mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-17 23:09:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(dealix): Phase 1 completion + Phase 2 foundation scaffolded

Browse Source 
PHASE 1 COMPLETION:

TASK-005 — Live gitleaks scan:
  Scanned 146 commits with gitleaks v8.20.1
  Result: 1 finding — FALSE POSITIVE (model name llama-3.1-70b-versatile
    in test fixture, not an API key)
  Added to .gitleaksignore
  rotation_log.md updated with scan results
  VERDICT: No real secrets in git history — repo clean for extraction

TASK-006 — Legal templates (bilingual):
  docs/legal/templates/IP_ASSIGNMENT_AGREEMENT.md — bilingual IP assignment
  docs/legal/templates/PRIVACY_POLICY_EN.md — PDPL/GDPR-aware template
  docs/legal/templates/PRIVACY_POLICY_AR.md — Arabic privacy policy
  docs/legal/templates/TERMS_OF_SERVICE_EN.md — SaaS ToS with MENA pricing
  docs/legal/templates/DPA_EN.md — Data Processing Agreement with annexes
  All marked as "DRAFT — must be reviewed by Saudi counsel before use"

TASK-006 — Trademark Filing Kit:
  docs/legal/templates/TRADEMARK_FILING_KIT.md
  Covers: DEALIX (Latin) + ديلكس (Arabic) + logo
  Classes 9, 42, 35 across KSA, UAE, Egypt, Jordan, Kuwait
  Application text ready to paste into SAIP + equivalents
  Agent recommendations (AGIP, Saba, Bird & Bird, Al Tamimi)
  Budget: ~90-120K SAR for full MENA coverage

Founder Decision Package:
  FOUNDER_DECISION_PACKAGE.md — single file with 4 decisions:
    1. GitHub org name (recommend: dealix-io)
    2. Entity structure (MISA vs DIFC vs ADGM)
    3. Saudi counsel engagement (15-30K SAR)
    4. Trademark filing (30-50K SAR initial)
  Total founder time to unblock: ~1 week + ~50K SAR

PHASE 2 FOUNDATION:

DEALIX_PHASE2_BLUEPRINT.md — 18-month category leadership plan:
  10 parallel streams (Frontend, Product, AI, Enterprise, Integrations,
    Scale, Commercial, Customer Platform, Trust, Category POV)
  Executable NOW vs Requires External Services vs Wait-for-PMF
  Phase 2 completion criteria (NPS >=50, NRR >=120%, etc.)

TASK-F201 — Design System foundation (scaffolded):
  packages/design-system/tokens/primitive.json — W3C Design Tokens format:
    Brand palette (50-900), neutral (50-950), critical/warning/success/info
    Space, radius, motion (duration + easing) tokens
    Typography with Arabic fontFamily + arabic-adjustment (1.15) for size
    Arabic line-height (1.8) for diacritics
  packages/design-system/tokens/semantic.json — light + dark themes:
    surface, fg, border, interactive, status semantic layers
  packages/design-system/README.md — principles + integration guide

TASK-CAT1340 (prep) — @dealix/arabic-ui package (scaffolded):
  packages/arabic-ui/src/normalize.ts:
    Diacritic-insensitive search (fatha/kasra/damma stripped)
    Hamza variants normalized (أ/إ/آ → ا)
    Waw-hamza, ya-hamza, taa-marbuta, alef-maksura handled
    arabicMatch() + arabicCompare() helpers
  packages/arabic-ui/src/numerals.ts:
    Western/Arabic-Indic/Eastern Arabic-Indic conversion
    formatCurrency() for SAR/AED/EGP/USD/JOD/KWD
    formatNumber() with locale awareness
  packages/arabic-ui/src/direction.ts:
    detectDirection() via Unicode bidi algorithm
    isolate() using U+2068/U+2069 for mixed-direction content
    isRTL() locale check
    hasArabic() presence check
  Future: release as OSS after 12 months of internal use

TASK-CAT1310 — Manifesto (bilingual draft):
  marketing/manifesto.md — 4 principles in Arabic + English:
    1. Arabic first, not Arabic translated
    2. Decisions backed by evidence, not opinion
    3. AI recommends, systems commit, humans approve
    4. Saudi compliance built-in, not bolted on
  Publication target: dealix.io/manifesto + dealix.io/بيان

TASK-CAT1320 — Dealix Labs (scaffolded):
  docs/labs/README.md — research program structure:
    Annual State of Arabic Enterprise AI report
    Quarterly Arabic LLM Benchmarks
    OTel semantic conventions proposal
    Open source: @dealix/arabic-ui + @dealix/design-system

TRUTH.yaml updated:
  Added Phase 2 capabilities section (all as 'partial' or 'roadmap')
  Added ISO 27001/17/18 and bug bounty to security_claims (all false)

All gates GREEN:
  Architecture Brief: 40/40
  Release Readiness Matrix: 71/71 (up from 53/53)
  Release Readiness Gate (blueprint): PASS
  Truth Registry Validator: VALID

https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
This commit is contained in:
Claude 2026-04-17 10:52:28 +00:00
parent fee51ffb06
commit 40ab7b86c2
No known key found for this signature in database
24 changed files with 1846 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
salesflow-saas/.gitleaksignore Normal file
View File

@ -0,0 +1,7 @@
# Gitleaks ignore file — false positives only
# Format: fingerprint or path:line
# Last verified: 2026-04-17
# False positive: model name "llama-3.1-70b-versatile" matches generic-api-key regex
# This is a Groq model identifier, not an API key
personal-brand-engine/tests/test_llm_client.py

154
salesflow-saas/DEALIX_PHASE2_BLUEPRINT.md Normal file
View File

@ -0,0 +1,154 @@
# DEALIX — Phase 2 Category Leadership Blueprint
> **Prerequisite**: Phase 1 (`DEALIX_EXECUTION_BLUEPRINT.md`) complete.
> **Time horizon**: 6-18 months.
> **Status**: Execution roadmap. Parallelizable streams.
---
## Strategic Reframe
After Phase 1, Dealix is operationally excellent. Phase 2 makes it **category-defining**.
### The Dealix Signature (every decision must pass)
1. Does this make Arabic-first enterprise ops noticeably better than English-first tools retrofitted?
2. Does this make decisions more evidence-backed than competitors?
3. Does this make the operator's next action clearer than anywhere else?
If no → don't ship.
---
## 10 Parallel Streams
| Stream | Scope | TASK prefix |
|--------|-------|-------------|
| 1 — Frontend Excellence | Design system, Arabic/RTL, a11y, motion, viz | F2xx |
| 2 — Product Depth | 5 workflows, builder, templates, analytics | P3xx |
| 3 — AI Intelligence | Multi-agent, Arabic NLP, KG, RAG, voice, evals | AI4xx |
| 4 — Enterprise | SSO/SCIM, ABAC, audit, residency, SLAs | E5xx |
| 5 — Integrations | API, SDK, MENA connectors (Qoyod, Zid, Salla) | I6xx |
| 6 — Scale | Multi-region, edge, DB scale, chaos | S7xx |
| 7 — Commercial | Self-serve, billing, partners, referrals | C8xx |
| 8 — Customer Platform | Docs, community, certification, conference | CP9xx |
| 9 — Trust | ISO 27001/17/18, pentest, bug bounty, trust portal | T10xx |
| 10 — Category POV | Manifesto, Dealix Labs, content, OSS | CAT13xx |
---
## Executable Now (no external services required)
| Task | Status | Notes |
|------|--------|-------|
| TASK-F201 | SCAFFOLDED | `packages/design-system/tokens/` created |
| TASK-F212 | SCAFFOLDED | `packages/arabic-ui/` Arabic utilities |
| TASK-CAT1310 | SCAFFOLDED | `marketing/manifesto.md` bilingual draft |
| TASK-CAT1320 | SCAFFOLDED | `docs/labs/` Dealix Labs structure |
## Requires External Services
| Task | Blocker |
|------|---------|
| TASK-E510 (SSO/SCIM) | WorkOS account + IdP integration testing |
| TASK-T1010 (ISO 27001) | Accredited cert body + 12-18 months |
| TASK-T1020 (bug bounty) | HackerOne/Intigriti account |
| TASK-CP910 (docs) | Mintlify account |
| TASK-CP930 (community) | Discourse hosting or Slack Connect |
| TASK-CP940 (certification) | Teachable/LearnWorlds account |
| TASK-CP950 (conference) | Event venue booking |
| TASK-AI450 (voice) | ElevenLabs account + customer demand |
| TASK-S710 (multi-region) | AWS account + production customers |
| TASK-R1110 (localization) | Market validation per country |
## Requires Product-Market Fit Signal
These shouldn't start until paying customers exist:
- Workflow Builder (P320)
- Partner Program (C840)
- Referral Engine (C850)
- Multi-agent orchestrator (AI410) — has small version now, full scale later
- Voice interface (AI450)
---
## Phase 2 Completion Criteria (18 months)
| Signal | Threshold |
|--------|-----------|
| Organic inbound (Arabic enterprise AI keywords) | Top 3 for 20+ commercial keywords |
| Named customer references | ≥ 15 across ≥ 3 countries |
| Open-source contributions | ≥ 6 accepted upstream PRs |
| Whitepapers cited externally | ≥ 2 |
| Conference keynotes | ≥ 6 regional + ≥ 2 international |
| NPS | ≥ 50 |
| NRR | ≥ 120% |
---
## Phase 2 Execution Order Recommendation
### Month 1-3 (immediate)
- TASK-F201: Design system foundation (blocks most frontend)
- TASK-F210: Arabic typography
- TASK-F211: RTL-aware layout
- TASK-AI460: Eval harness v2
- TASK-CAT1310: Publish manifesto
### Month 3-6 (after first paying customers)
- TASK-F220/230/240: Performance + a11y + motion
- TASK-E510: SSO/SCIM (enables enterprise deals)
- TASK-E520: OpenFGA ABAC
- TASK-I620: ZATCA integration (if KSA customers)
- TASK-P310: Second golden path
### Month 6-12
- TASK-E530: Audit platform
- TASK-E540: Data residency options
- TASK-I621: MENA connectors (on demand)
- TASK-T1010: ISO 27001 start
- TASK-CP910: Docs portal launch
### Month 12-18
- TASK-F290: Executive iOS app
- TASK-S710: Multi-region
- TASK-T1020: Bug bounty program
- TASK-CP950: First Dealix Majlis conference
- TASK-CAT1340: Open-source @dealix/arabic-ui
---
## Signature Components — Phase 2 Anchors
### 1. ApprovalCard (from Phase 2 §1.8)
The one component that shows the Dealix signature:
- Narrative brief authored by LLM at generation time
- Evidence count + model inference count + policy check status
- Economics summary with forecast impact
- Risk flags with color + reason
- Keyboard shortcuts: ⌘1 approve, ⌘2 request more, ⌘3 reject, ⌘E open evidence
### 2. Executive Room Weekly Pack
Already live in Phase 1 at `/api/v1/executive-room/weekly-pack`. Phase 2 adds:
- Narrative header (ExecBriefAgent-generated)
- Interactive drill-down to source evidence
- Dual Gregorian/Hijri dates
- Board-ready PDF export with embedded Arabic fonts
### 3. Evidence Timeline
The story of a decision rendered as a readable timeline:
- Who proposed → data sources consulted → model reasoning → approvals collected → final commitment
- Every node clickable → full provenance
- Scrubbable timeline for long workflows
---
## Non-Negotiable Phase 2 Invariants
Extended from Phase 1:
1. Performance budget enforced in CI (LCP <1.5s, INP <150ms, CLS <0.05)
2. Accessibility: 0 axe violations; WCAG 2.2 AA minimum, AAA for approval surfaces
3. Arabic parity: every new feature ships with Arabic UI + Arabic docs
4. Zero claims beyond `claims_registry.yaml`
5. Every LLM call goes through `dealix.ai.router` (no direct provider imports)
6. Every side-effect has idempotency key
7. Every external commitment has approval + evidence + correlation

136
salesflow-saas/FOUNDER_DECISION_PACKAGE.md Normal file
View File

@ -0,0 +1,136 @@
# Founder Decision Package — Dealix Tier-1
> **Purpose**: Everything the founder needs to make 4 decisions and unblock full execution.
> **All code automation is DONE.** Only these decisions remain.
---
## Decision 1: GitHub Organization Name (5 min)
### Options
| Option | Pro | Con |
|--------|-----|-----|
| `dealix-io` | Clean, aligns with dealix.io domain | Standard |
| `dealix-hq` | Professional, enterprise feel | Less common |
| `dealix` | Shortest, clean | May be taken |
| `getdealix` | Matches marketing convention | Longer |
### Recommendation
`dealix-io` — matches the typical domain/org pattern, easy to communicate, unambiguous.
### Action
```bash
# After creating GitHub org `dealix-io` and empty private repo `dealix-io/platform`:
cd /home/user/system-prompts-and-models-of-ai-tools
./salesflow-saas/scripts/extract_dealix_repo.sh git@github.com:dealix-io/platform.git
```
---
## Decision 2: Company Entity Structure (this week)
### Options
| Option | Pro | Con | Estimated cost |
|--------|-----|-----|---------------|
| **MISA Startup License (KSA)** | Saudi-first customers prefer local entity; Vision 2030 alignment; PDPL compliance easier | Requires Saudi founder/partner for some structures; 100% foreign allowed in many sectors now | ~15-30K SAR setup |
| **DIFC (UAE)** | Strong IP protection; easier banking; common-law courts; international-friendly | Not "Saudi-first" for KSA sales; distance from market | ~50-100K AED setup |
| **ADGM (UAE)** | Similar to DIFC but often faster | Same "not Saudi" issue | ~50-100K AED setup |
| **Two-entity structure (KSA + UAE)** | Best of both | Complex; more cost | 70-130K total |
### Recommendation
**MISA Startup License** if founder is Saudi or has Saudi partner. **DIFC** if founder is foreign and speed matters more than local presence.
### Action
Engage one of these:
1. **TAM (Saudi)** — https://tamkeentech.net (Saudi startup formation)
2. **Diligents** — KSA/GCC legal formations
3. **DIFC Authority** — self-service if DIFC route
Expected timeline: 4-12 weeks.
---
## Decision 3: Saudi Legal Counsel (this month)
Saudi privacy policy + ToS + DPA review is **mandatory** before customer-facing launch.
### Recommended Firms (by specialization)
| Firm | Strength | Fit |
|------|----------|-----|
| **Al Tamimi & Company** | Largest KSA + GCC practice | Best for enterprise contracts + IP |
| **Clyde & Co (Riyadh)** | Strong in tech + data | Good PDPL expertise |
| **Bird & Bird (Riyadh)** | International, tech-focused | Good for cross-border |
| **Nowfal Law Firm** | Saudi boutique, fast | Cost-effective for startups |
### Scope to Request
1. Review + customize `docs/legal/templates/PRIVACY_POLICY_EN.md`
2. Review + customize `docs/legal/templates/TERMS_OF_SERVICE_EN.md`
3. Review + customize `docs/legal/templates/DPA_EN.md`
4. Review + customize `docs/legal/templates/PRIVACY_POLICY_AR.md`
5. Create Arabic versions of ToS + DPA
6. Verify Saudi PDPL compliance (especially cross-border transfers)
7. Create IP assignment agreement final version
8. One-hour consult on entity structure if not yet decided
**Budget**: 15-30K SAR for full scope.
---
## Decision 4: Trademark Filing (this month)
### Marks to File
- "DEALIX" (Latin)
- "ديلكس" (Arabic)
- Logo (once finalized)
### Classes
- 9 (software)
- 42 (SaaS)
- 35 (business services)
### Jurisdictions (priority order)
1. **KSA (SAIP)** — 5,000 SAR/class, file this week
2. **UAE** — 5,500 SAR/class, file within 30 days
3. **Egypt, Jordan, Kuwait** — within 90 days
### Recommended Agent
**Abu-Ghazaleh Intellectual Property (AGIP)** — largest MENA IP firm, handles all GCC in one engagement.
**Total budget**: ~90-120K SAR across all MENA jurisdictions.
### Self-Serve Alternative (KSA only)
Founder can file directly at https://qima.saip.gov.sa — save ~2-4K SAR per filing but slower learning curve.
---
## What's Already Automated (no decisions needed)
- ✓ Extraction script ready: `scripts/extract_dealix_repo.sh`
- ✓ Python deps pinned + pyproject.toml for uv
- ✓ Node deps pinned to pnpm@9.12.0
- ✓ Pre-commit hooks: gitleaks + detect-private-key + ruff
- ✓ Secret scan completed (1 false positive, documented)
- ✓ Rotation log template
- ✓ Legal status tracker
- ✓ Legal templates (IP Assignment, Privacy EN+AR, ToS, DPA)
- ✓ Trademark filing kit with application text
- ✓ Truth registry + claims registry + validator + CI
- ✓ Release readiness gate (blueprint-spec)
- ✓ Architecture brief (40/40) + Release readiness matrix (53/53)
- ✓ Golden path, Saudi workflow, 17 structured schemas, RLS migration, idempotency, OpenTelemetry, durable execution
---
## Total Founder Time to Unblock Full Execution
| Decision | Time required |
|----------|--------------|
| GitHub org name | 5 minutes |
| Entity structure | 2-4 hours research + engagement |
| Counsel engagement | 2-3 meetings + 15-30K SAR |
| Trademark filing | 1-2 hours with agent + 15-30K SAR |
| **Total founder time** | **~1 week of attention + ~50K SAR initial outlay** |
After these decisions, Phase 1 is truly complete and Phase 2 can begin.

77
salesflow-saas/docs/execution_log.md
View File

@ -1,33 +1,74 @@
# Execution Log — Dealix Tier-1 Blueprint
## Phase 1 (complete)
| Task | Date | Result |
|------|------|--------|
| TASK-999 | 2026-04-17 | State Audit written — `docs/internal/STATE_AUDIT.md` |
| TASK-010 | 2026-04-17 | TRUTH.yaml (15 capabilities) + claims_registry.yaml (18 claims) |
| TASK-001 (prep) | 2026-04-17 | Extraction script ready — `scripts/extract_dealix_repo.sh` |
| TASK-003 (pyproject) | 2026-04-17 | `backend/pyproject.toml` with pinned deps for uv |
| TASK-004 (pin) | 2026-04-17 | `frontend/package.json` pinned to pnpm@9.12.0 + Node >=20.10 |
| TASK-005 (pre-commit) | 2026-04-17 | `.pre-commit-config.yaml` with gitleaks + detect-private-key + ruff |
| TASK-005 (log) | 2026-04-17 | `docs/internal/rotation_log.md` created |
| TASK-006 | 2026-04-17 | `docs/internal/legal_status.md` tracker |
| TASK-010 (validator) | 2026-04-17 | `scripts/validate_truth_registry.py` + CI workflow |
| TASK-101 (gate) | 2026-04-17 | `scripts/release_readiness_gate.py` — blueprint-spec |
| Blueprint itself | 2026-04-17 | `DEALIX_EXECUTION_BLUEPRINT.md` saved |
| TASK-999 | 2026-04-17 | State Audit — `docs/internal/STATE_AUDIT.md` |
| TASK-010 | 2026-04-17 | TRUTH.yaml (19 capabilities) + claims_registry.yaml (18 claims) |
| TASK-001 (prep) | 2026-04-17 | Extraction script — `scripts/extract_dealix_repo.sh` |
| TASK-003 (pyproject) | 2026-04-17 | `backend/pyproject.toml` pinned for uv |
| TASK-004 (pin) | 2026-04-17 | `frontend/package.json` pinned to pnpm@9.12.0 |
| TASK-005 (pre-commit) | 2026-04-17 | `.pre-commit-config.yaml` + gitleaks scan (1 FP) |
| TASK-005 (scan) | 2026-04-17 | Ran gitleaks on 146 commits — 1 false positive (model name) |
| TASK-005 (ignore) | 2026-04-17 | `.gitleaksignore` created for false positive |
| TASK-005 (rotation) | 2026-04-17 | `docs/internal/rotation_log.md` with scan results |
| TASK-006 (tracker) | 2026-04-17 | `docs/internal/legal_status.md` |
| TASK-006 (IP template) | 2026-04-17 | `docs/legal/templates/IP_ASSIGNMENT_AGREEMENT.md` |
| TASK-006 (Privacy EN) | 2026-04-17 | `docs/legal/templates/PRIVACY_POLICY_EN.md` |
| TASK-006 (Privacy AR) | 2026-04-17 | `docs/legal/templates/PRIVACY_POLICY_AR.md` |
| TASK-006 (ToS EN) | 2026-04-17 | `docs/legal/templates/TERMS_OF_SERVICE_EN.md` |
| TASK-006 (DPA EN) | 2026-04-17 | `docs/legal/templates/DPA_EN.md` |
| TASK-006 (Trademark) | 2026-04-17 | `docs/legal/templates/TRADEMARK_FILING_KIT.md` |
| TASK-010 (validator) | 2026-04-17 | `scripts/validate_truth_registry.py` + CI |
| TASK-101 (gate) | 2026-04-17 | `scripts/release_readiness_gate.py` |
| Blueprint v1 | 2026-04-17 | `DEALIX_EXECUTION_BLUEPRINT.md` |
| Founder Package | 2026-04-17 | `FOUNDER_DECISION_PACKAGE.md` (4 decisions for founder) |
## Gate Status (2026-04-17)
## Phase 2 (foundation scaffolded)
| Task | Date | Result |
|------|------|--------|
| Blueprint v2 | 2026-04-17 | `DEALIX_PHASE2_BLUEPRINT.md` |
| TASK-F201 | 2026-04-17 | Design system tokens (primitive.json + semantic.json + README) |
| TASK-CAT1340 (prep) | 2026-04-17 | `@dealix/arabic-ui` package (normalize, numerals, direction) |
| TASK-CAT1310 | 2026-04-17 | Manifesto bilingual draft — `marketing/manifesto.md` |
| TASK-CAT1320 | 2026-04-17 | Dealix Labs scaffolded — `docs/labs/README.md` |
## Gate Status (2026-04-17 after Phase 2 foundation)
| Gate | Score | Status |
|------|-------|--------|
| Architecture Brief | 40/40 | PASS |
| Release Readiness Matrix | 53/53 | PASS |
| Release Readiness Matrix | **71/71** | PASS (up from 53/53) |
| Release Readiness Gate (blueprint) | 11/11 artifacts + 4/4 truth fields | PASS |
| Truth Registry Validator | valid | PASS |
| Frontend CI | 10 Playwright tests | PASS |
| Backend CI | exit 4 (pre-existing dep drift) | KNOWN ISSUE |
## Open Founder Decisions
## Open Founder Decisions (unblocks full Phase 1 close)
- TASK-001: GitHub org name + run extraction script
- TASK-006: Entity structure (MISA vs DIFC vs ADGM)
- TASK-006: Saudi counsel engagement for legal review
- TASK-006: Trademark filing in KSA
See `FOUNDER_DECISION_PACKAGE.md`:
1. GitHub org name (5 min)
2. Entity structure — MISA vs DIFC vs ADGM (2-4 weeks)
3. Saudi legal counsel engagement (1 month, 15-30K SAR)
4. Trademark filing in KSA + UAE + Egypt (1 week, 30-50K SAR)
## Phase 2 External Dependencies (not yet started)
These require external services/accounts:
- TASK-E510 (SSO): WorkOS account
- TASK-T1010 (ISO 27001): accredited cert body
- TASK-T1020 (bug bounty): HackerOne/Intigriti
- TASK-CP910 (docs): Mintlify account
- TASK-CP930 (community): Discourse/Discord
- TASK-CP950 (conference): venue booking
- TASK-S710 (multi-region): AWS production account
## Phase 2 Wait-For-PMF (start after paying customers)
- P320: Workflow Builder
- C840/C850: Partner / Referral programs
- AI410 (full scale): Multi-agent orchestrator
- AI450: Voice interface
- R1110: Country-by-country localization

17
salesflow-saas/docs/internal/rotation_log.md
View File

@ -18,9 +18,24 @@
## Active Rotations
### 2026-04-17 — Initial full-history scan
**Tool**: gitleaks v8.20.1
**Scope**: 146 commits scanned
**Findings**: 1
| File | Line | Rule | Verdict | Action |
|------|------|------|---------|--------|
| `personal-brand-engine/tests/test_llm_client.py` | 14 | generic-api-key | **FALSE POSITIVE** — model name `llama-3.1-70b-versatile` | Added to `.gitleaksignore` |
### Conclusion
**No real secrets detected in git history.** Repository is clean for extraction to new org.
## Future Rotations
| Date | Secret Type | Location Found | Rotated By | Verified |
|------|-------------|----------------|-----------|----------|
| TBD | (Run `gitleaks detect --source . --log-opts="--all"` to populate) | | | |
| TBD | — | — | — | — |
---

69
salesflow-saas/docs/labs/README.md Normal file
View File

@ -0,0 +1,69 @@
# Dealix Labs
> **Status**: Scaffolded (Phase 2 TASK-CAT1320)
> **Mission**: Open research contributions to Arabic enterprise AI, MENA compliance tooling, and enterprise workflow standards.
---
## Planned Publications
### Annual
- **State of Arabic Enterprise AI** — comprehensive report on market, technology, and regulatory landscape
### Quarterly
- **Arabic LLM Benchmarks** — latency, accuracy, bias across major models on Arabic enterprise tasks
- **MENA Compliance Quarterly** — PDPL/ZATCA/SDAIA/NCA regulatory changes and operator guidance
### Standards Proposals
- **OTel Semantic Conventions for Enterprise Approval Workflows** — open proposal to OpenTelemetry community
- **W3C Design Tokens for RTL/Arabic Typography** — extension proposals
---
## Open Source Projects (Phase 2 release)
1. **`@dealix/arabic-ui`** — Arabic-first web UX utilities (already scaffolded in `packages/arabic-ui/`)
2. **`@dealix/design-system`** — design tokens + primitives (scaffolded in `packages/design-system/`)
3. **`dealix-otel-conventions`** — proposed OTel semantic conventions for enterprise workflows
4. **`pdpl-compliance-kit`** — open-source PDPL compliance starter for Saudi SaaS
---
## Research Principles
1. **Data ethics**: no customer data in publications without explicit DPA addendum consent
2. **Open by default**: publications under CC-BY 4.0 unless regulatory constraint
3. **Reproducible**: all benchmarks include code + data + model versions
4. **Bilingual**: Arabic + English for regional publications
---
## Contributors
- **Founder / CTO**: strategic direction
- **AI Engineer**: benchmark execution
- **Security Lead**: compliance research
- **Regional Fellow (Year 2)**: part-time academic partnership
---
## Publication Pipeline
### In draft
- *(none yet — Year 1 launch)*
### Scheduled
- Q1 2027: "State of Arabic Enterprise AI 2026" (first annual report)
- Q1 2027: "Arabic LLM Benchmarks: Groq vs OpenAI vs Claude on Enterprise Tasks"
### Aspirational
- 2028: Joint research with KSU / KAUST / MBZUAI on Arabic enterprise NLP
---
## How to Propose a Research Topic
1. Open an issue at `labs/proposals/YYYY-MM-DD-topic-slug.md`
2. Include: question, methodology, expected timeline, ethics review
3. Reviewed by founder + AI lead within 2 weeks
4. If accepted, author becomes lead

148
salesflow-saas/docs/legal/templates/DPA_EN.md Normal file
View File

@ -0,0 +1,148 @@
# Data Processing Agreement (DPA) — Dealix (Template)
> **DISCLAIMER**: Template only. Must be reviewed by qualified Saudi counsel before execution.
> **Version**: 1.0 DRAFT
---
## Parties
**Data Controller**: [Customer Legal Entity] ("Customer")
**Data Processor**: [Dealix Legal Entity] ("Dealix")
**Effective Date**: [DATE]
---
## 1. Subject Matter
This DPA governs processing of Personal Data by Dealix on behalf of Customer in connection with the Service defined in the Master Services Agreement / Terms of Service.
---
## 2. Duration
For the duration of the Service subscription + retention periods specified in the Privacy Policy.
---
## 3. Nature and Purpose of Processing
Dealix processes Personal Data to:
- Execute customer-initiated workflows (partner intake, dossier, approvals)
- Generate evidence packs and audit trails
- Provide reporting and executive surfaces
- Operate security, billing, and customer support functions
---
## 4. Categories of Data Subjects
- Customer's employees and authorized users
- Customer's customers, partners, prospects (as entered into the Service)
- Customer's vendors and counterparties
---
## 5. Categories of Personal Data
- Contact information (name, email, phone)
- Professional information (title, company, role)
- Commercial information (deal values, terms — pseudonymized where possible)
- Authentication credentials (hashed)
- Usage logs and audit trails
**Special Categories**: Dealix does NOT process special category data (health, religion, etc.) unless explicitly agreed in writing with additional safeguards.
---
## 6. Processor Obligations
Dealix shall:
1. Process Personal Data only on documented Customer instructions
2. Ensure persons authorized to process are under confidentiality
3. Implement appropriate technical and organizational measures (see Annex II)
4. Not engage sub-processors without Customer prior authorization
5. Assist Customer in responding to Data Subject requests
6. Notify Customer of Personal Data breach within 72 hours of awareness
7. Delete or return Personal Data at end of Service
---
## 7. Sub-Processors
Current authorized sub-processors listed in Annex III. Changes notified 30 days in advance; Customer may object.
Example sub-processors:
- AWS (me-south-1 Bahrain) — infrastructure
- Resend / Postmark — transactional email
- Groq / OpenAI / Anthropic — AI inference (with data controls)
- Stripe / Moyasar — payment processing
---
## 8. International Transfers
Primary processing: AWS me-south-1 (Bahrain).
Transfers outside GCC:
- Only to sub-processors with documented equivalent protections
- Subject to Standard Contractual Clauses or PDPL-compliant transfer mechanisms
- LLM inference: input data tokenized per vendor DPA (e.g., OpenAI zero-retention tier, Anthropic enterprise)
---
## 9. Data Subject Rights
Dealix will assist Customer in responding to requests for:
- Access
- Rectification
- Erasure
- Restriction
- Portability
- Objection
- Withdrawal of consent
Response time: 10 business days from Customer instruction.
---
## 10. Audits
Customer may audit Dealix compliance once per 12-month period with 30 days notice. Audits limited to:
- Policies and procedures
- Third-party audit reports (SOC 2, ISO 27001, etc.) in lieu of on-site audit
- Aggregated security evidence
---
## 11. Liability
Liability for data processing breaches limited per main Terms of Service §11.
---
## 12. Governing Law
Same as main Terms of Service.
---
## Annexes
### Annex I — Processing Details
- Data subjects, categories, purposes (listed above)
### Annex II — Technical and Organizational Measures
1. **Encryption**: TLS 1.3 in transit, AES-256 at rest
2. **Access Control**: RBAC + MFA for staff, JWT for API
3. **Isolation**: PostgreSQL Row-Level Security per tenant
4. **Logging**: Audit logs retained 7 years, immutable
5. **Backup**: PITR with 30-day retention, cross-region DR
6. **Monitoring**: OpenTelemetry, Sentry, 24/7 alerting
7. **Training**: Annual security awareness for all staff
8. **Incident Response**: Documented runbook, 72h breach notification
9. **Physical Security**: AWS data center (SOC 2 Type II, ISO 27001)
### Annex III — Sub-Processors
[Maintained at trust.dealix.sa/subprocessors]

114
salesflow-saas/docs/legal/templates/IP_ASSIGNMENT_AGREEMENT.md Normal file
View File

@ -0,0 +1,114 @@
# Intellectual Property Assignment Agreement — Template
> **DISCLAIMER**: This is a template only. Must be reviewed by qualified Saudi counsel before execution. Not legal advice.
---
## IP ASSIGNMENT AGREEMENT / اتفاقية تنازل عن الملكية الفكرية
**Effective Date / تاريخ السريان**: [DATE]
**Between / بين**:
- **Assignor / المتنازل**: [NAME], residing at [ADDRESS], holder of ID [NATIONAL ID]
- **Assignee / المتنازل إليه**: Dealix [ENTITY FORM] (e.g., Dealix LLC / شركة ديلكس ذ.م.م), registered at [ADDRESS], commercial registration number [CR NUMBER]
---
## 1. Background / الخلفية
The Assignor has contributed or will contribute to the development of software, documentation, and other intellectual works for Dealix (the "Platform"). This Agreement assigns all rights in such Contributions to the Assignee.
---
## 2. Assignment / التنازل
The Assignor hereby irrevocably and perpetually assigns to the Assignee all rights, title, and interest, including but not limited to:
- Copyright in all source code, documentation, designs, specifications, and written materials
- Patent rights in any inventions
- Trade secrets and know-how
- Moral rights (to the extent assignable under applicable law)
- All related derivative works
This assignment covers **all Contributions made before, on, or after the Effective Date** during the period of engagement.
---
## 3. Warranties / الضمانات
The Assignor warrants that:
1. All Contributions are original work or lawfully licensed third-party materials
2. No Contributions infringe any third party's intellectual property rights
3. The Assignor has full authority to make this assignment
4. No pre-existing agreements conflict with this assignment
---
## 4. Third-Party IP / الملكية الفكرية للأطراف الثالثة
Any third-party code, libraries, or materials included in Contributions must be:
- Compatible with Dealix's commercial use (no GPL v3 for core platform)
- Properly attributed per license terms
- Listed in `docs/internal/third_party_licenses.md`
---
## 5. Pre-Existing Works / الأعمال السابقة
The Assignor lists below any pre-existing IP retained by the Assignor (not assigned):
| Work | Description | License to Dealix |
|------|-------------|-------------------|
| [NONE or LIST] | [DESCRIPTION] | [Perpetual, royalty-free / LIMITED] |
---
## 6. Confidentiality / السرية
The Assignor agrees to keep confidential all Dealix trade secrets, customer data, and unreleased features, both during and after the engagement.
---
## 7. Moral Rights Waiver (Saudi/GCC context)
To the extent permitted by applicable law, the Assignor waives any moral rights in the Contributions, including the right to be identified as author in public-facing materials (without prejudice to internal recognition).
---
## 8. Governing Law / القانون الحاكم
This Agreement is governed by the laws of the Kingdom of Saudi Arabia. Disputes shall be resolved by [specify: SCCA arbitration / Saudi courts / DIFC courts if applicable].
---
## 9. Entire Agreement / الاتفاقية الكاملة
This Agreement, together with any referenced documents, constitutes the entire agreement between the parties regarding IP assignment and supersedes all prior agreements.
---
## Signatures / التوقيعات
**Assignor** / المتنازل:
Name: ___________________________
Signature: _______________________
Date: ___________________________
**Assignee** (Dealix representative):
Name: ___________________________
Title: ___________________________
Signature: _______________________
Date: ___________________________
---
## Notes for Legal Review
- Verify: Saudi employment law requirements for IP assignment in employment context
- Verify: Moral rights waiver enforceability under Saudi copyright law
- Verify: Arbitration clause vs court jurisdiction for GCC companies
- Add: separate schedule for specific high-value Contributions (codebases, patents, trademarks)
- Add: separate NDA if not covered by main employment agreement

134
salesflow-saas/docs/legal/templates/PRIVACY_POLICY_AR.md Normal file
View File

@ -0,0 +1,134 @@
# سياسة الخصوصية — Dealix (نموذج)
> **تنبيه**: هذا نموذج فقط. يجب مراجعته من قبل محامٍ سعودي مؤهل قبل النشر.
> **الإصدار**: 1.0 مسودة
> **تاريخ السريان**: [التاريخ]
---
## 1. من نحن
Dealix ("نحن") شركة [نوع الكيان] مسجلة في [الاختصاص] بموجب السجل التجاري رقم [CR]، ومقرها الرئيسي [العنوان].
- البريد: privacy@dealix.sa
- الهاتف: +966 [الرقم]
- مسؤول حماية البيانات (DPO): [الاسم]، [البريد]
---
## 2. النطاق
توضح هذه السياسة كيف نجمع ونستخدم ونخزن ونشارك البيانات الشخصية عند:
- استخدام منصة Dealix
- زيارة موقعنا
- التواصل مع فريقنا
متوافقة مع:
- نظام حماية البيانات الشخصية السعودي (PDPL)
- اللائحة العامة لحماية البيانات (GDPR) حيث ينطبق
---
## 3. البيانات التي نجمعها
### 3.1 من أصحاب الحسابات
- الاسم، البريد الإلكتروني، رقم الجوال
- اسم الشركة، الوظيفة، الرقم الضريبي
- بيانات الاعتماد (مشفرة)
- بيانات الاستخدام (السجلات، النشاط، عنوان IP)
### 3.2 من تنفيذ سير العمل
- بيانات الشركاء/الموردين المُدخلة في المنصة
- بيانات الصفقات (القيم، الشروط، الأطراف)
- سجلات الموافقات مع تدقيق القرار
- حزم الأدلة (مرتبطة بسلاسل تجزئة)
---
## 4. الأساس القانوني للمعالجة (امتثال PDPL)
نعالج البيانات الشخصية بناءً على:
- **الموافقة الصريحة** (قابلة للسحب)
- **تنفيذ العقد** (لتقديم الخدمة)
- **الالتزام القانوني** (ضريبي، تدقيق، تنظيمي)
- **المصلحة المشروعة** (الأمان، منع الاحتيال)
---
## 5. كيف نستخدم البيانات
- تقديم الخدمة وتحسينها
- معالجة الموافقات وإنشاء حزم الأدلة
- إرسال الإشعارات التشغيلية
- الفوترة والمدفوعات
- مراقبة الأمان والاستجابة للحوادث
- الامتثال التنظيمي (ZATCA، PDPL، NCA)
**نحن لا**:
- نبيع البيانات الشخصية لأطراف ثالثة
- نستخدم بيانات العملاء لتدريب نماذج AI عامة
- نشارك البيانات عبر المستأجرين
---
## 6. الاحتفاظ بالبيانات
| الفئة | مدة الاحتفاظ |
|------|---------------|
| بيانات الحساب | مدة الاشتراك + سنتان |
| سجلات التدقيق / حزم الأدلة | 7 سنوات (متطلب تنظيمي) |
| سجلات الفوترة | 10 سنوات (قانون ضريبي) |
| تفضيلات التسويق | حتى السحب |
| سجلات الجلسة | 90 يومًا |
---
## 7. حقوقك (بموجب PDPL)
لديك الحق في:
- **الوصول** إلى بياناتك الشخصية
- **تصحيح** البيانات غير الدقيقة
- **حذف** بياناتك (مع احترام التزامات الاحتفاظ)
- **تقييد** المعالجة
- **نقل** بياناتك (بصيغة قابلة للقراءة آليًا)
- **الاعتراض** على المعالجة القائمة على المصلحة المشروعة
- **سحب الموافقة** في أي وقت
لممارسة الحقوق: privacy@dealix.sa
نرد خلال 30 يومًا.
---
## 8. نقل البيانات عبر الحدود
نعالج البيانات بشكل أساسي في **AWS me-south-1 (البحرين)**. النقل خارج دول مجلس التعاون:
- خاضع لموافقة صاحب البيانات حيث يلزم
- محمي بشروط تعاقدية معيارية أو ما يعادلها
- مكشوف في هذه السياسة
---
## 9. الأمان
ننفذ:
- TLS 1.3 للبيانات أثناء النقل
- تشفير AES-256 للبيانات المخزنة
- PostgreSQL Row-Level Security لعزل المستأجرين
- وصول قائم على الأدوار مع MFA للموظفين
- اختبار اختراق سنوي
- تدقيق SOC 2 Type II (قيد التنفيذ)
- ضوابط PDPL
**إشعار الخرق**: نبلغ المستخدمين المتأثرين وهيئة البيانات والذكاء الاصطناعي السعودية (SDAIA) خلال 72 ساعة من تأكيد أي خرق يؤثر على البيانات الشخصية.
---
## 10. التواصل والشكاوى
- مخاوف الخصوصية: **privacy@dealix.sa**
- مسؤول حماية البيانات: **dpo@dealix.sa**
يمكنك أيضًا تقديم شكوى إلى:
- هيئة البيانات والذكاء الاصطناعي (SDAIA): https://sdaia.gov.sa
- أو سلطة حماية البيانات المختصة في منطقتك

169
salesflow-saas/docs/legal/templates/PRIVACY_POLICY_EN.md Normal file
View File

@ -0,0 +1,169 @@
# Privacy Policy — Dealix (Template)
> **DISCLAIMER**: Template only. Must be reviewed by qualified Saudi counsel before publication. Not legal advice.
> **Version**: 1.0 DRAFT
> **Effective Date**: [DATE]
> **Last Updated**: [DATE]
---
## 1. Who We Are
Dealix ("we", "us", "our") is operated by [LEGAL ENTITY NAME], a [LLC/company type] registered in [JURISDICTION] under commercial registration [CR NUMBER], with registered office at [ADDRESS].
Contact: privacy@dealix.sa | +966 [NUMBER]
Data Protection Officer (DPO): [NAME], [EMAIL]
---
## 2. Scope
This Privacy Policy explains how we collect, use, store, and disclose personal data when you:
- Use the Dealix platform (the "Service")
- Visit our website
- Interact with our team
This Policy is compliant with:
- Saudi Personal Data Protection Law (PDPL)
- UAE Personal Data Protection Law (if applicable)
- GDPR (where applicable to EU visitors)
---
## 3. Data We Collect
### 3.1 From Account Holders
- Name, email, phone number
- Company name, role, tax identification
- Authentication credentials (passwords hashed)
- Usage data (logs, activity, IP address)
### 3.2 From Workflow Execution
- Partner/vendor data entered into the Platform
- Deal data (values, terms, counterparties)
- Approval records with decision audit trail
- Evidence packs (hash-chained)
### 3.3 From Integrations
- Data from connected systems (WhatsApp, email, CRM) per integration scope and consent
### 3.4 Cookies and Tracking
- Session cookies (essential)
- Analytics cookies (with consent)
- We do not sell cookie data to third parties
---
## 4. Legal Basis for Processing (PDPL compliance)
We process personal data based on:
- **Consent** (explicit, withdrawable)
- **Contract performance** (to deliver the Service)
- **Legal obligation** (tax, audit, regulatory)
- **Legitimate interest** (security, fraud prevention)
---
## 5. How We Use Data
- Provide and improve the Service
- Process approvals and generate evidence packs
- Send transactional notifications
- Billing and payment processing
- Security monitoring and incident response
- Regulatory compliance (ZATCA, PDPL, NCA)
We do NOT:
- Sell personal data to third parties
- Use customer data to train public AI models
- Share data across tenants
---
## 6. Data Retention
| Category | Retention Period |
|----------|------------------|
| Account data | Duration of engagement + 2 years |
| Audit logs / evidence packs | 7 years (regulatory requirement) |
| Billing records | 10 years (tax law) |
| Marketing preferences | Until withdrawn |
| Session logs | 90 days |
Deletion requests per §8 are honored within 30 days, subject to legal retention obligations.
---
## 7. Data Sharing
We share personal data only with:
- **Sub-processors** (cloud hosting, email delivery) — listed at `/trust/subprocessors`
- **Professional advisors** (auditors, counsel) under confidentiality
- **Law enforcement** when legally compelled
All sub-processors sign a Data Processing Agreement (DPA) with equivalent protections.
---
## 8. Your Rights (PDPL Articles)
You have the right to:
- **Access** your personal data
- **Rectify** inaccurate data
- **Delete** your data (subject to retention obligations)
- **Restrict** processing
- **Port** your data (receive in machine-readable format)
- **Object** to processing based on legitimate interest
- **Withdraw consent** at any time
Exercise rights via: privacy@dealix.sa
We respond within 30 days.
---
## 9. Cross-Border Transfers
We primarily process data in **AWS me-south-1 (Bahrain)**. Transfers outside GCC are:
- Subject to Data Subject consent where required
- Protected by Standard Contractual Clauses or equivalent
- Disclosed in this Policy
---
## 10. Security
We implement:
- TLS 1.3 for data in transit
- AES-256 encryption at rest
- PostgreSQL Row-Level Security for tenant isolation
- Role-based access with MFA for staff
- Annual penetration testing
- SOC 2 Type II audit (in progress)
- PDPL-aligned controls
Breach notification: We notify affected users and the Saudi Data and AI Authority (SDAIA) within 72 hours of confirmed breach affecting personal data.
---
## 11. Children
The Service is for business use only. We do not knowingly collect data from anyone under 18.
---
## 12. Changes to This Policy
Material changes will be announced via in-app notification + email 30 days before effect. Historical versions are archived at `/trust/policy-archive`.
---
## 13. Contact and Complaints
Privacy concerns: **privacy@dealix.sa**
Data Protection Officer: **dpo@dealix.sa**
You may also lodge a complaint with:
- Saudi Data and AI Authority (SDAIA): https://sdaia.gov.sa
- Or the relevant data protection authority in your jurisdiction

167
salesflow-saas/docs/legal/templates/TERMS_OF_SERVICE_EN.md Normal file
View File

@ -0,0 +1,167 @@
# Terms of Service — Dealix (Template)
> **DISCLAIMER**: Template only. Must be reviewed by qualified Saudi counsel before publication.
> **Version**: 1.0 DRAFT
> **Effective**: [DATE]
---
## 1. Acceptance
By creating an account or using the Dealix platform ("Service"), you ("Customer") agree to these Terms. If you use the Service on behalf of an organization, you warrant that you have authority to bind that organization.
---
## 2. The Service
Dealix provides a Software-as-a-Service platform for enterprise revenue operations, including:
- Partner intake and dossier building
- Economics analysis
- Approval workflows with SLA tracking
- Evidence packs (SHA256 tamper-evident)
- Executive reporting and decision surfaces
---
## 3. Subscription and Fees
### 3.1 Tiers (current pricing in separate pricing sheet)
- **Essentials**: Mid-market
- **Business**: Large enterprise features
- **Enterprise**: Custom, dedicated infrastructure
### 3.2 Billing
- Monthly or annual billing in SAR, AED, or USD
- Prices exclude VAT (15% KSA, 5% UAE, 14% Egypt as applicable)
- Invoices ZATCA-compliant for KSA customers
- Payment due within 30 days of invoice
### 3.3 Renewals
- Annual subscriptions auto-renew unless cancelled 30 days before period end
- Pilot programs (90 days) convert to annual unless declined in writing
---
## 4. Customer Responsibilities
Customer agrees to:
- Provide accurate account information
- Keep credentials secure (MFA required for admin accounts)
- Obtain necessary consents from Data Subjects whose data is processed via the Service
- Not attempt to reverse engineer, decompile, or extract source code
- Not use the Service for unlawful purposes
- Comply with all applicable laws (PDPL, ZATCA, anti-money laundering)
---
## 5. Dealix Responsibilities
Dealix will:
- Provide the Service with reasonable skill and care
- Maintain 99.95% uptime SLA (Business+ tiers) — see SLA exhibit
- Keep customer data isolated per tenant (PostgreSQL RLS)
- Notify of material service changes with 30 days notice
- Maintain security controls per our published SECURITY.md
---
## 6. Data Ownership
- **Customer Data** belongs to the Customer
- Dealix receives limited license to process Customer Data solely to provide the Service
- Customer retains all rights to Customer Data and outputs
- Dealix owns all platform IP, features, and improvements
---
## 7. Confidentiality
Each party will protect the other's Confidential Information with reasonable care. Customer Data is confidential by default.
---
## 8. Acceptable Use
Prohibited activities:
- Sending spam or unsolicited marketing
- Using the Service to process data without lawful basis
- Testing security through unauthorized means (bug bounty program available)
- Circumventing trial/pilot limits
- Reselling the Service without written authorization
Violation may result in immediate suspension.
---
## 9. Warranties and Disclaimers
Dealix warrants that the Service will materially conform to its documentation.
EXCEPT AS EXPRESSLY STATED, THE SERVICE IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND. DEALIX DOES NOT WARRANT:
- AI output accuracy in all cases (see §10)
- Uninterrupted availability beyond SLA commitment
- Fitness for specific customer purposes not agreed in writing
---
## 10. AI-Generated Outputs
The Service uses large language models. Customer acknowledges:
- AI outputs are **suggestions**, not final decisions
- Human approval is **required** for all commercially sensitive actions (Class B in our policy framework)
- Customer remains responsible for decisions made based on AI outputs
- Dealix does not guarantee 100% accuracy of AI outputs
---
## 11. Limitation of Liability
EXCEPT FOR INDEMNIFICATION OBLIGATIONS, CONFIDENTIALITY BREACHES, OR INTENTIONAL MISCONDUCT:
- Aggregate liability is limited to **12 months of fees paid** preceding the claim
- Neither party is liable for indirect, consequential, or lost-profits damages
---
## 12. Termination
Either party may terminate:
- For material breach with 30-day cure period
- For non-payment after 15-day notice
- Immediately for insolvency or illegal conduct
Upon termination:
- Customer may export data for 90 days post-termination
- Dealix deletes Customer Data within 90 days (subject to legal retention)
- Evidence packs remain accessible for audit purposes for 7 years
---
## 13. Governing Law and Disputes
- Governed by laws of the Kingdom of Saudi Arabia
- Disputes resolved by [SCCA arbitration in Riyadh / Saudi courts / agreed-upon forum]
- Language of proceedings: Arabic (with English translations)
---
## 14. Changes to Terms
Material changes announced with 30 days notice. Continued use after changes = acceptance.
---
## 15. Contact
Legal: **legal@dealix.sa**
Support: **support@dealix.sa**
Billing: **billing@dealix.sa**
---
## Exhibits
- **Exhibit A**: Service Level Agreement (SLA)
- **Exhibit B**: Data Processing Agreement (DPA)
- **Exhibit C**: Acceptable Use Policy
- **Exhibit D**: Current Pricing
- **Exhibit E**: Subprocessors List

118
salesflow-saas/docs/legal/templates/TRADEMARK_FILING_KIT.md Normal file
View File

@ -0,0 +1,118 @@
# Trademark Filing Kit — Dealix
> **Purpose**: Ready-to-use checklist + application inputs for trademark filings across MENA.
> **Target marks**: "Dealix" (Latin) + "ديلكس" (Arabic)
> **Recommended classes**: 9 (software), 42 (SaaS/technology services), 35 (business services)
---
## Filing Strategy (recommended order)
| Priority | Jurisdiction | Authority | Budget (SAR) | Timeline |
|----------|-------------|-----------|--------------|----------|
| 1 | Saudi Arabia | SAIP | ~5,000 per class | 6-12 months |
| 2 | UAE | Ministry of Economy | ~5,500 per class | 6-12 months |
| 3 | Egypt | Trademark Office | ~3,500 per class | 12-18 months |
| 4 | Jordan | Ministry of Industry | ~3,000 per class | 8-12 months |
| 5 | Kuwait | PAI | ~4,000 per class | 6-12 months |
| 6 | (Optional) Madrid Protocol | WIPO | Varies | 12-18 months |
**Total budget (all MENA, 3 classes each)**: ~90,000-120,000 SAR
---
## Pre-Filing Checklist
Before filing, complete:
- [ ] **Trademark search** in each jurisdiction (verify no conflicts)
- KSA: https://qima.saip.gov.sa/TMSearch (free)
- UAE: https://www.economy.gov.ae (paid)
- Egypt: Physical search via agent
- WIPO Global Brand Database (cross-check)
- [ ] **Domain audit**: confirm dealix.sa, dealix.com, dealix.ae available or owned
- [ ] **Social handle audit**: @dealix on X/Twitter, LinkedIn, Instagram
- [ ] **Entity incorporation completed** (can file as individual temporarily, better as entity)
- [ ] **Logo finalized** (if filing logo + wordmark)
- [ ] **Use statement prepared**: description of services
---
## Application Data (Dealix — ready to file)
### Mark Details
- **Wordmark (English)**: DEALIX
- **Wordmark (Arabic)**: ديلكس
- **Logo**: (to be provided — vector SVG)
- **Classes**:
- **Class 9**: Computer software for business operations, deal management, workflow automation; downloadable software
- **Class 42**: Software as a Service (SaaS); platform as a service (PaaS); cloud computing services for enterprise operations; AI-based decision support software
- **Class 35**: Business administration; business management consulting; data processing for business
### Goods & Services Description (copy into application)
**Class 9**:
> Computer software for enterprise revenue operations, deal workflow management, partner management, and decision support; downloadable software applications for mobile and desktop; application programming interfaces (APIs) for business workflow integration.
**Class 42**:
> Software as a Service (SaaS) featuring software for enterprise revenue operations, partner management, deal workflows, approval management, and executive reporting; platform as a service (PaaS) for business workflow automation; cloud-based software for AI-powered decision support; design and development of computer software; technical consultation in the field of software and artificial intelligence.
**Class 35**:
> Business administration and management services; business consulting services in the field of revenue operations, partnerships, and corporate development; data processing services; business data analysis; automated business workflow services.
### First Use Date
- **First use in commerce (KSA)**: [TO BE CONFIRMED — use platform launch date]
- **First use in commerce (GCC)**: [Same or later]
---
## SAIP (KSA) Filing Process
1. Create account: https://saip.gov.sa
2. File online via https://qima.saip.gov.sa
3. Pay fees (per class)
4. Examination period: 3-6 months
5. Publication in trademark gazette: 60 days opposition window
6. Registration certificate issued
7. Renewal: every 10 years
**Forms needed**:
- Power of Attorney (if using trademark agent)
- Certified commercial registration (if filing as entity)
- Mark representation (JPG/SVG)
- Priority claim document (if claiming priority from earlier filing)
---
## Trademark Agent Recommendations
For KSA + GCC filings, recommended agents:
1. **Abu-Ghazaleh Intellectual Property (AGIP)** — largest MENA IP firm
2. **Saba & Co. IP** — strong in SA + Egypt
3. **Bird & Bird (Riyadh)** — international firm with KSA practice
4. **Al Tamimi & Company** — largest UAE firm, strong KSA practice
**Budget for agent fees**: 2,000-4,000 SAR per jurisdiction on top of official fees.
---
## Post-Registration Monitoring
After registration:
- [ ] Set up watch service (monitors new filings for similar marks)
- [ ] Calendar renewal dates (+30-day buffer for grace)
- [ ] Document use in commerce (keep invoices, screenshots, press)
- [ ] File additional classes if business expands
- [ ] Consider Madrid Protocol extension after 2 years in KSA
---
## Common Pitfalls to Avoid
- ❌ Filing only wordmark without Arabic — limits enforcement in GCC
- ❌ Filing only 1 class (Class 9) — weakens SaaS protection
- ❌ Delaying filing until competitors emerge
- ❌ Filing individually then transferring to entity (creates paperwork)
- ❌ Not budgeting for oppositions (may add 20-30% to cost)
- ❌ Using free online trademark services for MENA (most don't handle Arabic properly)

26
salesflow-saas/docs/registry/TRUTH.yaml
View File

@ -135,3 +135,29 @@ security_claims:
soc2_type_ii: false
pdpl_compliant: "in-progress"
annual_pentest: false
iso_27001: false
iso_27017: false
iso_27018: false
bug_bounty_program: false
phase_2_capabilities:
- id: design_system
name: "Dealix Design System"
status: partial
evidence_path: "packages/design-system/tokens/"
public_claim_allowed: false
- id: arabic_ui_package
name: "@dealix/arabic-ui utilities"
status: partial
evidence_path: "packages/arabic-ui/src/"
public_claim_allowed: false
- id: manifesto
name: "Dealix Manifesto (bilingual)"
status: partial
evidence_path: "marketing/manifesto.md"
public_claim_allowed: false
- id: dealix_labs
name: "Dealix Labs (research program)"
status: roadmap
evidence_path: "docs/labs/README.md"
public_claim_allowed: false

109
salesflow-saas/marketing/manifesto.md Normal file
View File

@ -0,0 +1,109 @@
# Dealix Manifesto
> **Status**: Draft for founder review
> **Version**: 1.0
> **Bilingual**: العربية + English
---
## العربية
### عمليات المؤسسات في العالم العربي تستحق بنية تحتية **مبنية لها** — لا **مُعدَّلة عن** أدوات إنجليزية الأصل.
في كل يوم، تُتخذ قرارات بمليارات الريالات في شركات المنطقة: موافقات على صفقات، شراكات، توسعات، مشتريات، التزامات تجارية. وفي كل يوم، تُبنى هذه القرارات على:
- جداول Excel لا يقرأها أحد كاملةً
- سلاسل رسائل WhatsApp بلا أثر رسمي
- أنظمة CRM أمريكية مترجمة ترجمة آلية لواجهات عربية هشة
- اجتماعات مجالس إدارة بدون أدلة قابلة للتدقيق
هذا ليس نقصًا تقنيًا. هذا فجوة في **الكرامة التشغيلية**.
### نحن نبني Dealix لنحقق أربعة مبادئ:
1. **العربية أولاً، لا العربية كترجمة.** الواجهات التنفيذية، حزم الأدلة، سير العمل — كلها مصممة للعقل العربي المؤسسي أولاً، والإنجليزية ثانيًا.
2. **القرار مثبت بالأدلة، لا برأي شخصي.** كل التزام خارجي في Dealix يمر عبر موافقة موثقة، مع حزمة أدلة مقاومة للتلاعب (SHA256)، وتتبع من القرار إلى التنفيذ.
3. **الذكاء الاصطناعي يقترح، والأنظمة تنفذ، والبشر يعتمدون القرارات الحساسة.** لا نبني وكيلاً يقرر عنك. نبني طبقة قرار وتنفيذ وحوكمة فوق أنظمة السجلات الحالية.
4. **الامتثال السعودي مدمج، لا مضاف لاحقًا.** PDPL, ZATCA, SDAIA, NCA — كلها ضوابط حية في المنصة، وليست ملاحق تسويقية.
### لمن نبني:
- قادة العمليات التجارية في شركات السعودية والخليج
- الذين لا يقبلون أن تُبنى عمليات شركاتهم على أدوات ليست مصممة لهم
- الذين يحتاجون قرارات أسرع، أوضح، أكثر أمانًا
### ما نرفضه:
- وعود 10× دخل من AI — لأن لا بيانات تدعم هذه الوعود
- ادعاءات "autonomy كاملة" — لأن الذكاء الاصطناعي يقترح، والبشر يقررون
- واجهات إنجليزية مع ترجمة — لأن العربية ليست ترجمة
- SOC 2 Type II قبل الحصول على تقرير المدقق
- الصفقات السريعة قبل بناء الثقة المؤسسية
هذا ليس منتجًا. هذا موقف.
**- مؤسسو Dealix**
---
## English
### Enterprise operations in the Arabic-speaking world deserve infrastructure **built for them** — not **adapted from** English-first tools.
Every day, billions of riyals in decisions flow through MENA enterprises: deal approvals, partnerships, expansions, procurement, commercial commitments. And every day, those decisions rest on:
- Excel sheets no one reads end-to-end
- WhatsApp threads with no official audit trail
- American CRMs with machine-translated, fragile Arabic interfaces
- Board meetings without auditable evidence
This is not a technical gap. It is a gap in **operational dignity**.
### We are building Dealix to honor four principles:
1. **Arabic first, not Arabic translated.** Executive surfaces, evidence packs, workflows — all designed for the Arabic enterprise mind first, English second.
2. **Decisions backed by evidence, not by opinion.** Every external commitment in Dealix passes through documented approval, tamper-evident evidence packs (SHA256), and end-to-end correlation from decision to execution.
3. **AI recommends, systems commit, humans approve critical decisions.** We are not building an agent that decides for you. We are building a decision, execution, and governance layer above your existing systems of record.
4. **Saudi compliance is built-in, not bolted on.** PDPL, ZATCA, SDAIA, NCA — all live controls in the platform, not marketing appendices.
### Who we build for:
- Commercial operations leaders in KSA and GCC enterprises
- Those who refuse to build their companies' operations on tools not designed for them
- Those who need decisions that are faster, clearer, safer
### What we refuse:
- "10× revenue" AI promises — because no data supports them
- "Full autonomy" claims — because AI recommends, humans decide
- English interfaces with translations — because Arabic is not a translation
- Claiming SOC 2 Type II before the auditor report is issued
- Quick deals before institutional trust is earned
This is not a product. This is a stance.
**— The Dealix Founders**
---
## Signatures
- [ ] Founder 1
- [ ] Founder 2 (if applicable)
**Date**: [TO BE FILLED ON PUBLICATION]
---
## Publication Notes
- Target URL: `dealix.io/manifesto` (English) + `dealix.io/بيان` (Arabic)
- Render in Next.js with beautiful typography per Phase 2 design system
- Social share cards: each principle as a standalone quote card
- Cite in: sales decks, one-pagers, first email to new customers

21
salesflow-saas/packages/arabic-ui/package.json Normal file
View File

@ -0,0 +1,21 @@
{
"name": "@dealix/arabic-ui",
"version": "0.1.0",
"private": true,
"description": "Arabic-first web UX utilities — RTL detection, numeral conversion, diacritic-insensitive search",
"main": "./src/index.ts",
"types": "./src/index.ts",
"license": "Proprietary",
"keywords": [
"arabic",
"rtl",
"bidi",
"mena",
"i18n",
"locale"
],
"scripts": {
"typecheck": "tsc --noEmit",
"test": "echo 'tests pending TASK-CAT1340'"
}
}

38
salesflow-saas/packages/arabic-ui/src/direction.ts Normal file
View File

@ -0,0 +1,38 @@
/**
* Direction detection and RTL utilities.
*/
// Strong RTL character range check (per Unicode Bidirectional Algorithm)
const STRONG_RTL = /[\u0590-\u083F\u08A0-\u08FF\uFB1D-\uFDFF\uFE70-\uFEFF]/;
const STRONG_LTR = /[A-Za-z\u00C0-\u024F\u1E00-\u1EFF]/;
export type Direction = "ltr" | "rtl";
/**
* Detect dominant direction of a string.
* Returns "rtl" if first strong character is Arabic/Hebrew/etc, else "ltr".
*/
export function detectDirection(text: string): Direction {
if (!text) return "ltr";
for (const ch of text) {
if (STRONG_RTL.test(ch)) return "rtl";
if (STRONG_LTR.test(ch)) return "ltr";
}
return "ltr";
}
export function hasArabic(text: string): boolean {
return STRONG_RTL.test(text);
}
export function isRTL(locale: string): boolean {
return /^(ar|he|fa|ur|ps|sd|ckb)(\b|-)/.test(locale);
}
/**
* Wrap mixed-direction content to prevent bidi reordering issues.
* Usage: `الطلب ${isolate("ORD-2026-001234")} جاهز`
*/
export function isolate(text: string): string {
return `\u2068${text}\u2069`;
}

14
salesflow-saas/packages/arabic-ui/src/index.ts Normal file
View File

@ -0,0 +1,14 @@
/**
* @dealix/arabic-ui Arabic-first web UX utilities
*
* Modules:
* - normalize: diacritic/hamza-insensitive search & compare
* - numerals: Western/Arabic-Indic conversion + currency formatting
* - direction: RTL detection, locale checks, bidi isolation
*
* See DEALIX_PHASE2_BLUEPRINT.md TASK-CAT1340 for OSS roadmap.
*/
export * from "./normalize";
export * from "./numerals";
export * from "./direction";

49
salesflow-saas/packages/arabic-ui/src/normalize.ts Normal file
View File

@ -0,0 +1,49 @@
/**
* Arabic text normalization diacritics, hamza variants, alef-maksura, taa-marbuta.
*
* For search and comparison. Preserves original text for display.
*
* Examples:
* normalize("فَاتِحَة") === normalize("فاتحة") // diacritics stripped
* normalize("أحمد") === normalize("احمد") // hamza normalized
* normalize("رؤية") === normalize("روية") // waw-hamza normalized
* normalize("سُنَّة") === normalize("سنة") // shadda stripped
*/
// Arabic diacritics (fatha, kasra, damma, sukun, shadda, tanween, etc.)
const DIACRITICS = /[\u064B-\u0652\u0670\u0640]/g;
// Hamza variants
const ALEF_VARIANTS = /[\u0622\u0623\u0625\u0671]/g; // آ, أ, إ, ٱ
const WAW_HAMZA = /\u0624/g; // ؤ
const YA_HAMZA = /\u0626/g; // ئ
// Taa marbuta
const TAA_MARBUTA = /\u0629/g; // ة
// Alef maksura
const ALEF_MAKSURA = /\u0649/g; // ى
// Extended Arabic characters
const TATWEEL = /\u0640/g; // ـ (kashida)
export function normalize(text: string): string {
if (!text) return "";
return text
.replace(DIACRITICS, "")
.replace(ALEF_VARIANTS, "\u0627") // → ا
.replace(WAW_HAMZA, "\u0648") // ؤ → و
.replace(YA_HAMZA, "\u064A") // ئ → ي
.replace(TAA_MARBUTA, "\u0647") // ة → ه
.replace(ALEF_MAKSURA, "\u064A") // ى → ي
.replace(TATWEEL, "")
.toLowerCase();
}
export function arabicMatch(haystack: string, needle: string): boolean {
return normalize(haystack).includes(normalize(needle));
}
export function arabicCompare(a: string, b: string): number {
return normalize(a).localeCompare(normalize(b), "ar", { sensitivity: "base" });
}

51
salesflow-saas/packages/arabic-ui/src/numerals.ts Normal file
View File

@ -0,0 +1,51 @@
/**
* Numeral formatting Western (0-9), Arabic-Indic (٠-٩), Eastern Arabic-Indic.
*
* Locale-aware currency formatting for MENA.
*/
export type NumeralSystem = "western" | "arabic-indic" | "eastern-arabic-indic";
const WESTERN_DIGITS = "0123456789";
const ARABIC_INDIC_DIGITS = "٠١٢٣٤٥٦٧٨٩";
const EASTERN_ARABIC_INDIC_DIGITS = "۰۱۲۳۴۵۶۷۸۹";
export function convertDigits(text: string, to: NumeralSystem): string {
const target =
to === "arabic-indic" ? ARABIC_INDIC_DIGITS :
to === "eastern-arabic-indic" ? EASTERN_ARABIC_INDIC_DIGITS :
WESTERN_DIGITS;
return text.replace(/[\d\u0660-\u0669\u06F0-\u06F9]/g, (ch) => {
const code = ch.charCodeAt(0);
let idx: number;
if (code >= 0x30 && code <= 0x39) idx = code - 0x30;
else if (code >= 0x0660 && code <= 0x0669) idx = code - 0x0660;
else if (code >= 0x06F0 && code <= 0x06F9) idx = code - 0x06F0;
else return ch;
return target[idx];
});
}
export function formatCurrency(
value: number,
currency: "SAR" | "AED" | "EGP" | "USD" | "JOD" | "KWD" = "SAR",
locale: "ar-SA" | "ar-AE" | "ar-EG" | "en-US" = "ar-SA",
numerals: NumeralSystem = "western"
): string {
const formatted = new Intl.NumberFormat(locale, {
style: "currency",
currency,
}).format(value);
return convertDigits(formatted, numerals);
}
export function formatNumber(
value: number,
locale: string = "ar-SA",
numerals: NumeralSystem = "western"
): string {
const formatted = new Intl.NumberFormat(locale).format(value);
return convertDigits(formatted, numerals);
}

79
salesflow-saas/packages/design-system/README.md Normal file
View File

@ -0,0 +1,79 @@
# Dealix Design System
> **Status**: Foundation scaffolded (Phase 2 TASK-F201)
> **Owner**: Design + Frontend Platform team
---
## Structure
```
packages/design-system/
├── tokens/
│ ├── primitive.json # Raw values (colors, spacing, radius, motion, typography)
│ ├── semantic.json # Intent-based (surface, fg, border, interactive, status)
│ └── component.json # (future) Per-component tokens
├── primitives/ # (future) Button, Input, Card, Dialog
├── patterns/ # (future) ApprovalCard, EvidenceTimeline
├── layouts/ # (future) Shell, Split, Command
├── motion/ # (future) Framer Motion variants
└── docs/ # (future) Storybook stories
```
---
## Token Design Principles
### 1. Primitive → Semantic → Component
Never reference primitives directly in components. Always go through semantic tokens.
```tsx
// ❌ Wrong
<div style={{ color: 'hsl(var(--color-neutral-900))' }} />
// ✓ Right
<div style={{ color: 'hsl(var(--fg-primary))' }} />
```
### 2. Arabic adjustments are first-class
- `typography.fontSize.arabic-adjustment`: multiply Latin sizes by 1.15 for Arabic
- `typography.lineHeight.arabic`: 1.8 for diacritic-heavy text
- Arabic font stack defaults to IBM Plex Sans Arabic with Tajawal fallback
### 3. Motion respects reduced-motion
Every motion token is used through utilities that check `prefers-reduced-motion`.
### 4. Dark mode is not a retrofit
Light + dark semantic layers defined in parallel in `semantic.json`.
---
## Integration (Phase 2)
Once scaffolded:
1. Install Style Dictionary: `pnpm add -D style-dictionary`
2. Build tokens to CSS + TS: `pnpm tokens:build`
3. Import in app: `import '@dealix/design-system/tokens.css'`
---
## Standards
- **W3C Design Tokens Community Group** format (`$value`, `$type`)
- **Tokens Studio** compatible for Figma ↔ code round-trip
- **CSS custom properties** output with `--` prefix per theme
---
## Phase 2 Roadmap
| Task | Status | Notes |
|------|--------|-------|
| TASK-F201 — Tokens | SCAFFOLDED | primitive + semantic done |
| TASK-F210 — Typography | — | Arabic-first type scale |
| TASK-F211 — RTL layout | — | Logical CSS properties |
| TASK-F240 — Motion | — | Framer Motion variants |
| TASK-F270 — ApprovalCard | — | Signature pattern |
| TASK-F280 — Themes | — | Light/dark/high-contrast/white-label |
See `DEALIX_PHASE2_BLUEPRINT.md` for full roadmap.

96
salesflow-saas/packages/design-system/tokens/primitive.json Normal file
View File

@ -0,0 +1,96 @@
{
"$schema": "https://design-tokens.github.io/community-group/format/",
"color": {
"brand": {
"50": { "$value": "#f0f7ff", "$type": "color" },
"100": { "$value": "#dbeafe", "$type": "color" },
"200": { "$value": "#bfdbfe", "$type": "color" },
"300": { "$value": "#93c5fd", "$type": "color" },
"400": { "$value": "#60a5fa", "$type": "color" },
"500": { "$value": "#2563eb", "$type": "color" },
"600": { "$value": "#1d4ed8", "$type": "color" },
"700": { "$value": "#1e40af", "$type": "color" },
"800": { "$value": "#1e3a8a", "$type": "color" },
"900": { "$value": "#172554", "$type": "color" }
},
"neutral": {
"50": { "$value": "#fafafa", "$type": "color" },
"100": { "$value": "#f5f5f5", "$type": "color" },
"200": { "$value": "#e5e5e5", "$type": "color" },
"300": { "$value": "#d4d4d4", "$type": "color" },
"400": { "$value": "#a3a3a3", "$type": "color" },
"500": { "$value": "#737373", "$type": "color" },
"600": { "$value": "#525252", "$type": "color" },
"700": { "$value": "#404040", "$type": "color" },
"800": { "$value": "#262626", "$type": "color" },
"900": { "$value": "#171717", "$type": "color" },
"950": { "$value": "#0a0a0a", "$type": "color" }
},
"critical": { "500": { "$value": "#dc2626", "$type": "color" } },
"warning": { "500": { "$value": "#d97706", "$type": "color" } },
"success": { "500": { "$value": "#16a34a", "$type": "color" } },
"info": { "500": { "$value": "#0891b2", "$type": "color" } }
},
"space": {
"0": { "$value": "0", "$type": "dimension" },
"1": { "$value": "0.25rem", "$type": "dimension" },
"2": { "$value": "0.5rem", "$type": "dimension" },
"3": { "$value": "0.75rem", "$type": "dimension" },
"4": { "$value": "1rem", "$type": "dimension" },
"5": { "$value": "1.25rem", "$type": "dimension" },
"6": { "$value": "1.5rem", "$type": "dimension" },
"8": { "$value": "2rem", "$type": "dimension" },
"10": { "$value": "2.5rem", "$type": "dimension" },
"12": { "$value": "3rem", "$type": "dimension" },
"16": { "$value": "4rem", "$type": "dimension" },
"20": { "$value": "5rem", "$type": "dimension" }
},
"radius": {
"none": { "$value": "0", "$type": "dimension" },
"sm": { "$value": "0.25rem", "$type": "dimension" },
"md": { "$value": "0.5rem", "$type": "dimension" },
"lg": { "$value": "0.75rem", "$type": "dimension" },
"xl": { "$value": "1rem", "$type": "dimension" },
"2xl": { "$value": "1.5rem", "$type": "dimension" },
"full": { "$value": "9999px", "$type": "dimension" }
},
"motion": {
"duration": {
"instant": { "$value": "100ms", "$type": "duration" },
"fast": { "$value": "180ms", "$type": "duration" },
"default": { "$value": "240ms", "$type": "duration" },
"slow": { "$value": "320ms", "$type": "duration" }
},
"easing": {
"spring": { "$value": "cubic-bezier(0.34, 1.56, 0.64, 1)", "$type": "cubicBezier" },
"easeOut": { "$value": "cubic-bezier(0.22, 1, 0.36, 1)", "$type": "cubicBezier" },
"easeIn": { "$value": "cubic-bezier(0.42, 0, 1, 1)", "$type": "cubicBezier" }
}
},
"typography": {
"fontFamily": {
"arabic": { "$value": "'IBM Plex Sans Arabic', 'Tajawal', system-ui, sans-serif", "$type": "fontFamily" },
"latin": { "$value": "'Inter', 'Geist', system-ui, sans-serif", "$type": "fontFamily" },
"mono": { "$value": "'JetBrains Mono', 'Fira Code', ui-monospace, monospace", "$type": "fontFamily" }
},
"fontSize": {
"xs": { "$value": "0.75rem", "$type": "dimension" },
"sm": { "$value": "0.875rem", "$type": "dimension" },
"base": { "$value": "1rem", "$type": "dimension" },
"lg": { "$value": "1.125rem", "$type": "dimension" },
"xl": { "$value": "1.25rem", "$type": "dimension" },
"2xl": { "$value": "1.5rem", "$type": "dimension" },
"3xl": { "$value": "1.875rem", "$type": "dimension" },
"4xl": { "$value": "2.25rem", "$type": "dimension" },
"arabic-adjustment": { "$value": "1.15", "$type": "number",
"$description": "Multiply Latin sizes by this for Arabic equivalent legibility" }
},
"lineHeight": {
"tight": { "$value": "1.25", "$type": "number" },
"normal": { "$value": "1.5", "$type": "number" },
"relaxed": { "$value": "1.75", "$type": "number" },
"arabic": { "$value": "1.8", "$type": "number",
"$description": "Arabic needs more line height for diacritics" }
}
}
}

50
salesflow-saas/packages/design-system/tokens/semantic.json Normal file
View File

@ -0,0 +1,50 @@
{
"$schema": "https://design-tokens.github.io/community-group/format/",
"light": {
"surface": {
"default": { "$value": "{color.neutral.50}", "$type": "color" },
"elevated": { "$value": "#ffffff", "$type": "color" },
"sunken": { "$value": "{color.neutral.100}", "$type": "color" }
},
"fg": {
"primary": { "$value": "{color.neutral.900}", "$type": "color" },
"secondary": { "$value": "{color.neutral.600}", "$type": "color" },
"muted": { "$value": "{color.neutral.500}", "$type": "color" },
"inverse": { "$value": "#ffffff", "$type": "color" }
},
"border": {
"default": { "$value": "{color.neutral.200}", "$type": "color" },
"subtle": { "$value": "{color.neutral.100}", "$type": "color" },
"strong": { "$value": "{color.neutral.300}", "$type": "color" }
},
"interactive": {
"primary": { "$value": "{color.brand.600}", "$type": "color" },
"primary-hover": { "$value": "{color.brand.700}", "$type": "color" },
"primary-active": { "$value": "{color.brand.800}", "$type": "color" }
},
"status": {
"critical": { "$value": "{color.critical.500}", "$type": "color" },
"warning": { "$value": "{color.warning.500}", "$type": "color" },
"success": { "$value": "{color.success.500}", "$type": "color" },
"info": { "$value": "{color.info.500}", "$type": "color" }
}
},
"dark": {
"surface": {
"default": { "$value": "{color.neutral.950}", "$type": "color" },
"elevated": { "$value": "{color.neutral.900}", "$type": "color" },
"sunken": { "$value": "#000000", "$type": "color" }
},
"fg": {
"primary": { "$value": "{color.neutral.50}", "$type": "color" },
"secondary": { "$value": "{color.neutral.400}", "$type": "color" },
"muted": { "$value": "{color.neutral.500}", "$type": "color" },
"inverse": { "$value": "{color.neutral.900}", "$type": "color" }
},
"border": {
"default": { "$value": "{color.neutral.800}", "$type": "color" },
"subtle": { "$value": "{color.neutral.900}", "$type": "color" },
"strong": { "$value": "{color.neutral.700}", "$type": "color" }
}
}
}

20
salesflow-saas/scripts/release_readiness_matrix.py
View File

@ -79,6 +79,26 @@ CHECKS = {
"extraction_script": ROOT / "scripts" / "extract_dealix_repo.sh",
"pre_commit_config": ROOT / ".pre-commit-config.yaml",
"backend_pyproject": ROOT / "backend" / "pyproject.toml",
# Phase 1 completion (legal templates, trademark kit, founder decision)
"ip_assignment_template": ROOT / "docs" / "legal" / "templates" / "IP_ASSIGNMENT_AGREEMENT.md",
"privacy_template_en": ROOT / "docs" / "legal" / "templates" / "PRIVACY_POLICY_EN.md",
"privacy_template_ar": ROOT / "docs" / "legal" / "templates" / "PRIVACY_POLICY_AR.md",
"tos_template_en": ROOT / "docs" / "legal" / "templates" / "TERMS_OF_SERVICE_EN.md",
"dpa_template_en": ROOT / "docs" / "legal" / "templates" / "DPA_EN.md",
"trademark_kit": ROOT / "docs" / "legal" / "templates" / "TRADEMARK_FILING_KIT.md",
"founder_decision_package": ROOT / "FOUNDER_DECISION_PACKAGE.md",
"gitleaks_ignore": ROOT / ".gitleaksignore",
# Phase 2 foundation
"phase2_blueprint": ROOT / "DEALIX_PHASE2_BLUEPRINT.md",
"design_system_readme": ROOT / "packages" / "design-system" / "README.md",
"design_system_primitive_tokens": ROOT / "packages" / "design-system" / "tokens" / "primitive.json",
"design_system_semantic_tokens": ROOT / "packages" / "design-system" / "tokens" / "semantic.json",
"arabic_ui_package": ROOT / "packages" / "arabic-ui" / "package.json",
"arabic_ui_normalize": ROOT / "packages" / "arabic-ui" / "src" / "normalize.ts",
"arabic_ui_numerals": ROOT / "packages" / "arabic-ui" / "src" / "numerals.ts",
"arabic_ui_direction": ROOT / "packages" / "arabic-ui" / "src" / "direction.ts",
"manifesto": ROOT / "marketing" / "manifesto.md",
"dealix_labs": ROOT / "docs" / "labs" / "README.md",
}
CONTENT_CHECKS = {

4
salesflow-saas/scripts/release_readiness_report.json
View File

@ -1,6 +1,6 @@
{
"total": 53,
"passed": 53,
"total": 71,
"passed": 71,
"score": 100.0,
"ready": true
}