docs(tier1): enterprise readiness checklist and wiring for governance spine

Made-with: Cursor

.claude/settings.json

@@ -1,6 +1,6 @@
 {
   "theme": "dark",
-  "projectInstructions": "Follow Dealix Sovereign OS: MASTER_OPERATING_PROMPT.md (canonical), AGENTS.md, CLAUDE.md, docs/ai-operating-model.md, docs/governance/approval-policy.md. Agentic by design, governed by policy, proven by evidence. Decision plane = structured cognition; execution plane = durable workflows only. No external commitment without approval + reversibility + evidence.",
+  "projectInstructions": "Follow Dealix Sovereign OS: MASTER_OPERATING_PROMPT.md (canonical), AGENTS.md, CLAUDE.md, docs/ai-operating-model.md, docs/dealix-six-tracks.md, docs/governance/approval-policy.md, docs/governance/technology-radar-tier1.md, docs/enterprise-readiness.md. Agentic by design, governed by policy, proven by evidence. Decision plane = structured cognition; execution plane = durable workflows only. No external commitment without approval + reversibility + evidence. Tier-1 targets (Temporal, OPA, OpenFGA) require ADR docs/adr/0001-tier1-execution-policy-spikes.md exit criteria before production claims.",
   "customCommands": [
     {
       "name": "architecture-map",
@@ -18,4 +18,4 @@
       "command": "powershell -NoProfile -ExecutionPolicy Bypass -File salesflow-saas/verify-launch.ps1"
     }
   ]
-}
+}

.cursor/commands/review-policy.md

@@ -7,6 +7,7 @@ Scan the current change or branch against the policy library before commit or PR
 1. [docs/governance/approval-policy.md](../../docs/governance/approval-policy.md) — A/R/S, Class A/B/C, evidence packs.
 2. [docs/governance/trust-fabric.md](../../docs/governance/trust-fabric.md) — security gate, tool verification, audit.
 3. [docs/governance/github-and-release.md](../../docs/governance/github-and-release.md) — branch and environment rules.
+4. [docs/enterprise-readiness.md](../../docs/enterprise-readiness.md) — B2B checklist before promising enterprise posture.
 
 ## Output
 

AGENTS.md

@@ -66,6 +66,7 @@ Use these for depth, onboarding, and review. Each expands themes from the master
 | [docs/dealix-six-tracks.md](docs/dealix-six-tracks.md) | Six Dealix OS tracks + code pointers + status snapshot |
 | [docs/blueprint-master-architecture.md](docs/blueprint-master-architecture.md) | Master blueprint index |
 | [docs/execution-matrix-90d-tier1.md](docs/execution-matrix-90d-tier1.md) | Phase 0–1 outcomes vs matrix |
+| [docs/enterprise-readiness.md](docs/enterprise-readiness.md) | B2B / enterprise preparation checklist |
 | [docs/adr/0001-tier1-execution-policy-spikes.md](docs/adr/0001-tier1-execution-policy-spikes.md) | Gated spikes: Temporal, OPA, OpenFGA |
 
 Operating overview with diagram: **[`docs/ai-operating-model.md`](docs/ai-operating-model.md)**.

CLAUDE.md

@@ -49,6 +49,8 @@ For policy scanning, evidence packs, and release gates in Cursor, use `/review-p
 - **[docs/ai-operating-model.md](docs/ai-operating-model.md)** — planes overview + mermaid + product routing.
 - **[docs/governance/README.md](docs/governance/README.md)** — governance library index.
 - **[docs/dealix-six-tracks.md](docs/dealix-six-tracks.md)** — six OS tracks + honest status vs Tier-1 target.
-- **[docs/blueprint-master-architecture.md](docs/blueprint-master-architecture.md)** — blueprint index; **[docs/adr/0001-tier1-execution-policy-spikes.md](docs/adr/0001-tier1-execution-policy-spikes.md)** — gated spikes (Temporal, OPA, OpenFGA).
+- **[docs/blueprint-master-architecture.md](docs/blueprint-master-architecture.md)** — blueprint index.
+- **[docs/adr/0001-tier1-execution-policy-spikes.md](docs/adr/0001-tier1-execution-policy-spikes.md)** — gated spikes (Temporal, OPA, OpenFGA).
+- **[docs/enterprise-readiness.md](docs/enterprise-readiness.md)** — B2B / enterprise readiness checklist.
 
 Discovery before code; Phase 1 only until evidence; no policy logic in prompts where it belongs in policy systems.

MASTER_OPERATING_PROMPT.md

@@ -26,6 +26,7 @@ Deep-dive topics live under [`docs/governance/`](docs/governance/) (keep this fi
 | Saudi compliance & AI governance register | [`docs/governance/saudi-compliance-and-ai-governance.md`](docs/governance/saudi-compliance-and-ai-governance.md) |
 | Master architecture blueprint (index) | [`docs/blueprint-master-architecture.md`](docs/blueprint-master-architecture.md) |
 | 90-day Tier-1 execution matrix | [`docs/execution-matrix-90d-tier1.md`](docs/execution-matrix-90d-tier1.md) |
+| Enterprise readiness (B2B checklist) | [`docs/enterprise-readiness.md`](docs/enterprise-readiness.md) |
 | ADR: Temporal / OPA / OpenFGA spikes | [`docs/adr/0001-tier1-execution-policy-spikes.md`](docs/adr/0001-tier1-execution-policy-spikes.md) |
 
 ---

docs/ai-operating-model.md

@@ -22,6 +22,7 @@ This repository follows the **Master Operating Prompt** ([`MASTER_OPERATING_PROM
 | [governance/technology-radar-tier1.md](governance/technology-radar-tier1.md) | Official vs optional vs pilot stack |
 | [governance/saudi-compliance-and-ai-governance.md](governance/saudi-compliance-and-ai-governance.md) | PDPL posture, NCA readiness, NIST/OWASP alignment |
 | [execution-matrix-90d-tier1.md](execution-matrix-90d-tier1.md) | Phase 0–1 outcomes vs agent matrix |
+| [enterprise-readiness.md](enterprise-readiness.md) | Enterprise / B2B readiness checklist |
 | [blueprint-master-architecture.md](blueprint-master-architecture.md) | Master blueprint index |
 
 ## Planes at a glance

docs/blueprint-master-architecture.md

@@ -19,7 +19,7 @@ For the classic “8 layers” service map (signal, memory, reasoning, orchestra
 
 ## Agents, events, and HITL
 
-- **16 agents × events × KPIs × gates:** [`Execution_Matrix.md`](../Execution_Matrix.md) (and `Execution_Matrix_v2.md` if maintained in parallel).
+- **16 agents × events × KPIs × gates:** [`Execution_Matrix.md`](../Execution_Matrix.md); alternate or delta matrix: [`Execution_Matrix_v2.md`](../Execution_Matrix_v2.md) (keep a single source of truth — avoid conflicting agent IDs between files).
 
 ## Execution and trust (Tier-1)
 
@@ -38,6 +38,10 @@ For the classic “8 layers” service map (signal, memory, reasoning, orchestra
 
 - [`execution-matrix-90d-tier1.md`](execution-matrix-90d-tier1.md)
 
+## Enterprise readiness
+
+- B2B preparation checklist: [`enterprise-readiness.md`](enterprise-readiness.md)
+
 ## Spikes and ADRs (gated)
 
 - [`adr/0001-tier1-execution-policy-spikes.md`](adr/0001-tier1-execution-policy-spikes.md)

docs/dealix-six-tracks.md

@@ -31,9 +31,9 @@ Use this to avoid claiming components that are not yet wired in production. Refr
 | Area | Status | Notes |
 |------|--------|--------|
 | Decision plane (memos, structured outputs, routing) | **Partial** | LangGraph / agents / `AgentExecutor`; tighten schema + evidence on all governed paths |
-| Execution plane (durable, crash-proof, versioned workers) | **Partial** | Celery + flows today; **Temporal** is a documented Tier-1 target only — see [`docs/governance/execution-fabric.md`](governance/execution-fabric.md) (when added) |
+| Execution plane (durable, crash-proof, versioned workers) | **Partial** | Celery + flows today; **Temporal** is a documented Tier-1 target only — see [`docs/governance/execution-fabric.md`](governance/execution-fabric.md) |
 | Trust plane (tool verification, evals, red-team) | **Partial** | Audit, `security_gate`, policy engine; expand verification ledger consistently |
-| Data plane (semantic metrics, single lineage catalog) | **Partial** | Postgres + patterns; semantic layer / lineage tool TBD per [`technology-radar-tier1.md`](governance/technology-radar-tier1.md) (when added) |
+| Data plane (semantic metrics, single lineage catalog) | **Partial** | Postgres + patterns; semantic layer / lineage tool TBD per [`technology-radar-tier1.md`](governance/technology-radar-tier1.md) |
 | Operating plane (GitHub rulesets, env promotion, OIDC) | **Partial** | Documented in [`github-and-release.md`](governance/github-and-release.md); enforce per org tier |
 | OPA / OpenFGA / Vault / Keycloak as policy & IAM | **Planned** | Target architecture only until ADR + spike + evidence |
 
@@ -43,5 +43,6 @@ Use this to avoid claiming components that are not yet wired in production. Refr
 
 - Master execution matrix (agents × events × HITL): [`Execution_Matrix.md`](../Execution_Matrix.md)  
 - Architecture pack (layers): [`Architecture_Pack.md`](../Architecture_Pack.md)  
-- Tier-1 blueprint (index): [`docs/blueprint-master-architecture.md`](blueprint-master-architecture.md) (when present)  
-- 90-day Tier-1 matrix: [`docs/execution-matrix-90d-tier1.md`](execution-matrix-90d-tier1.md) (when present)
+- Tier-1 blueprint (index): [`docs/blueprint-master-architecture.md`](blueprint-master-architecture.md)  
+- 90-day Tier-1 matrix: [`docs/execution-matrix-90d-tier1.md`](execution-matrix-90d-tier1.md)  
+- Enterprise readiness checklist: [`docs/enterprise-readiness.md`](enterprise-readiness.md)

docs/enterprise-readiness.md

@@ -0,0 +1,49 @@
+# Enterprise readiness — Dealix Sovereign OS
+
+This checklist helps **internal teams** prepare for **B2B / enterprise** conversations and deployments. It is not a substitute for customer-specific due diligence, legal review, or penetration testing.
+
+## 1. Read in order (governance spine)
+
+1. [`MASTER_OPERATING_PROMPT.md`](../MASTER_OPERATING_PROMPT.md) — constitution and TOC.  
+2. [`dealix-six-tracks.md`](dealix-six-tracks.md) — six product lanes and honest **Implemented / Partial / Planned** status.  
+3. [`governance/approval-policy.md`](governance/approval-policy.md) — A/R/S and Class A/B/C.  
+4. [`governance/trust-fabric.md`](governance/trust-fabric.md) — trust substrate and tool verification.  
+5. [`governance/saudi-compliance-and-ai-governance.md`](governance/saudi-compliance-and-ai-governance.md) — PDPL / NCA readiness register and AI governance frames.  
+6. [`governance/github-and-release.md`](governance/github-and-release.md) — branch protection, environments, OIDC, audit retention.  
+7. [`execution-matrix-90d-tier1.md`](execution-matrix-90d-tier1.md) — Phase 0–1 measurable outcomes.
+
+## 2. Product and legal surface
+
+- Review customer-facing and internal policies under [`salesflow-saas/docs/legal/`](../salesflow-saas/docs/legal/) (consent, privacy, data protection, PDPL-oriented copy where present).  
+- Align marketing claims with **evidence**: tests, `verify-launch`, and run artifacts — see [`governance/discovery-and-output-checklist.md`](governance/discovery-and-output-checklist.md).
+
+## 3. Technical evidence before “production-ready” claims
+
+| Gate | Command / artifact |
+|------|---------------------|
+| Backend regression | `cd salesflow-saas/backend && pytest -v --tb=short` |
+| Launch / hardening script | `salesflow-saas/verify-launch.ps1` (extend flags per [`salesflow-saas/docs/LAUNCH_CHECKLIST.md`](../salesflow-saas/docs/LAUNCH_CHECKLIST.md)) |
+| Architecture traceability | [`blueprint-master-architecture.md`](blueprint-master-architecture.md) + [`Architecture_Pack.md`](../Architecture_Pack.md) + [`Execution_Matrix.md`](../Execution_Matrix.md) |
+
+## 4. What not to promise yet
+
+Until ADR [`adr/0001-tier1-execution-policy-spikes.md`](adr/0001-tier1-execution-policy-spikes.md) exit criteria are met, do **not** represent the following as fully shipped production standards:
+
+- Temporal (or equivalent) as the **sole** system of record for all long workflows.  
+- OPA / OpenFGA / Vault / Keycloak as **in-path** dependencies without integration tests and security sign-off.
+
+Use [`governance/technology-radar-tier1.md`](governance/technology-radar-tier1.md) for **official vs optional vs pilot** language.
+
+## 5. Security and procurement FAQs (internal)
+
+- **Data residency and subprocessors:** document actual regions and vendors; update when adding LLM or SaaS connectors.  
+- **RBAC and tenancy:** confirm `tenant_id` isolation and admin boundaries in code review for every net-new API.  
+- **Audit logs:** retention, export, and SIEM streaming per customer tier — see notes in [`governance/github-and-release.md`](governance/github-and-release.md).
+
+## 6. Continuous improvement
+
+Revisit this file after each major release or enterprise pilot; update [`dealix-six-tracks.md`](dealix-six-tracks.md) status table when capabilities move from Partial to Verified.
+
+## 7. Maintainer sync
+
+`scripts/architecture_brief.py` includes this path in `CONSTITUTION_PATHS`; `.claude/settings.json` references it in `projectInstructions` for Claude Code. Update both when adding new enterprise-facing governance files.

docs/governance/README.md

@@ -18,6 +18,6 @@ This folder expands each major theme for navigation, review, and agent onboardin
 | [technology-radar-tier1.md](technology-radar-tier1.md) | Tier-1 technology radar (official / optional / pilot) |
 | [saudi-compliance-and-ai-governance.md](saudi-compliance-and-ai-governance.md) | PDPL/NCA readiness register, NIST/OWASP AI governance |
 
-**Tier-1 index docs (repo `docs/`):** [dealix-six-tracks.md](../dealix-six-tracks.md), [blueprint-master-architecture.md](../blueprint-master-architecture.md), [execution-matrix-90d-tier1.md](../execution-matrix-90d-tier1.md), [adr/0001-tier1-execution-policy-spikes.md](../adr/0001-tier1-execution-policy-spikes.md).
+**Tier-1 index docs (repo `docs/`):** [dealix-six-tracks.md](../dealix-six-tracks.md), [blueprint-master-architecture.md](../blueprint-master-architecture.md), [execution-matrix-90d-tier1.md](../execution-matrix-90d-tier1.md), [enterprise-readiness.md](../enterprise-readiness.md), [adr/0001-tier1-execution-policy-spikes.md](../adr/0001-tier1-execution-policy-spikes.md).
 
 Repo entry points: [`../../AGENTS.md`](../../AGENTS.md), [`../../CLAUDE.md`](../../CLAUDE.md), [`../ai-operating-model.md`](../ai-operating-model.md).

docs/governance/discovery-and-output-checklist.md

@@ -2,6 +2,8 @@
 
 **Canonical:** [`MASTER_OPERATING_PROMPT.md`](../../MASTER_OPERATING_PROMPT.md).
 
+**Tier-1 bundle (tracks, radar, execution/trust specs, Saudi register, ADR gates):** [`../dealix-six-tracks.md`](../dealix-six-tracks.md), [`../blueprint-master-architecture.md`](../blueprint-master-architecture.md), [`technology-radar-tier1.md`](technology-radar-tier1.md), [`execution-fabric.md`](execution-fabric.md), [`saudi-compliance-and-ai-governance.md`](saudi-compliance-and-ai-governance.md), [`../enterprise-readiness.md`](../enterprise-readiness.md).
+
 ## Before writing code
 
 Produce a **code-backed** map (paths, modules, configs), not guesses:

salesflow-saas/AGENTS.md

@@ -137,6 +137,7 @@ The **institutional** operating prompt and governance library live at the **repo
 - [`../docs/dealix-six-tracks.md`](../docs/dealix-six-tracks.md) — six OS tracks, code pointers, implementation status snapshot.
 - [`../docs/blueprint-master-architecture.md`](../docs/blueprint-master-architecture.md) — master blueprint index.
 - [`../docs/execution-matrix-90d-tier1.md`](../docs/execution-matrix-90d-tier1.md) — Phase 0–1 Tier-1 execution matrix.
+- [`../docs/enterprise-readiness.md`](../docs/enterprise-readiness.md) — B2B / enterprise readiness checklist.
 
 **Governance library** (`../docs/governance/`)
 

scripts/architecture_brief.py

@@ -15,6 +15,7 @@ CONSTITUTION_PATHS = [
     "docs/dealix-six-tracks.md",
     "docs/blueprint-master-architecture.md",
     "docs/execution-matrix-90d-tier1.md",
+    "docs/enterprise-readiness.md",
     "docs/adr/0001-tier1-execution-policy-spikes.md",
     "docs/governance/README.md",
     "docs/governance/approval-policy.md",