4.2 KiB
Enterprise readiness — Dealix Sovereign OS
This checklist helps internal teams prepare for B2B / enterprise conversations and deployments. It is not a substitute for customer-specific due diligence, legal review, or penetration testing.
1. Read in order (governance spine)
MASTER_OPERATING_PROMPT.md— constitution and TOC.dealix-six-tracks.md— six product lanes and honest Implemented / Partial / Planned status.governance/approval-policy.md— A/R/S and Class A/B/C.governance/trust-fabric.md— trust substrate and tool verification.governance/saudi-compliance-and-ai-governance.md— PDPL / NCA readiness register and AI governance frames.governance/github-and-release.md— branch protection, environments, OIDC, audit retention.execution-matrix-90d-tier1.md— Phase 0–1 measurable outcomes.completion-program-workstreams.md— eight workstreams from constitution to production.architecture-register.md— subsystem status snapshot.TIER1_MASTER_CLOSURE_CHECKLIST_AR.md— إغلاق Tier-1 (عربي) +salesflow-saas/docs/tier1-master-closure-checklist.md(50 بندًا).governance/pdpl-nca-ai-control-matrices.md— بوابة إصدار enterprise: اتبع قسم «Enterprise release gate» قبل وسم الإصدار.
2. Product and legal surface
- Review customer-facing and internal policies under
salesflow-saas/docs/legal/(consent, privacy, data protection, PDPL-oriented copy where present). - Align marketing claims with evidence: tests,
verify-launch, and run artifacts — seegovernance/discovery-and-output-checklist.md.
3. Technical evidence before “production-ready” claims
| Gate | Command / artifact |
|---|---|
| Backend regression | cd salesflow-saas/backend && pytest -v --tb=short |
| Launch / hardening script | salesflow-saas/verify-launch.ps1 (extend flags per salesflow-saas/docs/LAUNCH_CHECKLIST.md) |
| Architecture traceability | blueprint-master-architecture.md + Architecture_Pack.md + Execution_Matrix.md |
4. What not to promise yet
Until ADR adr/0001-tier1-execution-policy-spikes.md exit criteria are met, do not represent the following as fully shipped production standards:
- Temporal (or equivalent) as the sole system of record for all long workflows.
- OPA / OpenFGA / Vault / Keycloak as in-path dependencies without integration tests and security sign-off.
Use governance/technology-radar-tier1.md for official vs optional vs pilot language.
5. Security and procurement FAQs (internal)
- Data residency and subprocessors: document actual regions and vendors; update when adding LLM or SaaS connectors.
- RBAC and tenancy: confirm
tenant_idisolation and admin boundaries in code review for every net-new API. - Audit logs: retention, export, and SIEM streaming per customer tier — see notes in
governance/github-and-release.md.
6. Continuous improvement
Revisit this file after each major release or enterprise pilot; update dealix-six-tracks.md status table when capabilities move from Partial to Verified.
7. Maintainer sync
scripts/architecture_brief.py includes this path in CONSTITUTION_PATHS; .claude/settings.json references it in projectInstructions for Claude Code. Update both when adding new enterprise-facing governance files.