426fde1ac5
**Cache-Busting Improvements:** - Switched from timestamp-based to semantic versioning (v1.0.2) - Updated all HTML files: index.html, docs.html, leader.html - CSS: tailwind.css?v=1.0.2 - JS: navbar.js, document-cards.js, docs-app.js v1.0.2 - Professional versioning approach for production stability **systemd Service Implementation:** - Created tractatus-dev.service for development environment - Created tractatus-prod.service for production environment - Added install-systemd.sh script for easy deployment - Security hardening: NoNewPrivileges, PrivateTmp, ProtectSystem - Resource limits: 1GB dev, 2GB prod memory limits - Proper logging integration with journalctl - Automatic restart on failure (RestartSec=10) **Why systemd over pm2:** 1. Native Linux integration, no additional dependencies 2. Better OS-level security controls (ProtectSystem, ProtectHome) 3. Superior logging with journalctl integration 4. Standard across Linux distributions 5. More robust process management for production **Usage:** # Development: sudo ./scripts/install-systemd.sh dev # Production: sudo ./scripts/install-systemd.sh prod # View logs: sudo journalctl -u tractatus -f 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
293 lines
12 KiB
JSON
293 lines
12 KiB
JSON
{
|
|
"version": "1.0",
|
|
"last_updated": "2025-10-07T19:30:00Z",
|
|
"description": "Persistent instruction database for Tractatus framework governance",
|
|
"instructions": [
|
|
{
|
|
"id": "inst_001",
|
|
"text": "MongoDB runs on port 27017 for tractatus_dev database",
|
|
"timestamp": "2025-10-06T14:00:00Z",
|
|
"quadrant": "SYSTEM",
|
|
"persistence": "HIGH",
|
|
"temporal_scope": "PROJECT",
|
|
"verification_required": "MANDATORY",
|
|
"explicitness": 0.90,
|
|
"source": "user",
|
|
"session_id": "2025-10-06-initial-setup",
|
|
"parameters": {
|
|
"port": "27017",
|
|
"database": "tractatus_dev",
|
|
"service": "mongodb"
|
|
},
|
|
"active": true,
|
|
"notes": "Infrastructure decision from project initialization"
|
|
},
|
|
{
|
|
"id": "inst_002",
|
|
"text": "Application runs on port 9000",
|
|
"timestamp": "2025-10-06T14:00:00Z",
|
|
"quadrant": "SYSTEM",
|
|
"persistence": "HIGH",
|
|
"temporal_scope": "PROJECT",
|
|
"verification_required": "MANDATORY",
|
|
"explicitness": 0.90,
|
|
"source": "user",
|
|
"session_id": "2025-10-06-initial-setup",
|
|
"parameters": {
|
|
"port": "9000",
|
|
"service": "tractatus-web"
|
|
},
|
|
"active": true,
|
|
"notes": "Infrastructure decision from project initialization"
|
|
},
|
|
{
|
|
"id": "inst_003",
|
|
"text": "This is a separate project from family-history and sydigital - no shared code or data",
|
|
"timestamp": "2025-10-06T14:00:00Z",
|
|
"quadrant": "STRATEGIC",
|
|
"persistence": "HIGH",
|
|
"temporal_scope": "PERMANENT",
|
|
"verification_required": "MANDATORY",
|
|
"explicitness": 0.95,
|
|
"source": "user",
|
|
"session_id": "2025-10-06-initial-setup",
|
|
"parameters": {},
|
|
"active": true,
|
|
"notes": "Critical project isolation requirement"
|
|
},
|
|
{
|
|
"id": "inst_004",
|
|
"text": "No shortcuts, no fake data, world-class quality",
|
|
"timestamp": "2025-10-06T14:00:00Z",
|
|
"quadrant": "STRATEGIC",
|
|
"persistence": "HIGH",
|
|
"temporal_scope": "PERMANENT",
|
|
"verification_required": "MANDATORY",
|
|
"explicitness": 0.88,
|
|
"source": "user",
|
|
"session_id": "2025-10-06-initial-setup",
|
|
"parameters": {},
|
|
"active": true,
|
|
"notes": "Quality standard for all work"
|
|
},
|
|
{
|
|
"id": "inst_005",
|
|
"text": "Human approval required for major decisions, architectural changes, values-sensitive content",
|
|
"timestamp": "2025-10-06T14:00:00Z",
|
|
"quadrant": "STRATEGIC",
|
|
"persistence": "HIGH",
|
|
"temporal_scope": "PERMANENT",
|
|
"verification_required": "MANDATORY",
|
|
"explicitness": 0.92,
|
|
"source": "user",
|
|
"session_id": "2025-10-06-initial-setup",
|
|
"parameters": {},
|
|
"active": true,
|
|
"notes": "Governance requirement - aligns with BoundaryEnforcer"
|
|
},
|
|
{
|
|
"id": "inst_006",
|
|
"text": "Use ContextPressureMonitor to manage sessions and create handoff when pressure is CRITICAL",
|
|
"timestamp": "2025-10-07T09:00:00Z",
|
|
"quadrant": "OPERATIONAL",
|
|
"persistence": "HIGH",
|
|
"temporal_scope": "PROJECT",
|
|
"verification_required": "REQUIRED",
|
|
"explicitness": 0.85,
|
|
"source": "user",
|
|
"session_id": "2025-10-07-part2",
|
|
"parameters": {},
|
|
"active": true,
|
|
"notes": "Session management protocol established"
|
|
},
|
|
{
|
|
"id": "inst_007",
|
|
"text": "Use Tractatus governance framework actively in all sessions",
|
|
"timestamp": "2025-10-07T09:15:00Z",
|
|
"quadrant": "OPERATIONAL",
|
|
"persistence": "HIGH",
|
|
"temporal_scope": "PROJECT",
|
|
"verification_required": "MANDATORY",
|
|
"explicitness": 0.98,
|
|
"source": "user",
|
|
"session_id": "2025-10-07-part2",
|
|
"parameters": {
|
|
"components": ["pressure_monitor", "classifier", "cross_reference", "boundary_enforcer"],
|
|
"verbosity": "summary"
|
|
},
|
|
"active": true,
|
|
"notes": "Framework activation - THIS IS THE NEW NORMAL"
|
|
},
|
|
{
|
|
"id": "inst_008",
|
|
"text": "ALWAYS comply with Content Security Policy (CSP) - no inline event handlers, no inline scripts",
|
|
"timestamp": "2025-10-07T19:30:00Z",
|
|
"quadrant": "SYSTEM",
|
|
"persistence": "HIGH",
|
|
"temporal_scope": "PERMANENT",
|
|
"verification_required": "MANDATORY",
|
|
"explicitness": 1.0,
|
|
"source": "user",
|
|
"session_id": "2025-10-07-docs-audit",
|
|
"parameters": {
|
|
"csp_policy": "script-src 'self'",
|
|
"violations_forbidden": ["onclick", "onload", "inline-script", "javascript:"],
|
|
"alternatives_required": ["addEventListener", "external-scripts"]
|
|
},
|
|
"active": true,
|
|
"notes": "CRITICAL SECURITY REQUIREMENT - Framework should have caught CSP violation before deployment"
|
|
},
|
|
{
|
|
"id": "inst_009",
|
|
"text": "Defer email services and Stripe activation to future sessions",
|
|
"timestamp": "2025-10-08T00:00:00Z",
|
|
"quadrant": "TACTICAL",
|
|
"persistence": "MEDIUM",
|
|
"temporal_scope": "SESSION",
|
|
"verification_required": "OPTIONAL",
|
|
"explicitness": 0.95,
|
|
"source": "user",
|
|
"session_id": "2025-10-08-phase-4",
|
|
"parameters": {
|
|
"deferred_tasks": ["email_service", "stripe_activation"]
|
|
},
|
|
"active": true,
|
|
"notes": "Prioritization directive - focus on UI and documentation first"
|
|
},
|
|
{
|
|
"id": "inst_010",
|
|
"text": "Ensure all production UI links are working correctly",
|
|
"timestamp": "2025-10-08T00:00:00Z",
|
|
"quadrant": "OPERATIONAL",
|
|
"persistence": "HIGH",
|
|
"temporal_scope": "PROJECT",
|
|
"verification_required": "REQUIRED",
|
|
"explicitness": 0.92,
|
|
"source": "user",
|
|
"session_id": "2025-10-08-phase-4",
|
|
"parameters": {
|
|
"scope": "production_ui",
|
|
"quality_standard": "all_links_functional"
|
|
},
|
|
"active": true,
|
|
"notes": "Quality requirement for production deployment"
|
|
},
|
|
{
|
|
"id": "inst_011",
|
|
"text": "Implement clear differentiation between technical documentation (for developers/implementers) and general documentation (for general audience)",
|
|
"timestamp": "2025-10-08T00:00:00Z",
|
|
"quadrant": "OPERATIONAL",
|
|
"persistence": "HIGH",
|
|
"temporal_scope": "PROJECT",
|
|
"verification_required": "REQUIRED",
|
|
"explicitness": 0.90,
|
|
"source": "user",
|
|
"session_id": "2025-10-08-phase-4",
|
|
"parameters": {
|
|
"technical_docs_examples": ["claude-code-framework-enforcement.md"],
|
|
"api_endpoint": "/api/documents",
|
|
"filter_requirement": "audience_type"
|
|
},
|
|
"active": true,
|
|
"notes": "Content organization requirement - technical docs should be selectable separately from general docs"
|
|
},
|
|
{
|
|
"id": "inst_012",
|
|
"text": "NEVER deploy documents marked 'internal' or 'confidential' to public production without explicit human approval. Documents containing credentials, security vulnerabilities, financial information, or infrastructure details MUST NOT be publicly accessible.",
|
|
"timestamp": "2025-10-08T01:00:00Z",
|
|
"quadrant": "SYSTEM",
|
|
"persistence": "HIGH",
|
|
"temporal_scope": "PERMANENT",
|
|
"verification_required": "MANDATORY",
|
|
"explicitness": 1.0,
|
|
"source": "system",
|
|
"session_id": "2025-10-08-phase-4-security",
|
|
"parameters": {
|
|
"visibility_levels": ["public", "internal", "confidential"],
|
|
"public_requires": "visibility: 'public' AND security validation passed",
|
|
"blocked_content": ["credentials", "api_keys", "secrets", "vulnerabilities", "security_audits", "payment_setup", "deployment_guides"],
|
|
"validation_script": "scripts/validate-document-security.js"
|
|
},
|
|
"active": true,
|
|
"notes": "CRITICAL SECURITY REQUIREMENT - Prevents accidental exposure of sensitive internal documentation. Learned from incident where Security Audit Report, Koha Stripe Setup, and Koha Deployment guides were incorrectly marked for public import."
|
|
},
|
|
{
|
|
"id": "inst_013",
|
|
"text": "Public API endpoints MUST NOT expose sensitive runtime data (memory usage, heap sizes, exact uptime, environment details, service architecture) that could aid attackers. Use minimal health checks for public endpoints. Sensitive monitoring data requires authentication.",
|
|
"timestamp": "2025-10-08T02:00:00Z",
|
|
"quadrant": "SYSTEM",
|
|
"persistence": "HIGH",
|
|
"temporal_scope": "PERMANENT",
|
|
"verification_required": "MANDATORY",
|
|
"explicitness": 1.0,
|
|
"source": "user",
|
|
"session_id": "2025-10-08-phase-4-security",
|
|
"parameters": {
|
|
"public_endpoints": ["/health", "/api/koha/transparency"],
|
|
"authenticated_endpoints": ["/api/governance", "/api/governance/status"],
|
|
"blocked_from_public": ["memory_usage", "heap_sizes", "uptime", "environment", "service_names", "internal_architecture"],
|
|
"allowed_public": ["status: ok", "timestamp", "public_metrics_only"],
|
|
"rate_limiting": "100 requests per 15 minutes per IP"
|
|
},
|
|
"active": true,
|
|
"notes": "CRITICAL SECURITY REQUIREMENT - Prevents reconnaissance attacks. /api/governance exposed memory usage (95MB heap), exact uptime, service architecture to public. Now requires admin authentication. /health simplified to status + timestamp only."
|
|
},
|
|
{
|
|
"id": "inst_014",
|
|
"text": "Do NOT expose API endpoint listings or attack surface maps to public users. Demo pages should showcase framework CONCEPTS (classification, boundaries, pressure), not production API infrastructure. API documentation requires authentication or should be deferred to GitHub SDK/samples.",
|
|
"timestamp": "2025-10-08T02:30:00Z",
|
|
"quadrant": "SYSTEM",
|
|
"persistence": "HIGH",
|
|
"temporal_scope": "PERMANENT",
|
|
"verification_required": "MANDATORY",
|
|
"explicitness": 1.0,
|
|
"source": "user",
|
|
"session_id": "2025-10-08-phase-4-security",
|
|
"parameters": {
|
|
"removed_sections": ["Live API Demo from tractatus-demo.html"],
|
|
"exposed_data_removed": ["all endpoint names", "admin capabilities", "authentication system", "webhook endpoints", "submission forms", "internal features"],
|
|
"replacement": "Resources section with links to docs, researcher, implementer, about pages",
|
|
"future_approach": "GitHub SDK/samples when ready, or authenticated developer portal"
|
|
},
|
|
"active": true,
|
|
"notes": "SECURITY DECISION - Removed Live API Demo section that exposed complete API attack surface (auth, documents, blog, media, cases, admin, governance, koha endpoints). Provided zero value to legitimate users but gave attackers enumeration targets. Replaced with Resources section linking to static documentation."
|
|
},
|
|
{
|
|
"id": "inst_015",
|
|
"text": "NEVER deploy internal development documents to public downloads directory. Session handoffs, phase planning docs, testing checklists, cost estimates, infrastructure plans, progress reports, and cover letters are CONFIDENTIAL. Only deploy documents explicitly approved for public consumption.",
|
|
"timestamp": "2025-10-08T03:00:00Z",
|
|
"quadrant": "SYSTEM",
|
|
"persistence": "HIGH",
|
|
"temporal_scope": "PERMANENT",
|
|
"verification_required": "MANDATORY",
|
|
"explicitness": 1.0,
|
|
"source": "user",
|
|
"session_id": "2025-10-08-phase-4-security",
|
|
"parameters": {
|
|
"blocked_patterns": ["session-handoff-*.pdf", "phase-2-*.pdf", "ai-features-*.pdf", "*-test-suite-*.pdf", "*-testing-*.pdf", "*-progress-report.pdf", "*-blog-post-*.pdf", "cover-letter-*.pdf"],
|
|
"public_directory": "/public/downloads/",
|
|
"approved_public_docs": ["framework documentation", "implementation guides", "glossary", "case studies", "core concepts", "executive briefs"],
|
|
"requires_explicit_approval": true
|
|
},
|
|
"active": true,
|
|
"notes": "CRITICAL SECURITY INCIDENT - 20 internal documents were publicly accessible in downloads directory, exposing: session debugging, infrastructure plans, cost estimates, testing methodologies, development processes. Removed from production. Public downloads must be whitelisted."
|
|
}
|
|
],
|
|
"stats": {
|
|
"total_instructions": 15,
|
|
"active_instructions": 15,
|
|
"by_quadrant": {
|
|
"STRATEGIC": 3,
|
|
"OPERATIONAL": 4,
|
|
"TACTICAL": 1,
|
|
"SYSTEM": 7,
|
|
"STOCHASTIC": 0
|
|
},
|
|
"by_persistence": {
|
|
"HIGH": 13,
|
|
"MEDIUM": 2,
|
|
"LOW": 0,
|
|
"VARIABLE": 0
|
|
}
|
|
}
|
|
}
|