tractatus/scripts/add-attack-surface-rule.js

#!/usr/bin/env node

/**
 * Add Attack Surface Exposure Prevention Rule (inst_084)
 */

const fs = require('fs');
const path = require('path');

const historyPath = path.join(__dirname, '../.claude/instruction-history.json');
const data = JSON.parse(fs.readFileSync(historyPath, 'utf8'));

const newInstruction = {
  "id": "inst_084",
  "text": "NEVER expose internal implementation details in public-facing documents (confidential:false). Block exact file paths, API endpoints, database schemas, port numbers, and internal URLs. Use generalized component names instead.",
  "timestamp": new Date().toISOString(),
  "quadrant": "SYSTEM",
  "persistence": "HIGH",
  "temporal_scope": "PERMANENT",
  "verification_required": "MANDATORY",
  "explicitness": 1.0,
  "source": "security_requirement",
  "session_id": "2025-10-27-attack-surface-prevention",
  "parameters": {
    "security_layer": "defense_in_depth",
    "enforcement": "pre_commit_hook",
    "scope": "public_documents"
  },
  "active": true,
  "notes": "Prevents reconnaissance by obscuring internal architecture in public documentation. Part of defense-in-depth security strategy (inst_072).",
  "examples": [
    "❌ BAD: 'Dashboard at /admin/audit-analytics.html'",
    "✅ GOOD: 'Administrative Dashboard'",
    "❌ BAD: 'GET /api/admin/audit-logs endpoint'",
    "✅ GOOD: 'Authenticated API for retrieving audit data'",
    "❌ BAD: 'In activity-classifier.util.js'",
    "✅ GOOD: 'The activity classifier'",
    "❌ BAD: 'MongoDB on port 27017'",
    "✅ GOOD: 'Database backend'"
  ],
  "enforcement_patterns": [
    "File paths: src/*, public/*, scripts/*",
    "API endpoints: /api/*, /admin/*",
    "File extensions in prose: .js, .html, .css",
    "Port numbers in public docs",
    "Internal URLs with specific paths"
  ],
  "exemptions": [
    "Code blocks in technical implementation guides marked confidential:true",
    "Internal architectural documentation",
    "Developer setup guides not published externally"
  ],
  "related_rules": [
    "inst_072"
  ]
};

data.instructions.push(newInstruction);
data.last_updated = new Date().toISOString();

fs.writeFileSync(historyPath, JSON.stringify(data, null, 2));

console.log('✅ Added inst_084: Attack Surface Exposure Prevention');
console.log(`   Quadrant: ${newInstruction.quadrant}`);
console.log(`   Persistence: ${newInstruction.persistence}`);
console.log(`   Enforcement: Pre-commit hooks for public documents`);