| name | biz-skill-pack |
|---|---|
| created | 2026-04-25 |
| status | ideation |
| tla_required | false |
Sherif tried to hire a contractor on a Tuesday in April 2026. The advisor he was talking to told him he needed at minimum an NDA before the conversation went further. He didn't have one. He didn't know that contractor-built IP, in UK law, defaults to the contractor unless explicitly assigned in writing — so the engineering work he was about to commission would not have been his. He didn't know when to incorporate, what the right vehicle was, what shareholders agreement he'd need before bringing on a co-founder, what GDPR baseline to ship before the first user, or what T&Cs the public site needed. SLO already covers the engineering side end-to-end (ideate → architect → plan → critique → execute → verify → ship → retro), but the company-around-the-product is invisible to the pack. Today he pays for this three ways: (1) he stalls — Tuesday's contractor hire didn't happen because the legal gap surfaced and there was no clear next move; (2) he pays full lawyer rates (Russell Cooke price list, 2026-27: NDA £750, contractor agreement £1,450, IP assignment £750, T&Cs £2,750 — ~£5,700 of templates v1 of /slo-legal would draft) for documents a template-with-triage could produce; (3) he avoids whole categories of work — fundraising, first hires, GDPR — because he has no scaffolding for them and reaching for an external service mid-flow breaks the SLO loop he uses for everything else.
- Two archetypes in one pack — advisor vs generator. Regulated/professional skills (legal, accounting, fundraise, equity) operate as advisors with
draft+translate+triage+preparemodes; lower-stakes skills (talk-to-users, launch, sales-funnel, pricing, metrics, cofounder, hire, founder-check) operate as one-shot generators that produce a single artifact. - Hard-coded refusal gates on advisor skills. Three named conditions force a
triageresponse instead ofdraft: (1) regulated domain — FCA, MHRA, ICO, healthcare, financial services; (2) deal value above £5,000 (Sherif's stated threshold, conservative for a UK seed-stage founder); (3) counterparty has a lawyer OR Sherif is being asked to sign their paper rather than send his. - Jurisdiction as a first-class skill arg. UK ships first because Sherif's reference material (Russell Cooke price list, the 26MB UK Legal Guide) is UK-specific; the schema must accommodate
--jurisdiction us/eulater without reshaping every skill. - ROI block on every advisor skill output. Each generated artifact prints "this would cost £X from a UK solicitor (Russell Cooke 2026-27 baseline)" so the founder can see the cost-of-not-using-the-skill, AND a paired "lawyer-review-recommended-when" block so the saving doesn't become a false economy.
- Shared scaffolding across advisor skills. The triage gate, jurisdiction matrix, deal-value threshold, and biz-artifact frontmatter schema live once in
skills/_biz-shared/(orreferences/biz/), not duplicated across four advisor skills — drift between/slo-legaland/slo-accountingtriage gates is the predictable failure mode if they evolve independently.
- Breach: A founder runs
/slo-legal draft contractor-sowand fills placeholders with real counterparty name, deal value, and IP scope. The output lands indocs/biz/legal/<contractor>-sow.mdinside the user's repo. If that repo is later pushed to a public GitHub remote (a real failure mode — Sherif's existing repo has haddocs/legal/YCNotes.mdmove around between commits), the filled template leaks deal-sensitive terms to anyone running GitHub code search for "Standard Contractor Agreement" + Sherif's company name. The skill must default the output dir to.gitignore'd location and warn at write-time if the parent dir is git-tracked and remote is public. - Compliance fine: Founder runs
/slo-legal draft privacy-noticefor a B2C app processing personal data. Skill produces an OK-looking notice citing legitimate-interest as the lawful basis. Founder ships without lawyer review. An ICO complaint reveals consent was the correct lawful basis under UK GDPR Art. 6, Art. 13 transparency obligations are not fully met, and the lawful-basis disclosure is wrong. ICO can fine up to £17.5M or 4% of annual turnover. Mitigation:draftmode is hard-blocked for ALL GDPR-related documents (privacy notice, ROPA, DPA, internal policies) — onlytranslateandtriageare permitted, with output linking to the Russell Cooke GDPR Package (£1,850 basic, £4,950 full) as the recommended next step. - Silent-wrongness on triage (the analogue of "prolonged outage" for a non-runtime system): Founder asks
/slo-legal triage "I'm hiring my first employee in UK"expecting a clear refuse-and-route response. Skill misclassifies the question as contractor-shaped and offers to draft a contractor agreement, missing that UK employment law adds statutory notice periods, holiday accrual, sick pay, NI/PAYE registration, right-to-work checks, and pension auto-enrolment. Founder uses the wrong template, the engagement is later reclassified by HMRC as employment (IR35 / employment-status determination), founder owes back NI + pension contributions and faces potential ACAS unfair-dismissal claim if the relationship ended badly. Detection lag: 6-24 months. The triage classifier must be conservative — "anyone working substantially full-time, exclusive, under direction" routes to lawyer + accountant, not a contractor template.
- Effort: ~3 weeks. 1 week for the 4 advisor skills (legal, accounting, equity, fundraise) with mode logic embedded per-skill; 1 week for the 8 generator skills; 1 week buffer for
/slo-critiquerevisions. - Wedge: ship
/slo-legalv1 (NDA + contractor SOW + IP assignment + T&Cs + triage gate, all UK, £5k threshold) in week 1. The other 11 skills follow as independent units. - Risks: triage gate logic is duplicated four times across legal/accounting/equity/fundraise — guaranteed drift after the first revision; jurisdiction matrix is re-implemented per skill; the £5k threshold becomes a magic number scattered through prose;
docs/biz/artifact schema diverges per skill author session, so future tooling that wants to read biz artifacts has to handle four formats.
- Effort: ~4 weeks across 3 runbooks, each ≤5 milestones per
/slo-plancap. Runbook A — advisor cluster (4 milestones):/slo-legal(M1, wedge),/slo-accounting(M2),/slo-equity(M3),/slo-fundraise(M4). Runbook B — customer-facing generators (5): talk-to-users, launch, sales-funnel, pricing, metrics. Runbook C — team (3): cofounder, hire, founder-check. - Wedge: M1 of Runbook A is
/slo-legalv1 — NDA + contractor SOW + IP assignment + T&Cs + triage gate, UK, £5k threshold, with the sharedreferences/biz/triage-gate.md,references/biz/jurisdiction-uk.md,references/biz/cost-baseline-russell-cooke-2026.md, andreferences/biz/artifact-schema.mdshipped alongside as the first instance of the shared scaffolding. Ships in ≤ 1 week. Validates the advisor pattern in one skill before replicating to three more. - Risks: shared scaffolding becomes premature abstraction if the advisor cluster ends up being only legal and accounting (equity/fundraise might collapse into legal as modes); jurisdiction matrix is unbounded — UK ≠ US ≠ EU and Sherif may hit US/EU founders within a year; maintaining
cost-baseline-russell-cooke-2026.mdas prices change annually adds drift surface; founders without git literacy may miss the.gitignoreconvention for filled templates.
- Effort: ~6-8 weeks. Mirrors the
sldo-researchprecedent and the proposedsldo-seccrate from the security-embedding runbook. - Wedge: a new crate under
crates/sldo-biz/encodes the triage gate logic, jurisdiction matrix, deal-value thresholds, ROI baseline tables, and template-substitution engine as Rust code. Skills shell out to the binary the same way/slo-researchshells out tosldo-research. - Risks: most of the work is LLM-native judgment, not algorithmic — "is this contractor SOW above the threshold given the scope, payment cadence, and IP scope?" is a reasoning task that gets worse when forced into Rust if-statements; locks the project into maintaining a legal-rules engine that has to be updated annually as the Russell Cooke price list and ICO enforcement priorities shift; prices and thresholds drift faster than crate releases; the engineering pipeline already owns the heavy Rust work, and bolting another crate on for prose-shaped skills inverts the value of the skill pack architecture.
Approach B. The pack is mostly LLM-native judgment work — drafting prose contracts, advising on cofounder splits, translating a legal doc, framing a pitch — and the deterministic parts (the £5k threshold, the UK jurisdiction matrix, the Russell Cooke cost baseline, the docs/biz/ frontmatter schema) are short enough to live as referenced markdown that every advisor skill cites, not code that every advisor skill calls. Approach A is fine for 3 skills but invites drift across 12 (triage gates evolving independently is the failure mode I'm most worried about). Approach C overbuilds — Rust is the wrong runtime for "read this contract and explain it in plain English." The wedge is /slo-legal v1 as M1 of Runbook A, shipping in ≤ 1 week: 4 templates (NDA + contractor SOW + IP assignment + T&Cs), the triage gate (regulated / £5k+ / counterparty-has-lawyer routes to "see a lawyer"), --jurisdiction uk only, ROI block citing the Russell Cooke baseline, and the four shared reference docs landed in the same milestone. M2-M4 (/slo-accounting, /slo-equity, /slo-fundraise) replicate the advisor pattern citing the shared scaffolding rather than re-authoring it. Runbook B is then mechanical generator authoring; Runbook C closes out team. Three PRs total.
- Buy vs build for
/slo-legal— UK legal-doc-as-a-service market: Lawpath, Genie AI, SeedLegals, Rocket Lawyer UK, plus US-side Stripe Atlas / Clerky. What does each cost, what UK-specific document set do they cover, and what's the realistic quality delta vs an LLM-drafted template with the Russell Cooke baseline as ground truth? The pack only justifies itself if in-Claude-with-triage beats a £29/month subscription on either workflow integration, customisation, or speed. - UK GDPR enforcement reality for sub-seed companies — what's the ICO's actual threshold for investigating a small B2C company's privacy notice / lawful-basis disclosure? Is the proposed hard-block on
draftfor ALL GDPR documents too conservative if realistic enforcement risk for a sub-£100k turnover company is near zero? Need ICO published enforcement notices from the last 24 months segmented by company size. - SEIS / EIS qualification rules and founder responsibility — what's the founder's obligation to ensure SEIS/EIS qualification before issuing shares, which mistakes void the investor's tax relief retroactively, and what HMRC advance-assurance step should
/slo-fundraisetriage gate force before any draft term-sheet work? S-EIS pitch-deck PDF is one input; need the qualification-mistake taxonomy. - UK employment-law minimum-protections checklist for first hire — statutory notice, holiday, sick pay, NI/PAYE registration, right-to-work checks, pension auto-enrolment, IR35/employment-status determination factors. What can
/slo-hiretemplate and what must hard-block to lawyer + accountant? Specifically need the IR35 status-determination criteria so the contractor-vs-employee triage gate isn't naive. - Jurisdiction expansion strategy — does the pack ship UK-only and add US/EU as separate
references/biz/jurisdiction-<code>.mdfiles later, or design the matrix from day one to handle three jurisdictions? Marginal cost of a second jurisdiction once the first is shipped — is it 20% of the first or 80%? Anchored question for/slo-architectto decide before/slo-planruns.