Zero Trust Gating
To protect sensitive notes without compromising the public nature of the wiki, the Digital Brain implements Identity-Aware Proxying (IAP) via Cloudflare Zero Trust.
🛡️ Implementation Details
- Protected Path:
/private/* - Mechanism: Cloudflare Access (Self-hosted application).
- Authentication: Email One-Time Pin (OTP).
- Policy: Restricted to authorized identity only.
⚙️ How it Works
- When a user requests a file under
/private/, Cloudflare intercepts the request at the Edge. - If the user is unauthenticated, they are redirected to a secure login page.
- Upon entering the authorized email, an OTP is sent.
- After verification, Cloudflare sets a JWT cookie, allowing access to the protected static assets.
🚀 Benefits
- No Backend Required: Securely gates static files on Cloudflare Pages without a server.
- True Privacy: The encrypted bytes never reach an unauthorized browser.
- Scalability: Can be extended to allow collaborators by simply updating the Access Policy.
Status: IMPLEMENTED (2026-04-22)