mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-17 23:09:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3a56a62bb9
system-prompts-and-models-o.../salesflow-saas/DEALIX_PHASE2_EXECUTION_WAVES.md
Claude 3ef62652aa
Phase 2 Execution Waves: 90-day plan + Verification Protocol scaffolding 
Saves the DEALIX_PHASE2_EXECUTION_WAVES.md 90-day plan and scaffolds every
artifact the coding agent can produce. Wave A-E execution is explicitly
blocked until the Week-12 Phase Gate (§3) returns Green.

Added:
  §1 Verification Protocol (V001-V007)
    - scripts/v001_secret_scan.sh — trufflehog + gitleaks full-history scan
    - backend/tests/security/test_rls_fuzz.py — 10K cross-tenant fuzz
    - docs/verification/V003_pentest_engagement.md — vendor RFP + scope
    - docs/verification/V004_no_founder_demo_test.md — 3-tester protocol
    - scripts/v005_truth_registry_audit.py — independent audit tool
    - infra/load-tests/baseline.js — k6 perf baseline
    - frontend/tests/a11y/baseline.spec.ts — Playwright+axe baseline
    - docs/baselines/README.md + docs/verification/README.md

  §2 Founder Decision Sprint (FD001-FD005)
    - docs/internal/legal_entity_decision.md — MISA/DIFC/Delaware brief
    - docs/internal/trademark_status.md — SAIP filing kit tracker
    - docs/hiring/{design_engineer, backend_engineer, head_of_cs}.md

  §3 Customer Validation (CV001-CV004)
    - docs/customer_learnings/pilot_agreement_template.md
    - docs/customer_learnings/pilot_template/success_criteria.md
    - docs/customer_learnings/pilot_template/kickoff_checklist.md
    - docs/customer_learnings/friction_log.md + feature_requests.yaml
    - docs/customer_learnings/weekly_review_template.md

  Truth registry updates
    - docs/registry/TRUTH.yaml — new verification_protocol,
      founder_decision_sprint, customer_validation sections

Gates (post-change):
  architecture_brief.py     40/40
  release_readiness_matrix  94/94 (added 30 new scaffold checks)
  v005_truth_registry_audit 19/19 SUPPORTED
2026-04-17 11:13:27 +00:00

258 lines
8.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# DEALIX — Phase 2 Execution Waves (90-Day Plan)
> **Core rule**: From self-reported completion to externally-validated reality.
> **Success metric**: 3 paying pilot customers + externally-validated security posture within 90 days.
> **Next action for coding agent**: Execute ONLY Verification Protocol (V001V007). Do NOT start Wave A tasks until Week-12 Phase Gate returns Green.
---
## Executive Summary
Phase 1 foundation exists. Phase 2 foundation scaffolded. **This document governs the next 90 days** — specifically resisting "Plan Completion Syndrome" (generating plans faster than executing them).
**Rule**: No new features ship until:
1. Verification Protocol (§1) completes with external validation
2. Founder Decision Sprint (§2) closes (4 founder decisions)
3. Customer Validation (§3) returns ≥ 3 paying pilots
**Agent execution scope this phase**: V-tasks + scaffolding for FD and CV tracks. That's it.
---
## §1 — Verification Protocol (Weeks 1-2, before ANY new feature work)
Convert self-reported completion into externally-validated reality.
### V001 — Full git history secret scan
- **Beyond HEAD**: scan all 146+ commits with trufflehog + gitleaks
- **Two-tool rule**: defense in depth
- **Output**: `docs/internal/secret_audit_log.md` with every finding documented
### V002 — Runtime RLS fuzz test
- 10,000 cross-tenant queries as Tenant A switching to Tenant B
- Expected: zero rows returned from Tenant B's context
- Added to nightly CI
- Any violation = P0 incident
### V003 — External pentest
- Engage Cure53, Trail of Bits, NCC Group, or Securinc
- Scope: auth, RLS enforcement, ABAC, LLM injection, file uploads, webhooks
- Budget: $20K-40K
- **Cannot claim "pentested" until report exists**
### V004 — No-founder customer demo test
- 3 fresh testers complete golden path unassisted
- Founder watches silently
- Acceptance: 2/3 complete in <30 min with no show-stopper
### V005 — Truth Registry independent audit
- Engineer who did NOT write registry audits every claim
- Verdicts: SUPPORTED / UNSUPPORTED / AMBIGUOUS
- Any UNSUPPORTED evidence added or demoted to roadmap within 48h
### V006 — Performance baseline
- k6 load test against staging with production-like data
- Output: `docs/baselines/perf_YYYYMMDD.json`
- Every future perf claim references this baseline
### V007 — Accessibility baseline
- Playwright + axe full scan
- Output: `docs/baselines/a11y_YYYYMMDD.json`
- Every future a11y claim references this baseline
---
## §2 — Founder Decision Sprint (Weeks 1-2, parallel)
**Agent cannot execute these.** Founder-only.
### FD001 — Legal entity decision
- MISA KSA LLC (recommended default for Saudi-primary positioning)
- OR DIFC/ADGM (UAE)
- OR Delaware C-Corp + KSA subsidiary (if raising US VC)
- Output: `docs/internal/legal_entity_decision.md`
- **Deadline: Week 2**
### FD002 — Counsel engaged
- Al Tamimi / Clyde & Co / local boutique
- Budget: 30-80K SAR initial engagement
- **Deadline: Week 2**
### FD003 — Repository extraction completed
- GitHub org created
- Phase 1 TASK-001 script executed
- Old fork archived/privatized
- **Deadline: Week 1**
### FD004 — SAIP trademark filed
- Classes: 9, 35, 42 (+ 41 if community)
- Marks: Dealix (Latin) + ديلكس (Arabic)
- Via counsel
- **Deadline: Week 3**
### FD005 — First hires initiated
- Founding Design Engineer (#1) 30-45K SAR/month + 0.5-2% equity
- Founding Backend Engineer (#2) 25-40K SAR/month
- Head of Customer Success (#3) 35-55K SAR/month
- **Deadline: Week 4 (60-90 day lead time)**
---
## §3 — Customer Validation Program (Weeks 3-12)
**Hard rule**: no Phase 2 feature ships until pilot customers drive the backlog.
### ICP Filter
- Saudi-based HQ or KSA ops
- 200-2,000 employees
- Pain in commercial operations
- CFO/COO/GM personal sponsor
- Bilingual operations
### Pilot Structure
- 90 days
- 50% of Business tier ($1,500 total upfront)
- Defined success criteria before signing
- Weekly 30-min feedback session
- Permission for case study if successful
### First 3 (design partners)
- 6-month credit in exchange for:
- Public testimonial + logo
- Recorded case study
- Speaking slot at first event
### Week-12 Phase Gate
| Signal | Green | Yellow | Red |
|--------|-------|--------|-----|
| Customers with signed success | 3+ | 1-2 | 0 |
| Golden path completion rate | >90% | 70-90% | <70% |
| NPS | >30 | 0-30 | <0 |
| References willing | 3+ | 1-2 | 0 |
| Renewal intent | 3+ verbal | 1-2 | 0 |
- All Green: proceed to Wave A
- Mostly Yellow: extend pilot 60 days
- Any Red: HALT Phase 2 execution
---
## §4 — Phase 2 Execution Waves
**Waves, not streams**: each has a customer-impact gate.
### Wave A — Frontend Signature (Weeks 4-20)
- F201 (DS foundation) F270 (Approval Card pattern)
- Exit: Lighthouse 95 on 5 routes + zero axe violations + 2+ pilots spontaneously compliment UI
### Wave B — Enterprise Unlock (Weeks 8-28, parallel)
- E510 (SSO/SCIM via WorkOS) E550 (SLA tiers)
- Exit: First Business tier deal with SSO + audit export validated + <3 day security questionnaire turnaround
### Wave C — AI Depth (Weeks 16-36)
- AI410 (orchestrator) + AI440 (RAG) + AI460 (eval v2)
- Exit: +20pp Arabic performance vs baseline + first Dealix Labs benchmark paper
### Wave D — Ecosystem (Weeks 24-44)
- I610 (public API) + I620 (ZATCA) + I621 (2 MENA connectors)
- Exit: 3 integrations live + public API docs + 1 partner integration certified
### Wave E — Regional (Weeks 32-52)
- R1110 (UAE localization) + GITEX presence + trust portal public
- Exit: 1 UAE customer + 1 Egypt pilot + trust portal 30+ days uptime
---
## §5 — Operating System
### Weekly Rhythm
| Day | Block |
|-----|-------|
| Mon AM | Metrics review |
| Mon PM | Customer pipeline |
| Tue | Product standup |
| Wed | Customer learnings synthesis |
| Thu | Release window |
| Fri AM | Security review |
| Fri PM | Retrospective |
**Rule**: No deploys Friday after 14:00 AST. Ever.
### Decision Framework
1. Reversibility test (reversible fast; irreversible founder call)
2. Signature alignment (Arabic-first, evidence-backed, decision-grade)
3. Cost of delay
4. Customer test (would pilot customer ask for this?)
5. Moat compounding
---
## §6 — Failure Modes to Actively Resist
| Failure | Defense |
|---------|---------|
| Plan Completion Syndrome | Monthly planning/shipping ratio check; if planning >30%, stop |
| Premature Scaling | Hire-gate tied to MRR milestones |
| Customer Proxy Syndrome | 10 customer hours/week minimum for founder |
| Integration Sprawl | Only build integrations appearing in ≥3 pilot conversations |
| Security Theater | Auditor report or not-claimed |
| Arabic-First Erosion | Any English-only feature blocked at review |
| Founder Bottleneck | Authority matrix published by Month 6 |
---
## §7 — Day 90 Success Criteria (from Appendix A)
- [ ] 3 signed pilot customers (paid), 2 in active use
- [ ] Pentest report received; no open Critical, ≤2 open High
- [ ] Full history secret audit: 0 verified findings
- [ ] Truth Registry: 100% SUPPORTED claims
- [ ] First 3 hires: offers extended/accepted
- [ ] Repository extraction: done, old fork private
- [ ] Trademark: filed
- [ ] Legal entity: incorporated or restructuring with ETA
- [ ] Wave A: 40% progressed with measurable milestones
- [ ] NPS measured
- [ ] ≥1 customer reference willing to take a call
- [ ] Dealix Labs: 1 published research piece
**≥10/12 = category-defining trajectory. 6-9 = correctable. ≤5 = fundamental rethink.**
---
## §8 — What Dealix is NOT Doing in These 90 Days
Every "no" enables a sharper yes:
- ❌ New features off Wave A critical path
- ❌ Integrations no customer asked for
- ❌ Public marketing campaigns
- ❌ PR pushes
- ❌ Investor fundraising (unless already in progress)
- ❌ Mobile apps
- ❌ Workflow builder
- ❌ Voice interface
- ❌ Community platform
- ❌ Certification program
- ❌ Partner program
- ❌ "Thought leadership" beyond manifesto
---
## Coding Agent Instructions
1. **Execute Verification Protocol tasks (V001-V007)** — honest reporting, including unsupported claims
2. **Prepare scaffolding for FD tasks** — job specs, counsel research, trademark prep — but DO NOT execute founder-only decisions
3. **DO NOT start any Wave task until Week-12 Phase Gate returns Green**
4. If gate returns Yellow/Red → escalate to founder. Do not default to "ship more features"
5. Weekly `docs/execution_log.md` entry with facts, not celebrations
---
## Honest Note
1. Foundation is strong. More built in 2 weeks than most build in 6 months.
2. The next 90 days are about **proving**, not building.
3. **Highest-leverage action: close 3 pilot customers.** Everything else is downstream.
Reference in New Issue View Git Blame Copy Permalink