Add GoalOS product proof infrastructure, pages, validation, and CI

[MontrealAI]

Motivation

• Provide a safe, public GoalOS commercialization and proof layer that documents a 9-product ladder while keeping paid delivery on Squarespace/Stripe and preserving existing proofs and AEP-001.
• Enable deterministic generation, validation, and link/claim guards so the repo remains a reliable public proof surface without exposing paid buyer artifacts.

Description

• Add a single source-of-truth catalog data/goalos_products.json with exactly 9 bilingual products and placeholders for Squarespace/Stripe CTAs.
• Add a small static site generator scripts/build_goalos_product_pages.py that emits site/goalos/, site/products/ (hub + 9 product pages), site/ai-efficiency-score/, and shared assets site/assets/goalos-products.css and site/assets/goalos-products.js with the marker <!-- GENERATED_BY_GOALOS_PRODUCT_BUILDER -->.
• Add validation and guard scripts: scripts/validate_goalos_products.py, scripts/guard_no_paid_product_files.py, scripts/check_site_links.py, and scripts/repo_claim_boundary_check.py to enforce catalog shape, no paid ZIPs in public paths, local link resolution, and forbidden-claim detection with allowed claim-boundary contexts.
• Add commerce docs under docs/commerce/ describing Squarespace + Stripe delivery and paid-product security, plus a docs/commerce/product_ladder.md summary.
• Add deterministic pytest tests tests/test_goalos_product_catalog.py, tests/test_goalos_product_pages.py, tests/test_no_paid_product_files.py, and tests/test_goalos_claim_boundaries.py that call the validation code rather than fragile snapshots.
• Integrate a non-deploying CI workflow .github/workflows/goalos-product-site-ci.yml to install dev deps, run the builder, run validations/guards/link/claim checks and pytest, and fail if generated pages are stale; and surgically add a guarded GoalOS block into site/index.html inside <!-- GOALOS_PRODUCT_LADDER_START --> / <!-- GOALOS_PRODUCT_LADDER_END --> only.

Testing

• Ran the build and validation pipeline end-to-end: python scripts/build_goalos_product_pages.py, python scripts/validate_goalos_products.py, python scripts/guard_no_paid_product_files.py, python scripts/check_site_links.py, and python scripts/repo_claim_boundary_check.py, and all returned success.
• Ran the test suite with pytest -q after installing dev extras (pip install -e '.[dev]') and all new/collected tests passed (existing suite also exercised; warnings from FastAPI/Starlette noted but non-blocking).
• Confirmed git status --short and git diff --stat show the new files and the guarded homepage insertion only; no existing proof/AEP-001 pages were removed and no paid ZIPs were added.

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 784a308529

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Include releases in the paid ZIP guard

When a paid ZIP is added under releases/ outside releases/AEP-001, this guard silently skips it because releases is not treated as a public prefix, even though the added commerce docs describe releases/AEP-001 as the only ZIP exception. For example, releases/GoalOS_AI_Efficiency_Sprint.zip would not be reported by find_offenders(), so the CI guard can miss exactly the kind of public paid package it is intended to block.

Useful? React with 👍 / 👎.