john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
921 commits 1 branch 0 tags 125 MiB
Commit graph

7 commits

Author SHA1 Message Date
TheFlow
8688a063e7 feat: refresh landing page — What's New section, Guardian Agents, updated timeline 
Landing page restructured:
- New "What's New" section after hero (philosophy article, Guardian Agents, beta pilot)
- Problem section condensed (27027 story kept, corollary collapsed to summary)
- Guardian Agents featured prominently in architecture section with 4-phase grid
- Production Evidence updated: 4 stats including Guardian verification phases, 17 months
- Timeline extended to Mar 2026 (steering vectors, Guardian Agents, beta)
- Deploy script improved: CSP check, automated health check, file count verification

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-13 13:57:56 +13:00
TheFlow
d7b06a44e0 feat: add --yes flag for non-interactive deployment 
Adds --yes flag to deployment script to support automated/non-interactive deployments.

Changes:
- Added AUTO_YES flag parsing
- Modified all read -p prompts to check AUTO_YES flag
- Auto-confirms all prompts when --yes is used
- Maintains interactive behavior by default

Usage: ./scripts/deploy.sh --yes

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-04 06:50:17 +13:00
TheFlow
f42a6b0bcc fix: add automatic nginx reload to deployment script 
PERMANENT FIX for cache invalidation issues:
- Automatically reload nginx after every deployment
- Clears all server-side caches immediately
- Prevents stale content being served
- No more manual cache clearing needed

This resolves recurring deployment cache issues.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-03 13:09:50 +13:00
TheFlow
3cb643ddeb fix(deployment): frontend-only mode now only checks public/ for uncommitted changes 
- Frontend-only deployments no longer blocked by .claude/ session files
- Full deployments still check all files for uncommitted changes
- Allows deploying public/ changes without committing backend session state

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-26 23:22:40 +13:00
TheFlow
35348e3a8e feat(governance): third wave enforcement - 22% improvement (46% → 56%) 
Implements 4 additional architectural enforcement mechanisms:

 All Command Detection (inst_040) - .claude/hooks/all-command-detector.js
 Deployment Structure Validation (inst_025) - scripts/verify-deployment-structure.js
 File Permissions Check (inst_020_CONSOLIDATED) - scripts/check-file-permissions.js
 Environment Variable Standards (inst_026) - scripts/check-env-var-standards.js

📊 Progress: 22/39 enforced (56%), +4 from wave 2, 17 gaps remaining

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-25 13:38:18 +13:00
TheFlow
65b2c80be3 feat(governance): second wave enforcement - 64% improvement (28% → 46%) 
Implements 7 additional architectural enforcement mechanisms:

 Prohibited Terms Detection (inst_016/017/018):
- scripts/check-prohibited-terms.js
- Scans for absolute assurance terms ("guarantee", "100% secure")
- Detects maturity claims without evidence ("production-ready", "battle-tested")
- Checks statistics require citation or [NEEDS VERIFICATION]
- Integrated into .git/hooks/pre-commit (Check 2)

 Credential Exposure Prevention (inst_069/070):
- scripts/check-credential-exposure.js
- Detects real API keys, secrets, passwords in documentation
- Validates example credentials use proper patterns (EXAMPLE/REDACTED)
- CRITICAL: Runs first in pre-commit (Check 0)

 Confidential Document Protection (inst_012/015):
- scripts/check-confidential-docs.js
- Prevents deployment of internal/session-handoff documents
- Scans filenames and content for [CONFIDENTIAL]/[INTERNAL] markers
- Integrated into scripts/deploy.sh pre-flight checks

 Enhanced Pre-Commit Hook:
Now runs 4 checks in order:
0. Credential exposure (CRITICAL)
1. CSP compliance
2. Prohibited terms
3. Test requirements

 Enhanced Deployment Script:
- Added confidential document check to deploy.sh
- Scans public/ and docs/ before deployment
- Blocks deployment if confidential markers found

 Updated Enforcement Map:
- Added all new mechanisms to audit-enforcement.js
- Updated inst_008_CONSOLIDATED mapping
- New mappings: inst_012, inst_015, inst_016, inst_017, inst_018, inst_069, inst_070

📊 Enforcement Progress:
- Wave 1: 11/39 imperative instructions enforced (28%)
- Wave 2: 18/39 imperative instructions enforced (46%)
- Improvement: +7 instructions = +64% increase
- Remaining gaps: 21/39 (54%)

🎯 Next Priority Gaps:
- inst_013/043/045: API security validation
- inst_019: Context pressure comprehensive accounting
- inst_025: Deployment file mapping
- inst_039/040: Batch operation verification
- inst_079/080/081: Values/principles (process-based)

🔒 Security Posture:
- CRITICAL security checks now run first (credential exposure)
- All text files scanned before commit
- All deployment candidates scanned before rsync

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-25 13:26:33 +13:00
TheFlow
dd502eef65 feat(deployment): add unified deployment script with auto-commit cache versioning 
Replaces awkward deployment workflow with streamlined process:

 Before:
  1. Deploy script detects JS changes
  2. Runs update-cache-version.js
  3. Creates uncommitted changes
  4. Prompts user to cancel/commit/re-run
  5. Manual loop required

 After:
  1. Deploy script detects JS changes
  2. Runs update-cache-version.js
  3. Auto-commits cache changes
  4. Continues to deployment
  5. Done

Features:
- Unified script (scripts/deploy.sh) replaces two separate scripts
- Auto-commit cache version changes (no manual loops)
- Flags: --frontend-only, --force-cache, --restart, --dry-run
- Security: preserves .rsyncignore exclusions
- Validation: checks local server, git status, dry-run preview

Migration:
- OLD: ./scripts/deploy-full-project-SAFE.sh
  NEW: ./scripts/deploy.sh
- OLD: ./scripts/deploy-frontend.sh
  NEW: ./scripts/deploy.sh --frontend-only

Changes:
- Added: scripts/deploy.sh (unified deployment script)
- Modified: scripts/deploy-frontend.sh (deprecated with migration notice)
- Updated: CLAUDE.md (new deployment workflow documentation)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-25 09:20:05 +13:00