts
๐Ÿ” Secret Scanningโœ… ActiveGitHub Advanced Security
๐Ÿ“Š SonarCloud Securityโœ… ActiveSecurity hotspots
๐Ÿ›ก๏ธ SLSA ProvenanceLevel 3Attestations
๐Ÿ“‹ FOSSA License Complianceโœ… ActiveLicense report
๐Ÿ† CII Best Practicesโœ… PassingProject #770
๐Ÿ›ก๏ธ Zero critical CVEsโœ… 5+ yearsContinuously verified

๐Ÿš€ Runtime & Build Environment

JDK VersionStatusNotes
JDK-21Source Level (LTS)Maven maven.compiler.source / target = 21
JDK-25Compatible (LTS)Previous production runtime
JDK-26Current RuntimeActive production runtime

Development environment

ComponentVersionPurpose
Java JDK26 (Temurin)Runtime โ€” Adoptium
Java Source21Source compatibility โ€” Maven compiler
Maven3.9.15+Build automation โ€” Maven
Node.js24+Copilot MCP servers, Playwright testing
PostgreSQL18Database with pgaudit, pgcrypto, pg_stat_statements

For the canonical setup, see copilot-setup-steps.yml and End-of-Life-Strategy.md.

Quick start

# Build the project (skipping tests)
mvn clean install -DskipTests

# Build with tests
mvn clean install

# Run only unit tests (skip integration & XML adapter tests)
mvn test -Dtest='!**ITest*,!**/XmlDateTypeAdapterTest,!**/XmlTimeTypeAdapterTest,!**/XmlDateTimeTypeAdapterTest'

# Tests with JaCoCo coverage
mvn clean test jacoco:report

# OWASP dependency-check
mvn dependency-check:check

# Run the main module
cd citizen-intelligence-agency
mvn spring-boot:run

๐Ÿ’ก Database changes must follow service.data.impl/README-SCHEMA-MAINTENANCE.md. Never manually edit full_schema.sql โ€” always regenerate via pg_dump.


๐Ÿ”ง Technology Stack

CategoryTechnologies
Core FrameworkSpring Framework 5.x
SecuritySpring Security 5.8.16 ยท Bouncy Castle 1.84 ยท Passay 2.0.0
PersistenceHibernate ยท JPA / Jakarta ยท PostgreSQL 18 ยท Liquibase
TransactionsNarayana (XA / 2PC) integrated with Spring JpaTransactionManager
AuditingJavers โ€” change tracking & versioning
Rules EngineDrools โ€” 50 behavioral risk rules
MessagingActiveMQ Artemis ยท Spring JMS
Web / UIVaadin 8.14.4 ยท Vaadin Sass / Themes ยท Jetty 12.1.8 EE8
MonitoringJavaMelody ยท AWS SDK CloudWatch
TestingJUnit ยท Mockito ยท Spring Test ยท Selenium WebDriver ยท Playwright
UtilitiesApache Commons ยท Google Guava ยท SLF4J ยท Logback ยท Jackson
BuildApache Maven 3.9.15+ โ€” 49+ modules
CI / CDGitHub Actions ยท SonarCloud ยท CodeQL ยท OWASP ZAP ยท Dependabot ยท Step Security Harden-Runner

For the full stack and current versions, see techstack.yml and the per-module Maven sites at hack23.github.io/cia/.


โ˜๏ธ AWS Cloud Architecture

CIA's reference deployment is provisioned via CloudFormation (cia-dist-cloudformation/) and follows the AWS Well-Architected Security Pillar.

LayerServicePurpose
๐ŸŒ NetworkingVPC ยท NAT Gateway ยท NACLs ยท VPC Endpoints ยท WAF ยท VPC Flow LogsIsolated, segmented, web-attack-protected network
๐Ÿ” IAM & CryptoIAM ยท KMS ยท ACM ยท Secrets ManagerLeast privilege ยท key management ยท TLS ยท rotated secrets
๐ŸŒ DNS / SSLRoute 53 ยท ACMDomain & certificate management
โš™๏ธ ComputeEC2 ยท ALBStateless application tier
๐Ÿ’พ DataRDS PostgreSQL Multi-AZ ยท S3 (KMS-encrypted, lifecycle-policied)Persistence + artifact storage
๐Ÿ“Š ObservabilityCloudWatch ยท CloudTrail ยท ConfigMetrics ยท logs ยท audit ยท compliance drift
๐Ÿ›ก๏ธ Threat DetectionGuardDuty ยท Security HubML-based threat detection ยท centralized findings
๐Ÿ”„ OperationsSystems Manager ยท Resilience HubAutomated patching ยท DR posture

๐Ÿ“ CloudFormation diagram: Stack Diagram

For full security-control mapping, see SECURITY_ARCHITECTURE.md and FinancialSecurityPlan.md.


๐Ÿ“ฆ Deployment Options

1๏ธโƒฃ AWS CloudFormation

  1. Download the CloudFormation template
  2. Create a stack in the AWS CloudFormation console
  3. Upload the template, configure parameters, acknowledge IAM, launch
  4. Access the application via the URL in the stack outputs

2๏ธโƒฃ Debian / Ubuntu (24.04+)

# 1. Add PostgreSQL PGDG repository (required for PostgreSQL 18 on Ubuntu 24.04)
sudo install -d /usr/share/postgresql-common/pgdg
sudo curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc
echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" | sudo tee /etc/apt/sources.list.d/pgdg.list
sudo apt-get update

# 2. Install prerequisites
sudo apt-get install openjdk-21-jdk postgresql-18 postgresql-contrib-18 postgresql-18-pgaudit postgresql-18-pgvector

# 3. Configure PostgreSQL (see "PostgreSQL 18 Configuration Guide" below)

# 4. Install the CIA Debian package
wget https://github.com/Hack23/cia/releases/download/2025.1.2/cia-dist-deb-2025.1.2.all.deb
sudo dpkg -i cia-dist-deb-2025.1.2.all.deb

# 5. Access at https://localhost:28443/cia/

๐Ÿ˜ PostgreSQL 18 Configuration Guide

A reference configuration with SSL, prepared transactions, and the required extensions.

1. Enable prepared transactions and extensions

Edit /etc/postgresql/18/main/postgresql.conf:

max_prepared_transactions = 100
shared_preload_libraries = 'pg_stat_statements, pgaudit, pgcrypto'
pgaudit.log = ddl
pg_stat_statements.track = all
pg_stat_statements.max = 10000

2. IPv6 loopback access

Edit /etc/postgresql/18/main/pg_hba.conf:

host all all ::1/128 md5

3. SSL certificates

# Generate passphrase, key and self-signed certificate (10-year validity)
openssl rand -base64 48 > passphrase.txt
openssl genrsa -des3 -passout file:passphrase.txt -out server.pass.key 2048
openssl rsa -passin file:passphrase.txt -in server.pass.key -out server.key && rm server.pass.key
openssl req -new -key server.key -out server.csr \
    -subj "/C=UK/ST=Postgresqll/L=Docker/O=Hack23/OU=demo/CN=127.0.0.1"
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
rm passphrase.txt server.csr

4. Deploy SSL artefacts

cp server.crt /var/lib/postgresql/18/main/server.crt
cp server.key /var/lib/postgresql/18/main/server.key && rm server.key
chmod 600 /var/lib/postgresql/18/main/server.key
chmod 644 /var/lib/postgresql/18/main/server.crt
chown -R postgres:postgres /var/lib/postgresql/18/main/

echo "ssl_cert_file = '/var/lib/postgresql/18/main/server.crt'" \
    >> /etc/postgresql/18/main/postgresql.conf
echo "ssl_key_file = '/var/lib/postgresql/18/main/server.key'" \
    >> /etc/postgresql/18/main/postgresql.conf

5. CIA user trust certificate

mkdir -p /opt/cia/.postgresql
cp server.crt /opt/cia/.postgresql/root.crt
chmod 700 /opt/cia/.postgresql/root.crt
chown -R cia:cia /opt/cia/.postgresql/root.crt
rm server.crt

6. Performance tuning

For optimal performance with CIA's 110 views and 93 tables:

Setting4 GB RAM8 GB RAM16 GB+ RAM (production)
shared_buffers1 GB2 GB4 GB
effective_cache_size3 GB6 GB12 GB
maintenance_work_mem256 MB512 MB1 GB
work_mem16 MB32 MB50 MB
-- 8 GB RAM example โ€” adjust to your hardware
ALTER SYSTEM SET shared_buffers = '2GB';
ALTER SYSTEM SET effective_cache_size = '6GB';
ALTER SYSTEM SET maintenance_work_mem = '512MB';
ALTER SYSTEM SET work_mem = '32MB';

-- Checkpoints, WAL
ALTER SYSTEM SET checkpoint_completion_target = 0.9;
ALTER SYSTEM SET wal_buffers = '16MB';
ALTER SYSTEM SET max_wal_size = '4GB';
ALTER SYSTEM SET min_wal_size = '1GB';

-- SSD-optimised query planner
ALTER SYSTEM SET random_page_cost = 1.1;
ALTER SYSTEM SET effective_io_concurrency = 200;

-- Connections
ALTER SYSTEM SET max_connections = 200;

-- Apply
SELECT pg_reload_conf();

๐Ÿ“š For full performance tuning, monitoring and advanced configuration, see service.data.impl/README-SCHEMA-MAINTENANCE.md.

7. Database setup

sudo su - postgres
psql
postgres=# CREATE USER eris WITH password 'discord';
postgres=# CREATE DATABASE cia_dev;
postgres=# GRANT ALL PRIVILEGES ON DATABASE cia_dev TO eris;

โš ๏ธ The credentials above are for local development only. Use custom credentials and update /opt/cia/webapps/cia/WEB-INF/database.properties for any non-development deployment.


๐Ÿค– GitHub Copilot โ€” Custom Agents & Skills

CIA uses GitHub Copilot custom agents and skills as first-class development assets, governed by the Hack23 AI Policy.

SurfaceCatalogCount
๐Ÿค– Custom agents.github/agents/README.md6
๐Ÿง  Skills library.github/skills/README.md80+
โš™๏ธ Workflows.github/workflows/13
๐Ÿ”Œ MCP servers.github/copilot-mcp-config.jsongithub ยท filesystem ยท memory ยท sequential-thinking ยท playwright
๐Ÿ“‹ Setup contract.github/workflows/copilot-setup-steps.ymlJava 26 ยท Maven 3.9.15 ยท PostgreSQL 18

Available agents

AgentSpecialty
๐Ÿ“‹ Task AgentProduct quality, GitHub issue management, ISMS compliance
๐Ÿ› ๏ธ Stack SpecialistJava 26 ยท Spring ยท Vaadin ยท Hibernate / JPA ยท PostgreSQL
๐ŸŽจ UI Enhancement SpecialistVaadin ยท WCAG 2.1 AA ยท data visualization ยท privacy-by-design UI
๐Ÿ•ต๏ธ Intelligence OperativePolitical science ยท OSINT ยท structured analysis ยท Swedish politics
๐Ÿ’ผ Business Development SpecialistStrategic planning ยท partnerships ยท sustainable revenue ยท market expansion
๐Ÿ“ข Marketing SpecialistDigital marketing ยท content strategy ยท community building

Skills library highlights

The skills library contains 80+ skills across security-by-design, ISMS compliance, testing, architecture, intelligence, UI/UX, cloud, and product management. Highlights:

  • ๐Ÿ”’ Security: secure-code-review ยท threat-modeling ยท secrets-management ยท input-validation ยท crypto-best-practices ยท cis-controls ยท iso-27001-controls ยท ai-governance ยท ci-cd-security
  • โœ… Compliance: hack23-information-security-policy ยท hack23-isms-compliance ยท gdpr-compliance ยท compliance-frameworks ยท classification-framework-enforcement ยท open-source-policy
  • ๐Ÿงช Testing: unit-testing-patterns ยท integration-testing ยท e2e-testing ยท playwright-ui-testing ยท testing-strategy-enforcement ยท code-quality-checks
  • ๐Ÿ—๏ธ Architecture: hack23-future-architecture-standards ยท data-pipeline-engineering ยท api-integration ยท mcp-server-development ยท mcp-gateway-configuration ยท mcp-gateway-security
  • ๐Ÿ•ต๏ธ Intelligence & OSINT: political-science-analysis ยท osint-methodologies ยท intelligence-analysis-techniques ยท swedish-political-system ยท electoral-analysis ยท legislative-monitoring ยท risk-assessment-frameworks ยท behavioral-analysis ยท strategic-communication-analysis ยท cia-data-integration ยท european-parliament-api
  • ๐ŸŽจ UI / UX: accessibility-wcag-patterns ยท advanced-data-visualization ยท data-visualization-principles ยท ui-ux-design-system ยท seo-best-practices

For the full taxonomy and agent โ†” skill matrix, see .github/skills/README.md and .github/agents/README.md.


๐Ÿ“ Blog Posts & Technical Analysis

โญ Simon Moon โ€” Architecture Chronicles

System Architect Simon Moon provides deep architectural analysis of CIA through the lens of pattern recognition:

๐Ÿ’ป George Dorn โ€” Code Analysis

Developer George Dorn provides hands-on code analysis based on actual repository inspection:

  • ๐Ÿ” CIA Code Analysis โ€” 49 modules, 1,300+ Java files, OpenSSF Scorecard 7.2/10

Full collection of 50+ blog posts on cybersecurity, ISMS policies and architectural patterns: Hack23 Security Blog.


๐Ÿ“Š Project Classification (per ISMS Classification Framework)

See the descriptive Classification table above for confidentiality, integrity, availability, privacy and RTO/RPO levels with rationale. The formal badges below cover project type, Business Impact Analysis (BIA) and strategic position.

๐ŸŽฏ Project type

Project Type Process Type

๐Ÿ’ฐ Business impact analysis matrix

ImpactFinancialOperationalReputationalRegulatory
๐Ÿ”’ Confidentiality๐ŸŸข Negligible๐ŸŸข Negligible๐ŸŸข Low๐ŸŸข Low
โœ… Integrity๐ŸŸข Negligible๐ŸŸ  High๐ŸŸ  High๐ŸŸก Moderate
โฑ๏ธ Availability๐ŸŸข Negligible๐ŸŸ  High๐ŸŸข Low๐ŸŸข Low

๐Ÿ›ก๏ธ Security investment & strategic position

ROI Level Risk Mitigation Market Position Customer Trust Entry Barriers


๐Ÿ“– Maven Site Documentation

The complete Maven-generated project documentation is published at hack23.github.io/cia:

ResourceLink
๐Ÿ“‹ Project reports & module sitesMaven Site Home
๐Ÿ—„๏ธ Hibernate entity model (hbm2doc)Entity Model
๐Ÿ“‹ Javadoc API referenceJavadoc
๐Ÿ“ฆ Visual package dependenciesPackage graph
๐Ÿงช JaCoCo test coverageCoverage
๐Ÿ—๏ธ Architecture overviewArchitecture
๐Ÿ’พ Liquibase database documentationDB docs

Key module sites

ModuleDescriptionSite
citizen-intelligence-agencyMain web applicationlink
service.data.implData access & entity modellink
service.implCore service implementationlink
service.apiService API definitionslink
service.external.riksdagenSwedish Parliament integrationlink
service.external.worldbankWorld Bank integrationlink
service.external.valSwedish Election Authoritylink
service.external.esvESV financial datalink
web-widgetsUI widget componentslink

๐Ÿค Contributing

Contributions welcome under Hack23's secure-development standards.

  1. Fork the repo and create a descriptive feature branch
  2. GPG-sign every commit ยท enable MFA on your GitHub account
  3. Run quality checks locally: mvn clean install (must pass tests + SonarCloud quality gate)
  4. Submit a pull request with a comprehensive description; address review feedback
  5. Sign the CLA
  6. Never introduce security vulnerabilities; follow CONTRIBUTING.md, CODE_OF_CONDUCT.md, and the Hack23 Secure Development Policy

๐Ÿ”’ Reporting Security Issues

For coordinated vulnerability disclosure, follow SECURITY.md. The process aligns with the Hack23 Vulnerability Management Policy and the Incident Response Plan.


๐Ÿ›๏ธ Architecture & design

๐Ÿ›ก๏ธ Security & compliance

๐Ÿ”„ Operations & development

๐ŸŽจ Features & dashboards

๐Ÿค– AI & development tools

๐Ÿ“‹ ISMS-PUBLIC policies governing this repository

ISMS-PUBLIC


๐Ÿข About Hack23

Hack23 AB (Org.nr 559534-7807) โ€” Swedish cybersecurity & open-source-intelligence consultancy.


๐Ÿ“œ License

Copyright ยฉ 2008โ€“2026 Hack23 AB (Org.nr 559534-7807). Licensed under the Apache License 2.0 โ€” see LICENSE.txt.

FOSSA Status


๐Ÿ“‹ Project Classification: see the Project Classification section above for the full BIA matrix and strategic position. Summary: Data Analytics Platform (OSINT) ยท Operations ยท Confidentiality ๐ŸŸข Public ยท Integrity ๐ŸŸ  High ยท Availability ๐ŸŸก Moderate ยท Aligned with ISO 27001:2022 ยท NIST CSF 2.0 ยท CIS Controls v8.1 ยท AWS Well-Architected.


๐Ÿ•ต๏ธ Empower citizens ยท ๐Ÿ” Strengthen democratic accountability ยท ๐Ÿ›๏ธ Illuminate the political process