john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
373 commits 1 branch 0 tags 125 MiB
Commit graph

13 commits

Author SHA1 Message Date
TheFlow
6baa841e99 chore: update dependencies and documentation 
Update project dependencies, documentation, and supporting files:
- i18n improvements for multilingual support
- Admin dashboard enhancements
- Documentation updates for Koha/Stripe and deployment
- Server middleware and model updates
- Package dependency updates

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-19 12:48:37 +13:00
TheFlow
d1c2051b27 chore: update session metrics and roadmap progress 
Session Metrics:
- Hook validator metrics updated from session activity
- 971 new hook execution records tracked
- CSP violations detected and resolved during i18n work

Roadmap Updates:
- GitHub Repository Setup marked complete (October 15, 2025)
- Phase 3 progress: 2/8 tasks (25% complete, up from 19%)
- Overall project progress: 47% (17/36 tasks, up from 46%)

Dependencies:
- Added i18next@^25.6.0 for internationalization
- Added i18next-browser-languagedetector@^8.2.0 for locale detection
- Added i18next-http-backend@^3.0.2 for translation loading

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-17 09:30:25 +13:00
TheFlow
fe9945581a security: implement file upload security with ClamAV integration (inst_041) 
Phase 1: File Security Complete
 Created file-security.middleware.js with multi-layer validation
 Installed multer for file uploads
 Created quarantine directories on production and dev
 Integrated ClamAV malware scanning

Features:
- Magic number validation (prevents MIME spoofing)
- ClamAV malware scanning (8.7M signatures)
- Automatic file quarantine with metadata
- Size limits: 10MB documents, 50MB media
- MIME type whitelist enforcement
- Comprehensive security event logging

Middleware provides:
- createSecureUpload() - Full pipeline (multer + security)
- createFileSecurityMiddleware() - Validation only
- Quarantine system with JSON metadata

Implements: inst_041 (file upload validation)
Refs: docs/plans/security-implementation-roadmap.md Phase 2-P2-2

ClamAV Status:
- Version: 1.4.3
- Signatures: 8,724,466
- Daemon: Running (521MB RAM)
- Test: EICAR detection confirmed
 2025-10-14 15:58:48 +13:00
TheFlow
afc4bc5a1b security: implement Quick Wins security middleware (inst_041-046) 
- Add security headers middleware (CSP, HSTS, X-Frame-Options, etc.)
- Add rate limiting (100 req/15min public, 5 req/min forms)
- Add input validation and sanitization middleware
- Add response sanitization (hide stack traces, remove sensitive fields)
- Add centralized security event logging to audit trail
- Disable CSRF (deprecated package, will implement modern solution in Phase 3)
- Update security logger to use HOME-based log path

Implements: inst_041, inst_042, inst_043, inst_044, inst_045, inst_046
Refs: docs/plans/security-implementation-roadmap.md
 2025-10-14 15:18:49 +13:00
TheFlow
1906c0be0b docs: update framework to 6 services with PluralisticDeliberationOrchestrator 
- Updated all core documentation (introduction, core-concepts, implementation guides)
- Added comprehensive PluralisticDeliberationOrchestrator sections
- Fixed implementation-guide-v1.1.md (BlogCuration → PluralisticDeliberationOrchestrator)
- Updated UI pages (index, researcher, leader) to reflect 6 services
- Enhanced cache busting with unified version script
- FAQ already includes comprehensive value pluralism coverage (Q18-22)

Framework now correctly documents all 6 mandatory services:
1. InstructionPersistenceClassifier
2. CrossReferenceValidator
3. BoundaryEnforcer
4. ContextPressureMonitor
5. MetacognitiveVerifier
6. PluralisticDeliberationOrchestrator (added October 2025)

🤖 Generated with Claude Code
 2025-10-12 19:55:44 +13:00
TheFlow
91aea5091c feat: implement Rule Manager and Project Manager admin systems 
Major Features:
- Multi-project governance with Rule Manager web UI
- Project Manager for organizing governance across projects
- Variable substitution system (${VAR_NAME} in rules)
- Claude.md analyzer for instruction extraction
- Rule quality scoring and optimization

Admin UI Components:
- /admin/rule-manager.html - Full-featured rule management interface
- /admin/project-manager.html - Multi-project administration
- /admin/claude-md-migrator.html - Import rules from Claude.md files
- Dashboard enhancements for governance analytics

Backend Implementation:
- Controllers: projects, rules, variables
- Models: Project, VariableValue, enhanced GovernanceRule
- Routes: /api/projects, /api/rules with full CRUD
- Services: ClaudeMdAnalyzer, RuleOptimizer, VariableSubstitution
- Utilities: mongoose helpers

Documentation:
- User guides for Rule Manager and Projects
- Complete API documentation (PROJECTS_API, RULES_API)
- Phase 3 planning and architecture diagrams
- Test results and error analysis
- Coding best practices summary

Testing & Scripts:
- Integration tests for projects API
- Unit tests for variable substitution
- Database migration scripts
- Seed data generation
- Test token generator

Key Capabilities:
 UNIVERSAL scope rules apply across all projects
 PROJECT_SPECIFIC rules override for individual projects
 Variable substitution per-project (e.g., ${DB_PORT} → 27017)
 Real-time validation and quality scoring
 Advanced filtering and search
 Import from existing Claude.md files

Technical Details:
- MongoDB-backed governance persistence
- RESTful API with Express
- JWT authentication for admin endpoints
- CSP-compliant frontend (no inline handlers)
- Responsive Tailwind UI

This implements Phase 3 architecture as documented in planning docs.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-11 17:16:51 +13:00
TheFlow
7336ad86e3 feat: enhance framework services and format architectural documentation 
Framework Service Enhancements:
- ContextPressureMonitor: Enhanced statistics tracking and contextual adjustments
- InstructionPersistenceClassifier: Improved context integration and consistency
- MetacognitiveVerifier: Extended verification capabilities and logging
- All services: 182 unit tests passing

Admin Interface Improvements:
- Blog curation: Enhanced content management and validation
- Audit analytics: Improved analytics dashboard and reporting
- Dashboard: Updated metrics and visualizations

Documentation:
- Architectural overview: Improved markdown formatting for readability
- Added blank lines between sections for better structure
- Fixed table formatting for version history

All tests passing: Framework stable for deployment

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-11 00:50:47 +13:00
TheFlow
dc078043b6 feat: Phase 5 Memory Tool PoC - Week 1 Complete 
Week 1 Objectives (All Met):
- API research and capabilities assessment 
- Comprehensive findings document 
- Basic persistence PoC implementation 
- Anthropic integration test framework 
- Governance rules testing (inst_001, inst_016, inst_017) 

Key Achievements:
- Updated @anthropic-ai/sdk: 0.9.1 → 0.65.0 (memory tool support)
- Built FilesystemMemoryBackend (create, view, exists operations)
- Validated 100% persistence and data integrity
- Performance: 1ms overhead (filesystem) - exceeds <500ms target
- Simulation mode: Test workflow without API costs

Deliverables:
- docs/research/phase-5-memory-tool-poc-findings.md (42KB API assessment)
- docs/research/phase-5-week-1-implementation-log.md (comprehensive log)
- tests/poc/memory-tool/basic-persistence-test.js (291 lines)
- tests/poc/memory-tool/anthropic-memory-integration-test.js (390 lines)

Test Results:
 Basic Persistence: 100% success (1ms latency)
 Governance Rules: 3 rules tested successfully
 Data Integrity: 100% validation
 Memory Structure: governance/, sessions/, audit/ directories

Next Steps (Week 2):
- Context editing experimentation (50+ turn conversations)
- Real API integration with CLAUDE_API_KEY
- Multi-rule storage (all 18 Tractatus rules)
- Performance measurement vs. baseline

Research Status: Week 1 of 3 complete, GREEN LIGHT for Week 2

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-10 12:03:39 +13:00
TheFlow
ebc05daa9a feat: implement Koha donation system frontend (Phase 3) 
Complete donation form, transparency dashboard, and success pages.

**Frontend Pages:**

Donation Form (public/koha.html):
- Three monthly tiers: $5, $15, $50 NZD
- One-time custom donations
- Anonymous by default with opt-in public acknowledgement
- Donor information form (name optional, email required)
- Stripe Checkout integration
- Allocation transparency (40/30/20/10 breakdown)
- Māori cultural acknowledgement (Koha meaning)
- Comprehensive FAQ section
- Accessible design (WCAG 2.1 AA compliant)

Transparency Dashboard (public/koha/transparency.html):
- Live metrics: total received, monthly supporters, recurring revenue
- Allocation breakdown with animated progress bars
- Recent public donor acknowledgements
- One-time donation statistics
- Auto-refresh every 5 minutes
- Call-to-action to donate

Success Page (public/koha/success.html):
- Animated success confirmation with checkmark
- Donation details verification via session ID
- Next steps explanation (receipt, allocation, dashboard)
- Monthly donor management information
- Links to transparency dashboard and docs
- Error state handling

**Database & Scripts:**

Initialization Script (scripts/init-koha.js):
- Creates MongoDB indexes for koha_donations collection
- Verifies Stripe configuration (keys, price IDs)
- Tests transparency metrics calculation
- Validates database setup
- Provides next steps guide
- npm script: `npm run init:koha`

Package Updates:
- Added Stripe SDK dependency (v14.25.0)
- Added init:koha script to package.json

**Features:**

Privacy-First Design:
 Anonymous donations by default
 Opt-in public acknowledgement
 Email only for receipts
 No payment details stored

User Experience:
 Responsive mobile design
 Keyboard navigation support
 Focus indicators for accessibility
 Loading/error states
 Form validation

Transparency:
 Public metrics API integration
 Real-time donor acknowledgements
 Clear allocation breakdown
 Automatic dashboard updates

Cultural Sensitivity:
 Māori term "Koha" explained
 Te Tiriti acknowledgement
 Indigenous partnership values

**API Integration:**

- POST /api/koha/checkout - Create donation session
- GET /api/koha/transparency - Fetch public metrics
- GET /api/koha/verify/:sessionId - Verify payment status

**Testing Checklist:**

□ Form validation (email required, minimum amount)
□ Tier selection (monthly $5/$15/$50)
□ One-time custom amount input
□ Anonymous vs public acknowledgement toggle
□ Stripe Checkout redirect
□ Success page verification
□ Transparency dashboard data display
□ Mobile responsiveness
□ Keyboard navigation

**Next Steps:**

1. Create Stripe products with currency_options (all 10 currencies)
2. Test with Stripe test cards
3. Implement multi-currency support
4. Add Privacy Policy page
5. Deploy to production

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-08 13:56:56 +13:00
TheFlow
ea53ca1a5f feat: change license from MIT to Apache License 2.0 
- Created Apache License 2.0 LICENSE file
- Removed all MIT License references from HTML pages
- Updated all footers with Apache 2.0 license links
- Updated about.html with comprehensive license section explaining why Apache 2.0
- Added patent protection, contributor clarity, and community standard benefits
- Updated package.json license field to "Apache-2.0"
- Updated README.md with Apache 2.0 license information
- Deployed LICENSE file to production server (accessible at /LICENSE)

Why Apache 2.0 over MIT:
- Patent protection for users
- Clear contribution terms
- Permissive use (commercial, modification, distribution)
- Community standard in AI/ML projects (TensorFlow, PyTorch, Apache Spark)

All pages cache-busted and deployed with v1759833751

🤖 Generated with Claude Code (https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-07 23:43:20 +13:00
TheFlow
7b42067d09 feat: fix documentation system - cards, PDFs, TOC, and navigation 
- Fixed download icon size (1.25rem instead of huge black icons)
- Uploaded all 12 PDFs to production server
- Restored table of contents rendering for all documents
- Fixed modal cards with proper CSS and event handlers
- Replaced all docs-viewer.html links with docs.html
- Added nginx redirect from /docs/* to /docs.html
- Fixed duplicate headers in modal sections
- Improved cache-busting with timestamp versioning

All documentation features now working correctly:
 Card-based document viewer with modals
 PDF downloads with proper icons
 Table of contents navigation
 Consistent URL structure

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-07 22:51:55 +13:00
TheFlow
2e6618b7ba feat: fix CSP violations & implement three audience paths 
CSP Compliance (complete):
- Install Tailwind CSS v3 locally (24KB build)
- Replace CDN with /css/tailwind.css in all HTML files
- Extract all inline scripts to external JS files
- Created 6 external JS files for demos & docs
- All pages now comply with script-src 'self'

Three Audience Paths (complete):
- Created /researcher.html (academic/theoretical)
- Created /implementer.html (practical integration)
- Created /advocate.html (mission/values/community)
- Updated homepage links to audience pages
- Each path has dedicated nav, hero, resources, CTAs

Files Modified (20):
- 7 HTML files (CSP compliance)
- 3 audience landing pages (new)
- 6 external JS files (extracted)
- package.json (Tailwind v3)
- tailwind.config.js (new)
- Built CSS (24KB minified)

All resources CSP-compliant, all pages tested 200 OK

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-07 12:21:00 +13:00
TheFlow
4445b0e8d0 feat: initialize tractatus project with complete directory structure 
- Create comprehensive project structure (29 directories)
- Add CLAUDE.md with project context and conventions
- Add package.json with dependencies and scripts
- Add .gitignore and .env.example
- Add README.md with project overview
- Configure ports: MongoDB 27017, Application 9000
- Establish Tractatus governance framework baseline
- Document Te Tiriti approach and indigenous perspective
- Set up infrastructure for Phase 1 implementation

Project Status: Development - Phase 1 Foundation Complete
Next: MongoDB instance setup and systemd service configuration
 2025-10-06 23:26:26 +13:00