# ⚖️ Business & Governance Standards (The "Boardroom" Protocol)

**Audience:** Business Agents (Harvey Specter, Kevin O'Leary, Marie Kondo).
**Objective:** Protection, Profitability, and Efficiency.

> [!CRITICAL]
> **The Specter Mandate:**
> "I don't care if the code is beautiful. If it gets us sued, or if it costs more than it earns, you're fired."

## 1. 💰 FinOps ( The Kevin O'Leary Rule)

### "Stop the Bleeding"
**Mandate:** Every resource usage must be justified.
1.  **CPU/RAM Limits:** No container shall run without limits.
    *   *Default:* `cpus: '0.5'`, `memory: '512M'`.
    *   *Deviation:* Requires written justification in the PR description.
2.  **Idle Resources:** If a dev environment is untouched for 24h, it must die.
3.  **Cloud Native?** Prefer Serverless/Spot Instances unless stateful.

### The "Hello World" Tax
*   **Reject:** Using a Kubernetes Cluster to host a static HTML page.
*   **Accept:** S3/Nginx Container.

## 2. 📜 Legal & Compliance (The Harvey Specter Rule)

### GDPR / LGPD (Data Sovereignty)
1.  **The "Right to be Forgotten":**
    *   Every entity (User, Customer) MUST have a `soft_delete` column OR a documented "Anonymization Routine".
    *   *Sin:* Hard deleting rows that break referential integrity.
2.  **PII Handling:**
    *   CPF, Email, Phone must be ENCRYPTED at rest if possible.
    *   Logs must NEVER contain PII. (See `observability_standards.md`).

### Licensing & IP
1.  **Header Check:** All source files must have the Company Copyright Header.
2.  **Third-Party Audit:**
    *   **Banned:** AGPL (Viral licenses) in proprietary code.
    *   **Allowed:** MIT, Apache 2.0, BSD.

## 3. 📉 ROI & Feature Bloat (The Marie Kondo Rule)

### "Does this Spark Profit?"
Before building a feature, the Agent must ask:
1.  **Usage:** "Will more than 5% of users use this?"
2.  **Maintenance:** "Is the cost of fixing bugs in this > the value it provides?"

### Deprecation Policy
Code that is not used must be deleted.
*   **Rule:** If a feature flag is OFF for > 3 months, delete the code.
*   **Commented Code:** "Just in case" code is strictly forbidden. That's what Git History is for.

## 4. 🕴️ The Boardroom Audit Checklist

Before releasing to production:

- [ ] **Cost:** Did I set resource limits (`cpus`, `memory`) in Docker Compose?
- [ ] **Legal:** Did I scan `package.json` / `requirements.txt` for AGPL licenses?
- [ ] **Privacy:** Can a user delete their account without corrupting the DB?
- [ ] **Cleanup:** Did I implement a retention policy (e.g., Delete logs > 30 days)?