john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tractatus/docs/GOVERNANCE-RULE-LIBRARY.md
TheFlow c6b8066a2d docs: add research materials and governance tracking 
Priority 2 & 3 Implementation:
- Add BENCHMARK-SUITE-RESULTS.md (610 tests documented)
- Add GOVERNANCE-RULE-LIBRARY.md (10 examples with JSON Schema)
- Add MONTHLY-REVIEW-SCHEDULE.md (deferred decisions tracking)
- Add PRIVACY-PRESERVING-ANALYTICS-PLAN.md (values decision, deferred Nov 2025)
- Update researcher.html with GitHub links to new materials
- Propose inst_026 (verify tool availability before invocation)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-12 05:40:47 +13:00

653 lines
19 KiB
Markdown
Raw Blame History

# Tractatus Framework - Governance Rule Library
**Document Type:** Implementation Reference
**Created:** 2025-10-11
**Audience:** Implementers, Developers
**Status:** Public
---
## Purpose
This library provides **10 real-world governance rule examples** to help implementers understand how the Tractatus framework classifies, validates, and enforces instructions across different project contexts.
**Use Cases:**
- Understanding quadrant classification
- Learning persistence level assignment
- Implementing rule validation systems
- Building governance-aware AI assistants
- Testing boundary enforcement logic
---
## JSON Schema
All governance rules follow this schema:
```json
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "GovernanceRule",
"type": "object",
"required": ["id", "text", "quadrant", "persistence", "temporal_scope", "active"],
"properties": {
"id": {
"type": "string",
"pattern": "^inst_[0-9]+$",
"description": "Unique identifier (inst_001, inst_002, etc.)"
},
"text": {
"type": "string",
"minLength": 10,
"maxLength": 2000,
"description": "The instruction text in imperative form"
},
"timestamp": {
"type": "string",
"format": "date-time",
"description": "ISO 8601 timestamp when instruction was created"
},
"quadrant": {
"type": "string",
"enum": ["STRATEGIC", "OPERATIONAL", "TACTICAL", "SYSTEM", "STOCHASTIC"],
"description": "Tractatus classification quadrant"
},
"persistence": {
"type": "string",
"enum": ["HIGH", "MEDIUM", "LOW", "VARIABLE"],
"description": "How long this instruction should persist"
},
"temporal_scope": {
"type": "string",
"enum": ["PERMANENT", "PROJECT", "PHASE", "SESSION", "TRANSIENT"],
"description": "Temporal longevity of the instruction"
},
"verification_required": {
"type": "string",
"enum": ["MANDATORY", "REQUIRED", "OPTIONAL", "NONE"],
"description": "Level of human oversight required"
},
"explicitness": {
"type": "number",
"minimum": 0.0,
"maximum": 1.0,
"description": "How explicit/clear the instruction is (0.0-1.0)"
},
"source": {
"type": "string",
"enum": ["user", "system", "framework_default", "migration", "automated"],
"description": "Origin of the instruction"
},
"session_id": {
"type": "string",
"description": "Session that created this instruction"
},
"parameters": {
"type": "object",
"description": "Extracted parameters (ports, paths, configs, etc.)"
},
"active": {
"type": "boolean",
"description": "Whether this instruction is currently enforced"
},
"notes": {
"type": "string",
"description": "Context, rationale, or incident details"
}
}
}
```
---
## Example 1: SYSTEM Quadrant - Database Configuration
**Context:** Infrastructure setup during project initialization
```json
{
"id": "inst_001",
"text": "MongoDB runs on port 27017 for project_db database",
"timestamp": "2025-01-15T14:00:00Z",
"quadrant": "SYSTEM",
"persistence": "HIGH",
"temporal_scope": "PROJECT",
"verification_required": "MANDATORY",
"explicitness": 0.90,
"source": "user",
"session_id": "2025-01-15-initial-setup",
"parameters": {
"port": "27017",
"database": "project_db",
"service": "mongodb"
},
"active": true,
"notes": "Infrastructure decision from project initialization"
}
```
**Why SYSTEM?** Defines infrastructure/environment configuration
**Why HIGH persistence?** Core infrastructure rarely changes
**Why MANDATORY verification?** Database changes affect entire system
---
## Example 2: STRATEGIC Quadrant - Project Isolation
**Context:** Preventing code/data contamination between projects
```json
{
"id": "inst_003",
"text": "This is a separate project from project_alpha and project_beta - no shared code or data",
"timestamp": "2025-01-15T14:00:00Z",
"quadrant": "STRATEGIC",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 0.95,
"source": "user",
"session_id": "2025-01-15-initial-setup",
"parameters": {},
"active": true,
"notes": "Critical project isolation requirement"
}
```
**Why STRATEGIC?** Defines project mission and scope boundaries
**Why PERMANENT?** Fundamental project constraint
**Why HIGH persistence?** Violating this would compromise integrity
---
## Example 3: STRATEGIC Quadrant - Quality Standards
**Context:** Setting quality expectations for all development work
```json
{
"id": "inst_004",
"text": "No shortcuts, no placeholder data, production-quality code required",
"timestamp": "2025-01-15T14:00:00Z",
"quadrant": "STRATEGIC",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 0.88,
"source": "user",
"session_id": "2025-01-15-initial-setup",
"parameters": {},
"active": true,
"notes": "Quality standard for all work"
}
```
**Why STRATEGIC?** Defines values and quality philosophy
**Why PERMANENT?** Core project principle
**Why HIGH persistence?** Applies to every development decision
---
## Example 4: OPERATIONAL Quadrant - Framework Usage
**Context:** Requiring active use of governance framework in all sessions
```json
{
"id": "inst_007",
"text": "Use Tractatus governance framework actively in all sessions",
"timestamp": "2025-01-20T09:15:00Z",
"quadrant": "OPERATIONAL",
"persistence": "HIGH",
"temporal_scope": "PROJECT",
"verification_required": "MANDATORY",
"explicitness": 0.98,
"source": "user",
"session_id": "2025-01-20-governance-activation",
"parameters": {
"components": ["pressure_monitor", "classifier", "cross_reference", "boundary_enforcer"],
"verbosity": "summary"
},
"active": true,
"notes": "Framework activation - required for all sessions"
}
```
**Why OPERATIONAL?** Defines how work should be done
**Why HIGH persistence?** Process requirement for entire project
**Why MANDATORY verification?** Framework failures must be caught
---
## Example 5: SYSTEM Quadrant - Security Policy (CSP)
**Context:** Preventing Content Security Policy violations
```json
{
"id": "inst_008",
"text": "ALWAYS comply with Content Security Policy (CSP) - no inline event handlers, no inline scripts",
"timestamp": "2025-01-22T19:30:00Z",
"quadrant": "SYSTEM",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "user",
"session_id": "2025-01-22-security-audit",
"parameters": {
"csp_policy": "script-src 'self'",
"violations_forbidden": ["onclick", "onload", "inline-script", "javascript:"],
"alternatives_required": ["addEventListener", "external-scripts"]
},
"active": true,
"notes": "CRITICAL SECURITY REQUIREMENT - Framework should catch CSP violations before deployment"
}
```
**Why SYSTEM?** Security configuration constraint
**Why PERMANENT?** Security requirements don't expire
**Why MANDATORY verification?** CSP violations break production
---
## Example 6: TACTICAL Quadrant - Temporary Deferral
**Context:** Deferring non-critical features to later phases
```json
{
"id": "inst_009",
"text": "Defer email services and payment processing to Phase 2",
"timestamp": "2025-01-25T00:00:00Z",
"quadrant": "TACTICAL",
"persistence": "MEDIUM",
"temporal_scope": "SESSION",
"verification_required": "OPTIONAL",
"explicitness": 0.95,
"source": "user",
"session_id": "2025-01-25-phase-1-focus",
"parameters": {
"deferred_tasks": ["email_service", "payment_processing"]
},
"active": true,
"notes": "Prioritization directive - focus on core features first"
}
```
**Why TACTICAL?** Specific implementation prioritization
**Why MEDIUM persistence?** Only relevant for current phase
**Why SESSION scope?** May change in next session based on progress
---
## Example 7: STRATEGIC Quadrant - Honesty Requirement (inst_016)
**Context:** Preventing fabricated statistics in public content
```json
{
"id": "inst_016",
"text": "NEVER fabricate statistics, cite non-existent data, or make claims without verifiable evidence. ALL statistics, ROI figures, performance metrics, and quantitative claims MUST either cite sources OR be marked [NEEDS VERIFICATION] for human review.",
"timestamp": "2025-02-01T00:00:00Z",
"quadrant": "STRATEGIC",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "user",
"session_id": "2025-02-01-content-standards",
"parameters": {
"prohibited_actions": ["fabricating_statistics", "inventing_data", "citing_non_existent_sources"],
"required_for_statistics": ["source_citation", "verification_flag", "human_approval"],
"applies_to": ["marketing_content", "public_pages", "documentation", "presentations"],
"boundary_enforcer_trigger": "ANY statistic or quantitative claim",
"failure_mode": "Values violation - honesty and transparency"
},
"active": true,
"notes": "CRITICAL VALUES REQUIREMENT - Learned from framework failure where AI fabricated statistics"
}
```
**Why STRATEGIC?** Core values (honesty, transparency)
**Why PERMANENT?** Fundamental ethical constraint
**Why MANDATORY verification?** Fabricated data destroys credibility
---
## Example 8: STRATEGIC Quadrant - Absolute Assurance Detection (inst_017)
**Context:** Preventing unrealistic guarantees in public claims
```json
{
"id": "inst_017",
"text": "NEVER use prohibited absolute assurance terms: 'guarantee', 'guaranteed', 'ensures 100%', 'eliminates all', 'never fails'. Use evidence-based language: 'designed to reduce', 'helps mitigate', 'reduces risk of'.",
"timestamp": "2025-02-01T00:00:00Z",
"quadrant": "STRATEGIC",
"persistence": "HIGH",
"temporal_scope": "PERMANENT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "user",
"session_id": "2025-02-01-content-standards",
"parameters": {
"prohibited_terms": ["guarantee", "guaranteed", "ensures 100%", "eliminates all", "never fails", "always works"],
"approved_alternatives": ["designed to reduce", "helps mitigate", "reduces risk of", "intended to minimize"],
"boundary_enforcer_trigger": "ANY absolute assurance language",
"replacement_required": true
},
"active": true,
"notes": "CRITICAL VALUES REQUIREMENT - No AI safety framework can guarantee outcomes"
}
```
**Why STRATEGIC?** Values (honesty, realistic expectations)
**Why PERMANENT?** Fundamental communication constraint
**Why MANDATORY verification?** False guarantees undermine trust
---
## Example 9: OPERATIONAL Quadrant - Context Monitoring Enhancement
**Context:** Improving session pressure detection
```json
{
"id": "inst_019",
"text": "ContextPressureMonitor MUST account for total context window consumption, not just response token counts. Tool results (file reads, grep outputs) can consume massive context. Track: response tokens, user messages, tool result sizes, system overhead.",
"timestamp": "2025-02-05T23:45:00Z",
"quadrant": "OPERATIONAL",
"persistence": "HIGH",
"temporal_scope": "PROJECT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "user",
"session_id": "2025-02-05-monitoring-enhancement",
"parameters": {
"current_limitation": "underestimates_actual_context",
"missing_metrics": ["tool_result_sizes", "system_prompt_overhead", "function_schema_overhead"],
"required_tracking": {
"response_tokens": "current tracking",
"user_messages": "current tracking",
"tool_results": "NEW - size estimation needed",
"system_overhead": "NEW - approximate 5k tokens"
},
"enhancement_phase": ["Phase 4", "Phase 6"],
"priority": "MEDIUM"
},
"active": true,
"notes": "Framework improvement - current monitor underestimates actual context consumption"
}
```
**Why OPERATIONAL?** Process improvement directive
**Why HIGH persistence?** Applies until enhancement implemented
**Why PROJECT scope?** Specific to this project's monitoring
---
## Example 10: SYSTEM Quadrant - Deployment Permissions
**Context:** Preventing file permission errors in web deployments
```json
{
"id": "inst_020",
"text": "Web application deployments MUST ensure correct file permissions before going live. Public-facing directories need 755 permissions (world-readable+executable), static files need 644 permissions (world-readable).",
"timestamp": "2025-02-10T02:20:00Z",
"quadrant": "SYSTEM",
"persistence": "HIGH",
"temporal_scope": "PROJECT",
"verification_required": "MANDATORY",
"explicitness": 1.0,
"source": "system",
"session_id": "2025-02-10-deployment-fix",
"parameters": {
"directory_permissions": "755",
"file_permissions": "644",
"directories_requiring_755": ["/public", "/public/admin", "/public/js", "/public/css"],
"deployment_check": "stat -c '%a %n' /path/to/public/* | grep -v '755\\|644'",
"prevention": "Add to deployment scripts or CI/CD pipeline"
},
"active": true,
"notes": "DEPLOYMENT ISSUE - Directories had 0700 permissions, causing nginx 403 Forbidden errors"
}
```
**Why SYSTEM?** Infrastructure/deployment configuration
**Why HIGH persistence?** Applies to all future deployments
**Why MANDATORY verification?** Wrong permissions break production
---
## Quadrant Distribution Summary
| Quadrant | Count | Examples |
|----------|-------|----------|
| **STRATEGIC** | 4 | Project isolation, quality standards, honesty requirements, assurance detection |
| **OPERATIONAL** | 2 | Framework usage, context monitoring |
| **TACTICAL** | 1 | Feature deferral |
| **SYSTEM** | 3 | Database config, CSP security, deployment permissions |
| **STOCHASTIC** | 0 | (No exploratory rules in this library) |
---
## Persistence Distribution
| Level | Count | Description |
|-------|-------|-------------|
| **HIGH** | 9 | Long-lasting, foundational instructions |
| **MEDIUM** | 1 | Medium-term, phase-specific guidance |
| **LOW** | 0 | (None in this library) |
---
## Temporal Scope Distribution
| Scope | Count | Description |
|-------|-------|-------------|
| **PERMANENT** | 6 | Never expires (values, security, quality) |
| **PROJECT** | 3 | Lasts for entire project lifecycle |
| **PHASE** | 0 | (None in this library) |
| **SESSION** | 1 | Relevant for specific session/phase |
---
## Common Patterns
### 1. Security Instructions
**Characteristics:**
- Quadrant: SYSTEM
- Persistence: HIGH
- Temporal Scope: PERMANENT
- Verification: MANDATORY
- Explicitness: 1.0
**Examples:** inst_008 (CSP), inst_012 (sensitive data), inst_013 (API exposure)
---
### 2. Values/Ethics Instructions
**Characteristics:**
- Quadrant: STRATEGIC
- Persistence: HIGH
- Temporal Scope: PERMANENT
- Verification: MANDATORY
- Boundary Enforcer: VALUES boundary
**Examples:** inst_016 (honesty), inst_017 (absolute assurances), inst_005 (human approval)
---
### 3. Infrastructure Configuration
**Characteristics:**
- Quadrant: SYSTEM
- Persistence: HIGH
- Temporal Scope: PROJECT or PERMANENT
- Parameters: Ports, paths, service names
- Verification: MANDATORY
**Examples:** inst_001 (database), inst_002 (app port), inst_020 (file permissions)
---
### 4. Process/Workflow Directives
**Characteristics:**
- Quadrant: OPERATIONAL
- Persistence: HIGH
- Temporal Scope: PROJECT
- Defines "how work should be done"
**Examples:** inst_007 (framework usage), inst_019 (monitoring enhancement)
---
## Implementation Guidance
### For AI Assistants
**When receiving a new instruction:**
1. **Classify** using InstructionPersistenceClassifier
- Determine quadrant (STR/OPS/TAC/SYS/STO)
- Assign persistence (HIGH/MEDIUM/LOW)
- Set temporal scope (PERMANENT/PROJECT/PHASE/SESSION)
2. **Validate** using CrossReferenceValidator
- Check for conflicts with existing instructions
- Verify compatibility with project constraints
- Flag if resolution requires human judgment
3. **Enforce** using BoundaryEnforcer
- Check if instruction crosses philosophical boundaries
- Verify if values-sensitive (requires human approval)
- Block if violates inst_016, inst_017, inst_018
4. **Store** in persistent database
- MongoDB, PostgreSQL, or similar
- Include all metadata (timestamp, session, parameters)
- Mark as active
5. **Apply** in decision-making
- HIGH persistence: Apply to all future decisions
- MEDIUM persistence: Apply within current phase
- LOW persistence: Apply within current session
---
### For Developers
**Building a governance system:**
```javascript
// 1. Load active instructions at session start
const rules = await db.governanceRules.find({ active: true });
// 2. Filter by persistence level
const highPersistence = rules.filter(r => r.persistence === 'HIGH');
// 3. Check for conflicts before adding new rule
const conflicts = await validator.checkConflicts(newRule, rules);
// 4. Enforce boundaries before sensitive actions
const enforcement = enforcer.enforce({
type: 'content_generation',
description: 'This framework guarantees 100% safety'
});
if (!enforcement.allowed) {
console.error(`Boundary violated: ${enforcement.boundary}`);
// Escalate to human
}
// 5. Update session state
await updateSessionState({
activeInstructions: rules.length,
pressureLevel: monitor.analyzePressure(context)
});
```
---
## JSON Schema Validation Example
```javascript
const Ajv = require('ajv');
const ajv = new Ajv();
const governanceRuleSchema = {
// ... schema from above ...
};
const validate = ajv.compile(governanceRuleSchema);
const rule = {
id: "inst_001",
text: "MongoDB runs on port 27017",
quadrant: "SYSTEM",
persistence: "HIGH",
temporal_scope: "PROJECT",
active: true
};
const valid = validate(rule);
if (!valid) {
console.error(validate.errors);
}
```
---
## Related Documents
- **BENCHMARK-SUITE-RESULTS.md** - Test coverage for governance services
- **docs/governance/TRA-VAL-0001-core-values-principles-v1-0.md** - Core values framework
- **docs/api/RULES_API.md** - API documentation for rule management
- **docs/research/architectural-overview.md** - System architecture
- **CLAUDE_Tractatus_Maintenance_Guide.md** - Full governance framework
---
## Community Contributions
This library is open source. Contribute additional anonymized examples:
1. Fork the repository
2. Add new examples to this document
3. Ensure examples are anonymized (no real project names, sensitive data)
4. Submit pull request with rationale for inclusion
**Criteria for inclusion:**
- Real-world instruction from production use
- Demonstrates unique pattern or edge case
- Includes complete metadata and clear notes
- Helps implementers understand classification logic
---
## License
This document is part of the Tractatus AI Safety Framework, licensed under Apache License 2.0.
**Attribution:** If you use examples from this library in academic research or commercial products, please cite:
```
Tractatus AI Safety Framework - Governance Rule Library
https://agenticgovernance.digital/docs/governance-rule-library
Version 1.0 (2025-10-11)
```
---
**Document Version:** 1.0
**Last Updated:** 2025-10-11
**Next Review:** After 100+ community submissions
**Maintained By:** Tractatus Development Team
*This library demonstrates real-world governance rule classification and enforcement. All examples are anonymized from actual production use.*
Reference in a new issue View git blame Copy permalink