tractatus

Author	SHA1	Message	Date
TheFlow	29fa3956f9	feat: newsletter modal and deployment script enhancements Newsletter Modal Implementation: - Added modal subscription forms to blog pages - Improved UX with dedicated modal instead of anchor links - Location: public/blog.html, public/blog-post.html Blog JavaScript Enhancements: - Enhanced blog.js and blog-post.js with modal handling - Newsletter form submission logic - Location: public/js/blog.js, public/js/blog-post.js Deployment Script Improvements: - Added pre-deployment checks (server running, version parameters) - Enhanced visual feedback with status indicators (✓/✗/⚠) - Version parameter staleness detection - Location: scripts/deploy-full-project-SAFE.sh Demo Page Cleanup: - Minor refinements to demo pages - Location: public/demos/.html Routes Enhancement*: - Newsletter route additions - Location: src/routes/index.js 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-14 13:11:46 +13:00
TheFlow	dcb778726b	docs: fix Introduction language violations and add database utility scripts - Remove absolute claims from Introduction ("guarantees" -> "constraints") - Align with TRA-VAL-0001 "Honest Limitations" principle - Add compare-databases.js for dev/prod sync verification - Add check-sections.js to audit card presentation status - Add fix-category-mismatches.js for category corrections - Fix Document.model.js metadata update handling 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-12 22:41:04 +13:00
TheFlow	4ac0b867e7	fix(models): remove duplicate schema indexes for clean startup - GovernanceRule: Remove duplicate category index (uses compound index) - VerificationLog: Remove duplicate verifiedAt index (uses compound + TTL) - VariableValue: Remove duplicate category index (standalone index exists) Eliminates 3 Mongoose duplicate index warnings on server startup Server now starts with zero warnings 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-12 16:35:45 +13:00
TheFlow	c96ad31046	feat: implement Rule Manager and Project Manager admin systems Major Features: - Multi-project governance with Rule Manager web UI - Project Manager for organizing governance across projects - Variable substitution system (${VAR_NAME} in rules) - Claude.md analyzer for instruction extraction - Rule quality scoring and optimization Admin UI Components: - /admin/rule-manager.html - Full-featured rule management interface - /admin/project-manager.html - Multi-project administration - /admin/claude-md-migrator.html - Import rules from Claude.md files - Dashboard enhancements for governance analytics Backend Implementation: - Controllers: projects, rules, variables - Models: Project, VariableValue, enhanced GovernanceRule - Routes: /api/projects, /api/rules with full CRUD - Services: ClaudeMdAnalyzer, RuleOptimizer, VariableSubstitution - Utilities: mongoose helpers Documentation: - User guides for Rule Manager and Projects - Complete API documentation (PROJECTS_API, RULES_API) - Phase 3 planning and architecture diagrams - Test results and error analysis - Coding best practices summary Testing & Scripts: - Integration tests for projects API - Unit tests for variable substitution - Database migration scripts - Seed data generation - Test token generator Key Capabilities: ✅ UNIVERSAL scope rules apply across all projects ✅ PROJECT_SPECIFIC rules override for individual projects ✅ Variable substitution per-project (e.g., ${DB_PORT} → 27017) ✅ Real-time validation and quality scoring ✅ Advanced filtering and search ✅ Import from existing Claude.md files Technical Details: - MongoDB-backed governance persistence - RESTful API with Express - JWT authentication for admin endpoints - CSP-compliant frontend (no inline handlers) - Responsive Tailwind UI This implements Phase 3 architecture as documented in planning docs. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-11 17:16:51 +13:00
TheFlow	2fc6e0a593	feat: implement documentation reorganization with archives Documentation Reorganization (Option A - Full): - Reduced public docs from 47 to 11 (76% reduction) - 31 documents archived (project tracking, outdated) - 5 documents marked confidential (security, payments) - Clear 3-tier structure: Getting Started, Framework Details, Case Studies Archives Infrastructure: - Added visibility: 'archived' \| 'public' \| 'confidential' \| 'internal' - Added category: 'conceptual' \| 'practical' \| 'reference' \| 'archived' \| 'project-tracking' - Added order field for explicit document ordering (1-11 for public) - Added archiveNote field for explaining why documents were archived - New endpoint: GET /api/documents/archived - New controller method: listArchivedDocuments() - UI: Archives section (collapsed by default) at bottom of docs list Public Documentation (11 documents, well-organized): 1. Architectural Overview (reference) 2. Core Concepts (conceptual) - needs Phase 5 update 3. Implementation Guide (practical) - needs MongoDB rewrite 4. Core Values & Principles (conceptual) 5. Case Studies (practical) 6. Business Case Template (practical) 7. Glossary (reference) - needs Phase 5 terms 8-11. Recent Case Studies (practical) Model Updates: - src/models/Document.model.js: Added visibility, category, order, archiveNote fields - src/models/Document.model.js: Added listArchived() static method - Default sort by order (1-999) instead of date Controller Updates: - src/controllers/documents.controller.js: Added listArchivedDocuments() - Filter excludes archived docs from main list by default Route Updates: - src/routes/documents.routes.js: Added GET /api/documents/archived UI Updates: - public/js/docs-app.js: New category structure (Getting Started, Framework Details, Reference) - public/js/docs-app.js: Fetches and displays archived documents in collapsed section - public/js/docs-app.js: Archives show document count badge - public/js/docs-app.js: Archive notes displayed below archived document links - Auto-loads Architectural Overview (order: 1) on page load Scripts Created: - scripts/archive-outdated-documents.js: Archive 10 outdated documents - scripts/update-document-metadata.js: Set order/category for 7 core docs - scripts/archive-all-internal-documents.js: Mass archive 23 internal docs Documentation: - docs/DOCUMENT_AUDIT_2025-10-11.md: Comprehensive audit of all 47 documents - docs/DOCUMENT_REORGANIZATION_SUMMARY.md: Executive summary with before/after Next Steps (Phase 2 - Content Updates): - Update Core Concepts for Phase 5 MongoDB architecture - Rewrite Implementation Guide for MongoDB deployment - Update Glossary with Phase 5 terms (MongoDB, MemoryProxy, API Memory) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-11 01:26:14 +13:00
TheFlow	29f50124b5	fix: MongoDB persistence and inst_016-018 content validation enforcement This commit implements critical fixes to stabilize the MongoDB persistence layer and adds inst_016-018 content validation to BoundaryEnforcer as specified in instruction history. ## Context - First session using Anthropic's new API Memory system - Fixed 3 MongoDB persistence test failures - Implemented BoundaryEnforcer inst_016-018 trigger logic per user request - All unit tests now passing (61/61 BoundaryEnforcer, 25/25 BlogCuration) ## Fixes ### 1. CrossReferenceValidator: Port Regex Enhancement - File: src/services/CrossReferenceValidator.service.js:203 - Issue: Regex couldn't extract port from "port 27017" (space-delimited format) - Fix: Changed `/port[:=]\s(\d{4,5})/i` to `/port[:\s=]\s(\d{4,5})/i` - Result: Now matches "port: X", "port = X", and "port X" formats - Tests: 28/28 CrossReferenceValidator tests passing ### 2. BlogCuration: MongoDB Method Correction - File: src/services/BlogCuration.service.js:187 - Issue: Called non-existent `Document.findAll()` method - Fix: Changed to `Document.list({ limit: 20, skip: 0 })` - Result: BlogCuration can now fetch existing documents for topic generation - Tests: 25/25 BlogCuration tests passing ### 3. MemoryProxy: Optional Anthropic API Integration - File: src/services/MemoryProxy.service.js - Issue: Treated Anthropic Memory Tool API as mandatory, causing errors without API key - Fix: Made Anthropic client optional with graceful degradation - Architecture: MongoDB (required) + Anthropic API (optional enhancement) - Result: System functions fully without CLAUDE_API_KEY environment variable ### 4. AuditLog Model: Duplicate Index Fix - File: src/models/AuditLog.model.js:132 - Issue: Mongoose warning about duplicate timestamp index - Fix: Removed inline `index: true`, kept TTL index definition at line 149 - Result: No more Mongoose duplicate index warnings ### 5. BlogCuration Tests: Mock API Correction - File: tests/unit/BlogCuration.service.test.js - Issue: Tests mocked non-existent `generateBlogTopics()` function - Fix: Updated mocks to use actual `sendMessage()` and `extractJSON()` methods - Result: All 25 BlogCuration tests passing ## New Features ### 6. BoundaryEnforcer: inst_016-018 Content Validation (MAJOR) - File: src/services/BoundaryEnforcer.service.js:508-580 - Purpose: Prevent fabricated statistics, absolute guarantees, and unverified claims - Implementation: Added `_checkContentViolations()` private method - Enforcement Rules: - inst_017: Blocks absolute assurance terms (guarantee, 100% secure, never fails) - inst_016: Blocks statistics/ROI/$ amounts without sources - inst_018: Blocks production claims (production-ready, battle-tested) without evidence - Mechanism: All violations classified as VALUES boundary violations (honesty/transparency) - Tests: 22 new comprehensive tests in tests/unit/BoundaryEnforcer.test.js - Result: 61/61 BoundaryEnforcer tests passing ### Regex Pattern for inst_016 (Statistics Detection): ```regex /\d+(\.\d+)?%\|\$[\d,]+\|\d+x\sroi\|payback\s(period)?\sof\s\d+\|\d+[\s-](month\|year)s?\spayback\|\d+(\.\d+)?m\s*(saved\|savings)/i ``` ### Detection Examples: - ✅ BLOCKS: "This system guarantees 100% security" - ✅ BLOCKS: "Delivers 1315% ROI without sources" - ✅ BLOCKS: "Production-ready framework" (without testing_evidence) - ✅ ALLOWS: "Research shows 85% improvement [source: example.com]" - ✅ ALLOWS: "Validated framework with testing_evidence provided" ## MongoDB Models (New Files) - src/models/AuditLog.model.js - Audit log persistence with TTL - src/models/GovernanceRule.model.js - Governance rules storage - src/models/SessionState.model.js - Session state tracking - src/models/VerificationLog.model.js - Verification logs - src/services/AnthropicMemoryClient.service.js - Optional API integration ## Test Results - BoundaryEnforcer: 61/61 tests passing (22 new inst_016-018 tests) - BlogCuration: 25/25 tests passing - CrossReferenceValidator: 28/28 tests passing ## Framework Compliance - ✅ Implements inst_016, inst_017, inst_018 enforcement - ✅ Addresses 2025-10-09 framework failure (fabricated statistics on leader.html) - ✅ All content generation now subject to honesty/transparency validation - ✅ Human approval required for statistical claims without sources 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-11 00:17:03 +13:00
TheFlow	d95dc4663c	feat(infra): semantic versioning and systemd service implementation Cache-Busting Improvements: - Switched from timestamp-based to semantic versioning (v1.0.2) - Updated all HTML files: index.html, docs.html, leader.html - CSS: tailwind.css?v=1.0.2 - JS: navbar.js, document-cards.js, docs-app.js v1.0.2 - Professional versioning approach for production stability systemd Service Implementation: - Created tractatus-dev.service for development environment - Created tractatus-prod.service for production environment - Added install-systemd.sh script for easy deployment - Security hardening: NoNewPrivileges, PrivateTmp, ProtectSystem - Resource limits: 1GB dev, 2GB prod memory limits - Proper logging integration with journalctl - Automatic restart on failure (RestartSec=10) Why systemd over pm2: 1. Native Linux integration, no additional dependencies 2. Better OS-level security controls (ProtectSystem, ProtectHome) 3. Superior logging with journalctl integration 4. Standard across Linux distributions 5. More robust process management for production Usage: # Development: sudo ./scripts/install-systemd.sh dev # Production: sudo ./scripts/install-systemd.sh prod # View logs: sudo journalctl -u tractatus -f 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-09 09:16:22 +13:00
TheFlow	b3bd3b2348	feat: add multi-currency support and privacy policy to Koha system Multi-Currency Implementation: - Add currency configuration with 10 supported currencies (NZD, USD, EUR, GBP, AUD, CAD, JPY, CHF, SGD, HKD) - Create client-side and server-side currency utilities for conversion and formatting - Implement currency selector UI component with auto-detection and localStorage persistence - Update Donation model to store multi-currency transactions with NZD equivalents - Update Koha service to handle currency conversion and exchange rate tracking - Update donation form UI to display prices in selected currency - Update transparency dashboard to show donations with currency indicators - Update Stripe setup documentation with currency_options configuration guide Privacy Policy: - Create comprehensive privacy policy page (GDPR compliant) - Add shared footer component with privacy policy link - Update all Koha pages with footer component Technical Details: - Exchange rates stored at donation time for historical accuracy - All donations tracked in both original currency and NZD for transparency - Base currency: NZD (New Zealand Dollar) - Uses Stripe currency_options for monthly subscriptions - Dynamic currency for one-time donations 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-08 15:17:23 +13:00
TheFlow	ebfeadb900	feat: implement Koha donation system backend (Phase 3) Backend API complete for NZD donation processing via Stripe. New Backend Components: Database Model: - src/models/Donation.model.js - Donation schema with privacy-first design - Anonymous donations by default, opt-in public acknowledgement - Monthly recurring and one-time donation support - Stripe integration (customer, subscription, payment tracking) - Public transparency metrics aggregation - Admin statistics and reporting Service Layer: - src/services/koha.service.js - Stripe integration service - Checkout session creation (monthly + one-time) - Webhook event processing (8 event types) - Subscription management (cancel, update) - Receipt email generation (placeholder) - Transparency metrics calculation - Based on passport-consolidated StripeService pattern Controller: - src/controllers/koha.controller.js - HTTP request handlers - POST /api/koha/checkout - Create donation checkout - POST /api/koha/webhook - Stripe webhook receiver - GET /api/koha/transparency - Public metrics - POST /api/koha/cancel - Cancel recurring donation - GET /api/koha/verify/:sessionId - Verify payment status - GET /api/koha/statistics - Admin statistics Routes: - src/routes/koha.routes.js - API endpoint definitions - src/routes/index.js - Koha routes registered Infrastructure: Server Configuration: - src/server.js - Raw body parsing for Stripe webhooks - Required for webhook signature verification - Route-specific middleware for /api/koha/webhook Environment Variables: - .env.example - Koha/Stripe configuration template - Stripe API keys (reuses passport-consolidated account) - Price IDs for NZD monthly tiers ($5, $15, $50) - Webhook secret for signature verification - Frontend URL for payment redirects Documentation: - docs/KOHA_STRIPE_SETUP.md - Complete setup guide - Step-by-step Stripe Dashboard configuration - Product and price creation instructions - Webhook endpoint setup - Testing procedures with test cards - Security and compliance notes - Production deployment checklist Key Features: ✅ Privacy-first design (anonymous by default) ✅ NZD currency support (New Zealand Dollars) ✅ Monthly recurring subscriptions ($5, $15, $50 NZD) ✅ One-time custom donations ✅ Public transparency dashboard metrics ✅ Stripe webhook signature verification ✅ Subscription cancellation support ✅ Receipt tracking (email generation ready) ✅ Admin statistics and reporting Architecture: - Reuses existing Stripe account from passport-consolidated - Separate webhook endpoint (/api/koha/webhook vs /api/stripe/webhook) - Separate MongoDB collection (koha_donations) - Compatible with existing infrastructure Next Steps: - Create Stripe products in Dashboard (use setup guide) - Build donation form frontend UI - Create transparency dashboard page - Implement receipt email service - Test end-to-end with Stripe test cards - Deploy to production 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-08 13:35:40 +13:00
TheFlow	09f706c51b	feat: fix documentation system - cards, PDFs, TOC, and navigation - Fixed download icon size (1.25rem instead of huge black icons) - Uploaded all 12 PDFs to production server - Restored table of contents rendering for all documents - Fixed modal cards with proper CSS and event handlers - Replaced all docs-viewer.html links with docs.html - Added nginx redirect from /docs/* to /docs.html - Fixed duplicate headers in modal sections - Improved cache-busting with timestamp versioning All documentation features now working correctly: ✅ Card-based document viewer with modals ✅ PDF downloads with proper icons ✅ Table of contents navigation ✅ Consistent URL structure 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-07 22:51:55 +13:00
TheFlow	78ab5754f2	feat: add MongoDB models for core collections Models Created (7/10): - Document.model.js: Framework docs with quadrant classification - BlogPost.model.js: AI-curated blog with moderation - MediaInquiry.model.js: Press/media triage workflow - ModerationQueue.model.js: Human oversight queue with priority - User.model.js: Admin authentication with bcrypt - CaseSubmission.model.js: Community case studies with AI review - Resource.model.js: Curated directory with alignment scores Features: - Full CRUD operations for each model - Tractatus quadrant integration - AI analysis fields for curation - Human approval workflows - Status tracking and filtering - Security (password hashing, sanitized returns) Deferred (Phase 2-3): - Citation.model.js - Translation.model.js - KohaDonation.model.js Status: Core models complete, ready for Express server	2025-10-06 23:54:56 +13:00

11 commits