Unify public-site validation and paid-artifact guard; add docs, badges, and workflows

[MontrealAI]

Motivation

• Centralize and modernize public-site validation and the paid-file guard to prevent paid/private artifacts from being published and to use a shared v14 rule set.
• Replace embedded/duplicated validation in workflow YAML with lightweight, reusable Python validators and clear operator guidance.
• Refresh public-facing documentation, badges, and product catalog so README/docs are the canonical public entry points and the release path is explicit.
• Mark obsolete validation workflows to avoid accidental manual deployment and make the autonomous GitHub Actions release order explicit.

Description

• Updated GitHub Actions to call shared validation scripts (notably scripts/check_no_paid_artifacts.py and scripts/validate_goalos_public_site.py), renamed job titles for clarity, and added a new validate-goalos-catalog.yml workflow.
• Added a large set of documentation and governance files under docs/ (catalog, policies, product ladder, validation guidance, figures, and tables) and refreshed README.md, CONTRIBUTING.md, QA_VERIFICATION.md, and SECURITY.md to reference the new validations and shop boundary.
• Added static assets and badges under badges/ and assets/, updated REPO_FILE_TREE.txt and repository_manifest.json, and introduced/expanded the proof_gradient package area in the tree.
• Enhanced validation code: strengthened scripts/goalos_public_site_rules.py patterns and unpacked/extended scripts/validate_docs_tables_figures.py, scripts/validate_goalos_catalog.py, and scripts/validate_goalos_public_site.py to validate docs, tables, figures, catalog consistency, AEP allowlist, and blocked paid/private artifacts.

Testing

• Ran the paid-artifact guard and site validators via python scripts/check_no_paid_artifacts.py and python scripts/validate_goalos_public_site.py, and they passed in the validation environment.
• Ran docs/tables/figures and catalog checks with python scripts/validate_docs_tables_figures.py and python scripts/validate_goalos_catalog.py, which completed successfully.
• Ran repository tests with pytest and make test and the Cloud MVP unit script node site/app/goalos-cloud-mvp/tests/enterprise-core.test.mjs, all of which passed in the test environment (with noted FastAPI deprecation warnings only).
• Validation and test commands used during the audit are recorded in docs/GOALOS_REPO_AUDIT.md and the updated repository_manifest.json lists required validation scripts.

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a5e08f4b96

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Restrict paid-link scanning to actual Markdown links

This scans every parenthesized phrase in README/docs, not just links, so valid prose such as (private artifacts stay outside the public site) or (paid buyer products are excluded) is passed to is_blocked_paid_or_private_artifact and fails the catalog validator because terms like private, paid, or buyer are treated as blocked path tokens. Since this validator is now wired into PR workflows, ordinary documentation edits about the paid/private boundary can be blocked even when they add no public artifact link.

Useful? React with 👍 / 👎.