docs: scope first paid features into the product roadmap#98
Conversation
Fold the two first paid features from the business model into concrete roadmap work, both built on the shipped Organizer trust pipeline and both local-first (files the user owns, no cloud required): - §6 Audit as a compliance artifact: retention controls, tamper-evidence (hash-chained entries), per-period/per-client compliance report export, and optional signed export — building on organizer_export_audit. - §7 Team policy templates: exportable/importable policy packs (Zone + rules + trust), admin-authored managed/locked policy, and an internal shared playbook library as the local-first precursor to a marketplace. Reconcile the "What not to build yet" list so these Organizer-wedge, local-first team/compliance features are not confused with the still- deferred enterprise cloud sync and hosted marketplace. Cross-link business-model.md <-> PRODUCT_ROADMAP.md §6-§7. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Vy2Lt4hoeK6K4f8LfhWXWg
✅ Deploy Preview for muhammadghost ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e07101205c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| - **Tamper-evidence** — hash-chain audit entries (each run references the prior | ||
| run's hash) so the log is provably append-only and verifiable offline. Local, | ||
| no network. |
There was a problem hiding this comment.
Avoid overstating hash-chain tamper evidence
When the verifier only has the local log or export, a hash chain without a trusted checkpoint or signature only proves internal consistency: someone who can edit the stored audit rows can rewrite old entries and recompute every later hash, and offline verification will still pass. Since this section is defining a compliance feature that auditors can rely on, either require a signed/anchored head hash/checkpoint for this guarantee or soften the claim to tamper-evident relative to a trusted prior digest.
Useful? React with 👍 / 👎.
| - Enterprise **cloud** sync (the local-first, file-based policy packs and | ||
| compliance exports in §6–§7 are fine and are the paid path; a cloud relay is | ||
| an *optional* add-on, never a requirement). |
There was a problem hiding this comment.
Keep boundary docs aligned for compliance exports
This carves local compliance exports out as “fine and ... the paid path,” but docs/core-boundaries.md still lists enterprise audit logs as an experimental surface that must not be treated as production-ready. Because this changes the stable/experimental boundary for audit/compliance work, contributors will get contradictory guidance unless the boundary doc is updated with this Organizer-only carve-out or this roadmap keeps the feature explicitly experimental.
Useful? React with 👍 / 👎.
| - **Managed / locked policy** — an admin-authored pack members apply but can't | ||
| silently loosen; trust levels and rules stay as the firm set them (the policy | ||
| engine already enforces trust server-side, so this is distribution + a lock | ||
| flag, not a new trust mechanism). |
There was a problem hiding this comment.
Add a real authority for locked policy packs
As written, this treats distribution plus a lock flag as enough to stop members from weakening admin-authored rules, but the current Organizer surface lets any local caller add rules or change trust in the local DB and the policy engine only enforces whatever rules it loads. For the Team feature to provide the promised admin control, the roadmap should call for a signed/imported policy authority or MDM-enforced lock instead of saying this is not a new trust mechanism.
Useful? React with 👍 / 👎.
| The moat and tiered model live in `docs/business-model.md`; the business | ||
| lives in the **Team/Business** tier, sold on control, compliance, and support — | ||
| never on cloud lock-in. These are the first two paid features, both built on the | ||
| already-shipped Organizer trust pipeline (rule-attributed, exportable audit | ||
| landed in #96). Both stay **local-first**: policy packs and compliance exports | ||
| are files the user owns, distributed however the firm likes — no cloud required. |
There was a problem hiding this comment.
Update the canonical product-direction docs
This section defines the first paid Team/Business features and local-first distribution path, which is a product-direction change, but the repository’s AGENTS.md documentation rules require product direction changes to update README.md and AGENTS.md in the same change. Because this commit only edits the roadmap and business model, the canonical instructions and public README still lack this paid-path carve-out and continue to give contributors a different prioritization/boundary picture.
Useful? React with 👍 / 👎.
Summary
Folds the two first paid features from
docs/business-model.mdinto concrete roadmap work indocs/PRODUCT_ROADMAP.md, giving the business model an actual build path. Docs-only; no code or behavior change.Both features are built on the already-shipped Organizer trust pipeline (rule-attributed exportable audit landed in #96) and both stay local-first — policy packs and compliance exports are files the user owns, no cloud required.
Trust & safety
The doc explicitly notes neither proposed feature crosses a privacy boundary in
CLAUDE.md, and that what's paid is the tier, not the safety.Changes
docs/PRODUCT_ROADMAP.md:organizer_export_audit.business-model.md's build order.docs/business-model.md: forward-link to the new roadmap sections.Validation
CLAUDE.mdproduct identity,AGENTS.md(checklists over essays), and the shipped command surface.Risks / follow-up
storage/executions.rs, since that's the smallest concrete slice of §6.🤖 Generated with Claude Code
https://claude.ai/code/session_01Vy2Lt4hoeK6K4f8LfhWXWg
Generated by Claude Code