4 WhatsApp providers with automatic fallback:
1. Green API (green-api.com) — free dev tier, simplest setup
2. Ultramsg (ultramsg.com) — existing integration, cleaned
3. Fonnte (fonnte.com) — ultra-cheap alternative
4. Meta Cloud API (official) — most reliable, needs verification
send_whatsapp_smart() tries each configured provider in order
until one succeeds. No hardcoded credentials (removed leaked
Ultramsg token from outreach_engine.py).
New endpoints:
- GET /os/whatsapp-providers — check which are configured
- POST /os/test-send — test send via smart chain
Full OS /os/process-and-act now uses smart multi-provider
instead of Ultramsg-only.
Env vars per provider:
- GREEN_API_INSTANCE_ID + GREEN_API_TOKEN
- ULTRAMSG_INSTANCE_ID + ULTRAMSG_TOKEN
- FONNTE_TOKEN
- WHATSAPP_API_TOKEN + WHATSAPP_PHONE_NUMBER_ID
https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
The missing brain that connects ALL existing services into one system:
1. full_os_orchestrator.py — Deal lifecycle state machine:
12 stages: new_lead → qualifying → qualified → nurturing →
meeting_booked → meeting_done → proposal_sent → negotiating →
payment_requested → pilot_active → closed_won/lost/opted_out.
Each stage has: auto-transitions based on intent, auto-actions
(send_whatsapp, book_meeting, sync_crm, etc.), Arabic response
templates, qualification questions.
2. full_os.py API — 4 endpoints:
- POST /os/process — classify event + determine next stage + actions
- POST /os/process-and-act — same + auto-execute (WhatsApp send
via Ultramsg if safe, or create draft if human approval needed)
- POST /os/bulk-process — batch event processing
- GET /os/stages — list all stages with transitions
3. How it works:
Inbound WhatsApp → /os/process-and-act →
classify intent → transition stage →
if auto_send_allowed: send WhatsApp response immediately
if human_approval_required: create draft for Sami to review
Always: log activity + suggest next actions
4. Safety:
- Negotiation/payment/pilot stages = human_approval_required
- Opt-out = immediate stop, no further contact
- All sends via existing Ultramsg (rate limited, logged)
- Draft queue for anything needing review
Connects to existing infrastructure:
- outreach_engine._send_via_ultramsg() for WhatsApp
- OutreachDraft model for draft queue
- Reply classifier for intent detection
https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
Program F — Multi-Tenancy RLS (Row-Level Security):
alembic 20260417_0002_add_rls.py: Enables RLS on 23 tenant-scoped tables.
database_rls.py: set_tenant_context() helpers for SET LOCAL app.tenant_id.
middleware/tenant_rls.py: Extracts tenant_id from JWT on every request.
Default-deny when no context. PostgreSQL only (CI safe on SQLite).
Result: OWASP A01:2025 — access control enforced at DB layer.
Program G — Idempotency Standard:
models/idempotency_key.py: IdempotencyKey table with TTL + SHA256 hash.
services/idempotency_service.py: get_existing/store with request fingerprint.
middleware/idempotency.py: HTTP middleware on POST/PUT/PATCH.
Result: Duplicate side effects prevented on retry.
Program E — Persistent Durable Execution:
models/durable_checkpoint.py: DurableCheckpoint with sequence_num + status.
services/durable_runtime.py: start_run/checkpoint/complete/resume/list_incomplete.
Result: Workflows survive crashes — resume from last persisted checkpoint.
Program K — OpenTelemetry:
observability/otel.py: init/span/inject_correlation_id with graceful
degradation when OTel packages absent.
openclaw/gateway.py: Wraps execute() in span, binds correlation_id to
trace_id. Bridge between business correlation and production observability.
Program J — Release Gate Hardening:
docs/governance/release-gates.md: Documents 3 mandatory gates.
.github/workflows/dealix-ci.yml: Adds release_readiness_matrix as CI step.
release_readiness_matrix.py: Updated to check 41/41 components.
Verification:
architecture_brief.py: 40/40 PASS
release_readiness_matrix.py: 41/41 PASS
https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
Audit finding 1 — Saudi consent was hardcoded True:
_check_consent() now queries real PDPLConsent table.
Returns consent_valid=True only if active consents exist or tenant
has no records yet (new tenant grace). Otherwise blocks.
Audit finding 2 — Saudi export rules were hardcoded True:
_check_export_rules() now enforces: restricted data with
requires_dpo_review=True blocks export by default.
Returns blocked_reason_ar explaining why.
Audit finding 3 — MASTER_OPERATING_PROMPT overclaimed:
Rule 6 said "controls are live, not aspirational" which
contradicted current-vs-target-register showing 52% maturity.
Rewritten to accurately describe: enforcement is live on golden
path and Saudi workflow, full coverage tracked in register.
Audit finding 4 — forecast accuracy_trend was empty stub:
Now queries real Deal table: closed_won vs total pipeline,
returns actual accuracy percentage.
Post-fix audit status:
- Saudi consent: REAL (queries PDPLConsent)
- Saudi export: REAL (enforces classification)
- MASTER_OPERATING_PROMPT: NO OVERCLAIM
- Forecast accuracy: REAL (queries deals)
https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
Trust Enforcement:
approval_bridge.py: Class B actions now FAIL if missing _correlation_id.
This is the first real trust enforcement beyond policy classification —
external/sensitive actions cannot proceed without traceability.
Executive Room Contract:
GET /api/v1/executive-room/weekly-pack — returns ExecWeeklyPack
(structured output schema) as the CANONICAL executive data source.
Includes RAG status (red/amber/green), blockers, risk summary,
actual vs target, all with Provenance.
Auto Evidence Pack on Deal Close:
deals.py update_deal_stage() now auto-calls on_deal_closed() when
stage transitions to closed_won. Assembles evidence pack from deal
data + lead data + approval records with SHA256 hash.
deal_lifecycle_hooks.py: new service for deal lifecycle automation.
Sales Pack:
revenue-activation/sales-pack/ONE_PAGER.md — Arabic one-pager
revenue-activation/sales-pack/MARKETER_HUB.md — Internal marketer
reference with approved claims, forbidden claims, ICP, objection
handling, demo scripts, proof points, and asset library.
https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
Golden Path — Partner Tier-1 verification flow:
POST /api/v1/golden-path/run — executes complete partner lifecycle:
1. PartnerDossier (structured output with Provenance)
2. EconomicsModel (revenue_upside, cost, payback, sensitivity)
3. ApprovalPacket (Class B enforcement, SLA, creates ApprovalRequest)
4. EvidencePack (auto-assembled from steps 1-3, SHA256 hash)
All steps linked by trace_id for end-to-end correlation.
This is the FIRST flow that actually uses structured_outputs.py
schemas in live code — PartnerDossier, EconomicsModel, ApprovalPacket
all enforced with Pydantic validation + Provenance fields.
correlation_id propagation:
OpenClaw gateway now generates/accepts correlation_id and injects
it into payload as _correlation_id. Returned in all responses.
This enables trace linking across decision → approval → execution.
NEXT_STEP_AND_STACK_RECOMMENDATIONS_AR.md:
Comprehensive next-step guide covering:
- 6 closure tests (truth, schema, workflow, trust, release, executive)
- Stack additions now (OTel, OIDC, attestations, OpenFGA)
- Stack additions next (Great Expectations, Unstructured, connectors)
- Backend/frontend/docs upgrade priorities
- 7-step optimal execution order
- Avoid-now list
https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
Backend - eliminated ALL stub/placeholder services:
forecast_control_center.py: Now queries real Deal + StrategicDeal tables
for actual revenue, pipeline forecast, partnership counts, M&A counts
model_routing_dashboard.py: Now queries real AIConversation table for
total calls, tokens used, average latency, estimated cost in SAR
Both services now use AsyncSession with lazy imports.
Backend APIs updated:
forecast_control.py: All routes now use async _get_db + real service
model_routing.py: All routes now use async _get_db + real service
Frontend - wired 3 more components to real APIs:
approval-center.tsx: Now fetches from /api/v1/approval-center/ every 15s
saudi-compliance-dashboard.tsx: Now fetches from /api/v1/compliance/matrix/
connector-governance-board.tsx: Now fetches from /api/v1/connectors/governance
Audit findings addressed:
- 0/8 placeholder backend services → 0 remaining (all query real DB)
- 1/9 frontend components wired → 4/9 now wired to real APIs
https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
SQLAlchemy 2.0 reserves 'metadata' as a class-level attribute on
DeclarativeBase classes. Using metadata_ Python attribute with column
name 'metadata' caused issues during table creation in init_db(),
which prevented pytest from collecting tests (exit code 4).
Renamed to pack_metadata to avoid all reserved-name conflicts.
https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
- Move heavy service/model imports inside methods to avoid module-level
import chains that could fail during pytest collection
(saudi_compliance_matrix, contradiction_engine, StrategicDeal, EvidencePack)
- Remove unused import (list_integration_connectors) from connector_governance API
- Fix StrategicDeal.status query: use notin_(closed_won/closed_lost) instead
of == "active" which is not a valid DealStatus enum value
https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
Sprint A — Executive Room real data:
Rewrote executive_roi_service.py (20→158 lines) to aggregate from 7 live
services: deals (revenue/pipeline/win_rate), approval SLA (pending/warning/
breach from _dealix_sla), connector health (IntegrationSyncState), compliance
posture (saudi_compliance_matrix), contradictions (contradiction_engine),
strategic deals, evidence packs.
Sprint B — Approval Center live:
Wired approval_center.py to query real ApprovalRequest table with SLA data
from payload["_dealix_sla"]. Approve/reject endpoints update real DB records
with reviewed_at timestamp.
Sprint C — Saudi Compliance live:
Wired saudi_compliance.py to call saudi_compliance_matrix service methods
(get_matrix, get_posture, get_risk_heatmap) with real AsyncSession + tenant_id.
Sprint D — Contradiction + Evidence Pack DB:
Wired contradiction.py and evidence_packs.py to real database via
contradiction_engine and evidence_pack_service. All CRUD operations
now persist to PostgreSQL with proper tenant isolation.
Sprint F — Operating Plane:
Created CODEOWNERS file mapping sensitive paths to @VoXc2.
Added architecture_brief.py step to CI pipeline (runs before pytest).
Sprint G — OWASP LLM:
Added OWASP LLM Top 10 review + architecture brief validation to
release-prep.md (steps 10-11).
https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
Updated services/__init__.py with all new service exports:
KnowledgeBrain, PreExecutionPolicy, ReceiptStore, TrustAnalytics,
MemoryAdapter, FileMemoryAdapter, RedisMemoryAdapter, MemoryEvaluator,
SessionContinuity + all singleton instances
https://claude.ai/code/session_01LsnvBa7HwF5hs99VZbgLGj
