ZAKON ARCHIVE FIRST — archive.alai.no Primary Destination ZAKON ARCHIVE FIRST — archive.alai.no je primarno odredište Sve vrijedne dokumente i kontakte MORAJU biti na archive.alai.no (Paperless-ngx). Lokalno (~/) zadržati SAMO tmp/ i radne fajlove. Sve Claude instance MORAJU pretraživati i transferovati. Date: 2026-04-28 Origin: ALAI archive.alai.no je single source of truth za firmsku dokumentaciju. Kroz Bilko (HR/BiH/Srbija) druge kompanije će takođe koristiti istu instancu pod ugovorom kao revenue stream — multi-tenant SaaS. Rule Šta IDE u archive.alai.no (uvijek) Legal dokumenti — ugovori, NDA, LOI, registracije, polise, vedtekter, generalforsamling protokoli, sertifikati Vrijedni dokumenti — pitch decks, research papers, partnership proposals, grant applications, meeting reports, tenders Kontakti — partneri, klijenti, regulatori, vendori sa account managerom (kao Paperless Correspondents) Email arhive — important threads (ACTION, OWN, key correspondents) — render kao PDF ili Email Archive doc type Financial dokumenti — invoices, receipts, financial statements, tax docs Šta OSTAJE lokalno /tmp/* — temp i radni fajlovi (skripte u radu, dry-run output) ~/.config/* — credentials, env files (mode 600) ~/.cache/* — runtime cache ~/system/databases/* — operational DBs (npr. email-inbox.db) Active development artifacts (npr. ~/ALAI/products// git repo-i) Anti-pattern (ZABRANJENO) Čuvati legal/contract PDF u ~/Downloads , ~/Desktop , ~/Documents , ~/ALAI/legal/ BEZ archive.alai.no copy-a "Sačuvaću za kasnije" — kasnije = nikad. Upload odmah nakon receiving. Lokalna duplikacija dokumenata u 3 git worktree-a — to je redundancija, ne backup. Single source = archive. Mandate za sve Claude instance Svaka Claude sesija MORA: Periodično skenirati lokalna mjesta za vrijedne fajlove koji nisu u archive (jednom dnevno minimum, ili na trigger): find ~/ALAI ~/Public ~/work -type f \( -name "*.pdf" -o -name "*.docx" \) ! -path "*/.claude/*" ! -path "*/node_modules/*" Pretražiti email DB za nove correspondents (po sender + frequency): SELECT from_addr, from_name, COUNT(*) FROM emails WHERE classification != 'SPAM' GROUP BY from_addr ORDER BY COUNT(*) DESC; Klasifikovati i upload-ovati nove fajlove kroz dedup-aware classifier ( /tmp/paperless-classify-v2.py ili equivalent), prema schemi u BookStack page "archive.alai.no — Paperless-ngx Setup & Operations". Auto-create correspondents kad se sretne novi sender koji ima >= 2 emails ili je u known partner list-i. Reportovati u sesiji: "X novih dokumenata uploaded, Y new correspondents, Z failed dedupes." Ne brisati lokalne kopije automatski — samo migrate. Cleanup je posebna odluka, traži CEO confirmation. Multi-tenant kontekst (Bilko HR/BiH/Srbija) Bilko će prodavati archive.alai.no pristup kao SaaS feature za partner banke i klijente: Tenant isolation: trenutno single-instance. Future work — Paperless multi-tenancy via Storage Paths root prefix po tenant-u (npr. /Bilko-HR//... ). Access control: CF Access policy + Paperless permission model (per-doc owner/group) — TODO Billing: integration sa Bilko subscription model — TODO Per-tenant API tokens: svaki klijent dobija svoj token, scoped na svoj root storage path DR backup (MC #9982): mandatory before commercial launch — pg_dump + media volume + R2/B2 retention Enforcement Hook (TBD): Mehanik gate Phase Z (Archive) provjeri archive_first_compliance polje za svaki task koji se bavi vrijednim dokumentima Daily cron (ACTIVE 2026-04-29): ~/bin/archive-first-scan.sh runs daily 06:00 via com.alai.archive-first-scan LaunchAgent. Surfaces unarchived candidates (PDF/docx >24h old, not in ledger) to HiveMind alert + report at /tmp/archive-first-scan-report-.txt . Surface-only — does NOT auto-upload. Initial run: 55 unarchived candidates flagged. Ledger: ~/system/state/archive-first-ledger.jsonl — JSONL of {"path","archived_at","paperless_id"} for archived docs OR {"path","ignored":true,"reason"} for non-valuable. Add entries after upload to suppress future alerts. MC quality gate: task-postflight provjeri archive_url field za task-ove sa "document" keyword (TBD wire-up) Reference BookStack: archive.alai.no — Paperless-ngx Setup & Operations BookStack: CF IP Access Rules — ALAI LAN Bypass DEPLOY-MAP: /Users/makinja/aisystem/DEPLOY-MAP.md ZAKON NETWORK EGRESS: ~/system/rules/zakon-network-egress-verification.md MC #9546 (CF Access bypass — done), #9956 (CF WAF whitelist — done), #9982 (DR backup — pending), #9996 (email migration — pending)