mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-18 07:19:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f4c5cab4fd
system-prompts-and-models-o.../salesflow-saas/docs/governance/operating-plane-checklist.md
Claude e11253ab12
feat(dealix): Tier-1 closure program — 10 tracks complete 
Track 1 — Truth Lock:
  docs/current-vs-target-register.md: Full subsystem maturity register
  (73 Production, 27 Partial, 2 Pilot, 32 Target, 6 Watch = 52.1% maturity)

Track 2 — Document Consistency:
  docs/governance/document-consistency-audit.md: All 6 checks PASS
  (no dangling refs, no overclaim, all paths root-safe, naming consistent)

Track 3 — Decision Plane:
  backend/app/schemas/structured_outputs.py: 17 Pydantic schemas with Provenance
  (LeadScoreCard, QualificationMemo, ProposalPack, PricingDecisionRecord,
   PartnerDossier, EconomicsModel, ApprovalPacket, TargetProfile, DDPlan,
   ValuationMemo, SynergyModel, ICMemo, BoardPackDraft, ExpansionPlan,
   StopLossPolicy, PMIProgramPlan, ExecWeeklyPack)

Track 4 — Execution Plane:
  docs/governance/workflow-inventory.md: 8 short + 8 medium + 6 long-lived
  workflows classified. 3 Temporal candidates with compensation logic.

Track 5 — Trust Fabric:
  docs/governance/trust-closure-plan.md: 5 live components + Watch adoption
  criteria for OPA/OpenFGA/Vault/Keycloak

Track 6 — Data & Connectors:
  docs/governance/connector-standard.md: Connector facade contract, semantic
  metrics dictionary, radar additions (Airbyte, Unstructured, Great Expectations)

Track 7 — Operating Plane:
  docs/governance/operating-plane-checklist.md: GitHub governance, CI/CD
  enhancements, CODEOWNERS template, OIDC/attestation roadmap

Track 8 — Saudi/GCC:
  docs/governance/saudi-enterprise-readiness.md: PDPL processing register,
  data classification, NCA ECC readiness, OWASP LLM Top 10, NIST AI RMF

Track 9 — Executive Surfaces:
  docs/governance/executive-surface-closure.md: Wiring plan with real data
  queries for Executive Room, Approval Center, Compliance Dashboard

Track 10 — Market Dominance:
  docs/governance/market-dominance-plan.md: 3-tier packaging (Core/Strategic/
  Sovereign), ROI narrative, competitive wedge, capability moat map,
  executive sales stories (CEO/CTO/CFO/CISO)

Master Checklist: docs/tier1-master-closure-checklist.md
  50 items total — 25 Done (documentation), 25 Target (runtime/integration)

https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
2026-04-16 13:08:26 +00:00

5.1 KiB
Raw Blame History

Operating Plane Enterprise Checklist — Track 7

Parent: MASTER_OPERATING_PROMPT.md
Plane: Operating | Version: 1.0

Objective

Make Dealix enterprise-saleable by implementing production-grade delivery, security, and provenance controls.

GitHub Repository Governance

Control Status Priority Action Required
Protected main branch Target P1 Enable branch protection rules
Required CI checks before merge Target P1 Set backend + frontend as required
Required code review (1+ approver) Target P1 Enable in branch protection
CODEOWNERS file Target P1 Create file mapping dirs to owners
Rulesets (GitHub) Target P2 Configure rulesets for main + release branches
Environments (staging, production) Target P2 Create GitHub environments
Deployment protection rules Target P2 Required reviewers for production
Signed commits Target P3 Enable commit signing requirement
Secret scanning Target P1 Enable GitHub secret scanning
Dependabot Target P2 Enable for Python + Node dependencies

CI/CD Pipeline

Current State

  • GitHub Actions workflow: dealix-ci.yml
  • Jobs: backend (Python 3.12, pytest) + frontend (Node 22, lint + build + Playwright)
  • Triggers: Push to main, PRs targeting main (salesflow-saas/ changes)

Required Enhancements

Enhancement Priority Status
Make CI checks required for merge P1 Target
Add architecture_brief.py to CI P1 Target
Add security scan (SAST) P1 Target
Add dependency vulnerability scan P2 Target
Add license compliance check P3 Target
Container image scanning P2 Target
Performance regression tests P3 Target

Authentication & Identity

Control Current Target
JWT authentication Production Production
Role-based access (RBAC) Production Production
Multi-factor auth (MFA) Not implemented P2
OIDC for CI/CD Not implemented P2 — eliminate long-lived cloud secrets
SSO (enterprise) Not implemented P3 — Keycloak when customer demands
API key management Production (APIKey model) Production

Artifact Provenance

Control Current Target Notes
Docker image tagging Manual Automated (SHA-based) Link image to commit
Artifact attestations Not implemented P2 Requires GitHub Enterprise for private repos
SBOM generation Not implemented P2 Software Bill of Materials
Container signing Not implemented P3 Sigstore/cosign

Audit & Compliance

Control Current Target
Application audit logs Production (audit_log.py) Production
Consent audit trail Production (PDPLConsentAudit) Production
AI conversation logs Production (ai_conversations) Production
GitHub audit log Default retention P2 — external streaming for long retention
Centralized log aggregation Not implemented P2 — ELK/Loki/CloudWatch
Log retention policy Not defined P2 — define per data classification

Monitoring & Alerting

Component Current Target
Application metrics Prometheus (basic) P1 — full RED metrics
Error tracking Sentry (configured) Production
Structured logging StructLog (configured) Production
Uptime monitoring Not implemented P1 — health endpoint monitoring
SLA monitoring sla_escalation_alerts.py Production
Connector health connector_governance.py Partial — needs live probes
Model routing metrics model_routing_dashboard.py Partial — needs live collection

Deployment

Control Current Target
Docker Compose (dev) Production Production
Kubernetes (production) Not implemented P2
Blue/green deployment Not implemented P2
Canary deployment Feature flags exist P2 — infra-level canary
Rollback procedure Documented Documented
Database backup Not automated P1
Disaster recovery Not documented P2

CODEOWNERS Template

# Default owner
* @VoXc2

# Backend
salesflow-saas/backend/ @VoXc2
salesflow-saas/backend/app/openclaw/ @VoXc2
salesflow-saas/backend/app/services/pdpl/ @VoXc2

# Frontend
salesflow-saas/frontend/ @VoXc2

# Governance
salesflow-saas/docs/governance/ @VoXc2
salesflow-saas/MASTER_OPERATING_PROMPT.md @VoXc2

# Security-sensitive
salesflow-saas/backend/app/services/auth_service.py @VoXc2
salesflow-saas/backend/app/services/security_gate.py @VoXc2

Gate: Operating Plane Closure

  • main branch protected with required checks
  • CI runs architecture_brief.py as validation step
  • CODEOWNERS file exists
  • Secret scanning enabled
  • One release gate is production-grade
  • Provenance: every deployment links to commit SHA
  • No long-lived cloud secrets where OIDC is possible