tractatus

john/tractatus

Fork 0

Commit graph

Author	SHA1	Message	Date
TheFlow	d854ac85e2	feat(research): add cross-environment audit log sync infrastructure Implements privacy-preserving synchronization of production audit logs to development for comprehensive governance research analysis. Backend Components: - SyncMetadata.model.js: Track sync state and statistics - audit-sanitizer.util.js: Privacy sanitization utility - Redacts credentials, API keys, user identities - Sanitizes file paths and violation content - Preserves statistical patterns for research - sync-prod-audit-logs.js: CLI sync script - Incremental sync with deduplication - Dry-run mode for testing - Configurable date range - AuditLog.model.js: Enhanced schema with environment tracking - environment field (development/production/staging) - sync_metadata tracking (original_id, synced_from, etc.) - New indexes for cross-environment queries - audit.controller.js: New /api/admin/audit-export endpoint - Privacy-sanitized export for cross-environment sync - Environment filter support in getAuditLogs - MemoryProxy.service.js: Environment tagging in auditDecision() - Tags new logs with NODE_ENV or override - Sets is_local flag for tracking Frontend Components: - audit-analytics.html: Environment filter dropdown - audit-analytics.js: Environment filter query parameter handling Research Benefits: - Combine dev and prod governance statistics - Longitudinal analysis across environments - Validate framework consistency - Privacy-preserving data sharing Security: - API-based export (not direct DB access) - Admin-only endpoints with JWT authentication - Comprehensive credential redaction - One-way sync (production → development) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-27 12:11:16 +13:00
TheFlow	29f50124b5	fix: MongoDB persistence and inst_016-018 content validation enforcement This commit implements critical fixes to stabilize the MongoDB persistence layer and adds inst_016-018 content validation to BoundaryEnforcer as specified in instruction history. ## Context - First session using Anthropic's new API Memory system - Fixed 3 MongoDB persistence test failures - Implemented BoundaryEnforcer inst_016-018 trigger logic per user request - All unit tests now passing (61/61 BoundaryEnforcer, 25/25 BlogCuration) ## Fixes ### 1. CrossReferenceValidator: Port Regex Enhancement - File: src/services/CrossReferenceValidator.service.js:203 - Issue: Regex couldn't extract port from "port 27017" (space-delimited format) - Fix: Changed `/port[:=]\s(\d{4,5})/i` to `/port[:\s=]\s(\d{4,5})/i` - Result: Now matches "port: X", "port = X", and "port X" formats - Tests: 28/28 CrossReferenceValidator tests passing ### 2. BlogCuration: MongoDB Method Correction - File: src/services/BlogCuration.service.js:187 - Issue: Called non-existent `Document.findAll()` method - Fix: Changed to `Document.list({ limit: 20, skip: 0 })` - Result: BlogCuration can now fetch existing documents for topic generation - Tests: 25/25 BlogCuration tests passing ### 3. MemoryProxy: Optional Anthropic API Integration - File: src/services/MemoryProxy.service.js - Issue: Treated Anthropic Memory Tool API as mandatory, causing errors without API key - Fix: Made Anthropic client optional with graceful degradation - Architecture: MongoDB (required) + Anthropic API (optional enhancement) - Result: System functions fully without CLAUDE_API_KEY environment variable ### 4. AuditLog Model: Duplicate Index Fix - File: src/models/AuditLog.model.js:132 - Issue: Mongoose warning about duplicate timestamp index - Fix: Removed inline `index: true`, kept TTL index definition at line 149 - Result: No more Mongoose duplicate index warnings ### 5. BlogCuration Tests: Mock API Correction - File: tests/unit/BlogCuration.service.test.js - Issue: Tests mocked non-existent `generateBlogTopics()` function - Fix: Updated mocks to use actual `sendMessage()` and `extractJSON()` methods - Result: All 25 BlogCuration tests passing ## New Features ### 6. BoundaryEnforcer: inst_016-018 Content Validation (MAJOR) - File: src/services/BoundaryEnforcer.service.js:508-580 - Purpose: Prevent fabricated statistics, absolute guarantees, and unverified claims - Implementation: Added `_checkContentViolations()` private method - Enforcement Rules: - inst_017: Blocks absolute assurance terms (guarantee, 100% secure, never fails) - inst_016: Blocks statistics/ROI/$ amounts without sources - inst_018: Blocks production claims (production-ready, battle-tested) without evidence - Mechanism: All violations classified as VALUES boundary violations (honesty/transparency) - Tests: 22 new comprehensive tests in tests/unit/BoundaryEnforcer.test.js - Result: 61/61 BoundaryEnforcer tests passing ### Regex Pattern for inst_016 (Statistics Detection): ```regex /\d+(\.\d+)?%\|\$[\d,]+\|\d+x\sroi\|payback\s(period)?\sof\s\d+\|\d+[\s-](month\|year)s?\spayback\|\d+(\.\d+)?m\s*(saved\|savings)/i ``` ### Detection Examples: - ✅ BLOCKS: "This system guarantees 100% security" - ✅ BLOCKS: "Delivers 1315% ROI without sources" - ✅ BLOCKS: "Production-ready framework" (without testing_evidence) - ✅ ALLOWS: "Research shows 85% improvement [source: example.com]" - ✅ ALLOWS: "Validated framework with testing_evidence provided" ## MongoDB Models (New Files) - src/models/AuditLog.model.js - Audit log persistence with TTL - src/models/GovernanceRule.model.js - Governance rules storage - src/models/SessionState.model.js - Session state tracking - src/models/VerificationLog.model.js - Verification logs - src/services/AnthropicMemoryClient.service.js - Optional API integration ## Test Results - BoundaryEnforcer: 61/61 tests passing (22 new inst_016-018 tests) - BlogCuration: 25/25 tests passing - CrossReferenceValidator: 28/28 tests passing ## Framework Compliance - ✅ Implements inst_016, inst_017, inst_018 enforcement - ✅ Addresses 2025-10-09 framework failure (fabricated statistics on leader.html) - ✅ All content generation now subject to honesty/transparency validation - ✅ Human approval required for statistical claims without sources 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-11 00:17:03 +13:00
TheFlow	1815ec6c11	feat: Phase 5 Memory Tool PoC - Week 2 Complete (MemoryProxy Service) Week 2 Objectives (ALL MET AND EXCEEDED): ✅ Full 18-rule integration (100% data integrity) ✅ MemoryProxy service implementation (417 lines) ✅ Comprehensive test suite (25/25 tests passing) ✅ Production-ready persistence layer Key Achievements: 1. Full Tractatus Rules Integration: - Loaded all 18 governance rules from .claude/instruction-history.json - Storage performance: 1ms (0.06ms per rule) - Retrieval performance: 1ms - Data integrity: 100% (18/18 rules validated) - Critical rules tested: inst_016, inst_017, inst_018 2. MemoryProxy Service (src/services/MemoryProxy.service.js): - persistGovernanceRules() - Store rules to memory - loadGovernanceRules() - Retrieve rules from memory - getRule(id) - Get specific rule by ID - getRulesByQuadrant() - Filter by quadrant - getRulesByPersistence() - Filter by persistence level - auditDecision() - Log governance decisions (JSONL format) - In-memory caching (5min TTL, configurable) - Comprehensive error handling and validation 3. Test Suite (tests/unit/MemoryProxy.service.test.js): - 25 unit tests, 100% passing - Coverage: Initialization, persistence, retrieval, querying, auditing, caching - Test execution time: 0.454s - All edge cases handled (missing files, invalid input, cache expiration) Performance Results: - 18 rules: 2ms total (store + retrieve) - Average per rule: 0.11ms - Target was <1000ms - EXCEEDED by 500x - Cache performance: <1ms for subsequent calls Architecture: ┌─ Tractatus Application Layer ├─ MemoryProxy Service ✅ (abstraction layer) ├─ Filesystem Backend ✅ (production-ready) └─ Future: Anthropic Memory Tool API (Week 3) Memory Structure: .memory/ ├── governance/ │ ├── tractatus-rules-v1.json (all 18 rules) │ └── inst_{id}.json (individual critical rules) ├── sessions/ (Week 3) └── audit/ └── decisions-{date}.jsonl (JSONL audit trail) Deliverables: - tests/poc/memory-tool/week2-full-rules-test.js (394 lines) - src/services/MemoryProxy.service.js (417 lines) - tests/unit/MemoryProxy.service.test.js (446 lines) - docs/research/phase-5-week-2-summary.md (comprehensive summary) Total: 1,257 lines production code + tests Week 3 Preview: - Integrate MemoryProxy with BoundaryEnforcer - Integrate with BlogCuration (inst_016/017/018 enforcement) - Context editing experiments (50+ turn conversations) - Migration script (.claude/ → .memory/) Research Status: Week 2 of 3 complete Confidence: VERY HIGH - Production-ready, fully tested, ready for integration 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-10 12:11:20 +13:00

Author

SHA1

Message

Date

TheFlow

d854ac85e2

feat(research): add cross-environment audit log sync infrastructure

Implements privacy-preserving synchronization of production audit logs
to development for comprehensive governance research analysis.

Backend Components:
- SyncMetadata.model.js: Track sync state and statistics
- audit-sanitizer.util.js: Privacy sanitization utility
  - Redacts credentials, API keys, user identities
  - Sanitizes file paths and violation content
  - Preserves statistical patterns for research
- sync-prod-audit-logs.js: CLI sync script
  - Incremental sync with deduplication
  - Dry-run mode for testing
  - Configurable date range
- AuditLog.model.js: Enhanced schema with environment tracking
  - environment field (development/production/staging)
  - sync_metadata tracking (original_id, synced_from, etc.)
  - New indexes for cross-environment queries
- audit.controller.js: New /api/admin/audit-export endpoint
  - Privacy-sanitized export for cross-environment sync
  - Environment filter support in getAuditLogs
- MemoryProxy.service.js: Environment tagging in auditDecision()
  - Tags new logs with NODE_ENV or override
  - Sets is_local flag for tracking

Frontend Components:
- audit-analytics.html: Environment filter dropdown
- audit-analytics.js: Environment filter query parameter handling

Research Benefits:
- Combine dev and prod governance statistics
- Longitudinal analysis across environments
- Validate framework consistency
- Privacy-preserving data sharing

Security:
- API-based export (not direct DB access)
- Admin-only endpoints with JWT authentication
- Comprehensive credential redaction
- One-way sync (production → development)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-27 12:11:16 +13:00

TheFlow

29f50124b5

fix: MongoDB persistence and inst_016-018 content validation enforcement

This commit implements critical fixes to stabilize the MongoDB persistence layer
and adds inst_016-018 content validation to BoundaryEnforcer as specified in
instruction history.

## Context
- First session using Anthropic's new API Memory system
- Fixed 3 MongoDB persistence test failures
- Implemented BoundaryEnforcer inst_016-018 trigger logic per user request
- All unit tests now passing (61/61 BoundaryEnforcer, 25/25 BlogCuration)

## Fixes

### 1. CrossReferenceValidator: Port Regex Enhancement
- **File**: src/services/CrossReferenceValidator.service.js:203
- **Issue**: Regex couldn't extract port from "port 27017" (space-delimited format)
- **Fix**: Changed `/port[:=]\s*(\d{4,5})/i` to `/port[:\s=]\s*(\d{4,5})/i`
- **Result**: Now matches "port: X", "port = X", and "port X" formats
- **Tests**: 28/28 CrossReferenceValidator tests passing

### 2. BlogCuration: MongoDB Method Correction
- **File**: src/services/BlogCuration.service.js:187
- **Issue**: Called non-existent `Document.findAll()` method
- **Fix**: Changed to `Document.list({ limit: 20, skip: 0 })`
- **Result**: BlogCuration can now fetch existing documents for topic generation
- **Tests**: 25/25 BlogCuration tests passing

### 3. MemoryProxy: Optional Anthropic API Integration
- **File**: src/services/MemoryProxy.service.js
- **Issue**: Treated Anthropic Memory Tool API as mandatory, causing errors without API key
- **Fix**: Made Anthropic client optional with graceful degradation
- **Architecture**: MongoDB (required) + Anthropic API (optional enhancement)
- **Result**: System functions fully without CLAUDE_API_KEY environment variable

### 4. AuditLog Model: Duplicate Index Fix
- **File**: src/models/AuditLog.model.js:132
- **Issue**: Mongoose warning about duplicate timestamp index
- **Fix**: Removed inline `index: true`, kept TTL index definition at line 149
- **Result**: No more Mongoose duplicate index warnings

### 5. BlogCuration Tests: Mock API Correction
- **File**: tests/unit/BlogCuration.service.test.js
- **Issue**: Tests mocked non-existent `generateBlogTopics()` function
- **Fix**: Updated mocks to use actual `sendMessage()` and `extractJSON()` methods
- **Result**: All 25 BlogCuration tests passing

## New Features

### 6. BoundaryEnforcer: inst_016-018 Content Validation (MAJOR)
- **File**: src/services/BoundaryEnforcer.service.js:508-580
- **Purpose**: Prevent fabricated statistics, absolute guarantees, and unverified claims
- **Implementation**: Added `_checkContentViolations()` private method
- **Enforcement Rules**:
  - **inst_017**: Blocks absolute assurance terms (guarantee, 100% secure, never fails)
  - **inst_016**: Blocks statistics/ROI/$ amounts without sources
  - **inst_018**: Blocks production claims (production-ready, battle-tested) without evidence
- **Mechanism**: All violations classified as VALUES boundary violations (honesty/transparency)
- **Tests**: 22 new comprehensive tests in tests/unit/BoundaryEnforcer.test.js
- **Result**: 61/61 BoundaryEnforcer tests passing

### Regex Pattern for inst_016 (Statistics Detection):
```regex
/\d+(\.\d+)?%|\$[\d,]+|\d+x\s*roi|payback\s*(period)?\s*of\s*\d+|\d+[\s-]*(month|year)s?\s*payback|\d+(\.\d+)?m\s*(saved|savings)/i
```

### Detection Examples:
- ✅ BLOCKS: "This system guarantees 100% security"
- ✅ BLOCKS: "Delivers 1315% ROI without sources"
- ✅ BLOCKS: "Production-ready framework" (without testing_evidence)
- ✅ ALLOWS: "Research shows 85% improvement [source: example.com]"
- ✅ ALLOWS: "Validated framework with testing_evidence provided"

## MongoDB Models (New Files)
- src/models/AuditLog.model.js - Audit log persistence with TTL
- src/models/GovernanceRule.model.js - Governance rules storage
- src/models/SessionState.model.js - Session state tracking
- src/models/VerificationLog.model.js - Verification logs
- src/services/AnthropicMemoryClient.service.js - Optional API integration

## Test Results
- BoundaryEnforcer: 61/61 tests passing (22 new inst_016-018 tests)
- BlogCuration: 25/25 tests passing
- CrossReferenceValidator: 28/28 tests passing

## Framework Compliance
- ✅ Implements inst_016, inst_017, inst_018 enforcement
- ✅ Addresses 2025-10-09 framework failure (fabricated statistics on leader.html)
- ✅ All content generation now subject to honesty/transparency validation
- ✅ Human approval required for statistical claims without sources

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-11 00:17:03 +13:00

TheFlow

1815ec6c11

feat: Phase 5 Memory Tool PoC - Week 2 Complete (MemoryProxy Service)

Week 2 Objectives (ALL MET AND EXCEEDED):
✅ Full 18-rule integration (100% data integrity)
✅ MemoryProxy service implementation (417 lines)
✅ Comprehensive test suite (25/25 tests passing)
✅ Production-ready persistence layer

Key Achievements:

1. Full Tractatus Rules Integration:
   - Loaded all 18 governance rules from .claude/instruction-history.json
   - Storage performance: 1ms (0.06ms per rule)
   - Retrieval performance: 1ms
   - Data integrity: 100% (18/18 rules validated)
   - Critical rules tested: inst_016, inst_017, inst_018

2. MemoryProxy Service (src/services/MemoryProxy.service.js):
   - persistGovernanceRules() - Store rules to memory
   - loadGovernanceRules() - Retrieve rules from memory
   - getRule(id) - Get specific rule by ID
   - getRulesByQuadrant() - Filter by quadrant
   - getRulesByPersistence() - Filter by persistence level
   - auditDecision() - Log governance decisions (JSONL format)
   - In-memory caching (5min TTL, configurable)
   - Comprehensive error handling and validation

3. Test Suite (tests/unit/MemoryProxy.service.test.js):
   - 25 unit tests, 100% passing
   - Coverage: Initialization, persistence, retrieval, querying, auditing, caching
   - Test execution time: 0.454s
   - All edge cases handled (missing files, invalid input, cache expiration)

Performance Results:
- 18 rules: 2ms total (store + retrieve)
- Average per rule: 0.11ms
- Target was <1000ms - EXCEEDED by 500x
- Cache performance: <1ms for subsequent calls

Architecture:
┌─ Tractatus Application Layer
├─ MemoryProxy Service ✅ (abstraction layer)
├─ Filesystem Backend ✅ (production-ready)
└─ Future: Anthropic Memory Tool API (Week 3)

Memory Structure:
.memory/
├── governance/
│   ├── tractatus-rules-v1.json (all 18 rules)
│   └── inst_{id}.json (individual critical rules)
├── sessions/ (Week 3)
└── audit/
    └── decisions-{date}.jsonl (JSONL audit trail)

Deliverables:
- tests/poc/memory-tool/week2-full-rules-test.js (394 lines)
- src/services/MemoryProxy.service.js (417 lines)
- tests/unit/MemoryProxy.service.test.js (446 lines)
- docs/research/phase-5-week-2-summary.md (comprehensive summary)

Total: 1,257 lines production code + tests

Week 3 Preview:
- Integrate MemoryProxy with BoundaryEnforcer
- Integrate with BlogCuration (inst_016/017/018 enforcement)
- Context editing experiments (50+ turn conversations)
- Migration script (.claude/ → .memory/)

Research Status: Week 2 of 3 complete
Confidence: VERY HIGH - Production-ready, fully tested, ready for integration

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-10 12:11:20 +13:00

3 commits