mirror of
https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git
synced 2026-06-18 15:29:36 +00:00
3ef62652aa
Saves the DEALIX_PHASE2_EXECUTION_WAVES.md 90-day plan and scaffolds every
artifact the coding agent can produce. Wave A-E execution is explicitly
blocked until the Week-12 Phase Gate (§3) returns Green.
Added:
§1 Verification Protocol (V001-V007)
- scripts/v001_secret_scan.sh — trufflehog + gitleaks full-history scan
- backend/tests/security/test_rls_fuzz.py — 10K cross-tenant fuzz
- docs/verification/V003_pentest_engagement.md — vendor RFP + scope
- docs/verification/V004_no_founder_demo_test.md — 3-tester protocol
- scripts/v005_truth_registry_audit.py — independent audit tool
- infra/load-tests/baseline.js — k6 perf baseline
- frontend/tests/a11y/baseline.spec.ts — Playwright+axe baseline
- docs/baselines/README.md + docs/verification/README.md
§2 Founder Decision Sprint (FD001-FD005)
- docs/internal/legal_entity_decision.md — MISA/DIFC/Delaware brief
- docs/internal/trademark_status.md — SAIP filing kit tracker
- docs/hiring/{design_engineer, backend_engineer, head_of_cs}.md
§3 Customer Validation (CV001-CV004)
- docs/customer_learnings/pilot_agreement_template.md
- docs/customer_learnings/pilot_template/success_criteria.md
- docs/customer_learnings/pilot_template/kickoff_checklist.md
- docs/customer_learnings/friction_log.md + feature_requests.yaml
- docs/customer_learnings/weekly_review_template.md
Truth registry updates
- docs/registry/TRUTH.yaml — new verification_protocol,
founder_decision_sprint, customer_validation sections
Gates (post-change):
architecture_brief.py 40/40
release_readiness_matrix 94/94 (added 30 new scaffold checks)
v005_truth_registry_audit 19/19 SUPPORTED
45 lines
2.0 KiB
Markdown
45 lines
2.0 KiB
Markdown
# §1 — Verification Protocol
|
||
|
||
> Convert self-reported completion into externally-validated reality.
|
||
> **NO Wave task starts until all 7 return green.**
|
||
|
||
| ID | Task | Owner | Automation | Status |
|
||
|----|------|-------|------------|--------|
|
||
| V001 | Full git history secret scan | CTO | `scripts/v001_secret_scan.sh` | scripted |
|
||
| V002 | Runtime RLS fuzz test (10K queries) | Backend | `backend/tests/security/test_rls_fuzz.py` | scripted |
|
||
| V003 | External pentest | Founder | [V003_pentest_engagement.md](V003_pentest_engagement.md) | pending engagement |
|
||
| V004 | No-founder customer demo test | Founder | [V004_no_founder_demo_test.md](V004_no_founder_demo_test.md) | pending sessions |
|
||
| V005 | Truth Registry independent audit | 2nd engineer | `scripts/v005_truth_registry_audit.py` | scripted |
|
||
| V006 | Performance baseline (k6) | Backend | `infra/load-tests/baseline.js` → `docs/baselines/perf_YYYYMMDD.json` | scripted |
|
||
| V007 | Accessibility baseline (axe) | Frontend | `frontend/tests/a11y/baseline.spec.ts` → `docs/baselines/a11y_YYYYMMDD.json` | scripted |
|
||
|
||
## Execution order (by week)
|
||
|
||
**Week 1**
|
||
- V001 (secret scan) — run locally, fix any verified leak, THEN commit
|
||
- V005 (registry audit) — independent engineer
|
||
- V002 (RLS fuzz) — add to nightly CI
|
||
|
||
**Week 2**
|
||
- V006 (perf baseline) — requires staging with prod-like data
|
||
- V007 (a11y baseline) — requires frontend routes stable
|
||
- V003 (pentest) — send RFP to 3 vendors, sign SOW
|
||
|
||
**Week 4–6**
|
||
- V004 (no-founder demo) — 3 testers
|
||
|
||
**Week 10**
|
||
- V003 (pentest) — report received, 0 Critical + ≤2 High
|
||
|
||
## Gate
|
||
|
||
- All 7 Green → Verification complete, proceed to §2 + §3.
|
||
- Any Red → HALT. Do not start Wave A. Do not claim production-ready.
|
||
|
||
## Reporting
|
||
|
||
Each V-task writes to:
|
||
- **Internal**: `docs/internal/` (private — secret_audit_log, pentest_report, rotation_log)
|
||
- **Baselines**: `docs/baselines/` (perf + a11y snapshots)
|
||
- **Public registry**: updates propagated to `TRUTH.yaml` + `claims_registry.yaml`
|