john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tractatus/.migration-backup/instruction-history.json
TheFlow 7336ad86e3 feat: enhance framework services and format architectural documentation 
Framework Service Enhancements:
- ContextPressureMonitor: Enhanced statistics tracking and contextual adjustments
- InstructionPersistenceClassifier: Improved context integration and consistency
- MetacognitiveVerifier: Extended verification capabilities and logging
- All services: 182 unit tests passing

Admin Interface Improvements:
- Blog curation: Enhanced content management and validation
- Audit analytics: Improved analytics dashboard and reporting
- Dashboard: Updated metrics and visualizations

Documentation:
- Architectural overview: Improved markdown formatting for readability
- Added blank lines between sections for better structure
- Fixed table formatting for version history

All tests passing: Framework stable for deployment

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-11 00:50:47 +13:00

354 lines
17 KiB
JSON
Raw Blame History

{
"version": "1.0",
"last_updated": "2025-10-07T19:30:00Z",
"description": "Persistent instruction database for Tractatus framework governance",
"instructions": [
{
"id": "inst_001",
"text": "MongoDB runs on port 27017 for tractatus_dev database",
"timestamp": "2025-10-06T14:00:00Z",
"quadrant": "SYSTEM",
"persistence": "HIGH",
"temporal_scope": "PROJECT",
"verification_required": "MANDATORY",
"explicitness": 0.90,
"source": "user",
"session_id": "2025-10-06-initial-setup",
"parameters": {
"port": "27017",
"database": "tractatus_dev",
"service": "mongodb"
},
"active": true,
"notes": "Infrastructure decision from project initialization"
},
{
"id": "inst_002",
"text": "Application runs on port 9000",
"timestamp": "2025-10-06T14:00:00Z",
"quadrant": "SYSTEM",
"persistence": "HIGH",
"temporal_scope": "PROJECT",
"verification_required": "MANDATORY",
"explicitness": 0.90,
"source": "user",
"session_id": "2025-10-06-initial-setup",
"parameters": {
"port": "9000",
"service": "tractatus-web"
},
"active": true,
"notes": "Infrastructure decision from project initialization"
},
{
"id": "inst_003",
"text": "This is a separate project from family-history and sydigital - no shared code or data",
"timestamp": "2025-10-06T14:00:00Z",
"quadrant": "STRATEGIC",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 0.95,
"source": "user",
"session_id": "2025-10-06-initial-setup",
"parameters": {},
"active": true,
"notes": "Critical project isolation requirement"
},
{
"id": "inst_004",
"text": "No shortcuts, no fake data, world-class quality",
"timestamp": "2025-10-06T14:00:00Z",
"quadrant": "STRATEGIC",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 0.88,
"source": "user",
"session_id": "2025-10-06-initial-setup",
"parameters": {},
"active": true,
"notes": "Quality standard for all work"
},
{
"id": "inst_005",
"text": "Human approval required for major decisions, architectural changes, values-sensitive content",
"timestamp": "2025-10-06T14:00:00Z",
"quadrant": "STRATEGIC",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 0.92,
"source": "user",
"session_id": "2025-10-06-initial-setup",
"parameters": {},
"active": true,
"notes": "Governance requirement - aligns with BoundaryEnforcer"
},
{
"id": "inst_006",
"text": "Use ContextPressureMonitor to manage sessions and create handoff when pressure is CRITICAL",
"timestamp": "2025-10-07T09:00:00Z",
"quadrant": "OPERATIONAL",
"persistence": "HIGH",
"temporal_scope": "PROJECT",
"verification_required": "REQUIRED",
"explicitness": 0.85,
"source": "user",
"session_id": "2025-10-07-part2",
"parameters": {},
"active": true,
"notes": "Session management protocol established"
},
{
"id": "inst_007",
"text": "Use Tractatus governance framework actively in all sessions",
"timestamp": "2025-10-07T09:15:00Z",
"quadrant": "OPERATIONAL",
"persistence": "HIGH",
"temporal_scope": "PROJECT",
"verification_required": "MANDATORY",
"explicitness": 0.98,
"source": "user",
"session_id": "2025-10-07-part2",
"parameters": {
"components": ["pressure_monitor", "classifier", "cross_reference", "boundary_enforcer"],
"verbosity": "summary"
},
"active": true,
"notes": "Framework activation - THIS IS THE NEW NORMAL"
},
{
"id": "inst_008",
"text": "ALWAYS comply with Content Security Policy (CSP) - no inline event handlers, no inline scripts",
"timestamp": "2025-10-07T19:30:00Z",
"quadrant": "SYSTEM",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "user",
"session_id": "2025-10-07-docs-audit",
"parameters": {
"csp_policy": "script-src 'self'",
"violations_forbidden": ["onclick", "onload", "inline-script", "javascript:"],
"alternatives_required": ["addEventListener", "external-scripts"]
},
"active": true,
"notes": "CRITICAL SECURITY REQUIREMENT - Framework should have caught CSP violation before deployment"
},
{
"id": "inst_009",
"text": "Defer email services and Stripe activation to future sessions",
"timestamp": "2025-10-08T00:00:00Z",
"quadrant": "TACTICAL",
"persistence": "MEDIUM",
"temporal_scope": "SESSION",
"verification_required": "OPTIONAL",
"explicitness": 0.95,
"source": "user",
"session_id": "2025-10-08-phase-4",
"parameters": {
"deferred_tasks": ["email_service", "stripe_activation"]
},
"active": true,
"notes": "Prioritization directive - focus on UI and documentation first"
},
{
"id": "inst_010",
"text": "Ensure all production UI links are working correctly",
"timestamp": "2025-10-08T00:00:00Z",
"quadrant": "OPERATIONAL",
"persistence": "HIGH",
"temporal_scope": "PROJECT",
"verification_required": "REQUIRED",
"explicitness": 0.92,
"source": "user",
"session_id": "2025-10-08-phase-4",
"parameters": {
"scope": "production_ui",
"quality_standard": "all_links_functional"
},
"active": true,
"notes": "Quality requirement for production deployment"
},
{
"id": "inst_011",
"text": "Implement clear differentiation between technical documentation (for developers/implementers) and general documentation (for general audience)",
"timestamp": "2025-10-08T00:00:00Z",
"quadrant": "OPERATIONAL",
"persistence": "HIGH",
"temporal_scope": "PROJECT",
"verification_required": "REQUIRED",
"explicitness": 0.90,
"source": "user",
"session_id": "2025-10-08-phase-4",
"parameters": {
"technical_docs_examples": ["claude-code-framework-enforcement.md"],
"api_endpoint": "/api/documents",
"filter_requirement": "audience_type"
},
"active": true,
"notes": "Content organization requirement - technical docs should be selectable separately from general docs"
},
{
"id": "inst_012",
"text": "NEVER deploy documents marked 'internal' or 'confidential' to public production without explicit human approval. Documents containing credentials, security vulnerabilities, financial information, or infrastructure details MUST NOT be publicly accessible.",
"timestamp": "2025-10-08T01:00:00Z",
"quadrant": "SYSTEM",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "system",
"session_id": "2025-10-08-phase-4-security",
"parameters": {
"visibility_levels": ["public", "internal", "confidential"],
"public_requires": "visibility: 'public' AND security validation passed",
"blocked_content": ["credentials", "api_keys", "secrets", "vulnerabilities", "security_audits", "payment_setup", "deployment_guides"],
"validation_script": "scripts/validate-document-security.js"
},
"active": true,
"notes": "CRITICAL SECURITY REQUIREMENT - Prevents accidental exposure of sensitive internal documentation. Learned from incident where Security Audit Report, Koha Stripe Setup, and Koha Deployment guides were incorrectly marked for public import."
},
{
"id": "inst_013",
"text": "Public API endpoints MUST NOT expose sensitive runtime data (memory usage, heap sizes, exact uptime, environment details, service architecture) that could aid attackers. Use minimal health checks for public endpoints. Sensitive monitoring data requires authentication.",
"timestamp": "2025-10-08T02:00:00Z",
"quadrant": "SYSTEM",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "user",
"session_id": "2025-10-08-phase-4-security",
"parameters": {
"public_endpoints": ["/health", "/api/koha/transparency"],
"authenticated_endpoints": ["/api/governance", "/api/governance/status"],
"blocked_from_public": ["memory_usage", "heap_sizes", "uptime", "environment", "service_names", "internal_architecture"],
"allowed_public": ["status: ok", "timestamp", "public_metrics_only"],
"rate_limiting": "100 requests per 15 minutes per IP"
},
"active": true,
"notes": "CRITICAL SECURITY REQUIREMENT - Prevents reconnaissance attacks. /api/governance exposed memory usage (95MB heap), exact uptime, service architecture to public. Now requires admin authentication. /health simplified to status + timestamp only."
},
{
"id": "inst_014",
"text": "Do NOT expose API endpoint listings or attack surface maps to public users. Demo pages should showcase framework CONCEPTS (classification, boundaries, pressure), not production API infrastructure. API documentation requires authentication or should be deferred to GitHub SDK/samples.",
"timestamp": "2025-10-08T02:30:00Z",
"quadrant": "SYSTEM",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "user",
"session_id": "2025-10-08-phase-4-security",
"parameters": {
"removed_sections": ["Live API Demo from tractatus-demo.html"],
"exposed_data_removed": ["all endpoint names", "admin capabilities", "authentication system", "webhook endpoints", "submission forms", "internal features"],
"replacement": "Resources section with links to docs, researcher, implementer, about pages",
"future_approach": "GitHub SDK/samples when ready, or authenticated developer portal"
},
"active": true,
"notes": "SECURITY DECISION - Removed Live API Demo section that exposed complete API attack surface (auth, documents, blog, media, cases, admin, governance, koha endpoints). Provided zero value to legitimate users but gave attackers enumeration targets. Replaced with Resources section linking to static documentation."
},
{
"id": "inst_015",
"text": "NEVER deploy internal development documents to public downloads directory. Session handoffs, phase planning docs, testing checklists, cost estimates, infrastructure plans, progress reports, and cover letters are CONFIDENTIAL. Only deploy documents explicitly approved for public consumption.",
"timestamp": "2025-10-08T03:00:00Z",
"quadrant": "SYSTEM",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "user",
"session_id": "2025-10-08-phase-4-security",
"parameters": {
"blocked_patterns": ["session-handoff-*.pdf", "phase-2-*.pdf", "ai-features-*.pdf", "*-test-suite-*.pdf", "*-testing-*.pdf", "*-progress-report.pdf", "*-blog-post-*.pdf", "cover-letter-*.pdf"],
"public_directory": "/public/downloads/",
"approved_public_docs": ["framework documentation", "implementation guides", "glossary", "case studies", "core concepts", "executive briefs"],
"requires_explicit_approval": true
},
"active": true,
"notes": "CRITICAL SECURITY INCIDENT - 20 internal documents were publicly accessible in downloads directory, exposing: session debugging, infrastructure plans, cost estimates, testing methodologies, development processes. Removed from production. Public downloads must be whitelisted."
},
{
"id": "inst_016",
"text": "NEVER fabricate statistics, cite non-existent data, or make claims without verifiable evidence. ALL statistics, ROI figures, performance metrics, and quantitative claims MUST either cite sources OR be marked [NEEDS VERIFICATION] for human review. Marketing goals do NOT override factual accuracy requirements.",
"timestamp": "2025-10-09T00:00:00Z",
"quadrant": "STRATEGIC",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "user",
"session_id": "2025-10-07-001-continued",
"parameters": {
"prohibited_actions": ["fabricating_statistics", "inventing_data", "citing_non_existent_sources", "making_unverifiable_claims"],
"required_for_statistics": ["source_citation", "verification_flag", "human_approval"],
"applies_to": ["marketing_content", "public_pages", "documentation", "presentations", "all_public_claims"],
"boundary_enforcer_trigger": "ANY statistic or quantitative claim",
"failure_mode": "Values violation - honesty and transparency"
},
"active": true,
"notes": "CRITICAL FRAMEWORK FAILURE 2025-10-09 - Claude fabricated statistics on leader.html (1,315% ROI, $3.77M savings, 14mo payback, 80% risk reduction, etc.) without triggering BoundaryEnforcer. This directly violates Tractatus core values of honesty and transparency. All public claims must be factually grounded."
},
{
"id": "inst_017",
"text": "NEVER use prohibited absolute assurance terms: 'guarantee', 'guaranteed', 'ensures 100%', 'eliminates all', 'completely prevents', 'never fails'. Use evidence-based language: 'designed to reduce', 'helps mitigate', 'reduces risk of', 'supports prevention of'. Any absolute claim requires BoundaryEnforcer check and human approval.",
"timestamp": "2025-10-09T00:00:00Z",
"quadrant": "STRATEGIC",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "user",
"session_id": "2025-10-07-001-continued",
"parameters": {
"prohibited_terms": ["guarantee", "guaranteed", "ensures 100%", "eliminates all", "completely prevents", "never fails", "always works", "perfect protection"],
"approved_alternatives": ["designed to reduce", "helps mitigate", "reduces risk of", "supports prevention of", "intended to minimize", "architected to limit"],
"boundary_enforcer_trigger": "ANY absolute assurance language",
"replacement_required": true
},
"active": true,
"notes": "CRITICAL FRAMEWORK FAILURE 2025-10-09 - Claude used term 'architectural guarantees' on leader.html. No AI safety framework can guarantee outcomes. This violates Tractatus principles of honesty and realistic expectations. Absolute assurances undermine credibility and set false expectations."
},
{
"id": "inst_018",
"text": "NEVER claim Tractatus is 'production-ready', 'in production use', or has existing customers/deployments without explicit evidence. Current accurate status: 'Development framework', 'Proof-of-concept', 'Research prototype'. Do NOT imply adoption, market validation, or customer base that doesn't exist. Aspirational claims require human approval and clear labeling.",
"timestamp": "2025-10-09T00:00:00Z",
"quadrant": "STRATEGIC",
"persistence": "HIGH",
"temporal_scope": "PROJECT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "user",
"session_id": "2025-10-07-001-continued",
"parameters": {
"prohibited_claims": ["production-ready", "in production", "deployed at scale", "existing customers", "proven in enterprise", "market leader", "widely adopted"],
"current_accurate_status": ["development framework", "proof-of-concept", "research prototype", "early-stage development"],
"requires_evidence": ["customer testimonials", "deployment statistics", "adoption metrics", "case studies"],
"boundary_enforcer_trigger": "ANY claim about production use or customers"
},
"active": true,
"notes": "CRITICAL FRAMEWORK FAILURE 2025-10-09 - Claude claimed 'World's First Production-Ready AI Safety Framework' on leader.html without evidence. Tractatus is development/research stage. False market positioning undermines credibility and violates honesty principle. Status claims must match reality."
}
],
"stats": {
"total_instructions": 18,
"active_instructions": 18,
"by_quadrant": {
"STRATEGIC": 6,
"OPERATIONAL": 4,
"TACTICAL": 1,
"SYSTEM": 7,
"STOCHASTIC": 0
},
"by_persistence": {
"HIGH": 16,
"MEDIUM": 2,
"LOW": 0,
"VARIABLE": 0
}
}
}
Reference in a new issue View git blame Copy permalink