mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-17 23:09:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
e1c629bacf
system-prompts-and-models-o.../salesflow-saas/docs/governance/trust-closure-plan.md
Claude e11253ab12
feat(dealix): Tier-1 closure program — 10 tracks complete 
Track 1 — Truth Lock:
  docs/current-vs-target-register.md: Full subsystem maturity register
  (73 Production, 27 Partial, 2 Pilot, 32 Target, 6 Watch = 52.1% maturity)

Track 2 — Document Consistency:
  docs/governance/document-consistency-audit.md: All 6 checks PASS
  (no dangling refs, no overclaim, all paths root-safe, naming consistent)

Track 3 — Decision Plane:
  backend/app/schemas/structured_outputs.py: 17 Pydantic schemas with Provenance
  (LeadScoreCard, QualificationMemo, ProposalPack, PricingDecisionRecord,
   PartnerDossier, EconomicsModel, ApprovalPacket, TargetProfile, DDPlan,
   ValuationMemo, SynergyModel, ICMemo, BoardPackDraft, ExpansionPlan,
   StopLossPolicy, PMIProgramPlan, ExecWeeklyPack)

Track 4 — Execution Plane:
  docs/governance/workflow-inventory.md: 8 short + 8 medium + 6 long-lived
  workflows classified. 3 Temporal candidates with compensation logic.

Track 5 — Trust Fabric:
  docs/governance/trust-closure-plan.md: 5 live components + Watch adoption
  criteria for OPA/OpenFGA/Vault/Keycloak

Track 6 — Data & Connectors:
  docs/governance/connector-standard.md: Connector facade contract, semantic
  metrics dictionary, radar additions (Airbyte, Unstructured, Great Expectations)

Track 7 — Operating Plane:
  docs/governance/operating-plane-checklist.md: GitHub governance, CI/CD
  enhancements, CODEOWNERS template, OIDC/attestation roadmap

Track 8 — Saudi/GCC:
  docs/governance/saudi-enterprise-readiness.md: PDPL processing register,
  data classification, NCA ECC readiness, OWASP LLM Top 10, NIST AI RMF

Track 9 — Executive Surfaces:
  docs/governance/executive-surface-closure.md: Wiring plan with real data
  queries for Executive Room, Approval Center, Compliance Dashboard

Track 10 — Market Dominance:
  docs/governance/market-dominance-plan.md: 3-tier packaging (Core/Strategic/
  Sovereign), ROI narrative, competitive wedge, capability moat map,
  executive sales stories (CEO/CTO/CFO/CISO)

Master Checklist: docs/tier1-master-closure-checklist.md
  50 items total — 25 Done (documentation), 25 Target (runtime/integration)

https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
2026-04-16 13:08:26 +00:00

129 lines
4.3 KiB
Markdown
Raw Blame History

# Trust Fabric Closure Plan — Track 5
> **Parent**: [`trust-fabric.md`](trust-fabric.md)
> **Plane**: Trust | **Version**: 1.0
---
## Objective
Transform Trust Plane from "policy engine + audit logs" to "no sensitive action without approval + verification + evidence + correlation."
---
## Live Trust Components Required
### 1. Approval Packet Flow (Priority 1)
**Goal**: At least one path where Class B action goes through structured ApprovalPacket → review → approve/reject → execute → evidence.
**Target Path**: WhatsApp outreach to new lead
```
Agent proposes send_whatsapp
→ ApprovalPacket schema generated (structured_outputs.py)
→ Policy gate classifies as B
→ ApprovalRequest created with SLA deadline
→ Reviewer gets notification
→ Approve → approval_token issued
→ OpenClaw gateway executes with token
→ Tool receipt generated
→ Evidence logged to ai_conversations + audit_log
```
**Required Wiring**:
- `ApprovalPacket` schema → `approval_bridge.py` integration
- SLA deadline field on `ApprovalRequest` model
- Notification to reviewer (email/WhatsApp)
- Evidence: approval_token + tool_receipt + audit_log linked by `trace_id`
### 2. Tool Verification Receipt Flow (Priority 1)
**Goal**: At least one tool call produces a verifiable receipt.
**Implementation**:
- `tool_verification.py` already exists
- `tool_receipts.py` already exists
- Need: receipts written for WhatsApp plugin calls
- Need: receipt includes `trace_id`, `tenant_id`, `action`, `result_hash`, `timestamp`
### 3. Contradiction Detection (Priority 2)
**Goal**: Real contradictions detected and flagged.
**Implementation Plan**:
- Wire `contradiction_engine.py` to CI pipeline
- On governance doc change: run LLM scan against other governance docs
- Store detected contradictions in `contradictions` table
- Show in Policy Violations Board frontend
### 4. Evidence Pack Viewer (Priority 2)
**Goal**: Unified evidence pack that links decision → tool → approval → output.
**Implementation**:
- `evidence_pack_service.py` exists
- Need: `assemble_deal_pack` that queries real data:
- Deal from `deals` table
- Lead from `leads` table
- Activities from `activities` table
- Messages from `messages` table
- Approvals from `approval_requests` table
- AI conversations from `ai_conversations` table
- Consent from `consents` table
### 5. Trace Correlation (Priority 1)
**Goal**: `trace_id` / `correlation_id` links all related records.
**Implementation**:
- Add `correlation_id` to `DomainEvent` (already exists as field)
- Pass `correlation_id` through OpenClaw gateway → task router → agent → handler
- Store in `ai_conversations.correlation_id`, `audit_log.correlation_id`
- Query by `correlation_id` in evidence pack assembly
---
## Watch Technologies — Adoption Criteria
### OPA (Open Policy Agent)
**Adopt when**:
- Policy rules exceed 50 AND are complex (nested conditions, temporal logic)
- Current `policy.py` becomes maintenance burden
- ADR demonstrates value with prototype
**Spike criteria**:
- [ ] Prototype: 5 existing policy rules expressed in Rego
- [ ] Benchmark: latency comparison vs current Python implementation
- [ ] Integration: OPA sidecar evaluated for performance
### OpenFGA
**Adopt when**:
- Authorization logic exceeds role-based (needs relationship-based)
- Multi-tenant permission inheritance becomes complex
- ADR demonstrates value with prototype
**Spike criteria**:
- [ ] Prototype: tenant → user → resource permission graph
- [ ] Benchmark: query latency for "can user X do action Y on resource Z"
- [ ] Integration: OpenFGA as authorization service evaluated
### Vault
**Adopt when**:
- Secret rotation is needed for compliance
- 10+ distinct secret types managed
- Environment variables become unwieldy
### Keycloak
**Adopt when**:
- SSO requirement from enterprise customer
- Multi-IdP federation needed
- Current JWT auth insufficient
---
## Gate: Trust Closure
- [ ] One approval flow live end-to-end with SLA
- [ ] One tool verification receipt generated and stored
- [ ] One contradiction detected in real scan
- [ ] One evidence pack assembled from real deal data
- [ ] `trace_id` links decision → approval → execution → evidence
- [ ] Contradiction dashboard shows real data
- [ ] Approval SLA measured for at least one path
Reference in New Issue View Git Blame Copy Permalink