mirror of
https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git
synced 2026-06-17 23:09:35 +00:00
3ef62652aa
Saves the DEALIX_PHASE2_EXECUTION_WAVES.md 90-day plan and scaffolds every
artifact the coding agent can produce. Wave A-E execution is explicitly
blocked until the Week-12 Phase Gate (§3) returns Green.
Added:
§1 Verification Protocol (V001-V007)
- scripts/v001_secret_scan.sh — trufflehog + gitleaks full-history scan
- backend/tests/security/test_rls_fuzz.py — 10K cross-tenant fuzz
- docs/verification/V003_pentest_engagement.md — vendor RFP + scope
- docs/verification/V004_no_founder_demo_test.md — 3-tester protocol
- scripts/v005_truth_registry_audit.py — independent audit tool
- infra/load-tests/baseline.js — k6 perf baseline
- frontend/tests/a11y/baseline.spec.ts — Playwright+axe baseline
- docs/baselines/README.md + docs/verification/README.md
§2 Founder Decision Sprint (FD001-FD005)
- docs/internal/legal_entity_decision.md — MISA/DIFC/Delaware brief
- docs/internal/trademark_status.md — SAIP filing kit tracker
- docs/hiring/{design_engineer, backend_engineer, head_of_cs}.md
§3 Customer Validation (CV001-CV004)
- docs/customer_learnings/pilot_agreement_template.md
- docs/customer_learnings/pilot_template/success_criteria.md
- docs/customer_learnings/pilot_template/kickoff_checklist.md
- docs/customer_learnings/friction_log.md + feature_requests.yaml
- docs/customer_learnings/weekly_review_template.md
Truth registry updates
- docs/registry/TRUTH.yaml — new verification_protocol,
founder_decision_sprint, customer_validation sections
Gates (post-change):
architecture_brief.py 40/40
release_readiness_matrix 94/94 (added 30 new scaffold checks)
v005_truth_registry_audit 19/19 SUPPORTED
|
||
|---|---|---|
| .. | ||
| README.md | ||
| V003_pentest_engagement.md | ||
| V004_no_founder_demo_test.md | ||
§1 — Verification Protocol
Convert self-reported completion into externally-validated reality. NO Wave task starts until all 7 return green.
| ID | Task | Owner | Automation | Status |
|---|---|---|---|---|
| V001 | Full git history secret scan | CTO | scripts/v001_secret_scan.sh |
scripted |
| V002 | Runtime RLS fuzz test (10K queries) | Backend | backend/tests/security/test_rls_fuzz.py |
scripted |
| V003 | External pentest | Founder | V003_pentest_engagement.md | pending engagement |
| V004 | No-founder customer demo test | Founder | V004_no_founder_demo_test.md | pending sessions |
| V005 | Truth Registry independent audit | 2nd engineer | scripts/v005_truth_registry_audit.py |
scripted |
| V006 | Performance baseline (k6) | Backend | infra/load-tests/baseline.js → docs/baselines/perf_YYYYMMDD.json |
scripted |
| V007 | Accessibility baseline (axe) | Frontend | frontend/tests/a11y/baseline.spec.ts → docs/baselines/a11y_YYYYMMDD.json |
scripted |
Execution order (by week)
Week 1
- V001 (secret scan) — run locally, fix any verified leak, THEN commit
- V005 (registry audit) — independent engineer
- V002 (RLS fuzz) — add to nightly CI
Week 2
- V006 (perf baseline) — requires staging with prod-like data
- V007 (a11y baseline) — requires frontend routes stable
- V003 (pentest) — send RFP to 3 vendors, sign SOW
Week 4–6
- V004 (no-founder demo) — 3 testers
Week 10
- V003 (pentest) — report received, 0 Critical + ≤2 High
Gate
- All 7 Green → Verification complete, proceed to §2 + §3.
- Any Red → HALT. Do not start Wave A. Do not claim production-ready.
Reporting
Each V-task writes to:
- Internal:
docs/internal/(private — secret_audit_log, pentest_report, rotation_log) - Baselines:
docs/baselines/(perf + a11y snapshots) - Public registry: updates propagated to
TRUTH.yaml+claims_registry.yaml