john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
752 commits 1 branch 0 tags 125 MiB
Commit graph

5 commits

Author SHA1 Message Date
TheFlow
d3bf9849c8 fix(session-closedown): add session-specific content sections to prevent generic handoff docs 
PROBLEM:
Session closedown script was generating generic handoff documents that only
included framework stats and git file lists, with NO session-specific content
about what was actually accomplished, issues found, or next priorities.

This resulted in handoff documents saying only:
- "Review framework performance"
- "Continue development work"

While missing critical information like:
- Publication research completed (20 publications, NZ timezones)
- Launch strategy created (2-week compressed plan)
- Strategic decisions made (Caixin Global first, article variations)
- Critical bugs identified (docs.html language issues, blog-curation errors)
- Specific next session tasks (P0: fix docs.html, P1: fix blog-curation)

SOLUTION:
Added three mandatory sections to handoff document template:

1. 🎯 SESSION ACCOMPLISHMENTS
   - Major deliverables created
   - Strategic decisions made
   - Research & analysis completed
   - With examples and instructions to fill with actual content

2. 🚨 CRITICAL ISSUES IDENTIFIED
   - P0: Blockers (must fix before major work)
   - P1: High value (should fix soon)
   - P2: Nice-to-have (can defer)
   - With examples and instructions

3. 📋 NEXT SESSION PRIORITIES
   - Critical path (ordered tasks with time estimates)
   - Secondary tasks (if time permits)
   - Decision points (when to proceed vs. pivot)
   - With examples and instructions

SAFEGUARDS ADDED:
- Prominent warnings that sections must be manually filled
- Console warnings after document generation
- Completeness checklist at end of document
- Clear examples showing what should be documented

FILES CHANGED:
- scripts/session-closedown.js: Added template sections with instructions
- SESSION_CLOSEDOWN_2025-10-26_CORRECTED.md: Manual correction with actual content

This prevents future sessions from getting generic/useless handoff documents.

🤖 Generated with Claude Code (https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-26 09:44:23 +13:00
TheFlow
6e02150891 feat(governance): Phase 0 complete - 100% enforcement + defense coverage 
Phase 0 fixes completed before baseline collection:

1. Defense-in-Depth Layer 1 (.gitignore)
   - Added missing credential file patterns
   - *.pem, *.key, *.p12, *.pfx
   - credentials.json, secrets, *.secret
   - config/secrets.json, auth.json
   - Verification:  All critical patterns in .gitignore

2. Defense-in-Depth Layer 5 (Credential Rotation)
   - Created docs/CREDENTIAL_ROTATION_PROCEDURES.md
   - MongoDB password rotation procedures
   - API key rotation procedures
   - SSH/deployment key rotation
   - Git history credential removal
   - Emergency contact procedures
   - Verification:  Rotation procedures documented

3. inst_083 Enforcement Recognition
   - Updated scripts/audit-enforcement.js
   - Added inst_083: ['scripts/session-init.js']
   - Documents handoff auto-injection enforcement
   - Verification:  40/40 imperative instructions (100%)

4. Session-closedown Dev Server Protection
   - Fixed scripts/session-closedown.js
   - Added port 9000 check to prevent killing dev server
   - Prevents disruption during active development
   - Verification:  Dev server preserved during cleanup

Baseline Metrics Collected:

- Enforcement Coverage: 40/40 (100%)
- Defense-in-Depth: 5/5 layers (100%)
- Framework Activity: 1,204+ audit logs, 162 blocks
- Research data saved to docs/research-data/metrics/

Research Documentation Plan:

- Created docs/RESEARCH_DOCUMENTATION_DETAILED_PLAN.md
- 150+ granular tasks across 6 phases
- User decisions confirmed (Working Paper v0.1)
- Scope: Development-time governance only
- Author: John G Stroh
- Contact: research@agenticgovernance.digital
- Status: Phase 0 complete, ready for Phase 1

Results:

 100% enforcement coverage (architectural)
 100% defense-in-depth (all 5 layers)
 All 6 framework services operational
 Clean baseline established for research paper
 Dev server protection implemented

Next: Phase 1 (Metrics Gathering & Verification)

Related: inst_072 (defense-in-depth), inst_083 (handoff auto-injection)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-25 16:15:21 +13:00
TheFlow
35a2b05c6e feat(governance): integrate Wave 5 mechanisms into session lifecycle 
Enhanced session-init.js (3 new checks):
- Section 2b: Hook approval cache reset (inst_061)
  Clears stale session approvals on new session
- Section 8a: Defense-in-depth health check (inst_072)
  Verifies 5 credential protection layers on startup
- Section 8b: Dependency license check (inst_080)
  Ensures Apache 2.0 compatibility before work begins

Enhanced session-closedown.js (2 new summaries):
- Scope adjustment summary (inst_052)
  Reports scope changes made during session in handoff
- Hook approval summary (inst_061)
  Documents cached "don't ask again" approvals

Architecture:
- Session-scoped mechanisms now properly integrated
- Lifecycle enforcement ensures no state leakage between sessions
- Handoff documents now include complete session activity tracking

Related: Wave 5 (b570596) - 100% enforcement coverage

📊 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-25 14:15:12 +13:00
TheFlow
436ca56cb0 feat(governance): implement comprehensive enforcement architecture 
Completes enforcement implementation from ENFORCEMENT_AUDIT.md analysis:

 Implemented (6 enforcement mechanisms):
1. Token checkpoint monitoring (inst_075)
   - .claude/hooks/check-token-checkpoint.js
   - PostToolUse hook integration

2. Trigger word detection (inst_078, inst_082)
   - .claude/hooks/trigger-word-checker.js (already completed)
   - "ff" and "ffs" triggers architecturally enforced

3. Framework activity verification (inst_064)
   - Enhanced scripts/session-init.js with fade detection
   - Alerts when components stale >20 messages

4. Test requirement enforcement (inst_068)
   - Enhanced .git/hooks/pre-commit
   - Runs tests if test files exist for modified code
   - Blocks commits on test failures

5. Background process tracking (inst_023)
   - scripts/track-background-process.js
   - Integrated into session-init.js and session-closedown.js
   - Tracks persistent vs temporary processes

6. Security logging verification (inst_046)
   - scripts/verify-security-logging.js
   - Can be integrated into deployment workflow

7. Meta-enforcement monitoring system
   - scripts/audit-enforcement.js
   - Scans HIGH persistence instructions for imperatives
   - Reports enforcement gaps (currently 28/39 gaps)

🔒 Protection Added:
- inst_027: Hard block on instruction-history.json edits
- Conventional commit format enforcement (inst_066)
- CSP + test validation in pre-commit hook

📊 Current Enforcement Status:
- Baseline: 11/39 imperative instructions enforced (28%)
- Framework fade detection operational
- Token checkpoints architecturally monitored

🎯 Philosophy:
"If it's MANDATORY, it must be ENFORCED architecturally, not documented."

This addresses the root cause of voluntary compliance failures identified
when Claude missed "ffs" trigger and token checkpoints despite active
HIGH persistence instructions.

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-25 13:15:06 +13:00
TheFlow
8210876421 feat(blog): integrate Tractatus framework governance into blog publishing 
Implements architectural enforcement of governance rules (inst_016/017/018/079)
for all external communications. Publication blocked at API level if violations
detected.

New Features:
- Framework content checker script with pattern matching for prohibited terms
- Admin UI displays framework violations with severity indicators
- Manual "Check Framework" button for pre-publication validation
- API endpoint /api/blog/check-framework for real-time content analysis

Governance Rules Added:
- inst_078: "ff" trigger for manual framework invocation in conversations
- inst_079: Dark patterns prohibition (sovereignty principle)
- inst_080: Open source commitment enforcement (community principle)
- inst_081: Pluralism principle with indigenous framework recognition

Session Management:
- Fix session-init.js infinite loop (removed early return after tests)
- Add session-closedown.js for comprehensive session handoff
- Refactor check-csp-violations.js to prevent parent process exit

Framework Services:
- Enhanced PluralisticDeliberationOrchestrator with audit logging
- Updated all 6 services with consistent initialization patterns
- Added framework invocation scripts for blog content validation

Files: blog.controller.js:1211-1305, blog.routes.js:77-82,
blog-curation.html:61-72, blog-curation.js:320-446

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-25 08:47:31 +13:00