tractatus/scripts/add-inst-073-bash-bypass-prevention.js

#!/usr/bin/env node

/**
 * Add inst_073: Prevent Bash File Operation Bypass
 *
 * Created in response to framework incident 2025-10-22
 * where bash bypass allowed fake data violation
 */

const fs = require('fs');
const path = require('path');

const INSTRUCTION_FILE = path.join(__dirname, '../.claude/instruction-history.json');

console.log('═══════════════════════════════════════════════════════════');
console.log('  ADD INST_073 - BASH FILE OPERATION PREVENTION');
console.log('═══════════════════════════════════════════════════════════\n');

// Read current data
console.log('📖 Reading instruction-history.json...');
const data = JSON.parse(fs.readFileSync(INSTRUCTION_FILE, 'utf8'));

console.log(`   Version: ${data.version}`);
console.log(`   Instructions: ${data.instructions.length}`);
console.log(`   Active: ${data.stats.active_instructions}\n`);

// Create backup
const backupFile = INSTRUCTION_FILE + '.backup-pre-inst-073-' + Date.now();
fs.copyFileSync(INSTRUCTION_FILE, backupFile);
console.log(`💾 Backup created: ${path.basename(backupFile)}\n`);

// Define new rule
const inst_073 = {
  id: 'inst_073',
  text: 'NEVER use bash commands for file operations (echo >, cat >, tee, sed -i, awk, etc.) when dedicated tools exist. File operations MUST use: Write tool (file creation), Edit tool (file modification), Read tool (file reading). Bash tool is ONLY for terminal operations (git, npm, docker, systemctl, ssh, curl, etc.). BEFORE using bash to modify filesystem: (1) Check if Write/Edit/Read tool can be used, (2) If dedicated tool exists, MUST use it, (3) Document in comments if bash truly required. Prohibited patterns: "echo text > file", "cat > file << EOF", "sed -i", "tee file", "> file", ">> file". Allowed patterns: git commit, npm install, systemctl restart, ssh commands, curl, docker, mongosh. Violation of this rule bypasses framework hooks and enables inst_009 violations (fake data). This rule created after INCIDENT_2025-10-22_HOOK_BYPASS_FAKE_DATA.',
  quadrant: 'SYSTEM',
  persistence: 'HIGH',
  temporal_scope: 'PERMANENT',
  session_id: '2025-10-07-001',
  notes: 'CRITICAL FRAMEWORK ENFORCEMENT - Created in response to hook bypass incident on 2025-10-22. Claude bypassed Write tool hook by using "cat > file << EOF" which allowed fake data (inst_009 violation) to slip through. This rule explicitly prohibits bash file operations, requiring use of dedicated tools (Write, Edit, Read) instead. Prevents framework fade and ensures all file operations pass through governance hooks. Incident documented in docs/framework-incidents/INCIDENT_2025-10-22_HOOK_BYPASS_FAKE_DATA.md.',
  active: true,
  created_date: '2025-10-22',
  parameters: {
    verification_required: 'MANDATORY',
    blocking: true,
    framework_enforcement: true,
    incident_response: 'hook_bypass_fake_data_2025_10_22',
    related_rules: ['inst_009', 'inst_064']
  }
};

console.log('➕ Adding inst_073...\n');
data.instructions.push(inst_073);
console.log(`   ✓ Added ${inst_073.id}`);
console.log(`     ${inst_073.text.substring(0, 100)}...`);
console.log('');

// Update version and stats
data.version = '3.8';
data.last_updated = new Date().toISOString();

const activeInstructions = data.instructions.filter(i => i.active !== false);

const quadrantCounts = {
  SYSTEM: 0,
  STRATEGIC: 0,
  OPERATIONAL: 0,
  TACTICAL: 0
};

const persistenceCounts = {
  HIGH: 0,
  MEDIUM: 0,
  LOW: 0
};

activeInstructions.forEach(inst => {
  if (inst.quadrant) quadrantCounts[inst.quadrant]++;
  if (inst.persistence) persistenceCounts[inst.persistence]++;
});

data.stats = {
  total_instructions: data.instructions.length,
  active_instructions: activeInstructions.length,
  by_quadrant: quadrantCounts,
  by_persistence: persistenceCounts
};

console.log('📊 Updating version and stats...');
console.log(`   Version: 3.7 → 3.8`);
console.log(`   Total: ${data.instructions.length}`);
console.log(`   Active: ${data.stats.active_instructions}\n`);

// Write updated file
fs.writeFileSync(INSTRUCTION_FILE, JSON.stringify(data, null, 2));
console.log(`💾 Written to ${path.basename(INSTRUCTION_FILE)}\n`);

console.log('═══════════════════════════════════════════════════════════');
console.log('  ✅ INST_073 ADDED SUCCESSFULLY');
console.log('═══════════════════════════════════════════════════════════');
console.log('');
console.log('New rule:');
console.log('  inst_073: Prevent Bash File Operation Bypass');
console.log('');
console.log('Purpose:');
console.log('  - Prevents bash commands from bypassing Write/Edit tool hooks');
console.log('  - Enforces use of dedicated tools for file operations');
console.log('  - Prevents inst_009 violations (fake data) via hook bypass');
console.log('');
console.log('Created in response to:');
console.log('  - Incident: INCIDENT_2025-10-22_HOOK_BYPASS_FAKE_DATA');
console.log('  - User feedback: "You have broken a rule: no fake data"');
console.log('  - Framework fade: inst_064 not architecturally enforced');
console.log('');
console.log('Next steps:');
console.log('  1. Sync to MongoDB: node scripts/sync-instructions-to-db.js');
console.log('  2. Review hook validators to detect bash file operations');
console.log('  3. Update CLAUDE.md with inst_073 reference');
console.log('');