mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-17 23:09:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(dealix): TASK-999 State Audit + TASK-010 Truth Registry + Claims Registry

Browse Source 
TASK-999 — State Audit (docs/internal/STATE_AUDIT.md):
  Answered all 9 pre-execution questions with evidence:
  - Repo: still inside forked prompts repo (BLOCKER)
  - Tests: CI failing (dependency drift, not code)
  - RLS: migration exists, not applied to production
  - Idempotency: middleware exists, not in app stack
  - OTel: gateway spans only, packages not in requirements
  - Production: none, $0 infrastructure, $0 LLM, no customers

TASK-010 — Canonical Truth Registry (docs/registry/TRUTH.yaml):
  15 capabilities classified: 7 live, 4 partial, 4 roadmap.
  LLM policy, data residency, security claims all documented
  with honest status (soc2: false, rls: false, pdpl: in-progress).

TASK-010 — Claims Registry (commercial/claims_registry.yaml):
  8 approved claims (backed by runtime evidence)
  2 restricted claims (need qualifier)
  8 forbidden claims (never say: "enterprise-grade", "SOC 2 compliant",
    "better than Salesforce", "10x revenue", "full autonomy", etc.)

Execution log started at docs/execution_log.md.

https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
This commit is contained in:
Claude 2026-04-17 10:32:40 +00:00
parent abadcfe9e8
commit 020868a773
No known key found for this signature in database
4 changed files with 384 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
salesflow-saas/commercial/claims_registry.yaml Normal file
View File

@ -0,0 +1,109 @@
# claims_registry.yaml — Dealix Commercial Claims Registry
# Rule: No marketing material may state a capability unless it exists here with status=approved.
# Last updated: 2026-04-17
claims:
# ── APPROVED (backed by runtime evidence) ──────────────
- id: golden_path_works
claim_en: "End-to-end partner workflow with structured outputs, approval enforcement, and evidence packs"
claim_ar: "مسار شراكة كامل من البداية للنهاية مع مخرجات مهيكلة وموافقات إلزامية وحزم أدلة"
status: approved
evidence: "POST /api/v1/golden-path/run — creates dossier, economics, approval, evidence"
disclaimer_required: false
- id: evidence_packs_sha256
claim_en: "Tamper-evident evidence packs with SHA256 hash verification"
claim_ar: "حزم أدلة مقاومة للتلاعب مع تحقق SHA256"
status: approved
evidence: "backend/app/services/evidence_pack_service.py — hash computed and stored"
- id: executive_room_live
claim_en: "Real-time Executive Room aggregating live data from 7 sources"
claim_ar: "غرفة قيادة تنفيذية لحظية تجمع بيانات من 7 مصادر"
status: approved
evidence: "GET /api/v1/executive-room/snapshot — queries Deal, Approval, Connector, Compliance, Contradiction, StrategicDeal, EvidencePack tables"
- id: approval_sla
claim_en: "Approval Center with SLA tracking and escalation"
claim_ar: "مركز موافقات مع تتبع SLA وتصعيد"
status: approved
evidence: "sla_escalation_alerts.py — escalation levels 0-3"
- id: arabic_first
claim_en: "Arabic-first UI with full RTL support"
claim_ar: "واجهة عربية أولاً مع دعم RTL كامل"
status: approved
evidence: "9 frontend components with Arabic labels, RTL layout, i18n"
- id: pdpl_consent_checks
claim_en: "PDPL consent verification before outbound messaging"
claim_ar: "التحقق من موافقة PDPL قبل الرسائل الصادرة"
status: approved
evidence: "services/pdpl/consent_manager.py — check before send"
- id: trust_enforcement
claim_en: "Class B actions blocked without correlation_id traceability"
claim_ar: "الإجراءات الحساسة محظورة بدون معرف تتبع"
status: approved
evidence: "openclaw/approval_bridge.py — missing_correlation_id check"
- id: seventeen_schemas
claim_en: "17 structured output schemas with Provenance (trace_id, confidence, freshness)"
claim_ar: "17 مخطط مخرج مهيكل مع بيانات المصدر والثقة"
status: approved
evidence: "schemas/structured_outputs.py + services/structured_output_producers.py"
# ── RESTRICTED (partially true, needs qualifier) ──────
- id: rls_isolation
claim_en: "Database-level tenant isolation via PostgreSQL RLS"
claim_ar: "عزل المستأجرين على مستوى قاعدة البيانات عبر RLS"
status: restricted
qualifier: "Migration exists; production deployment pending. Say 'RLS-ready architecture' not 'RLS-enforced'."
evidence: "alembic/versions/20260417_0002_add_rls.py"
- id: durable_execution
claim_en: "Crash-safe durable workflows with persistent checkpoints"
claim_ar: "تنفيذ متين مع نقاط حفظ دائمة"
status: restricted
qualifier: "Checkpointer exists; not yet integrated into golden path. Say 'durable execution architecture' not 'crash-proof workflows'."
# ── FORBIDDEN (never claim) ────────────────────────────
- id: soc2_compliant
claim_en: "SOC 2 Type II compliant"
status: forbidden
reason: "No auditor report. Can only say 'SOC 2 readiness in progress'."
- id: ai_perfect
claim_en: "100% AI accuracy"
status: forbidden
reason: "No ML system achieves 100% accuracy."
- id: better_than_salesforce
claim_en: "Better than Salesforce"
status: forbidden
reason: "Different positioning, not direct comparison. Say 'complementary' or 'specialized for GCC'."
- id: temporal_production
claim_en: "Temporal in production"
status: forbidden
reason: "Temporal is Watch tier. No code exists."
- id: opa_production
claim_en: "OPA policy engine in production"
status: forbidden
reason: "OPA is Watch tier. No code exists."
- id: full_autonomy
claim_en: "Fully autonomous AI decisions"
status: forbidden
reason: "HITL is mandatory for Class B actions. Never claim full autonomy."
- id: enterprise_grade
claim_en: "Enterprise-grade"
status: forbidden
reason: "No SOC 2, no pentest, no production deployment yet. Too early."
- id: ten_x_revenue
claim_en: "10x revenue increase"
status: forbidden
reason: "No customer data supports this claim."

6
salesflow-saas/docs/execution_log.md Normal file
View File

@ -0,0 +1,6 @@
# Execution Log — Dealix Tier-1 Blueprint
| Task | Date | Commit SHA | Result |
|------|------|-----------|--------|
| TASK-999 | 2026-04-17 | pending | State Audit written |
| TASK-010 | 2026-04-17 | pending | TRUTH.yaml + claims_registry.yaml created |

132
salesflow-saas/docs/internal/STATE_AUDIT.md Normal file
View File

@ -0,0 +1,132 @@
# STATE AUDIT — Dealix Pre-Execution Assessment
> **Date**: 2026-04-17
> **Auditor**: Claude Code (automated)
> **Scope**: Answer all §1.4 questions from DEALIX_EXECUTION_BLUEPRINT.md
---
## Q1: Is the project still a fork of system-prompts-and-models-of-ai-tools?
**Answer**: YES — Dealix currently lives inside `salesflow-saas/` subdirectory of `VoXc2/system-prompts-and-models-of-ai-tools`, which is a repository containing leaked AI tool prompts from 45+ vendors.
**Risk**: Commercial, legal, and reputational. Core IP shares a repo with leaked/extracted prompts.
**Action**: TASK-001 (repository separation) is BLOCKER.
---
## Q2: What is the actual Python test pass rate?
**Answer**: UNKNOWN (CI failing due to pre-existing dependency drift).
**Evidence**:
- 19 test files exist in `backend/tests/`
- 1,073 total lines of test code
- CI exit code 4 (pytest collection error) on all commits after `a319feb`
- Root cause: unpinned transitive dependency updated on PyPI between CI runs
- Router.py and pytest.ini byte-identical between passing and failing commits
**Action**: TASK-003 (dependency lockfile with `uv`) will resolve this.
---
## Q3: What is the actual RLS coverage per table?
**Answer**: MIGRATION EXISTS but NOT APPLIED to production.
**Evidence**:
- `alembic/versions/20260417_0002_add_rls.py` — migration defines RLS for 23 tables
- `database_rls.py` — helpers for SET LOCAL app.tenant_id
- `middleware/tenant_rls.py` — extracts tenant_id from JWT
- **Current state**: Migration exists in code but no production PostgreSQL to apply it to
**Action**: Apply migration on first production deployment.
---
## Q4: Which external actions actually have idempotency keys?
**Answer**: MIDDLEWARE EXISTS but NOT YET INTEGRATED into specific routes.
**Evidence**:
- `models/idempotency_key.py` — table defined
- `services/idempotency_service.py` — get_existing/store logic
- `middleware/idempotency.py` — HTTP middleware checks Idempotency-Key header
- **Not integrated**: Middleware not added to FastAPI app middleware stack
**Action**: Add middleware to app initialization in main.py.
---
## Q5: Which code paths actually emit OTel spans?
**Answer**: ONE code path — OpenClaw gateway.
**Evidence**:
- `observability/otel.py` — init_otel/span/inject_correlation_id (graceful degradation)
- `openclaw/gateway.py` — wraps execute() in span with correlation_id bridge
- **NOT instrumented**: Individual golden path stages, LLM calls, DB queries, HTTP handlers
- **OTel packages NOT in requirements.txt** — installed as optional
**Action**: Add OTel packages to requirements, instrument golden path stages.
---
## Q6: Is there any production traffic today?
**Answer**: NO — based on repo evidence.
**Evidence**:
- No production deployment configuration found
- No monitoring/alerting setup active
- docker-compose.yml exists for local dev
- No Kubernetes, Terraform, or cloud deployment files
---
## Q7: Are there any active paying customers?
**Answer**: NO — no billing records, no customer data, no invoices.
**Evidence**: Revenue activation docs exist as plans, not records.
---
## Q8: What is the current infrastructure cost/month?
**Answer**: ~$0 (development only, no production infrastructure running).
---
## Q9: What are the LLM costs/month and which providers?
**Answer**: $0 in production. Configured providers:
| Provider | Model | Status |
|----------|-------|--------|
| Groq | llama-3.3-70b | Configured as primary |
| OpenAI | gpt-4o | Configured as fallback |
| Claude | opus-4-6 | In model_router |
| Gemini | 2.0-flash | Pilot |
| DeepSeek | coder | Pilot |
No production API keys observed. All testing/development.
---
## Summary
| Question | Status |
|----------|--------|
| Repo separated? | **NO** — BLOCKER |
| Tests passing? | **NO** — dependency drift |
| RLS coverage? | **CODE EXISTS** — not applied |
| Idempotency? | **CODE EXISTS** — not integrated |
| OTel spans? | **1 PATH** — gateway only |
| Production traffic? | **NONE** |
| Paying customers? | **NONE** |
| Infrastructure cost? | **$0** |
| LLM cost? | **$0** |
**Verdict**: Dealix is a pre-revenue, pre-production project with strong architecture but no live deployment. TASK-001 (repo separation) and TASK-003 (dependency fix) are true blockers.

137
salesflow-saas/docs/registry/TRUTH.yaml Normal file
View File

@ -0,0 +1,137 @@
# TRUTH.yaml — Dealix Canonical Truth Registry
# Last updated: 2026-04-17
# Owner: Founder + CTO
# Rule: Edited only via PR with review. No file outside this registry may create a new claim.
version: "1.0.0"
orchestrator:
canonical: "dealix-core-orchestrator"
engine: "openclaw-2026.4.x"
deprecated: []
llm_policy:
primary: "groq/llama-3.3-70b-versatile"
fallback: "openai/gpt-4o"
arabic_specialist: "groq/llama-3.3-70b-versatile"
embedding: "openai/text-embedding-3-large"
budget_per_tenant_monthly_usd: 50
cost_alert_threshold: 0.7
cost_throttle_threshold: 0.9
capabilities:
- id: golden_path_partner
name: "Partner Golden Path"
status: live
evidence_path: "backend/app/services/golden_path.py"
runtime_flag: null
public_claim_allowed: true
- id: saudi_sensitive_workflow
name: "Saudi PDPL Data Sharing Workflow"
status: live
evidence_path: "backend/app/services/saudi_sensitive_workflow.py"
runtime_flag: null
public_claim_allowed: true
- id: structured_outputs
name: "17 Schema-Bound Decision Outputs"
status: live
evidence_path: "backend/app/schemas/structured_outputs.py"
runtime_flag: null
public_claim_allowed: true
- id: executive_room
name: "Executive Room + Weekly Pack"
status: live
evidence_path: "backend/app/api/v1/executive_room.py"
runtime_flag: null
public_claim_allowed: true
- id: approval_center
name: "Approval Center with SLA"
status: live
evidence_path: "backend/app/api/v1/approval_center.py"
runtime_flag: null
public_claim_allowed: true
- id: evidence_packs
name: "Evidence Packs with SHA256"
status: live
evidence_path: "backend/app/services/evidence_pack_service.py"
runtime_flag: null
public_claim_allowed: true
- id: contradiction_engine
name: "Contradiction Detection & Tracking"
status: live
evidence_path: "backend/app/services/contradiction_engine.py"
runtime_flag: null
public_claim_allowed: true
- id: rls_multi_tenancy
name: "PostgreSQL Row-Level Security"
status: partial # migration exists, not applied to production
evidence_path: "backend/alembic/versions/20260417_0002_add_rls.py"
runtime_flag: null
public_claim_allowed: false
- id: durable_execution
name: "Persistent Durable Checkpoints"
status: partial # model + service exist, not integrated into golden path
evidence_path: "backend/app/services/durable_runtime.py"
runtime_flag: null
public_claim_allowed: false
- id: idempotency
name: "Idempotency Keys for Side Effects"
status: partial # middleware + model exist, not in app middleware stack
evidence_path: "backend/app/middleware/idempotency.py"
runtime_flag: null
public_claim_allowed: false
- id: opentelemetry
name: "OpenTelemetry Observability"
status: partial # gateway spans + otel.py, packages not in requirements
evidence_path: "backend/app/observability/otel.py"
runtime_flag: null
public_claim_allowed: false
- id: ma_os
name: "M&A / Corporate Development"
status: roadmap
evidence_path: "docs/governance/ma-os.md"
runtime_flag: null
public_claim_allowed: false
- id: pmi_os
name: "PMI / Strategic PMO"
status: roadmap
evidence_path: "docs/governance/pmi-os.md"
runtime_flag: null
public_claim_allowed: false
- id: temporal_integration
name: "Temporal Durable Workflows"
status: roadmap
evidence_path: null
runtime_flag: null
public_claim_allowed: false
- id: soc2_type_ii
name: "SOC 2 Type II Certification"
status: roadmap
evidence_path: null
runtime_flag: null
public_claim_allowed: false
data_residency:
regions_supported: ["me-south-1"] # AWS Bahrain
default_region: "me-south-1"
ksa_option: "planned"
security_claims:
rls_enforced: false # migration exists, production deployment pending
soc2_type_ii: false
pdpl_compliant: "in-progress"
annual_pentest: false