mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-18 15:29:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
28ea22868f
system-prompts-and-models-o.../salesflow-saas/docs/governance/trust-closure-plan.md
Claude e11253ab12
feat(dealix): Tier-1 closure program — 10 tracks complete 
Track 1 — Truth Lock:
  docs/current-vs-target-register.md: Full subsystem maturity register
  (73 Production, 27 Partial, 2 Pilot, 32 Target, 6 Watch = 52.1% maturity)

Track 2 — Document Consistency:
  docs/governance/document-consistency-audit.md: All 6 checks PASS
  (no dangling refs, no overclaim, all paths root-safe, naming consistent)

Track 3 — Decision Plane:
  backend/app/schemas/structured_outputs.py: 17 Pydantic schemas with Provenance
  (LeadScoreCard, QualificationMemo, ProposalPack, PricingDecisionRecord,
   PartnerDossier, EconomicsModel, ApprovalPacket, TargetProfile, DDPlan,
   ValuationMemo, SynergyModel, ICMemo, BoardPackDraft, ExpansionPlan,
   StopLossPolicy, PMIProgramPlan, ExecWeeklyPack)

Track 4 — Execution Plane:
  docs/governance/workflow-inventory.md: 8 short + 8 medium + 6 long-lived
  workflows classified. 3 Temporal candidates with compensation logic.

Track 5 — Trust Fabric:
  docs/governance/trust-closure-plan.md: 5 live components + Watch adoption
  criteria for OPA/OpenFGA/Vault/Keycloak

Track 6 — Data & Connectors:
  docs/governance/connector-standard.md: Connector facade contract, semantic
  metrics dictionary, radar additions (Airbyte, Unstructured, Great Expectations)

Track 7 — Operating Plane:
  docs/governance/operating-plane-checklist.md: GitHub governance, CI/CD
  enhancements, CODEOWNERS template, OIDC/attestation roadmap

Track 8 — Saudi/GCC:
  docs/governance/saudi-enterprise-readiness.md: PDPL processing register,
  data classification, NCA ECC readiness, OWASP LLM Top 10, NIST AI RMF

Track 9 — Executive Surfaces:
  docs/governance/executive-surface-closure.md: Wiring plan with real data
  queries for Executive Room, Approval Center, Compliance Dashboard

Track 10 — Market Dominance:
  docs/governance/market-dominance-plan.md: 3-tier packaging (Core/Strategic/
  Sovereign), ROI narrative, competitive wedge, capability moat map,
  executive sales stories (CEO/CTO/CFO/CISO)

Master Checklist: docs/tier1-master-closure-checklist.md
  50 items total — 25 Done (documentation), 25 Target (runtime/integration)

https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
2026-04-16 13:08:26 +00:00

4.3 KiB
Raw Blame History

Trust Fabric Closure Plan — Track 5

Parent: trust-fabric.md
Plane: Trust | Version: 1.0

Objective

Transform Trust Plane from "policy engine + audit logs" to "no sensitive action without approval + verification + evidence + correlation."

Live Trust Components Required

1. Approval Packet Flow (Priority 1)

Goal: At least one path where Class B action goes through structured ApprovalPacket → review → approve/reject → execute → evidence.

Target Path: WhatsApp outreach to new lead

Agent proposes send_whatsapp
  → ApprovalPacket schema generated (structured_outputs.py)
  → Policy gate classifies as B
  → ApprovalRequest created with SLA deadline
  → Reviewer gets notification
  → Approve → approval_token issued
  → OpenClaw gateway executes with token
  → Tool receipt generated
  → Evidence logged to ai_conversations + audit_log

Required Wiring:

  • ApprovalPacket schema → approval_bridge.py integration
  • SLA deadline field on ApprovalRequest model
  • Notification to reviewer (email/WhatsApp)
  • Evidence: approval_token + tool_receipt + audit_log linked by trace_id

2. Tool Verification Receipt Flow (Priority 1)

Goal: At least one tool call produces a verifiable receipt.

Implementation:

  • tool_verification.py already exists
  • tool_receipts.py already exists
  • Need: receipts written for WhatsApp plugin calls
  • Need: receipt includes trace_id, tenant_id, action, result_hash, timestamp

3. Contradiction Detection (Priority 2)

Goal: Real contradictions detected and flagged.

Implementation Plan:

  • Wire contradiction_engine.py to CI pipeline
  • On governance doc change: run LLM scan against other governance docs
  • Store detected contradictions in contradictions table
  • Show in Policy Violations Board frontend

4. Evidence Pack Viewer (Priority 2)

Goal: Unified evidence pack that links decision → tool → approval → output.

Implementation:

  • evidence_pack_service.py exists
  • Need: assemble_deal_pack that queries real data:
    • Deal from deals table
    • Lead from leads table
    • Activities from activities table
    • Messages from messages table
    • Approvals from approval_requests table
    • AI conversations from ai_conversations table
    • Consent from consents table

5. Trace Correlation (Priority 1)

Goal: trace_id / correlation_id links all related records.

Implementation:

  • Add correlation_id to DomainEvent (already exists as field)
  • Pass correlation_id through OpenClaw gateway → task router → agent → handler
  • Store in ai_conversations.correlation_id, audit_log.correlation_id
  • Query by correlation_id in evidence pack assembly

Watch Technologies — Adoption Criteria

OPA (Open Policy Agent)

Adopt when:

  • Policy rules exceed 50 AND are complex (nested conditions, temporal logic)
  • Current policy.py becomes maintenance burden
  • ADR demonstrates value with prototype

Spike criteria:

  • Prototype: 5 existing policy rules expressed in Rego
  • Benchmark: latency comparison vs current Python implementation
  • Integration: OPA sidecar evaluated for performance

OpenFGA

Adopt when:

  • Authorization logic exceeds role-based (needs relationship-based)
  • Multi-tenant permission inheritance becomes complex
  • ADR demonstrates value with prototype

Spike criteria:

  • Prototype: tenant → user → resource permission graph
  • Benchmark: query latency for "can user X do action Y on resource Z"
  • Integration: OpenFGA as authorization service evaluated

Vault

Adopt when:

  • Secret rotation is needed for compliance
  • 10+ distinct secret types managed
  • Environment variables become unwieldy

Keycloak

Adopt when:

  • SSO requirement from enterprise customer
  • Multi-IdP federation needed
  • Current JWT auth insufficient

Gate: Trust Closure

  • One approval flow live end-to-end with SLA
  • One tool verification receipt generated and stored
  • One contradiction detected in real scan
  • One evidence pack assembled from real deal data
  • trace_id links decision → approval → execution → evidence
  • Contradiction dashboard shows real data
  • Approval SLA measured for at least one path