# Tractatus Framework - Governance Rule Library **Document Type:** Implementation Reference **Created:** 2025-10-11 **Audience:** Implementers, Developers **Status:** Public --- ## Purpose This library provides **10 real-world governance rule examples** to help implementers understand how the Tractatus framework classifies, validates, and enforces instructions across different project contexts. **Use Cases:** - Understanding quadrant classification - Learning persistence level assignment - Implementing rule validation systems - Building governance-aware AI assistants - Testing boundary enforcement logic --- ## JSON Schema All governance rules follow this schema: ```json { "$schema": "http://json-schema.org/draft-07/schema#", "title": "GovernanceRule", "type": "object", "required": ["id", "text", "quadrant", "persistence", "temporal_scope", "active"], "properties": { "id": { "type": "string", "pattern": "^inst_[0-9]+$", "description": "Unique identifier (inst_001, inst_002, etc.)" }, "text": { "type": "string", "minLength": 10, "maxLength": 2000, "description": "The instruction text in imperative form" }, "timestamp": { "type": "string", "format": "date-time", "description": "ISO 8601 timestamp when instruction was created" }, "quadrant": { "type": "string", "enum": ["STRATEGIC", "OPERATIONAL", "TACTICAL", "SYSTEM", "STOCHASTIC"], "description": "Tractatus classification quadrant" }, "persistence": { "type": "string", "enum": ["HIGH", "MEDIUM", "LOW", "VARIABLE"], "description": "How long this instruction should persist" }, "temporal_scope": { "type": "string", "enum": ["PERMANENT", "PROJECT", "PHASE", "SESSION", "TRANSIENT"], "description": "Temporal longevity of the instruction" }, "verification_required": { "type": "string", "enum": ["MANDATORY", "REQUIRED", "OPTIONAL", "NONE"], "description": "Level of human oversight required" }, "explicitness": { "type": "number", "minimum": 0.0, "maximum": 1.0, "description": "How explicit/clear the instruction is (0.0-1.0)" }, "source": { "type": "string", "enum": ["user", "system", "framework_default", "migration", "automated"], "description": "Origin of the instruction" }, "session_id": { "type": "string", "description": "Session that created this instruction" }, "parameters": { "type": "object", "description": "Extracted parameters (ports, paths, configs, etc.)" }, "active": { "type": "boolean", "description": "Whether this instruction is currently enforced" }, "notes": { "type": "string", "description": "Context, rationale, or incident details" } } } ``` --- ## Example 1: SYSTEM Quadrant - Database Configuration **Context:** Infrastructure setup during project initialization ```json { "id": "inst_001", "text": "MongoDB runs on port 27017 for project_db database", "timestamp": "2025-01-15T14:00:00Z", "quadrant": "SYSTEM", "persistence": "HIGH", "temporal_scope": "PROJECT", "verification_required": "MANDATORY", "explicitness": 0.90, "source": "user", "session_id": "2025-01-15-initial-setup", "parameters": { "port": "27017", "database": "project_db", "service": "mongodb" }, "active": true, "notes": "Infrastructure decision from project initialization" } ``` **Why SYSTEM?** Defines infrastructure/environment configuration **Why HIGH persistence?** Core infrastructure rarely changes **Why MANDATORY verification?** Database changes affect entire system --- ## Example 2: STRATEGIC Quadrant - Project Isolation **Context:** Preventing code/data contamination between projects ```json { "id": "inst_003", "text": "This is a separate project from project_alpha and project_beta - no shared code or data", "timestamp": "2025-01-15T14:00:00Z", "quadrant": "STRATEGIC", "persistence": "HIGH", "temporal_scope": "PERMANENT", "verification_required": "MANDATORY", "explicitness": 0.95, "source": "user", "session_id": "2025-01-15-initial-setup", "parameters": {}, "active": true, "notes": "Critical project isolation requirement" } ``` **Why STRATEGIC?** Defines project mission and scope boundaries **Why PERMANENT?** Fundamental project constraint **Why HIGH persistence?** Violating this would compromise integrity --- ## Example 3: STRATEGIC Quadrant - Quality Standards **Context:** Setting quality expectations for all development work ```json { "id": "inst_004", "text": "No shortcuts, no placeholder data, production-quality code required", "timestamp": "2025-01-15T14:00:00Z", "quadrant": "STRATEGIC", "persistence": "HIGH", "temporal_scope": "PERMANENT", "verification_required": "MANDATORY", "explicitness": 0.88, "source": "user", "session_id": "2025-01-15-initial-setup", "parameters": {}, "active": true, "notes": "Quality standard for all work" } ``` **Why STRATEGIC?** Defines values and quality philosophy **Why PERMANENT?** Core project principle **Why HIGH persistence?** Applies to every development decision --- ## Example 4: OPERATIONAL Quadrant - Framework Usage **Context:** Requiring active use of governance framework in all sessions ```json { "id": "inst_007", "text": "Use Tractatus governance framework actively in all sessions", "timestamp": "2025-01-20T09:15:00Z", "quadrant": "OPERATIONAL", "persistence": "HIGH", "temporal_scope": "PROJECT", "verification_required": "MANDATORY", "explicitness": 0.98, "source": "user", "session_id": "2025-01-20-governance-activation", "parameters": { "components": ["pressure_monitor", "classifier", "cross_reference", "boundary_enforcer"], "verbosity": "summary" }, "active": true, "notes": "Framework activation - required for all sessions" } ``` **Why OPERATIONAL?** Defines how work should be done **Why HIGH persistence?** Process requirement for entire project **Why MANDATORY verification?** Framework failures must be caught --- ## Example 5: SYSTEM Quadrant - Security Policy (CSP) **Context:** Preventing Content Security Policy violations ```json { "id": "inst_008", "text": "ALWAYS comply with Content Security Policy (CSP) - no inline event handlers, no inline scripts", "timestamp": "2025-01-22T19:30:00Z", "quadrant": "SYSTEM", "persistence": "HIGH", "temporal_scope": "PERMANENT", "verification_required": "MANDATORY", "explicitness": 1.0, "source": "user", "session_id": "2025-01-22-security-audit", "parameters": { "csp_policy": "script-src 'self'", "violations_forbidden": ["onclick", "onload", "inline-script", "javascript:"], "alternatives_required": ["addEventListener", "external-scripts"] }, "active": true, "notes": "CRITICAL SECURITY REQUIREMENT - Framework should catch CSP violations before deployment" } ``` **Why SYSTEM?** Security configuration constraint **Why PERMANENT?** Security requirements don't expire **Why MANDATORY verification?** CSP violations break production --- ## Example 6: TACTICAL Quadrant - Temporary Deferral **Context:** Deferring non-critical features to later phases ```json { "id": "inst_009", "text": "Defer email services and payment processing to Phase 2", "timestamp": "2025-01-25T00:00:00Z", "quadrant": "TACTICAL", "persistence": "MEDIUM", "temporal_scope": "SESSION", "verification_required": "OPTIONAL", "explicitness": 0.95, "source": "user", "session_id": "2025-01-25-phase-1-focus", "parameters": { "deferred_tasks": ["email_service", "payment_processing"] }, "active": true, "notes": "Prioritization directive - focus on core features first" } ``` **Why TACTICAL?** Specific implementation prioritization **Why MEDIUM persistence?** Only relevant for current phase **Why SESSION scope?** May change in next session based on progress --- ## Example 7: STRATEGIC Quadrant - Honesty Requirement (inst_016) **Context:** Preventing fabricated statistics in public content ```json { "id": "inst_016", "text": "NEVER fabricate statistics, cite non-existent data, or make claims without verifiable evidence. ALL statistics, ROI figures, performance metrics, and quantitative claims MUST either cite sources OR be marked [NEEDS VERIFICATION] for human review.", "timestamp": "2025-02-01T00:00:00Z", "quadrant": "STRATEGIC", "persistence": "HIGH", "temporal_scope": "PERMANENT", "verification_required": "MANDATORY", "explicitness": 1.0, "source": "user", "session_id": "2025-02-01-content-standards", "parameters": { "prohibited_actions": ["fabricating_statistics", "inventing_data", "citing_non_existent_sources"], "required_for_statistics": ["source_citation", "verification_flag", "human_approval"], "applies_to": ["marketing_content", "public_pages", "documentation", "presentations"], "boundary_enforcer_trigger": "ANY statistic or quantitative claim", "failure_mode": "Values violation - honesty and transparency" }, "active": true, "notes": "CRITICAL VALUES REQUIREMENT - Learned from framework failure where AI fabricated statistics" } ``` **Why STRATEGIC?** Core values (honesty, transparency) **Why PERMANENT?** Fundamental ethical constraint **Why MANDATORY verification?** Fabricated data destroys credibility --- ## Example 8: STRATEGIC Quadrant - Absolute Assurance Detection (inst_017) **Context:** Preventing unrealistic guarantees in public claims ```json { "id": "inst_017", "text": "NEVER use prohibited absolute assurance terms: 'guarantee', 'guaranteed', 'ensures 100%', 'eliminates all', 'never fails'. Use evidence-based language: 'designed to reduce', 'helps mitigate', 'reduces risk of'.", "timestamp": "2025-02-01T00:00:00Z", "quadrant": "STRATEGIC", "persistence": "HIGH", "temporal_scope": "PERMANENT", "verification_required": "MANDATORY", "explicitness": 1.0, "source": "user", "session_id": "2025-02-01-content-standards", "parameters": { "prohibited_terms": ["guarantee", "guaranteed", "ensures 100%", "eliminates all", "never fails", "always works"], "approved_alternatives": ["designed to reduce", "helps mitigate", "reduces risk of", "intended to minimize"], "boundary_enforcer_trigger": "ANY absolute assurance language", "replacement_required": true }, "active": true, "notes": "CRITICAL VALUES REQUIREMENT - No AI safety framework can guarantee outcomes" } ``` **Why STRATEGIC?** Values (honesty, realistic expectations) **Why PERMANENT?** Fundamental communication constraint **Why MANDATORY verification?** False guarantees undermine trust --- ## Example 9: OPERATIONAL Quadrant - Context Monitoring Enhancement **Context:** Improving session pressure detection ```json { "id": "inst_019", "text": "ContextPressureMonitor MUST account for total context window consumption, not just response token counts. Tool results (file reads, grep outputs) can consume massive context. Track: response tokens, user messages, tool result sizes, system overhead.", "timestamp": "2025-02-05T23:45:00Z", "quadrant": "OPERATIONAL", "persistence": "HIGH", "temporal_scope": "PROJECT", "verification_required": "MANDATORY", "explicitness": 1.0, "source": "user", "session_id": "2025-02-05-monitoring-enhancement", "parameters": { "current_limitation": "underestimates_actual_context", "missing_metrics": ["tool_result_sizes", "system_prompt_overhead", "function_schema_overhead"], "required_tracking": { "response_tokens": "current tracking", "user_messages": "current tracking", "tool_results": "NEW - size estimation needed", "system_overhead": "NEW - approximate 5k tokens" }, "enhancement_phase": ["Phase 4", "Phase 6"], "priority": "MEDIUM" }, "active": true, "notes": "Framework improvement - current monitor underestimates actual context consumption" } ``` **Why OPERATIONAL?** Process improvement directive **Why HIGH persistence?** Applies until enhancement implemented **Why PROJECT scope?** Specific to this project's monitoring --- ## Example 10: SYSTEM Quadrant - Deployment Permissions **Context:** Preventing file permission errors in web deployments ```json { "id": "inst_020", "text": "Web application deployments MUST ensure correct file permissions before going live. Public-facing directories need 755 permissions (world-readable+executable), static files need 644 permissions (world-readable).", "timestamp": "2025-02-10T02:20:00Z", "quadrant": "SYSTEM", "persistence": "HIGH", "temporal_scope": "PROJECT", "verification_required": "MANDATORY", "explicitness": 1.0, "source": "system", "session_id": "2025-02-10-deployment-fix", "parameters": { "directory_permissions": "755", "file_permissions": "644", "directories_requiring_755": ["/public", "/public/admin", "/public/js", "/public/css"], "deployment_check": "stat -c '%a %n' /path/to/public/* | grep -v '755\\|644'", "prevention": "Add to deployment scripts or CI/CD pipeline" }, "active": true, "notes": "DEPLOYMENT ISSUE - Directories had 0700 permissions, causing nginx 403 Forbidden errors" } ``` **Why SYSTEM?** Infrastructure/deployment configuration **Why HIGH persistence?** Applies to all future deployments **Why MANDATORY verification?** Wrong permissions break production --- ## Quadrant Distribution Summary | Quadrant | Count | Examples | |----------|-------|----------| | **STRATEGIC** | 4 | Project isolation, quality standards, honesty requirements, assurance detection | | **OPERATIONAL** | 2 | Framework usage, context monitoring | | **TACTICAL** | 1 | Feature deferral | | **SYSTEM** | 3 | Database config, CSP security, deployment permissions | | **STOCHASTIC** | 0 | (No exploratory rules in this library) | --- ## Persistence Distribution | Level | Count | Description | |-------|-------|-------------| | **HIGH** | 9 | Long-lasting, foundational instructions | | **MEDIUM** | 1 | Medium-term, phase-specific guidance | | **LOW** | 0 | (None in this library) | --- ## Temporal Scope Distribution | Scope | Count | Description | |-------|-------|-------------| | **PERMANENT** | 6 | Never expires (values, security, quality) | | **PROJECT** | 3 | Lasts for entire project lifecycle | | **PHASE** | 0 | (None in this library) | | **SESSION** | 1 | Relevant for specific session/phase | --- ## Common Patterns ### 1. Security Instructions **Characteristics:** - Quadrant: SYSTEM - Persistence: HIGH - Temporal Scope: PERMANENT - Verification: MANDATORY - Explicitness: 1.0 **Examples:** inst_008 (CSP), inst_012 (sensitive data), inst_013 (API exposure) --- ### 2. Values/Ethics Instructions **Characteristics:** - Quadrant: STRATEGIC - Persistence: HIGH - Temporal Scope: PERMANENT - Verification: MANDATORY - Boundary Enforcer: VALUES boundary **Examples:** inst_016 (honesty), inst_017 (absolute assurances), inst_005 (human approval) --- ### 3. Infrastructure Configuration **Characteristics:** - Quadrant: SYSTEM - Persistence: HIGH - Temporal Scope: PROJECT or PERMANENT - Parameters: Ports, paths, service names - Verification: MANDATORY **Examples:** inst_001 (database), inst_002 (app port), inst_020 (file permissions) --- ### 4. Process/Workflow Directives **Characteristics:** - Quadrant: OPERATIONAL - Persistence: HIGH - Temporal Scope: PROJECT - Defines "how work should be done" **Examples:** inst_007 (framework usage), inst_019 (monitoring enhancement) --- ## Implementation Guidance ### For AI Assistants **When receiving a new instruction:** 1. **Classify** using InstructionPersistenceClassifier - Determine quadrant (STR/OPS/TAC/SYS/STO) - Assign persistence (HIGH/MEDIUM/LOW) - Set temporal scope (PERMANENT/PROJECT/PHASE/SESSION) 2. **Validate** using CrossReferenceValidator - Check for conflicts with existing instructions - Verify compatibility with project constraints - Flag if resolution requires human judgment 3. **Enforce** using BoundaryEnforcer - Check if instruction crosses philosophical boundaries - Verify if values-sensitive (requires human approval) - Block if violates inst_016, inst_017, inst_018 4. **Store** in persistent database - MongoDB, PostgreSQL, or similar - Include all metadata (timestamp, session, parameters) - Mark as active 5. **Apply** in decision-making - HIGH persistence: Apply to all future decisions - MEDIUM persistence: Apply within current phase - LOW persistence: Apply within current session --- ### For Developers **Building a governance system:** ```javascript // 1. Load active instructions at session start const rules = await db.governanceRules.find({ active: true }); // 2. Filter by persistence level const highPersistence = rules.filter(r => r.persistence === 'HIGH'); // 3. Check for conflicts before adding new rule const conflicts = await validator.checkConflicts(newRule, rules); // 4. Enforce boundaries before sensitive actions const enforcement = enforcer.enforce({ type: 'content_generation', description: 'This framework guarantees 100% safety' }); if (!enforcement.allowed) { console.error(`Boundary violated: ${enforcement.boundary}`); // Escalate to human } // 5. Update session state await updateSessionState({ activeInstructions: rules.length, pressureLevel: monitor.analyzePressure(context) }); ``` --- ## JSON Schema Validation Example ```javascript const Ajv = require('ajv'); const ajv = new Ajv(); const governanceRuleSchema = { // ... schema from above ... }; const validate = ajv.compile(governanceRuleSchema); const rule = { id: "inst_001", text: "MongoDB runs on port 27017", quadrant: "SYSTEM", persistence: "HIGH", temporal_scope: "PROJECT", active: true }; const valid = validate(rule); if (!valid) { console.error(validate.errors); } ``` --- ## Related Documents - **BENCHMARK-SUITE-RESULTS.md** - Test coverage for governance services - **docs/governance/TRA-VAL-0001-core-values-principles-v1-0.md** - Core values framework - **docs/api/RULES_API.md** - API documentation for rule management - **docs/research/architectural-overview.md** - System architecture - **CLAUDE_Tractatus_Maintenance_Guide.md** - Full governance framework --- ## Community Contributions This library is open source. Contribute additional anonymized examples: 1. Fork the repository 2. Add new examples to this document 3. Ensure examples are anonymized (no real project names, sensitive data) 4. Submit pull request with rationale for inclusion **Criteria for inclusion:** - Real-world instruction from production use - Demonstrates unique pattern or edge case - Includes complete metadata and clear notes - Helps implementers understand classification logic --- ## License This document is part of the Tractatus AI Safety Framework, licensed under Apache License 2.0. **Attribution:** If you use examples from this library in academic research or commercial products, please cite: ``` Tractatus AI Safety Framework - Governance Rule Library https://agenticgovernance.digital/docs/governance-rule-library Version 1.0 (2025-10-11) ``` --- **Document Version:** 1.0 **Last Updated:** 2025-10-11 **Next Review:** After 100+ community submissions **Maintained By:** Tractatus Development Team *This library demonstrates real-world governance rule classification and enforcement. All examples are anonymized from actual production use.*