mancitrus/system-prompts-and-models-of-ai-tools

mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-18 15:29:36 +00:00

feat(dealix): complete Tier-1 Sovereign Enterprise Growth OS

Governance layer (14 docs):
- MASTER_OPERATING_PROMPT.md — operating constitution (five planes, six tracks, policy classes)
- docs/ai-operating-model.md — five-plane architecture (Decision/Execution/Trust/Data/Operating)
- docs/dealix-six-tracks.md — six strategic tracks (Revenue/Intelligence/Compliance/Expansion/Operations/Trust)
- docs/governance/execution-fabric.md — OpenClaw execution plane deep dive
- docs/governance/trust-fabric.md — trust plane with contradiction engine + evidence packs
- docs/governance/saudi-compliance-and-ai-governance.md — PDPL/ZATCA/SDAIA/NCA live controls
- docs/governance/technology-radar-tier1.md — Core/Strong/Pilot/Watch/Hold classification
- docs/governance/partnership-os.md — alliance lifecycle management
- docs/governance/ma-os.md — M&A corporate development lifecycle
- docs/governance/expansion-os.md — geographic and vertical growth
- docs/governance/pmi-os.md — post-merger integration framework
- docs/governance/executive-board-os.md — executive decision surfaces
- docs/execution-matrix-90d-tier1.md — 90-day sprint execution plan
- docs/adr/0001-tier1-execution-policy-spikes.md — 8 architectural decisions

Backend (3 models, 6 services, 8 API routes):
- Contradiction Engine — detect/track system conflicts
- Evidence Pack System — tamper-evident audit proof with SHA256
- Saudi Compliance Matrix — live PDPL/ZATCA/SDAIA/NCA controls
- Executive Room — unified executive decision surface
- Connector Governance — integration health monitoring
- Model Routing Dashboard — LLM provider metrics
- Forecast Control Center — actual vs forecast across tracks
- Approval Center — enhanced approval queue with SLA

Frontend (9 components):
- Executive Room, Evidence Pack Viewer, Approval Center
- Connector Governance Board, Saudi Compliance Dashboard
- Actual vs Forecast Dashboard, Risk Heatmap
- Policy Violations Board, Partner Pipeline Board

Tooling:
- scripts/architecture_brief.py — preflight validation (40/40 checks pass)
- Updated CLAUDE.md and AGENTS.md with governance references

https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs

2026-04-16 12:48:13 +00:00

7.5 KiB

Raw Blame History

Trust Fabric — Dealix Trust Plane Deep Dive

Parent: MASTER_OPERATING_PROMPT.md
Plane: Trust | Tracks: Trust, Compliance
Version: 1.0 | Status: Canonical

Overview

The Trust Fabric ensures that every action in Dealix is authorized, auditable, and compliant. No sensitive action bypasses this layer. The Trust Plane sits between the Decision Plane and the Execution Plane, intercepting every Class B and C action.

Architecture

┌─────────────────────────────────────┐
│           TRUST PLANE               │
│                                     │
│  ┌─────────┐  ┌──────────────────┐  │
│  │ Policy  │  │ Approval Bridge  │  │
│  │ Engine  │──│ (approval_bridge)│  │
│  │(policy) │  └────────┬─────────┘  │
│  └─────────┘           │            │
│                        ▼            │
│  ┌──────────────────────────────┐   │
│  │     Trust Score Service      │   │
│  │   (trust_score_service.py)   │   │
│  └──────────────────────────────┘   │
│                                     │
│  ┌─────────┐  ┌──────────────────┐  │
│  │Security │  │  SLA Escalation  │  │
│  │  Gate   │  │     Alerts       │  │
│  └─────────┘  └──────────────────┘  │
│                                     │
│  ┌─────────┐  ┌──────────────────┐  │
│  │  Audit  │  │  Contradiction   │  │
│  │ Service │  │     Engine       │  │
│  └─────────┘  └──────────────────┘  │
│                                     │
│  ┌─────────┐  ┌──────────────────┐  │
│  │  PDPL   │  │    Evidence      │  │
│  │ Engine  │  │  Pack Service    │  │
│  └─────────┘  └──────────────────┘  │
└─────────────────────────────────────┘

Policy Enforcement

Approval Bridge Flow

# OpenClawApprovalBridge.evaluate()
1. Check tenant_id exists         → Block if missing
2. Classify action (A/B/C)        → Block if C (forbidden)
3. Check cross_tenant_context     → Block if true
4. Check canary enforcement       → Block if outside canary without token
5. Check approval_token           → Block if B and no token
6. Allow execution                → Return allowed=True

Approval Request Model

Field	Type	Purpose
`channel`	String	whatsapp, email, sms
`resource_type`	String	Entity requiring approval
`resource_id`	UUID	Entity ID
`payload`	JSONB	Action details
`status`	String	pending → approved / rejected
`requested_by_id`	FK(users)	Who requested
`reviewed_by_id`	FK(users)	Who approved/rejected
`reviewed_at`	DateTime	When reviewed
`sla_deadline_at`	DateTime	SLA expiry (new)
`escalation_level`	Integer	Current escalation level (new)
`priority`	String	critical/high/normal/low (new)

Trust Scoring

Entities receive trust scores based on behavior:

Entity	Factors	Range
Lead	Engagement, data quality, consent status	0-100
Affiliate	Performance, fraud flags, tenure	0-100
Company	CR verification, payment history	0-100
Connector	Uptime, error rate, auth health	0-100

Implementation: services/trust_score_service.py, models/advanced.py (TrustScore)

Audit Trail

Every state change is recorded:

class AuditLog(TenantModel):
    user_id     # Who performed the action
    action      # What action (create, update, delete, approve, reject)
    entity_type # What entity (lead, deal, consent, approval)
    entity_id   # Which entity
    changes     # JSONB diff (old_value → new_value)
    ip_address  # Client IP

Additional audit layers:

PDPLConsentAudit — Immutable consent change log
DomainEvent — Event-sourced business events
ai_conversations — All AI agent inputs/outputs/tokens

Contradiction Engine (New)

Detects and tracks conflicts between documents, policies, and system behavior.

Contradiction Record

Field	Purpose
`source_a` / `source_b`	Which documents/systems conflict
`claim_a` / `claim_b`	The conflicting claims
`contradiction_type`	factual, temporal, scope, policy
`severity`	critical, high, medium, low
`status`	detected → reviewing → resolved / accepted
`resolution`	How it was resolved
`evidence`	Supporting data (JSONB)

Detection Methods

Manual: Human reports contradiction
AI Scan: LLM compares governance docs for conflicts
Runtime: System detects behavior inconsistent with policy

Evidence Pack System (New)

Assembles auditable proof from system data:

Pack Types

Type	Contents
`deal_closure`	Deal data, lead history, activities, messages, proposals, approvals, consent records
`compliance_audit`	Consent stats, PDPL checks, audit logs, complaint resolutions
`board_report`	KPIs, pipeline, revenue, risks, strategic deals
`incident_response`	Event timeline, actions taken, impact assessment

Pack Properties

Immutable: Once assembled, contents are SHA256-hashed
Tamper-evident: Hash signature stored for verification
Exportable: JSON + PDF formats
Traceable: Every item links to source record

SLA Enforcement

Level	Threshold	Action
Warning	75% of SLA elapsed	Notify assignee
Breach	100% of SLA elapsed	Escalate to manager
L3 Escalation	150% of SLA elapsed	Escalate to executive

Implementation: services/sla_escalation_alerts.py

Security Layers

Layer	Component	Purpose
Pre-release	`security_gate.py`	Validate before deployment
Runtime	`shannon_security.py`	Deep security scanning
Outbound	`outbound_governance.py`	Govern external communications
Tool	`tool_verification.py`	Verify tool integrity
Skill	`skill_governance.py`	Govern agent skill usage

Current vs Target

Capability	Current	Target
Policy classes (A/B/C)	Live	Live
Approval bridge	Live	Enhanced with SLA
Trust scoring	Live	Live
Audit trail	Live	Live
PDPL consent enforcement	Live	Live
Security gate	Live	Live
Contradiction Engine	Not implemented	Building
Evidence Pack System	Not implemented	Building
Saudi Compliance Matrix	Not implemented	Building
OPA policy engine	Not evaluated	Watch
OpenFGA authorization	Not evaluated	Watch
Vault secrets management	Not evaluated	Watch
Keycloak identity	Not evaluated	Watch

7.5 KiB Raw Blame History