60 lines
2.5 KiB
Markdown
60 lines
2.5 KiB
Markdown
# ⚖️ Business & Governance Standards (The "Boardroom" Protocol)
|
|
|
|
**Audience:** Business Agents (Harvey Specter, Kevin O'Leary, Marie Kondo).
|
|
**Objective:** Protection, Profitability, and Efficiency.
|
|
|
|
> [!CRITICAL]
|
|
> **The Specter Mandate:**
|
|
> "I don't care if the code is beautiful. If it gets us sued, or if it costs more than it earns, you're fired."
|
|
|
|
## 1. 💰 FinOps ( The Kevin O'Leary Rule)
|
|
|
|
### "Stop the Bleeding"
|
|
**Mandate:** Every resource usage must be justified.
|
|
1. **CPU/RAM Limits:** No container shall run without limits.
|
|
* *Default:* `cpus: '0.5'`, `memory: '512M'`.
|
|
* *Deviation:* Requires written justification in the PR description.
|
|
2. **Idle Resources:** If a dev environment is untouched for 24h, it must die.
|
|
3. **Cloud Native?** Prefer Serverless/Spot Instances unless stateful.
|
|
|
|
### The "Hello World" Tax
|
|
* **Reject:** Using a Kubernetes Cluster to host a static HTML page.
|
|
* **Accept:** S3/Nginx Container.
|
|
|
|
## 2. 📜 Legal & Compliance (The Harvey Specter Rule)
|
|
|
|
### GDPR / LGPD (Data Sovereignty)
|
|
1. **The "Right to be Forgotten":**
|
|
* Every entity (User, Customer) MUST have a `soft_delete` column OR a documented "Anonymization Routine".
|
|
* *Sin:* Hard deleting rows that break referential integrity.
|
|
2. **PII Handling:**
|
|
* CPF, Email, Phone must be ENCRYPTED at rest if possible.
|
|
* Logs must NEVER contain PII. (See `observability_standards.md`).
|
|
|
|
### Licensing & IP
|
|
1. **Header Check:** All source files must have the Company Copyright Header.
|
|
2. **Third-Party Audit:**
|
|
* **Banned:** AGPL (Viral licenses) in proprietary code.
|
|
* **Allowed:** MIT, Apache 2.0, BSD.
|
|
|
|
## 3. 📉 ROI & Feature Bloat (The Marie Kondo Rule)
|
|
|
|
### "Does this Spark Profit?"
|
|
Before building a feature, the Agent must ask:
|
|
1. **Usage:** "Will more than 5% of users use this?"
|
|
2. **Maintenance:** "Is the cost of fixing bugs in this > the value it provides?"
|
|
|
|
### Deprecation Policy
|
|
Code that is not used must be deleted.
|
|
* **Rule:** If a feature flag is OFF for > 3 months, delete the code.
|
|
* **Commented Code:** "Just in case" code is strictly forbidden. That's what Git History is for.
|
|
|
|
## 4. 🕴️ The Boardroom Audit Checklist
|
|
|
|
Before releasing to production:
|
|
|
|
- [ ] **Cost:** Did I set resource limits (`cpus`, `memory`) in Docker Compose?
|
|
- [ ] **Legal:** Did I scan `package.json` / `requirements.txt` for AGPL licenses?
|
|
- [ ] **Privacy:** Can a user delete their account without corrupting the DB?
|
|
- [ ] **Cleanup:** Did I implement a retention policy (e.g., Delete logs > 30 days)?
|