tractatus

john/tractatus

Fork 0

Commit graph

Author	SHA1	Message	Date
TheFlow	032f842a96	fix(models): remove duplicate schema indexes for clean startup - GovernanceRule: Remove duplicate category index (uses compound index) - VerificationLog: Remove duplicate verifiedAt index (uses compound + TTL) - VariableValue: Remove duplicate category index (standalone index exists) Eliminates 3 Mongoose duplicate index warnings on server startup Server now starts with zero warnings 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-12 16:35:45 +13:00
TheFlow	91aea5091c	feat: implement Rule Manager and Project Manager admin systems Major Features: - Multi-project governance with Rule Manager web UI - Project Manager for organizing governance across projects - Variable substitution system (${VAR_NAME} in rules) - Claude.md analyzer for instruction extraction - Rule quality scoring and optimization Admin UI Components: - /admin/rule-manager.html - Full-featured rule management interface - /admin/project-manager.html - Multi-project administration - /admin/claude-md-migrator.html - Import rules from Claude.md files - Dashboard enhancements for governance analytics Backend Implementation: - Controllers: projects, rules, variables - Models: Project, VariableValue, enhanced GovernanceRule - Routes: /api/projects, /api/rules with full CRUD - Services: ClaudeMdAnalyzer, RuleOptimizer, VariableSubstitution - Utilities: mongoose helpers Documentation: - User guides for Rule Manager and Projects - Complete API documentation (PROJECTS_API, RULES_API) - Phase 3 planning and architecture diagrams - Test results and error analysis - Coding best practices summary Testing & Scripts: - Integration tests for projects API - Unit tests for variable substitution - Database migration scripts - Seed data generation - Test token generator Key Capabilities: ✅ UNIVERSAL scope rules apply across all projects ✅ PROJECT_SPECIFIC rules override for individual projects ✅ Variable substitution per-project (e.g., ${DB_PORT} → 27017) ✅ Real-time validation and quality scoring ✅ Advanced filtering and search ✅ Import from existing Claude.md files Technical Details: - MongoDB-backed governance persistence - RESTful API with Express - JWT authentication for admin endpoints - CSP-compliant frontend (no inline handlers) - Responsive Tailwind UI This implements Phase 3 architecture as documented in planning docs. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-11 17:16:51 +13:00
TheFlow	e70577cdd0	fix: MongoDB persistence and inst_016-018 content validation enforcement This commit implements critical fixes to stabilize the MongoDB persistence layer and adds inst_016-018 content validation to BoundaryEnforcer as specified in instruction history. ## Context - First session using Anthropic's new API Memory system - Fixed 3 MongoDB persistence test failures - Implemented BoundaryEnforcer inst_016-018 trigger logic per user request - All unit tests now passing (61/61 BoundaryEnforcer, 25/25 BlogCuration) ## Fixes ### 1. CrossReferenceValidator: Port Regex Enhancement - File: src/services/CrossReferenceValidator.service.js:203 - Issue: Regex couldn't extract port from "port 27017" (space-delimited format) - Fix: Changed `/port[:=]\s(\d{4,5})/i` to `/port[:\s=]\s(\d{4,5})/i` - Result: Now matches "port: X", "port = X", and "port X" formats - Tests: 28/28 CrossReferenceValidator tests passing ### 2. BlogCuration: MongoDB Method Correction - File: src/services/BlogCuration.service.js:187 - Issue: Called non-existent `Document.findAll()` method - Fix: Changed to `Document.list({ limit: 20, skip: 0 })` - Result: BlogCuration can now fetch existing documents for topic generation - Tests: 25/25 BlogCuration tests passing ### 3. MemoryProxy: Optional Anthropic API Integration - File: src/services/MemoryProxy.service.js - Issue: Treated Anthropic Memory Tool API as mandatory, causing errors without API key - Fix: Made Anthropic client optional with graceful degradation - Architecture: MongoDB (required) + Anthropic API (optional enhancement) - Result: System functions fully without CLAUDE_API_KEY environment variable ### 4. AuditLog Model: Duplicate Index Fix - File: src/models/AuditLog.model.js:132 - Issue: Mongoose warning about duplicate timestamp index - Fix: Removed inline `index: true`, kept TTL index definition at line 149 - Result: No more Mongoose duplicate index warnings ### 5. BlogCuration Tests: Mock API Correction - File: tests/unit/BlogCuration.service.test.js - Issue: Tests mocked non-existent `generateBlogTopics()` function - Fix: Updated mocks to use actual `sendMessage()` and `extractJSON()` methods - Result: All 25 BlogCuration tests passing ## New Features ### 6. BoundaryEnforcer: inst_016-018 Content Validation (MAJOR) - File: src/services/BoundaryEnforcer.service.js:508-580 - Purpose: Prevent fabricated statistics, absolute guarantees, and unverified claims - Implementation: Added `_checkContentViolations()` private method - Enforcement Rules: - inst_017: Blocks absolute assurance terms (guarantee, 100% secure, never fails) - inst_016: Blocks statistics/ROI/$ amounts without sources - inst_018: Blocks production claims (production-ready, battle-tested) without evidence - Mechanism: All violations classified as VALUES boundary violations (honesty/transparency) - Tests: 22 new comprehensive tests in tests/unit/BoundaryEnforcer.test.js - Result: 61/61 BoundaryEnforcer tests passing ### Regex Pattern for inst_016 (Statistics Detection): ```regex /\d+(\.\d+)?%\|\$[\d,]+\|\d+x\sroi\|payback\s(period)?\sof\s\d+\|\d+[\s-](month\|year)s?\spayback\|\d+(\.\d+)?m\s*(saved\|savings)/i ``` ### Detection Examples: - ✅ BLOCKS: "This system guarantees 100% security" - ✅ BLOCKS: "Delivers 1315% ROI without sources" - ✅ BLOCKS: "Production-ready framework" (without testing_evidence) - ✅ ALLOWS: "Research shows 85% improvement [source: example.com]" - ✅ ALLOWS: "Validated framework with testing_evidence provided" ## MongoDB Models (New Files) - src/models/AuditLog.model.js - Audit log persistence with TTL - src/models/GovernanceRule.model.js - Governance rules storage - src/models/SessionState.model.js - Session state tracking - src/models/VerificationLog.model.js - Verification logs - src/services/AnthropicMemoryClient.service.js - Optional API integration ## Test Results - BoundaryEnforcer: 61/61 tests passing (22 new inst_016-018 tests) - BlogCuration: 25/25 tests passing - CrossReferenceValidator: 28/28 tests passing ## Framework Compliance - ✅ Implements inst_016, inst_017, inst_018 enforcement - ✅ Addresses 2025-10-09 framework failure (fabricated statistics on leader.html) - ✅ All content generation now subject to honesty/transparency validation - ✅ Human approval required for statistical claims without sources 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-11 00:17:03 +13:00

Author

SHA1

Message

Date

TheFlow

032f842a96

fix(models): remove duplicate schema indexes for clean startup

- GovernanceRule: Remove duplicate category index (uses compound index)
- VerificationLog: Remove duplicate verifiedAt index (uses compound + TTL)
- VariableValue: Remove duplicate category index (standalone index exists)

Eliminates 3 Mongoose duplicate index warnings on server startup
Server now starts with zero warnings

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-12 16:35:45 +13:00

TheFlow

91aea5091c

feat: implement Rule Manager and Project Manager admin systems

Major Features:
- Multi-project governance with Rule Manager web UI
- Project Manager for organizing governance across projects
- Variable substitution system (${VAR_NAME} in rules)
- Claude.md analyzer for instruction extraction
- Rule quality scoring and optimization

Admin UI Components:
- /admin/rule-manager.html - Full-featured rule management interface
- /admin/project-manager.html - Multi-project administration
- /admin/claude-md-migrator.html - Import rules from Claude.md files
- Dashboard enhancements for governance analytics

Backend Implementation:
- Controllers: projects, rules, variables
- Models: Project, VariableValue, enhanced GovernanceRule
- Routes: /api/projects, /api/rules with full CRUD
- Services: ClaudeMdAnalyzer, RuleOptimizer, VariableSubstitution
- Utilities: mongoose helpers

Documentation:
- User guides for Rule Manager and Projects
- Complete API documentation (PROJECTS_API, RULES_API)
- Phase 3 planning and architecture diagrams
- Test results and error analysis
- Coding best practices summary

Testing & Scripts:
- Integration tests for projects API
- Unit tests for variable substitution
- Database migration scripts
- Seed data generation
- Test token generator

Key Capabilities:
✅ UNIVERSAL scope rules apply across all projects
✅ PROJECT_SPECIFIC rules override for individual projects
✅ Variable substitution per-project (e.g., ${DB_PORT} → 27017)
✅ Real-time validation and quality scoring
✅ Advanced filtering and search
✅ Import from existing Claude.md files

Technical Details:
- MongoDB-backed governance persistence
- RESTful API with Express
- JWT authentication for admin endpoints
- CSP-compliant frontend (no inline handlers)
- Responsive Tailwind UI

This implements Phase 3 architecture as documented in planning docs.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-11 17:16:51 +13:00

TheFlow

e70577cdd0

fix: MongoDB persistence and inst_016-018 content validation enforcement

This commit implements critical fixes to stabilize the MongoDB persistence layer
and adds inst_016-018 content validation to BoundaryEnforcer as specified in
instruction history.

## Context
- First session using Anthropic's new API Memory system
- Fixed 3 MongoDB persistence test failures
- Implemented BoundaryEnforcer inst_016-018 trigger logic per user request
- All unit tests now passing (61/61 BoundaryEnforcer, 25/25 BlogCuration)

## Fixes

### 1. CrossReferenceValidator: Port Regex Enhancement
- **File**: src/services/CrossReferenceValidator.service.js:203
- **Issue**: Regex couldn't extract port from "port 27017" (space-delimited format)
- **Fix**: Changed `/port[:=]\s*(\d{4,5})/i` to `/port[:\s=]\s*(\d{4,5})/i`
- **Result**: Now matches "port: X", "port = X", and "port X" formats
- **Tests**: 28/28 CrossReferenceValidator tests passing

### 2. BlogCuration: MongoDB Method Correction
- **File**: src/services/BlogCuration.service.js:187
- **Issue**: Called non-existent `Document.findAll()` method
- **Fix**: Changed to `Document.list({ limit: 20, skip: 0 })`
- **Result**: BlogCuration can now fetch existing documents for topic generation
- **Tests**: 25/25 BlogCuration tests passing

### 3. MemoryProxy: Optional Anthropic API Integration
- **File**: src/services/MemoryProxy.service.js
- **Issue**: Treated Anthropic Memory Tool API as mandatory, causing errors without API key
- **Fix**: Made Anthropic client optional with graceful degradation
- **Architecture**: MongoDB (required) + Anthropic API (optional enhancement)
- **Result**: System functions fully without CLAUDE_API_KEY environment variable

### 4. AuditLog Model: Duplicate Index Fix
- **File**: src/models/AuditLog.model.js:132
- **Issue**: Mongoose warning about duplicate timestamp index
- **Fix**: Removed inline `index: true`, kept TTL index definition at line 149
- **Result**: No more Mongoose duplicate index warnings

### 5. BlogCuration Tests: Mock API Correction
- **File**: tests/unit/BlogCuration.service.test.js
- **Issue**: Tests mocked non-existent `generateBlogTopics()` function
- **Fix**: Updated mocks to use actual `sendMessage()` and `extractJSON()` methods
- **Result**: All 25 BlogCuration tests passing

## New Features

### 6. BoundaryEnforcer: inst_016-018 Content Validation (MAJOR)
- **File**: src/services/BoundaryEnforcer.service.js:508-580
- **Purpose**: Prevent fabricated statistics, absolute guarantees, and unverified claims
- **Implementation**: Added `_checkContentViolations()` private method
- **Enforcement Rules**:
  - **inst_017**: Blocks absolute assurance terms (guarantee, 100% secure, never fails)
  - **inst_016**: Blocks statistics/ROI/$ amounts without sources
  - **inst_018**: Blocks production claims (production-ready, battle-tested) without evidence
- **Mechanism**: All violations classified as VALUES boundary violations (honesty/transparency)
- **Tests**: 22 new comprehensive tests in tests/unit/BoundaryEnforcer.test.js
- **Result**: 61/61 BoundaryEnforcer tests passing

### Regex Pattern for inst_016 (Statistics Detection):
```regex
/\d+(\.\d+)?%|\$[\d,]+|\d+x\s*roi|payback\s*(period)?\s*of\s*\d+|\d+[\s-]*(month|year)s?\s*payback|\d+(\.\d+)?m\s*(saved|savings)/i
```

### Detection Examples:
- ✅ BLOCKS: "This system guarantees 100% security"
- ✅ BLOCKS: "Delivers 1315% ROI without sources"
- ✅ BLOCKS: "Production-ready framework" (without testing_evidence)
- ✅ ALLOWS: "Research shows 85% improvement [source: example.com]"
- ✅ ALLOWS: "Validated framework with testing_evidence provided"

## MongoDB Models (New Files)
- src/models/AuditLog.model.js - Audit log persistence with TTL
- src/models/GovernanceRule.model.js - Governance rules storage
- src/models/SessionState.model.js - Session state tracking
- src/models/VerificationLog.model.js - Verification logs
- src/services/AnthropicMemoryClient.service.js - Optional API integration

## Test Results
- BoundaryEnforcer: 61/61 tests passing (22 new inst_016-018 tests)
- BlogCuration: 25/25 tests passing
- CrossReferenceValidator: 28/28 tests passing

## Framework Compliance
- ✅ Implements inst_016, inst_017, inst_018 enforcement
- ✅ Addresses 2025-10-09 framework failure (fabricated statistics on leader.html)
- ✅ All content generation now subject to honesty/transparency validation
- ✅ Human approval required for statistical claims without sources

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-11 00:17:03 +13:00

3 commits