john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tractatus/PRE_APPROVED_COMMANDS.md
TheFlow 7394740a91 feat: implement continuous framework enforcement architecture 
Implements architectural enforcement to prevent framework fade (voluntary
compliance failures). This addresses Case Study #27028 where AI skipped
session-init.js despite explicit CRITICAL warnings while implementing
anti-fade enforcement mechanisms.

## New Components

### Hook Validators (scripts/hook-validators/)
- validate-file-edit.js: Pre-Edit enforcement (CSP, conflicts, boundaries)
- validate-file-write.js: Pre-Write enforcement (overwrites, boundaries)
- check-token-checkpoint.js: Prevents checkpoint fade at 50k/100k/150k

### Documentation
- CONTINUOUS_ENFORCEMENT_ARCHITECTURE.md: Technical architecture
- BOOTSTRAPPING_SOLUTION.md: Solves auto-run session-init problem
- PRE_APPROVED_COMMANDS.md: Extracted from CLAUDE.md (context reduction)
- Case Study #27028: Framework fade during anti-fade implementation

### Session Initialization Enhancement
- scripts/session-init.js: Added Section 8 (Hook Architecture Status)
- Reports hook validator installation and pre-approved commands

### CLAUDE.md Reduction (Not Committed - .gitignored)
- Reduced from 235 lines to 86 lines (63% reduction)
- Philosophy: "If it can be enforced in code, it should not be documented"

## Key Findings

Case Study #27028 proved documentation-based governance fundamentally
cannot work. AI skipped session-init.js despite "⚠️ CRITICAL" warning
while actively implementing anti-fade enforcement. This validates the
thesis that architectural enforcement (code that runs automatically)
is the only viable solution.

## Next Steps

Bootstrapping solution required: session-init.js needs automatic
invocation on continued sessions. Without this, framework fade will
recur. Options documented in BOOTSTRAPPING_SOLUTION.md.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-15 19:55:12 +13:00

3.9 KiB
Raw Blame History

Pre-Approved Bash Commands

Purpose: Command patterns that are pre-approved for execution without explicit user approval during document optimization and routine maintenance workflows.

Rationale: These commands are:

  • Non-destructive (no deletes without backups)
  • Validated before execution (read before write)
  • Part of documented workflows
  • Auditable (all changes logged)
  • Reversible (database updates can be rolled back)

NOT pre-approved: Drop/delete operations, schema changes, user/permission changes, git force push

Database Operations

Read-Only Queries

mongosh tractatus_dev --quiet --eval "db.documents.find*"
mongosh tractatus_dev --quiet --eval "db.documents.countDocuments()"
mongosh tractatus_dev --quiet --eval "print(...)"

Approved Write Patterns

# Slug fixes and category updates
mongosh tractatus_dev --quiet --eval "db.documents.updateOne({slug: '...'}, {\$set: {slug: '...'}})"
mongosh tractatus_dev --quiet --eval "db.documents.updateOne({slug: '...'}, {\$set: {category: '...', order: N}})"

Production Database (same patterns)

ssh -i ~/.ssh/tractatus_deploy ubuntu@vps-93a693da.vps.ovh.net \
  "mongosh tractatus_prod -u tractatus_user -p 'password' \
   --authenticationDatabase tractatus_prod \
   --eval \"db.documents.updateOne(...)\""

Document Migration & Processing

# Migrate markdown documents to database
npm run migrate:docs -- --source docs/markdown --force

# Generate card sections for documents
node scripts/generate-card-sections.js docs/markdown/*.md --update-db
timeout 90 node scripts/generate-card-sections.js *.md --update-db

# Generate PDFs from markdown
node scripts/generate-single-pdf.js docs/markdown/input.md public/downloads/output.pdf

File Operations (Read-Only)

wc -w < file.md                              # Word count
basename file.md .md                         # Extract filename without extension
[ -f file ] && echo "exists"                 # Check file exists
ls -lh public/downloads/*.pdf                # List PDFs with sizes
grep -q "pattern" file                       # Check if pattern exists (silent)
find docs/markdown -name "*.md"              # Find markdown files

Validation & Testing

# API endpoint validation (local)
curl -s http://localhost:9000/api/documents/*
curl -s -I http://localhost:9000/downloads/*.pdf | grep "200 OK"
curl -s -o /dev/null -w "%{http_code}" http://localhost:9000/health

# API endpoint validation (production)
curl -s https://agenticgovernance.digital/api/documents/*
curl -s -o /dev/null -w "%{http_code}" https://agenticgovernance.digital/downloads/*.pdf

# Port checks
lsof -i :9000                                # Check if local server running
lsof -i :27017                               # Check if MongoDB running

Production Deployment

# Safe deployment script (prompts for confirmation)
printf "yes\nyes\n" | ./scripts/deploy-full-project-SAFE.sh

# Production service control
ssh -i ~/.ssh/tractatus_deploy ubuntu@vps-93a693da.vps.ovh.net "sudo systemctl status tractatus"
ssh -i ~/.ssh/tractatus_deploy ubuntu@vps-93a693da.vps.ovh.net "sudo systemctl restart tractatus"
ssh -i ~/.ssh/tractatus_deploy ubuntu@vps-93a693da.vps.ovh.net "sudo journalctl -u tractatus -f"

# Production document migration
ssh -i ~/.ssh/tractatus_deploy ubuntu@vps-93a693da.vps.ovh.net \
  'cd /var/www/tractatus && npm run migrate:docs -- --source docs/markdown --force'

# File synchronization
rsync -avz -e "ssh -i ~/.ssh/tractatus_deploy" source ubuntu@vps-93a693da.vps.ovh.net:dest

Session Management

# Framework initialization
node scripts/session-init.js

# Context pressure monitoring
node scripts/check-session-pressure.js --tokens */200000 --messages *

# Pre-action validation
node scripts/pre-action-check.js <type> [path] "<description>"

Last Updated: 2025-10-15 (Extracted from CLAUDE.md to reduce context consumption)