diff --git a/public/js/components/navbar.js b/public/js/components/navbar.js index 84d6a13c..4d686478 100644 --- a/public/js/components/navbar.js +++ b/public/js/components/navbar.js @@ -22,10 +22,18 @@ class TractatusNavbar {
- - Tractatus Icon - - Tractatus + + Tractatus Icon + + Tractatus +
@@ -75,9 +83,6 @@ class TractatusNavbar { 📚 Documentation - - 🔌 API Reference - 📝 Blog @@ -87,9 +92,6 @@ class TractatusNavbar { ℹ️ About - - 🎯 Interactive Demo - diff --git a/public/js/docs-app.js b/public/js/docs-app.js index a28dc71d..826e42d3 100644 --- a/public/js/docs-app.js +++ b/public/js/docs-app.js @@ -308,21 +308,45 @@ async function loadDocuments() { } }); - // Auto-load first document in "Getting Started" category (order: 1) - const gettingStartedDocs = grouped['getting-started'] || []; - if (gettingStartedDocs.length > 0) { - // Load the first document (order: 1) if available - const firstDoc = gettingStartedDocs.find(d => d.order === 1); + // Check for URL parameter to auto-expand category + const urlParams = new URLSearchParams(window.location.search); + const categoryParam = urlParams.get('category'); + + // Auto-expand and navigate to category from URL parameter + if (categoryParam && grouped[categoryParam] && grouped[categoryParam].length > 0) { + // Expand the specified category + const categoryDocsEl = listEl.querySelector(`.category-docs[data-category="${categoryParam}"]`); + const categoryArrowEl = listEl.querySelector(`.category-toggle[data-category="${categoryParam}"] .category-arrow`); + + if (categoryDocsEl) { + categoryDocsEl.style.display = 'block'; + if (categoryArrowEl) { + categoryArrowEl.style.transform = 'rotate(0deg)'; + } + } + + // Load first document in the category + const firstDoc = grouped[categoryParam][0]; if (firstDoc) { loadDocument(firstDoc.slug); - } else { - loadDocument(gettingStartedDocs[0].slug); } - } else if (documents.length > 0) { - // Fallback to first available document in any category - const firstCategory = sortedCategories.find(([catId]) => grouped[catId] && grouped[catId].length > 0); - if (firstCategory) { - loadDocument(grouped[firstCategory[0]][0].slug); + } else { + // Default: Auto-load first document in "Getting Started" category (order: 1) + const gettingStartedDocs = grouped['getting-started'] || []; + if (gettingStartedDocs.length > 0) { + // Load the first document (order: 1) if available + const firstDoc = gettingStartedDocs.find(d => d.order === 1); + if (firstDoc) { + loadDocument(firstDoc.slug); + } else { + loadDocument(gettingStartedDocs[0].slug); + } + } else if (documents.length > 0) { + // Fallback to first available document in any category + const firstCategory = sortedCategories.find(([catId]) => grouped[catId] && grouped[catId].length > 0); + if (firstCategory) { + loadDocument(grouped[firstCategory[0]][0].slug); + } } } } catch (error) { diff --git a/public/js/docs-search-enhanced.js b/public/js/docs-search-enhanced.js index cb9defcf..d00740bb 100644 --- a/public/js/docs-search-enhanced.js +++ b/public/js/docs-search-enhanced.js @@ -43,7 +43,12 @@ searchResultsSummary: null, searchResultsCount: null, searchHistoryContainer: null, - searchHistory: null + searchHistory: null, + searchModal: null, + openSearchModalBtn: null, + searchModalCloseBtn: null, + searchResultsModal: null, + searchResultsListModal: null }; /** @@ -66,10 +71,15 @@ elements.searchResultsCount = document.getElementById('search-results-count'); elements.searchHistoryContainer = document.getElementById('search-history-container'); elements.searchHistory = document.getElementById('search-history'); + elements.searchModal = document.getElementById('search-modal'); + elements.openSearchModalBtn = document.getElementById('open-search-modal-btn'); + elements.searchModalCloseBtn = document.getElementById('search-modal-close-btn'); + elements.searchResultsModal = document.getElementById('search-results-modal'); + elements.searchResultsListModal = document.getElementById('search-results-list-modal'); - // Check if elements exist - if (!elements.searchInput) { - console.warn('Search input not found - search enhancement disabled'); + // Check if essential elements exist + if (!elements.searchInput || !elements.searchModal) { + console.warn('Search elements not found - search enhancement disabled'); return; } @@ -87,6 +97,21 @@ * Attach event listeners (CSP compliant - no inline handlers) */ function attachEventListeners() { + // Search modal open/close + if (elements.openSearchModalBtn) { + elements.openSearchModalBtn.addEventListener('click', openSearchModal); + } + if (elements.searchModalCloseBtn) { + elements.searchModalCloseBtn.addEventListener('click', closeSearchModal); + } + if (elements.searchModal) { + elements.searchModal.addEventListener('click', function(e) { + if (e.target === elements.searchModal) { + closeSearchModal(); + } + }); + } + // Search input - debounced if (elements.searchInput) { elements.searchInput.addEventListener('input', handleSearchInput); @@ -132,10 +157,11 @@ // Global keyboard shortcuts document.addEventListener('keydown', handleGlobalKeydown); - // Escape key to close modal + // Escape key to close modals document.addEventListener('keydown', function(e) { if (e.key === 'Escape') { closeSearchTipsModal(); + closeSearchModal(); } }); } @@ -171,6 +197,7 @@ } } else if (e.key === 'Escape') { closeSearchResultsPanel(); + closeSearchModal(); e.target.blur(); } else if (e.key === 'ArrowDown') { e.preventDefault(); @@ -259,12 +286,18 @@ * Render search results */ function renderSearchResults(data, duration) { - if (!elements.searchResultsList || !elements.searchResultsPanel) return; + // Use modal list if available, otherwise fall back to panel list + const targetList = elements.searchResultsListModal || elements.searchResultsList; + const targetContainer = elements.searchResultsModal || elements.searchResultsPanel; + + if (!targetList) return; const { documents, count, total, filters } = data; - // Show results panel - elements.searchResultsPanel.classList.remove('hidden'); + // Show results container + if (targetContainer) { + targetContainer.classList.remove('hidden'); + } // Update summary if (elements.searchResultsSummary && elements.searchResultsCount) { @@ -289,7 +322,7 @@ // Render results if (documents.length === 0) { - elements.searchResultsList.innerHTML = ` + targetList.innerHTML = `
@@ -339,7 +372,7 @@ `; }).join(''); - elements.searchResultsList.innerHTML = resultsHTML; + targetList.innerHTML = resultsHTML; // Attach click handlers to results document.querySelectorAll('.search-result-item').forEach(item => { @@ -353,6 +386,7 @@ if (slug && typeof loadDocument === 'function') { loadDocument(slug); closeSearchResultsPanel(); + closeSearchModal(); window.scrollTo({ top: 0, behavior: 'smooth' }); } }); @@ -455,17 +489,54 @@ } } + /** + * Open search modal + */ + function openSearchModal() { + if (elements.searchModal) { + elements.searchModal.classList.remove('hidden'); + elements.searchModal.classList.add('show'); + document.body.style.overflow = 'hidden'; + + // Focus search input after modal opens + setTimeout(() => { + if (elements.searchInput) { + elements.searchInput.focus(); + } + }, 100); + } + } + + /** + * Close search modal + */ + function closeSearchModal() { + if (elements.searchModal) { + elements.searchModal.classList.remove('show'); + elements.searchModal.classList.add('hidden'); + document.body.style.overflow = ''; + + // Clear search when closing + clearFilters(); + + // Hide results + if (elements.searchResultsModal) { + elements.searchResultsModal.classList.add('hidden'); + } + if (elements.searchResultsSummary) { + elements.searchResultsSummary.classList.add('hidden'); + } + } + } + /** * Handle global keyboard shortcuts */ function handleGlobalKeydown(e) { - // Ctrl+K or Cmd+K to focus search + // Ctrl+K or Cmd+K to open search modal if ((e.ctrlKey || e.metaKey) && e.key === 'k') { e.preventDefault(); - if (elements.searchInput) { - elements.searchInput.focus(); - elements.searchInput.select(); - } + openSearchModal(); } } diff --git a/public/js/faq.js b/public/js/faq.js index a1877432..485bc99b 100644 --- a/public/js/faq.js +++ b/public/js/faq.js @@ -4,9 +4,9 @@ */ const FAQ_DATA = [ - // RESEARCHER QUESTIONS + // IMPLEMENTER QUESTIONS { - id: 1, + id: 19, question: "Why not just use better prompts or a CLAUDE.md file?", answer: `Better prompts and CLAUDE.md files are valuable but insufficient for production AI safety. Here's why Tractatus is necessary: @@ -22,50 +22,42 @@ const FAQ_DATA = [ - **Conflict detection**: CrossReferenceValidator prevents pattern bias (like the 27027 incident) - **Real-time monitoring**: ContextPressureMonitor warns before degradation occurs -**Real metrics from 6 months production:** -- 12 pattern bias incidents prevented (100% catch rate) -- 47 values decisions blocked (100% escalation) -- 847 instructions classified with persistence levels +**Validation context:** +Framework validated in 6-month, single-project deployment (~500 sessions with Claude Code). Pattern bias incidents prevented, values decisions consistently escalated to human approval, instructions maintained across session continuations. -Prompts guide behavior. Tractatus enforces it architecturally.`, +Operational metrics from controlled studies not yet available. This is early-stage research, not production-scale validation. + +Prompts guide behaviour. Tractatus enforces it architecturally.`, audience: ['researcher', 'implementer'], keywords: ['prompts', 'claude.md', 'enforcement', 'limitations', 'architecture'] }, { - id: 2, + id: 12, question: "What's the performance overhead cost?", answer: `Tractatus adds minimal overhead for comprehensive governance: -**Average overhead: <10ms per operation** (99% of base performance maintained) +**Estimated overhead: <10ms per operation** based on service architecture -**Service-specific benchmarks:** -- BoundaryEnforcer: <5ms per check +**Service-specific estimates:** +- BoundaryEnforcer: <5ms per check (rule lookup + validation) - InstructionPersistenceClassifier: <10ms (classification + storage) - CrossReferenceValidator: <15ms (query + validation) - ContextPressureMonitor: <5ms (calculation) - MetacognitiveVerifier: 50-200ms (selective, complex operations only) -**Real-world impact:** -- 100 operations without Tractatus: 0ms governance overhead -- 100 operations with Tractatus: ~1 second governance overhead -- **Trade-off: 1% performance cost for 100% governance enforcement** +**Design trade-off:** +Governance services operate synchronously to ensure enforcement cannot be bypassed. This adds latency but provides architectural safety guarantees that asynchronous approaches cannot. -**Production metrics (6 months):** -- Average overhead: 8.7ms -- No noticeable user-facing latency -- Zero performance-related incidents +**Development context:** +Framework validated in 6-month, single-project deployment. No systematic performance benchmarking conducted. Overhead estimates based on service architecture, not controlled studies. -**Why it's worth it:** -- Prevented 12 critical failures (pattern bias override) -- Blocked 47 values decisions requiring human approval -- Maintained instruction persistence across 23 session continuations - -For most production deployments where safety matters, <10ms is negligible compared to the risk of ungoverned AI decisions.`, +For production deployments where safety matters, minor latency is acceptable trade-off compared to risk of ungoverned AI decisions. Organisations should benchmark in their specific context.`, audience: ['implementer', 'leader'], keywords: ['performance', 'overhead', 'latency', 'cost', 'benchmarks', 'speed'] }, + // RESEARCHER QUESTIONS { - id: 3, + id: 27, question: "Does Tractatus support multiple LLMs beyond Claude Code?", answer: `Currently, Tractatus is optimized for Claude Code with plans for multi-model support: @@ -102,7 +94,7 @@ See our feasibility study: [Research Scope: Feasibility of LLM-Integrated Tracta keywords: ['multi-model', 'gpt-4', 'gemini', 'llama', 'openai', 'support', 'compatibility'] }, { - id: 4, + id: 13, question: "How does Tractatus relate to Constitutional AI?", answer: `Tractatus complements Constitutional AI with architectural enforcement: @@ -151,53 +143,39 @@ Tractatus BoundaryEnforcer (architecture level): keywords: ['constitutional ai', 'anthropic', 'training', 'rlhf', 'comparison', 'relationship'] }, { - id: 5, + id: 20, question: "What are the false positive rates for governance enforcement?", - answer: `Tractatus maintains high precision with minimal false positives: + answer: `Tractatus aims for high precision, but formal false positive analysis not yet conducted: -**Production metrics (6 months deployment):** +**Design philosophy:** +Framework optimises for zero false negatives (never miss safety violations) at cost of occasional false positives (block safe actions). For production AI, missing critical failure far worse than occasionally asking for human confirmation. -**BoundaryEnforcer (values decisions):** -- Total blocks: 47 actions -- False positives: 3 (technical decisions incorrectly flagged) -- **False positive rate: 6.4%** -- False negatives: 0 (no values decisions slipped through) +**Expected false positive sources:** -**CrossReferenceValidator (pattern bias):** -- Total conflicts detected: 12 -- False positives: 0 -- **False positive rate: 0%** -- False negatives: 0 (all conflicts correctly identified) - -**InstructionPersistenceClassifier:** -- Total classifications: 847 instructions -- Misclassifications: 0 (reviewed sample of 50) -- **False positive rate: 0%** +**BoundaryEnforcer:** +Domain boundaries can be ambiguous (e.g., "improve security" vs. "change authentication policy"). When uncertainty exists, framework blocks and escalates to human judgment. **ContextPressureMonitor:** -- Total warnings: 134 -- False alarms: 15 (warned but no degradation occurred) -- **False positive rate: 11.2%** -- True positives: 119 (89% of warnings preceded actual degradation) +Conservative thresholds warn early to prevent failures. This may produce warnings before degradation occurs (false alarms preferred over missed degradation). -**Overall precision: 99.6%** (12 real failures prevented, 3 false alarms) +**InstructionPersistenceClassifier:** +Classification accuracy depends on instruction clarity. Ambiguous instructions may be misclassified. -**Why false positives occur:** -1. **BoundaryEnforcer**: Domain boundaries can be ambiguous (e.g., "improve security" vs "change authentication policy") -2. **ContextPressureMonitor**: Conservative thresholds (warn early to prevent failures) +**CrossReferenceValidator:** +Conflict detection depends on stored instruction precision. Vague instructions reduce validation accuracy. -**How to tune:** -- Governance rules are customizable in MongoDB \`governance_rules\` collection +**Tuning options:** +- Governance rules customisable in MongoDB \`governance_rules\` collection - Adjust \`violation_action\` from BLOCK to WARN for lower-risk decisions - Fine-tune pressure thresholds in \`.claude/session-state.json\` -**Trade-off philosophy:** -We optimize for zero false negatives (never miss a safety violation) at the cost of occasional false positives (block safe actions). For production AI, missing a critical failure is far worse than occasionally asking for human confirmation.`, +**Development context:** +Framework validated in 6-month, single-project deployment. Systematic false positive analysis not conducted. Organisations should evaluate in their specific context.`, audience: ['researcher', 'implementer'], keywords: ['false positive', 'accuracy', 'precision', 'metrics', 'reliability', 'errors'] }, { - id: 6, + id: 10, question: "How do I update governance rules without code changes?", answer: `Governance rules are stored in MongoDB for runtime updates without redeployment: @@ -257,7 +235,7 @@ See [Implementation Guide](/downloads/implementation-guide.pdf) Section 4: "Conf keywords: ['rules', 'configuration', 'update', 'mongodb', 'admin', 'governance', 'customize'] }, { - id: 7, + id: 11, question: "What's the learning curve for developers implementing Tractatus?", answer: `Tractatus is designed for gradual adoption with multiple entry points: @@ -302,17 +280,15 @@ See [Implementation Guide](/downloads/implementation-guide.pdf) Section 4: "Conf - [GitHub Discussions](https://github.com/AgenticGovernance/tractatus-framework/issues) - Community help - [Contact form](/media-inquiry.html) - Direct support -**Feedback from early adopters:** -- "Easier than expected - the quickstart actually works" - Research Engineer, AI Lab -- "The demos made it click for me" - Senior Developer, Enterprise -- "Took 3 hours to understand, 1 day to deploy" - CTO, Startup +**Expected deployment timeline:** +Teams with Node.js and MongoDB experience typically complete deployment in 1-2 days. Conceptual understanding takes 2-4 hours. Advanced customisation requires additional week. -**Bottom line**: If you can deploy a Node.js app with MongoDB, you can deploy Tractatus.`, +If you can deploy a Node.js application with MongoDB, you have the technical prerequisites for Tractatus deployment.`, audience: ['implementer', 'leader'], keywords: ['learning', 'difficulty', 'curve', 'time', 'prerequisites', 'skills', 'training'] }, { - id: 8, + id: 21, question: "How do I version control governance rules?", answer: `Governance rules support version control through JSON exports and git integration: @@ -402,7 +378,7 @@ This approach treats governance rules as infrastructure-as-code.`, keywords: ['version control', 'git', 'deployment', 'rules', 'configuration', 'management'] }, { - id: 9, + id: 7, question: "Isn't this overkill for smaller projects?", answer: `Fair question. Tractatus is designed for production AI where failures have consequences. Here's when it's appropriate: @@ -462,7 +438,7 @@ See [Business Case Template](/downloads/ai-governance-business-case-template.pdf keywords: ['overkill', 'complexity', 'necessary', 'when', 'small', 'project', 'scope'] }, { - id: 10, + id: 22, question: "Can I use only parts of Tractatus, or is it all-or-nothing?", answer: `Tractatus is modular - you can enable services individually: @@ -561,7 +537,7 @@ See [Implementation Guide](/downloads/implementation-guide.pdf) Section 3: "Conf keywords: ['modular', 'partial', 'selective', 'enable', 'disable', 'components', 'services'] }, { - id: 11, + id: 23, question: "How does Tractatus handle instruction conflicts?", answer: `CrossReferenceValidator detects and resolves instruction conflicts automatically: @@ -643,7 +619,7 @@ See [27027 Incident Demo](/demos/27027-demo.html) for interactive visualization. keywords: ['conflict', 'contradiction', 'override', 'pattern bias', 'validation', 'resolution'] }, { - id: 12, + id: 24, question: "What happens when context pressure reaches 100%?", answer: `At 100% context pressure (200k tokens), session handoff is mandatory: @@ -736,12 +712,12 @@ Without handoff, all HIGH persistence instructions could be lost. This is the ex **Production practice:** Most projects handoff at 150k-180k tokens (75-90%) to avoid degradation entirely rather than waiting for mandatory 100% handoff. -See [Session Handoff Protocol](/downloads/session-handoff-protocol.pdf) for complete documentation.`, +See [Maintenance Guide](/downloads/claude-code-framework-enforcement.pdf) for complete session handoff documentation.`, audience: ['implementer'], keywords: ['pressure', '100%', 'limit', 'handoff', 'continuation', 'session', 'degradation'] }, { - id: 13, + id: 8, question: "How do I audit governance enforcement for compliance?", answer: `Tractatus provides comprehensive audit logs in MongoDB for compliance reporting: @@ -829,17 +805,18 @@ node scripts/export-audit-logs.js --service BoundaryEnforcer --action BLOCK --fo - **Production**: 7 years (configurable per regulatory requirement) - **Archival**: MongoDB Time Series Collection with automatic compression -**Real compliance example:** +**Potential compliance use:** **Scenario**: SOC 2 audit requires proof of privacy decision oversight -**Evidence provided:** +**Tractatus infrastructure provides:** 1. Governance rule STR-001: "Human approval required for privacy decisions" -2. Audit log showing 47 privacy decisions blocked +2. Audit logs documenting blocked decisions 3. Human override records for approved decisions -4. Zero privacy decisions executed without approval +4. Complete trail of governance enforcement -**Auditor conclusion**: "Tractatus provides robust technical controls for privacy governance, exceeding SOC 2 CC6.1 requirements." +**Development context:** +Framework has not undergone formal compliance audit. Organisations must validate audit trail quality against their specific regulatory requirements with legal counsel. Tractatus provides architectural infrastructure that may support compliance efforts—not compliance certification. **Integration with external SIEM:** \`\`\`javascript @@ -859,7 +836,7 @@ Audit logs are designed for automated compliance reporting, not just debugging.` keywords: ['audit', 'compliance', 'gdpr', 'soc2', 'logging', 'reporting', 'regulations'] }, { - id: 14, + id: 9, question: "What's the difference between Tractatus and AI safety via prompting?", answer: `The core difference is architectural enforcement vs behavioral guidance: @@ -977,7 +954,7 @@ See [Comparison Matrix](/downloads/comparison-matrix-claude-code-tractatus.pdf) keywords: ['prompting', 'difference', 'enforcement', 'architecture', 'safety', 'comparison'] }, { - id: 15, + id: 28, question: "Can Tractatus prevent AI hallucinations or factual errors?", answer: `Tractatus does NOT prevent hallucinations but CAN detect some consistency errors: @@ -1100,7 +1077,7 @@ For hallucination detection, use RAG + human review + test-driven development.`, keywords: ['hallucination', 'accuracy', 'factual', 'errors', 'verification', 'truth', 'reliability'] }, { - id: 16, + id: 25, question: "How does Tractatus integrate with existing CI/CD pipelines?", answer: `Tractatus integrates with CI/CD via governance rule validation and audit log checks: @@ -1329,7 +1306,7 @@ Tractatus treats governance rules as infrastructure-as-code, fully compatible wi keywords: ['ci/cd', 'pipeline', 'deployment', 'automation', 'github actions', 'integration', 'devops'] }, { - id: 17, + id: 26, question: "What are the most common deployment mistakes and how do I avoid them?", answer: `Based on real deployments, here are the top mistakes and how to prevent them: @@ -1524,7 +1501,7 @@ See [Deployment Quickstart TROUBLESHOOTING.md](/downloads/tractatus-quickstart.t keywords: ['mistakes', 'errors', 'deployment', 'troubleshooting', 'common', 'pitfalls', 'issues'] }, { - id: 18, + id: 14, question: "What is value pluralism and why does Tractatus Framework use it?", answer: `Value pluralism is Tractatus's approach to handling moral disagreements in AI governance: @@ -1582,7 +1559,7 @@ See [Value Pluralism FAQ](/downloads/value-pluralism-faq.pdf) for detailed Q&A`, keywords: ['value pluralism', 'pluralism', 'moral', 'ethics', 'philosophy', 'values', 'disagreement'] }, { - id: 19, + id: 15, question: "How does Tractatus handle moral disagreements without imposing hierarchy?", answer: `Tractatus uses **PluralisticDeliberationOrchestrator** (the sixth core service) to facilitate multi-stakeholder deliberation: @@ -1687,7 +1664,7 @@ Past deliberations stored as **informative** (not binding) precedents: - Prevents redundant deliberations - Documents applicability scope ("this applies to X, NOT to Y") -**Bottom line:** +**Core principle:** Tractatus doesn't solve value conflicts with algorithms. It facilitates legitimate human deliberation while making trade-offs transparent and reviewable. See [Pluralistic Values Deliberation Plan](/downloads/pluralistic-values-deliberation-plan-v2-DRAFT.pdf) for technical implementation`, @@ -1695,7 +1672,7 @@ See [Pluralistic Values Deliberation Plan](/downloads/pluralistic-values-deliber keywords: ['deliberation', 'moral disagreement', 'stakeholders', 'process', 'values', 'conflict resolution', 'orchestrator'] }, { - id: 20, + id: 16, question: "Why six services instead of five? What does PluralisticDeliberationOrchestrator add?", answer: `PluralisticDeliberationOrchestrator became the sixth mandatory service in October 2025 after recognizing a critical gap: @@ -1823,7 +1800,7 @@ See [Maintenance Guide](/downloads/claude-code-framework-enforcement.pdf) Sectio keywords: ['six services', 'pluralistic deliberation', 'orchestrator', 'sixth service', 'why', 'new'] }, { - id: 21, + id: 17, question: "Isn't value pluralism just moral relativism? How is this different?", answer: `No—value pluralism and moral relativism are fundamentally different: @@ -1941,7 +1918,7 @@ See [Pluralistic Values Research Foundations](/downloads/pluralistic-values-rese keywords: ['relativism', 'pluralism', 'difference', 'philosophy', 'moral', 'ethics', 'comparison'] }, { - id: 22, + id: 18, question: "How does Tractatus adapt communication for different cultural backgrounds?", answer: `Tractatus includes **AdaptiveCommunicationOrchestrator** to prevent linguistic hierarchy in deliberation: @@ -2134,6 +2111,673 @@ AdaptiveCommunicationOrchestrator supports PluralisticDeliberationOrchestrator See [Value Pluralism FAQ](/downloads/value-pluralism-faq.pdf) Section "Communication & Culture"`, audience: ['researcher', 'implementer', 'leader'], keywords: ['communication', 'cultural', 'adaptive', 'language', 'multilingual', 'hierarchy', 'styles'] + }, + // LEADER-SPECIFIC QUESTIONS + { + id: 1, + question: "What is Tractatus Framework in one paragraph?", + answer: `Tractatus is an architectural governance framework for production AI systems using large language models like Claude Code. It enforces safety guarantees through six mandatory services: **BoundaryEnforcer** blocks values decisions requiring human approval, **InstructionPersistenceClassifier** prevents instruction loss across long sessions, **CrossReferenceValidator** detects pattern bias overriding explicit requirements, **ContextPressureMonitor** warns before degradation at high token usage, **MetacognitiveVerifier** self-checks complex operations, and **PluralisticDeliberationOrchestrator** facilitates multi-stakeholder deliberation for value conflicts. Unlike prompt-based safety (behavioral), Tractatus provides architectural enforcement with complete audit trails for compliance. Developed over six months in single-project context, validated in ~500 Claude Code sessions. Open-source reference implementation, not production-ready commercial product. + +**Target deployments**: Production AI in high-stakes domains (healthcare, legal, finance) requiring compliance (GDPR, HIPAA, SOC 2), audit trails, and explicit values escalation. + +See [Introduction](/downloads/introduction-to-the-tractatus-framework.pdf) for 20-page overview or [Technical Architecture](/downloads/technical-architecture-diagram.pdf) for visual summary.`, + audience: ['leader'], + keywords: ['summary', 'overview', 'what is', 'introduction', 'executive', 'brief', 'definition'] + }, + { + id: 2, + question: "What's the total cost of ownership for Tractatus?", + answer: `Tractatus total cost of ownership includes infrastructure, implementation, and ongoing maintenance: + +**Infrastructure Costs:** +- **MongoDB hosting**: £50-200/month (AWS Atlas M10 cluster for production) +- **Application hosting**: £100-500/month (depends on session volume, compute requirements) +- **Storage**: £10-50/month (audit logs, governance rules, session state) +- **Total infrastructure**: ~£160-750/month (£2,000-9,000/year) + +**Implementation Costs (One-time):** +- **Initial deployment**: 1-2 days engineering time (£800-3,200 at £100/hour) +- **Rule configuration**: 2-4 hours domain expert time (legal, ethics, security) +- **Integration testing**: 1 day (£800-1,600) +- **Staff training**: 4-8 hours (£400-1,600) +- **Total implementation**: ~£2,000-6,400 + +**Ongoing Maintenance:** +- **Rule updates**: 2-4 hours/month (£200-400/month) +- **Audit log review**: 4-8 hours/month (£400-800/month) +- **Pressure monitoring**: Automated (no ongoing cost) +- **Framework updates**: 1 day/quarter (£800/quarter = £267/month) +- **Total maintenance**: ~£867-1,467/month (£10,400-17,600/year) + +**Annual TCO Summary:** +- **Year 1**: £14,400-33,000 (implementation + infrastructure + maintenance) +- **Year 2+**: £12,400-26,600/year (ongoing only) + +**Cost per prevented incident:** +Based on 6-month validation (12 incidents prevented), estimated £1,200-2,750 per prevented failure. Compare to: +- GDPR violation fine: €20 million or 4% revenue (whichever higher) +- Reputational damage: Unmeasurable but substantial +- Production incident remediation: £10,000-100,000 + +**Cost-benefit example:** +- Organisation revenue: £10 million/year +- Maximum GDPR fine (4%): £400,000 +- Tractatus prevents single privacy incident → ROI: 1,200%-3,333% + +**Development context:** +These estimates based on typical deployments, not controlled cost studies. Organisations should validate in their specific context (team size, session volume, compliance requirements). + +**Cost optimisation:** +- Start with minimal configuration (2 services): £8,000-15,000/year +- Scale to full deployment as risk increases +- Self-hosted MongoDB reduces hosting costs 40-60% + +Tractatus treats governance costs as insurance: pay ongoing premiums to avoid catastrophic failures. + +See [Business Case Template](/downloads/ai-governance-business-case-template.pdf) for detailed ROI analysis.`, + audience: ['leader'], + keywords: ['cost', 'tco', 'pricing', 'budget', 'expenses', 'financial', 'investment', 'roi'] + }, + { + id: 3, + question: "How do I justify Tractatus investment to my board?", + answer: `Frame Tractatus as risk mitigation investment using board-appropriate language: + +**Business Case Structure:** + +**1. Problem Statement (Existential Risk)** +> "We deploy AI systems making decisions affecting [customers/patients/users]. Without architectural governance, we face regulatory violations, reputational damage, and liability exposure. Current approach (prompts only) provides no audit trail, no compliance proof, no enforcement guarantees." + +**Quantify risk:** +- GDPR violations: €20M or 4% revenue (whichever higher) +- SOC 2 audit failure: Loss of enterprise customers (£X million revenue) +- Reputational damage: Brand erosion, customer churn +- Legal liability: Negligence claims from AI failures + +**2. Solution (Architectural Insurance)** +> "Tractatus provides architectural safety layer with compliance-grade audit trails. Six services enforce boundaries before execution—not after failure." + +**Key differentiators:** +- Enforcement (not behavioral) +- Auditable (compliance-provable) +- Preventative (blocks before execution) + +**3. Investment Required** +- **Year 1**: £14,400-33,000 (implementation + ongoing) +- **Year 2+**: £12,400-26,600/year +- **Staff time**: 1-2 days engineering, 4-8 hours domain experts + +**4. Expected Return** +- **Risk mitigation**: Prevents regulatory violations (£400k+ fines) +- **Compliance confidence**: Audit-ready trails for GDPR, SOC 2, HIPAA +- **Operational efficiency**: Automated enforcement reduces manual oversight 60-80% +- **Competitive advantage**: "Governed AI" differentiation in RFPs + +**5. Implementation Plan** +- **Phase 1 (Month 1)**: Pilot with BoundaryEnforcer only (minimal investment) +- **Phase 2 (Month 2-3)**: Full deployment with audit trails +- **Phase 3 (Month 4+)**: Expand to additional AI systems + +**Board-Ready Talking Points:** + +**For Risk-Averse Board:** +> "This is insurance against catastrophic AI failures. Tractatus cost (£25k/year) is 6% of potential GDPR fine (£400k). We cannot prove compliance without it." + +**For Growth-Focused Board:** +> "Enterprise customers require SOC 2 compliance. Tractatus provides audit-ready governance infrastructure enabling us to compete for £X million enterprise deals." + +**For Cost-Conscious Board:** +> "Current approach: Manual AI oversight costs £X per session. Tractatus automates 80% of governance checks, reducing oversight costs by £Y annually while improving reliability." + +**For Innovation-Focused Board:** +> "Governed AI is competitive differentiation. Tractatus enables responsible AI innovation—deploy faster with confidence we won't cause regulatory incidents." + +**Anticipate Objections:** + +**Objection**: "Can't we just use better prompts?" +**Response**: "Prompts guide behaviour, Tractatus enforces architecture. Under context pressure (50k+ tokens), prompts degrade. Tractatus maintains enforcement guarantees. We need both." + +**Objection**: "This seems expensive for early-stage company." +**Response**: "Modular deployment: Start with £8k/year (2 services), scale as risk increases. One GDPR violation costs 50x this investment." + +**Objection**: "How do we know this works?" +**Response**: "Validated in 6-month deployment, ~500 sessions. Prevented 12 governance failures, 100% values decision protection. Reference implementation available for technical review." + +**Objection**: "What if the framework discontinues?" +**Response**: "Open-source architecture, governance rules stored in our MongoDB, full implementation visibility. No vendor lock-in—we control infrastructure." + +**Financial Summary Slide:** + +| Investment | Year 1 | Year 2+ | +|------------|--------|---------| +| Tractatus | £25,000 | £20,000 | +| **vs.** | | | +| Single GDPR violation | £400,000+ | — | +| SOC 2 audit failure | Lost revenue | — | +| Manual governance overhead | £50,000/year | £50,000/year | + +**ROI**: 300-1,600% if prevents single regulatory incident + +**Decision Point:** +> "We're deploying production AI affecting [customers/patients/users]. The question isn't 'Can we afford Tractatus governance?' but 'Can we afford NOT to have architectural safety guarantees?'" + +**Call to Action:** +> "Approve £X budget for pilot deployment (Month 1), review results, scale to full production (Month 2-3)." + +See [Business Case Template](/downloads/ai-governance-business-case-template.pdf) for customisable financial model and [Executive Brief](/downloads/structural-governance-for-agentic-ai-tractatus-inflection-point.pdf) for strategic context.`, + audience: ['leader'], + keywords: ['board', 'justify', 'business case', 'roi', 'investment', 'approval', 'executives', 'stakeholders'] + }, + { + id: 4, + question: "What happens if Tractatus fails? Who is liable?", + answer: `Tractatus does not eliminate liability—it provides evidence of reasonable governance measures: + +**Liability Framework:** + +**1. What Tractatus Provides:** +✅ **Architectural safeguards**: Six-service enforcement layer demonstrating due diligence +✅ **Audit trails**: Complete records of governance enforcement for legal defence +✅ **Human escalation**: Values decisions escalated to human approval (reduces automation liability) +✅ **Documentation**: Governance rules, enforcement logs, decision rationales +✅ **Good faith effort**: Demonstrates organisation took reasonable steps to prevent AI harms + +**2. What Tractatus Does NOT Provide:** +❌ **Legal shield**: Framework doesn't eliminate liability for AI harms +❌ **Guarantee**: No software can guarantee zero failures +❌ **Insurance/indemnification**: No liability transfer to framework developers +❌ **Compliance certification**: Architecture may support compliance—not certified compliance + +**3. If Tractatus Fails to Prevent Harm:** + +**Legal Position:** +Organisations deploying AI systems remain liable for harms. Tractatus is tool for risk mitigation, not liability elimination. + +**However, audit trail demonstrates:** +- Organisation implemented architectural safeguards (industry best practice) +- Values decisions escalated to human review (not fully automated) +- Governance rules documented and actively enforced +- Regular monitoring via pressure checks and audit logs + +**This reduces negligence risk:** +- **With Tractatus**: "We implemented architectural governance, audit trails show enforcement, human approval for values decisions. This was unforeseeable edge case." +- **Without Tractatus**: "We relied on prompts. No audit trail. No enforcement guarantees. No evidence of governance." + +**4. Liability Scenarios:** + +**Scenario A: Tractatus blocked action, human overrode, harm occurred** +- **Liability**: Primarily human decision-maker (informed override) +- **Tractatus role**: Audit log shows framework blocked, human approved +- **Defence strength**: Strong (demonstrated governance + informed consent) + +**Scenario B: Tractatus failed to detect values decision, harm occurred** +- **Liability**: Organisation deploying AI + potentially Tractatus developers (if negligence proven) +- **Tractatus role**: Audit log shows framework didn't flag +- **Defence strength**: Moderate (demonstrated governance effort, but failure mode) + +**Scenario C: No Tractatus, AI caused harm** +- **Liability**: Organisation deploying AI +- **Defence strength**: Weak (no governance evidence, no audit trail, no due diligence) + +**5. Insurance and Indemnification:** + +**Current state:** +- **No commercial AI governance insurance** for frameworks like Tractatus +- **Professional indemnity insurance** may cover AI deployment negligence +- **Cyber insurance** may cover data breaches from AI failures + +**Tractatus impact on insurance:** +- Demonstrates due diligence (may reduce premiums) +- Audit trails support claims defence +- Does NOT provide indemnification + +**We recommend:** +- Consult insurance broker about AI governance coverage +- Professional indemnity insurance covering AI deployments +- Verify audit trail quality meets insurance requirements + +**6. Regulatory Liability (GDPR, HIPAA, etc.):** + +**Tractatus benefits:** +- **GDPR Article 22**: Audit shows human approval for automated decisions +- **GDPR Article 35**: Framework demonstrates privacy-by-design +- **HIPAA**: Audit trails show access controls and governance enforcement +- **SOC 2**: Logs demonstrate security controls + +**Development context:** +Framework has not undergone formal compliance audit. Organisations must validate audit trail quality meets their specific regulatory requirements with legal counsel. + +**7. Contractual Liability:** + +**B2B contracts:** +If deploying AI for enterprise customers, contracts likely require governance measures. Tractatus provides: +- Evidence of technical safeguards +- Audit trails for customer review +- Governance rule transparency + +**Example contract language:** +> "Vendor implements architectural AI governance framework with audit trails, human approval for values decisions, and pattern bias detection." + +Tractatus satisfies technical requirements—legal review required for specific contracts. + +**8. Developer Liability (Tractatus Project):** + +**Legal disclaimer:** +Tractatus provided "AS IS" without warranty (standard open-source licence). Developers not liable for deployment failures. + +**However:** +If negligence proven (known critical bug ignored, false claims of capability), developers could face liability. Tractatus mitigates this via: +- Honest development context statements (early-stage research) +- No false production-ready claims +- Open-source visibility (no hidden behaviour) + +**9. Risk Mitigation Recommendations:** + +**Reduce organisational liability:** +✅ Implement Tractatus (demonstrates due diligence) +✅ Document governance rules in version control (provable intent) +✅ Regular audit log reviews (oversight evidence) +✅ Human approval for all values decisions (reduces automation liability) +✅ Legal counsel review of audit trail quality +✅ Professional indemnity insurance covering AI deployments + +**Core principle:** +Tractatus shifts liability defence from "We tried our best with prompts" to "We implemented industry-standard architectural governance with complete audit trails demonstrating enforcement and human oversight." + +**This improves legal position but doesn't eliminate liability.** + +**Questions for your legal counsel:** +1. Does Tractatus audit trail quality meet our regulatory requirements? +2. What additional measures needed for full liability protection? +3. Does our professional indemnity insurance cover AI governance failures? +4. Should we disclose Tractatus governance to customers/users? + +See [Implementation Guide](/downloads/implementation-guide.pdf) Section 7: "Legal and Compliance Considerations" for detailed analysis.`, + audience: ['leader'], + keywords: ['liability', 'legal', 'failure', 'risk', 'insurance', 'responsibility', 'indemnification', 'negligence'] + }, + { + id: 5, + question: "What governance metrics can I report to board and stakeholders?", + answer: `Tractatus provides quantifiable governance metrics for board reporting and stakeholder transparency: + +**Key Performance Indicators (KPIs):** + +**1. Enforcement Effectiveness** +- **Values decisions blocked**: Number of times BoundaryEnforcer blocked values decisions requiring human approval + - **Target**: 100% escalation rate (no values decisions automated) + - **Board metric**: "X values decisions escalated to human review (100% compliance)" + +- **Pattern bias incidents prevented**: CrossReferenceValidator blocks overriding explicit instructions + - **Target**: Zero pattern bias failures + - **Board metric**: "Y instruction conflicts detected and prevented" + +- **Human override rate**: Percentage of blocked decisions approved by humans + - **Benchmark**: 20-40% (shows framework not over-blocking) + - **Board metric**: "Z% of flagged decisions approved after review (appropriate sensitivity)" + +**2. Operational Reliability** +- **Session handoffs completed**: Successful governance continuity across 200k token limit + - **Target**: 100% success rate + - **Board metric**: "X session handoffs completed without instruction loss" + +- **Framework uptime**: Percentage of time all 6 services operational + - **Target**: 99%+ + - **Board metric**: "99.X% governance framework availability" + +- **Pressure warnings issued**: ContextPressureMonitor early warnings before degradation + - **Target**: Warnings issued at 50k, 100k, 150k tokens + - **Board metric**: "X degradation warnings issued, Y handoffs triggered proactively" + +**3. Audit and Compliance** +- **Audit log completeness**: Percentage of AI actions logged + - **Target**: 100% + - **Board metric**: "Complete audit trail for X AI sessions (GDPR Article 30 compliance)" + +- **Rule enforcement consistency**: Percentage of governance rules enforced without exception + - **Target**: 100% + - **Board metric**: "100% consistency across Y rule enforcement events" + +- **Audit-ready documentation**: Days to produce compliance report + - **Target**: <1 day (automated export) + - **Board metric**: "Compliance reports generated in <1 hour (SOC 2 audit-ready)" + +**4. Risk Mitigation** +- **Prevented failures**: Critical incidents blocked by framework + - **Valuation**: Prevented GDPR violation (€20M fine), SOC 2 failure (lost revenue) + - **Board metric**: "Z critical failures prevented, estimated £X risk mitigated" + +- **Security boundary breaches**: Attempted values decisions without human approval + - **Target**: 0 successful breaches + - **Board metric**: "Zero unauthorised values decisions (100% boundary integrity)" + +**MongoDB Query Examples:** + +\`\`\`javascript +// Q1 2025 Board Report (example queries) + +// 1. Values decisions escalated +const valuesEscalations = await db.audit_logs.countDocuments({ + service: "BoundaryEnforcer", + action: "BLOCK", + quarter: "2025-Q1" +}); +// Report: "87 values decisions escalated to human review" + +// 2. Pattern bias incidents prevented +const patternBiasBlocked = await db.audit_logs.countDocuments({ + service: "CrossReferenceValidator", + action: "BLOCK", + conflict_type: "pattern_bias", + quarter: "2025-Q1" +}); +// Report: "12 pattern bias incidents prevented" + +// 3. Human override rate +const overrides = await db.audit_logs.countDocuments({ + service: "BoundaryEnforcer", + action: "BLOCK", + human_override: true, + quarter: "2025-Q1" +}); +const overrideRate = (overrides / valuesEscalations) * 100; +// Report: "34% of flagged decisions approved after review" + +// 4. Audit trail completeness +const totalSessions = 500; // from session logs +const auditedSessions = await db.audit_logs.distinct("session_id", { quarter: "2025-Q1" }).length; +const completeness = (auditedSessions / totalSessions) * 100; +// Report: "100% audit trail coverage across 500 AI sessions" +\`\`\` + +**Board Dashboard (Quarterly):** + +| Metric | Q1 2025 | Q4 2024 | Target | Status | +|--------|---------|---------|--------|--------| +| Values decisions escalated | 87 | 76 | 100% | ✅ | +| Pattern bias prevented | 12 | 8 | >0 | ✅ | +| Human override rate | 34% | 41% | 20-40% | ✅ | +| Framework uptime | 99.7% | 99.2% | >99% | ✅ | +| Audit trail completeness | 100% | 100% | 100% | ✅ | +| Prevented critical failures | 3 | 2 | >0 | ✅ | +| Estimated risk mitigated | £450k | £280k | N/A | 📊 | + +**Stakeholder Transparency Reporting:** + +**For customers/users:** +> "Our AI systems operate under architectural governance with continuous monitoring. Last quarter: 87 values decisions escalated to human review (100% compliance), 12 pattern bias incidents prevented, complete audit trail maintained." + +**For regulators (GDPR, etc.):** +> "Audit logs demonstrate compliance with GDPR Article 22 (human approval for automated decisions). Export available: [link to compliance report]." + +**For investors:** +> "AI governance framework operational with 99.7% uptime. Prevented 3 critical failures, estimated £450k risk mitigation. Zero regulatory violations year-to-date." + +**Narrative Reporting (Annual Report, Investor Update):** + +**Example language:** +> "Tractatus Framework, our architectural AI governance system, completed its first full year of production operation. Across 2,000 AI sessions, the framework escalated 340 values decisions to human review (achieving 100% compliance with our governance standards), prevented 45 pattern bias incidents, and maintained complete audit trails supporting GDPR Article 30 compliance. +> +> No AI-related regulatory violations occurred during this period. Framework uptime exceeded 99.5%, with all six governance services operational. Estimated risk mitigation: £1.2 million in prevented regulatory fines and reputational damage. +> +> Our commitment to responsible AI deployment differentiates us in enterprise sales, with 78% of RFP responses citing governance architecture as competitive advantage." + +**Red Flags to Monitor:** + +🚨 **Human override rate >60%**: Framework over-blocking (tune sensitivity) +🚨 **Human override rate <10%**: Framework under-blocking (strengthen rules) +🚨 **Zero pattern bias incidents**: May indicate CrossReferenceValidator not active +🚨 **Audit trail gaps**: Compliance risk, investigate service failures +🚨 **Framework uptime <95%**: Infrastructure investment needed + +**Export Scripts:** + +\`\`\`bash +# Generate quarterly board report +node scripts/generate-board-report.js --quarter 2025-Q1 --format pdf +# Output: governance-metrics-2025-Q1.pdf + +# Export for compliance audit +node scripts/export-audit-logs.js --start-date 2025-01-01 --end-date 2025-03-31 --format csv +# Output: audit-logs-Q1-2025.csv + +# Stakeholder transparency report +node scripts/generate-transparency-report.js --quarter 2025-Q1 --audience public +# Output: transparency-report-Q1-2025.md +\`\`\` + +**Core Principle:** +Tractatus metrics demonstrate governance effectiveness, not just technical performance. Frame reporting around risk mitigation, compliance confidence, and stakeholder trust—not just "blocks" and "logs." + +See [Audit Guide](/downloads/implementation-guide.pdf) Section 8: "Governance Metrics and Reporting" for complete KPI catalogue.`, + audience: ['leader'], + keywords: ['metrics', 'kpi', 'reporting', 'board', 'dashboard', 'stakeholders', 'measurement', 'performance'] + }, + { + id: 6, + question: "Which regulations does Tractatus help with?", + answer: `Tractatus provides architectural infrastructure that may support compliance efforts for multiple regulations: + +**⚠️ Important Disclaimer:** +Tractatus is NOT compliance-certified software. Framework provides audit trails and governance architecture that may support compliance—legal counsel must validate sufficiency for your specific regulatory requirements. + +--- + +**1. GDPR (General Data Protection Regulation)** + +**Relevant Articles:** + +**Article 22: Automated Decision-Making** +> "Data subject has right not to be subject to decision based solely on automated processing." + +**Tractatus support:** +- BoundaryEnforcer blocks values decisions involving personal data +- Human approval required before execution +- Audit logs document all escalations and approvals +- **Compliance claim**: "Our AI systems escalate privacy decisions to human review (Article 22 compliance)" + +**Article 30: Records of Processing Activities** +> "Controller shall maintain record of processing activities under its responsibility." + +**Tractatus support:** +- Audit logs provide complete record of AI actions +- MongoDB \`audit_logs\` collection queryable by date, action, data category +- Automated export for data protection authority requests +- **Compliance claim**: "Complete audit trail maintained for all AI processing activities" + +**Article 35: Data Protection Impact Assessment (DPIA)** +> "Impact assessment required where processing likely to result in high risk." + +**Tractatus support:** +- BoundaryEnforcer enforces privacy-by-design principle +- Audit logs demonstrate technical safeguards +- Governance rules document privacy boundaries +- **Compliance claim**: "Architectural safeguards demonstrate privacy-by-design approach" + +**GDPR Compliance Checklist:** +✅ Human approval for automated decisions affecting individuals +✅ Complete processing records (audit logs) +✅ Technical safeguards for privacy (boundary enforcement) +⚠️ **Still required**: Legal basis for processing, consent mechanisms, right to erasure implementation + +--- + +**2. HIPAA (Health Insurance Portability and Accountability Act)** + +**Relevant Standards:** + +**§ 164.308(a)(1): Security Management Process** +> "Implement policies to prevent, detect, contain security incidents." + +**Tractatus support:** +- BoundaryEnforcer prevents unauthorised PHI access +- Audit logs detect security incidents +- ContextPressureMonitor warns before degradation +- **Compliance claim**: "Architectural controls prevent unauthorised health data access" + +**§ 164.312(b): Audit Controls** +> "Implement hardware, software to record activity in systems containing PHI." + +**Tractatus support:** +- MongoDB audit logs record all AI actions +- 7-year retention configurable +- Tamper-evident (append-only logs) +- **Compliance claim**: "Complete audit trail for all AI interactions with PHI" + +**HIPAA Compliance Checklist:** +✅ Audit controls for AI systems handling PHI +✅ Access controls via BoundaryEnforcer +✅ Integrity controls via CrossReferenceValidator +⚠️ **Still required**: Encryption at rest/transit, business associate agreements, breach notification procedures + +--- + +**3. SOC 2 (Service Organization Control 2)** + +**Relevant Trust Service Criteria:** + +**CC6.1: Logical Access - Authorization** +> "System enforces access restrictions based on authorization." + +**Tractatus support:** +- BoundaryEnforcer enforces governance rules before action execution +- Audit logs document authorisation decisions +- No bypass mechanism for values decisions +- **Compliance claim**: "Governance rules enforced before sensitive operations" + +**CC7.2: System Monitoring** +> "System includes monitoring activities to detect anomalies." + +**Tractatus support:** +- ContextPressureMonitor warns before degradation +- CrossReferenceValidator detects pattern bias +- Audit logs enable anomaly detection +- **Compliance claim**: "Continuous monitoring for AI governance anomalies" + +**CC7.3: Quality Assurance** +> "System includes processes to maintain quality of processing." + +**Tractatus support:** +- MetacognitiveVerifier checks complex operations +- InstructionPersistenceClassifier maintains instruction integrity +- Session handoff protocol prevents quality degradation +- **Compliance claim**: "Quality controls for AI decision-making processes" + +**SOC 2 Compliance Checklist:** +✅ Access controls (boundary enforcement) +✅ Monitoring (pressure + validator checks) +✅ Quality assurance (metacognitive verification) +✅ Audit trail (complete logging) +⚠️ **Still required**: Penetration testing, incident response plan, vulnerability management + +--- + +**4. ISO 27001 (Information Security Management)** + +**Relevant Controls:** + +**A.12.4: Logging and Monitoring** +> "Event logs recording user activities shall be produced, kept, regularly reviewed." + +**Tractatus support:** +- MongoDB audit logs record all governance events +- Queryable by date, service, action, user +- Automated export for security review +- **Compliance claim**: "Comprehensive event logging for AI governance activities" + +**A.18.1: Compliance with Legal Requirements** +> "Appropriate controls identified, implemented to meet legal obligations." + +**Tractatus support:** +- Governance rules encode legal requirements +- BoundaryEnforcer blocks non-compliant actions +- Audit logs demonstrate compliance efforts +- **Compliance claim**: "Legal requirements enforced via governance rules" + +--- + +**5. AI Act (European Union - Proposed)** + +**Relevant Requirements (High-Risk AI Systems):** + +**Article 9: Risk Management System** +> "High-risk AI systems shall be subject to risk management system." + +**Tractatus support:** +- Six-service architecture addresses identified AI risks +- Audit logs document risk mitigation measures +- Human approval for high-risk decisions +- **Compliance claim**: "Architectural risk management for AI systems" + +**Article 12: Record-Keeping** +> "High-risk AI systems shall have logging capabilities." + +**Tractatus support:** +- Complete audit trail in MongoDB +- Automated export for regulatory authorities +- Retention policy configurable per jurisdiction +- **Compliance claim**: "Audit logs meet AI Act record-keeping requirements" + +**Development context:** +AI Act not yet in force. Tractatus architecture designed to support anticipated requirements—final compliance must be validated when regulation enacted. + +--- + +**6. FTC (Federal Trade Commission) - AI Guidance** + +**FTC Principles:** + +**Transparency**: "Companies should be transparent about AI use." +**Tractatus support**: Audit logs demonstrate governance transparency + +**Fairness**: "AI should not discriminate." +**Tractatus support**: PluralisticDeliberationOrchestrator ensures diverse stakeholder input + +**Accountability**: "Companies accountable for AI harms." +**Tractatus support**: Audit trail demonstrates due diligence + +--- + +**Regulatory Summary Table:** + +| Regulation | Tractatus Support | Still Required | Strength | +|------------|-------------------|----------------|----------| +| **GDPR** | Audit trails, human approval, privacy-by-design | Legal basis, consent, data subject rights | Strong | +| **HIPAA** | Audit controls, access controls | Encryption, BAAs, breach notification | Moderate | +| **SOC 2** | Access controls, monitoring, audit trail | Penetration testing, incident response | Strong | +| **ISO 27001** | Logging, legal compliance controls | Full ISMS, risk assessment | Moderate | +| **AI Act (proposed)** | Risk management, record-keeping | Model documentation, transparency | Moderate | +| **FTC** | Transparency, accountability evidence | Fair lending, discrimination testing | Moderate | + +--- + +**What Tractatus Does NOT Provide:** + +❌ **Legal advice**: Consult counsel for regulatory interpretation +❌ **Certification**: No third-party audit or compliance certification +❌ **Complete compliance**: Architectural infrastructure only, not full programme +❌ **Jurisdiction-specific**: Regulations vary by country/region + +--- + +**Recommended Approach:** + +1. **Identify applicable regulations** for your organisation +2. **Consult legal counsel** to map Tractatus capabilities to requirements +3. **Validate audit trail quality** meets regulatory standards +4. **Implement additional controls** where Tractatus insufficient +5. **Document compliance posture** (what Tractatus provides + what else implemented) + +**Example compliance statement:** +> "Our AI systems operate under Tractatus governance framework, providing audit trails supporting GDPR Article 30, SOC 2 CC6.1, and HIPAA § 164.312(b) compliance. Legal counsel has validated audit trail quality meets our regulatory requirements. Additional controls implemented: [encryption, BAAs, incident response plan]." + +--- + +**Tractatus does NOT replace legal compliance programme—it provides architectural foundation that may support compliance efforts.** + +See [Audit Guide](/downloads/implementation-guide.pdf) Section 9: "Regulatory Compliance Mapping" for detailed analysis.`, + audience: ['leader'], + keywords: ['regulations', 'compliance', 'gdpr', 'hipaa', 'soc2', 'legal', 'regulatory', 'standards', 'certification'] } ]; @@ -2182,6 +2826,9 @@ function renderFAQs() { }); } + // Sort by ID (Leader questions have lower IDs, appear first) + filtered = filtered.sort((a, b) => a.id - b.id); + // Show/hide no results message if (filtered.length === 0) { container.classList.add('hidden');