# SCRIMED Boundary Resolution Register Brief

Status: boundary-resolution-register-active
Proof stack: cross-system-boundary-resolution-register-no-authority-claim
Record count: 120

## Boundary
SCRIMED Boundary Resolution Register organizes known product, service-packaging, client-onboarding, communications, calendar, demo, presentation, scalability, SLO/SLA, managed-service, support, incident, regional hosting, API, UI, AI model-routing, agent execution, evidence retrieval, accessibility, limitation-workaround, clinical, PHI, health-records, legal, regional, reimbursement, security, QA, public-market, global certification, continuous review, innovation, enterprise legal/finance, revenue, and production-readiness boundaries into owned controls, safe workarounds, proof routes, and remaining gates. It does not authorize live clinical care, PHI processing, legal approval, regional regulatory approval, reimbursement certainty, security certification, accessibility certification, production clinical authorization, autonomous clinical decisions, live autonomous AI, production model routing, public API SLAs, patient outreach, autonomous email send, autonomous calendar invite creation, contract approval, procurement approval, contractual SLAs, uptime guarantees, managed service commitments, production support guarantees, data-residency approval, payer submission, EHR writeback, public customer claims, audited financial reporting, revenue or profit guarantees, managed 24/7 SOC/MDR coverage, public quantum capability claims, trillion-dollar-scale equivalence claims, or securities offering material.

## Operating Position
Every known boundary in this register has an owner, proof route, safe workaround, and remaining gate. Boundaries that require licensed clinicians, counsel, customer approval, security certification, reimbursement review, regional approval, or human AAL2 evidence remain explicitly unresolved until the right external evidence exists.

## Safe Commercial Position
SCRIMED remains sellable as a governed synthetic pilot, workflow intelligence assessment, AI readiness and governance audit, and clinical operations automation blueprint while live clinical care, PHI processing, production connectors, public claims, and reimbursement actions stay gated.

## Counts By State
- active-control: 27
- safe-workaround-active: 9
- human-aal2-required: 11
- customer-specific-required: 16
- external-approval-required: 38
- blocked-before-approval: 19

## Counts By Category
- clinical-authority: 8
- clinical-care-activation: 16
- agent-workspace: 8
- qa-evidence: 7
- public-market-readiness: 5
- global-certification-readiness: 6
- continuous-review-audit: 13
- health-records-safety-exchange: 5
- product-service-offerings: 6
- client-onboarding-communications: 8
- enterprise-scalability-operations: 10
- limitations-workaround-operations: 12
- platform-power-operations: 12
- enterprise-growth-operations: 4

## Operating Rules
- Do not enter PHI, payer member data, production credentials, source contracts, medical records, or patient identifiers into current public or synthetic pilot workflows.
- Use Health Records Safety Exchange for no-PHI extraction planning, patient-safety lint, source attribution, and live-data workaround routing before any record workflow expands.
- Use Product and Services Portfolio before pricing, pilots, diligence, implementation, or enterprise-license work expands so every opportunity has one package, one offer, one proof route, one margin control, and one retained boundary.
- Use Client Onboarding and Communications before buyer meetings, demo follow-up, pilot workshops, decks, emails, and calendar-ready agendas leave SCRIMED; humans must approve sends and events.
- Use Enterprise Scalability Operations before enterprise traffic, tenant scale, support tiers, SLO/SLA language, regional hosting, disaster recovery, or cost commitments expand.
- Use Platform Power Operations before API, UI, AI, model-routing, agent-tool, evidence-retrieval, accessibility, or trillion-scale positioning claims expand.
- Use Limitations and Workaround Operations when an issue is blocked so every safe alternative has a packet, owner, proof route, escalation trigger, expiration rule, and graduation gate.
- Do not claim live clinical authority, legal approval, reimbursement certainty, security certification, regional regulatory approval, or production go-live before signed external evidence exists.
- Do not claim HIPAA, SOC 2, HITRUST, ISO, FDA, ONC, EU AI Act, GDPR, NHS, MHRA, Essential Eight, or other certification/approval status before the qualified external authority exists.
- Do not position 24/7 review agents as managed SOC/MDR coverage, autonomous remediation, error-free AI review, clinical validation, or public quantum capability.
- Do not present revenue, ROI, profit margin, valuation, fundraising, legal, accounting, or tax conclusions without qualified review and retained release authority.
- Use protected AAL2 workspaces and no-secret evidence packets for operator proof.
- Use synthetic fixtures, metadata-only references, and external evidence-room references while sensitive artifacts remain outside SCRIMED.
- Escalate high-risk clinical, legal, privacy, security, payer, public-claims, or production connector requests to the retained owner instead of improvising.

## Boundary Records
- Live clinical care authority (clinical-authority, blocked-before-approval): SCRIMED may demonstrate synthetic workflow intelligence and readiness planning, but it may not deliver care, triage emergencies, diagnose, treat, prescribe, order, or communicate patient instructions. Control: Clinical-care gates, Trust Cards, blocked capability lists, human-review controls, and protected clinical activation dossiers are available for review. Workaround: Sell synthetic pilot evaluation, workflow intelligence assessment, and draft-only clinician-reviewed planning. Remaining gate: No patient-impacting workflow until licensed clinical sign-off and customer go-live approval are recorded.
- PHI and ePHI processing authority (clinical-authority, customer-specific-required): Public routes, demos, smoke checks, and readiness packets remain synthetic-only or metadata-only. No live patient identifiers, payer member records, or production clinical records are authorized. Control: Protected workspaces, AAL2 gates, audit logs, evidence-room metadata controls, provider security review, and procurement evidence registry are in place. Workaround: Use synthetic fixtures, de-identified data only when contract-approved, and no-sensitive-artifact evidence links. Remaining gate: No PHI, ePHI, patient record, payer member data, or production credential enters SCRIMED until legal and privacy/security authorization is signed.
- Legal approval and contracting authority (clinical-authority, customer-specific-required): SCRIMED materials can describe readiness, pilots, and retained gates. They are not legal advice, executed contracting authority, certification, or production authorization. Control: Approved/prohibited claim controls, release decisions, named reviewer sign-offs, distribution lockbox, release authority attestations, and external approval evidence links are active. Workaround: Use controlled buyer packets with explicit boundaries and no public customer or certification claims. Remaining gate: No public customer claim, live care claim, certified compliance claim, or production deployment claim without qualified release approval.
- Regional regulatory approval (clinical-authority, external-approval-required): Global Reach maps priority regions and localization requirements, but it does not create regional legal, procurement, privacy, data-residency, or clinical authorization. Control: Region packs, deployment profiles, sovereign-readiness posture, localization questions, and retained approval gates are organized. Workaround: Run synthetic executive evaluations and partner qualification without live data, public authority claims, or production integrations. Remaining gate: No production regional launch, government program claim, or local clinical deployment claim until the region-specific authority path is approved.
- Reimbursement, coverage, coding, and payer policy approval (clinical-authority, customer-specific-required): SCRIMED can support draft operational intelligence for prior authorization, denial risk, and revenue-cycle review, but it cannot guarantee reimbursement or submit claims without authorized human review. Control: Finance methodology gates, KPI definitions, no-guarantee language, protected metric rollups, and public-market operating discipline are available. Workaround: Deliver denial-risk review, prior-authorization packet drafting, and revenue leakage analysis as human-reviewed draft support. Remaining gate: No coverage determination, final coding, claim submission, denial appeal submission, or reimbursement claim without qualified review.
- Security certification and procurement approval (clinical-authority, external-approval-required): SCRIMED has security-ready architecture evidence and protected review workflows, but it does not claim SOC 2, ISO, HITRUST, FedRAMP, penetration-test approval, or customer vendor-risk approval unless those artifacts are actually issued. Control: Provider security review, procurement evidence registry, access-log reconciliation, Trust Safety Ops, incident workspaces, and audit packets are active. Workaround: Present readiness posture, control inventory, and no-sensitive-artifact evidence links while independent certification remains pending. Remaining gate: No security certification, procurement approval, or production security acceptance claim without issued evidence and customer acceptance.
- Production clinical authorization (clinical-authority, blocked-before-approval): Production clinical execution is denied. No live workflow may write records, message patients, submit payer transactions, or affect clinical operations without final authorization. Control: Customer activation approvals, production SSO readiness, buyer diligence room, command intelligence packets, and clinical activation approval workflow are linked. Workaround: Use protected pilot rooms, command snapshots, and readiness packets to prepare the go-live decision without activating production care. Remaining gate: No production tenant go-live until customer, clinical, legal, privacy, security, support, and SCRIMED release authority sign off.
- Certified health IT and connector approval (clinical-authority, external-approval-required): SCRIMED can demonstrate synthetic FHIR, HL7, DICOM, X12, and EHR-readiness concepts, but it does not claim ONC certification, EHR marketplace approval, payer connection approval, or live connector certification. Control: Interoperability standards registry, synthetic conformance kits, integration contracts, and deployment profile evidence are active. Workaround: Use synthetic conformance tests, fixture validation, and connector contracts with live connector actions denied. Remaining gate: No production connector read, write, order, referral, claim, imaging retrieval, or record mutation until customer and platform approval are complete.
- Intended-use and regulatory classification review (clinical-care-activation, external-approval-required): Intended-use and regulatory classification review is external-review-required; blocked capabilities: clinical decision support claims, diagnosis support, treatment recommendations. Control: FDA CDS/SaMD boundary review, intended-use statement, public claim review, labeling scope, and product-risk memo. Workaround: Keep outputs framed as operational intelligence, synthetic evaluation, draft support, or clinician-reviewed planning until classification is approved. Remaining gate: Any clinical decision-support, diagnostic, treatment, or medical-device-like deployment claim.
- Licensed clinical governance board and accountable medical director (clinical-care-activation, blocked-before-approval): Licensed clinical governance board and accountable medical director is blocked; blocked capabilities: live patient triage, care-plan recommendation, clinical safety scoring. Control: Named licensed reviewers, approval charter, escalation policy, scope-specific protocols, and sign-off records. Workaround: Run buyer demos and synthetic workflow reviews with clear non-clinical boundary language. Remaining gate: Any care-team workflow that influences patient-specific clinical decisions.
- Clinical safety case, hazard analysis, and escalation model (clinical-care-activation, external-approval-required): Clinical safety case, hazard analysis, and escalation model is external-review-required; blocked capabilities: patient-specific risk horizon prompts, emergency guidance, clinical escalation automation. Control: Hazard log, unsafe-output taxonomy, clinician escalation policy, emergency boundary, safety acceptance criteria, and rollback plan. Workaround: Use TrustOS blocked-action traces and synthetic risk examples without patient-specific execution. Remaining gate: Prospective clinical pilots, patient-specific risk prompts, or human-reviewed clinical workflows.
- Signed customer clinical scope and care-setting authorization (clinical-care-activation, customer-specific-required): Signed customer clinical scope and care-setting authorization is customer-specific; blocked capabilities: customer production pilot, site-specific workflow execution, customer go-live. Control: Executed statement of work, care-setting scope, allowed users, excluded workflows, pilot objectives, and go-live approvers. Workaround: Sell and deliver synthetic pilot evaluation, readiness assessment, governance audit, and implementation blueprint packages. Remaining gate: Any customer-environment clinical pilot or production workflow.
- BAA/DPA path, privacy notices, retention, residency, and processing register (clinical-care-activation, customer-specific-required): BAA/DPA path, privacy notices, retention, residency, and processing register is customer-specific; blocked capabilities: PHI processing, patient identifiers, payer member data, live clinical records. Control: BAA or non-PHI determination, DPA where applicable, privacy notice review, retention schedule, data residency map, and processor register. Workaround: Keep public and pilot routes synthetic-only and metadata-only until the customer-specific data path is signed. Remaining gate: Any PHI, ePHI, payer member data, live clinical record, or patient identifier enters SCRIMED systems.
- HIPAA Security Rule safeguard mapping (clinical-care-activation, external-approval-required): HIPAA Security Rule safeguard mapping is external-review-required; blocked capabilities: ePHI workflows, clinical data storage, production tenant PHI processing. Control: Administrative, physical, and technical safeguard mapping; risk analysis; access controls; audit controls; transmission security; and contingency plan. Workaround: Use current TrustOS, protected workspace, audit, rate-limit, passkey/AAL2, and no-PHI controls as readiness evidence, not compliance certification. Remaining gate: Any ePHI processing or production healthcare customer security review.
- Production identity, RBAC, AAL2/SSO, and access review (clinical-care-activation, active-control): Production identity, RBAC, AAL2/SSO, and access review is foundation-ready; blocked capabilities: broad customer user onboarding, patient-context access, break-glass access. Control: Supabase Auth, passkey or magic-link sign-in, AAL2 gates for protected actions, tenant-admin checks, and access-review planning. Workaround: Continue protected synthetic pilots with tenant-admin AAL2 and explicit role boundaries while customer SSO remains gated. Remaining gate: Customer users access protected clinical or operational workspaces.
- PHI-ready data architecture, encryption, deletion, legal hold, and regional controls (clinical-care-activation, blocked-before-approval): PHI-ready data architecture, encryption, deletion, legal hold, and regional controls is blocked; blocked capabilities: clinical memory persistence, medical-record storage, evidence vault PHI upload. Control: Data classification, encryption/key management, DLP, malware scanning, deletion workflow, legal hold, residency, backup, and restore testing. Workaround: Keep evidence vault readiness metadata-only and disable sensitive document upload until signed controls exist. Remaining gate: Any live clinical data persistence, evidence vault upload, or production workspace memory.
- FHIR, HL7, DICOM, X12, payer, and EHR connector validation (clinical-care-activation, blocked-before-approval): FHIR, HL7, DICOM, X12, payer, and EHR connector validation is blocked; blocked capabilities: EHR writeback, order entry, referral submission, claim submission, imaging retrieval. Control: Conformance testing, customer sandbox acceptance, interface monitoring, reconciliation, mapping review, purpose-of-use policy, and partner sign-off. Workaround: Use deterministic synthetic conformance kits, integration fixtures, and connector contracts until a customer sandbox is approved. Remaining gate: Any production connector reads, writes, orders, referrals, payer transactions, imaging retrieval, or record mutation.
- Human authority model, reviewer workflow, and override logging (clinical-care-activation, active-control): Human authority model, reviewer workflow, and override logging is foundation-ready; blocked capabilities: autonomous clinical decisions, autonomous outreach, autonomous payer submission. Control: Human review required controls, reviewer status fields, blocked actions, Trust Cards, audit traces, and protected packet exports. Workaround: Keep every output draft-only, recommendation-like, evidence-backed, and review-required. Remaining gate: Any AI-assisted workflow that influences clinical, payer, or operational actions.
- Clinical validation protocol and licensed sign-off (clinical-care-activation, blocked-before-approval): Clinical validation protocol and licensed sign-off is blocked; blocked capabilities: clinical correctness scoring in care, risk prediction, care-gap scoring. Control: Validation cohort, inclusion/exclusion criteria, source truth, reviewer rubric, acceptance thresholds, bias/equity review, and sign-off. Workaround: Measure workflow outcomes on synthetic or approved de-identified data while clinical correctness remains unvalidated. Remaining gate: Any patient-specific output is used in care delivery or clinical operations.
- Clinical, privacy, security, and AI incident response playbooks (clinical-care-activation, external-approval-required): Clinical, privacy, security, and AI incident response playbooks is external-review-required; blocked capabilities: 24/7 clinical operations, production PHI incident handling, adverse-event handling. Control: Severity model, notification matrix, breach analysis path, adverse-event escalation, containment actions, legal hold, and post-incident review. Workaround: Use current Trust Safety Operations incident workspaces for no-PHI synthetic issues and readiness rehearsal. Remaining gate: Any production clinical, PHI, or customer-integrated workflow.
- Continuous validation, monitoring, drift, and outcome learning (clinical-care-activation, active-control): Continuous validation, monitoring, drift, and outcome learning is foundation-ready; blocked capabilities: automated scale-up, model route auto-promotion, unmonitored workflow execution. Control: QA evidence ledger, manual run evidence capture, workflow outcome metrics, command snapshots, trust metrics, and escalation rates. Workaround: Retain synthetic QA and buyer-demo evidence while production observability remains customer-specific. Remaining gate: Scaled pilots, model-route changes, and production workflow expansion.
- Reimbursement, claims, coding, and payer policy review (clinical-care-activation, customer-specific-required): Reimbursement, claims, coding, and payer policy review is customer-specific; blocked capabilities: coverage determination, claim submission, billing finalization, reimbursement guarantee. Control: Payer policy sources, CMS/coverage review, coding compliance review, no-guarantee reimbursement language, and human approval. Workaround: Provide denial-risk review and prior-auth support as draft, evidence-backed, human-reviewed operational intelligence. Remaining gate: Any prior authorization, claim, coding, denial appeal, reimbursement, or payer-submission workflow.
- Patient communication, consent, accessibility, and emergency-care boundary (clinical-care-activation, blocked-before-approval): Patient communication, consent, accessibility, and emergency-care boundary is blocked; blocked capabilities: patient outreach, patient education delivery, triage messaging, emergency advice. Control: Consent model, communication templates, accessibility review, language support, patient-safety disclaimers, and emergency escalation policy. Workaround: Keep patient-facing materials as internal draft templates for authorized human review. Remaining gate: Any patient-facing outreach, education, triage, scheduling, or care-plan communication.
- Production go-live approval, rollback plan, and post-launch controls (clinical-care-activation, customer-specific-required): Production go-live approval, rollback plan, and post-launch controls is customer-specific; blocked capabilities: production launch, expanded production rollout, customer-wide activation. Control: Go-live checklist, launch approval packet, rollback plan, monitoring dashboard, support coverage, and post-launch review cadence. Workaround: Use buyer diligence exports, command intelligence packets, and clinical activation readiness briefs to prepare for approval. Remaining gate: Any live clinical-care production launch.
- Live PHI ingestion is not enabled. (agent-workspace, safe-workaround-active): SCRIMED cannot yet process real patient records inside production workflows. Control: Use synthetic fixtures, no-PHI buyer intake, protected pilot sessions, TrustOS decisions, and metadata-only evidence packets. Workaround: Use synthetic fixtures, no-PHI buyer intake, protected pilot sessions, TrustOS decisions, and metadata-only evidence packets. Remaining gate: BAA/DPA, privacy notice, consent, retention, security review, and customer authorization.
- Autonomous clinical decisions remain prohibited. (agent-workspace, active-control): SCRIMED cannot diagnose, treat, instruct patients, or replace clinician judgment. Control: Every clinical-adjacent work order is held behind TrustQA, Clinical Guardian, reviewer checkpoints, blocked actions, and proof packet boundaries. Workaround: Every clinical-adjacent work order is held behind TrustQA, Clinical Guardian, reviewer checkpoints, blocked actions, and proof packet boundaries. Remaining gate: Licensed clinician validation and regulatory intended-use review before clinical decision-support claims.
- Clinical correctness and safety scores are not externally validated. (agent-workspace, external-approval-required): Validation fields cannot be marketed as clinical-performance claims. Control: Expose completeness, source attribution, evidence trail, confidence, reviewer status, and audit fields while marking clinical scoring as clinician-validation required. Workaround: Expose completeness, source attribution, evidence trail, confidence, reviewer status, and audit fields while marking clinical scoring as clinician-validation required. Remaining gate: Clinician rubric, validation study, data-quality review, and governance sign-off.
- Dedicated long-running work-order persistence requires per-environment migration verification. (agent-workspace, active-control): Work-order creation and resume must fail closed until each deployment has the dedicated RLS tables, RPCs, and grants applied. Control: Use dedicated agent workspace work-order tables, append-only work-order events, explicit authenticated grants, and RPC-only mutations with route-level AAL2 and rate-limit checks. Workaround: Use dedicated agent workspace work-order tables, append-only work-order events, explicit authenticated grants, and RPC-only mutations with route-level AAL2 and rate-limit checks. Remaining gate: Apply migration, verify RLS with an authenticated tenant, run database advisors, and approve customer-specific retention/legal-hold policy.
- Production model routing across vendors is not active. (agent-workspace, safe-workaround-active): SCRIMED should not route PHI or regulated tasks to unapproved providers. Control: Attach provider-class, fallback, PHI sensitivity, denial conditions, and human escalation to every work-order template. Workaround: Attach provider-class, fallback, PHI sensitivity, denial conditions, and human escalation to every work-order template. Remaining gate: Vendor contracts, BAA/DPA path, regional rules, telemetry, cost limits, and rollback tests.
- Live EHR, payer, imaging, and device connectors remain blocked. (agent-workspace, active-control): SCRIMED cannot mutate production records, submit payer transactions, or ingest live images/devices. Control: Use interoperability standards registry, synthetic conformance kits, fixture validation, and connector-readiness gates. Workaround: Use interoperability standards registry, synthetic conformance kits, fixture validation, and connector-readiness gates. Remaining gate: Customer connector approval, security review, consent, audit, monitoring, and partner acceptance.
- Sovereign deployment is not implemented. (agent-workspace, external-approval-required): Some hospitals, governments, and regions may require private, on-prem, or sovereign deployments before live data. Control: Define managed cloud, private cloud, hospital-controlled, government/sovereign, and edge/on-prem profiles with required controls. Workaround: Define managed cloud, private cloud, hospital-controlled, government/sovereign, and edge/on-prem profiles with required controls. Remaining gate: Customer architecture review, regional compliance mapping, private networking, and local audit design.
- Legal, HIPAA, SOC 2, regulatory, and reimbursement claims require external review. (agent-workspace, external-approval-required): SCRIMED cannot truthfully claim certification, clearance, compliance, reimbursement, or production readiness without evidence. Control: Keep claims register, Trust Center, diligence brief, prohibited-claims controls, and buyer-facing boundary language active. Workaround: Keep claims register, Trust Center, diligence brief, prohibited-claims controls, and buyer-facing boundary language active. Remaining gate: Qualified counsel, security assessor, privacy owner, regulatory reviewer, and payer/reimbursement expert review.
- Sales Demo Session QA activation (qa-evidence, human-aal2-required): No authenticated sales-demo CI evidence can be claimed until a human runs the workflow with a fresh short-lived AAL2 token. Control: All surrounding controls remain verified by public smoke and fail-closed checks; the activation plan prevents token material from becoming evidence. Workaround: All surrounding controls remain verified by public smoke and fail-closed checks; the activation plan prevents token material from becoming evidence. Remaining gate: Fresh human AAL2 run, temporary secret disposal, protected persistence, packet hash, and Buyer Diligence export.
- Authority Reference QA activation (qa-evidence, human-aal2-required): No authenticated authority-reference CI evidence can be claimed until a human runs the workflow with a fresh short-lived AAL2 token. Control: The renewal queue, fail-closed protected routes, stateless packet generation, and no-secret persistence bridge are already verified without storing credentials. Workaround: The renewal queue, fail-closed protected routes, stateless packet generation, and no-secret persistence bridge are already verified without storing credentials. Remaining gate: Fresh human AAL2 run, temporary secret disposal, protected persistence, packet hash, and Buyer Diligence export.
- First authenticated Sales Demo Session QA CI evidence is pending (qa-evidence, human-aal2-required): SCRIMED has the workflow and token policy, but cannot claim an authenticated CI mutation run until a fresh AAL2 operator token is used deliberately. Control: Manual-only GitHub workflow, short-lived JWT preflight, explicit intake targeting, Run Control mission brief, Launch Kit handoff, Human Run Packet dispatch validation, protected Manual QA Execution Console, Completion Bridge candidate validation, Claim Guard overclaim prevention, Activation Seal final check, Proof Promotion gate, Buyer Proof Release gate, fail-closed public smoke, and no long-lived secret storage. Workaround: Manual-only GitHub workflow, short-lived JWT preflight, explicit intake targeting, Run Control mission brief, Launch Kit handoff, Human Run Packet dispatch validation, protected Manual QA Execution Console, Completion Bridge candidate validation, Claim Guard overclaim prevention, Activation Seal final check, Proof Promotion gate, Buyer Proof Release gate, fail-closed public smoke, and no long-lived secret storage. Remaining gate: Use /pilot-workspace/access#manual-qa-execution-console, mint a fresh AAL2 token from the tenant-admin session, run the workflow once against a synthetic intake ID, archive only safe IDs, validate them through /qa-completion-bridge, persist the packet hash, delete or rotate the token secret, then use /qa-buyer-proof-release before buyer proof claims.
- Authority Reference QA retained AAL2 evidence is captured (qa-evidence, safe-workaround-active): SCRIMED has one protected authority-reference synthetic QA run retained as no-secret AAL2 evidence through Run Control. GitHub-hosted CI evidence remains optional until browser secret placement is available. Control: Run Control witness, short-lived JWT preflight, workspace targeting, protected authority-reference smoke, Manual QA Evidence persistence, packet SHA-256 retention, append-only audit event, Claim Guard, Activation Seal, Proof Promotion, Buyer Proof Release, fail-closed public smoke, and no long-lived secret storage. Workaround: Run Control witness, short-lived JWT preflight, workspace targeting, protected authority-reference smoke, Manual QA Evidence persistence, packet SHA-256 retention, append-only audit event, Claim Guard, Activation Seal, Proof Promotion, Buyer Proof Release, fail-closed public smoke, and no long-lived secret storage. Remaining gate: Use the retained packet hash and audit event only for bounded buyer diligence. Re-run through GitHub Actions later if a separate CI-hosted evidence trail is required.
- First protected AAL2 synthetic category evidence is retained (qa-evidence, safe-workaround-active): The required buyer-proof QA categories now have one retained no-secret AAL2 packet, packet hash, and append-only audit signal. Category notes remain bounded to synthetic QA posture and do not create clinical validation, PHI authority, or live-care approval. Control: AAL2 Run Evidence Package, Manual QA Execution Console, Human Run Packet, Completion Bridge, Activation Seal, Proof Promotion, Claim Guard, Buyer Proof Release, synthetic-only headers, fail-closed protected routes, and no-secret packet validation. Workaround: AAL2 Run Evidence Package, Manual QA Execution Console, Human Run Packet, Completion Bridge, Activation Seal, Proof Promotion, Claim Guard, Buyer Proof Release, synthetic-only headers, fail-closed protected routes, and no-secret packet validation. Remaining gate: Use the protected Buyer Proof Release output for buyer diligence, include only the workflow run ID, packet hash, audit event reference, synthetic boundary, and blocked authority language, and keep production authority gates closed.
- Managed local shell may omit npm/node from PATH (qa-evidence, safe-workaround-active): Local package scripts can fail even when the repository, CI, and Vercel build path are healthy. Control: Bundled Node absolute path verifies TypeScript, ESLint, generated integrity, Next build, and smoke scripts without changing the product. Workaround: Bundled Node absolute path verifies TypeScript, ESLint, generated integrity, Next build, and smoke scripts without changing the product. Remaining gate: Restore PATH in the local Codex shell when available; keep CI and Vercel on standard Node 22.
- Live clinical execution remains intentionally blocked (qa-evidence, external-approval-required): SCRIMED remains sellable as a governed synthetic pilot and enterprise evaluation product, not live diagnosis, treatment, payer submission, or autonomous care execution. Control: Synthetic-only evidence, human-review boundaries, protected route fail-closed behavior, claims controls, and clinical/legal/privacy/security review gates. Workaround: Synthetic-only evidence, human-review boundaries, protected route fail-closed behavior, claims controls, and clinical/legal/privacy/security review gates. Remaining gate: Complete customer-specific identity, privacy, BAA, connector, audit, clinical validation, risk, and human operating controls before any production healthcare workflow.
- No audited financial statements inside SCRIMED yet (public-market-readiness, external-approval-required): External investors cannot treat current KPI stack as audited financial reporting. Control: Use the KPI definitions, pricing tiers, sales audit evidence, and proof packets as operating-readiness material while finance and accounting review is completed. Workaround: Use the KPI definitions, pricing tiers, sales audit evidence, and proof packets as operating-readiness material while finance and accounting review is completed. Remaining gate: Finance-reviewed chart of accounts, revenue recognition policy, cost allocation, and audit-ready reporting.
- No live clinical outcomes (public-market-readiness, external-approval-required): SCRIMED cannot claim patient-outcome improvement from production deployment. Control: Report synthetic and protected-pilot operational metrics only, then graduate to customer-approved outcome studies after legal, clinical, privacy, and data rights approval. Workaround: Report synthetic and protected-pilot operational metrics only, then graduate to customer-approved outcome studies after legal, clinical, privacy, and data rights approval. Remaining gate: Customer-approved clinical governance protocol, IRB or ethics review when required, and signed data-processing path.
- No PHI-enabled cost telemetry (public-market-readiness, external-approval-required): Patient-level cost per interaction remains a pilot-equivalent definition. Control: Use synthetic interactions and buyer-approved aggregate workflow baselines until PHI authorization, BAA/DPA, consent, and production controls exist. Workaround: Use synthetic interactions and buyer-approved aggregate workflow baselines until PHI authorization, BAA/DPA, consent, and production controls exist. Remaining gate: Approved production data boundary, minimum-necessary design, audit controls, and customer authorization.
- No securities offering or valuation guarantee (public-market-readiness, external-approval-required): Investor narrative must stay as strategic positioning, not investment solicitation. Control: Keep public-market readiness language framed as internal operating discipline and diligence preparation, with counsel-reviewed materials before fundraising use. Workaround: Keep public-market readiness language framed as internal operating discipline and diligence preparation, with counsel-reviewed materials before fundraising use. Remaining gate: Qualified securities counsel, approved investor materials, and controlled data-room process.
- Secure evidence vault storage remains disabled by default (public-market-readiness, external-approval-required): Sensitive buyer diligence artifacts cannot be uploaded into SCRIMED yet. Control: Use metadata-only vault readiness and buyer-approved external secure channels until DLP, malware scanning, encryption, retention, legal hold, and access reviews are approved. Workaround: Use metadata-only vault readiness and buyer-approved external secure channels until DLP, malware scanning, encryption, retention, legal hold, and access reviews are approved. Remaining gate: Approved storage provider, security controls, legal terms, incident response, and access-review workflow.
- U.S. HIPAA, BAA, and PHI Readiness (global-certification-readiness, safe-workaround-active): U.S. HIPAA, BAA, and PHI Readiness remains evidence-build-required; blocked claims: HIPAA certified, PHI approved, BAA executed, production ePHI processing. Control: Create a HIPAA evidence-room checklist Workaround: Prepare SCRIMED for healthcare buyer diligence and future PHI/ePHI scope while keeping current public and pilot flows synthetic-only. Remaining gate: Qualified healthcare privacy counsel and customer BAA/DPA review
- U.S. FDA CDS and SaMD Classification (global-certification-readiness, external-approval-required): U.S. FDA CDS and SaMD Classification remains external-review-required; blocked claims: FDA cleared, diagnostic device, autonomous clinical decision, medical device approved. Control: Tag every module with operations-only, CDS-review, or SaMD-review posture Workaround: Prevent clinical-intelligence features from becoming unauthorized device claims while preserving a route to regulated clinical productization if deliberately chosen. Remaining gate: FDA digital-health regulatory counsel and FDA pathway where required
- SOC 2, HITRUST, ISO 27001, and ISO 42001 Sequencing (global-certification-readiness, safe-workaround-active): SOC 2, HITRUST, ISO 27001, and ISO 42001 Sequencing remains evidence-build-required; blocked claims: SOC 2 certified, HITRUST certified, ISO certified, security certified. Control: Map current TrustOS, QA, release, access, and audit artifacts to SOC 2 control families Workaround: Move from internal control readiness to independent security, privacy, and AI governance assurance without claiming certification early. Remaining gate: Independent auditor or accredited certification body
- EU AI Act, GDPR, and European Health Data Readiness (global-certification-readiness, external-approval-required): EU AI Act, GDPR, and European Health Data Readiness remains external-review-required; blocked claims: GDPR compliant, EU AI Act conformant, CE marked, EU production approved. Control: Create EU deployment profile labels for no-personal-data, personal-data, high-risk-AI-review, and medical-device-review Workaround: Prepare SCRIMED for EU deployment conversations with high-risk AI triage, personal-data governance, cross-border transfer controls, and deployer documentation. Remaining gate: EU privacy counsel, notified body or market surveillance/conformity route where applicable
- UK NHS DTAC and MHRA Software/AI Readiness (global-certification-readiness, external-approval-required): UK NHS DTAC and MHRA Software/AI Readiness remains external-review-required; blocked claims: NHS approved, DTAC passed, MHRA approved, UK medical device certified. Control: Create a UK buyer diligence pack mapped to DTAC sections Workaround: Prepare SCRIMED for UK NHS and private-provider review with DTAC evidence, clinical-safety controls, MHRA intended-purpose classification, and medical-device escalation gates. Remaining gate: NHS buyer assurance, ICO, MHRA, Approved Body, or qualified UK counsel where applicable
- Australia Essential Eight and Health Deployment Readiness (global-certification-readiness, safe-workaround-active): Australia Essential Eight and Health Deployment Readiness remains evidence-build-required; blocked claims: Australian government approved, Essential Eight certified, public-sector approved, health deployment authorized. Control: Map service reliability and release controls to Essential Eight maturity language Workaround: Prepare SCRIMED for Australian provider, public-sector, and partner diligence with cyber baseline evidence and local privacy/procurement review gates. Remaining gate: Australian buyer security review, privacy counsel, and public-sector procurement process where applicable
- Accuracy Review Agent (continuous-review-audit, active-control): Accuracy Review Agent may flag discrepancy, open review item, route to owner, recommend smoke assertion; blocked actions: silently rewrite public claims, approve clinical content, certify accuracy without reviewer. Control: Continuous queue with daily sampled review and weekly executive exception digest. Watches: product pages, API summaries, briefs, proof packets, buyer-facing claims. Workaround: Flag, route, recommend, and preserve evidence while humans retain approval authority. Remaining gate: Escalate on: clinical implication, certification claim, buyer-impacting metric, source-date drift.
- Evidence Attribution Agent (continuous-review-audit, active-control): Evidence Attribution Agent may mark missing source, queue source refresh, add owner checklist, request citation review; blocked actions: invent source support, quote large copyrighted text, claim third-party endorsement. Control: Continuous on new routes and briefs; daily source-drift digest. Watches: source URLs, reviewed dates, proof routes, blocked claims, documentation updates. Workaround: Flag, route, recommend, and preserve evidence while humans retain approval authority. Remaining gate: Escalate on: unsupported public claim, stale regulatory source, broken evidence route.
- Claims and Boundary Agent (continuous-review-audit, active-control): Claims and Boundary Agent may block unsupported claim, attach boundary, request legal/privacy review; blocked actions: approve legal claim, approve advertising substantiation, waive external review. Control: Every release, every buyer packet, and every claims-related route change. Watches: claims register, release notes, buyer packets, homepage copy, API boundary headers. Workaround: Flag, route, recommend, and preserve evidence while humans retain approval authority. Remaining gate: Escalate on: HIPAA/FDA/SOC/ISO claim, ROI guarantee, clinical authority wording, customer reference.
- Security Drift Agent (continuous-review-audit, external-approval-required): Security Drift Agent may open security drift item, recommend patch, route to security owner, request audit evidence; blocked actions: apply unmanaged production patch, rotate customer secrets autonomously, claim SOC/MDR coverage. Control: Daily dependency/config review, weekly protected fail-closed review, quarterly quantum-safe inventory. Watches: package versions, headers, protected API behavior, auth gates, cryptographic dependency inventory. Workaround: Flag, route, recommend, and preserve evidence while humans retain approval authority. Remaining gate: Escalate on: critical CVE, protected route opens publicly, secret exposure risk, obsolete cryptographic dependency.
- QA Regression Agent (continuous-review-audit, active-control): QA Regression Agent may propose test, expand smoke coverage, classify regression, route owner; blocked actions: bypass failing smoke, mark retained proof without protected packet, run authenticated happy path without AAL2. Control: Every change set; nightly regression queue design; weekly smoke scope review. Watches: smoke failures, route inventory, typecheck output, build output, known limitations. Workaround: Flag, route, recommend, and preserve evidence while humans retain approval authority. Remaining gate: Escalate on: route-count mismatch, broken buyer-critical page, missing boundary header, protected path exposure.
- Incident Learning Agent (continuous-review-audit, external-approval-required): Incident Learning Agent may summarize incident, draft prevention task, recommend reviewer, connect evidence route; blocked actions: make breach determination, notify regulator, close incident without reviewer. Control: Immediate for high/critical issues, daily for open incidents, monthly for learning review. Watches: TrustOps incidents, customer questions, legal-hold watch, post-incident reviews. Workaround: Flag, route, recommend, and preserve evidence while humans retain approval authority. Remaining gate: Escalate on: critical incident, legal-hold signal, privacy/security issue, repeated defect.
- Innovation Scout Agent (continuous-review-audit, blocked-before-approval): Innovation Scout Agent may create research brief, assign internal team, recommend prototype, flag claim guard; blocked actions: publish quantum claims, promise future product, claim clinical advantage, commit to procurement timeline. Control: Weekly horizon scan, monthly research council, quarterly promotion gate. Watches: official standards, technical shifts, competitor signals, buyer requests, internal limitations. Workaround: Flag, route, recommend, and preserve evidence while humans retain approval authority. Remaining gate: Escalate on: strategic inflection, security standard change, regulatory movement, platform opportunity.
- No autonomous production remediation (continuous-review-audit, external-approval-required): Hard stops: production change without reviewer, clinical workflow mutation, credential rotation without owner. Control: owner approval, diff, validation result, rollback note Workaround: Create review evidence and route exceptions to the accountable owner before claims or production change. Remaining gate: production change without reviewer, clinical workflow mutation, credential rotation without owner
- No-PHI review queue (continuous-review-audit, active-control): Hard stops: patient identifier, clinical record, payer member identifier, artifact URL. Control: PHI hard-stop result, safe metadata template, protected route status Workaround: Create review evidence and route exceptions to the accountable owner before claims or production change. Remaining gate: patient identifier, clinical record, payer member identifier, artifact URL
- Boundary header enforcement (continuous-review-audit, active-control): Hard stops: missing data boundary, missing PHI block, missing security certification block. Control: smoke assertion, API route, header list Workaround: Create review evidence and route exceptions to the accountable owner before claims or production change. Remaining gate: missing data boundary, missing PHI block, missing security certification block
- Evidence source aging (continuous-review-audit, active-control): Hard stops: stale legal/regulatory source, unsupported market claim, missing source owner. Control: source URL, reviewedAt, owner, refresh decision Workaround: Create review evidence and route exceptions to the accountable owner before claims or production change. Remaining gate: stale legal/regulatory source, unsupported market claim, missing source owner
- Post-incident learning (continuous-review-audit, external-approval-required): Hard stops: incident closed without review, legal hold ignored, customer-impacting issue unowned. Control: root cause, owner, prevention task, validation route Workaround: Create review evidence and route exceptions to the accountable owner before claims or production change. Remaining gate: incident closed without review, legal hold ignored, customer-impacting issue unowned
- Internal research claim guard (continuous-review-audit, blocked-before-approval): Hard stops: public quantum advantage claim, future product guarantee, clinical superiority claim. Control: research brief, visibility flag, blocked claims, promotion gate Workaround: Create review evidence and route exceptions to the accountable owner before claims or production change. Remaining gate: public quantum advantage claim, future product guarantee, clinical superiority claim
- Live PHI and patient identifiers (health-records-safety-exchange, blocked-before-approval): Privacy breach, contractual breach, regulatory exposure, and loss of buyer trust. Control: Public and synthetic routes reject PHI and live records; extraction evaluator requires syntheticOnly=true. Workaround: Use synthetic fixtures, metadata-only references, and customer sandbox placeholders. Remaining gate: Signed BAA/DPA or non-PHI determination, privacy/security review, retention policy, and customer approval.
- Production EHR, HIE, payer, imaging, and device connectors (health-records-safety-exchange, blocked-before-approval): Unsafe data exchange, silent record mutation, trading-partner breach, and patient-safety exposure. Control: Connector work remains standards-aware and synthetic until partner acceptance testing exists. Workaround: Run conformance kits, fixture validation, CapabilityStatement review, and sandbox mapping packets. Remaining gate: Customer sandbox approval, partner acceptance, security review, purpose-of-use, consent, audit, monitoring, and rollback.
- Patient safety and clinical action (health-records-safety-exchange, blocked-before-approval): Incorrect patient context, unsafe care recommendation, missed escalation, or unauthorized clinical decision support. Control: Outputs are draft-only, source-attributed, reviewer-gated, and blocked from clinical action. Workaround: Produce reviewer checklists, missing-data registers, and escalation queues instead of recommendations. Remaining gate: Licensed clinical governance, intended-use review, validation protocol, safety case, and customer go-live approval.
- Patient matching and longitudinal record assembly (health-records-safety-exchange, blocked-before-approval): Wrong-patient record merge, duplicate facts, incomplete histories, and unsafe downstream automation. Control: SCRIMED does not match live patients or merge production longitudinal records. Workaround: Use synthetic identity placeholders and route matching to customer MPI or identity-governance owners. Remaining gate: Customer MPI acceptance tests, identity policy, consent path, error reconciliation, audit, and clinical owner approval.
- Payer submission and reimbursement outcomes (health-records-safety-exchange, blocked-before-approval): Improper payer transaction, false reimbursement expectation, and regulatory or contract exposure. Control: SCRIMED creates synthetic prior-auth support packets and missing-evidence lists only. Workaround: Route payer work to human RCM review and customer payer-policy owners. Remaining gate: Payer/trading-partner approval, X12/FHIR API testing, coding review, legal review, and customer release authority.
- Offer sprawl and buyer confusion (product-service-offerings, active-control): Buyers, sales, delivery, and reviewers may discuss different scopes, causing slower deals and higher delivery risk. Control: One portfolio registry maps offers, packages, delivery windows, proof routes, and retained boundaries. Workaround: Route every buyer conversation to /offerings before pricing, pilot, diligence, or implementation scope expands. Remaining gate: Buyer-specific SOW, price, payment terms, and approval trail before commitment.
- Custom scope margin leakage (product-service-offerings, customer-specific-required): Enterprise urgency can move SCRIMED into unpaid diligence, weak payment terms, or unpriced implementation labor. Control: Margin controls require package selection, price-floor review, scope cap, diligence pricing, and services/license separation. Workaround: Offer a capped assessment, readiness sprint, synthetic pilot, or paid diligence package before custom SOW work. Remaining gate: Finance, legal, executive, and customer approval for custom scope and payment terms.
- Buyer asks for PHI, live records, connectors, EHR writeback, or payer submission (product-service-offerings, blocked-before-approval): Unsafe data exposure or unauthorized healthcare action could cross privacy, security, clinical, reimbursement, and connector boundaries. Control: Health Records Safety Assessment and Interoperability Readiness Sprint keep work no-PHI and synthetic until live-data owners approve. Workaround: Use synthetic fixtures, metadata-only system descriptions, sandbox planning, source attribution, and live-data gate mapping. Remaining gate: BAA/privacy/security approval, customer environment approval, clinical authority, connector acceptance, payer or EHR authorization as applicable.
- ROI, reimbursement, customer value, and revenue overclaim (product-service-offerings, external-approval-required): Sales, investor, or buyer language could outrun evidence and create legal, trust, reimbursement, or securities risk. Control: Claims review, buyer-approved baseline questions, finance methodology gates, and no-guarantee headers keep claims qualified. Workaround: Use measured pilot signals, directional workflow metrics, and readiness-only language until customer permission and qualified review exist. Remaining gate: Buyer-approved baseline, retained measurement evidence, customer permission, counsel review, finance review, and release decision.
- Certification, approval, and regional authority overclaim (product-service-offerings, external-approval-required): SCRIMED could appear to claim HIPAA, SOC 2, HITRUST, FDA, ONC, GDPR, EU AI Act, NHS, MHRA, Australia, or regional approval before qualified evidence exists. Control: Global Certification Readiness Pack keeps requests in evidence-building and external-review mode. Workaround: Package readiness tracks, blocked claims, evidence gaps, and external-review owners without saying approval exists. Remaining gate: Qualified external authority, applicable audit or certification process, regional counsel, security/privacy review, and buyer-specific acceptance.
- Continuous review and innovation overclaim (product-service-offerings, customer-specific-required): 24/7 review loops or internal research could be mistaken for error-free AI, managed SOC/MDR coverage, autonomous remediation, or public quantum capability. Control: Continuous Review and Innovation Retainer separates agent-assisted review, human approval, remediation scope, and internal research. Workaround: Use agents to flag, route, recommend, and preserve evidence; keep humans in charge of changes and keep quantum research internal. Remaining gate: Human approval, security review, customer permission, evidence retention, and claims review before public or production use.
- Human send approval (client-onboarding-communications, customer-specific-required): Human send approval remains human-review-required; hard stops: automatic send attempted, unsupported claim present, recipient list unknown. Control: Template selected, Recipient context checked, No-PHI scan, Claim guard reviewed Workaround: Use human-reviewed templates, calendar-safe packets, proof routes, owner handoffs, and no-PHI meeting notes before external communication or buyer commitment. Remaining gate: automatic send attempted, unsupported claim present, recipient list unknown
- No-PHI communication boundary (client-onboarding-communications, blocked-before-approval): No-PHI communication boundary remains blocked-before-approval; hard stops: PHI in message, production credentials in invite, live record attached. Control: No-PHI reminder in calendar-ready content, Sensitive artifact route separated, Owner assigned for exceptions Workaround: Use human-reviewed templates, calendar-safe packets, proof routes, owner handoffs, and no-PHI meeting notes before external communication or buyer commitment. Remaining gate: PHI in message, production credentials in invite, live record attached
- Calendar-safe field policy (client-onboarding-communications, active-control): Calendar-safe field policy remains ready; hard stops: sensitive artifacts in event body, attendees not approved, approval claim in title. Control: Meeting type, duration, approved attendees, no-PHI description, follow-up SLA Workaround: Use human-reviewed templates, calendar-safe packets, proof routes, owner handoffs, and no-PHI meeting notes before external communication or buyer commitment. Remaining gate: sensitive artifacts in event body, attendees not approved, approval claim in title
- Presentation claim guard (client-onboarding-communications, external-approval-required): Presentation claim guard remains external-review-required; hard stops: customer claim without permission, certification claim, ROI or revenue guarantee. Control: Proof route list, Blocked claims reviewed, Buyer-specific claims approved before use Workaround: Use human-reviewed templates, calendar-safe packets, proof routes, owner handoffs, and no-PHI meeting notes before external communication or buyer commitment. Remaining gate: customer claim without permission, certification claim, ROI or revenue guarantee
- CRM and source logging (client-onboarding-communications, active-control): CRM and source logging remains ready; hard stops: contact source missing, owner missing, sensitive notes copied into CRM. Control: Source captured, Stage assigned, Owner assigned, Follow-up SLA set Workaround: Use human-reviewed templates, calendar-safe packets, proof routes, owner handoffs, and no-PHI meeting notes before external communication or buyer commitment. Remaining gate: contact source missing, owner missing, sensitive notes copied into CRM
- Follow-up SLA (client-onboarding-communications, active-control): Follow-up SLA remains ready; hard stops: no owner for open item, follow-up without boundary review, unreviewed custom scope. Control: Meeting outcome, Open items, Owner map, Due date Workaround: Use human-reviewed templates, calendar-safe packets, proof routes, owner handoffs, and no-PHI meeting notes before external communication or buyer commitment. Remaining gate: no owner for open item, follow-up without boundary review, unreviewed custom scope
- Handoff before commitment (client-onboarding-communications, customer-specific-required): Handoff before commitment remains human-review-required; hard stops: commitment made before handoff, price or scope not reviewed, production gate omitted. Control: Selected package, Proof routes, Open gates, Decision owner, Next action Workaround: Use human-reviewed templates, calendar-safe packets, proof routes, owner handoffs, and no-PHI meeting notes before external communication or buyer commitment. Remaining gate: commitment made before handoff, price or scope not reviewed, production gate omitted
- Meeting notes boundary (client-onboarding-communications, active-control): Meeting notes boundary remains ready; hard stops: PHI in notes, contract conclusion in notes, security-sensitive artifact copied. Control: Notes owner, No-PHI scan, Open claims separated, Sensitive artifact references externalized Workaround: Use human-reviewed templates, calendar-safe packets, proof routes, owner handoffs, and no-PHI meeting notes before external communication or buyer commitment. Remaining gate: PHI in notes, contract conclusion in notes, security-sensitive artifact copied
- Capacity forecast and load-test plan (enterprise-scalability-operations, active-control): Capacity forecast and load-test plan remains active-control-plane; hard stops: traffic volume unknown, route owner missing, fallback behavior missing, contractual uptime implied. Control: traffic assumption, route class, load-test target, fallback behavior, owner Workaround: Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand. Remaining gate: traffic volume unknown, route owner missing, fallback behavior missing, contractual uptime implied
- Rate-limit and backpressure review (enterprise-scalability-operations, customer-specific-required): Rate-limit and backpressure review remains human-review-required; hard stops: unbounded retry, duplicate evidence risk, autonomous remediation implied. Control: rate ceiling, retry ceiling, queue threshold, operator escalation, blocked automation rule Workaround: Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand. Remaining gate: unbounded retry, duplicate evidence risk, autonomous remediation implied
- Tenant isolation and access review (enterprise-scalability-operations, customer-specific-required): Tenant isolation and access review remains human-review-required; hard stops: PHI introduced, production credential shared, customer tenancy approved informally, AAL2 bypass attempted. Control: tenant owner, role matrix, access review cadence, archive trigger, no-PHI attestation Workaround: Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand. Remaining gate: PHI introduced, production credential shared, customer tenancy approved informally, AAL2 bypass attempted
- SLO and SLA language guard (enterprise-scalability-operations, customer-specific-required): SLO and SLA language guard remains human-review-required; hard stops: SLA promised, uptime guaranteed, support response guaranteed, contract language unreviewed. Control: metric owner, measurement source, internal-only label, contract-review requirement Workaround: Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand. Remaining gate: SLA promised, uptime guaranteed, support response guaranteed, contract language unreviewed
- Incident severity and escalation matrix (enterprise-scalability-operations, customer-specific-required): Incident severity and escalation matrix remains human-review-required; hard stops: managed SOC claimed, MDR claimed, customer incident notice sent without review. Control: severity class, owner, customer communication rule, postmortem requirement, claim update need Workaround: Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand. Remaining gate: managed SOC claimed, MDR claimed, customer incident notice sent without review
- Change freeze and rollback readiness (enterprise-scalability-operations, active-control): Change freeze and rollback readiness remains active-control-plane; hard stops: release gate skipped, rollback path missing, buyer-critical route untested. Control: change window, rollback owner, smoke route, boundary header, release evidence Workaround: Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand. Remaining gate: release gate skipped, rollback path missing, buyer-critical route untested
- Usage-cost and margin thresholds (enterprise-scalability-operations, active-control): Usage-cost and margin thresholds remains active-control-plane; hard stops: unpriced custom work, unbounded support, profit margin guaranteed, accounting advice implied. Control: usage ceiling, cost owner, margin floor, support load assumption, change-order trigger Workaround: Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand. Remaining gate: unpriced custom work, unbounded support, profit margin guaranteed, accounting advice implied
- Regional hosting and residency gate (enterprise-scalability-operations, external-approval-required): Regional hosting and residency gate remains external-review-required; hard stops: data residency approved, sovereign hosting approved, regional legal approval claimed. Control: deployment profile, regional counsel owner, privacy/security review, residency question list Workaround: Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand. Remaining gate: data residency approved, sovereign hosting approved, regional legal approval claimed
- Support tier and response target approval (enterprise-scalability-operations, customer-specific-required): Support tier and response target approval remains human-review-required; hard stops: 24/7 support guaranteed, response SLA promised, managed service implied. Control: support tier, coverage assumption, escalation path, response target label, contract review gate Workaround: Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand. Remaining gate: 24/7 support guaranteed, response SLA promised, managed service implied
- Data lifecycle, retention, and archive review (enterprise-scalability-operations, external-approval-required): Data lifecycle, retention, and archive review remains external-review-required; hard stops: PHI retained, confidential artifact stored, signed agreement stored without approval, data retention approved informally. Control: retention class, archive trigger, external evidence reference, deletion owner, customer review gate Workaround: Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand. Remaining gate: PHI retained, confidential artifact stored, signed agreement stored without approval, data retention approved informally
- PHI and live patient-data boundary (limitations-workaround-operations, blocked-before-approval): PHI and live patient-data boundary remains blocked-until-approved; blocked claims: PHI processing authorized, live patient data connected, patient matching approved. Control: No-PHI intake lint, route headers, source-class labels, blocked-input copy, and protected AAL2 evidence references. Workaround: Use synthetic fixtures, metadata-only references, external evidence-room pointers, no-PHI excerpts, and Health Records Safety Exchange source mapping. Remaining gate: Executed customer authority, BAA/DPA when required, security review, clinical governance approval, connector approval, monitoring, rollback, and retained evidence.
- Live clinical care and CDS authority (limitations-workaround-operations, external-approval-required): Live clinical care and CDS authority remains external-review-required; blocked claims: live clinical care authorized, clinical decision support cleared, autonomous diagnosis or treatment permitted. Control: Clinical Authority Readiness, Clinical Care Activation gates, Claim Guard, and no-live-care headers. Workaround: Frame outputs as synthetic workflow planning, review queues, draft-only documentation, and clinical-governance preparation with explicit human review. Remaining gate: Clinical governance approval, regulatory classification, customer scope, clinician workflow controls, monitoring, override, and rollback evidence.
- Production EHR connector and writeback boundary (limitations-workaround-operations, blocked-before-approval): Production EHR connector and writeback boundary remains blocked-until-approved; blocked claims: production connector approved, EHR writeback approved, payer submission approved. Control: Interoperability standards map, Health Records Safety Exchange, connector blocked-claim list, and synthetic extraction evaluator. Workaround: Use fixture validation, synthetic conformance kits, connector contract review, external artifact references, and no-mutation evidence. Remaining gate: Customer sandbox, security review, connector contract, data boundary approval, mutation policy, audit, monitoring, and rollback evidence.
- Public API, SLA, and unlimited-scale boundary (limitations-workaround-operations, human-aal2-required): Public API, SLA, and unlimited-scale boundary remains human-review-required; blocked claims: public API SLA approved, unlimited API scale approved, contractual uptime guaranteed. Control: Platform Power API contract register, Enterprise Scalability SLO readiness, Service Reliability fault classes, and Navigation Audit route counts. Workaround: Use route summaries, boundary headers, version posture, draft quotas, rate-limit classes, support assumptions, and no-SLA language. Remaining gate: Contract terms, staffing model, support tier, incident response, monitoring, rate limits, price model, and executive approval.
- Live AI, production model-routing, and agent autonomy boundary (limitations-workaround-operations, external-approval-required): Live AI, production model-routing, and agent autonomy boundary remains external-review-required; blocked claims: live autonomous AI approved, production model routing approved, agent actions fully autonomous. Control: AgentOS, TrustOS, Platform Power, QA Claim Guard, Runtime Safety, and Continuous Review loops. Workaround: Use model-route registers, allowed/blocked data classes, eval packs, red-team loops, human approval triggers, and protected AAL2 operator lanes. Remaining gate: Approved provider, model route, data policy, eval pass criteria, monitoring, tool schema, approval UI, rollback, audit persistence, and customer authority.
- Security, privacy, SOC 2, HITRUST, and certification boundary (limitations-workaround-operations, external-approval-required): Security, privacy, SOC 2, HITRUST, and certification boundary remains external-review-required; blocked claims: security certified, SOC 2 certified, HITRUST certified. Control: Evidence-room metadata, owner matrix, certification tracks, blocked claims, renewal queue, and protected access logs. Workaround: Use Trust Center, Provider Security Reviews, Procurement Evidence Registry, Global Certification Readiness, and no-sensitive-artifact references. Remaining gate: Qualified assessment, remediation evidence, approved artifact reference, customer-specific acceptance, and release authority.
- Global legal, privacy, AI Act, GDPR, NHS, MHRA, and regional boundary (limitations-workaround-operations, external-approval-required): Global legal, privacy, AI Act, GDPR, NHS, MHRA, and regional boundary remains external-review-required; blocked claims: EU AI Act conformant, GDPR approved, government endorsed. Control: Global Certification Readiness, Global Reach, Deployment Profiles, Claim Guard, and Boundary Resolution. Workaround: Use regional buyer packs, deployment profiles, official-source evidence implications, partner authority registers, and qualified regional counsel review. Remaining gate: Qualified regional legal/privacy/security review, hosting decision, procurement authority, partner approval, and retained release evidence.
- Legal, finance, accounting, tax, revenue, and profit boundary (limitations-workaround-operations, external-approval-required): Legal, finance, accounting, tax, revenue, and profit boundary remains external-review-required; blocked claims: legal advice provided, revenue guaranteed, profit margin guaranteed. Control: Enterprise Business Ops, Growth Engine, Capital Vitality, Public Market Readiness, Deal Room, and Claim Guard. Workaround: Use fixed-scope offers, price floors, buyer-approved measurement plans, counsel review slots, finance/accounting/tax triage, and qualified release authority. Remaining gate: Qualified review, signed approval, buyer baseline, measurement plan, billing setup, payment terms, and retained release authority.
- Email, calendar, demo, meeting, and buyer communication boundary (limitations-workaround-operations, human-aal2-required): Email, calendar, demo, meeting, and buyer communication boundary remains human-review-required; blocked claims: email sent autonomously, calendar invite created autonomously, buyer commitment approved. Control: Client Onboarding and Communications stages, handoffs, templates, calendar packets, and blocked-content list. Workaround: Use human-reviewed templates, meeting packets, owner handoffs, no-PHI notes, and explicit send/invite approval fields. Remaining gate: Human approval of exact content, recipients, timing, scope, no-PHI boundary, pricing, and follow-up owner.
- Protected QA, buyer proof, and release authority boundary (limitations-workaround-operations, human-aal2-required): Protected QA, buyer proof, and release authority boundary remains human-review-required; blocked claims: protected happy path completed without AAL2, buyer release approved, bearer token retained as evidence. Control: Release Continuity, QA Launch Kit, Manual QA Execution Console, Buyer Release Control Runbook, protected evidence packets, and no-token policy. Workaround: Use AAL2 protected workspaces, no-secret operator packets, QA Completion Bridge, Activation Seal, Proof Promotion, Buyer Proof Release, and release-control runbooks. Remaining gate: Fresh human AAL2 run, no-secret packet, reviewer signoff, release decision, lockbox, recipient authority, access-log reconciliation, and claim guard approval.
- UI quality, accessibility, and seamless navigation boundary (limitations-workaround-operations, safe-workaround-active): UI quality, accessibility, and seamless navigation boundary remains workaround-active; blocked claims: accessibility certified, WCAG conformance approved, VPAT completed. Control: SiteNavigation, Navigation Audit inventory, Product Console proof stack, Platform Power UI role journey control, and smoke checks. Workaround: Use site navigation, role journeys, Navigation Audit, Product Console, Hub cards, smoke-covered routes, and manual UI review before demos. Remaining gate: Manual responsive review, keyboard path review, contrast review, copy fit, accessibility remediation evidence, and qualified external review if claims expand.
- Internal innovation, quantum, and future infrastructure boundary (limitations-workaround-operations, blocked-before-approval): Internal innovation, quantum, and future infrastructure boundary remains blocked-until-approved; blocked claims: public quantum capability available, quantum clinical advantage, future infrastructure superiority proven. Control: Continuous Review and Innovation control plane, internal research assignments, Claim Guard, Boundary Resolution, and no-public-quantum authority headers. Workaround: Keep research assigned to the internal research team with private hypotheses, no-public-claim labels, source logs, review owners, and claim-guard blocks. Remaining gate: Validated technical evidence, risk review, qualified legal/security review, buyer-safe claim language, and approved release decision.
- API contract register (platform-power-operations, active-control): API contract register remains active-control-plane; hard stops: route lacks owner, schema missing, boundary headers missing, public API SLA implied. Control: route, owner, schema, version, auth posture, boundary headers Workaround: Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand. Remaining gate: route lacks owner, schema missing, boundary headers missing, public API SLA implied
- API versioning and deprecation discipline (platform-power-operations, human-aal2-required): API versioning and deprecation discipline remains human-review-required; hard stops: breaking change unannounced, migration path missing, customer-specific approval missing. Control: version policy, change log, migration path, deprecation window, buyer communication owner Workaround: Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand. Remaining gate: breaking change unannounced, migration path missing, customer-specific approval missing
- Tenant auth and scope review (platform-power-operations, human-aal2-required): Tenant auth and scope review remains human-review-required; hard stops: PHI requested, production credential requested, AAL2 bypass attempted, tenant owner missing. Control: tenant owner, role map, AAL2 gate, token handling, revocation rule Workaround: Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand. Remaining gate: PHI requested, production credential requested, AAL2 bypass attempted, tenant owner missing
- Idempotency and retry contract (platform-power-operations, active-control): Idempotency and retry contract remains active-control-plane; hard stops: retry ceiling absent, duplicate evidence risk, dead-letter owner missing, autonomous remediation implied. Control: idempotency key, retry ceiling, duplicate detection, dead-letter owner, manual remediation path Workaround: Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand. Remaining gate: retry ceiling absent, duplicate evidence risk, dead-letter owner missing, autonomous remediation implied
- Rate limit and abuse control (platform-power-operations, human-aal2-required): Rate limit and abuse control remains human-review-required; hard stops: unlimited usage promised, abuse path missing, contractual uptime implied, support coverage implied. Control: route class, quota, burst limit, abuse signal, operator escalation path Workaround: Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand. Remaining gate: unlimited usage promised, abuse path missing, contractual uptime implied, support coverage implied
- UI role journey control (platform-power-operations, active-control): UI role journey control remains active-control-plane; hard stops: route orphaned, buyer-critical task hidden, limitation path missing. Control: primary nav link, hub view, product action, role journey, limitation link Workaround: Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand. Remaining gate: route orphaned, buyer-critical task hidden, limitation path missing
- UI quality and accessibility review (platform-power-operations, human-aal2-required): UI quality and accessibility review remains human-review-required; hard stops: text overlap, mobile route unusable, accessibility certification claimed, unreviewed external demo. Control: responsive route, copy review, keyboard path, contrast review, manual screenshot check Workaround: Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand. Remaining gate: text overlap, mobile route unusable, accessibility certification claimed, unreviewed external demo
- AI model-route register (platform-power-operations, external-approval-required): AI model-route register remains external-review-required; hard stops: PHI routed to model, provider approval missing, production model approval implied, cost owner missing. Control: provider, model class, allowed data, blocked data, fallback, cost tag, eval pack Workaround: Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand. Remaining gate: PHI routed to model, provider approval missing, production model approval implied, cost owner missing
- Agent tool approval and escalation (platform-power-operations, human-aal2-required): Agent tool approval and escalation remains human-review-required; hard stops: tool execution without approval, clinical action requested, contract or payment action requested, production remediation requested. Control: allowed tools, blocked tools, approval trigger, escalation owner, audit output Workaround: Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand. Remaining gate: tool execution without approval, clinical action requested, contract or payment action requested, production remediation requested
- AI evaluation and red-team loop (platform-power-operations, active-control): AI evaluation and red-team loop remains active-control-plane; hard stops: error-free AI claimed, clinical validation claimed, unsafe output untriaged, public quantum claim made. Control: eval set, claims guard, red-team prompt, regression owner, promotion rule Workaround: Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand. Remaining gate: error-free AI claimed, clinical validation claimed, unsafe output untriaged, public quantum claim made
- Evidence retrieval and source attribution (platform-power-operations, active-control): Evidence retrieval and source attribution remains active-control-plane; hard stops: source missing, PHI included, clinical validation implied, EHR writeback requested. Control: source class, evidence route, freshness check, confidence boundary, reviewer need Workaround: Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand. Remaining gate: source missing, PHI included, clinical validation implied, EHR writeback requested
- Platform cost, latency, and quality observability (platform-power-operations, active-control): Platform cost, latency, and quality observability remains active-control-plane; hard stops: profit guarantee claimed, cost owner missing, SLA implied, support commitment unfunded. Control: cost owner, usage threshold, latency target, quality signal, margin floor Workaround: Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand. Remaining gate: profit guarantee claimed, cost owner missing, SLA implied, support commitment unfunded
- Enterprise legal, finance, accounting, and tax authority (enterprise-growth-operations, external-approval-required): Enterprise Business Operations is operating-readiness material only; qualified counsel, accounting, tax, finance, and executive approvers retain authority. Control: Deal desk, quote-to-contract packet, price-floor review, scope control, counsel review, accounting/revenue-recognition triage, tax awareness, and billing readiness. Workaround: Use business-contact and metadata-only deal packets with explicit approval slots instead of presenting signed authority or professional advice. Remaining gate: Qualified counsel/accountant/tax review, executive contract approval, customer sign-off, and retained billing evidence.
- Revenue, ROI, and profit-margin claims (enterprise-growth-operations, external-approval-required): Growth, Capital Vitality, Public Market Readiness, and Enterprise Business Ops are readiness lanes; they are not audited financial reports or revenue guarantees. Control: Price floors, paid diligence packaging, buyer-approved baselines, finance methodology gates, claim guard, and counsel-reviewed external-use language. Workaround: Sell fixed-scope no-PHI assessments and synthetic pilots with buyer-approved measurement plans while keeping ROI and reimbursement language qualified. Remaining gate: Buyer-approved baseline, finance methodology, qualified legal/finance review, customer permission, and retained measurement evidence.
- Investor, securities, valuation, and fundraising language (enterprise-growth-operations, external-approval-required): Capital Vitality and Public Market Readiness are operating-discipline surfaces, not audited financial statements or fundraising documents. Control: Investor milestone register, public-market claim controls, board cadence, protected release decisions, and external-review gates. Workaround: Use internal readiness summaries and route investment, valuation, securities, tax, or fundraising language to qualified advisors before sharing externally. Remaining gate: Qualified securities counsel, finance/accounting review, advisor review, recipient context, and approved release decision.
- Global partner, public-sector, and regional procurement claims (enterprise-growth-operations, external-approval-required): Global Reach and Growth Engine prepare regional conversations only; local legal, privacy, security, procurement, hosting, and partner authority remain external gates. Control: Regional packs, deployment profiles, public-sector questions, data-residency review, partner authority register, and claim guard. Workaround: Frame global work as synthetic/no-personal-data discovery and buyer localization until regional approval evidence exists. Remaining gate: Regional counsel, privacy/security review, hosting decision, procurement authority, partner signoff, and customer-specific approval.

## Next Recommended Build Step
Turn the register into a release preflight: require every buyer, investor, regional, certification, 24/7 review, innovation, API, UI, AI, model-route, agent-tool, legal/finance, workaround, and clinical claim to resolve to an approved route, explicit boundary, owner, prohibited-claim list, safe packet, and retained evidence gate before external use.