john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
484 commits 1 branch 0 tags 125 MiB
Commit graph

5 commits

Author SHA1 Message Date
TheFlow
e38f91cc67 feat(governance): wave 4 enforcement - 41% improvement (56% → 79%) 
Implements 9 additional enforcement mechanisms across all priority levels:

🔒 HIGH PRIORITY - Architectural Enforcement:
 API Security Validator (inst_013/045) - scripts/check-api-security.js
   - Scans API endpoints for rate limiting
   - Validates authentication requirements
   - Detects sensitive runtime data exposure

 GitHub Repo Structure (inst_063_CONSOLIDATED) - scripts/check-github-repo-structure.js
   - Validates repository structure requirements
   - Ensures tractatus-framework remains implementation-focused

⚙️ MEDIUM PRIORITY - Process/Workflow:
 Human Approval Tracker (inst_005) - scripts/track-human-approvals.js
   - Logs approval requirements for major decisions
   - Tracks pending approvals

 Context Pressure Comprehensive (inst_019) - scripts/verify-context-pressure-comprehensive.js
   - Verifies all pressure factors included
   - Validates comprehensive context accounting

📋 LOW PRIORITY - Behavioral/Values:
 Behavioral Compliance Reminders (inst_047/049) - .claude/hooks/behavioral-compliance-reminder.js
   - Reminds never to dismiss user requests
   - Prompts to test user hypotheses first
   - Integrated into UserPromptSubmit hooks

 Dark Patterns Detector (inst_079) - scripts/check-dark-patterns.js
   - Scans UI code for manipulative patterns
   - Detects confirm shaming, hidden checkboxes, timed popups

📊 Enforcement Progress:
- Wave 1: 11/39 (28%)
- Wave 2: 18/39 (46%)
- Wave 3: 22/39 (56%)
- Wave 4: 31/39 (79%)
- Total improvement: +20 instructions = +178% from baseline
- Remaining gaps: 8/39 (21%)

🎯 Remaining 8 Gaps (requires runtime/process enforcement):
- inst_039: Document processing verification
- inst_043: Web form input validation (runtime)
- inst_052: Scope adjustment authority tracking
- inst_058: JSON/DB schema sync validation
- inst_061: Hook approval pattern tracking
- inst_072: Defense-in-depth credential layers
- inst_080: Open source commitment (policy)
- inst_081: Pluralism principle (foundational value)

🔄 Enhanced Hooks:
- UserPromptSubmit now runs 3 hooks (triggers, all-commands, behavioral)
- Added behavioral compliance reminders for session guidance

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-25 13:48:43 +13:00
TheFlow
35348e3a8e feat(governance): third wave enforcement - 22% improvement (46% → 56%) 
Implements 4 additional architectural enforcement mechanisms:

 All Command Detection (inst_040) - .claude/hooks/all-command-detector.js
 Deployment Structure Validation (inst_025) - scripts/verify-deployment-structure.js
 File Permissions Check (inst_020_CONSOLIDATED) - scripts/check-file-permissions.js
 Environment Variable Standards (inst_026) - scripts/check-env-var-standards.js

📊 Progress: 22/39 enforced (56%), +4 from wave 2, 17 gaps remaining

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-25 13:38:18 +13:00
TheFlow
436ca56cb0 feat(governance): implement comprehensive enforcement architecture 
Completes enforcement implementation from ENFORCEMENT_AUDIT.md analysis:

 Implemented (6 enforcement mechanisms):
1. Token checkpoint monitoring (inst_075)
   - .claude/hooks/check-token-checkpoint.js
   - PostToolUse hook integration

2. Trigger word detection (inst_078, inst_082)
   - .claude/hooks/trigger-word-checker.js (already completed)
   - "ff" and "ffs" triggers architecturally enforced

3. Framework activity verification (inst_064)
   - Enhanced scripts/session-init.js with fade detection
   - Alerts when components stale >20 messages

4. Test requirement enforcement (inst_068)
   - Enhanced .git/hooks/pre-commit
   - Runs tests if test files exist for modified code
   - Blocks commits on test failures

5. Background process tracking (inst_023)
   - scripts/track-background-process.js
   - Integrated into session-init.js and session-closedown.js
   - Tracks persistent vs temporary processes

6. Security logging verification (inst_046)
   - scripts/verify-security-logging.js
   - Can be integrated into deployment workflow

7. Meta-enforcement monitoring system
   - scripts/audit-enforcement.js
   - Scans HIGH persistence instructions for imperatives
   - Reports enforcement gaps (currently 28/39 gaps)

🔒 Protection Added:
- inst_027: Hard block on instruction-history.json edits
- Conventional commit format enforcement (inst_066)
- CSP + test validation in pre-commit hook

📊 Current Enforcement Status:
- Baseline: 11/39 imperative instructions enforced (28%)
- Framework fade detection operational
- Token checkpoints architecturally monitored

🎯 Philosophy:
"If it's MANDATORY, it must be ENFORCED architecturally, not documented."

This addresses the root cause of voluntary compliance failures identified
when Claude missed "ffs" trigger and token checkpoints despite active
HIGH persistence instructions.

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-25 13:15:06 +13:00
TheFlow
3009e4942f fix(governance): add architectural enforcement for "ff" and "ffs" trigger words 
Problem: Claude failed to recognize "ffs" code word despite inst_082 being active.
Root cause: No architectural enforcement to check for trigger words on every user message.

Solution:
- Created .claude/hooks/trigger-word-checker.js that runs on UserPromptSubmit
- Detects "ffs" → instructs to run framework-stats.js (inst_082)
- Detects "ff " prefix → instructs to run framework-audit-response.js (inst_078)
- Registered hook in .claude/settings.json

Testing:
 "ffs" detection works correctly
 "ff " prefix detection works correctly
 Normal messages pass through silently

Philosophy: Governance enforced architecturally, not by voluntary compliance.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-25 12:32:52 +13:00
TheFlow
8210876421 feat(blog): integrate Tractatus framework governance into blog publishing 
Implements architectural enforcement of governance rules (inst_016/017/018/079)
for all external communications. Publication blocked at API level if violations
detected.

New Features:
- Framework content checker script with pattern matching for prohibited terms
- Admin UI displays framework violations with severity indicators
- Manual "Check Framework" button for pre-publication validation
- API endpoint /api/blog/check-framework for real-time content analysis

Governance Rules Added:
- inst_078: "ff" trigger for manual framework invocation in conversations
- inst_079: Dark patterns prohibition (sovereignty principle)
- inst_080: Open source commitment enforcement (community principle)
- inst_081: Pluralism principle with indigenous framework recognition

Session Management:
- Fix session-init.js infinite loop (removed early return after tests)
- Add session-closedown.js for comprehensive session handoff
- Refactor check-csp-violations.js to prevent parent process exit

Framework Services:
- Enhanced PluralisticDeliberationOrchestrator with audit logging
- Updated all 6 services with consistent initialization patterns
- Added framework invocation scripts for blog content validation

Files: blog.controller.js:1211-1305, blog.routes.js:77-82,
blog-curation.html:61-72, blog-curation.js:320-446

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-25 08:47:31 +13:00