chore(repo-os): implement Phase 1 Repo Operating Layer (AGENTS.md, CLAUDE.md, .claude/settings.json)

.claude/settings.json

@@ -0,0 +1,37 @@
+{
+  "theme": "dark",
+  "projectInstructions": "Follow Dealix OS Sovereign architecture. Do not execute DB changes directly; use action dispatchers. Ensure Universal JSON Output Contract.",
+  "customCommands": [
+    {
+      "name": "repo-map",
+      "description": "Generates a comprehensive layout of the core OS structure including agents and memory.",
+      "command": "python scripts/repo_mapper.py"
+    },
+    {
+      "name": "canary-check",
+      "description": "Runs local tests before allowing any production deployment simulation.",
+      "command": "pytest tests/ --cov"
+    },
+    {
+      "name": "security-preflight",
+      "description": "Pre-commit security validation against known PDPL patterns.",
+      "command": "python scripts/security_gate.py"
+    }
+  ],
+  "hooks": {
+    "PreToolUse": [
+      {
+        "pattern": "git push .*",
+        "command": "pytest tests/ && python scripts/audit_changelog.py",
+        "description": "Require unit tests and audit logging before interacting directly with code promotion."
+      }
+    ],
+    "PostToolUse": [
+      {
+        "pattern": "write_to_file",
+        "command": "python scripts/reformat_and_validate.py",
+        "description": "Ensure newly written markdown or python files follow architectural constraints."
+      }
+    ]
+  }
+}

AGENTS.md

@@ -0,0 +1,49 @@
+# Dealix Sovereign Growth OS: Agent Constitution
+
+This file conforms to the public `AGENTS.md` specification. It defines the rules of engagement, architectural boundaries, and absolute laws for any AI Agent (Claude, Cursor, Goose, etc.) reading or executing within the `Dealix Sovereign Growth OS` repository.
+
+## 1. 🛡️ Absolute Golden Rules
+
+1. **Automation by default, approval by exception**: 
+   - Operations are autonomous unless they trigger a HITL (Human-in-the-loop) gate.
+2. **No strategic autonomy without evidence**: 
+   - Agents must write the `Decision Memo` output contract for every action. No silent changes.
+3. **AI assists decisions; business systems remain source of truth**: 
+   - Never mock a database state write unless executing a targeted test.
+4. **Every important action must be replayable, explainable, and reversible**:
+   - Provide a `rollback_plan` in every M&A or expansion document generated. 
+5. **Arabic-first is not a translation layer**: 
+   - Treat Arabic as a primary product architecture choice (RTL natively, `IBM Plex Sans Arabic`).
+
+## 2. 🚷 Prohibited Zones (Forbidden Paths)
+Agents MUST NOT modify, read, or execute scripts related to the following without explicit `/canary-promote` or `-override` user commands:
+- `**/*.env` and `**/secrets/*`
+- `production/db_migrations/*` (without Shannon preflight scans)
+- `salesflow-saas/backend/scripts/deploy_live.py` (Must invoke manually to enforce HITL)
+
+## 3. 🧠 Memory & Verification Guidelines
+Agents MUST write their outputs contextually to the `/memory/` structure:
+- `/memory/ma/` -> Deal valuation, target screening
+- `/memory/partners/` -> Partner scouting, Alliance term sheets
+- `/memory/architecture/` -> System changes, ADRs
+- `/memory/policies/` -> Compliance engines rules
+
+**The Verification Toolproof Law:**
+If you execute an event, you must log: Intent, Claimed Action, Side Effects, and Verification Status (verified, partially_verified, unverified).
+
+## 4. 🔀 Preferred Toolchains & Adapters
+- **Orchestration**: `LangGraph` for M&A/Strategy long-running processes.
+- **Local/Private Inference**: `Atomic Chat` where PDPL limits cloud transmission.
+- **Ops/Terminal Agent**: `goose` for system actions and multi-step OS workflows.
+- **Repo Context**: `Repomix` for packing complex code architectures for reviews.
+- **Security Check**: `Shannon` for white-box pre-release gates. 
+
+## 5. 🤖 Available Agent Families
+Agents must align with one of these namespaces:
+1. `growth.*` (Market Signal, Partnership Scout, Alliance Structuring, Expansion)
+2. `ma.*` (Screener, DD Analyst, Valuation, Negotiation, PMI)
+3. `revenue.*` (Lead Intel, Exec Outreach, Proposal Design, Expansion)
+4. `governance.*` (Strategic PMO, Compliance, Exec Sovereign Intelligence)
+
+---
+*Note: Any agent caught hallucinating a success claim without `audit_metadata` verification will have its access revoked by the Sovereign Orchestrator.*

CLAUDE.md

@@ -0,0 +1,29 @@
+# Dealix AI Coding Guidelines
+
+This document provides specialized guidelines for Anthropic Claude (via Claude Code, Cursor, or direct API) working in the Dealix Sovereign Growth OS repository.
+
+## 1. 🌍 Architecting for Arabic First
+- All UI strings, generated proposals, and communications MUST be strictly Arabic unless otherwise specified.
+- Use `IBM Plex Sans Arabic` for standard text and tables.
+- Use `29LT Azal` for hero headlines and important numerical displays.
+- RTL layout assumptions are default. Ensure `dir="rtl"` is respected in web assets.
+
+## 2. 📝 Decision Memo Mandate
+Whenever you formulate a strategic script or Python orchestration logic, you MUST build the agent response formatting around the Universal Output Contract (`Decision Memo JSON`). Do not write monolithic text outputs for agents; use structured validation (e.g., Pydantic models).
+
+## 3. ⚙️ Slash Commands
+Use the following slash commands within your chats to trigger specific pre-built workflows:
+- `/repo-map`: Maps the current structure and memory dependencies (via Repomix).
+- `/arch-review`: Executes an architectural ADR compliance check against the `Policy Engine`.
+- `/safe-refactor`: Refactors while explicitly running tests and checking policy layers.
+- `/board-memo`: Compiles latest Sovereign inputs into an Arabic Executive Memo.
+- `/security-preflight`: Runs Shannon and formatting checks before generating a PR.
+- `/ma-brief`: Aggregates the contents of `/memory/ma/` to generate a DD summary.
+
+## 4. 🔗 Code Constraints & Quality
+- Focus on robust typing (Python `typing`, Typescript `strict: true`).
+- Prefer state machines (`LangGraph` patterns) over standard while-loops for long-running workflows.
+- Always implement exhaustive try-except blocks for External API actions (CRM/ERP), appending `{status: 'unverified/failed'}` to the tool proof logger on failure.
+
+## 5. 🚪 Approvals & Hooks
+Do not write code that blindly patches `main`. Comply with `.claude/settings.json` hook definitions, ensuring you log pre/post execution evidence.