🕵️ Citizen Intelligence Agency

Swedish Political Intelligence Platform — democratic transparency, evidence-based analysis, and OSINT-powered accountability for the Riksdag, the Government, and Swedish public agencies.
🕵️ Political intelligence · 🔍 Radical transparency · 📊 50+ years of evidence · 🛡️ ISMS-aligned · ⚖️ Independent & non-partisan

---

🎯 Mission

Strengthen Swedish democracy through systematic transparency.

The Citizen Intelligence Agency (CIA) is an independent, volunteer-driven, open-source-intelligence (OSINT) platform that puts rigorous, evidence-based political intelligence in the hands of every citizen, journalist, researcher, and policymaker. It monitors Sweden's Riksdag (Parliament), the Government (Regeringskansliet), and public agencies (Myndigheter) — applying structured intelligence techniques (ACH, SWOT, MITRE ATT&CK, STRIDE, political-risk scoring) to the full open-data corpus going back to 1971.

We deliver:

• 📊 Financial performance metrics for politicians and government bodies
• ⚠️ Risk assessment analytics — 50 behavioral detection rules across politicians, parties, committees, ministries and decisions
• 📈 Political trend analysis — temporal, comparative, pattern-recognition, predictive, network and decision intelligence frameworks
• 🏆 Politician scoreboards & rankings with multi-decade longitudinal coverage
• 📉 Performance comparisons — party effectiveness, committee productivity, ministry oversight
• 🔍 Transparency insights — every metric traces back to a primary parliamentary source

The platform is strictly independent, non-partisan, and Apache 2.0 licensed, operated under the public Hack23 ISMS with full ISO 27001:2022 / NIST CSF 2.0 / CIS Controls v8.1 alignment. It does not collect end-user PII, does not run ads, and does not push narratives.

---

🌍 Hack23 Civic Tech Ecosystem

CIA is the canonical data backbone for Hack23's growing portfolio of democratic-transparency platforms. Each repository is independently auditable, ISMS-aligned, and cross-linked through open data products and the public ISMS.

Project	Role	Stack	Status
🕵️ Citizen Intelligence Agency (this repo)	Sweden — full data backbone, 110 DB views, 50 risk rules, JSON export specifications	Java 26 / Spring / Vaadin / PostgreSQL 18
🗳️ Riksdagsmonitor · riksdagsmonitor.com	Sweden — public news & dashboards, AI agentic newsroom (14 languages), consumes CIA exports nightly	TypeScript / Vite / Chart.js / D3 / GitHub Actions Agentic Workflows
🏛️ EU Parliament Monitor · euparliamentmonitor.com	European Parliament — political intelligence, AI newsroom (14 languages)	TypeScript / Vite / GitHub Actions Agentic Workflows
🤖 European Parliament MCP Server	EP Open Data MCP server — 60+ tools, OSINT analytics for AI agents	TypeScript / Model Context Protocol
🛡️ Hack23 ISMS-PUBLIC	The apex Information Security Management System — 32+ public policies governing all repositories	Markdown / Mermaid / GitHub-native	—
🌐 Hack23 Homepage · hack23.com	Corporate site, blog, agent biographies, feature showcase	TypeScript / Static	—

Data flow: CIA → JSON export specs (json-export-specs/) → Riksdagsmonitor consumes via update-cia-csv-data.yml → AI newsroom publishes daily articles in 14 languages, every claim traceable to a dok_id in the CIA corpus.

---

✨ Features at a Glance

Explore the comprehensive feature showcase on hack23.com:

• 📊 Interactive political dashboards (🇬🇧 English · 🇸🇪 Svenska)
• 🏆 Politician scoreboards and ranking systems
• 📈 50 risk rules · 110 database views · 6 analytical frameworks
• 🔍 Transparency metrics across 49 Maven modules (1,300+ Java files)
• ⚖️ Accountability measures spanning Riksdag, Government, agencies
• 📱 Data-driven insights backed by official Swedish open data
• 🕵️ Full OSINT pipeline — Riksdagen API, Valmyndigheten, World Bank, ESV
• 🔐 Defense-in-depth security, OpenSSF Scorecard 7.2/10, zero critical CVEs for 5+ years

For the conceptual model, see ARCHITECTURE.md and MINDMAP.md.

---

📊 Intelligence Metrics (v1.36.0)

Category	Count	Description
🧠 Analysis Frameworks	6	Temporal · Comparative · Pattern Recognition · Predictive · Network · Decision Intelligence
⚠️ Risk Rules	50	24 politician · 10 party · 4 committee · 4 ministry · 5 decision · 3 other
🗄️ Database Views	110	77 regular + 33 materialized — see DATABASE_VIEW_INTELLIGENCE_CATALOG.md
🌍 OSINT Data Sources	4	Riksdagen · Valmyndigheten · World Bank · ESV
📰 Intelligence Products	10+	Scorecards · Coalition analysis · Risk assessments · Trend reports · Decision tracking
🧩 Maven Modules	49+	Multi-module, layered architecture
🤖 Custom Copilot Agents	6	task-agent · stack-specialist · ui-enhancement-specialist · intelligence-operative · business-development-specialist · marketing-specialist
🧠 Copilot Skills	80+	Security · Compliance · Testing · Architecture · Intelligence · UI/UX · Cloud (see .github/skills/)

Coverage policy: per the Hack23 Secure Development Policy, we maintain ≥ 80 % line coverage and ≥ 70 % branch coverage across all modules. Live JaCoCo: hack23.github.io/cia/jacoco/.

---

📚 Authoritative Data Sources

CIA's analyses are powered exclusively by authoritative Swedish government and international open data:

Source	Scope	Module
🏛️ Swedish Parliament Open Data	Members, committees, motions, propositions, votes, documents	service.external.riksdagen
🗳️ Swedish Election Authority — Valmyndigheten	Election results, voter turnout, electoral statistics	service.external.val
🌍 World Bank Open Data	Global economic, governance and demographic indicators	service.external.worldbank
💹 Ekonomistyrningsverket — ESV	Government finances, budget execution, agency spending	service.external.esv

All data is processed under GDPR Art. 6(1)(e) (public interest) and Art. 9(2)(e)/(g) (manifestly made public / substantial public interest) for the political opinions of public officials. No end-user PII is collected.

---

🏗️ Architecture & Documentation Map

Full system architecture (C4 Context / Container / Component / Dynamic views) lives in ARCHITECTURE.md (v1.1, 2026-04-20).

Current state

Document	Focus	Description
🏛️ Architecture	C4 model	Current system structure
📊 Data Model	Data	Database schema, entity relationships
🔄 Flowcharts	Process	Data processing workflows
🔄 State Diagrams	Behavior	System state transitions
🗺️ Mindmaps	Concept	Component relationships
💼 SWOT Analysis	Business	Strategic assessment
🛡️ Security Architecture	Security	Defense-in-depth implementation
🎯 Threat Model	Security	STRIDE / MITRE ATT&CK analysis
🛡️ CRA Assessment	Compliance	EU Cyber Resilience Act conformity
🔐 ISMS Compliance Mapping	ISMS	32 ISMS policies → CIA controls
💰 Financial Security Plan	Cost	AWS security cost & ROI
📋 Business Continuity Plan	Resilience	RTO / RPO targets
💼 Business Product Document	Business	Data-product strategy
⚙️ CI/CD Workflows	DevOps	Automation processes
🧪 Unit Test Plan	Testing	Strategy & coverage
🌐 E2E Test Plan	Testing	End-to-end testing
📅 End-of-Life Strategy	Lifecycle	Maintenance and EOL planning
📝 Documentation Naming Convention	Standards	Naming standards

Future state (2026 → 2037)

Document	Focus
🚀 Future Architecture	Future C4 model
📊 Future Data Model	Enhanced data architecture
🔄 Future Flowcharts	AI-driven workflows
🔄 Future State Diagrams	Adaptive transitions
🗺️ Future Mindmaps	Capability evolution
💼 Future SWOT	Strategic opportunities
🛡️ Future Security Architecture	PQC / AI-augmented controls
🎯 Future Threat Model	AI / PQC threat landscape
⚙️ Future Workflows	ML-enhanced CI/CD

---

🔍 Intelligence & Analytics Documentation

CIA's intelligence operations (INTOP) and OSINT capabilities are documented and version-controlled. Every framework, rule, and view has a public source of truth.

Intelligence changelog

Document	Focus	Description
📜 Intelligence Evolution Changelog	Unified	Comprehensive tracking of intelligence capabilities, views, risk rules, frameworks

Core intelligence documentation

Document	Focus	Highlights
🎯 Data Analysis — INTOP / OSINT	Frameworks	6 frameworks (Temporal, Comparative, Pattern, Predictive, Network, Decision)
🔴 Risk Rules — INTOP / OSINT	Rules	50 behavioral detection rules across 6 categories
🗄️ Database View Intelligence Catalog	Views	110 views (77 regular + 33 materialized)
📊 Data Quality Monitoring Dashboard	Quality	OSINT, DB-health, view-validation metrics
🗺️ Intelligence Data Flow Map	Pipeline	Framework-to-view relationships
🗄️ Liquibase Intelligence Analysis	Schema	Database schema evolution from intelligence perspective
⚙️ Drools Risk Rules	Engine	Drools rules engine documentation

Intelligence automation

Tool	Purpose	Location
Intelligence Changelog Generator	Auto-detection of view / rule / framework changes	generate-intelligence-changelog.sh
GitHub Actions Workflow	On-demand changelog generation	generate-intelligence-changelog.yml

# Generate intelligence changelog from recent changes
.github/scripts/generate-intelligence-changelog.sh

# Compare specific commits
.github/scripts/generate-intelligence-changelog.sh <prev_commit> <current_commit>

Documentation navigation by role

📊 For Data Analysts Start: Data Analysis Frameworks Then: Database View Catalog Reference: Intelligence Data Flow Map 🗄️ For Database Administrators Start: Schema Maintenance Guide Then: Data Quality Dashboard Reference: Database View Catalog Track: Intelligence Changelog

🕵️ For Intelligence Operatives Start: Intelligence Data Flow Map Then: Data Analysis Frameworks Deep dive: Risk Rules 📈 For Product Managers Start: Business Product Document Then: Data Analysis Frameworks Explore: Database View Catalog

---

🔐 Security, Privacy & ISMS Compliance

Full controls in SECURITY_ARCHITECTURE.md · threat analysis in THREAT_MODEL.md · CRA conformity in CRA-ASSESSMENT.md · ISMS-PUBLIC ⇄ CIA mapping in ISMS_COMPLIANCE_MAPPING.md (32 policies, 100+ controls).

Security through transparency

"Our commitment to transparency extends to our security practices — demonstrating that true security comes from robust processes, continuous improvement, and a culture where security is integrated into every business decision."
— James Pether Sörling, CISSP, CISM, CEO/Founder, Hack23 AB

📋 Public ISMS Repository Complete Information Security Management System

🔒 Information Security Policy The apex policy governing every Hack23 repository

Classification (per Hack23 Classification Framework)

Dimension	Level	Note
🔒 Confidentiality	🟢 Public	Open civic-transparency platform; all source data intentionally disclosed
✅ Integrity	🟠 High	Automated validation, GPG-signed commits, SLSA 3 build provenance, Javers auditing
⏱️ Availability	🟡 Moderate	Multi-AZ AWS deployment with RDS Multi-AZ, ALB, automated patching
🏷️ Privacy	🟠 Personal (public officials only)	GDPR Art. 6(1)(e/f) · Art. 9(2)(e)/(g); no end-user PII, no accounts forced, no ads, no tracking
⏱️ RTO / RPO	1–4 h / 1–4 h	Automated backups, multi-region disaster recovery
💰 Business impact	🟢 Negligible (financial) · 🟠 High (reputational) · 🟡 Moderate (regulatory)	Open-source, volunteer-driven

Compliance frameworks

• ✅ ISO 27001:2022 — Annex A controls implemented (see ISMS_COMPLIANCE_MAPPING.md)
• ✅ NIST CSF 2.0 — 6 functions aligned (Govern · Identify · Protect · Detect · Respond · Recover)
• ✅ CIS Controls v8.1 — implementation tracked
• ✅ GDPR — public-interest / legitimate-interest grounds for public-official data; political opinions under Art. 9(2)(e)/(g)
• ✅ EU Cyber Resilience Act (CRA) — self-assessment in CRA-ASSESSMENT.md
• ✅ OpenSSF Best Practices — Project #770
• ✅ AWS Well-Architected — Security pillar aligned

Defence-in-depth highlights

• 🔐 Authentication & authorization — Spring Security 5.8.16, MFA, role-based access control, login blocking, Passay password policies
• 🧱 Network security — AWS VPC with private subnets, NACLs, NAT Gateway, VPC Flow Logs, AWS WAF (OWASP rule set), VPC Endpoints
• 🔒 Cryptography — TLS 1.3 (HTTPS-only, HSTS), AES-256 encryption at rest (KMS-managed keys), Bouncy Castle 1.84
• 📜 Audit & integrity — Javers data auditing, pgaudit, CloudTrail, immutable Git history, GPG-signed commits
• 🕵️ Threat detection — AWS GuardDuty, Security Hub, CloudWatch alarms, CodeQL, OWASP Dependency-Check, ZAP DAST scans
• 🛡️ Supply chain security — SHA-pinned actions, Dependabot, secret scanning, dependency review, SLSA 3 attestations, FOSSA license analysis
• 🤖 AI governance — agent operations governed by Hack23 AI Policy (OWASP LLM + EU AI Act alignment)

Public security evidence

Evidence	Status	Link
🔍 OpenSSF Scorecard	7.2 / 10	scorecard.dev
🛡️ CodeQL Scanning	✅ Active	Security tab
🚨 Dependabot	✅ Active	Vulnerability alerts
🔐 Secret Scanning	✅ Active	GitHub Advanced Security
📊 SonarCloud Security	✅ Active	Security hotspots
🛡️ SLSA Provenance	Level 3	Attestations
📋 FOSSA License Compliance	✅ Active	License report
🏆 CII Best Practices	✅ Passing	Project #770
🛡️ Zero critical CVEs	✅ 5+ years	Continuously verified

---

🚀 Runtime & Build Environment

JDK Version	Status	Notes
	Source Level (LTS)	Maven maven.compiler.source / target = 21
	Compatible (LTS)	Previous production runtime
	Current Runtime	Active production runtime

Development environment

Component	Version	Purpose
Java JDK	26 (Temurin)	Runtime — Adoptium
Java Source	21	Source compatibility — Maven compiler
Maven	3.9.15+	Build automation — Maven
Node.js	24+	Copilot MCP servers, Playwright testing
PostgreSQL	18	Database with pgaudit, pgcrypto, pg_stat_statements

For the canonical setup, see copilot-setup-steps.yml and End-of-Life-Strategy.md.

Quick start

# Build the project (skipping tests)
mvn clean install -DskipTests

# Build with tests
mvn clean install

# Run only unit tests (skip integration & XML adapter tests)
mvn test -Dtest='!**ITest*,!**/XmlDateTypeAdapterTest,!**/XmlTimeTypeAdapterTest,!**/XmlDateTimeTypeAdapterTest'

# Tests with JaCoCo coverage
mvn clean test jacoco:report

# OWASP dependency-check
mvn dependency-check:check

# Run the main module
cd citizen-intelligence-agency
mvn spring-boot:run

💡 Database changes must follow service.data.impl/README-SCHEMA-MAINTENANCE.md. Never manually edit full_schema.sql — always regenerate via pg_dump.

---

🔧 Technology Stack

Category	Technologies
Core Framework	Spring Framework 5.x
Security	Spring Security 5.8.16 · Bouncy Castle 1.84 · Passay 2.0.0
Persistence	Hibernate · JPA / Jakarta · PostgreSQL 18 · Liquibase
Transactions	Narayana (XA / 2PC) integrated with Spring JpaTransactionManager
Auditing	Javers — change tracking & versioning
Rules Engine	Drools — 50 behavioral risk rules
Messaging	ActiveMQ Artemis · Spring JMS
Web / UI	Vaadin 8.14.4 · Vaadin Sass / Themes · Jetty 12.1.8 EE8
Monitoring	JavaMelody · AWS SDK CloudWatch
Testing	JUnit · Mockito · Spring Test · Selenium WebDriver · Playwright
Utilities	Apache Commons · Google Guava · SLF4J · Logback · Jackson
Build	Apache Maven 3.9.15+ — 49+ modules
CI / CD	GitHub Actions · SonarCloud · CodeQL · OWASP ZAP · Dependabot · Step Security Harden-Runner

For the full stack and current versions, see techstack.yml and the per-module Maven sites at hack23.github.io/cia/.

---

☁️ AWS Cloud Architecture

CIA's reference deployment is provisioned via CloudFormation (cia-dist-cloudformation/) and follows the AWS Well-Architected Security Pillar.

Layer	Service	Purpose
🌐 Networking	VPC · NAT Gateway · NACLs · VPC Endpoints · WAF · VPC Flow Logs	Isolated, segmented, web-attack-protected network
🔐 IAM & Crypto	IAM · KMS · ACM · Secrets Manager	Least privilege · key management · TLS · rotated secrets
🌍 DNS / SSL	Route 53 · ACM	Domain & certificate management
⚙️ Compute	EC2 · ALB	Stateless application tier
💾 Data	RDS PostgreSQL Multi-AZ · S3 (KMS-encrypted, lifecycle-policied)	Persistence + artifact storage
📊 Observability	CloudWatch · CloudTrail · Config	Metrics · logs · audit · compliance drift
🛡️ Threat Detection	GuardDuty · Security Hub	ML-based threat detection · centralized findings
🔄 Operations	Systems Manager · Resilience Hub	Automated patching · DR posture

📐 CloudFormation diagram:

For full security-control mapping, see SECURITY_ARCHITECTURE.md and FinancialSecurityPlan.md.

---

📦 Deployment Options

1️⃣ AWS CloudFormation

1. Download the CloudFormation template
2. Create a stack in the AWS CloudFormation console
3. Upload the template, configure parameters, acknowledge IAM, launch
4. Access the application via the URL in the stack outputs

2️⃣ Debian / Ubuntu (24.04+)

# 1. Add PostgreSQL PGDG repository (required for PostgreSQL 18 on Ubuntu 24.04)
sudo install -d /usr/share/postgresql-common/pgdg
sudo curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc
echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" | sudo tee /etc/apt/sources.list.d/pgdg.list
sudo apt-get update

# 2. Install prerequisites
sudo apt-get install openjdk-21-jdk postgresql-18 postgresql-contrib-18 postgresql-18-pgaudit postgresql-18-pgvector

# 3. Configure PostgreSQL (see "PostgreSQL 18 Configuration Guide" below)

# 4. Install the CIA Debian package
wget https://github.com/Hack23/cia/releases/download/2025.1.2/cia-dist-deb-2025.1.2.all.deb
sudo dpkg -i cia-dist-deb-2025.1.2.all.deb

# 5. Access at https://localhost:28443/cia/

---

🐘 PostgreSQL 18 Configuration Guide

A reference configuration with SSL, prepared transactions, and the required extensions.

1. Enable prepared transactions and extensions

Edit /etc/postgresql/18/main/postgresql.conf:

max_prepared_transactions = 100
shared_preload_libraries = 'pg_stat_statements, pgaudit, pgcrypto'
pgaudit.log = ddl
pg_stat_statements.track = all
pg_stat_statements.max = 10000

2. IPv6 loopback access

Edit /etc/postgresql/18/main/pg_hba.conf:

host all all ::1/128 md5

3. SSL certificates

# Generate passphrase, key and self-signed certificate (10-year validity)
openssl rand -base64 48 > passphrase.txt
openssl genrsa -des3 -passout file:passphrase.txt -out server.pass.key 2048
openssl rsa -passin file:passphrase.txt -in server.pass.key -out server.key && rm server.pass.key
openssl req -new -key server.key -out server.csr \
    -subj "/C=UK/ST=Postgresqll/L=Docker/O=Hack23/OU=demo/CN=127.0.0.1"
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
rm passphrase.txt server.csr

4. Deploy SSL artefacts

cp server.crt /var/lib/postgresql/18/main/server.crt
cp server.key /var/lib/postgresql/18/main/server.key && rm server.key
chmod 600 /var/lib/postgresql/18/main/server.key
chmod 644 /var/lib/postgresql/18/main/server.crt
chown -R postgres:postgres /var/lib/postgresql/18/main/

echo "ssl_cert_file = '/var/lib/postgresql/18/main/server.crt'" \
    >> /etc/postgresql/18/main/postgresql.conf
echo "ssl_key_file = '/var/lib/postgresql/18/main/server.key'" \
    >> /etc/postgresql/18/main/postgresql.conf

5. CIA user trust certificate

mkdir -p /opt/cia/.postgresql
cp server.crt /opt/cia/.postgresql/root.crt
chmod 700 /opt/cia/.postgresql/root.crt
chown -R cia:cia /opt/cia/.postgresql/root.crt
rm server.crt

6. Performance tuning

For optimal performance with CIA's 110 views and 93 tables:

Setting	4 GB RAM	8 GB RAM	16 GB+ RAM (production)
shared_buffers	1 GB	2 GB	4 GB
effective_cache_size	3 GB	6 GB	12 GB
maintenance_work_mem	256 MB	512 MB	1 GB
work_mem	16 MB	32 MB	50 MB

-- 8 GB RAM example — adjust to your hardware
ALTER SYSTEM SET shared_buffers = '2GB';
ALTER SYSTEM SET effective_cache_size = '6GB';
ALTER SYSTEM SET maintenance_work_mem = '512MB';
ALTER SYSTEM SET work_mem = '32MB';

-- Checkpoints, WAL
ALTER SYSTEM SET checkpoint_completion_target = 0.9;
ALTER SYSTEM SET wal_buffers = '16MB';
ALTER SYSTEM SET max_wal_size = '4GB';
ALTER SYSTEM SET min_wal_size = '1GB';

-- SSD-optimised query planner
ALTER SYSTEM SET random_page_cost = 1.1;
ALTER SYSTEM SET effective_io_concurrency = 200;

-- Connections
ALTER SYSTEM SET max_connections = 200;

-- Apply
SELECT pg_reload_conf();

📚 For full performance tuning, monitoring and advanced configuration, see service.data.impl/README-SCHEMA-MAINTENANCE.md.

7. Database setup

sudo su - postgres
psql
postgres=# CREATE USER eris WITH password 'discord';
postgres=# CREATE DATABASE cia_dev;
postgres=# GRANT ALL PRIVILEGES ON DATABASE cia_dev TO eris;

⚠️ The credentials above are for local development only. Use custom credentials and update /opt/cia/webapps/cia/WEB-INF/database.properties for any non-development deployment.

---

🤖 GitHub Copilot — Custom Agents & Skills

CIA uses GitHub Copilot custom agents and skills as first-class development assets, governed by the Hack23 AI Policy.

Surface	Catalog	Count
🤖 Custom agents	.github/agents/README.md	6
🧠 Skills library	.github/skills/README.md	80+
⚙️ Workflows	.github/workflows/	13
🔌 MCP servers	.github/copilot-mcp-config.json	github · filesystem · memory · sequential-thinking · playwright
📋 Setup contract	.github/workflows/copilot-setup-steps.yml	Java 26 · Maven 3.9.15 · PostgreSQL 18

Available agents

Agent	Specialty
📋 Task Agent	Product quality, GitHub issue management, ISMS compliance
🛠️ Stack Specialist	Java 26 · Spring · Vaadin · Hibernate / JPA · PostgreSQL
🎨 UI Enhancement Specialist	Vaadin · WCAG 2.1 AA · data visualization · privacy-by-design UI
🕵️ Intelligence Operative	Political science · OSINT · structured analysis · Swedish politics
💼 Business Development Specialist	Strategic planning · partnerships · sustainable revenue · market expansion
📢 Marketing Specialist	Digital marketing · content strategy · community building

Skills library highlights

The skills library contains 80+ skills across security-by-design, ISMS compliance, testing, architecture, intelligence, UI/UX, cloud, and product management. Highlights:

• 🔒 Security: secure-code-review · threat-modeling · secrets-management · input-validation · crypto-best-practices · cis-controls · iso-27001-controls · ai-governance · ci-cd-security
• ✅ Compliance: hack23-information-security-policy · hack23-isms-compliance · gdpr-compliance · compliance-frameworks · classification-framework-enforcement · open-source-policy
• 🧪 Testing: unit-testing-patterns · integration-testing · e2e-testing · playwright-ui-testing · testing-strategy-enforcement · code-quality-checks
• 🏗️ Architecture: hack23-future-architecture-standards · data-pipeline-engineering · api-integration · mcp-server-development · mcp-gateway-configuration · mcp-gateway-security
• 🕵️ Intelligence & OSINT: political-science-analysis · osint-methodologies · intelligence-analysis-techniques · swedish-political-system · electoral-analysis · legislative-monitoring · risk-assessment-frameworks · behavioral-analysis · strategic-communication-analysis · cia-data-integration · european-parliament-api
• 🎨 UI / UX: accessibility-wcag-patterns · advanced-data-visualization · data-visualization-principles · ui-ux-design-system · seo-best-practices

For the full taxonomy and agent ↔ skill matrix, see .github/skills/README.md and .github/agents/README.md.

---

📝 Blog Posts & Technical Analysis

⭐ Simon Moon — Architecture Chronicles

System Architect Simon Moon provides deep architectural analysis of CIA through the lens of pattern recognition:

• 🏛️ CIA Architecture: The Five Pentacles — Five container types crystallised from the parliamentary domain
• 🔐 CIA Security: Defense Through Transparency — Five defensive layers; OpenSSF Scorecard 7.2/10; zero critical CVEs over 5+ years
• 🚀 CIA Future Security: The Pentagon of Tomorrow — Post-quantum cryptography & AI-augmented detection
• 💰 CIA Financial Strategy: $24.70/Day Democracy — AWS-optimised cost architecture
• ⚙️ CIA Workflows: Five-Stage CI/CD & State Machines — DevSecOps automation
• 🗺️ CIA Mindmaps: Conceptual Sacred Geometry — Hierarchical organisational patterns

💻 George Dorn — Code Analysis

Developer George Dorn provides hands-on code analysis based on actual repository inspection:

• 🔍 CIA Code Analysis — 49 modules, 1,300+ Java files, OpenSSF Scorecard 7.2/10

Full collection of 50+ blog posts on cybersecurity, ISMS policies and architectural patterns: Hack23 Security Blog.

---

📊 Project Classification (per ISMS Classification Framework)

See the descriptive Classification table above for confidentiality, integrity, availability, privacy and RTO/RPO levels with rationale. The formal badges below cover project type, Business Impact Analysis (BIA) and strategic position.

🎯 Project type

💰 Business impact analysis matrix

Impact	Financial	Operational	Reputational	Regulatory
🔒 Confidentiality	🟢 Negligible	🟢 Negligible	🟢 Low	🟢 Low
✅ Integrity	🟢 Negligible	🟠 High	🟠 High	🟡 Moderate
⏱️ Availability	🟢 Negligible	🟠 High	🟢 Low	🟢 Low

🛡️ Security investment & strategic position

---

📖 Maven Site Documentation

The complete Maven-generated project documentation is published at hack23.github.io/cia:

Resource	Link
📋 Project reports & module sites	Maven Site Home
🗄️ Hibernate entity model (hbm2doc)	Entity Model
📋 Javadoc API reference	Javadoc
📦 Visual package dependencies	Package graph
🧪 JaCoCo test coverage	Coverage
🏗️ Architecture overview	Architecture
💾 Liquibase database documentation	DB docs

Key module sites

Module	Description	Site
citizen-intelligence-agency	Main web application	link
service.data.impl	Data access & entity model	link
service.impl	Core service implementation	link
service.api	Service API definitions	link
service.external.riksdagen	Swedish Parliament integration	link
service.external.worldbank	World Bank integration	link
service.external.val	Swedish Election Authority	link
service.external.esv	ESV financial data	link
web-widgets	UI widget components	link

---

🤝 Contributing

Contributions welcome under Hack23's secure-development standards.

1. Fork the repo and create a descriptive feature branch
2. GPG-sign every commit · enable MFA on your GitHub account
3. Run quality checks locally: mvn clean install (must pass tests + SonarCloud quality gate)
4. Submit a pull request with a comprehensive description; address review feedback
5. Sign the CLA
6. Never introduce security vulnerabilities; follow CONTRIBUTING.md, CODE_OF_CONDUCT.md, and the Hack23 Secure Development Policy

---

🔒 Reporting Security Issues

For coordinated vulnerability disclosure, follow SECURITY.md. The process aligns with the Hack23 Vulnerability Management Policy and the Incident Response Plan.

---

📚 Related Documents (single index)

🏛️ Architecture & design

• 🏗️ Architecture · 🚀 Future Architecture
• 🧠 Mindmap · 🚀 Future Mindmap
• 📊 Data Model · 🚀 Future Data Model
• 🔄 Flowcharts · 🚀 Future Flowcharts
• 🔄 State Diagrams · 🚀 Future State Diagrams
• 🗄️ Entity Model (hbm2doc) · 📋 Javadoc · 📦 Package graph
• 📖 Maven Site · 📚 DeepWiki

🛡️ Security & compliance

• 🔐 Security Architecture · 🚀 Future Security Architecture
• 🎯 Threat Model · 🔮 Future Threat Model
• 🔐 ISMS Compliance Mapping · 💰 Financial Security Plan
• 📋 CRA Assessment · 🔒 Security Policy · 📋 Business Continuity Plan

🔄 Operations & development

• ⚡ Workflows · 🚀 Future Workflows
• 📅 End-of-Life Strategy · 🧪 Unit Test Plan · 🌐 E2E Test Plan
• 🤝 Contributing · 📜 Code of Conduct · 📝 Doc naming

🎨 Features & dashboards

• ✨ CIA Features (hack23.com)
• 📊 Dashboard (English) · 📊 Politisk Dashboard (Svenska)

🤖 AI & development tools

• 🤖 Copilot Instructions · 👥 Custom agents · 🧠 Skills library

📋 ISMS-PUBLIC policies governing this repository

• 🛡️ Information Security Policy (apex)
• 🛠️ Secure Development Policy
• 🏷️ Classification Framework
• 🎯 Threat Modeling
• 🔍 Vulnerability Management
• 🚨 Incident Response Plan
• 🌐 Network Security Policy
• 🔑 Access Control Policy
• 🔒 Cryptography Policy
• 💾 Backup & Recovery Policy
• 🤖 AI Policy
• 🔐 Secrets Management Policy
• 📦 Open Source Policy
• 🔒 Privacy Policy · 🛡️ Data Protection Policy
• 📊 Information Security Strategy · 📈 Security Metrics

---

🏢 About Hack23

Hack23 AB (Org.nr 559534-7807) — Swedish cybersecurity & open-source-intelligence consultancy.

• 🌐 Website: www.hack23.com · 📰 Blog
• 💼 LinkedIn — Hack23 AB
• 👨‍💻 Founder: James Pether Sörling, CISSP, CISM
• 🛡️ Public ISMS · 🕵️ Citizen Intelligence Agency · 🗳️ Riksdagsmonitor · 🏛️ EU Parliament Monitor · 🤖 European Parliament MCP Server

---

📜 License

Copyright © 2008–2026 Hack23 AB (Org.nr 559534-7807). Licensed under the Apache License 2.0 — see LICENSE.txt.

---

📋 Project Classification: see the Project Classification section above for the full BIA matrix and strategic position. Summary: Data Analytics Platform (OSINT) · Operations · Confidentiality 🟢 Public · Integrity 🟠 High · Availability 🟡 Moderate · Aligned with ISO 27001:2022 · NIST CSF 2.0 · CIS Controls v8.1 · AWS Well-Architected.

---

🕵️ Empower citizens · 🔍 Strengthen democratic accountability · 🏛️ Illuminate the political process