john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
240 commits 1 branch 0 tags 125 MiB
Commit graph

6 commits

Author SHA1 Message Date
TheFlow
fb9fc48f67 chore: update session metrics and roadmap progress 
Session Metrics:
- Hook validator metrics updated from session activity
- 971 new hook execution records tracked
- CSP violations detected and resolved during i18n work

Roadmap Updates:
- GitHub Repository Setup marked complete (October 15, 2025)
- Phase 3 progress: 2/8 tasks (25% complete, up from 19%)
- Overall project progress: 47% (17/36 tasks, up from 46%)

Dependencies:
- Added i18next@^25.6.0 for internationalization
- Added i18next-browser-languagedetector@^8.2.0 for locale detection
- Added i18next-http-backend@^3.0.2 for translation loading

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-17 09:30:25 +13:00
TheFlow
7387cb9807 security: implement file upload security with ClamAV integration (inst_041) 
Phase 1: File Security Complete
 Created file-security.middleware.js with multi-layer validation
 Installed multer for file uploads
 Created quarantine directories on production and dev
 Integrated ClamAV malware scanning

Features:
- Magic number validation (prevents MIME spoofing)
- ClamAV malware scanning (8.7M signatures)
- Automatic file quarantine with metadata
- Size limits: 10MB documents, 50MB media
- MIME type whitelist enforcement
- Comprehensive security event logging

Middleware provides:
- createSecureUpload() - Full pipeline (multer + security)
- createFileSecurityMiddleware() - Validation only
- Quarantine system with JSON metadata

Implements: inst_041 (file upload validation)
Refs: docs/plans/security-implementation-roadmap.md Phase 2-P2-2

ClamAV Status:
- Version: 1.4.3
- Signatures: 8,724,466
- Daemon: Running (521MB RAM)
- Test: EICAR detection confirmed
 2025-10-14 15:58:48 +13:00
TheFlow
b078eec634 security: implement Quick Wins security middleware (inst_041-046) 
- Add security headers middleware (CSP, HSTS, X-Frame-Options, etc.)
- Add rate limiting (100 req/15min public, 5 req/min forms)
- Add input validation and sanitization middleware
- Add response sanitization (hide stack traces, remove sensitive fields)
- Add centralized security event logging to audit trail
- Disable CSRF (deprecated package, will implement modern solution in Phase 3)
- Update security logger to use HOME-based log path

Implements: inst_041, inst_042, inst_043, inst_044, inst_045, inst_046
Refs: docs/plans/security-implementation-roadmap.md
 2025-10-14 15:18:49 +13:00
TheFlow
c417f5b7d6 feat: enhance framework services and format architectural documentation 
Framework Service Enhancements:
- ContextPressureMonitor: Enhanced statistics tracking and contextual adjustments
- InstructionPersistenceClassifier: Improved context integration and consistency
- MetacognitiveVerifier: Extended verification capabilities and logging
- All services: 182 unit tests passing

Admin Interface Improvements:
- Blog curation: Enhanced content management and validation
- Audit analytics: Improved analytics dashboard and reporting
- Dashboard: Updated metrics and visualizations

Documentation:
- Architectural overview: Improved markdown formatting for readability
- Added blank lines between sections for better structure
- Fixed table formatting for version history

All tests passing: Framework stable for deployment

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-11 00:50:47 +13:00
TheFlow
2ddae65b18 feat: Phase 5 Memory Tool PoC - Week 1 Complete 
Week 1 Objectives (All Met):
- API research and capabilities assessment 
- Comprehensive findings document 
- Basic persistence PoC implementation 
- Anthropic integration test framework 
- Governance rules testing (inst_001, inst_016, inst_017) 

Key Achievements:
- Updated @anthropic-ai/sdk: 0.9.1 → 0.65.0 (memory tool support)
- Built FilesystemMemoryBackend (create, view, exists operations)
- Validated 100% persistence and data integrity
- Performance: 1ms overhead (filesystem) - exceeds <500ms target
- Simulation mode: Test workflow without API costs

Deliverables:
- docs/research/phase-5-memory-tool-poc-findings.md (42KB API assessment)
- docs/research/phase-5-week-1-implementation-log.md (comprehensive log)
- tests/poc/memory-tool/basic-persistence-test.js (291 lines)
- tests/poc/memory-tool/anthropic-memory-integration-test.js (390 lines)

Test Results:
 Basic Persistence: 100% success (1ms latency)
 Governance Rules: 3 rules tested successfully
 Data Integrity: 100% validation
 Memory Structure: governance/, sessions/, audit/ directories

Next Steps (Week 2):
- Context editing experimentation (50+ turn conversations)
- Real API integration with CLAUDE_API_KEY
- Multi-rule storage (all 18 Tractatus rules)
- Performance measurement vs. baseline

Research Status: Week 1 of 3 complete, GREEN LIGHT for Week 2

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-10 12:03:39 +13:00
TheFlow
e1dea44e86 fix: include package-lock.json for GitHub Actions 
- Removed package-lock.json from .gitignore
- Added package-lock.json to git tracking
- Fixes npm ci failure in sync-public-docs workflow

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-09 15:17:35 +13:00