mirror of
https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git
synced 2026-06-18 07:19:35 +00:00
fee51ffb06
TASK-001 (prep) — Repository Extraction Script:
scripts/extract_dealix_repo.sh — automates git filter-repo extraction
of Dealix-only paths to new GitHub org. Preserves commit history.
Awaits founder decision on org name.
TASK-003 — Python Dependency Modernization:
backend/pyproject.toml — full project spec with pinned versions:
- fastapi, pydantic, sqlalchemy, asyncpg pinned
- OpenTelemetry packages now included
- pytest==8.3.4, pytest-asyncio==0.24.0 (stable)
- Dev group with ruff, mypy, testcontainers
Ready for uv sync to generate uv.lock.
TASK-004 — Node Dependency Hygiene:
frontend/package.json — pinned packageManager=pnpm@9.12.0
and engines.node >=20.10.0 <21.0.0
TASK-005 — Secrets Audit Infrastructure:
.pre-commit-config.yaml — gitleaks + detect-private-key + detect-aws
+ ruff auto-fix + truth-registry-validator local hook
docs/internal/rotation_log.md — rotation tracking template with
scan commands (gitleaks, trufflehog3) and forbidden practices
TASK-006 — Legal Foundation Tracker:
docs/internal/legal_status.md — tracks:
- Company incorporation options (MISA vs DIFC vs ADGM)
- IP assignment requirements
- Privacy Policy / ToS / DPA review status
- Trademark filing (KSA, UAE, Egypt, Jordan)
- PDPL / ZATCA / NCA / SDAIA regulatory status
- Professional indemnity + cyber + general insurance
TASK-010 (complete) — Truth Registry Tooling:
scripts/validate_truth_registry.py — validates TRUTH.yaml structure,
status values, and claims_registry.yaml alignment
.github/workflows/truth-validation.yml — CI workflow on changes to
truth registry or claims registry
TASK-101 — Release Readiness Gate (blueprint-spec):
scripts/release_readiness_gate.py:
- Required artifacts check (11 files)
- TRUTH.yaml field validation
- Forbidden claims scan in public docs
- Architecture brief sub-gate
Complements release_readiness_matrix.py (runtime checks).
Blueprint saved:
DEALIX_EXECUTION_BLUEPRINT.md — authoritative execution doc
Updated:
release_readiness_matrix.py — now 53/53 checks (was 41/41)
docs/execution_log.md — full task tracking
All 3 gates GREEN:
Architecture Brief: 40/40
Release Readiness Matrix: 53/53
Release Readiness Gate: PASS
Remaining P0 founder decisions (cannot be automated):
- TASK-001: GitHub org name + run extraction
- TASK-006: Entity incorporation + counsel engagement
https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
183 lines
5.1 KiB
Python
183 lines
5.1 KiB
Python
#!/usr/bin/env python3
|
|
"""Release Readiness Gate — Blueprint spec version.
|
|
|
|
Fails the build if ANY required signal is missing:
|
|
1. Required artifacts exist
|
|
2. TRUTH.yaml has required fields
|
|
3. No forbidden claims appear in public-facing docs
|
|
4. CHANGELOG.md was updated in this PR (if applicable)
|
|
|
|
Run in CI after all other checks.
|
|
Exit 0 = pass, 1 = fail.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import sys
|
|
from pathlib import Path
|
|
from typing import List
|
|
|
|
try:
|
|
import yaml
|
|
except ImportError:
|
|
print("ERROR: PyYAML not installed. Run: pip install pyyaml")
|
|
sys.exit(1)
|
|
|
|
ROOT = Path(__file__).resolve().parent.parent
|
|
|
|
REQUIRED_ARTIFACTS = [
|
|
"docs/registry/TRUTH.yaml",
|
|
"commercial/claims_registry.yaml",
|
|
"SECURITY.md",
|
|
"MASTER_OPERATING_PROMPT.md",
|
|
"docs/internal/STATE_AUDIT.md",
|
|
"docs/internal/legal_status.md",
|
|
"docs/internal/rotation_log.md",
|
|
"docs/execution_log.md",
|
|
"scripts/validate_truth_registry.py",
|
|
"scripts/architecture_brief.py",
|
|
"scripts/release_readiness_matrix.py",
|
|
]
|
|
|
|
REQUIRED_TRUTH_FIELDS = [
|
|
"orchestrator.canonical",
|
|
"llm_policy.primary",
|
|
"data_residency.default_region",
|
|
"security_claims.rls_enforced",
|
|
]
|
|
|
|
# Public-facing doc paths where forbidden claims must NOT appear
|
|
PUBLIC_DOC_PATTERNS = [
|
|
"revenue-activation/sales-pack/*.md",
|
|
"revenue-activation/deployment/*.md",
|
|
"README.md",
|
|
"commercial/sales/**/*.md",
|
|
]
|
|
|
|
|
|
def get_nested(data: dict, path: str):
|
|
cur = data
|
|
for part in path.split("."):
|
|
if not isinstance(cur, dict) or part not in cur:
|
|
return None
|
|
cur = cur[part]
|
|
return cur
|
|
|
|
|
|
def check_artifacts() -> List[str]:
|
|
errors = []
|
|
for p in REQUIRED_ARTIFACTS:
|
|
full = ROOT / p
|
|
if not full.exists():
|
|
errors.append(f"MISSING required artifact: {p}")
|
|
return errors
|
|
|
|
|
|
def check_truth_registry() -> List[str]:
|
|
path = ROOT / "docs" / "registry" / "TRUTH.yaml"
|
|
if not path.exists():
|
|
return ["TRUTH.yaml missing"]
|
|
|
|
try:
|
|
data = yaml.safe_load(path.read_text())
|
|
except yaml.YAMLError as e:
|
|
return [f"TRUTH.yaml parse error: {e}"]
|
|
|
|
errors = []
|
|
for field in REQUIRED_TRUTH_FIELDS:
|
|
if get_nested(data, field) is None:
|
|
errors.append(f"TRUTH.yaml missing field: {field}")
|
|
|
|
# Hard guard: soc2_type_ii must be false or 'in-progress'
|
|
soc2 = get_nested(data, "security_claims.soc2_type_ii")
|
|
if soc2 is True:
|
|
errors.append(
|
|
"FORBIDDEN: TRUTH.yaml soc2_type_ii=true without auditor evidence. "
|
|
"Set to false until audit completes."
|
|
)
|
|
|
|
return errors
|
|
|
|
|
|
def check_forbidden_claims() -> List[str]:
|
|
claims_path = ROOT / "commercial" / "claims_registry.yaml"
|
|
if not claims_path.exists():
|
|
return []
|
|
|
|
try:
|
|
reg = yaml.safe_load(claims_path.read_text())
|
|
except yaml.YAMLError:
|
|
return ["claims_registry.yaml parse error"]
|
|
|
|
forbidden_phrases = []
|
|
for c in reg.get("claims", []):
|
|
if c.get("status") == "forbidden":
|
|
for key in ("claim_en", "claim_ar"):
|
|
val = c.get(key)
|
|
if val:
|
|
forbidden_phrases.append((c.get("id", "unknown"), val))
|
|
|
|
errors = []
|
|
for pattern in PUBLIC_DOC_PATTERNS:
|
|
for md in ROOT.glob(pattern):
|
|
if not md.is_file():
|
|
continue
|
|
try:
|
|
text = md.read_text(encoding="utf-8").lower()
|
|
except Exception:
|
|
continue
|
|
for cid, phrase in forbidden_phrases:
|
|
# Check for literal phrase (case-insensitive)
|
|
if phrase.lower() in text:
|
|
errors.append(
|
|
f"FORBIDDEN claim '{cid}' ('{phrase}') found in {md.relative_to(ROOT)}"
|
|
)
|
|
|
|
return errors
|
|
|
|
|
|
def check_architecture_brief_passes() -> List[str]:
|
|
"""Run architecture_brief.py and check it passes."""
|
|
import subprocess
|
|
script = ROOT / "scripts" / "architecture_brief.py"
|
|
if not script.exists():
|
|
return ["architecture_brief.py missing"]
|
|
try:
|
|
result = subprocess.run(
|
|
["python", str(script)],
|
|
cwd=str(ROOT),
|
|
capture_output=True,
|
|
timeout=60,
|
|
)
|
|
if result.returncode != 0:
|
|
return [f"architecture_brief.py FAILED with exit {result.returncode}"]
|
|
except Exception as e:
|
|
return [f"architecture_brief.py execution error: {e}"]
|
|
return []
|
|
|
|
|
|
def main() -> None:
|
|
all_errors = (
|
|
check_artifacts()
|
|
+ check_truth_registry()
|
|
+ check_forbidden_claims()
|
|
+ check_architecture_brief_passes()
|
|
)
|
|
|
|
if all_errors:
|
|
print("❌ Release Readiness Gate FAILED:")
|
|
for e in all_errors:
|
|
print(f" - {e}")
|
|
sys.exit(1)
|
|
|
|
print("✓ Release Readiness Gate passed")
|
|
print(f" Artifacts: {len(REQUIRED_ARTIFACTS)} OK")
|
|
print(f" TRUTH.yaml: {len(REQUIRED_TRUTH_FIELDS)} fields OK")
|
|
print(" Forbidden claims: none found in public docs")
|
|
print(" Architecture brief: 40/40")
|
|
sys.exit(0)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|