tractatus/PRE_APPROVED_COMMANDS.md

# Pre-Approved Bash Commands

**Purpose**: Command patterns that are pre-approved for execution without explicit user approval during document optimization and routine maintenance workflows.

**Rationale**: These commands are:
- Non-destructive (no deletes without backups)
- Validated before execution (read before write)
- Part of documented workflows
- Auditable (all changes logged)
- Reversible (database updates can be rolled back)

**NOT pre-approved**: Drop/delete operations, schema changes, user/permission changes, git force push

---

## Database Operations

### Read-Only Queries
```bash
mongosh tractatus_dev --quiet --eval "db.documents.find*"
mongosh tractatus_dev --quiet --eval "db.documents.countDocuments()"
mongosh tractatus_dev --quiet --eval "print(...)"
```

### Approved Write Patterns
```bash
# Slug fixes and category updates
mongosh tractatus_dev --quiet --eval "db.documents.updateOne({slug: '...'}, {\$set: {slug: '...'}})"
mongosh tractatus_dev --quiet --eval "db.documents.updateOne({slug: '...'}, {\$set: {category: '...', order: N}})"
```

### Production Database (same patterns)
```bash
ssh -i ~/.ssh/tractatus_deploy ubuntu@vps-93a693da.vps.ovh.net \
  "mongosh tractatus_prod -u tractatus_user -p 'password' \
   --authenticationDatabase tractatus_prod \
   --eval \"db.documents.updateOne(...)\""
```

---

## Document Migration & Processing

```bash
# Migrate markdown documents to database
npm run migrate:docs -- --source docs/markdown --force

# Generate card sections for documents
node scripts/generate-card-sections.js docs/markdown/*.md --update-db
timeout 90 node scripts/generate-card-sections.js *.md --update-db

# Generate PDFs from markdown
node scripts/generate-single-pdf.js docs/markdown/input.md public/downloads/output.pdf
```

---

## File Operations (Read-Only)

```bash
wc -w < file.md                              # Word count
basename file.md .md                         # Extract filename without extension
[ -f file ] && echo "exists"                 # Check file exists
ls -lh public/downloads/*.pdf                # List PDFs with sizes
grep -q "pattern" file                       # Check if pattern exists (silent)
find docs/markdown -name "*.md"              # Find markdown files
```

---

## Validation & Testing

```bash
# API endpoint validation (local)
curl -s http://localhost:9000/api/documents/*
curl -s -I http://localhost:9000/downloads/*.pdf | grep "200 OK"
curl -s -o /dev/null -w "%{http_code}" http://localhost:9000/health

# API endpoint validation (production)
curl -s https://agenticgovernance.digital/api/documents/*
curl -s -o /dev/null -w "%{http_code}" https://agenticgovernance.digital/downloads/*.pdf

# Port checks
lsof -i :9000                                # Check if local server running
lsof -i :27017                               # Check if MongoDB running
```

---

## Production Deployment

```bash
# Safe deployment script (prompts for confirmation)
printf "yes\nyes\n" | ./scripts/deploy-full-project-SAFE.sh

# Production service control
ssh -i ~/.ssh/tractatus_deploy ubuntu@vps-93a693da.vps.ovh.net "sudo systemctl status tractatus"
ssh -i ~/.ssh/tractatus_deploy ubuntu@vps-93a693da.vps.ovh.net "sudo systemctl restart tractatus"
ssh -i ~/.ssh/tractatus_deploy ubuntu@vps-93a693da.vps.ovh.net "sudo journalctl -u tractatus -f"

# Production document migration
ssh -i ~/.ssh/tractatus_deploy ubuntu@vps-93a693da.vps.ovh.net \
  'cd /var/www/tractatus && npm run migrate:docs -- --source docs/markdown --force'

# File synchronization
rsync -avz -e "ssh -i ~/.ssh/tractatus_deploy" source ubuntu@vps-93a693da.vps.ovh.net:dest
```

---

## Session Management

```bash
# Framework initialization
node scripts/session-init.js

# Context pressure monitoring
node scripts/check-session-pressure.js --tokens */200000 --messages *

# Pre-action validation
node scripts/pre-action-check.js <type> [path] "<description>"
```

---

**Last Updated**: 2025-10-15 (Extracted from CLAUDE.md to reduce context consumption)