john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(project): transition from tractatus-framework to tractatus-website

Browse source 
Major project restructuring to separate framework from website implementation:

Package Changes:
- name: "tractatus-framework" v3.5.0 → "tractatus-website" v0.1.0
- description: Updated to reflect website platform purpose
- Added website-specific scripts (build:css, migrate:docs, etc.)
- Added website dependencies (puppeteer, stripe, i18n, etc.)

README Changes:
- Rewritten to focus on research framework and website
- Updated badges and links
- Added "What is Tractatus?" section
- Removed framework-specific deployment instructions

.gitignore Changes:
- Drastically simplified (189 line reduction)
- Removed public repository protection rules
- This is now the primary development repository

.env Changes:
- Updated examples to reflect website configuration
- Removed framework-specific environment variables

This commit documents that this repository is the WEBSITE implementation,
separate from the tractatus-framework package repository at
github.com/AgenticGovernance/tractatus-framework.

Production deployment remains via manual rsync, NOT GitHub.
This commit is contained in:
TheFlow 2025-10-23 10:57:07 +13:00
parent 153d630156
commit 792a9e55b6
6 changed files with 396 additions and 661 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
.env.example
View file

@ -31,19 +31,3 @@ ENABLE_CASE_SUBMISSIONS=false
# Security
RATE_LIMIT_WINDOW_MS=900000
RATE_LIMIT_MAX_REQUESTS=100
# Koha Donation System (Phase 3)
# Stripe configuration (reuses passport-consolidated account)
STRIPE_SECRET_KEY=sk_test_your_stripe_secret_key_here
STRIPE_PUBLISHABLE_KEY=pk_test_your_stripe_publishable_key_here
STRIPE_KOHA_WEBHOOK_SECRET=whsec_your_webhook_secret_here
# Stripe Price IDs (NZD products)
# Create these in Stripe Dashboard first
STRIPE_KOHA_5_PRICE_ID=price_koha_5_nzd_monthly
STRIPE_KOHA_15_PRICE_ID=price_koha_15_nzd_monthly
STRIPE_KOHA_50_PRICE_ID=price_koha_50_nzd_monthly
STRIPE_KOHA_ONETIME_PRICE_ID=price_koha_onetime
# Frontend URL for redirects
FRONTEND_URL=http://localhost:9000

4
.env.test
View file

@ -1,6 +1,6 @@
NODE_ENV=test
MONGODB_URI=mongodb://localhost:27017/tractatus_test
MONGODB_DB=tractatus_test
MONGODB_URI=mongodb://tractatus_user:uV6IajYK7pdrqY1uGad%2FK%2FLwDIaL7pebLZApPqS1FjE%3D@localhost:27017/tractatus_prod?authSource=tractatus_prod
MONGODB_DB=tractatus_prod
JWT_SECRET=test_secret_for_testing_only
JWT_EXPIRY=7d
ADMIN_EMAIL=admin@tractatus.test

175
.gitignore vendored
View file

@ -1,14 +1,6 @@
# ============================================
# PUBLIC REPOSITORY CONFIGURATION
# tractatus-framework (GitHub Public)
# ============================================
# This .gitignore protects internal development
# files from being pushed to public repository.
# Only open source code and public documentation
# should be in the public tractatus-framework repo.
# Dependencies
node_modules/
package-lock.json
# Environment variables
.env
@ -54,168 +46,3 @@ build/
tmp/
temp/
*.tmp
# ============================================
# INTERNAL FILES - NEVER PUSH TO PUBLIC REPO
# ============================================
# === ENTIRE INTERNAL DIRECTORIES ===
.claude/
governance/
For Claude Web/
umami-local/
# === INTERNAL DEVELOPMENT DOCS ===
CLAUDE.md
CLAUDE.md.backup
CLAUDE_*.md
ClaudeWeb*.md
PRE_APPROVED_COMMANDS.md
BACKEND_FRONTEND_MAPPING.md
# === SESSION HANDOFFS & ARCHIVES ===
SESSION*.md
SESSION-*.md
OPTIMAL_NEXT_SESSION*.md
NEXT_SESSION*.md
ARCHIVE_SUMMARY*.md
CLOSEDOWN*.md
CLOSEDOWN*.txt
closedown prompt
old claude md file
# === INTERNAL PITCH DOCUMENTS ===
PITCH-*.md
TRACTATUS-ELEVATOR-PITCHES.md
CLAUDE_WEB_BRIEF.pdf
EXECUTIVE_BRIEF*.pdf
# === INTERNAL PLANNING ===
PHASE-*.md
MEETING_NOTES*.md
EXECUTIVE_BRIEF*.md
SCHEDULED_TASKS.md
SITE_IMPROVEMENT_PRIORITIES.md
TRACTATUS_BRAND_SYSTEM.md
UI_TRANSFORMATION_PROJECT_PLAN.md
Tractatus-Website-Complete-Specification*.md
# === INTERNAL SCRIPTS ===
scripts/deploy-*.sh
scripts/session-init.js
scripts/check-session-pressure.js
scripts/analyze-violations.js
scripts/hook-validators/
scripts/framework-components/
scripts/reset-admin-password.js
# === INTERNAL DOCS DIRECTORIES ===
docs/session-handoff-*.md
docs/SESSION*.md
docs/planning/
docs/testing/
docs/outreach/
docs/stripe-analysis/
docs/economist-analysis/
docs/framework-incidents/
docs/deployment-logs/
docs/analysis/
docs/analysis-archive-*/
# === INTERNAL DOCS FILES ===
docs/DEPLOYMENT*.md
docs/MULTI_PROJECT*.md
docs/DOCUMENT_AUDIT*.md
docs/DOCUMENT_OPTIMIZATION*.md
docs/DOCUMENT_REORGANIZATION*.md
docs/DOCUMENT_SECURITY*.md
docs/BLOG-POST-OUTLINES.md
docs/PHASE-*.md
docs/STRIPE_*.md
docs/FIND_STRIPE*.md
docs/KOHA*.md
docs/SECURITY*.md
docs/BENCHMARK*.md
docs/IMPLEMENTATION_PROGRESS*.md
docs/BOOTSTRAPPING*.md
docs/GOVERNANCE-RULE-LIBRARY.md
docs/SIMULATION*.md
docs/SESSION*.md
docs/API_MEMORY*.md
docs/HOOKS*.md
docs/FRAMEWORK_FAILURE*.md
docs/PRODUCTION_DEPLOYMENT*.md
# === SENSITIVE FILES ===
*.key
*.pem
*.p12
*.pfx
secrets/
credentials/
ADMIN_LOGIN_INSTRUCTIONS.md
.admin-credentials.local
.stripe-ids.json
.rsyncignore
# === DATABASE DUMPS ===
dump/
backups/
*.sql
*.sql.gz
*.dump
# === SSH KEYS ===
*.ssh/
id_rsa*
id_ed25519*
~/.ssh/
# === DEPLOYMENT CONFIGS ===
deployment-config.json
production.json
# === TEMPORARY AUDIT FILES ===
/tmp/*.md
/tmp/*.txt
deployment-output.txt
migration-output.txt
PERPLEXITY_USER_PROMPT.txt
ECONOMIST_LETTER_*.docx
# === SCREENSHOTS ===
Screenshot*.png
*.screenshot.png
# === BACKUPS ===
*.backup
*.bak
old/
.venv/
.venv-docs/
.memory/
.migration-backup/
scripts/create-live-*.js
pptx-env/
# Internal development files
docs/research/phase-*.md
docs/markdown/phase-*.md
public/admin/claude-*.html
public/js/admin/claude-*.js
scripts/*stripe*.js
scripts/*stripe*.sh
scripts/test-session*.js
scripts/test-deliberation*.js
public/downloads/*claude-code*.pdf
public/downloads/*governance-in-action*.pdf
SECURITY_INCIDENT_POST_MORTEM_2025-10-21.md
# Internal project-specific files (not framework)
SECURITY_INCIDENT_HUMAN_ACTIONS_REQUIRED.md
.claude/instruction-history.json
scripts/add-security-rules-*.js
scripts/apply-governance-audit-*.js
docs/governance/GOVERNANCE_LEARNINGS_*.md
docs/governance/GOVERNANCE_RULES_AUDIT_*.md

603
README.md
View file

@ -1,94 +1,62 @@
# Tractatus Framework
**AI governance framework enforcing architectural safety constraints at runtime**
**Last Updated:** 2025-10-21
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)
[![Release](https://img.shields.io/github/v/release/AgenticGovernance/tractatus-framework)](https://github.com/AgenticGovernance/tractatus-framework/releases)
[![Tests](https://img.shields.io/badge/Tests-17%20passing-green.svg)](tests/)
[![Node](https://img.shields.io/badge/Node.js-18%2B-brightgreen.svg)](https://nodejs.org)
[![MongoDB](https://img.shields.io/badge/MongoDB-7.0%2B-green.svg)](https://www.mongodb.com)
> **Architectural AI Safety Through Structural Constraints**
📚 **[Full Documentation](https://agenticgovernance.digital)** | 📋 **[Changelog](CHANGELOG.md)** | 🔒 **[Security Policy](SECURITY.md)**
A research framework for enforcing AI safety through architectural constraints rather than training-based alignment. Tractatus preserves human agency through **structural, not aspirational** enforcement of decision boundaries.
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
[![Framework](https://img.shields.io/badge/Framework-Research-blue.svg)](https://agenticgovernance.digital)
[![Tests](https://img.shields.io/badge/Tests-238%20passing-brightgreen.svg)](https://github.com/AgenticGovernance/tractatus-framework)
---
## Overview
## 🎯 What is Tractatus?
The Tractatus Framework provides six core services that work together to prevent AI failures by:
- ✅ Enforcing architectural boundaries for human judgment
- ✅ Validating actions against explicit instructions
- ✅ Preventing cached patterns from overriding explicit rules
- ✅ Monitoring context pressure and triggering safety protocols
- ✅ Ensuring value pluralism in multi-stakeholder decisions
Tractatus is an **architectural AI safety framework** that makes certain decisions **structurally impossible** for AI systems to make without human approval. Unlike traditional AI safety approaches that rely on training and alignment, Tractatus uses **runtime enforcement** of decision boundaries.
**Current Release:** v3.5.0 ([Release Notes](https://github.com/AgenticGovernance/tractatus-framework/releases/tag/v3.5.0))
### The Core Problem
Traditional AI safety relies on:
- 🎓 **Alignment training** - Hoping the AI learns the "right" values
- 📜 **Constitutional AI** - Embedding principles in training
- 🔄 **RLHF** - Reinforcement learning from human feedback
These approaches share a fundamental flaw: **they assume the AI will maintain alignment** regardless of capability or context pressure.
### The Tractatus Solution
Tractatus implements **architectural constraints** that:
- ✅ **Block values decisions** - Privacy vs. performance requires human judgment
- ✅ **Prevent instruction override** - Explicit instructions can't be autocorrected by training patterns
- ✅ **Detect context degradation** - Quality metrics trigger session handoffs
- ✅ **Require verification** - Complex operations need metacognitive checks
- ✅ **Persist instructions** - Directives survive across sessions
- ✅ **Facilitate pluralistic deliberation** - Multi-stakeholder values conflicts require structured process
---
## Quick Start
## 🚀 Quick Start
### Using Docker (Recommended)
### Installation
```bash
# Clone the repository
# Clone repository
git clone https://github.com/AgenticGovernance/tractatus-framework.git
cd tractatus-framework
# Start with Docker Compose
cd deployment-quickstart
docker-compose up
# Access the API
curl http://localhost:9000/api
```
### Manual Installation
```bash
# Install dependencies
npm install
# Configure environment
cp .env.example .env
# Edit .env with your MongoDB connection string
# Initialize database
npm run init:db
# Start the server
npm start
# Start development server
npm run dev
```
### Run Tests
```bash
npm test
```
---
## Core Services
The framework provides six governance services:
| Service | Purpose | File |
|---------|---------|------|
| **InstructionPersistenceClassifier** | Classifies instructions by quadrant (STRATEGIC/OPERATIONAL/TACTICAL/SYSTEM/STORAGE) and time-persistence | [src/services/InstructionPersistenceClassifier.service.js](src/services/InstructionPersistenceClassifier.service.js) |
| **CrossReferenceValidator** | Validates actions against explicit instructions to prevent cached pattern overrides | [src/services/CrossReferenceValidator.service.js](src/services/CrossReferenceValidator.service.js) |
| **BoundaryEnforcer** | Enforces Tractatus boundaries ensuring values decisions require human judgment | [src/services/BoundaryEnforcer.service.js](src/services/BoundaryEnforcer.service.js) |
| **ContextPressureMonitor** | Monitors token usage and context pressure, triggering safety protocols at thresholds | [src/services/ContextPressureMonitor.service.js](src/services/ContextPressureMonitor.service.js) |
| **MetacognitiveVerifier** | Verifies action reasoning and confidence, requiring confirmation for low-confidence actions | [src/services/MetacognitiveVerifier.service.js](src/services/MetacognitiveVerifier.service.js) |
| **PluralisticDeliberationOrchestrator** | Manages multi-stakeholder deliberation ensuring value pluralism in decisions | [src/services/PluralisticDeliberationOrchestrator.service.js](src/services/PluralisticDeliberationOrchestrator.service.js) |
### Support Services
- **AnthropicMemoryClient** - Anthropic Memory API integration
- **MemoryProxy** - Hybrid MongoDB + Memory API storage
- **RuleOptimizer** - Rule conflict detection and optimization
- **VariableSubstitution** - Dynamic variable replacement
---
## Basic Usage
### 1. Initialize Services
### Basic Usage
```javascript
const {
@ -96,276 +64,361 @@ const {
CrossReferenceValidator,
BoundaryEnforcer,
ContextPressureMonitor,
MetacognitiveVerifier
MetacognitiveVerifier,
PluralisticDeliberationOrchestrator
} = require('./src/services');
// Services initialize automatically
// Classify an instruction
const classifier = new InstructionPersistenceClassifier();
const validator = new CrossReferenceValidator();
const enforcer = new BoundaryEnforcer();
const monitor = new ContextPressureMonitor();
const verifier = new MetacognitiveVerifier();
```
### 2. Classify Instructions
```javascript
const classification = await classifier.classify({
const classification = classifier.classify({
text: "Always use MongoDB on port 27027",
source: "user",
context: "explicit_configuration"
source: "user"
});
// Returns: { quadrant: "SYSTEM", persistence: "HIGH", ... }
```
// Store in instruction history
await InstructionDB.store(classification);
### 3. Validate Actions
```javascript
// Validate before taking action
const validator = new CrossReferenceValidator();
const validation = await validator.validate({
action: {
type: 'database_config',
proposedPort: 27017
},
instructions: [
{ text: "Always use MongoDB on port 27027", persistence: "HIGH" }
]
port: 27017 // ⚠️ Conflicts with stored instruction!
});
// Returns: { valid: false, conflicts: [...], ... }
// validation.status === 'REJECTED'
// validation.reason === 'Pattern recognition bias override detected'
```
### 4. Enforce Boundaries
---
## 📚 Core Components
The framework consists of **six integrated services** that work together to enforce structural safety:
### 1. **InstructionPersistenceClassifier**
Classifies instructions by quadrant and persistence level:
```javascript
const decision = {
type: 'modify_values_content',
description: 'Update ethical guidelines',
context: { /* ... */ }
};
const result = await enforcer.enforce(decision);
// Returns: { allowed: false, requires_human: true, boundary: "12.3", ... }
{
quadrant: "SYSTEM", // STRATEGIC | OPERATIONAL | TACTICAL | SYSTEM | STOCHASTIC
persistence: "HIGH", // HIGH | MEDIUM | LOW | VARIABLE
temporal_scope: "PROJECT", // SESSION | PROJECT | PERMANENT
verification_required: "MANDATORY"
}
```
### 5. Monitor Context Pressure
### 2. **CrossReferenceValidator**
Prevents the "27027 failure mode" where AI training patterns override explicit instructions:
```javascript
const pressure = await monitor.analyzePressure({
currentTokens: 150000,
maxTokens: 200000,
messageCount: 45
const result = validator.validate(action, { explicit_instructions });
// Blocks: Training pattern overrides, parameter conflicts, scope creep
```
### 3. **BoundaryEnforcer**
Blocks decisions that cross into values territory:
```javascript
const check = enforcer.checkBoundary({
decision: "Update privacy policy for more tracking"
});
// Returns: { level: "HIGH", score: 75, shouldReduce: true, ... }
// Result: BLOCKED - Values decision requires human judgment
```
### 4. **ContextPressureMonitor**
Multi-factor session health tracking:
```javascript
const pressure = monitor.analyze({
tokens: 120000/200000, // 60% token usage
messages: 45, // Conversation length
tasks: 8, // Concurrent complexity
errors: 3 // Recent error count
});
// Level: ELEVATED | Recommendation: INCREASE_VERIFICATION
```
### 5. **MetacognitiveVerifier**
AI self-checks reasoning before proposing actions:
```javascript
const verification = verifier.verify({
action: "Refactor 47 files across 5 system areas",
context: { requested: "Refactor authentication module" }
});
// Decision: REQUIRE_REVIEW (scope creep detected)
```
### 6. **PluralisticDeliberationOrchestrator**
Facilitates multi-stakeholder deliberation when values frameworks conflict:
```javascript
const deliberation = orchestrator.initiate({
decision: "Balance user privacy vs. system security logging",
stakeholders: ["data_subjects", "security_team", "compliance"],
conflict_type: "incommensurable_values"
});
// AI facilitates deliberation structure, humans decide outcome
```
**Full documentation:** [agenticgovernance.digital/docs.html](https://agenticgovernance.digital/docs.html)
---
## API Documentation
## 💡 Real-World Examples
The framework provides RESTful APIs for integration:
### The 27027 Incident
- **[Rules API](docs/api/RULES_API.md)** - Governance rule management (CRUD, search)
- **[Projects API](docs/api/PROJECTS_API.md)** - Multi-project configuration
- **[OpenAPI Specification](docs/api/openapi.yaml)** - Complete API spec (OpenAPI 3.0)
**Problem**: User explicitly instructs "Use MongoDB on port 27027". AI immediately uses port 27017 instead.
### API Endpoints
**Why**: Training pattern "MongoDB = 27017" overrides explicit instruction, like autocorrect changing a deliberately unusual word.
```
/api/governance - Framework operations (status, classify, validate, enforce)
/api/rules - Governance rules CRUD operations
/api/projects - Project configuration management
/api/audit - System audit trail and statistics
```
**Solution**: CrossReferenceValidator blocks the action and enforces user's explicit instruction.
### Code Examples
[Try the Interactive Demo →](https://agenticgovernance.digital/demos/27027-demo.html)
- [JavaScript Examples](docs/api/examples-javascript.md)
- [Python Examples](docs/api/examples-python.md)
### Context Degradation
**Problem**: In extended sessions, error rates increase as context degrades.
**Solution**: ContextPressureMonitor detects degradation and triggers session handoff before quality collapses.
### Values Creep
**Problem**: "Improve performance" request leads AI to suggest weakening privacy protections without asking.
**Solution**: BoundaryEnforcer blocks the privacy/performance trade-off and requires human decision.
---
## Deployment
## 🚨 Learning from Failures: Transparency in Action
### Docker Deployment (Recommended)
**The framework doesn't prevent all failures—it structures detection, response, and learning.**
The quickest way to deploy the framework:
### October 2025: AI Fabrication Incident
```bash
cd deployment-quickstart
docker-compose up -d
```
During development, Claude (running with Tractatus governance) fabricated financial statistics on the landing page:
- $3.77M in annual savings (no basis)
- 1,315% ROI (completely invented)
- False readiness claims (unverified maturity statements)
See [deployment-quickstart/README.md](deployment-quickstart/README.md) for details.
**The framework structured the response:**
**Troubleshooting:** [deployment-quickstart/TROUBLESHOOTING.md](deployment-quickstart/TROUBLESHOOTING.md)
✅ Detected within 48 hours (human review)
✅ Complete incident documentation required
✅ 3 new permanent rules created
✅ Comprehensive audit found related violations
✅ All content corrected same day
✅ Public case studies published for community learning
### Requirements
**Read the full case studies:**
- [Our Framework in Action](https://agenticgovernance.digital/docs.html?doc=framework-in-action-oct-2025) - Practical walkthrough
- [When Frameworks Fail](https://agenticgovernance.digital/docs.html?doc=when-frameworks-fail-oct-2025) - Philosophical perspective
- [Real-World Governance](https://agenticgovernance.digital/docs.html?doc=real-world-governance-case-study-oct-2025) - Educational analysis
- **Node.js:** 18+ (20+ recommended)
- **MongoDB:** 7.0+
- **Docker:** 20+ (for containerized deployment)
- **Memory:** 2GB+ recommended
### Environment Configuration
```bash
cp .env.example .env
```
Edit `.env` with your settings:
- `MONGODB_URI` - MongoDB connection string
- `PORT` - Server port (default: 9000)
- `NODE_ENV` - Environment (development/production)
**Key Lesson:** Governance doesn't ensure perfection—it provides transparency, accountability, and systematic improvement.
---
## Architecture
## 📖 Documentation
### Diagrams
**Complete documentation available at [agenticgovernance.digital](https://agenticgovernance.digital):**
- [Main Framework Flow](docs/diagrams/architecture-main-flow.svg) - How services interact
- [Decision Tree](docs/diagrams/trigger-decision-tree.svg) - Trigger conditions
- **[Introduction](https://agenticgovernance.digital/docs.html)** - Framework overview and philosophy
- **[Core Concepts](https://agenticgovernance.digital/docs.html)** - Deep dive into each service
- **[Implementation Guide](https://agenticgovernance.digital/docs.html)** - Integration instructions
- **[Case Studies](https://agenticgovernance.digital/docs.html)** - Real-world failure modes prevented
- **[API Reference](https://agenticgovernance.digital/docs.html)** - Complete technical documentation
### Key Concepts
**Governance Quadrants:**
- `STRATEGIC` - Long-term vision and values
- `OPERATIONAL` - Day-to-day operations
- `TACTICAL` - Short-term decisions
- `SYSTEM` - Technical configuration
- `STORAGE` - Data persistence
**Persistence Levels:**
- `HIGH` - Permanent, overrides all
- `MEDIUM` - Session-scoped
- `LOW` - Temporary, can be superseded
**Tractatus Boundaries (12.1-12.7):**
- Prevent AI from making value-laden decisions
- Ensure human judgment for ethical choices
- Architectural constraints enforced at runtime
This repository focuses on **open source code and implementation**. For conceptual documentation, research background, and interactive demos, please visit the website.
---
## Testing
## 🧪 Testing
```bash
# Run all tests
npm test
# Run specific suites
npm test -- tests/unit/
npm test -- tests/integration/
# Run specific test suites
npm run test:unit
npm run test:integration
npm run test:security
# Watch mode (development)
npm test -- --watch
# Watch mode
npm run test:watch
```
**Test Coverage:**
- 8 unit tests (all core services)
- 9 integration tests (full framework, APIs, MongoDB)
- Test helpers and fixtures included
**Test Coverage**: 238 tests across core framework services
---
## Database Models
## 🏗️ Architecture
The framework uses MongoDB with 9 models:
**Core Models:**
- `GovernanceRule` - Governance instructions
- `Project` - Project configurations
- `SessionState` - Session tracking
- `VariableValue` - Dynamic variables
**Logging Models:**
- `AuditLog` - System audit trail
- `GovernanceLog` - Governance actions
- `VerificationLog` - Verification results
**Deliberation Models:**
- `DeliberationSession` - Multi-stakeholder sessions
- `Precedent` - Decision precedents
---
## Security
**Security Policy:** See [SECURITY.md](SECURITY.md) for vulnerability reporting.
**Built-in Security Features:**
- Rate limiting (configurable per endpoint)
- Input validation middleware
- Security headers (Helmet + custom CSP)
- Error sanitization (no stack traces in production)
- CORS configuration
- MongoDB connection security
**Report vulnerabilities to:** security@agenticgovernance.digital
---
## Contributing
We welcome contributions! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
**Key areas for contribution:**
- Testing framework components
- Expanding governance rule library
- Documentation improvements
- Bug fixes and performance optimizations
- Integration examples
**Before contributing:**
1. Read the [Code of Conduct](CODE_OF_CONDUCT.md)
2. Check existing [issues](https://github.com/AgenticGovernance/tractatus-framework/issues)
3. Review [contributing guidelines](CONTRIBUTING.md)
---
## Changelog
See [CHANGELOG.md](CHANGELOG.md) for release history and upgrade notes.
**Current Version:** v3.5.0 (Initial Public Release - 2025-10-21)
---
## Support
- **Documentation:** https://agenticgovernance.digital
- **Issues:** [GitHub Issues](https://github.com/AgenticGovernance/tractatus-framework/issues)
- **Discussions:** [GitHub Discussions](https://github.com/AgenticGovernance/tractatus-framework/discussions)
- **Email:** research@agenticgovernance.digital
---
## License
Apache License 2.0 - See [LICENSE](LICENSE) for details.
Copyright 2025 Agentic Governance Project
---
## Citation
If you use this framework in your research or project, please cite:
```bibtex
@software{tractatus_framework,
title = {Tractatus Framework: AI Governance Through Architectural Constraints},
author = {Agentic Governance Project},
year = {2025},
version = {3.5.0},
url = {https://github.com/AgenticGovernance/tractatus-framework},
note = {Release v3.5.0}
}
```
tractatus/
├── src/
│ ├── services/ # Core framework services
│ │ ├── InstructionPersistenceClassifier.service.js
│ │ ├── CrossReferenceValidator.service.js
│ │ ├── BoundaryEnforcer.service.js
│ │ ├── ContextPressureMonitor.service.js
│ │ ├── MetacognitiveVerifier.service.js
│ │ └── PluralisticDeliberationOrchestrator.service.js
│ ├── models/ # Database models (MongoDB)
│ ├── routes/ # API routes
│ └── middleware/ # Framework middleware
├── tests/ # Test suites
│ ├── unit/ # Service unit tests
│ └── integration/ # Integration tests
├── scripts/ # Framework utilities
│ ├── framework-components/ # Proactive scanners
│ └── hook-validators/ # Pre-action validators
├── docs/ # Development documentation
└── public/ # Website frontend
```
---
**Last Updated:** 2025-10-21 | **Status:** ✅ Production Ready
## ⚠️ Current Research Challenges
### Rule Proliferation & Scalability
**Status:** Active research area | **Priority:** High
As the framework learns from failures, instruction count grows organically. Current metrics:
- **Initial deployment:** ~6 core instructions
- **Current state:** 52 active instructions
- **Growth pattern:** Increases with each incident response
**Open questions:**
- At what point does rule proliferation reduce framework effectiveness?
- How do we balance comprehensiveness with cognitive/context load?
- Can machine learning optimize rule selection without undermining transparency?
**Mitigation strategies under investigation:**
- Instruction consolidation and hierarchical organization
- Rule prioritization algorithms
- Context-aware selective loading
- Periodic rule review and deprecation processes
**Research transparency:** We're documenting this limitation openly because architectural honesty is core to the framework's integrity.
---
## 🤝 Contributing
We welcome contributions in several areas:
### Research Contributions
- Formal verification of safety properties
- Extensions to new domains (robotics, autonomous systems)
- Theoretical foundations and proofs
### Implementation Contributions
- Ports to other languages (Python, Rust, Go)
- Integration with other frameworks
- Performance optimizations
### Documentation Contributions
- Tutorials and implementation guides
- Case studies from real deployments
- Translations
**See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.**
---
## 📊 Project Status
**Current Phase**: Research Implementation (October 2025)
✅ All 6 core services implemented
✅ 238 tests passing (unit + integration)
✅ MongoDB persistence operational
✅ Deployed at [agenticgovernance.digital](https://agenticgovernance.digital)
✅ Framework governing its own development (dogfooding)
**Next Milestones:**
- Multi-language ports (Python, TypeScript)
- Enterprise integration guides
- Formal verification research
- Community case study collection
---
## 📜 License
Copyright 2025 John Stroh
Licensed under the Apache License, Version 2.0. See [LICENSE](LICENSE) for full terms.
The Tractatus Framework is open source and free to use, modify, and distribute with attribution.
---
## 🌐 Links
- **Website**: [agenticgovernance.digital](https://agenticgovernance.digital)
- **Documentation**: [agenticgovernance.digital/docs](https://agenticgovernance.digital/docs.html)
- **Interactive Demo**: [27027 Incident](https://agenticgovernance.digital/demos/27027-demo.html)
- **GitHub**: [AgenticGovernance/tractatus-framework](https://github.com/AgenticGovernance/tractatus-framework)
---
## 📧 Contact
- **Email**: john.stroh.nz@pm.me
- **Issues**: [GitHub Issues](https://github.com/AgenticGovernance/tractatus-framework/issues)
- **Discussions**: [GitHub Discussions](https://github.com/AgenticGovernance/tractatus-framework/discussions)
---
## 🙏 Acknowledgments
This framework stands on the shoulders of:
- **Ludwig Wittgenstein** - Philosophical foundations from *Tractatus Logico-Philosophicus*
- **March & Simon** - Organizational theory and decision-making frameworks
- **Isaiah Berlin & Ruth Chang** - Value pluralism and incommensurability theory
- **Anthropic** - Claude AI system for validation and development support
- **Open Source Community** - Tools, libraries, and collaborative development
---
## 📖 Philosophy
> **"Whereof one cannot speak, thereof one must be silent."**
> — Ludwig Wittgenstein
Applied to AI safety:
> **"Whereof the AI cannot safely decide, thereof it must request human judgment."**
Tractatus recognizes that **some decisions cannot be systematized** without value judgments. Rather than pretend AI can make these decisions "correctly," we build systems that **structurally defer to human judgment** in appropriate domains.
This isn't a limitation—it's **architectural integrity**.
---
## 👥 Development Attribution
This framework represents collaborative human-AI development:
- **Conceptual design, governance architecture, and quality oversight**: John Stroh
- **Implementation, documentation, and iterative refinement**: Developed through extended collaboration with Claude (Anthropic)
- **Testing and validation**: Tested across ~500 Claude Code sessions over 6 months
This attribution reflects the reality of modern AI-assisted development while maintaining clear legal copyright (John Stroh) and transparent acknowledgment of AI's substantial role in implementation.
---
<!-- PUBLIC_REPO_SAFE -->
**Tractatus Framework** | [Documentation](https://agenticgovernance.digital/docs.html) | [Apache 2.0 License](LICENSE)

179
package-lock.json generated
View file

@ -18,17 +18,13 @@
"express-rate-limit": "^7.5.1",
"helmet": "^7.1.0",
"highlight.js": "^11.9.0",
"i18next": "^25.6.0",
"i18next-browser-languagedetector": "^8.2.0",
"i18next-http-backend": "^3.0.2",
"jsonwebtoken": "^9.0.2",
"marked": "^11.0.0",
"mongodb": "^6.3.0",
"mongoose": "^8.19.1",
"multer": "^2.0.2",
"puppeteer": "^24.23.0",
"sanitize-html": "^2.11.0",
"stripe": "^19.1.0",
"stripe": "^14.25.0",
"validator": "^13.15.15",
"winston": "^3.11.0"
},
@ -548,6 +544,7 @@
"version": "7.28.4",
"resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.28.4.tgz",
"integrity": "sha512-Q/N6JNWvIvPnLDvjlE1OUBLPQHH6l3CltCEsHIujp45zQUSSh8K+gHnaEX45yAT1nyngnINhvWtzN+Nb9D8RAQ==",
"dev": true,
"license": "MIT",
"engines": {
"node": ">=6.9.0"
@ -1542,7 +1539,6 @@
"version": "18.19.129",
"resolved": "https://registry.npmjs.org/@types/node/-/node-18.19.129.tgz",
"integrity": "sha512-hrmi5jWt2w60ayox3iIXwpMEnfUvOLJCRtrOPbHtH15nTjvO7uhnelvrdAs0dO0/zl5DZ3ZbahiaXEVb54ca/A==",
"devOptional": true,
"license": "MIT",
"dependencies": {
"undici-types": "~5.26.4"
@ -1755,12 +1751,6 @@
"node": ">= 8"
}
},
"node_modules/append-field": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/append-field/-/append-field-1.0.0.tgz",
"integrity": "sha512-klpgFSWLW1ZEs8svjfb7g4qWY0YS5imI82dTg+QahUvJ8YqAY0P10Uk8tTyh9ZGuYEZEMaeJYCF5BFuX552hsw==",
"license": "MIT"
},
"node_modules/aproba": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/aproba/-/aproba-2.1.0.tgz",
@ -2305,19 +2295,9 @@
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz",
"integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==",
"dev": true,
"license": "MIT"
},
"node_modules/busboy": {
"version": "1.6.0",
"resolved": "https://registry.npmjs.org/busboy/-/busboy-1.6.0.tgz",
"integrity": "sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA==",
"dependencies": {
"streamsearch": "^1.1.0"
},
"engines": {
"node": ">=10.16.0"
}
},
"node_modules/bytes": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
@ -2676,21 +2656,6 @@
"integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==",
"license": "MIT"
},
"node_modules/concat-stream": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-2.0.0.tgz",
"integrity": "sha512-MWufYdFw53ccGjCA+Ol7XJYpAlW6/prSMzuPOTRnJGcGzuhLn4Scrz7qf6o8bROZ514ltazcIFJZevcfbo0x7A==",
"engines": [
"node >= 6.0"
],
"license": "MIT",
"dependencies": {
"buffer-from": "^1.0.0",
"inherits": "^2.0.3",
"readable-stream": "^3.0.2",
"typedarray": "^0.0.6"
}
},
"node_modules/concurrently": {
"version": "9.2.1",
"resolved": "https://registry.npmjs.org/concurrently/-/concurrently-9.2.1.tgz",
@ -2871,15 +2836,6 @@
"node": "^14.15.0 || ^16.10.0 || >=18.0.0"
}
},
"node_modules/cross-fetch": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-4.0.0.tgz",
"integrity": "sha512-e4a5N8lVvuLgAWgnCrLr2PP0YyDOTHa9H/Rj54dirp61qXnNq46m82bRhNqIA5VccJtWBvPTFRV3TtvHUKPB1g==",
"license": "MIT",
"dependencies": {
"node-fetch": "^2.6.12"
}
},
"node_modules/cross-spawn": {
"version": "7.0.6",
"resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
@ -4575,55 +4531,6 @@
"node": ">=10.17.0"
}
},
"node_modules/i18next": {
"version": "25.6.0",
"resolved": "https://registry.npmjs.org/i18next/-/i18next-25.6.0.tgz",
"integrity": "sha512-tTn8fLrwBYtnclpL5aPXK/tAYBLWVvoHM1zdfXoRNLcI+RvtMsoZRV98ePlaW3khHYKuNh/Q65W/+NVFUeIwVw==",
"funding": [
{
"type": "individual",
"url": "https://locize.com"
},
{
"type": "individual",
"url": "https://locize.com/i18next.html"
},
{
"type": "individual",
"url": "https://www.i18next.com/how-to/faq#i18next-is-awesome.-how-can-i-support-the-project"
}
],
"license": "MIT",
"dependencies": {
"@babel/runtime": "^7.27.6"
},
"peerDependencies": {
"typescript": "^5"
},
"peerDependenciesMeta": {
"typescript": {
"optional": true
}
}
},
"node_modules/i18next-browser-languagedetector": {
"version": "8.2.0",
"resolved": "https://registry.npmjs.org/i18next-browser-languagedetector/-/i18next-browser-languagedetector-8.2.0.tgz",
"integrity": "sha512-P+3zEKLnOF0qmiesW383vsLdtQVyKtCNA9cjSoKCppTKPQVfKd2W8hbVo5ZhNJKDqeM7BOcvNoKJOjpHh4Js9g==",
"license": "MIT",
"dependencies": {
"@babel/runtime": "^7.23.2"
}
},
"node_modules/i18next-http-backend": {
"version": "3.0.2",
"resolved": "https://registry.npmjs.org/i18next-http-backend/-/i18next-http-backend-3.0.2.tgz",
"integrity": "sha512-PdlvPnvIp4E1sYi46Ik4tBYh/v/NbYfFFgTjkwFl0is8A18s7/bx9aXqsrOax9WUbeNS6mD2oix7Z0yGGf6m5g==",
"license": "MIT",
"dependencies": {
"cross-fetch": "4.0.0"
}
},
"node_modules/iconv-lite": {
"version": "0.4.24",
"resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
@ -6062,15 +5969,6 @@
"node": "*"
}
},
"node_modules/minimist": {
"version": "1.2.8",
"resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz",
"integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==",
"license": "MIT",
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/minipass": {
"version": "5.0.0",
"resolved": "https://registry.npmjs.org/minipass/-/minipass-5.0.0.tgz",
@ -6234,36 +6132,6 @@
"integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
"license": "MIT"
},
"node_modules/multer": {
"version": "2.0.2",
"resolved": "https://registry.npmjs.org/multer/-/multer-2.0.2.tgz",
"integrity": "sha512-u7f2xaZ/UG8oLXHvtF/oWTRvT44p9ecwBBqTwgJVq0+4BW1g8OW01TyMEGWBHbyMOYVHXslaut7qEQ1meATXgw==",
"license": "MIT",
"dependencies": {
"append-field": "^1.0.0",
"busboy": "^1.6.0",
"concat-stream": "^2.0.0",
"mkdirp": "^0.5.6",
"object-assign": "^4.1.1",
"type-is": "^1.6.18",
"xtend": "^4.0.2"
},
"engines": {
"node": ">= 10.16.0"
}
},
"node_modules/multer/node_modules/mkdirp": {
"version": "0.5.6",
"resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz",
"integrity": "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==",
"license": "MIT",
"dependencies": {
"minimist": "^1.2.6"
},
"bin": {
"mkdirp": "bin/cmd.js"
}
},
"node_modules/mustache": {
"version": "4.2.0",
"resolved": "https://registry.npmjs.org/mustache/-/mustache-4.2.0.tgz",
@ -8142,14 +8010,6 @@
"node": ">= 0.8"
}
},
"node_modules/streamsearch": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/streamsearch/-/streamsearch-1.1.0.tgz",
"integrity": "sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==",
"engines": {
"node": ">=10.0.0"
}
},
"node_modules/streamx": {
"version": "2.23.0",
"resolved": "https://registry.npmjs.org/streamx/-/streamx-2.23.0.tgz",
@ -8274,23 +8134,16 @@
}
},
"node_modules/stripe": {
"version": "19.1.0",
"resolved": "https://registry.npmjs.org/stripe/-/stripe-19.1.0.tgz",
"integrity": "sha512-FjgIiE98dMMTNssfdjMvFdD4eZyEzdWAOwPYqzhPRNZeg9ggFWlPXmX1iJKD5pPIwZBaPlC3SayQQkwsPo6/YQ==",
"version": "14.25.0",
"resolved": "https://registry.npmjs.org/stripe/-/stripe-14.25.0.tgz",
"integrity": "sha512-wQS3GNMofCXwH8TSje8E1SE8zr6ODiGtHQgPtO95p9Mb4FhKC9jvXR2NUTpZ9ZINlckJcFidCmaTFV4P6vsb9g==",
"license": "MIT",
"dependencies": {
"@types/node": ">=8.1.0",
"qs": "^6.11.0"
},
"engines": {
"node": ">=16"
},
"peerDependencies": {
"@types/node": ">=16"
},
"peerDependenciesMeta": {
"@types/node": {
"optional": true
}
"node": ">=12.*"
}
},
"node_modules/sucrase": {
@ -8757,12 +8610,6 @@
"integrity": "sha512-SbklCd1F0EiZOyPiW192rrHZzZ5sBijB6xM+cpmrwDqObvdtunOHHIk9fCGsoK5JVIYXoyEp4iEdE3upFH3PAg==",
"license": "MIT"
},
"node_modules/typedarray": {
"version": "0.0.6",
"resolved": "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz",
"integrity": "sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA==",
"license": "MIT"
},
"node_modules/uid-safe": {
"version": "2.1.5",
"resolved": "https://registry.npmjs.org/uid-safe/-/uid-safe-2.1.5.tgz",
@ -8793,7 +8640,6 @@
"version": "5.26.5",
"resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz",
"integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==",
"devOptional": true,
"license": "MIT"
},
"node_modules/unpipe": {
@ -9080,15 +8926,6 @@
}
}
},
"node_modules/xtend": {
"version": "4.0.2",
"resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz",
"integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==",
"license": "MIT",
"engines": {
"node": ">=0.4"
}
},
"node_modules/y18n": {
"version": "5.0.8",
"resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz",

78
package.json
View file

@ -1,49 +1,83 @@
{
"name": "tractatus-framework",
"version": "3.5.0",
"description": "AI governance framework enforcing architectural safety constraints at runtime",
"name": "tractatus-website",
"version": "0.1.0",
"description": "Tractatus-Based LLM Safety Framework website platform",
"main": "src/server.js",
"scripts": {
"start": "node src/server.js",
"dev": "concurrently -n \"SERVER,WATCHDOG\" -c \"cyan,magenta\" \"nodemon src/server.js\" \"node scripts/framework-watchdog.js\"",
"dev:simple": "nodemon src/server.js",
"build:css": "npx tailwindcss -i ./public/css/src/tailwind.css -o ./public/css/tailwind.css --minify",
"watch:css": "npx tailwindcss -i ./public/css/src/tailwind.css -o ./public/css/tailwind.css --watch",
"update:cache": "node scripts/update-cache-version.js",
"build": "npm run update:cache && npm run build:css",
"test": "jest --coverage",
"test:watch": "jest --watch",
"test:unit": "jest tests/unit",
"test:integration": "jest tests/integration"
"test:integration": "jest tests/integration",
"test:security": "jest tests/security",
"lint": "eslint src/ tests/",
"lint:fix": "eslint src/ tests/ --fix",
"migrate:docs": "node scripts/migrate-documents.js",
"init:db": "node scripts/init-db.js",
"init:koha": "node scripts/init-koha.js",
"seed:admin": "node scripts/seed-admin.js",
"seed:projects": "node scripts/seed-projects.js",
"generate:pdfs": "node scripts/generate-pdfs.js",
"deploy": "npm run build && bash scripts/deploy-frontend.sh",
"framework:init": "node scripts/session-init.js",
"framework:watchdog": "node scripts/framework-watchdog.js",
"framework:check": "node scripts/pre-action-check.js",
"framework:recover": "node scripts/recover-framework.js",
"check:csp": "node scripts/check-csp-violations.js",
"fix:csp": "node scripts/fix-csp-violations.js"
},
"keywords": [
"ai-governance",
"ai-safety",
"llm-governance",
"framework",
"runtime-constraints"
"llm",
"tractatus",
"digital-sovereignty",
"ai-governance"
],
"author": "Agentic Governance Project",
"author": "John Stroh <john.stroh.nz@pm.me>",
"license": "Apache-2.0",
"repository": {
"type": "git",
"url": "https://github.com/AgenticGovernance/tractatus-framework.git"
},
"dependencies": {
"bcrypt": "^5.1.1",
"cookie-parser": "^1.4.7",
"cors": "^2.8.5",
"csurf": "^1.11.0",
"dotenv": "^16.3.1",
"express": "^4.18.2",
"express-rate-limit": "^7.5.1",
"helmet": "^7.1.0",
"highlight.js": "^11.9.0",
"i18next": "^25.6.0",
"i18next-browser-languagedetector": "^8.2.0",
"i18next-http-backend": "^3.0.2",
"jsonwebtoken": "^9.0.2",
"marked": "^11.0.0",
"mongodb": "^6.3.0",
"mongoose": "^8.19.1",
"multer": "^2.0.2",
"puppeteer": "^24.23.0",
"sanitize-html": "^2.11.0",
"stripe": "^19.1.0",
"validator": "^13.15.15",
"winston": "^3.11.0"
},
"devDependencies": {
"@anthropic-ai/sdk": "^0.65.0",
"autoprefixer": "^10.4.21",
"axe-core": "^4.10.3",
"concurrently": "^9.2.1",
"eslint": "^8.56.0",
"jest": "^29.7.0",
"supertest": "^6.3.3"
},
"peerDependencies": {
"@anthropic-ai/sdk": "^0.65.0"
},
"peerDependenciesMeta": {
"@anthropic-ai/sdk": {
"optional": true
}
"nodemon": "^3.0.2",
"pa11y": "^9.0.1",
"pa11y-reporter-html": "^2.0.0",
"postcss": "^8.5.6",
"supertest": "^6.3.3",
"tailwindcss": "^3.4.18"
},
"engines": {
"node": ">=18.0.0",