john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
450 commits 1 branch 0 tags 125 MiB
Commit graph

4 commits

Author SHA1 Message Date
TheFlow
8830ca7eb3 feat(governance): wave 4 enforcement - 41% improvement (56% → 79%) 
Implements 9 additional enforcement mechanisms across all priority levels:

🔒 HIGH PRIORITY - Architectural Enforcement:
 API Security Validator (inst_013/045) - scripts/check-api-security.js
   - Scans API endpoints for rate limiting
   - Validates authentication requirements
   - Detects sensitive runtime data exposure

 GitHub Repo Structure (inst_063_CONSOLIDATED) - scripts/check-github-repo-structure.js
   - Validates repository structure requirements
   - Ensures tractatus-framework remains implementation-focused

⚙️ MEDIUM PRIORITY - Process/Workflow:
 Human Approval Tracker (inst_005) - scripts/track-human-approvals.js
   - Logs approval requirements for major decisions
   - Tracks pending approvals

 Context Pressure Comprehensive (inst_019) - scripts/verify-context-pressure-comprehensive.js
   - Verifies all pressure factors included
   - Validates comprehensive context accounting

📋 LOW PRIORITY - Behavioral/Values:
 Behavioral Compliance Reminders (inst_047/049) - .claude/hooks/behavioral-compliance-reminder.js
   - Reminds never to dismiss user requests
   - Prompts to test user hypotheses first
   - Integrated into UserPromptSubmit hooks

 Dark Patterns Detector (inst_079) - scripts/check-dark-patterns.js
   - Scans UI code for manipulative patterns
   - Detects confirm shaming, hidden checkboxes, timed popups

📊 Enforcement Progress:
- Wave 1: 11/39 (28%)
- Wave 2: 18/39 (46%)
- Wave 3: 22/39 (56%)
- Wave 4: 31/39 (79%)
- Total improvement: +20 instructions = +178% from baseline
- Remaining gaps: 8/39 (21%)

🎯 Remaining 8 Gaps (requires runtime/process enforcement):
- inst_039: Document processing verification
- inst_043: Web form input validation (runtime)
- inst_052: Scope adjustment authority tracking
- inst_058: JSON/DB schema sync validation
- inst_061: Hook approval pattern tracking
- inst_072: Defense-in-depth credential layers
- inst_080: Open source commitment (policy)
- inst_081: Pluralism principle (foundational value)

🔄 Enhanced Hooks:
- UserPromptSubmit now runs 3 hooks (triggers, all-commands, behavioral)
- Added behavioral compliance reminders for session guidance

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-25 13:48:43 +13:00
TheFlow
4773c8bb95 feat(governance): third wave enforcement - 22% improvement (46% → 56%) 
Implements 4 additional architectural enforcement mechanisms:

 All Command Detection (inst_040) - .claude/hooks/all-command-detector.js
 Deployment Structure Validation (inst_025) - scripts/verify-deployment-structure.js
 File Permissions Check (inst_020_CONSOLIDATED) - scripts/check-file-permissions.js
 Environment Variable Standards (inst_026) - scripts/check-env-var-standards.js

📊 Progress: 22/39 enforced (56%), +4 from wave 2, 17 gaps remaining

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-25 13:38:18 +13:00
TheFlow
e7efdc7810 feat(governance): second wave enforcement - 64% improvement (28% → 46%) 
Implements 7 additional architectural enforcement mechanisms:

 Prohibited Terms Detection (inst_016/017/018):
- scripts/check-prohibited-terms.js
- Scans for absolute assurance terms ("guarantee", "100% secure")
- Detects maturity claims without evidence ("production-ready", "battle-tested")
- Checks statistics require citation or [NEEDS VERIFICATION]
- Integrated into .git/hooks/pre-commit (Check 2)

 Credential Exposure Prevention (inst_069/070):
- scripts/check-credential-exposure.js
- Detects real API keys, secrets, passwords in documentation
- Validates example credentials use proper patterns (EXAMPLE/REDACTED)
- CRITICAL: Runs first in pre-commit (Check 0)

 Confidential Document Protection (inst_012/015):
- scripts/check-confidential-docs.js
- Prevents deployment of internal/session-handoff documents
- Scans filenames and content for [CONFIDENTIAL]/[INTERNAL] markers
- Integrated into scripts/deploy.sh pre-flight checks

 Enhanced Pre-Commit Hook:
Now runs 4 checks in order:
0. Credential exposure (CRITICAL)
1. CSP compliance
2. Prohibited terms
3. Test requirements

 Enhanced Deployment Script:
- Added confidential document check to deploy.sh
- Scans public/ and docs/ before deployment
- Blocks deployment if confidential markers found

 Updated Enforcement Map:
- Added all new mechanisms to audit-enforcement.js
- Updated inst_008_CONSOLIDATED mapping
- New mappings: inst_012, inst_015, inst_016, inst_017, inst_018, inst_069, inst_070

📊 Enforcement Progress:
- Wave 1: 11/39 imperative instructions enforced (28%)
- Wave 2: 18/39 imperative instructions enforced (46%)
- Improvement: +7 instructions = +64% increase
- Remaining gaps: 21/39 (54%)

🎯 Next Priority Gaps:
- inst_013/043/045: API security validation
- inst_019: Context pressure comprehensive accounting
- inst_025: Deployment file mapping
- inst_039/040: Batch operation verification
- inst_079/080/081: Values/principles (process-based)

🔒 Security Posture:
- CRITICAL security checks now run first (credential exposure)
- All text files scanned before commit
- All deployment candidates scanned before rsync

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-25 13:26:33 +13:00
TheFlow
86d7042f42 feat(governance): implement comprehensive enforcement architecture 
Completes enforcement implementation from ENFORCEMENT_AUDIT.md analysis:

 Implemented (6 enforcement mechanisms):
1. Token checkpoint monitoring (inst_075)
   - .claude/hooks/check-token-checkpoint.js
   - PostToolUse hook integration

2. Trigger word detection (inst_078, inst_082)
   - .claude/hooks/trigger-word-checker.js (already completed)
   - "ff" and "ffs" triggers architecturally enforced

3. Framework activity verification (inst_064)
   - Enhanced scripts/session-init.js with fade detection
   - Alerts when components stale >20 messages

4. Test requirement enforcement (inst_068)
   - Enhanced .git/hooks/pre-commit
   - Runs tests if test files exist for modified code
   - Blocks commits on test failures

5. Background process tracking (inst_023)
   - scripts/track-background-process.js
   - Integrated into session-init.js and session-closedown.js
   - Tracks persistent vs temporary processes

6. Security logging verification (inst_046)
   - scripts/verify-security-logging.js
   - Can be integrated into deployment workflow

7. Meta-enforcement monitoring system
   - scripts/audit-enforcement.js
   - Scans HIGH persistence instructions for imperatives
   - Reports enforcement gaps (currently 28/39 gaps)

🔒 Protection Added:
- inst_027: Hard block on instruction-history.json edits
- Conventional commit format enforcement (inst_066)
- CSP + test validation in pre-commit hook

📊 Current Enforcement Status:
- Baseline: 11/39 imperative instructions enforced (28%)
- Framework fade detection operational
- Token checkpoints architecturally monitored

🎯 Philosophy:
"If it's MANDATORY, it must be ENFORCED architecturally, not documented."

This addresses the root cause of voluntary compliance failures identified
when Claude missed "ffs" trigger and token checkpoints despite active
HIGH persistence instructions.

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-25 13:15:06 +13:00