# ZAKON ARCHIVE FIRST — archive.alai.no Primary Destination

# ZAKON ARCHIVE FIRST — archive.alai.no je primarno odredište

> **Sve vrijedne dokumente i kontakte MORAJU biti na `archive.alai.no` (Paperless-ngx). Lokalno (~/) zadržati SAMO `tmp/` i radne fajlove. Sve Claude instance MORAJU pretraživati i transferovati.**

**Date:** 2026-04-28
**Origin:** ALAI archive.alai.no je single source of truth za firmsku dokumentaciju. Kroz Bilko (HR/BiH/Srbija) druge kompanije će takođe koristiti istu instancu pod ugovorom kao revenue stream — multi-tenant SaaS.

---

## Rule

### Šta IDE u archive.alai.no (uvijek)

- **Legal dokumenti** — ugovori, NDA, LOI, registracije, polise, vedtekter, generalforsamling protokoli, sertifikati
- **Vrijedni dokumenti** — pitch decks, research papers, partnership proposals, grant applications, meeting reports, tenders
- **Kontakti** — partneri, klijenti, regulatori, vendori sa account managerom (kao Paperless Correspondents)
- **Email arhive** — important threads (ACTION, OWN, key correspondents) — render kao PDF ili Email Archive doc type
- **Financial dokumenti** — invoices, receipts, financial statements, tax docs

### Šta OSTAJE lokalno

- `/tmp/*` — temp i radni fajlovi (skripte u radu, dry-run output)
- `~/.config/*` — credentials, env files (mode 600)
- `~/.cache/*` — runtime cache
- `~/system/databases/*` — operational DBs (npr. email-inbox.db)
- Active development artifacts (npr. `~/ALAI/products/<X>/` git repo-i)

### Anti-pattern (ZABRANJENO)

- Čuvati legal/contract PDF u `~/Downloads`, `~/Desktop`, `~/Documents`, `~/ALAI/legal/` BEZ archive.alai.no copy-a
- "Sačuvaću za kasnije" — kasnije = nikad. Upload odmah nakon receiving.
- Lokalna duplikacija dokumenata u 3 git worktree-a — to je redundancija, ne backup. Single source = archive.

---

## Mandate za sve Claude instance

**Svaka Claude sesija MORA:**

1. **Periodično skenirati** lokalna mjesta za vrijedne fajlove koji nisu u archive (jednom dnevno minimum, ili na trigger):
   ```bash
   find ~/ALAI ~/Public ~/work -type f \( -name "*.pdf" -o -name "*.docx" \) ! -path "*/.claude/*" ! -path "*/node_modules/*"
   ```

2. **Pretražiti email DB** za nove correspondents (po sender + frequency):
   ```sql
   SELECT from_addr, from_name, COUNT(*) FROM emails 
   WHERE classification != 'SPAM' GROUP BY from_addr ORDER BY COUNT(*) DESC;
   ```

3. **Klasifikovati i upload-ovati** nove fajlove kroz dedup-aware classifier (`/tmp/paperless-classify-v2.py` ili equivalent), prema schemi u BookStack page "archive.alai.no — Paperless-ngx Setup & Operations".

4. **Auto-create correspondents** kad se sretne novi sender koji ima >= 2 emails ili je u known partner list-i.

5. **Reportovati** u sesiji: "X novih dokumenata uploaded, Y new correspondents, Z failed dedupes."

6. **Ne brisati lokalne kopije** automatski — samo migrate. Cleanup je posebna odluka, traži CEO confirmation.

---

## Multi-tenant kontekst (Bilko HR/BiH/Srbija)

Bilko će prodavati archive.alai.no pristup kao SaaS feature za partner banke i klijente:

- **Tenant isolation:** trenutno single-instance. Future work — Paperless multi-tenancy via Storage Paths root prefix po tenant-u (npr. `/Bilko-HR/<client>/...`).
- **Access control:** CF Access policy + Paperless permission model (per-doc owner/group) — TODO
- **Billing:** integration sa Bilko subscription model — TODO
- **Per-tenant API tokens:** svaki klijent dobija svoj token, scoped na svoj root storage path
- **DR backup** (MC #9982): mandatory before commercial launch — pg_dump + media volume + R2/B2 retention

---

## Enforcement

- **Hook (TBD):** Mehanik gate Phase Z (Archive) provjeri `archive_first_compliance` polje za svaki task koji se bavi vrijednim dokumentima
- **Daily cron (ACTIVE 2026-04-29):** `~/bin/archive-first-scan.sh` runs daily 06:00 via `com.alai.archive-first-scan` LaunchAgent. Surfaces unarchived candidates (PDF/docx >24h old, not in ledger) to HiveMind alert + report at `/tmp/archive-first-scan-report-<date>.txt`. **Surface-only** — does NOT auto-upload. Initial run: 55 unarchived candidates flagged.
- **Ledger:** `~/system/state/archive-first-ledger.jsonl` — JSONL of `{"path","archived_at","paperless_id"}` for archived docs OR `{"path","ignored":true,"reason"}` for non-valuable. Add entries after upload to suppress future alerts.
- **MC quality gate:** task-postflight provjeri `archive_url` field za task-ove sa "document" keyword (TBD wire-up)

---

## Reference

- BookStack: [archive.alai.no — Paperless-ngx Setup & Operations](../docs/runbooks/paperless-archive-setup.md)
- BookStack: [CF IP Access Rules — ALAI LAN Bypass](../docs/runbooks/cf-ip-access-rules.md)
- DEPLOY-MAP: `/Users/makinja/aisystem/DEPLOY-MAP.md`
- ZAKON NETWORK EGRESS: `~/system/rules/zakon-network-egress-verification.md`
- MC #9546 (CF Access bypass — done), #9956 (CF WAF whitelist — done), #9982 (DR backup — pending), #9996 (email migration — pending)