Reorganize brain: projects/ top level, rename filenames, update homepage

- Moved everything from ideas/passepartout/ to projects/passepartout/
- Moved legal structures to projects/flags/
- Created missing _index.org files for all subdirectories
- Stripped redundant passepartout- prefix from filenames
- Rewrote root _index.org as generalized brain index (projects + concepts)
- Updated Hugo nav to Projects/Concepts
- Updated build script section descriptions
- Deleted stale ideas/passepartout-economics.md orphan

projects/passepartout/strategy/compliance/sox.org

@@ -0,0 +1,28 @@
+:PROPERTIES:
+:ID:       c9830152-0160-4bdc-ab03-6f308ad43536
+:ID:       auto-sox
+:CREATED:  [2026-05-23 Sat]
+:END:
+#+title: SOX (Sarbanes-Oxley Act)
+#+filetags: :passepartout:compliance:framework:sox:
+
+
+US federal law (2002). Mandates internal controls over financial reporting
+(ICFR) for publicly traded companies. Section 404 requires management to assess
+and auditors to attest to the effectiveness of internal controls.
+
+Who must comply: All US public companies; foreign issuers trading on US exchanges.
+~6,000 public companies + foreign filers.
+
+Penalties: Up to $5M fines and 20 years imprisonment for certifying false
+financial statements. CEO and CFO personally liable.
+
+Why it matters: Every financial control is a gate rule — who can approve a
+journal entry, who can release a payment, who can modify a vendor record. The
+gate stack encodes these as ACL2-verified rules and produces the audit trail
+that the external auditor needs for Section 404 attestation. First-mover
+advantage: SOX is mature (24 years old) but the audit market is $4B+ and
+entirely manual — no competitor has automated the evidence pipeline.
+
+** [[id:4a2bc62b-3f21-4212-9cd9-f9add8fc0be1][GLBA (Gramm-Leach-Bliley Act)]]
+