tractatus/scripts/audit-enforcement.js

#!/usr/bin/env node
/**
 * Meta-Enforcement Monitoring System
 * Scans instructions for MUST/NEVER/MANDATORY language and verifies enforcement
 *
 * Per ENFORCEMENT_AUDIT.md: "If it's MANDATORY, it must be ENFORCED architecturally"
 */

const fs = require('fs');
const path = require('path');

const INSTRUCTION_FILE = path.join(__dirname, '../.claude/instruction-history.json');

// Known enforcement mechanisms
const ENFORCEMENT_MAP = {
  inst_008: ['.git/hooks/pre-commit', 'scripts/check-csp-violations.js'],
  inst_005: ['scripts/track-human-approvals.js'],
  inst_008_CONSOLIDATED: ['.git/hooks/pre-commit', 'scripts/check-csp-violations.js'],
  inst_012: ['scripts/check-confidential-docs.js', 'scripts/deploy.sh'],
  inst_013: ['scripts/check-api-security.js'],
  inst_015: ['scripts/check-confidential-docs.js', 'scripts/deploy.sh'],
  inst_016: ['scripts/check-prohibited-terms.js', '.git/hooks/pre-commit'],
  inst_017: ['scripts/check-prohibited-terms.js', '.git/hooks/pre-commit'],
  inst_018: ['scripts/check-prohibited-terms.js', '.git/hooks/pre-commit'],
  inst_019: ['scripts/verify-context-pressure-comprehensive.js'],
  inst_020_CONSOLIDATED: ['scripts/check-file-permissions.js', 'scripts/deploy.sh'],
  inst_023: ['scripts/track-background-process.js', 'scripts/session-init.js', 'scripts/session-closedown.js'],
  inst_025: ['scripts/verify-deployment-structure.js', 'scripts/deploy.sh'],
  inst_026: ['scripts/check-env-var-standards.js', '.git/hooks/pre-commit'],
  inst_027: ['.claude/hooks/framework-audit-hook.js'],
  inst_038: ['.claude/hooks/framework-audit-hook.js'],
  inst_040: ['.claude/hooks/all-command-detector.js'],
  inst_041_CONSOLIDATED: ['.git/hooks/pre-commit'], // Runtime validation needed
  inst_045: ['scripts/check-api-security.js'],
  inst_046: ['scripts/verify-security-logging.js'],
  inst_047: ['.claude/hooks/behavioral-compliance-reminder.js'],
  inst_049: ['.claude/hooks/behavioral-compliance-reminder.js'],
  inst_064: ['scripts/session-init.js'], // Framework activity verification
  inst_065: ['scripts/session-init.js'],
  inst_066: ['.git/hooks/commit-msg'],
  inst_068: ['.git/hooks/pre-commit'],
  inst_069: ['scripts/check-credential-exposure.js', '.git/hooks/pre-commit'],
  inst_070: ['scripts/check-credential-exposure.js', '.git/hooks/pre-commit'],
  inst_071: ['scripts/deploy.sh'],
  inst_075: ['.claude/hooks/check-token-checkpoint.js'],
  inst_077: ['scripts/session-closedown.js'],
  inst_063_CONSOLIDATED: ['scripts/check-github-repo-structure.js'],
  inst_078: ['.claude/hooks/trigger-word-checker.js'],
  inst_079: ['scripts/check-dark-patterns.js'],
  inst_082: ['.claude/hooks/trigger-word-checker.js']
};

function loadInstructions() {
  const data = JSON.parse(fs.readFileSync(INSTRUCTION_FILE, 'utf8'));
  return data.instructions.filter(i => i.active);
}

function hasImperativeLanguage(text) {
  const imperatives = [
    /\bMUST\b/i,
    /\bNEVER\b/i,
    /\bMANDATORY\b/i,
    /\bREQUIRED\b/i,
    /\bBLOCK(S|ED)?\b/i,
    /\bCRITICAL\b.*\bFAILURE\b/i,
    /\bALWAYS\b/i,
    /\bSHOULD NOT\b/i
  ];

  return imperatives.some(pattern => pattern.test(text));
}

function checkEnforcementExists(instId, enforcementPaths) {
  const missing = [];
  const exists = [];

  enforcementPaths.forEach(p => {
    const fullPath = path.join(__dirname, '..', p);
    if (fs.existsSync(fullPath)) {
      exists.push(p);
    } else {
      missing.push(p);
    }
  });

  return { exists, missing };
}

function main() {
  console.log('\n🔍 Meta-Enforcement Audit\n');
  console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n');

  const instructions = loadInstructions();
  const highPersistence = instructions.filter(i => i.persistence === 'HIGH');

  console.log(`Total active instructions: ${instructions.length}`);
  console.log(`HIGH persistence instructions: ${highPersistence.length}\n`);

  console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n');

  const imperativeInstructions = highPersistence.filter(i => hasImperativeLanguage(i.text));

  console.log(`Instructions with imperative language: ${imperativeInstructions.length}\n`);

  let enforced = 0;
  let unenforced = 0;
  const gaps = [];

  imperativeInstructions.forEach(inst => {
    const hasEnforcement = ENFORCEMENT_MAP[inst.id];

    if (hasEnforcement) {
      const check = checkEnforcementExists(inst.id, hasEnforcement);

      if (check.missing.length === 0) {
        console.log(`✅ ${inst.id}: ENFORCED`);
        console.log(`   Mechanisms: ${check.exists.join(', ')}`);
        enforced++;
      } else {
        console.log(`⚠️  ${inst.id}: PARTIALLY ENFORCED`);
        console.log(`   Exists: ${check.exists.join(', ')}`);
        console.log(`   Missing: ${check.missing.join(', ')}`);
        gaps.push({ id: inst.id, missing: check.missing, text: inst.text.substring(0, 80) + '...' });
        unenforced++;
      }
    } else {
      console.log(`❌ ${inst.id}: NO ENFORCEMENT`);
      console.log(`   Text: ${inst.text.substring(0, 80)}...`);
      gaps.push({ id: inst.id, missing: ['No enforcement mechanism defined'], text: inst.text.substring(0, 80) + '...' });
      unenforced++;
    }
    console.log('');
  });

  console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n');
  console.log('Summary:\n');
  console.log(`  Imperative instructions: ${imperativeInstructions.length}`);
  console.log(`  Enforced: ${enforced} (${Math.round(enforced/imperativeInstructions.length*100)}%)`);
  console.log(`  Unenforced/Partial: ${unenforced} (${Math.round(unenforced/imperativeInstructions.length*100)}%)`);

  if (gaps.length > 0) {
    console.log(`\n⚠️  ${gaps.length} enforcement gap(s) detected\n`);
    console.log('Gaps should be addressed to prevent voluntary compliance failures.\n');
  } else {
    console.log('\n✅ All imperative instructions have enforcement mechanisms!\n');
  }

  console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n');

  if (gaps.length > 0) {
    process.exit(1); // Exit with error if gaps exist
  }
}

main();