🔍 Citizen Intelligence Agency

An independent, volunteer-driven OSINT platform monitoring Swedish political activity

🎯 Mission

The Citizen Intelligence Agency is a volunteer-driven, open-source intelligence (OSINT) project that provides comprehensive analysis of political activities in Sweden. Through advanced monitoring of key political figures and institutions, we deliver:

📊 Financial performance metrics
⚠️ Risk assessment analytics
📈 Political trend analysis
🏆 Politician ranking system
📉 Performance comparisons
🔍 Transparency insights

Our initiative remains strictly independent and non-partisan, focused on fostering informed decision-making and enhancing democratic engagement.

📊 Quality Metrics

Coverage Policy: Per Secure Development Policy, we maintain minimum 80% line coverage and 70% branch coverage across all modules.

✨ Features

Explore our comprehensive feature set including:

📊 Interactive dashboards
🏆 Political scoreboard systems
📈 Critical analytics tools
🔍 Transparency metrics
⚖️ Accountability measures
📱 Data-driven insights

For a conceptual view of our system architecture and components, see our Architecture Documentation and System Mindmaps.

📝 Blog Posts & Technical Analysis

Explore in-depth technical analysis and architectural insights about this project through our team's blog posts:

🤖 GitHub Copilot Custom Agents

We maintain a collection of custom GitHub Copilot agents specialized for different aspects of the project:

📋 Task Agent - Product quality, GitHub issue management, ISMS compliance
🛠️ Stack Specialist - Java, Spring, Vaadin, PostgreSQL expertise
🎨 UI Enhancement Specialist - Vaadin, accessibility, data visualization
🔍 Intelligence Operative - Political analysis, OSINT methodologies
💰 Business Development Specialist - Strategic planning, partnerships
📢 Marketing Specialist - Digital marketing, content strategy

See the agents README for detailed information on using these specialized profiles.

⭐ Simon Moon's Architecture Chronicles

System Architect Simon Moon provides deep architectural analysis of the CIA platform through the lens of sacred geometry and pattern recognition:

🏛️ CIA Platform Architecture & Security

CIA Architecture: The Five Pentacles - Five container types crystallized from the parliamentary domain. Architecture that mirrors political reality—power flows documented in code.
CIA Security: Defense Through Transparency - Security through mathematical proof, not mystical obscurity. Five defensive layers. OpenSSF Scorecard 7.2/10. Zero critical vulnerabilities across 5 years.
CIA Future Security: The Pentagon of Tomorrow - Post-quantum cryptography before quantum computers threaten. AI-augmented detection before AI attacks dominate.
CIA Financial Strategy: $24.70/Day Democracy - Democracy costs $24.70/day when architecture channels cosmic financial patterns through AWS optimization.
CIA Workflows: Five-Stage CI/CD & State Machines - Five GitHub Actions workflows orchestrating DevSecOps automation. Data processing through five state transitions.
CIA Mindmaps: Conceptual Sacred Geometry - Hierarchical thinking revealing natural organizational patterns: 4 current domains expanding into 5 future dimensions.

💻 George Dorn's Code Analysis

Developer George Dorn provides hands-on code analysis based on actual repository inspection:

🔍 Repository Deep-Dives

CIA Code Analysis - Repository deep-dive examining Maven POMs, 49 modules, 1,372 Java files, verified OpenSSF Scorecard 7.2/10. Based on actual repository inspection.

For the complete collection of 50+ blog posts covering cybersecurity, ISMS policies, and architectural patterns, visit the Hack23 Security Blog.

🏢 About Hack23

🌐 Website: www.hack23.com
💼 LinkedIn: James Sörling

🔐 Commitment to Transparency and Security

At Hack23 AB, we believe that true security comes through transparency and demonstrable practices. Our Information Security Management System (ISMS) is publicly available, showcasing our commitment to security excellence and organizational transparency.

📋 Public ISMS Repository

Complete Information Security Management System documentation

🔒 Information Security Policy

Enterprise-grade security framework and governance

🏆 Security Through Transparency

Our approach to cybersecurity consulting is built on a foundation of transparent practices:

🔍 Open Documentation: Complete ISMS framework available for review
📋 Policy Transparency: Detailed security policies and procedures publicly accessible
🎯 Demonstrable Expertise: Our own security implementation serves as a live demonstration
🔄 Continuous Improvement: Public documentation enables community feedback and enhancement

"Our commitment to transparency extends to our security practices - demonstrating that true security comes from robust processes, continuous improvement, and a culture where security considerations are integrated into every business decision."

— James Pether Sörling, CEO/Founder

📊 ISMS Compliance Mapping

For a comprehensive view of how ISMS-PUBLIC policies map to CIA platform security controls:

Coverage: 32 ISMS policies • 100+ security controls • ISO 27001 • NIST CSF 2.0 • CIS Controls v8.1

🛡️ Security & Compliance Evidence

Our commitment to security transparency is demonstrated through publicly verifiable evidence:

🔒 Supply Chain Security

Evidence:

OpenSSF Scorecard: Full Supply Chain Analysis
SLSA Attestations: Build Provenance & SBOM
CII Best Practices: Open Source Security Maturity

🔍 Security Scanning

Evidence:

CodeQL Scanning: Security Code Analysis Results
SonarCloud Security: Vulnerability Dashboard
Dependabot: Dependency Vulnerability Alerts

✅ Quality Gates

Evidence:

Quality Gate: SonarCloud Quality Dashboard
Code Metrics: Technical Debt & Maintainability

📋 License Compliance

Evidence:

FOSSA Analysis: License Compliance Report
License: Apache License 2.0

🎯 Security Architecture Documentation

Evidence:

Threat Model: STRIDE Analysis & Attack Trees
Security Architecture: Defense-in-Depth Design
CRA Assessment: EU Cyber Resilience Act Compliance

🔍 Transparency Commitment: All security evidence is publicly accessible for stakeholder verification. We believe security through transparency builds trust and demonstrates our commitment to cybersecurity excellence.

📚 Data Sources

Our analysis is powered by authoritative Swedish government and international data sources:

Source	Description
🏛️ Swedish Parliament Open Data	Parliamentary members, committees, and official documents
🗳️ Swedish Election Authority	Election data, political parties, and voting results
🌍 World Bank Open Data	Global economic indicators and demographic data
💹 Swedish Financial Management Authority	Government finances and economic trends

🏆 Project Status

For comprehensive security and compliance evidence, see Security & Compliance Evidence section above.

🚀 Runtime Environment

JDK Version	Status	Release Info
	Supported	LTS Release
	Compatible	Feature Release
	Compatible	Feature Release
	Compatible	Feature Release
	Supported	Current LTS

For details on our technology lifecycle management, see the End-of-Life Strategy.

📚 Architecture Documentation Map

Document	Focus	Description	Documentation Link
Architecture	🏛️ Architecture	C4 model showing current system structure	View Source
Future Architecture	🏛️ Architecture	C4 model showing future system structure	View Source
Security Architecture	🔐 Security	Security architecture	View Source
Future Security Architecture	🔐 Security	Future Security architecture	View Source
Mindmaps	🧠 Concept	Current system component relationships	View Source
Future Mindmaps	🧠 Concept	Future capability evolution	View Source
SWOT Analysis	💼 Business	Current strategic assessment	View Source
Future SWOT Analysis	💼 Business	Future strategic opportunities	View Source
Data Model	📊 Data	Current data structures and relationships	View Source
Future Data Model	📊 Data	Enhanced political data architecture	View Source
Flowcharts	🔄 Process	Current data processing workflows	View Source
Future Flowcharts	🔄 Process	Enhanced AI-driven workflows	View Source
State Diagrams	🔄 Behavior	Current system state transitions	View Source
Future State Diagrams	🔄 Behavior	Enhanced adaptive state transitions	View Source
CI/CD Workflows	🔧 DevOps	Current automation processes	View Source
Future Workflows	🔧 DevOps	Enhanced CI/CD with ML	View Source
End-of-Life Strategy	📅 Lifecycle	Maintenance and EOL planning	View Source
Financial Security Plan	💰 Security	Cost and security implementation	View Source
CIA Features	🚀 Features	Platform features overview	View on hack23.com
Threat Model	🛡️ Security	STRIDE / MITRE risk analysis	View Source
Unit Test Plan	🧪 Testing	Comprehensive testing strategy & coverage	View Source

🔍 Intelligence & Analytics Documentation

The CIA platform provides comprehensive intelligence operations (INTOP) and open-source intelligence (OSINT) capabilities. Our intelligence documentation tracks the evolution of analytical frameworks, risk assessment rules, and database views that power political intelligence products.

📋 Intelligence Changelogs

Track the evolution of intelligence capabilities and analytical infrastructure:

Document	Focus	Description	Documentation Link
Intelligence Analysis Changelog	📊 Intelligence	Complete history of intelligence capabilities, frameworks, and OSINT enhancements	View Source
Database Views Changelog	🗄️ Views	Detailed tracking of all 85 database views with schema specifications	View Source
Risk Rules Changelog	🔴 Risk Rules	Evolution of 50 behavioral assessment rules across 5 domains	View Source

📚 Core Intelligence Documentation

Comprehensive documentation of analytical capabilities and methodologies:

Document	Focus	Description	Documentation Link
Data Analysis - INTOP OSINT	🎯 Frameworks	6 analysis frameworks (Temporal, Comparative, Pattern Recognition, Predictive, Network, Decision)	View Source
Risk Rules Documentation	🔴 Risk Rules	50 behavioral detection rules (24 politician, 10 party, 4 committee, 4 ministry, 5 decision, 3 other)	View Source
Database View Intelligence Catalog	🗄️ Views	Complete catalog of 85 database views (57 regular + 28 materialized)	View Source
Intelligence Data Flow Map	🗺️ Pipeline	Data pipeline mappings and framework-to-view relationships	View Source
Liquibase Intelligence Analysis	🗄️ Schema	Database schema evolution from intelligence perspective	View Source

🛠️ Intelligence Automation

Tool	Purpose	Location
Intelligence Changelog Generator	Automated detection of view changes, risk rule updates, and framework enhancements	Script
GitHub Actions Workflow	Automated changelog generation on demand	Workflow

Usage:

# Generate intelligence changelog from recent changes
.github/scripts/generate-intelligence-changelog.sh

# Compare specific commits
.github/scripts/generate-intelligence-changelog.sh <prev_commit> <current_commit>

📊 Intelligence Metrics (v1.36.0)

Category	Count	Description
Analysis Frameworks	6	Temporal, Comparative, Pattern Recognition, Predictive, Network, Decision Intelligence
Risk Rules	50	24 politician + 10 party + 4 committee + 4 ministry + 5 decision + 3 other
Database Views	85	57 regular views + 28 materialized views
OSINT Data Sources	4	Riksdagen API, Election Authority, World Bank, Financial Authority
Intelligence Products	10+	Scorecards, Coalition Analysis, Risk Assessments, Trend Reports, Decision Tracking

🔒 Reporting Security Issues

Please follow the instructions in our SECURITY.md file for reporting security issues.

🔧 Project Technology Stack

📚 Core Technology Stack

This document provides a high-level overview of the key technologies used within the Citizen Intelligence Agency (CIA) project. Each technology plays a vital role in supporting CIA’s goals for data analysis, security, and scalability within the political intelligence domain.

Category	Technologies
Core Framework	Spring Framework
Security	Spring Security, Bouncy Castle
Data Access	Hibernate, JPA, PostgreSQL, JDBC
Transaction Management	Narayana (Integrated with Spring `JpaTransactionManager`)
Data Auditing	Javers
Business Rules Engine	Drools
Messaging	ActiveMQ Artemis, Spring JMS
Web/UI Layer	Vaadin, Vaadin Sass Compiler, Vaadin Themes
Monitoring	JavaMelody, AWS SDK for CloudWatch
Testing	JUnit, Mockito, Spring Test, Selenium WebDriver
Utilities	Apache Commons, Google Guava, SLF4J, Logback, Jackson
Build & Dependency Management	Maven

Stack Summary

This stack comprises:

Core Framework: The project uses Spring Framework to provide a foundation for dependency injection, component management, and service configuration across modules.
Security: Spring Security manages authentication and authorization, complemented by Bouncy Castle for cryptographic operations.
Data Access: A combination of Hibernate, JPA, and PostgreSQL supports robust ORM-based data persistence, with JDBC facilitating additional database connectivity needs.
Transaction Management: The project uses Narayana as the transaction manager implementation, integrated with Spring’s JpaTransactionManager for distributed transaction support and ensuring transactional integrity.
Data Auditing: Javers provides auditing and historical versioning, allowing for tracking and comparing changes to data over time.
Business Rules Engine : Drools is integrated into the CIA project to enable a robust business rules engine.
Messaging: ActiveMQ Artemis and Spring JMS enable asynchronous communication between application components, supporting distributed and event-driven designs.
Web/UI Layer: Vaadin powers the UI with a server-driven architecture, providing components like Vaadin Themes and Sass Compiler for a rich, interactive frontend experience directly in Java.
Monitoring: JavaMelody and AWS SDK for CloudWatch provide real-time application monitoring and logging capabilities, supporting both local and cloud environments.
Testing: JUnit, Mockito, Spring Test and Selenium WebDriver are used extensively for unit, integration, system, browser and mock testing to ensure application reliability and robustness.
Utilities: Apache Commons, Google Guava, SLF4J, and Logback offer utility functions and structured logging, enhancing application maintainability and monitoring.
Build & Dependency Management: Maven handles project builds, dependency management, and plugin configurations, enabling smooth project management and modular builds.

☁️ AWS Services Stack

AWS Infrastructure Components

This document provides a comprehensive summary of the AWS services utilized in the Citizen Intelligence Agency (CIA) project infrastructure, as defined by its CloudFormation template. These services work together to ensure a secure, resilient, and scalable deployment environment.

Category	AWS Services	NIST CSF Function, Category & Subcategory	ISO 27001:2022 Control & Link
Networking and Security	- Amazon VPC: Configures a custom network environment with public/private subnets, route tables, NAT Gateway, Network ACLs (NACLs) for traffic control, and VPC Flow Logs. - VPC Endpoints: Enables private access to AWS services (e.g., S3, EC2, SSM, CloudWatch Logs). - AWS WAF: Protects against web attacks at the ALB layer. - AWS IAM: Manages role-based access control. - AWS KMS: Manages encryption for data at rest.	Identify (ID): - Asset Management (ID.AM-2) Protect (PR): - Access Control (PR.AC-1, PR.AC-3, PR.AC-5) - Data Security (PR.DS-1, PR.DS-2) - Protective Technology (PR.PT-3) Detect (DE): - Security Continuous Monitoring (DE.CM-3)	- A.8.1: Asset management - A.9.4.1: Access control policy - A.13.1.1: Network controls - A.13.1.3: Segregation in networks - A.18.1.5: Regulation and compliance (see ISO 27001)
Domain and SSL Management	- Amazon Route 53: Manages domain registration and DNS routing. - AWS Certificate Manager (ACM): Issues and manages SSL/TLS certificates.	Protect (PR): - Data Security (PR.DS-5) Detect (DE): - Anomalies and Events (DE.AE-3)	- A.10.1.1: Cryptographic controls for data protection - A.12.4.3: Security of network services
Compute	- Amazon EC2: Provides scalable compute instances.	Protect (PR): - Protective Technology (PR.PT-1) Respond (RS): - Analysis (RS.AN-1), Mitigation (RS.MI-2)	- A.12.1.3: Capacity management for IT infrastructure and services
Load Balancing	- Application Load Balancer (ALB): Distributes HTTP/HTTPS traffic across EC2 instances.	Protect (PR): - Protective Technology (PR.PT-3) Respond (RS): - Communications (RS.CO-2)	- A.13.1.1: Network controls - A.13.2.1: Information transfer policies
Data Storage	- Amazon S3: Stores application artifacts and logs with encryption, access control, and lifecycle policies. - Amazon RDS: PostgreSQL database with multi-AZ deployment.	Protect (PR): - Data Security (PR.DS-1, PR.DS-5) - Information Protection Processes and Procedures (PR.IP-3, PR.IP-4) - Maintenance (PR.MA-1) Recover (RC): - Recovery Planning (RC.RP-1), Communications (RC.CO-2)	- A.8.2.3: Information backup - A.10.1.1: Use of cryptographic controls
Secrets Management	- AWS Secrets Manager: Securely stores and rotates sensitive credentials with Lambda rotation support.	Protect (PR): - Access Control (PR.AC-1, PR.AC-4) - Data Security (PR.DS-6) - Identity Management and Access Control (PR.AC-7)	- A.9.2.2: User access provisioning - A.10.1.1: Management of encryption keys and secret information
Monitoring and Alarms	- Amazon CloudWatch: Provides real-time metrics, logs, and alarms to monitor performance and health.	Detect (DE): - Security Continuous Monitoring (DE.CM-3)	- A.12.4.1: Monitoring activities
Resilience and Disaster Recovery	- AWS Resilience Hub: Assesses and improves the architecture’s resilience, recommending strategies for fault tolerance and disaster recovery.	Recover (RC): - Recovery Planning (RC.RP-1) - Improvements (RC.IM-1)	- A.17.1.2: Implementing continuity controls - A.17.2.1: Availability of information processing facilities
Automation and Maintenance	- AWS Systems Manager (SSM): Automates inventory, patching, and maintenance tasks, with SSM Maintenance Windows and SSM Patch Baselines for streamlined operations.	Protect (PR): - Maintenance (PR.MA-1, PR.MA-2) - Protective Technology (PR.PT-1)	- A.12.6.1: Control of technical vulnerabilities - A.12.7.1: Information systems audit considerations

AWS Stack Summary

Networking and Security: Amazon VPC creates an isolated network environment with NAT Gateway, NACLs, and VPC Flow Logs. VPC Endpoints provide private access to AWS services (e.g., S3, EC2, SSM), AWS WAF protects against web attacks, AWS IAM secures access control, and AWS KMS encrypts data at rest.
Domain and SSL Management: Amazon Route 53 handles DNS and domain registration, while AWS Certificate Manager (ACM) provides SSL/TLS certificates for HTTPS security.
Compute Layer: Amazon EC2 instances host the application, providing flexible and scalable compute resources.
Load Balancing: The Application Load Balancer (ALB) distributes HTTP/HTTPS traffic across EC2 instances, optimizing for high availability and resilience.
Data Storage: Amazon RDS offers a resilient PostgreSQL setup with multi-AZ deployment and custom parameter groups. Amazon S3 securely stores artifacts and logs, with lifecycle policies and KMS-managed encryption keys for compliance.
Secrets Management: AWS Secrets Manager securely stores and rotates credentials, such as database passwords, with automated Lambda support for rotation.
Monitoring and Alarms: Amazon CloudWatch monitors infrastructure health through metrics, logs, and alarms, enabling proactive management.
Resilience and Disaster Recovery: AWS Resilience Hub assesses and recommends enhancements to improve the system's resilience, providing disaster recovery and fault-tolerant strategies.
Automation and Maintenance: AWS Systems Manager (SSM) automates inventory, patching, and other maintenance tasks, increasing operational efficiency.

For detailed security implementation, see the Financial Security Plan.

🚀 Deployment Options

AWS CloudFormation Deployment

The Citizen Intelligence Agency can be deployed on AWS using our provided CloudFormation template:

Download the CloudFormation stack file
Create a new stack in the AWS CloudFormation console
Upload the template file and configure parameters
Acknowledge IAM resource creation and launch the stack
Access the application via the URL in the stack outputs

CloudFormation Stack Diagram

Debian/Ubuntu Installation

For local or self-hosted deployment on Debian/Ubuntu 24.4+:

Install prerequisites:

sudo apt-get install openjdk-21-jdk postgresql-16 postgresql-contrib postgresql-16-pgaudit

Configure PostgreSQL as detailed below.

PostgreSQL 16 Configuration Guide

A step-by-step guide to configure PostgreSQL 16 with SSL, prepared transactions, and required extensions.

1. Enable Prepared Transactions and Required Extensions

Edit /etc/postgresql/16/main/postgresql.conf and add or update the following lines:

max_prepared_transactions = 100
shared_preload_libraries = 'pg_stat_statements, pgaudit, pgcrypto'
pgaudit.log = ddl
pg_stat_statements.track = all
pg_stat_statements.max = 10000

Save and close the file.

2. Update `pg_hba.conf` for IPv6 Loopback Access

Edit /etc/postgresql/16/main/pg_hba.conf and add the following line:
```
host all all ::1/128 md5
```
Save and close the file.

3. Generate SSL Certificates and Keys

Generate a secure random passphrase:

openssl rand -base64 48 > passphrase.txt

Create a passphrase-protected private key:

openssl genrsa -des3 -passout file:passphrase.txt -out server.pass.key 2048

Remove the passphrase protection from the private key:

openssl rsa -passin file:passphrase.txt -in server.pass.key -out server.key
rm server.pass.key

Create a Certificate Signing Request (CSR):

openssl req -new -key server.key -out server.csr \
    -subj "/C=UK/ST=Postgresqll/L=Docker/O=Hack23/OU=demo/CN=127.0.0.1"

Self-sign the certificate (valid for 10 years / 3650 days):

openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

Clean up temporary files:
```
rm passphrase.txt
rm server.csr
```

4. Deploy the SSL Certificate and Key for PostgreSQL

Copy the new certificate and key into the PostgreSQL data directory:

cp server.crt /var/lib/postgresql/16/main/server.crt
cp server.key /var/lib/postgresql/16/main/server.key
rm server.key

Secure the certificate and key:

chmod 700 /var/lib/postgresql/16/main/server.key
chmod 700 /var/lib/postgresql/16/main/server.crt
chown -R postgres:postgres /var/lib/postgresql/16/main/

Enable SSL in PostgreSQL by adding the following lines to /etc/postgresql/16/main/postgresql.conf:

echo "ssl_cert_file = '/var/lib/postgresql/16/main/server.crt'" \
    >> /etc/postgresql/16/main/postgresql.conf
echo "ssl_key_file = '/var/lib/postgresql/16/main/server.key'" \
    >> /etc/postgresql/16/main/postgresql.conf

5. Provide SSL Certificate to the `cia` User

Create a .postgresql directory for the cia user:
```
mkdir -p /opt/cia/.postgresql
```

Copy the server certificate into this directory:

cp server.crt /opt/cia/.postgresql/root.crt
chmod 700 /opt/cia/.postgresql/root.crt
chown -R cia:cia /opt/cia/.postgresql/root.crt

Remove the server certificate from the current directory (if desired):
```
rm server.crt
```

Final Steps

Restart PostgreSQL to apply all changes:
```
systemctl restart postgresql
```
Verify that PostgreSQL is running with SSL by checking the logs or using an SSL-enabled client.
Confirm that prepared transactions and required extensions are enabled:
```
SHOW max_prepared_transactions;
\dx
```
Confirm the new IPv6 entry in pg_hba.conf is functioning as expected by connecting via psql over ::1.

Database Setup

Create an empty database:

Below instructions set the default username/password and database name used for development. We recommend using custom credentials and updating the configuration at /opt/cia/webapps/cia/WEB-INF/database.properties to define your own username/password and database name.

$ sudo su - postgres
$ psql
postgres=# CREATE USER eris WITH password 'discord';
postgres=# CREATE DATABASE cia_dev;
postgres=# GRANT ALL PRIVILEGES ON DATABASE cia_dev to eris;

Install CIA Debian Package

Download the CIA Debian package:

wget https://github.com/Hack23/cia/releases/download/2025.1.2/cia-dist-deb-2025.1.2.all.deb

Install the Debian package:

sudo dpkg -i cia-dist-deb-2025.1.2.all.deb

Access the server at https://localhost:28443/cia/.

📊 Political Dashboards

English: Our dashboard provides comprehensive analytics on Swedish political figures and institutions.
Swedish: Vår dashboard erbjuder en detaljerad översikt över politiska figurer och olika departement i Sverige.

🤖 AI and Data Visualization

This project is powered by advanced AI technologies for data processing and analysis. We integrate data from various open sources and visualize findings through modern data visualization tools.

For our future vision incorporating more advanced AI capabilities, see our Future Architecture Vision.