mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-18 07:19:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
59f33d0dc3
system-prompts-and-models-o.../salesflow-saas/docs/governance/operating-plane-checklist.md
Claude e11253ab12
feat(dealix): Tier-1 closure program — 10 tracks complete 
Track 1 — Truth Lock:
  docs/current-vs-target-register.md: Full subsystem maturity register
  (73 Production, 27 Partial, 2 Pilot, 32 Target, 6 Watch = 52.1% maturity)

Track 2 — Document Consistency:
  docs/governance/document-consistency-audit.md: All 6 checks PASS
  (no dangling refs, no overclaim, all paths root-safe, naming consistent)

Track 3 — Decision Plane:
  backend/app/schemas/structured_outputs.py: 17 Pydantic schemas with Provenance
  (LeadScoreCard, QualificationMemo, ProposalPack, PricingDecisionRecord,
   PartnerDossier, EconomicsModel, ApprovalPacket, TargetProfile, DDPlan,
   ValuationMemo, SynergyModel, ICMemo, BoardPackDraft, ExpansionPlan,
   StopLossPolicy, PMIProgramPlan, ExecWeeklyPack)

Track 4 — Execution Plane:
  docs/governance/workflow-inventory.md: 8 short + 8 medium + 6 long-lived
  workflows classified. 3 Temporal candidates with compensation logic.

Track 5 — Trust Fabric:
  docs/governance/trust-closure-plan.md: 5 live components + Watch adoption
  criteria for OPA/OpenFGA/Vault/Keycloak

Track 6 — Data & Connectors:
  docs/governance/connector-standard.md: Connector facade contract, semantic
  metrics dictionary, radar additions (Airbyte, Unstructured, Great Expectations)

Track 7 — Operating Plane:
  docs/governance/operating-plane-checklist.md: GitHub governance, CI/CD
  enhancements, CODEOWNERS template, OIDC/attestation roadmap

Track 8 — Saudi/GCC:
  docs/governance/saudi-enterprise-readiness.md: PDPL processing register,
  data classification, NCA ECC readiness, OWASP LLM Top 10, NIST AI RMF

Track 9 — Executive Surfaces:
  docs/governance/executive-surface-closure.md: Wiring plan with real data
  queries for Executive Room, Approval Center, Compliance Dashboard

Track 10 — Market Dominance:
  docs/governance/market-dominance-plan.md: 3-tier packaging (Core/Strategic/
  Sovereign), ROI narrative, competitive wedge, capability moat map,
  executive sales stories (CEO/CTO/CFO/CISO)

Master Checklist: docs/tier1-master-closure-checklist.md
  50 items total — 25 Done (documentation), 25 Target (runtime/integration)

https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
2026-04-16 13:08:26 +00:00

151 lines
5.1 KiB
Markdown
Raw Blame History

# Operating Plane Enterprise Checklist — Track 7
> **Parent**: [`MASTER_OPERATING_PROMPT.md`](../../MASTER_OPERATING_PROMPT.md)
> **Plane**: Operating | **Version**: 1.0
---
## Objective
Make Dealix enterprise-saleable by implementing production-grade delivery, security, and provenance controls.
---
## GitHub Repository Governance
| Control | Status | Priority | Action Required |
|---------|--------|----------|----------------|
| Protected `main` branch | Target | P1 | Enable branch protection rules |
| Required CI checks before merge | Target | P1 | Set backend + frontend as required |
| Required code review (1+ approver) | Target | P1 | Enable in branch protection |
| CODEOWNERS file | Target | P1 | Create file mapping dirs to owners |
| Rulesets (GitHub) | Target | P2 | Configure rulesets for main + release branches |
| Environments (staging, production) | Target | P2 | Create GitHub environments |
| Deployment protection rules | Target | P2 | Required reviewers for production |
| Signed commits | Target | P3 | Enable commit signing requirement |
| Secret scanning | Target | P1 | Enable GitHub secret scanning |
| Dependabot | Target | P2 | Enable for Python + Node dependencies |
---
## CI/CD Pipeline
### Current State
- GitHub Actions workflow: `dealix-ci.yml`
- Jobs: `backend` (Python 3.12, pytest) + `frontend` (Node 22, lint + build + Playwright)
- Triggers: Push to main, PRs targeting main (salesflow-saas/ changes)
### Required Enhancements
| Enhancement | Priority | Status |
|-------------|----------|--------|
| Make CI checks required for merge | P1 | Target |
| Add `architecture_brief.py` to CI | P1 | Target |
| Add security scan (SAST) | P1 | Target |
| Add dependency vulnerability scan | P2 | Target |
| Add license compliance check | P3 | Target |
| Container image scanning | P2 | Target |
| Performance regression tests | P3 | Target |
---
## Authentication & Identity
| Control | Current | Target |
|---------|---------|--------|
| JWT authentication | Production | Production |
| Role-based access (RBAC) | Production | Production |
| Multi-factor auth (MFA) | Not implemented | P2 |
| OIDC for CI/CD | Not implemented | P2 — eliminate long-lived cloud secrets |
| SSO (enterprise) | Not implemented | P3 — Keycloak when customer demands |
| API key management | Production (`APIKey` model) | Production |
---
## Artifact Provenance
| Control | Current | Target | Notes |
|---------|---------|--------|-------|
| Docker image tagging | Manual | Automated (SHA-based) | Link image to commit |
| Artifact attestations | Not implemented | P2 | Requires GitHub Enterprise for private repos |
| SBOM generation | Not implemented | P2 | Software Bill of Materials |
| Container signing | Not implemented | P3 | Sigstore/cosign |
---
## Audit & Compliance
| Control | Current | Target |
|---------|---------|--------|
| Application audit logs | Production (`audit_log.py`) | Production |
| Consent audit trail | Production (`PDPLConsentAudit`) | Production |
| AI conversation logs | Production (`ai_conversations`) | Production |
| GitHub audit log | Default retention | P2 — external streaming for long retention |
| Centralized log aggregation | Not implemented | P2 — ELK/Loki/CloudWatch |
| Log retention policy | Not defined | P2 — define per data classification |
---
## Monitoring & Alerting
| Component | Current | Target |
|-----------|---------|--------|
| Application metrics | Prometheus (basic) | P1 — full RED metrics |
| Error tracking | Sentry (configured) | Production |
| Structured logging | StructLog (configured) | Production |
| Uptime monitoring | Not implemented | P1 — health endpoint monitoring |
| SLA monitoring | `sla_escalation_alerts.py` | Production |
| Connector health | `connector_governance.py` | Partial — needs live probes |
| Model routing metrics | `model_routing_dashboard.py` | Partial — needs live collection |
---
## Deployment
| Control | Current | Target |
|---------|---------|--------|
| Docker Compose (dev) | Production | Production |
| Kubernetes (production) | Not implemented | P2 |
| Blue/green deployment | Not implemented | P2 |
| Canary deployment | Feature flags exist | P2 — infra-level canary |
| Rollback procedure | Documented | Documented |
| Database backup | Not automated | P1 |
| Disaster recovery | Not documented | P2 |
---
## CODEOWNERS Template
```
# Default owner
* @VoXc2
# Backend
salesflow-saas/backend/ @VoXc2
salesflow-saas/backend/app/openclaw/ @VoXc2
salesflow-saas/backend/app/services/pdpl/ @VoXc2
# Frontend
salesflow-saas/frontend/ @VoXc2
# Governance
salesflow-saas/docs/governance/ @VoXc2
salesflow-saas/MASTER_OPERATING_PROMPT.md @VoXc2
# Security-sensitive
salesflow-saas/backend/app/services/auth_service.py @VoXc2
salesflow-saas/backend/app/services/security_gate.py @VoXc2
```
---
## Gate: Operating Plane Closure
- [ ] `main` branch protected with required checks
- [ ] CI runs `architecture_brief.py` as validation step
- [ ] CODEOWNERS file exists
- [ ] Secret scanning enabled
- [ ] One release gate is production-grade
- [ ] Provenance: every deployment links to commit SHA
- [ ] No long-lived cloud secrets where OIDC is possible
Reference in New Issue View Git Blame Copy Permalink