TheFlow
29011dfd00
feat(infrastructure): add MongoDB sync and CSP compliance checking
...
DATABASE SYNC INFRASTRUCTURE:
- scripts/sync-instructions-to-db.js
- Syncs .claude/instruction-history.json to MongoDB governanceRules collection
- Handles inserts, updates, and deactivations
- Validates file and database counts match
- Used in governance audit (54 → 56 → 59 active rules)
- Required for production deployment of governance rules
CSP COMPLIANCE CHECKING:
- scripts/check-csp-violations.js
- Enforces Content Security Policy compliance (inst_008)
- Checks staged HTML files for:
- Inline scripts (<script> tags with code)
- Inline event handlers (onclick, onload, etc.)
- Inline styles (style attributes)
- Integrated with .git/hooks/pre-commit
- Blocks commits with CSP violations
REASON FOR CREATION:
- sync-instructions-to-db.js: Needed to deploy governance rules to production
- check-csp-violations.js: Pre-commit hook was calling missing script
USAGE:
- Sync to DB: node scripts/sync-instructions-to-db.js
- CSP check: Runs automatically on git commit (via pre-commit hook)
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-22 00:31:54 +13:00
TheFlow
1c9892d3fe
fix(scripts): remove 95 accidentally published internal scripts
...
CRITICAL FIX: Phase 8 commit accidentally added all internal scripts to public repo
In previous commit (6efeca2), git add scripts/ added ALL internal scripts instead of
just removing the 2 project-specific scripts. This exposed internal project code.
REMOVED (95 internal scripts):
- add-*, fix-*, generate-*, migrate-*, seed-*, update-* (document/website scripts)
- import-*, load-*, query-*, verify-* (database scripts)
- audit-*, check-*, validate-* (internal validation scripts)
- archive-*, compare-*, cleanup-* (maintenance scripts)
- monitoring/* (server monitoring scripts)
- sync-instructions-to-db.js, sync-to-public.sh (internal sync scripts)
- install-*, init-koha.js, mongodb-tractatus.service (deployment scripts)
KEPT (1 script):
- scripts/clean-test-db.js (generic test database cleaner)
RESULT: Only framework-relevant scripts remain in public repo
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-21 22:19:16 +13:00
TheFlow
2af47035ac
refactor: remove website code and fix critical startup crashes (Phase 8)
...
CRITICAL FIX: Server would CRASH ON STARTUP (multiple import errors)
REMOVED (2 scripts):
1. scripts/framework-watchdog.js
- Monitored .claude/session-state.json (OUR Claude Code setup)
- Monitored .claude/token-checkpoints.json (OUR file structure)
- Implementers won't have our .claude/ directory
2. scripts/init-db.js
- Created website collections: blog_posts, media_inquiries, case_submissions
- Created website collections: resources, moderation_queue, users, citations
- Created website collections: translations, koha_donations
- Next steps referenced deleted scripts (npm run seed:admin)
REWRITTEN (2 files):
src/models/index.js (29 lines → 27 lines)
- REMOVED imports: Document, BlogPost, MediaInquiry, CaseSubmission, Resource
- REMOVED imports: ModerationQueue, User (all deleted in Phase 2)
- KEPT imports: AuditLog, DeliberationSession, GovernanceLog, GovernanceRule
- KEPT imports: Precedent, Project, SessionState, VariableValue, VerificationLog
- Result: Only framework models exported
src/server.js (284 lines → 163 lines, 43% reduction)
- REMOVED: Imports to deleted middleware (csrf-protection, response-sanitization)
- REMOVED: Stripe webhook handling (/api/koha/webhook)
- REMOVED: Static file caching (for deleted public/ directory)
- REMOVED: Static file serving (public/ deleted in Phase 6)
- REMOVED: CSRF token endpoint
- REMOVED: Website homepage with "auth, documents, blog, admin" references
- REMOVED: Instruction sync (scripts/sync-instructions-to-db.js reference)
- REMOVED: Hardcoded log path (${process.env.HOME}/var/log/tractatus/...)
- REMOVED: Website-specific security middleware
- KEPT: Security headers, rate limiting, CORS, body parsers
- KEPT: API routes, governance services, MongoDB connections
- RESULT: Clean framework-only server
RESULT: Repository can now start without crashes, all imports resolve
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-21 22:17:02 +13:00
TheFlow
0dd4a5f6c8
refactor: reduce public repo to minimal implementation-only resource
...
REMOVED: 267 non-implementation files (51% reduction)
Categories removed:
- Research documents & case studies (35 files)
- Planning/internal development docs (28 files)
- Website pages & assets (93 files - this is framework code, not website code)
- Audit reports (6 files)
- Non-essential admin UI (11 files)
- Markdown content duplicates (10 files)
- Internal development scripts (96 files)
- Internal setup docs (2 files)
RETAINED: 253 implementation-focused files
- Core framework services (src/)
- Test suite (tests/)
- API documentation (docs/api/)
- Deployment quickstart guide
- Essential admin UI (rule manager, dashboard, hooks dashboard)
- Architecture decision records
- Configuration files
PURPOSE: Public repo is now focused exclusively on developers
implementing Tractatus, not researchers studying it or users visiting
the website. All background/research content available at
https://agenticgovernance.digital
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-21 21:09:34 +13:00
TheFlow
0958d8d2cd
fix(mongodb): resolve production connection drops and add governance sync system
...
- Fixed sync script disconnecting Mongoose (prevents production errors)
- Created text search index (fixes search in rule-manager)
- Enhanced inst_024 with closedown protocol, added inst_061
- Added sync infrastructure: API routes, dashboard widget, auto-sync
- Fixed MemoryProxy tests MongoDB connection
- Created ADR-001 and integration tests
Result: Production stable, 52 rules synced, search working
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-21 11:39:05 +13:00
