tractatus

john/tractatus

Fork 0

Commit graph

Author SHA1 Message Date

Author	SHA1	Message	Date
TheFlow	a4db3e62ec	chore(vendor-policy): sweep project-self GitHub URLs to Codeberg (partial) Some checks are pending CI / Run Tests (push) Waiting to run Details CI / Lint Code (push) Waiting to run Details CI / CSP Compliance Check (push) Waiting to run Details Addresses the documentation-layer gap after Phase A/B moved the git REMOTE from GitHub to Codeberg but left ~100 project-self GitHub URLs embedded in markdown, HTML, JS, and Python files. The remote-layer migration was generalised as "GitHub is gone from the codebase" without verifying the content layer. 22 files swept in this commit. 27 additional files hold pre-existing inst_016/017/018 or inst_084 debt that would transfer on touch (hook whole-file scan). Those await a companion hygiene-first commit before their GitHub->Codeberg flip can land cleanly. Sweep scope this commit: - README.md, SECURITY.md - 3 For-Claude-Web bundle files (GitHub URLs noted as "separate concern" in today's earlier licence-swap commits) - docs/markdown/deployment-guide.md - docs/AUTOMATED_SYNC_SETUP, PLURALISM_CHECKLIST, github/AGENT_LIGHTNING_README - docs/business-intelligence/governance-bi-tools - docs/outreach/EXECUTIVE-BRIEF-BI-GOVERNANCE (+ v2) - docs/research/ARCHITECTURAL-SAFEGUARDS-* - email-templates/README.md, base-template.html - 3 scripts/seed--blog-post.js (blog-seeding scripts) - scripts/upload-document.js - SESSION_HANDOFF_2025-10-23_FRAMEWORK_ANALYSIS.md - SECURITY_INCIDENT_POST_MORTEM_2025-10-21.md Pattern swaps (longest-first): github.com/AgenticGovernance/tractatus-framework/issues -> codeberg.org/mysovereignty/tractatus-framework/issues github.com/AgenticGovernance/tractatus-framework/discussions -> .../issues (Codeberg has no discussions feature) github.com/AgenticGovernance/tractatus-framework.git -> codeberg.org/mysovereignty/tractatus-framework.git github.com/AgenticGovernance/tractatus-framework -> codeberg.org/mysovereignty/tractatus-framework git@github.com:AgenticGovernance/... -> git@codeberg.org:mysovereignty/... github.com/AgenticGovernance/tractatus (old org/repo path) -> codeberg.org/mysovereignty/tractatus-framework AgenticGovernance/tractatus-framework (bare) -> mysovereignty/tractatus-framework Hook validator update (scripts/hook-validators/validate-credentials.js): PROTECTED_VALUES.github_org: 'AgenticGovernance' -> 'mysovereignty' PROTECTED_VALUES.license: 'Apache License 2.0' -> EUPL-1.2 long form URL detection regex: /github\.com\/.../ -> /codeberg\.org\/.../ Placeholder checks + error messages updated to reflect Codeberg as authoritative post-migration host. Key names (e.g. `github_org`) retained for backward compatibility with validate-file-edit.js. Held back from this commit (27 files total, documented reasons): 11 historical session handoffs / closedown docs / incident reports (2025-10 through 2026-02) — modifying them rewrites the record to contain URLs that did not exist at the time of writing, AND ownership of their pre-existing inst_084 exposures transfers on touch. 8 live-content docs with pre-existing inst_084 debt (port/API-endpoint/ file-path exposures): docs/markdown/case-studies.md, technical-architecture, introduction-to-the-tractatus-framework, implementation-guide-v1.1, docs/plans/integrated-implementation-roadmap-2025, docs/governance/, docs/ANTHROPIC_, docs/GOVERNANCE_SERVICE_, docs/RESEARCH_DOCUMENTATION_, deployment-quickstart/. 8 live-content docs with pre-existing inst_016/017/018 debt: CHANGELOG.md, CONTRIBUTING.md, docs/LAUNCH_ANNOUNCEMENT, LAUNCH_CHECKLIST, PHASE_4_REPOSITORY_ANALYSIS, PHASE_6_SUMMARY, docs/plans/research-enhancement- roadmap-2025, docs/case-studies/pre-publication-audit-oct-2025. Also NOT in this commit (separate concerns): - scripts/add-inst-084-github-url-protection.js (detection-rule logic needs framework-level decision on post-migration semantics). - .claude/* (framework state). - docs/PRODUCTION_DOCUMENTS_EXPORT.json (DB dump). - package-lock.json (npm sponsor URLs, third-party). - .git/config embedded credentials (requires out-of-band rotation on both remote hosts + auth-strategy decision; user-action task). Context: today's EUPL-1.2 sweep closed the licence-text-content layer (`5c386d0d` / `6d49bfbf` / `ab0a6af4` / `4c1a26e8`). This commit starts closing the matching vendor-URL-content layer. Next: hygiene-first pass on the 16 live-content docs held back, then a second URL-flip pass on them. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-20 10:53:13 +12:00
TheFlow	fcf4a10370	docs(deployment): fix MongoDB credential placeholder in deployment guide - Removed example MongoDB connection string with password - Replaced with reference to MongoDB documentation for auth format - Complies with inst_069/070 credential exposure prevention 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-26 23:20:28 +13:00
TheFlow	3aae86edf9	feat(implementer): major page redesign with hook architecture and responsive diagrams ## Implementer Page Enhancements ### Hero Section Redesign - Changed title to "External Governance Services for AI Systems" - Added three value proposition cards (Architectural Separation, Instruction Persistence, Audit Trail) - Governance-compliant messaging (addresses vs prevents, designed to vs guarantees) - Mobile-responsive card layout ### New "How It Works" Section - Pattern Override Challenge explanation - External Architecture Approach - Request Flow with Governance diagram - SVG download links ### New "Hook Architecture" Section (Credibility Layer) - Architectural enforcement explanation - Four real enforcement examples: * inst_084 GitHub URL Protection * inst_008 CSP Compliance * inst_027 Governance file protection * BoundaryEnforcer values decisions - New hook-architecture.svg diagram showing PreToolUse flow - Process separation and exit code enforcement details ### Deployment Section Improvements - Removed broken "View Online" button - PDF-only deployment guide download - Simplified, cleaner presentation ### Responsive Diagrams - Created system-architecture-mobile.svg (400x600px simplified) - Created system-architecture-desktop.svg (full detail) - Picture element with media queries for responsive switching - Fixed request-flow-sequence.svg (restored from archive) ## Security & Governance ### inst_084 GitHub URL Modification Protocol - HARD BLOCK on GitHub URL changes without explicit approval - Prevents accidental private repository exposure - Implemented in both validate-file-edit.js and validate-file-write.js - Regex pattern matching for repository name changes - Detailed error messages with context ### Hook Validator Improvements - Fixed stderr output issue (console.log → console.error) - Added checkGitHubURLProtection() function - Enhanced error messaging for blocked actions ## Documentation ### New Deployment Guide - Created comprehensive 14KB markdown guide (docs/markdown/deployment-guide.md) - Generated 284KB PDF (public/docs/pdfs/deployment-guide.pdf) - Covers: local dev, production, Docker, K8s, AWS, GCP, monitoring, security - Removed MongoDB credential examples to comply with inst_069/070 ### Diagram Archive - Moved old diagrams to public/docs/diagrams/archive/ - Preserved deployment-architecture-old.svg - Preserved request-flow-sequence-old.svg - Preserved system-architecture-old.svg ## Cache & Version - Bumped version to 0.1.2 - Updated changelog with all implementer changes - forceUpdate: true for new diagrams and PDFs - minVersion: 0.1.4 ## Context This addresses user feedback on implementer.html from 2025-10-26: - Broken diagrams (404 errors, cut off at bottom) - Need for credibility layer (hook architecture) - GitHub URL security incident prevention - Mobile responsiveness issues - Deployment guide accessibility 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-26 23:14:22 +13:00

TheFlow

a4db3e62ec

chore(vendor-policy): sweep project-self GitHub URLs to Codeberg (partial)

CI / Run Tests (push) Waiting to run

Details

CI / Lint Code (push) Waiting to run

Details

CI / CSP Compliance Check (push) Waiting to run

Details

Addresses the documentation-layer gap after Phase A/B moved the git REMOTE from
GitHub to Codeberg but left ~100 project-self GitHub URLs embedded in markdown,
HTML, JS, and Python files. The remote-layer migration was generalised as
"GitHub is gone from the codebase" without verifying the content layer.

22 files swept in this commit. 27 additional files hold pre-existing inst_016/017/018
or inst_084 debt that would transfer on touch (hook whole-file scan). Those
await a companion hygiene-first commit before their GitHub->Codeberg flip
can land cleanly.

Sweep scope this commit:
  - README.md, SECURITY.md
  - 3 For-Claude-Web bundle files (GitHub URLs noted as "separate concern" in
    today's earlier licence-swap commits)
  - docs/markdown/deployment-guide.md
  - docs/AUTOMATED_SYNC_SETUP, PLURALISM_CHECKLIST, github/AGENT_LIGHTNING_README
  - docs/business-intelligence/governance-bi-tools
  - docs/outreach/EXECUTIVE-BRIEF-BI-GOVERNANCE (+ v2)
  - docs/research/ARCHITECTURAL-SAFEGUARDS-*
  - email-templates/README.md, base-template.html
  - 3 scripts/seed-*-blog-post.js (blog-seeding scripts)
  - scripts/upload-document.js
  - SESSION_HANDOFF_2025-10-23_FRAMEWORK_ANALYSIS.md
  - SECURITY_INCIDENT_POST_MORTEM_2025-10-21.md

Pattern swaps (longest-first):
  github.com/AgenticGovernance/tractatus-framework/issues -> codeberg.org/mysovereignty/tractatus-framework/issues
  github.com/AgenticGovernance/tractatus-framework/discussions -> .../issues (Codeberg has no discussions feature)
  github.com/AgenticGovernance/tractatus-framework.git -> codeberg.org/mysovereignty/tractatus-framework.git
  github.com/AgenticGovernance/tractatus-framework -> codeberg.org/mysovereignty/tractatus-framework
  git@github.com:AgenticGovernance/... -> git@codeberg.org:mysovereignty/...
  github.com/AgenticGovernance/tractatus (old org/repo path) -> codeberg.org/mysovereignty/tractatus-framework
  AgenticGovernance/tractatus-framework (bare) -> mysovereignty/tractatus-framework

Hook validator update (scripts/hook-validators/validate-credentials.js):
  PROTECTED_VALUES.github_org:  'AgenticGovernance'  -> 'mysovereignty'
  PROTECTED_VALUES.license:     'Apache License 2.0' -> EUPL-1.2 long form
  URL detection regex:          /github\.com\/.../   -> /codeberg\.org\/.../
  Placeholder checks + error messages updated to reflect Codeberg as
  authoritative post-migration host. Key names (e.g. `github_org`) retained
  for backward compatibility with validate-file-edit.js.

Held back from this commit (27 files total, documented reasons):

  11 historical session handoffs / closedown docs / incident reports
    (2025-10 through 2026-02) — modifying them rewrites the record to contain
    URLs that did not exist at the time of writing, AND ownership of their
    pre-existing inst_084 exposures transfers on touch.

  8 live-content docs with pre-existing inst_084 debt (port/API-endpoint/
    file-path exposures): docs/markdown/case-studies.md, technical-architecture,
    introduction-to-the-tractatus-framework, implementation-guide-v1.1,
    docs/plans/integrated-implementation-roadmap-2025, docs/governance/*,
    docs/ANTHROPIC_*, docs/GOVERNANCE_SERVICE_*, docs/RESEARCH_DOCUMENTATION_*,
    deployment-quickstart/*.

  8 live-content docs with pre-existing inst_016/017/018 debt:
    CHANGELOG.md, CONTRIBUTING.md, docs/LAUNCH_ANNOUNCEMENT, LAUNCH_CHECKLIST,
    PHASE_4_REPOSITORY_ANALYSIS, PHASE_6_SUMMARY, docs/plans/research-enhancement-
    roadmap-2025, docs/case-studies/pre-publication-audit-oct-2025.

  Also NOT in this commit (separate concerns):
  - scripts/add-inst-084-github-url-protection.js (detection-rule logic needs
    framework-level decision on post-migration semantics).
  - .claude/* (framework state).
  - docs/PRODUCTION_DOCUMENTS_EXPORT.json (DB dump).
  - package-lock.json (npm sponsor URLs, third-party).
  - .git/config embedded credentials (requires out-of-band rotation on both
    remote hosts + auth-strategy decision; user-action task).

Context: today's EUPL-1.2 sweep closed the licence-text-content layer
(5c386d0d / 6d49bfbf / ab0a6af4 / 4c1a26e8). This commit starts closing the
matching vendor-URL-content layer. Next: hygiene-first pass on the 16
live-content docs held back, then a second URL-flip pass on them.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-20 10:53:13 +12:00

TheFlow

fcf4a10370

docs(deployment): fix MongoDB credential placeholder in deployment guide

- Removed example MongoDB connection string with password
- Replaced with reference to MongoDB documentation for auth format
- Complies with inst_069/070 credential exposure prevention

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-26 23:20:28 +13:00

TheFlow

3aae86edf9

feat(implementer): major page redesign with hook architecture and responsive diagrams

## Implementer Page Enhancements

### Hero Section Redesign
- Changed title to "External Governance Services for AI Systems"
- Added three value proposition cards (Architectural Separation, Instruction Persistence, Audit Trail)
- Governance-compliant messaging (addresses vs prevents, designed to vs guarantees)
- Mobile-responsive card layout

### New "How It Works" Section
- Pattern Override Challenge explanation
- External Architecture Approach
- Request Flow with Governance diagram
- SVG download links

### New "Hook Architecture" Section (Credibility Layer)
- Architectural enforcement explanation
- Four real enforcement examples:
  * inst_084 GitHub URL Protection
  * inst_008 CSP Compliance
  * inst_027 Governance file protection
  * BoundaryEnforcer values decisions
- New hook-architecture.svg diagram showing PreToolUse flow
- Process separation and exit code enforcement details

### Deployment Section Improvements
- Removed broken "View Online" button
- PDF-only deployment guide download
- Simplified, cleaner presentation

### Responsive Diagrams
- Created system-architecture-mobile.svg (400x600px simplified)
- Created system-architecture-desktop.svg (full detail)
- Picture element with media queries for responsive switching
- Fixed request-flow-sequence.svg (restored from archive)

## Security & Governance

### inst_084 GitHub URL Modification Protocol
- HARD BLOCK on GitHub URL changes without explicit approval
- Prevents accidental private repository exposure
- Implemented in both validate-file-edit.js and validate-file-write.js
- Regex pattern matching for repository name changes
- Detailed error messages with context

### Hook Validator Improvements
- Fixed stderr output issue (console.log → console.error)
- Added checkGitHubURLProtection() function
- Enhanced error messaging for blocked actions

## Documentation

### New Deployment Guide
- Created comprehensive 14KB markdown guide (docs/markdown/deployment-guide.md)
- Generated 284KB PDF (public/docs/pdfs/deployment-guide.pdf)
- Covers: local dev, production, Docker, K8s, AWS, GCP, monitoring, security
- Removed MongoDB credential examples to comply with inst_069/070

### Diagram Archive
- Moved old diagrams to public/docs/diagrams/archive/
- Preserved deployment-architecture-old.svg
- Preserved request-flow-sequence-old.svg
- Preserved system-architecture-old.svg

## Cache & Version
- Bumped version to 0.1.2
- Updated changelog with all implementer changes
- forceUpdate: true for new diagrams and PDFs
- minVersion: 0.1.4

## Context
This addresses user feedback on implementer.html from 2025-10-26:
- Broken diagrams (404 errors, cut off at bottom)
- Need for credibility layer (hook architecture)
- GitHub URL security incident prevention
- Mobile responsiveness issues
- Deployment guide accessibility

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-26 23:14:22 +13:00

3 commits