john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
940 commits 1 branch 0 tags 128 MiB
Commit graph

7 commits

Author SHA1 Message Date
TheFlow
a4db3e62ec chore(vendor-policy): sweep project-self GitHub URLs to Codeberg (partial)
Some checks are pending
CI / Run Tests (push) Waiting to run
Details
CI / Lint Code (push) Waiting to run
Details
CI / CSP Compliance Check (push) Waiting to run
Details 
Addresses the documentation-layer gap after Phase A/B moved the git REMOTE from
GitHub to Codeberg but left ~100 project-self GitHub URLs embedded in markdown,
HTML, JS, and Python files. The remote-layer migration was generalised as
"GitHub is gone from the codebase" without verifying the content layer.

22 files swept in this commit. 27 additional files hold pre-existing inst_016/017/018
or inst_084 debt that would transfer on touch (hook whole-file scan). Those
await a companion hygiene-first commit before their GitHub->Codeberg flip
can land cleanly.

Sweep scope this commit:
  - README.md, SECURITY.md
  - 3 For-Claude-Web bundle files (GitHub URLs noted as "separate concern" in
    today's earlier licence-swap commits)
  - docs/markdown/deployment-guide.md
  - docs/AUTOMATED_SYNC_SETUP, PLURALISM_CHECKLIST, github/AGENT_LIGHTNING_README
  - docs/business-intelligence/governance-bi-tools
  - docs/outreach/EXECUTIVE-BRIEF-BI-GOVERNANCE (+ v2)
  - docs/research/ARCHITECTURAL-SAFEGUARDS-*
  - email-templates/README.md, base-template.html
  - 3 scripts/seed-*-blog-post.js (blog-seeding scripts)
  - scripts/upload-document.js
  - SESSION_HANDOFF_2025-10-23_FRAMEWORK_ANALYSIS.md
  - SECURITY_INCIDENT_POST_MORTEM_2025-10-21.md

Pattern swaps (longest-first):
  github.com/AgenticGovernance/tractatus-framework/issues -> codeberg.org/mysovereignty/tractatus-framework/issues
  github.com/AgenticGovernance/tractatus-framework/discussions -> .../issues (Codeberg has no discussions feature)
  github.com/AgenticGovernance/tractatus-framework.git -> codeberg.org/mysovereignty/tractatus-framework.git
  github.com/AgenticGovernance/tractatus-framework -> codeberg.org/mysovereignty/tractatus-framework
  git@github.com:AgenticGovernance/... -> git@codeberg.org:mysovereignty/...
  github.com/AgenticGovernance/tractatus (old org/repo path) -> codeberg.org/mysovereignty/tractatus-framework
  AgenticGovernance/tractatus-framework (bare) -> mysovereignty/tractatus-framework

Hook validator update (scripts/hook-validators/validate-credentials.js):
  PROTECTED_VALUES.github_org:  'AgenticGovernance'  -> 'mysovereignty'
  PROTECTED_VALUES.license:     'Apache License 2.0' -> EUPL-1.2 long form
  URL detection regex:          /github\.com\/.../   -> /codeberg\.org\/.../
  Placeholder checks + error messages updated to reflect Codeberg as
  authoritative post-migration host. Key names (e.g. `github_org`) retained
  for backward compatibility with validate-file-edit.js.

Held back from this commit (27 files total, documented reasons):

  11 historical session handoffs / closedown docs / incident reports
    (2025-10 through 2026-02) — modifying them rewrites the record to contain
    URLs that did not exist at the time of writing, AND ownership of their
    pre-existing inst_084 exposures transfers on touch.

  8 live-content docs with pre-existing inst_084 debt (port/API-endpoint/
    file-path exposures): docs/markdown/case-studies.md, technical-architecture,
    introduction-to-the-tractatus-framework, implementation-guide-v1.1,
    docs/plans/integrated-implementation-roadmap-2025, docs/governance/*,
    docs/ANTHROPIC_*, docs/GOVERNANCE_SERVICE_*, docs/RESEARCH_DOCUMENTATION_*,
    deployment-quickstart/*.

  8 live-content docs with pre-existing inst_016/017/018 debt:
    CHANGELOG.md, CONTRIBUTING.md, docs/LAUNCH_ANNOUNCEMENT, LAUNCH_CHECKLIST,
    PHASE_4_REPOSITORY_ANALYSIS, PHASE_6_SUMMARY, docs/plans/research-enhancement-
    roadmap-2025, docs/case-studies/pre-publication-audit-oct-2025.

  Also NOT in this commit (separate concerns):
  - scripts/add-inst-084-github-url-protection.js (detection-rule logic needs
    framework-level decision on post-migration semantics).
  - .claude/* (framework state).
  - docs/PRODUCTION_DOCUMENTS_EXPORT.json (DB dump).
  - package-lock.json (npm sponsor URLs, third-party).
  - .git/config embedded credentials (requires out-of-band rotation on both
    remote hosts + auth-strategy decision; user-action task).

Context: today's EUPL-1.2 sweep closed the licence-text-content layer
(5c386d0d / 6d49bfbf / ab0a6af4 / 4c1a26e8). This commit starts closing the
matching vendor-URL-content layer. Next: hygiene-first pass on the 16
live-content docs held back, then a second URL-flip pass on them.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-20 10:53:13 +12:00
TheFlow
2298d36bed fix(submissions): restructure Economist package and fix article display 
- Create Economist SubmissionTracking package correctly:
  * mainArticle = full blog post content
  * coverLetter = 216-word SIR— letter
  * Links to blog post via blogPostId
- Archive 'Letter to The Economist' from blog posts (it's the cover letter)
- Fix date display on article cards (use published_at)
- Target publication already displaying via blue badge

Database changes:
- Make blogPostId optional in SubmissionTracking model
- Economist package ID: 68fa85ae49d4900e7f2ecd83
- Le Monde package ID: 68fa2abd2e6acd5691932150

Next: Enhanced modal with tabs, validation, export

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-24 08:47:42 +13:00
TheFlow
1c9892d3fe fix(scripts): remove 95 accidentally published internal scripts 
CRITICAL FIX: Phase 8 commit accidentally added all internal scripts to public repo

In previous commit (6efeca2), git add scripts/ added ALL internal scripts instead of
just removing the 2 project-specific scripts. This exposed internal project code.

REMOVED (95 internal scripts):
- add-*, fix-*, generate-*, migrate-*, seed-*, update-* (document/website scripts)
- import-*, load-*, query-*, verify-* (database scripts)
- audit-*, check-*, validate-* (internal validation scripts)
- archive-*, compare-*, cleanup-* (maintenance scripts)
- monitoring/* (server monitoring scripts)
- sync-instructions-to-db.js, sync-to-public.sh (internal sync scripts)
- install-*, init-koha.js, mongodb-tractatus.service (deployment scripts)

KEPT (1 script):
- scripts/clean-test-db.js (generic test database cleaner)

RESULT: Only framework-relevant scripts remain in public repo

🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-21 22:19:16 +13:00
TheFlow
2af47035ac refactor: remove website code and fix critical startup crashes (Phase 8) 
CRITICAL FIX: Server would CRASH ON STARTUP (multiple import errors)

REMOVED (2 scripts):
1. scripts/framework-watchdog.js
   - Monitored .claude/session-state.json (OUR Claude Code setup)
   - Monitored .claude/token-checkpoints.json (OUR file structure)
   - Implementers won't have our .claude/ directory

2. scripts/init-db.js
   - Created website collections: blog_posts, media_inquiries, case_submissions
   - Created website collections: resources, moderation_queue, users, citations
   - Created website collections: translations, koha_donations
   - Next steps referenced deleted scripts (npm run seed:admin)

REWRITTEN (2 files):

src/models/index.js (29 lines → 27 lines)
- REMOVED imports: Document, BlogPost, MediaInquiry, CaseSubmission, Resource
- REMOVED imports: ModerationQueue, User (all deleted in Phase 2)
- KEPT imports: AuditLog, DeliberationSession, GovernanceLog, GovernanceRule
- KEPT imports: Precedent, Project, SessionState, VariableValue, VerificationLog
- Result: Only framework models exported

src/server.js (284 lines → 163 lines, 43% reduction)
- REMOVED: Imports to deleted middleware (csrf-protection, response-sanitization)
- REMOVED: Stripe webhook handling (/api/koha/webhook)
- REMOVED: Static file caching (for deleted public/ directory)
- REMOVED: Static file serving (public/ deleted in Phase 6)
- REMOVED: CSRF token endpoint
- REMOVED: Website homepage with "auth, documents, blog, admin" references
- REMOVED: Instruction sync (scripts/sync-instructions-to-db.js reference)
- REMOVED: Hardcoded log path (${process.env.HOME}/var/log/tractatus/...)
- REMOVED: Website-specific security middleware
- KEPT: Security headers, rate limiting, CORS, body parsers
- KEPT: API routes, governance services, MongoDB connections
- RESULT: Clean framework-only server

RESULT: Repository can now start without crashes, all imports resolve

🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-21 22:17:02 +13:00
TheFlow
0dd4a5f6c8 refactor: reduce public repo to minimal implementation-only resource 
REMOVED: 267 non-implementation files (51% reduction)

Categories removed:
- Research documents & case studies (35 files)
- Planning/internal development docs (28 files)
- Website pages & assets (93 files - this is framework code, not website code)
- Audit reports (6 files)
- Non-essential admin UI (11 files)
- Markdown content duplicates (10 files)
- Internal development scripts (96 files)
- Internal setup docs (2 files)

RETAINED: 253 implementation-focused files
- Core framework services (src/)
- Test suite (tests/)
- API documentation (docs/api/)
- Deployment quickstart guide
- Essential admin UI (rule manager, dashboard, hooks dashboard)
- Architecture decision records
- Configuration files

PURPOSE: Public repo is now focused exclusively on developers
implementing Tractatus, not researchers studying it or users visiting
the website. All background/research content available at
https://agenticgovernance.digital

🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-21 21:09:34 +13:00
TheFlow
5da31237b6 fix(values): remove prohibited 'guarantee' language from user-facing content 
VIOLATION: Using absolute assurance language violates inst_017
- README.md: "architectural AI safety guarantees" → "enforcement"
- README.md: "guarantees transparency" → "provides transparency"
- public/index.html meta: "guarantees" → "enforcement"
- public/about.html CTA: "architectural guarantees" → "constraints"
- public/js/components/footer.js: "guarantees" → "enforcement"
- public/js/faq.js (5 instances): "guarantees" → "enforcement/constraints"
- public/locales/en/*.json (3 files): "guarantees" → "enforcement/constraints"
- scripts/seed-first-blog-post.js: "safety guarantees" → "safety constraints"

RESULT: All user-facing "guarantee" language removed
- Production website now compliant with inst_017
- No absolute assurance claims in public content
- Framework documentation still pending (hook blocked markdown edits)

🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-21 15:19:25 +13:00
TheFlow
29fa3956f9 feat: newsletter modal and deployment script enhancements 
**Newsletter Modal Implementation**:
- Added modal subscription forms to blog pages
- Improved UX with dedicated modal instead of anchor links
- Location: public/blog.html, public/blog-post.html

**Blog JavaScript Enhancements**:
- Enhanced blog.js and blog-post.js with modal handling
- Newsletter form submission logic
- Location: public/js/blog.js, public/js/blog-post.js

**Deployment Script Improvements**:
- Added pre-deployment checks (server running, version parameters)
- Enhanced visual feedback with status indicators (✓/✗/⚠)
- Version parameter staleness detection
- Location: scripts/deploy-full-project-SAFE.sh

**Demo Page Cleanup**:
- Minor refinements to demo pages
- Location: public/demos/*.html

**Routes Enhancement**:
- Newsletter route additions
- Location: src/routes/index.js

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-14 13:11:46 +13:00