diff --git a/.claude/settings.json b/.claude/settings.json new file mode 100644 index 00000000..9d3c5e73 --- /dev/null +++ b/.claude/settings.json @@ -0,0 +1,37 @@ +{ + "theme": "dark", + "projectInstructions": "Follow Dealix OS Sovereign architecture. Do not execute DB changes directly; use action dispatchers. Ensure Universal JSON Output Contract.", + "customCommands": [ + { + "name": "repo-map", + "description": "Generates a comprehensive layout of the core OS structure including agents and memory.", + "command": "python scripts/repo_mapper.py" + }, + { + "name": "canary-check", + "description": "Runs local tests before allowing any production deployment simulation.", + "command": "pytest tests/ --cov" + }, + { + "name": "security-preflight", + "description": "Pre-commit security validation against known PDPL patterns.", + "command": "python scripts/security_gate.py" + } + ], + "hooks": { + "PreToolUse": [ + { + "pattern": "git push .*", + "command": "pytest tests/ && python scripts/audit_changelog.py", + "description": "Require unit tests and audit logging before interacting directly with code promotion." + } + ], + "PostToolUse": [ + { + "pattern": "write_to_file", + "command": "python scripts/reformat_and_validate.py", + "description": "Ensure newly written markdown or python files follow architectural constraints." + } + ] + } +} diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 00000000..8c521e0b --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,49 @@ +# Dealix Sovereign Growth OS: Agent Constitution + +This file conforms to the public `AGENTS.md` specification. It defines the rules of engagement, architectural boundaries, and absolute laws for any AI Agent (Claude, Cursor, Goose, etc.) reading or executing within the `Dealix Sovereign Growth OS` repository. + +## 1. 🛡️ Absolute Golden Rules + +1. **Automation by default, approval by exception**: + - Operations are autonomous unless they trigger a HITL (Human-in-the-loop) gate. +2. **No strategic autonomy without evidence**: + - Agents must write the `Decision Memo` output contract for every action. No silent changes. +3. **AI assists decisions; business systems remain source of truth**: + - Never mock a database state write unless executing a targeted test. +4. **Every important action must be replayable, explainable, and reversible**: + - Provide a `rollback_plan` in every M&A or expansion document generated. +5. **Arabic-first is not a translation layer**: + - Treat Arabic as a primary product architecture choice (RTL natively, `IBM Plex Sans Arabic`). + +## 2. 🚷 Prohibited Zones (Forbidden Paths) +Agents MUST NOT modify, read, or execute scripts related to the following without explicit `/canary-promote` or `-override` user commands: +- `**/*.env` and `**/secrets/*` +- `production/db_migrations/*` (without Shannon preflight scans) +- `salesflow-saas/backend/scripts/deploy_live.py` (Must invoke manually to enforce HITL) + +## 3. 🧠 Memory & Verification Guidelines +Agents MUST write their outputs contextually to the `/memory/` structure: +- `/memory/ma/` -> Deal valuation, target screening +- `/memory/partners/` -> Partner scouting, Alliance term sheets +- `/memory/architecture/` -> System changes, ADRs +- `/memory/policies/` -> Compliance engines rules + +**The Verification Toolproof Law:** +If you execute an event, you must log: Intent, Claimed Action, Side Effects, and Verification Status (verified, partially_verified, unverified). + +## 4. 🔀 Preferred Toolchains & Adapters +- **Orchestration**: `LangGraph` for M&A/Strategy long-running processes. +- **Local/Private Inference**: `Atomic Chat` where PDPL limits cloud transmission. +- **Ops/Terminal Agent**: `goose` for system actions and multi-step OS workflows. +- **Repo Context**: `Repomix` for packing complex code architectures for reviews. +- **Security Check**: `Shannon` for white-box pre-release gates. + +## 5. 🤖 Available Agent Families +Agents must align with one of these namespaces: +1. `growth.*` (Market Signal, Partnership Scout, Alliance Structuring, Expansion) +2. `ma.*` (Screener, DD Analyst, Valuation, Negotiation, PMI) +3. `revenue.*` (Lead Intel, Exec Outreach, Proposal Design, Expansion) +4. `governance.*` (Strategic PMO, Compliance, Exec Sovereign Intelligence) + +--- +*Note: Any agent caught hallucinating a success claim without `audit_metadata` verification will have its access revoked by the Sovereign Orchestrator.* diff --git a/CLAUDE.md b/CLAUDE.md new file mode 100644 index 00000000..32665aee --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1,29 @@ +# Dealix AI Coding Guidelines + +This document provides specialized guidelines for Anthropic Claude (via Claude Code, Cursor, or direct API) working in the Dealix Sovereign Growth OS repository. + +## 1. 🌍 Architecting for Arabic First +- All UI strings, generated proposals, and communications MUST be strictly Arabic unless otherwise specified. +- Use `IBM Plex Sans Arabic` for standard text and tables. +- Use `29LT Azal` for hero headlines and important numerical displays. +- RTL layout assumptions are default. Ensure `dir="rtl"` is respected in web assets. + +## 2. 📝 Decision Memo Mandate +Whenever you formulate a strategic script or Python orchestration logic, you MUST build the agent response formatting around the Universal Output Contract (`Decision Memo JSON`). Do not write monolithic text outputs for agents; use structured validation (e.g., Pydantic models). + +## 3. ⚙️ Slash Commands +Use the following slash commands within your chats to trigger specific pre-built workflows: +- `/repo-map`: Maps the current structure and memory dependencies (via Repomix). +- `/arch-review`: Executes an architectural ADR compliance check against the `Policy Engine`. +- `/safe-refactor`: Refactors while explicitly running tests and checking policy layers. +- `/board-memo`: Compiles latest Sovereign inputs into an Arabic Executive Memo. +- `/security-preflight`: Runs Shannon and formatting checks before generating a PR. +- `/ma-brief`: Aggregates the contents of `/memory/ma/` to generate a DD summary. + +## 4. 🔗 Code Constraints & Quality +- Focus on robust typing (Python `typing`, Typescript `strict: true`). +- Prefer state machines (`LangGraph` patterns) over standard while-loops for long-running workflows. +- Always implement exhaustive try-except blocks for External API actions (CRM/ERP), appending `{status: 'unverified/failed'}` to the tool proof logger on failure. + +## 5. 🚪 Approvals & Hooks +Do not write code that blindly patches `main`. Comply with `.claude/settings.json` hook definitions, ensuring you log pre/post execution evidence.