mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-17 23:09:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
abb94f4a4e
system-prompts-and-models-o.../salesflow-saas/SECURITY.md
Claude 84762f08ab
Add complete launch infrastructure: models, APIs, agents, compliance, docs, knowledge base 
Phase 1 - Repo Hardening:
- README.md, LICENSE, SECURITY.md, CONTRIBUTING.md
- GitHub Actions repo-hygiene workflow
- docs/: ARCHITECTURE, DATA-MODEL, API-MAP, AGENT-MAP, DEPLOYMENT-NOTES

Phase 2 - Database Models (7 new):
- Company, Contact, Call, Commission, Payout, Dispute, GuaranteeClaim
- Consent, Complaint, Policy, KnowledgeArticle, SectorAsset
- Updated models/__init__.py with all 32+ models

Phase 3 - API Surfaces (16 new route files):
- companies, contacts, calls, meetings, commissions, payouts
- disputes, guarantees, consents, complaints, knowledge
- sectors, presentations, supervisor, admin, health
- Updated router.py with all 24 route groups

Phase 4 - AI Prompt Registry (18 agent contracts):
- Lead Qualification, Affiliate Recruitment Evaluator, Onboarding Coach
- Outreach Writer, Arabic WhatsApp, English Conversation, Voice Call
- Meeting Booking, Sector Strategist, Objection Handler
- Proposal Drafter, QA Reviewer, Compliance Reviewer
- Knowledge Retrieval, Revenue Attribution, Fraud Reviewer
- Guarantee Claim Reviewer, Management Summary

Phase 5 - Communication Templates:
- 15 production templates (WhatsApp, email, voice, internal)
- Arabic + English variants with variable interpolation

Phase 6 - Compliance Center (7 legal docs):
- Privacy policy, Terms of service, Refund policy
- Commission policy, Affiliate rules, Consent policy, Data protection
- All PDPL-compliant, Arabic

Phase 7 - Celery Workers (fully implemented):
- follow_up_tasks: automated lead follow-ups with workflow execution
- message_tasks: WhatsApp/email/SMS with retry logic
- notification_tasks: daily reports, meeting reminders, in-app notifications
- affiliate_tasks: target checking, commission calculation, weekly reports, AI outreach

Phase 8 - Knowledge Base OS (8 files):
- Services overview, Pricing policy, Channel policy, Meeting policy
- Identity rules, Escalation rules, Hiring path, Internal SOPs

https://claude.ai/code/session_01KnJgK7RwyeCvRZTRThHtfU
2026-03-31 07:57:48 +00:00

1.4 KiB
Raw Blame History

Security Policy

Reporting a Vulnerability

Do not open a public issue. Report vulnerabilities privately:

  1. Email the maintainer directly, or
  2. Use GitHub's private vulnerability reporting on this repository.

Include: description, reproduction steps, affected component, and severity estimate.

You will receive an acknowledgment within 48 hours and a resolution timeline within 7 days.

Scope

The following categories are in scope for security reports:

Category Examples
Authentication Bypass Token forgery, session hijacking, OAuth flaws
Exposed Secrets Credentials, API keys, or tokens in code/logs/responses
Remote Code Execution Injection via API inputs, template rendering, task queue
Privilege Escalation Tenant cross-access, role bypass, admin impersonation
Data Exposure PII leaks, unscoped queries, verbose error responses
Commission Abuse Fraudulent affiliate attribution, payout manipulation
Infrastructure Misconfiguration Open ports, default credentials, permissive CORS, debug mode in production

Out of Scope

  • Denial of service via volumetric flooding
  • Social engineering of team members
  • Vulnerabilities in third-party services we do not control
  • Reports without actionable reproduction steps

Disclosure

We follow coordinated disclosure. We will credit reporters (with permission) once a fix is deployed.