biz-skill-pack.md

name	biz-skill-pack
created	2026-04-25
status	ideation
tla_required	false

Business-side skill pack for SLO

The pain

Sherif tried to hire a contractor on a Tuesday in April 2026. The advisor he was talking to told him he needed at minimum an NDA before the conversation went further. He didn't have one. He didn't know that contractor-built IP, in UK law, defaults to the contractor unless explicitly assigned in writing — so the engineering work he was about to commission would not have been his. He didn't know when to incorporate, what the right vehicle was, what shareholders agreement he'd need before bringing on a co-founder, what GDPR baseline to ship before the first user, or what T&Cs the public site needed. SLO already covers the engineering side end-to-end (ideate → architect → plan → critique → execute → verify → ship → retro), but the company-around-the-product is invisible to the pack. Today he pays for this three ways: (1) he stalls — Tuesday's contractor hire didn't happen because the legal gap surfaced and there was no clear next move; (2) he pays full lawyer rates (Russell Cooke price list, 2026-27: NDA £750, contractor agreement £1,450, IP assignment £750, T&Cs £2,750 — ~£5,700 of templates v1 of /slo-legal would draft) for documents a template-with-triage could produce; (3) he avoids whole categories of work — fundraising, first hires, GDPR — because he has no scaffolding for them and reaching for an external service mid-flow breaks the SLO loop he uses for everything else.

Five capabilities the user described without realising

• Two archetypes in one pack — advisor vs generator. Regulated/professional skills (legal, accounting, fundraise, equity) operate as advisors with draft + translate + triage + prepare modes; lower-stakes skills (talk-to-users, launch, sales-funnel, pricing, metrics, cofounder, hire, founder-check) operate as one-shot generators that produce a single artifact.
• Hard-coded refusal gates on advisor skills. Three named conditions force a triage response instead of draft: (1) regulated domain — FCA, MHRA, ICO, healthcare, financial services; (2) deal value above £5,000 (Sherif's stated threshold, conservative for a UK seed-stage founder); (3) counterparty has a lawyer OR Sherif is being asked to sign their paper rather than send his.
• Jurisdiction as a first-class skill arg. UK ships first because Sherif's reference material (Russell Cooke price list, the 26MB UK Legal Guide) is UK-specific; the schema must accommodate --jurisdiction us/eu later without reshaping every skill.
• ROI block on every advisor skill output. Each generated artifact prints "this would cost £X from a UK solicitor (Russell Cooke 2026-27 baseline)" so the founder can see the cost-of-not-using-the-skill, AND a paired "lawyer-review-recommended-when" block so the saving doesn't become a false economy.
• Shared scaffolding across advisor skills. The triage gate, jurisdiction matrix, deal-value threshold, and biz-artifact frontmatter schema live once in skills/_biz-shared/ (or references/biz/), not duplicated across four advisor skills — drift between /slo-legal and /slo-accounting triage gates is the predictable failure mode if they evolve independently.

Top risks

• Breach: A founder runs /slo-legal draft contractor-sow and fills placeholders with real counterparty name, deal value, and IP scope. The output lands in docs/biz/legal/<contractor>-sow.md inside the user's repo. If that repo is later pushed to a public GitHub remote (a real failure mode — Sherif's existing repo has had docs/legal/YCNotes.md move around between commits), the filled template leaks deal-sensitive terms to anyone running GitHub code search for "Standard Contractor Agreement" + Sherif's company name. The skill must default the output dir to .gitignore'd location and warn at write-time if the parent dir is git-tracked and remote is public.
• Compliance fine: Founder runs /slo-legal draft privacy-notice for a B2C app processing personal data. Skill produces an OK-looking notice citing legitimate-interest as the lawful basis. Founder ships without lawyer review. An ICO complaint reveals consent was the correct lawful basis under UK GDPR Art. 6, Art. 13 transparency obligations are not fully met, and the lawful-basis disclosure is wrong. ICO can fine up to £17.5M or 4% of annual turnover. Mitigation: draft mode is hard-blocked for ALL GDPR-related documents (privacy notice, ROPA, DPA, internal policies) — only translate and triage are permitted, with output linking to the Russell Cooke GDPR Package (£1,850 basic, £4,950 full) as the recommended next step.
• Silent-wrongness on triage (the analogue of "prolonged outage" for a non-runtime system): Founder asks /slo-legal triage "I'm hiring my first employee in UK" expecting a clear refuse-and-route response. Skill misclassifies the question as contractor-shaped and offers to draft a contractor agreement, missing that UK employment law adds statutory notice periods, holiday accrual, sick pay, NI/PAYE registration, right-to-work checks, and pension auto-enrolment. Founder uses the wrong template, the engagement is later reclassified by HMRC as employment (IR35 / employment-status determination), founder owes back NI + pension contributions and faces potential ACAS unfair-dismissal claim if the relationship ended badly. Detection lag: 6-24 months. The triage classifier must be conservative — "anyone working substantially full-time, exclusive, under direction" routes to lawyer + accountant, not a contractor template.

Approach A — flat skill pack (12 SKILL.md files, no shared infra)

• Effort: ~3 weeks. 1 week for the 4 advisor skills (legal, accounting, equity, fundraise) with mode logic embedded per-skill; 1 week for the 8 generator skills; 1 week buffer for /slo-critique revisions.
• Wedge: ship /slo-legal v1 (NDA + contractor SOW + IP assignment + T&Cs + triage gate, all UK, £5k threshold) in week 1. The other 11 skills follow as independent units.
• Risks: triage gate logic is duplicated four times across legal/accounting/equity/fundraise — guaranteed drift after the first revision; jurisdiction matrix is re-implemented per skill; the £5k threshold becomes a magic number scattered through prose; docs/biz/ artifact schema diverges per skill author session, so future tooling that wants to read biz artifacts has to handle four formats.

Approach B — pack with shared scaffolding (12 skills + references/biz/)

• Effort: ~4 weeks across 3 runbooks, each ≤5 milestones per /slo-plan cap. Runbook A — advisor cluster (4 milestones): /slo-legal (M1, wedge), /slo-accounting (M2), /slo-equity (M3), /slo-fundraise (M4). Runbook B — customer-facing generators (5): talk-to-users, launch, sales-funnel, pricing, metrics. Runbook C — team (3): cofounder, hire, founder-check.
• Wedge: M1 of Runbook A is /slo-legal v1 — NDA + contractor SOW + IP assignment + T&Cs + triage gate, UK, £5k threshold, with the shared references/biz/triage-gate.md, references/biz/jurisdiction-uk.md, references/biz/cost-baseline-russell-cooke-2026.md, and references/biz/artifact-schema.md shipped alongside as the first instance of the shared scaffolding. Ships in ≤ 1 week. Validates the advisor pattern in one skill before replicating to three more.
• Risks: shared scaffolding becomes premature abstraction if the advisor cluster ends up being only legal and accounting (equity/fundraise might collapse into legal as modes); jurisdiction matrix is unbounded — UK ≠ US ≠ EU and Sherif may hit US/EU founders within a year; maintaining cost-baseline-russell-cooke-2026.md as prices change annually adds drift surface; founders without git literacy may miss the .gitignore convention for filled templates.

Approach C — Rust backend crate (sldo-biz)

• Effort: ~6-8 weeks. Mirrors the sldo-research precedent and the proposed sldo-sec crate from the security-embedding runbook.
• Wedge: a new crate under crates/sldo-biz/ encodes the triage gate logic, jurisdiction matrix, deal-value thresholds, ROI baseline tables, and template-substitution engine as Rust code. Skills shell out to the binary the same way /slo-research shells out to sldo-research.
• Risks: most of the work is LLM-native judgment, not algorithmic — "is this contractor SOW above the threshold given the scope, payment cadence, and IP scope?" is a reasoning task that gets worse when forced into Rust if-statements; locks the project into maintaining a legal-rules engine that has to be updated annually as the Russell Cooke price list and ICO enforcement priorities shift; prices and thresholds drift faster than crate releases; the engineering pipeline already owns the heavy Rust work, and bolting another crate on for prose-shaped skills inverts the value of the skill pack architecture.

Recommendation

Approach B. The pack is mostly LLM-native judgment work — drafting prose contracts, advising on cofounder splits, translating a legal doc, framing a pitch — and the deterministic parts (the £5k threshold, the UK jurisdiction matrix, the Russell Cooke cost baseline, the docs/biz/ frontmatter schema) are short enough to live as referenced markdown that every advisor skill cites, not code that every advisor skill calls. Approach A is fine for 3 skills but invites drift across 12 (triage gates evolving independently is the failure mode I'm most worried about). Approach C overbuilds — Rust is the wrong runtime for "read this contract and explain it in plain English." The wedge is /slo-legal v1 as M1 of Runbook A, shipping in ≤ 1 week: 4 templates (NDA + contractor SOW + IP assignment + T&Cs), the triage gate (regulated / £5k+ / counterparty-has-lawyer routes to "see a lawyer"), --jurisdiction uk only, ROI block citing the Russell Cooke baseline, and the four shared reference docs landed in the same milestone. M2-M4 (/slo-accounting, /slo-equity, /slo-fundraise) replicate the advisor pattern citing the shared scaffolding rather than re-authoring it. Runbook B is then mechanical generator authoring; Runbook C closes out team. Three PRs total.

Open questions for /slo-research

1. Buy vs build for /slo-legal — UK legal-doc-as-a-service market: Lawpath, Genie AI, SeedLegals, Rocket Lawyer UK, plus US-side Stripe Atlas / Clerky. What does each cost, what UK-specific document set do they cover, and what's the realistic quality delta vs an LLM-drafted template with the Russell Cooke baseline as ground truth? The pack only justifies itself if in-Claude-with-triage beats a £29/month subscription on either workflow integration, customisation, or speed.
2. UK GDPR enforcement reality for sub-seed companies — what's the ICO's actual threshold for investigating a small B2C company's privacy notice / lawful-basis disclosure? Is the proposed hard-block on draft for ALL GDPR documents too conservative if realistic enforcement risk for a sub-£100k turnover company is near zero? Need ICO published enforcement notices from the last 24 months segmented by company size.
3. SEIS / EIS qualification rules and founder responsibility — what's the founder's obligation to ensure SEIS/EIS qualification before issuing shares, which mistakes void the investor's tax relief retroactively, and what HMRC advance-assurance step should /slo-fundraise triage gate force before any draft term-sheet work? S-EIS pitch-deck PDF is one input; need the qualification-mistake taxonomy.
4. UK employment-law minimum-protections checklist for first hire — statutory notice, holiday, sick pay, NI/PAYE registration, right-to-work checks, pension auto-enrolment, IR35/employment-status determination factors. What can /slo-hire template and what must hard-block to lawyer + accountant? Specifically need the IR35 status-determination criteria so the contractor-vs-employee triage gate isn't naive.
5. Jurisdiction expansion strategy — does the pack ship UK-only and add US/EU as separate references/biz/jurisdiction-<code>.md files later, or design the matrix from day one to handle three jurisdictions? Marginal cost of a second jurisdiction once the first is shipped — is it 20% of the first or 80%? Anchored question for /slo-architect to decide before /slo-plan runs.