john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tractatus/scripts/verify-security-logging.js
TheFlow 436ca56cb0 feat(governance): implement comprehensive enforcement architecture 
Completes enforcement implementation from ENFORCEMENT_AUDIT.md analysis:

 Implemented (6 enforcement mechanisms):
1. Token checkpoint monitoring (inst_075)
   - .claude/hooks/check-token-checkpoint.js
   - PostToolUse hook integration

2. Trigger word detection (inst_078, inst_082)
   - .claude/hooks/trigger-word-checker.js (already completed)
   - "ff" and "ffs" triggers architecturally enforced

3. Framework activity verification (inst_064)
   - Enhanced scripts/session-init.js with fade detection
   - Alerts when components stale >20 messages

4. Test requirement enforcement (inst_068)
   - Enhanced .git/hooks/pre-commit
   - Runs tests if test files exist for modified code
   - Blocks commits on test failures

5. Background process tracking (inst_023)
   - scripts/track-background-process.js
   - Integrated into session-init.js and session-closedown.js
   - Tracks persistent vs temporary processes

6. Security logging verification (inst_046)
   - scripts/verify-security-logging.js
   - Can be integrated into deployment workflow

7. Meta-enforcement monitoring system
   - scripts/audit-enforcement.js
   - Scans HIGH persistence instructions for imperatives
   - Reports enforcement gaps (currently 28/39 gaps)

🔒 Protection Added:
- inst_027: Hard block on instruction-history.json edits
- Conventional commit format enforcement (inst_066)
- CSP + test validation in pre-commit hook

📊 Current Enforcement Status:
- Baseline: 11/39 imperative instructions enforced (28%)
- Framework fade detection operational
- Token checkpoints architecturally monitored

🎯 Philosophy:
"If it's MANDATORY, it must be ENFORCED architecturally, not documented."

This addresses the root cause of voluntary compliance failures identified
when Claude missed "ffs" trigger and token checkpoints despite active
HIGH persistence instructions.

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-25 13:15:06 +13:00

81 lines
2.9 KiB
JavaScript
Executable file
Raw Blame History

#!/usr/bin/env node
/**
* Security Logging Verification - Enforces inst_046
* Checks that security event logging is properly configured
*/
const fs = require('fs');
const path = require('path');
const mongoose = require('mongoose');
async function verify() {
console.log('\n🔒 Security Logging Verification (inst_046)\n');
console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n');
let allPassed = true;
// Check 1: Security audit log file or database
console.log('1. Checking security audit trail...');
try {
await mongoose.connect('mongodb://localhost:27017/tractatus_dev', {
serverSelectionTimeoutMS: 2000
});
const AuditLog = mongoose.model('AuditLog');
const securityCount = await AuditLog.countDocuments({
service: { $in: ['BoundaryEnforcer', 'AuthMiddleware', 'SecurityMonitor'] }
});
if (securityCount > 0) {
console.log(`${securityCount} security events logged to database`);
} else {
console.log(' ⚠️ No security events in database (may be fresh install)');
}
mongoose.connection.close();
} catch (dbErr) {
console.log(` ⚠️ Could not connect to audit database: ${dbErr.message}`);
}
// Check 2: Security middleware present
console.log('\n2. Checking security middleware...');
const middlewarePath = path.join(__dirname, '../src/middleware/auth.middleware.js');
if (fs.existsSync(middlewarePath)) {
const content = fs.readFileSync(middlewarePath, 'utf8');
if (content.includes('security') || content.includes('audit')) {
console.log(' ✅ Security middleware found');
} else {
console.log(' ⚠️ Security middleware may not include audit logging');
}
} else {
console.log(' ❌ Security middleware not found');
allPassed = false;
}
// Check 3: CSP violation detection
console.log('\n3. Checking CSP compliance tools...');
const cspCheckPath = path.join(__dirname, '../scripts/check-csp-violations.js');
if (fs.existsSync(cspCheckPath)) {
console.log(' ✅ CSP violation checker present');
} else {
console.log(' ❌ CSP violation checker missing');
allPassed = false;
}
// Summary
console.log('\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
if (allPassed) {
console.log('✅ Security logging verification PASSED\n');
process.exit(0);
} else {
console.log('❌ Security logging verification FAILED\n');
console.log('Action required: Ensure all security logging components are in place');
console.log('See inst_046 for full requirements\n');
process.exit(1);
}
}
verify().catch(err => {
console.error(`\n❌ Verification failed: ${err.message}\n`);
process.exit(1);
});
Reference in a new issue View git blame Copy permalink