a4db3e62ec
Addresses the documentation-layer gap after Phase A/B moved the git REMOTE from
GitHub to Codeberg but left ~100 project-self GitHub URLs embedded in markdown,
HTML, JS, and Python files. The remote-layer migration was generalised as
"GitHub is gone from the codebase" without verifying the content layer.
22 files swept in this commit. 27 additional files hold pre-existing inst_016/017/018
or inst_084 debt that would transfer on touch (hook whole-file scan). Those
await a companion hygiene-first commit before their GitHub->Codeberg flip
can land cleanly.
Sweep scope this commit:
- README.md, SECURITY.md
- 3 For-Claude-Web bundle files (GitHub URLs noted as "separate concern" in
today's earlier licence-swap commits)
- docs/markdown/deployment-guide.md
- docs/AUTOMATED_SYNC_SETUP, PLURALISM_CHECKLIST, github/AGENT_LIGHTNING_README
- docs/business-intelligence/governance-bi-tools
- docs/outreach/EXECUTIVE-BRIEF-BI-GOVERNANCE (+ v2)
- docs/research/ARCHITECTURAL-SAFEGUARDS-*
- email-templates/README.md, base-template.html
- 3 scripts/seed-*-blog-post.js (blog-seeding scripts)
- scripts/upload-document.js
- SESSION_HANDOFF_2025-10-23_FRAMEWORK_ANALYSIS.md
- SECURITY_INCIDENT_POST_MORTEM_2025-10-21.md
Pattern swaps (longest-first):
github.com/AgenticGovernance/tractatus-framework/issues -> codeberg.org/mysovereignty/tractatus-framework/issues
github.com/AgenticGovernance/tractatus-framework/discussions -> .../issues (Codeberg has no discussions feature)
github.com/AgenticGovernance/tractatus-framework.git -> codeberg.org/mysovereignty/tractatus-framework.git
github.com/AgenticGovernance/tractatus-framework -> codeberg.org/mysovereignty/tractatus-framework
git@github.com:AgenticGovernance/... -> git@codeberg.org:mysovereignty/...
github.com/AgenticGovernance/tractatus (old org/repo path) -> codeberg.org/mysovereignty/tractatus-framework
AgenticGovernance/tractatus-framework (bare) -> mysovereignty/tractatus-framework
Hook validator update (scripts/hook-validators/validate-credentials.js):
PROTECTED_VALUES.github_org: 'AgenticGovernance' -> 'mysovereignty'
PROTECTED_VALUES.license: 'Apache License 2.0' -> EUPL-1.2 long form
URL detection regex: /github\.com\/.../ -> /codeberg\.org\/.../
Placeholder checks + error messages updated to reflect Codeberg as
authoritative post-migration host. Key names (e.g. `github_org`) retained
for backward compatibility with validate-file-edit.js.
Held back from this commit (27 files total, documented reasons):
11 historical session handoffs / closedown docs / incident reports
(2025-10 through 2026-02) — modifying them rewrites the record to contain
URLs that did not exist at the time of writing, AND ownership of their
pre-existing inst_084 exposures transfers on touch.
8 live-content docs with pre-existing inst_084 debt (port/API-endpoint/
file-path exposures): docs/markdown/case-studies.md, technical-architecture,
introduction-to-the-tractatus-framework, implementation-guide-v1.1,
docs/plans/integrated-implementation-roadmap-2025, docs/governance/*,
docs/ANTHROPIC_*, docs/GOVERNANCE_SERVICE_*, docs/RESEARCH_DOCUMENTATION_*,
deployment-quickstart/*.
8 live-content docs with pre-existing inst_016/017/018 debt:
CHANGELOG.md, CONTRIBUTING.md, docs/LAUNCH_ANNOUNCEMENT, LAUNCH_CHECKLIST,
PHASE_4_REPOSITORY_ANALYSIS, PHASE_6_SUMMARY, docs/plans/research-enhancement-
roadmap-2025, docs/case-studies/pre-publication-audit-oct-2025.
Also NOT in this commit (separate concerns):
- scripts/add-inst-084-github-url-protection.js (detection-rule logic needs
framework-level decision on post-migration semantics).
- .claude/* (framework state).
- docs/PRODUCTION_DOCUMENTS_EXPORT.json (DB dump).
- package-lock.json (npm sponsor URLs, third-party).
- .git/config embedded credentials (requires out-of-band rotation on both
remote hosts + auth-strategy decision; user-action task).
Context: today's EUPL-1.2 sweep closed the licence-text-content layer
(5c386d0d / 6d49bfbf / ab0a6af4 / 4c1a26e8). This commit starts closing the
matching vendor-URL-content layer. Next: hygiene-first pass on the 16
live-content docs held back, then a second URL-flip pass on them.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
8.8 KiB
8.8 KiB
Pluralism Code Review Checklist (inst_081)
Purpose: Enforce pluralistic values in code and decision-making Foundational Principle: Different communities hold different, equally legitimate values frameworks
🚫 AI MUST NOT
1. Impose Unified Moral Framework
- Does the code/feature assume a single "correct" moral position?
- Are value judgments presented as objective facts?
- Are cultural frameworks ranked or prioritized without human input?
Red Flags:
- Hard-coded moral rules that apply universally
- UI/UX that assumes Western liberal values
- Default settings that favor one cultural perspective
- Error messages that moralize user choices
Example Violation:
// ❌ BAD: Assumes individualist framework
const DEFAULT_PRIVACY = 'private'; // Forces individualist default
// ✅ GOOD: Allows community to choose
const DEFAULT_PRIVACY = getUserCommunityPreference('privacy_default');
2. Auto-Resolve Value Conflicts
- Does the code automatically resolve conflicts between competing values?
- Are trade-offs decided without human deliberation?
- Are value-laden decisions hidden in default behavior?
Red Flags:
- Algorithms that prioritize one value over another without configuration
- Conflict resolution that doesn't surface the value tension
- "Smart" features that make value judgments
Example Violation:
// ❌ BAD: Auto-resolves privacy vs. community transparency
function shareData(data) {
if (data.sensitivity < 5) {
return publiclyShare(data); // Assumes transparency > privacy
}
}
// ✅ GOOD: Presents conflict to human
function shareData(data) {
if (hasValueConflict(data)) {
return PluralisticDeliberationOrchestrator.presentConflict({
values: ['privacy', 'transparency'],
context: data,
requireHumanInput: true
});
}
}
3. Rank Competing Values
- Does the code create hierarchies of values?
- Are some cultural frameworks treated as more important?
- Is there a "right" answer built into the logic?
Red Flags:
- Weighted scoring systems for values
- Priority queues based on moral importance
- Hardcoded precedence rules
Example Violation:
// ❌ BAD: Ranks values without human input
const VALUE_WEIGHTS = {
individual_autonomy: 1.0,
community_harmony: 0.7, // Implicitly "less important"
indigenous_sovereignty: 0.5
};
4. Treat One Framework as Superior
- Is Western liberalism the default framework?
- Are indigenous frameworks treated as "special cases"?
- Are non-Western perspectives "add-ons"?
Red Flags:
- "Default" behavior that assumes Western norms
- Indigenous frameworks in
if (special_case)blocks - Comments like "// Handle edge case: indigenous data"
- CARE principles as optional extensions
Example Violation:
// ❌ BAD: Indigenous frameworks as exceptions
function processData(data) {
// Standard processing (assumes Western framework)
const result = standardProcess(data);
// Special handling for indigenous data
if (data.isIndigenous) {
return applyCAREPrinciples(result);
}
return result;
}
// ✅ GOOD: All frameworks are foundational
function processData(data) {
const framework = identifyCulturalFramework(data);
const processor = getFrameworkProcessor(framework); // All equal
return processor.process(data);
}
✅ AI MUST
1. Present Value Conflicts to Humans
- Are value conflicts surfaced visibly in the UI/logs?
- Is human deliberation required before resolution?
- Are the competing values clearly explained?
Implementation:
// Use PluralisticDeliberationOrchestrator for value conflicts
const conflict = {
values: ['data_sovereignty', 'research_openness'],
context: 'Publishing indigenous health research',
stakeholders: ['indigenous_community', 'researchers'],
requireHumanInput: true
};
await PluralisticDeliberationOrchestrator.handleConflict(conflict);
2. Respect Indigenous Frameworks as Foundational
- Are CARE principles (Collective Benefit, Authority to Control, Responsibility, Ethics) integrated at the architecture level?
- Is Te Tiriti honored in data governance decisions?
- Are indigenous frameworks core, not supplementary?
Checklist:
- Indigenous data sovereignty is a first-class feature, not an add-on
- CARE principles are checked before FAIR principles, not after
- Community authority is required, not optional
- Indigenous frameworks have equal representation in design docs
Example:
// ✅ GOOD: CARE as foundational architecture
class DataGovernanceService {
async validateDataUse(data, useCase) {
// Step 1: Check CARE principles (foundational)
const careCompliant = await this.validateCARE(data, useCase);
if (!careCompliant.passes) {
return careCompliant; // STOP if CARE violated
}
// Step 2: Check FAIR principles (supplementary)
const fairCompliant = await this.validateFAIR(data, useCase);
return fairCompliant;
}
}
3. Acknowledge Multiple Valid Perspectives
- Does the code/documentation acknowledge that multiple perspectives exist?
- Are different viewpoints presented without ranking?
- Is user choice preserved?
Documentation Standard:
## Privacy vs. Transparency
This feature involves a trade-off between individual privacy and community transparency.
**Individual Privacy Perspective**:
- Users have right to control their data
- Default: data is private unless explicitly shared
**Community Transparency Perspective**:
- Community has right to know member activities
- Default: data is shared within community
**Our Approach**:
We do not resolve this tension. Communities must choose their own balance
through democratic governance processes. See PluralisticDeliberationOrchestrator
for conflict resolution workflows.
4. Use PluralisticDeliberationOrchestrator for Conflicts
- Is PDO invoked when value conflicts are detected?
- Are conflicts logged for audit trail?
- Is human input required for resolution?
Required Triggers:
- Data governance decisions
- Privacy vs. transparency trade-offs
- Individual vs. collective rights
- Indigenous data sovereignty questions
- Cross-cultural feature design
Code Example:
const { PluralisticDeliberationOrchestrator } = require('./services');
// Detect value conflict
if (involvesValueConflict(decision)) {
const result = await PluralisticDeliberationOrchestrator.deliberate({
decision: decision.description,
conflictingValues: decision.values,
stakeholders: decision.affectedCommunities,
context: decision.context,
requireConsensus: false, // Legitimate disagreement OK
documentRationale: true
});
// Log the outcome
await logDeliberation(result);
}
🧪 Testing Checklist
Before Merging Code
- Run value conflict tests:
npm run test:pluralism - Check for hardcoded moral assumptions
- Verify PluralisticDeliberationOrchestrator integration
- Review for Western bias in defaults
- Confirm indigenous frameworks are foundational, not supplementary
- Check that value trade-offs are surfaced, not hidden
Review Questions
- Whose values are embedded in this code?
- What happens if a community has different values?
- Are we imposing a framework or enabling choice?
- Would this work for indigenous communities? Collectivist cultures? Different legal systems?
- Is there a "right answer" built in that shouldn't be?
📋 Pull Request Template Addition
## Pluralism Check (inst_081)
- [ ] No unified moral framework imposed
- [ ] Value conflicts presented to humans (not auto-resolved)
- [ ] Competing values are not ranked
- [ ] No cultural framework treated as superior
- [ ] Indigenous frameworks are foundational, not supplementary
- [ ] PluralisticDeliberationOrchestrator used for value conflicts
- [ ] Multiple valid perspectives acknowledged
**Value Conflicts Identified**: [List any value conflicts this PR introduces]
**Deliberation Approach**: [How are conflicts surfaced/resolved?]
🎯 Values Alignment
This checklist enforces:
- Community Principle: "No paywalls or vendor lock-in" (inst_080)
- Indigenous Data Sovereignty: CARE principles are foundational (inst_004)
- Pluralistic Deliberation: Multiple legitimate frameworks coexist (inst_081)
- Te Tiriti Framework: Honored in data governance (inst_006)
📚 References
src/services/PluralisticDeliberationOrchestrator.service.jspublic/values.html- Core philosophydocs/governance/CARE_PRINCIPLES.mddocs/governance/TE_TIRITI_FRAMEWORK.md
Last Updated: 2025-10-25 Maintained By: Tractatus Governance Team License: Apache 2.0 (https://codeberg.org/mysovereignty/tractatus-framework)