Bundles the plan's commits 1 + 2 into one atomic commit. Pre-commit hook
scans whole file content, so a credential-only commit cannot pass inst_084
while port exposures remain unflipped on the same file. Sibling-concern
bundling matches precedent 4ddc54a0 (README hygiene follow-on to c85f310f).
Applied identically to both CLAUDE_Tractatus_Maintenance_Guide.md copies
(root + For Claude Web bundle):
inst_069/070 — credential-scan false-positive:
L1101 "Password location" -> "Credential reference"
(describes WHERE creds live, not any credential value)
inst_084 — port redactions, 9 distinct line positions per file, using
generic descriptors so the "port \d{4,5}" regex no longer matches:
L40, L63 Port 27017 (MongoDB) -> default MongoDB port / default port
L64 on port 9000 -> on the project HTTP port
L65 Port 9001 (WebSocket) -> the project WebSocket port
L103 "Check port 27027" -> verify a non-default MongoDB port
L104 Used port 27017 -> used the standard default MongoDB port
L1324/1260, L1325/1261 -> (default port) / (project HTTP port)
L1437/1373 summary line -> default port / HTTP port descriptors
Intentionally preserved (non-triggering):
L99 section title "What is a '27027 Failure?'" (bare digits, no "port"
prefix, regex doesn't match)
L41 "Separate application port: 9000" (colon breaks "port\s+\d" regex)
All code-block port refs (exempted by removeExemptedSections())
Revised sequence: commit 1/5 (plan originally 1/6, merged 1+2).
Plan: community repo docs/plans/PLAN_TRACTATUS_OUT_OF_SCOPE_HYGIENE_LICENCE_20260420.md
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
db7885481d