William Fish willfish

ID Token Encryption Between OTT Services

User credentials are already protected. The id_token is encrypted with AES-256-GCM and HMAC-signed at the application layer before it ever leaves the identity service. Internal HTTP traffic contains an opaque encrypted blob, not a usable JWT. Credentials are not exposed while internal TLS work is completed.
The residual risk is token replay, not credential theft. An observer on the internal network could capture and replay the encrypted blob to impersonate a session. They cannot decode, modify, or extract user information from it. This is a narrower risk than transmitting raw credentials.
Replay requires prior network compromise. For someone to intercept internal service traffic they would need to have already compromised the internal network. At that point, the ability to replay an authentication token is a secondary concern - an attacker with that level of access could disrupt or bring down the service entirely. Internal

Review current project documentation and make sure as much of it is automatic?
Run everything locally with docker (cassandra, postgres, mydriveapi, phone-platform, mydrive projects all run inside of docker)

Run partially locally (candidate project - i.e. the one being developed - runs normally/outside of docker)

	#!/usr/bin/env ruby
	# frozen_string_literal: true

	# Validate AI-generated self-texts against the EU reference CSV
	#
	# Usage:
	# bundle exec rails runner /tmp/validate_ai_builder.rb [chapter]
	# bundle exec rails runner /tmp/validate_ai_builder.rb 02

	require 'csv'

	#!/usr/bin/env ruby
	# frozen_string_literal: true

	# AI-253: Enumerate all goods nomenclature descriptions and identify 'Other'-like patterns
	#
	# Usage: bundle exec rails runner script/enumerate_description_patterns.rb
	#
	# Outputs:
	# tmp/description_patterns.txt - All descriptions with hierarchy indentation
	# tmp/other_variants.txt - Categorised 'Other'-like patterns with counts

	#!/usr/bin/env ruby
	# frozen_string_literal: true

	# AI-167: Analyse the "Other" description problem across the tariff hierarchy
	#
	# Usage: bundle exec rails runner script/analyse_other_descriptions.rb
	#
	# Outputs:
	# tmp/other_descriptions_analysis.csv - Full detail per "Other" node
	# tmp/other_descriptions_summary.txt - Summary statistics

	#!/bin/sh

	hosts=""
	ssh_options=""
	tmux_name="cssh"

	usage() {
	echo "Usage: $0 [options] host [host ...]" >&2
	echo "" >&2
	echo "Spawns multiple synchronized SSH sessions inside a tmux session." >&2

	if [ "$#" == "0" ]; then
	echo "You need to supply at least one argument!"
	exit 1
	fi

	DOMAINS=('.com' '.co.uk' '.net' '.info' '.mobi'
	'.org' '.tel' '.biz' '.tv' '.cc' '.eu' '.ru'
	'.in' '.it' '.sk' '.com.au' '.tech' '.io' '.systems' '.xxx')

	ELEMENTS=${#DOMAINS[@]}

	version: '2'
	services:
	postgres:
	container_name: mydrive-dev-env-postgres
	image: mdillon/postgis:9.4
	environment:
	- PGDATA=/var/lib/postgresql/data/pgdata
	ports:
	- 5432:5432
	volumes:

	#!/bin/bash

	contains() {
	[[ $1 =~ (^\| )$2($\| ) ]] && echo 'yes' \|\| echo 'no'
	}

	# Takes a space separated list of directories that we're interested in seeing have changed
	# Returns a space separated list of directories that have changed.
	changed() {
	local directories="$*"