john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tractatus/.migration-backup/instruction-history.json
TheFlow ac2db33732 fix(submissions): restructure Economist package and fix article display 
- Create Economist SubmissionTracking package correctly:
  * mainArticle = full blog post content
  * coverLetter = 216-word SIR— letter
  * Links to blog post via blogPostId
- Archive 'Letter to The Economist' from blog posts (it's the cover letter)
- Fix date display on article cards (use published_at)
- Target publication already displaying via blue badge

Database changes:
- Make blogPostId optional in SubmissionTracking model
- Economist package ID: 68fa85ae49d4900e7f2ecd83
- Le Monde package ID: 68fa2abd2e6acd5691932150

Next: Enhanced modal with tabs, validation, export

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-24 08:47:42 +13:00

354 lines
17 KiB
JSON
Raw Blame History

{
"version": "1.0",
"last_updated": "2025-10-07T19:30:00Z",
"description": "Persistent instruction database for Tractatus framework governance",
"instructions": [
{
"id": "inst_001",
"text": "MongoDB runs on port 27017 for tractatus_dev database",
"timestamp": "2025-10-06T14:00:00Z",
"quadrant": "SYSTEM",
"persistence": "HIGH",
"temporal_scope": "PROJECT",
"verification_required": "MANDATORY",
"explicitness": 0.90,
"source": "user",
"session_id": "2025-10-06-initial-setup",
"parameters": {
"port": "27017",
"database": "tractatus_dev",
"service": "mongodb"
},
"active": true,
"notes": "Infrastructure decision from project initialization"
},
{
"id": "inst_002",
"text": "Application runs on port 9000",
"timestamp": "2025-10-06T14:00:00Z",
"quadrant": "SYSTEM",
"persistence": "HIGH",
"temporal_scope": "PROJECT",
"verification_required": "MANDATORY",
"explicitness": 0.90,
"source": "user",
"session_id": "2025-10-06-initial-setup",
"parameters": {
"port": "9000",
"service": "tractatus-web"
},
"active": true,
"notes": "Infrastructure decision from project initialization"
},
{
"id": "inst_003",
"text": "This is a separate project from family-history and sydigital - no shared code or data",
"timestamp": "2025-10-06T14:00:00Z",
"quadrant": "STRATEGIC",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 0.95,
"source": "user",
"session_id": "2025-10-06-initial-setup",
"parameters": {},
"active": true,
"notes": "Critical project isolation requirement"
},
{
"id": "inst_004",
"text": "No shortcuts, no fake data, world-class quality",
"timestamp": "2025-10-06T14:00:00Z",
"quadrant": "STRATEGIC",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 0.88,
"source": "user",
"session_id": "2025-10-06-initial-setup",
"parameters": {},
"active": true,
"notes": "Quality standard for all work"
},
{
"id": "inst_005",
"text": "Human approval required for major decisions, architectural changes, values-sensitive content",
"timestamp": "2025-10-06T14:00:00Z",
"quadrant": "STRATEGIC",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 0.92,
"source": "user",
"session_id": "2025-10-06-initial-setup",
"parameters": {},
"active": true,
"notes": "Governance requirement - aligns with BoundaryEnforcer"
},
{
"id": "inst_006",
"text": "Use ContextPressureMonitor to manage sessions and create handoff when pressure is CRITICAL",
"timestamp": "2025-10-07T09:00:00Z",
"quadrant": "OPERATIONAL",
"persistence": "HIGH",
"temporal_scope": "PROJECT",
"verification_required": "REQUIRED",
"explicitness": 0.85,
"source": "user",
"session_id": "2025-10-07-part2",
"parameters": {},
"active": true,
"notes": "Session management protocol established"
},
{
"id": "inst_007",
"text": "Use Tractatus governance framework actively in all sessions",
"timestamp": "2025-10-07T09:15:00Z",
"quadrant": "OPERATIONAL",
"persistence": "HIGH",
"temporal_scope": "PROJECT",
"verification_required": "MANDATORY",
"explicitness": 0.98,
"source": "user",
"session_id": "2025-10-07-part2",
"parameters": {
"components": ["pressure_monitor", "classifier", "cross_reference", "boundary_enforcer"],
"verbosity": "summary"
},
"active": true,
"notes": "Framework activation - THIS IS THE NEW NORMAL"
},
{
"id": "inst_008",
"text": "ALWAYS comply with Content Security Policy (CSP) - no inline event handlers, no inline scripts",
"timestamp": "2025-10-07T19:30:00Z",
"quadrant": "SYSTEM",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "user",
"session_id": "2025-10-07-docs-audit",
"parameters": {
"csp_policy": "script-src 'self'",
"violations_forbidden": ["onclick", "onload", "inline-script", "javascript:"],
"alternatives_required": ["addEventListener", "external-scripts"]
},
"active": true,
"notes": "CRITICAL SECURITY REQUIREMENT - Framework should have caught CSP violation before deployment"
},
{
"id": "inst_009",
"text": "Defer email services and Stripe activation to future sessions",
"timestamp": "2025-10-08T00:00:00Z",
"quadrant": "TACTICAL",
"persistence": "MEDIUM",
"temporal_scope": "SESSION",
"verification_required": "OPTIONAL",
"explicitness": 0.95,
"source": "user",
"session_id": "2025-10-08-phase-4",
"parameters": {
"deferred_tasks": ["email_service", "stripe_activation"]
},
"active": true,
"notes": "Prioritization directive - focus on UI and documentation first"
},
{
"id": "inst_010",
"text": "Ensure all production UI links are working correctly",
"timestamp": "2025-10-08T00:00:00Z",
"quadrant": "OPERATIONAL",
"persistence": "HIGH",
"temporal_scope": "PROJECT",
"verification_required": "REQUIRED",
"explicitness": 0.92,
"source": "user",
"session_id": "2025-10-08-phase-4",
"parameters": {
"scope": "production_ui",
"quality_standard": "all_links_functional"
},
"active": true,
"notes": "Quality requirement for production deployment"
},
{
"id": "inst_011",
"text": "Implement clear differentiation between technical documentation (for developers/implementers) and general documentation (for general audience)",
"timestamp": "2025-10-08T00:00:00Z",
"quadrant": "OPERATIONAL",
"persistence": "HIGH",
"temporal_scope": "PROJECT",
"verification_required": "REQUIRED",
"explicitness": 0.90,
"source": "user",
"session_id": "2025-10-08-phase-4",
"parameters": {
"technical_docs_examples": ["claude-code-framework-enforcement.md"],
"api_endpoint": "/api/documents",
"filter_requirement": "audience_type"
},
"active": true,
"notes": "Content organization requirement - technical docs should be selectable separately from general docs"
},
{
"id": "inst_012",
"text": "NEVER deploy documents marked 'internal' or 'confidential' to public production without explicit human approval. Documents containing credentials, security vulnerabilities, financial information, or infrastructure details MUST NOT be publicly accessible.",
"timestamp": "2025-10-08T01:00:00Z",
"quadrant": "SYSTEM",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "system",
"session_id": "2025-10-08-phase-4-security",
"parameters": {
"visibility_levels": ["public", "internal", "confidential"],
"public_requires": "visibility: 'public' AND security validation passed",
"blocked_content": ["credentials", "api_keys", "secrets", "vulnerabilities", "security_audits", "payment_setup", "deployment_guides"],
"validation_script": "scripts/validate-document-security.js"
},
"active": true,
"notes": "CRITICAL SECURITY REQUIREMENT - Prevents accidental exposure of sensitive internal documentation. Learned from incident where Security Audit Report, Koha Stripe Setup, and Koha Deployment guides were incorrectly marked for public import."
},
{
"id": "inst_013",
"text": "Public API endpoints MUST NOT expose sensitive runtime data (memory usage, heap sizes, exact uptime, environment details, service architecture) that could aid attackers. Use minimal health checks for public endpoints. Sensitive monitoring data requires authentication.",
"timestamp": "2025-10-08T02:00:00Z",
"quadrant": "SYSTEM",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "user",
"session_id": "2025-10-08-phase-4-security",
"parameters": {
"public_endpoints": ["/health", "/api/koha/transparency"],
"authenticated_endpoints": ["/api/governance", "/api/governance/status"],
"blocked_from_public": ["memory_usage", "heap_sizes", "uptime", "environment", "service_names", "internal_architecture"],
"allowed_public": ["status: ok", "timestamp", "public_metrics_only"],
"rate_limiting": "100 requests per 15 minutes per IP"
},
"active": true,
"notes": "CRITICAL SECURITY REQUIREMENT - Prevents reconnaissance attacks. /api/governance exposed memory usage (95MB heap), exact uptime, service architecture to public. Now requires admin authentication. /health simplified to status + timestamp only."
},
{
"id": "inst_014",
"text": "Do NOT expose API endpoint listings or attack surface maps to public users. Demo pages should showcase framework CONCEPTS (classification, boundaries, pressure), not production API infrastructure. API documentation requires authentication or should be deferred to GitHub SDK/samples.",
"timestamp": "2025-10-08T02:30:00Z",
"quadrant": "SYSTEM",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "user",
"session_id": "2025-10-08-phase-4-security",
"parameters": {
"removed_sections": ["Live API Demo from tractatus-demo.html"],
"exposed_data_removed": ["all endpoint names", "admin capabilities", "authentication system", "webhook endpoints", "submission forms", "internal features"],
"replacement": "Resources section with links to docs, researcher, implementer, about pages",
"future_approach": "GitHub SDK/samples when ready, or authenticated developer portal"
},
"active": true,
"notes": "SECURITY DECISION - Removed Live API Demo section that exposed complete API attack surface (auth, documents, blog, media, cases, admin, governance, koha endpoints). Provided zero value to legitimate users but gave attackers enumeration targets. Replaced with Resources section linking to static documentation."
},
{
"id": "inst_015",
"text": "NEVER deploy internal development documents to public downloads directory. Session handoffs, phase planning docs, testing checklists, cost estimates, infrastructure plans, progress reports, and cover letters are CONFIDENTIAL. Only deploy documents explicitly approved for public consumption.",
"timestamp": "2025-10-08T03:00:00Z",
"quadrant": "SYSTEM",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "user",
"session_id": "2025-10-08-phase-4-security",
"parameters": {
"blocked_patterns": ["session-handoff-*.pdf", "phase-2-*.pdf", "ai-features-*.pdf", "*-test-suite-*.pdf", "*-testing-*.pdf", "*-progress-report.pdf", "*-blog-post-*.pdf", "cover-letter-*.pdf"],
"public_directory": "/public/downloads/",
"approved_public_docs": ["framework documentation", "implementation guides", "glossary", "case studies", "core concepts", "executive briefs"],
"requires_explicit_approval": true
},
"active": true,
"notes": "CRITICAL SECURITY INCIDENT - 20 internal documents were publicly accessible in downloads directory, exposing: session debugging, infrastructure plans, cost estimates, testing methodologies, development processes. Removed from production. Public downloads must be whitelisted."
},
{
"id": "inst_016",
"text": "NEVER fabricate statistics, cite non-existent data, or make claims without verifiable evidence. ALL statistics, ROI figures, performance metrics, and quantitative claims MUST either cite sources OR be marked [NEEDS VERIFICATION] for human review. Marketing goals do NOT override factual accuracy requirements.",
"timestamp": "2025-10-09T00:00:00Z",
"quadrant": "STRATEGIC",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "user",
"session_id": "2025-10-07-001-continued",
"parameters": {
"prohibited_actions": ["fabricating_statistics", "inventing_data", "citing_non_existent_sources", "making_unverifiable_claims"],
"required_for_statistics": ["source_citation", "verification_flag", "human_approval"],
"applies_to": ["marketing_content", "public_pages", "documentation", "presentations", "all_public_claims"],
"boundary_enforcer_trigger": "ANY statistic or quantitative claim",
"failure_mode": "Values violation - honesty and transparency"
},
"active": true,
"notes": "CRITICAL FRAMEWORK FAILURE 2025-10-09 - Claude fabricated statistics on leader.html (1,315% ROI, $3.77M savings, 14mo payback, 80% risk reduction, etc.) without triggering BoundaryEnforcer. This directly violates Tractatus core values of honesty and transparency. All public claims must be factually grounded."
},
{
"id": "inst_017",
"text": "NEVER use prohibited absolute assurance terms: 'guarantee', 'guaranteed', 'ensures 100%', 'eliminates all', 'completely prevents', 'never fails'. Use evidence-based language: 'designed to reduce', 'helps mitigate', 'reduces risk of', 'supports prevention of'. Any absolute claim requires BoundaryEnforcer check and human approval.",
"timestamp": "2025-10-09T00:00:00Z",
"quadrant": "STRATEGIC",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "user",
"session_id": "2025-10-07-001-continued",
"parameters": {
"prohibited_terms": ["guarantee", "guaranteed", "ensures 100%", "eliminates all", "completely prevents", "never fails", "always works", "perfect protection"],
"approved_alternatives": ["designed to reduce", "helps mitigate", "reduces risk of", "supports prevention of", "intended to minimize", "architected to limit"],
"boundary_enforcer_trigger": "ANY absolute assurance language",
"replacement_required": true
},
"active": true,
"notes": "CRITICAL FRAMEWORK FAILURE 2025-10-09 - Claude used term 'architectural guarantees' on leader.html. No AI safety framework can guarantee outcomes. This violates Tractatus principles of honesty and realistic expectations. Absolute assurances undermine credibility and set false expectations."
},
{
"id": "inst_018",
"text": "NEVER claim Tractatus is 'production-ready', 'in production use', or has existing customers/deployments without explicit evidence. Current accurate status: 'Development framework', 'Proof-of-concept', 'Research prototype'. Do NOT imply adoption, market validation, or customer base that doesn't exist. Aspirational claims require human approval and clear labeling.",
"timestamp": "2025-10-09T00:00:00Z",
"quadrant": "STRATEGIC",
"persistence": "HIGH",
"temporal_scope": "PROJECT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "user",
"session_id": "2025-10-07-001-continued",
"parameters": {
"prohibited_claims": ["production-ready", "in production", "deployed at scale", "existing customers", "proven in enterprise", "market leader", "widely adopted"],
"current_accurate_status": ["development framework", "proof-of-concept", "research prototype", "early-stage development"],
"requires_evidence": ["customer testimonials", "deployment statistics", "adoption metrics", "case studies"],
"boundary_enforcer_trigger": "ANY claim about production use or customers"
},
"active": true,
"notes": "CRITICAL FRAMEWORK FAILURE 2025-10-09 - Claude claimed 'World's First Production-Ready AI Safety Framework' on leader.html without evidence. Tractatus is development/research stage. False market positioning undermines credibility and violates honesty principle. Status claims must match reality."
}
],
"stats": {
"total_instructions": 18,
"active_instructions": 18,
"by_quadrant": {
"STRATEGIC": 6,
"OPERATIONAL": 4,
"TACTICAL": 1,
"SYSTEM": 7,
"STOCHASTIC": 0
},
"by_persistence": {
"HIGH": 16,
"MEDIUM": 2,
"LOW": 0,
"VARIABLE": 0
}
}
}
Reference in a new issue View git blame Copy permalink