{"service":"scrimed-company-operating-assessment","route":"/company-assessment","apiRoute":"/api/company-assessment","briefRoute":"/api/company-assessment/brief","status":"company-operating-assessment-active","briefStatus":"company-operating-assessment-brief-ready-no-advice","updated":"2026-06-27","boundary":"SCRIMED Company Assessment organizes company-wide product, service, revenue, margin, legal, accounting, tax, certification, security, interoperability, AI, launch, buyer, investor, and operating-readiness signals into one internal control plane. It is strategic and operational readiness material only. It is not legal advice, accounting advice, tax advice, audited financial reporting, valuation assurance, investment advice, securities offering material, solicitation, certification, security assurance, clinical validation, medical advice, PHI processing approval, production connector approval, customer permission, public launch approval, contractual SLA, revenue guarantee, profit-margin guarantee, reimbursement assurance, or live clinical care authorization.","authority":{"dataBoundary":"synthetic-business-and-metadata-only","legalAuthority":"qualified-review-required","accountingAuthority":"qualified-accounting-review-required","taxAuthority":"qualified-tax-review-required","financialAuthority":"not-audited-financial-report","investmentAdvice":"not-investment-advice","securitiesAuthority":"not-securities-offering-material","solicitationAuthority":"not-solicitation","valuationAuthority":"not-valuation-assurance","revenueAuthority":"not-revenue-guarantee","profitAuthority":"not-profit-margin-guarantee","reimbursementAuthority":"no-reimbursement-guarantee","phiAuthority":"not-authorized-production-phi","clinicalCareAuthority":"not-authorized-live-care","connectorAuthority":"not-production-connector-approved","securityCertification":"not-security-certified","launchApprovalAuthority":"human-launch-review-required","customerPermission":"not-customer-permission","aiAuthority":"no-live-autonomous-ai-authority"},"overallScore":84,"readinessBand":"launch-and-investor-ready-with-controlled-hard-stops","dimensionCount":12,"strongDimensionCount":7,"watchDimensionCount":2,"upgradeNowDimensionCount":1,"externalReviewDimensionCount":1,"protectedGatedDimensionCount":1,"evidenceRouteCount":67,"hardStopCount":14,"teamLaneCount":5,"weaknessCount":8,"criticalWeaknessCount":2,"highWeaknessCount":3,"mediumWeaknessCount":3,"missingCapabilityClosureCount":10,"criticalMissingCapabilityClosureCount":4,"highMissingCapabilityClosureCount":4,"mediumMissingCapabilityClosureCount":2,"upgradeWorkstreamCount":10,"immediateWorkstreamCount":3,"thirtyDayWorkstreamCount":4,"sixtyDayWorkstreamCount":3,"ninetyDayWorkstreamCount":0,"auditFindingCount":8,"auditStrengthToAmplifyCount":3,"auditRevenueUnlockCount":2,"auditGapToCloseCount":2,"revenueBuilderCount":8,"competitiveEdgeAmplifierCount":8,"improvementPriorityCount":8,"p0ImprovementPriorityCount":3,"p1ImprovementPriorityCount":3,"p2ImprovementPriorityCount":2,"sourceAlignment":{"pageRouteCount":164,"apiRoutePatternCount":439,"smokeCoveredHtmlRouteCount":76,"launchTrackCount":10,"productOfferCount":10,"serviceDeliveryOfferCount":7,"revenueCapabilityCount":9,"marginControlCount":10,"platformPowerControlCount":12,"healthRecordsCapabilityCount":5,"certificationTrackCount":6,"continuousReviewAgentCount":7,"limitationTrackCount":12,"operationalEfficiencyRecordCount":155,"competitiveDefenseThreatProfileCount":10,"investorAudiencePacketCount":10},"recommendedCompanyPosture":"SCRIMED is commercially promotable for no-PHI operating-system assessments, synthetic pilots, service-delivery work orders, buyer diligence, and investor readiness, with strict retained gates for PHI, live clinical care, production connectors, regulated claims, certification, security assurance, customer-specific evidence release, audited financials, valuation, revenue, and profit-margin language.","nextCompanyMove":"Run the Company Assessment first, then route the decision to Product Console, Offerings, Service Delivery, Enterprise Business Ops, Platform Power, Health Records, Launch Readiness, Approvals, Global Certification, Continuous Review, Workarounds, or protected Buyer Proof Release based on the exact risk and buyer goal.","dimensions":[{"name":"Product and services portfolio","status":"strong","score":88,"weight":10,"owner":"Product Console, Revenue Operations, Deal Desk, and Delivery","currentStrength":"Sellable offers, packages, delivery playbooks, margin controls, proof routes, and blocked claims are packaged.","weakness":"Buyer conversations can still fragment if every opportunity is not forced into one offer, package, proof route, and retained boundary.","upgrade":"Use Offerings and Service Delivery as the only path from buyer interest into paid work.","evidenceSnapshot":"10 offers, 5 packages, 8 margin controls, 7 delivery offers, and 8 work-order templates.","evidenceRoutes":["/offerings","/api/offerings","/api/offerings/brief","/service-delivery","/api/service-delivery","/api/service-delivery/brief"],"retainedBoundary":"Packaging readiness only; no contract, PHI, certification, revenue, profit, connector, reimbursement, or clinical authority."},{"name":"Revenue, margins, and enterprise business operations","status":"strong","score":86,"weight":10,"owner":"Founder, Finance, Accounting, Tax, Deal Desk, Legal Ops, and Revenue Operations","currentStrength":"Revenue capabilities, margin controls, legal/accounting/tax roles, blocked claims, and deal-desk controls are explicit.","weakness":"Enterprise scale will strain margins unless every proposal is routed through price floor, scope, billing, revenue-recognition, and tax review.","upgrade":"Make Enterprise Business Ops the mandatory gate before pricing, proposal, investment packet, renewal, or service expansion release.","evidenceSnapshot":"9 revenue capabilities, 10 margin controls, 11 team roles, 10 profit levers, and 16 blocked business claims.","evidenceRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief","/capital-vitality","/growth-engine","/public-market-readiness"],"retainedBoundary":"Business-readiness material only; no legal, accounting, tax, audited financial, securities, valuation, revenue, or profit guarantee."},{"name":"Client onboarding, demos, pilots, and communications","status":"strong","score":84,"weight":8,"owner":"Revenue Operations, Sales Engineering, Customer Operations, TrustOps, Legal Ops, and Finance","currentStrength":"Buyer stages, templates, calendar-safe packets, presentation packets, handoffs, controls, and blocked content are mapped.","weakness":"Manual review remains necessary before email, calendar, deck, pilot, procurement, or follow-up content leaves the company.","upgrade":"Require a selected onboarding stage, human-reviewed template, no-PHI packet, owner, follow-up SLA, and claim guard for every buyer interaction.","evidenceSnapshot":"8 onboarding stages, 9 templates, 5 presentation packets, 8 controls, and 6 handoffs.","evidenceRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief","/demos","/pilot"],"retainedBoundary":"Templates and routing only; no email send, calendar creation, contract approval, procurement approval, PHI, certification, or clinical authority."},{"name":"Trust, approvals, certifications, and global readiness","status":"external-review-required","score":78,"weight":10,"owner":"Legal, Privacy, Security, Clinical Governance, AI Governance, Regional Counsel, and TrustOS","currentStrength":"Domestic and global approval tracks, certification gates, regional packs, and evidence roadmaps are visible before claims expand.","weakness":"SCRIMED is not yet certified or approved for regulated healthcare claims; external review and evidence rooms remain required.","upgrade":"Build metadata-only evidence rooms for HIPAA/BAA, SOC 2/ISO, FDA/CDS/SaMD, ONC/connectors, EU AI Act/GDPR, UK, Australia, and regional deployment packs.","evidenceSnapshot":"7 approval tracks, 5 approval agent controls, 6 certification tracks, 5 gates, 5 regional packs, and 30 required evidence items.","evidenceRoutes":["/approvals-readiness","/api/approvals-readiness","/api/approvals-readiness/brief","/global-certification-readiness","/api/global-certification-readiness","/api/global-certification-readiness/brief"],"retainedBoundary":"Preparedness only; no HIPAA, SOC 2, HITRUST, FDA, ONC, EU AI Act, GDPR, ISO, DTAC, MHRA, or regional approval claim."},{"name":"AI, API, UI, agents, and platform power","status":"upgrade-now","score":81,"weight":9,"owner":"Platform Engineering, AI Platform, Product Console, AgentOS, TrustOS, Security, Finance, and Design Systems","currentStrength":"API contracts, role-based UI command paths, AI model-route readiness, agent approvals, eval loops, evidence retrieval, and cost controls are mapped.","weakness":"The platform cannot claim public API SLA, live autonomous AI, production model routing, accessibility certification, or trillion-scale equivalence.","upgrade":"Turn Platform Power into a contract-backed operating system with model-route register, eval/red-team queue, evidence map, accessibility checklist, and cost telemetry.","evidenceSnapshot":"9 pillars, 12 controls, 7 workstreams, 7 bottlenecks, and 53 hard stops.","evidenceRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief","/agents","/evaluation","/trust-os"],"retainedBoundary":"Readiness only; no public API SLA, live autonomous AI, production model-routing approval, PHI, accessibility certification, security certification, or scale equivalence."},{"name":"Health records, interoperability, and patient safety","status":"protected-gated","score":79,"weight":9,"owner":"Interoperability, Health Records Safety, TrustOS, Privacy, Security, and Clinical Governance","currentStrength":"No-PHI extraction, source attribution, safety checks, standards binding, boundary resolutions, and live-data workarounds are explicit.","weakness":"Live data exchange, EHR writeback, patient matching, payer submission, diagnosis, treatment, and patient outreach remain blocked.","upgrade":"Create customer-specific sandbox acceptance tests and source-attributed no-PHI evaluator packets before any live connector work.","evidenceSnapshot":"5 capabilities, 5 extraction stages, 6 safety checks, 5 boundary resolutions, and 20 workarounds.","evidenceRoutes":["/health-records","/api/health-records","/api/health-records/brief","/api/health-records/extract","/interoperability","/clinical-authority-readiness"],"retainedBoundary":"No PHI, no live records, no EHR authorization, no ONC certification, no payer submission, no diagnosis, no treatment, and no live-care authorization."},{"name":"24/7 review, audit, innovation, and internal research","status":"strong","score":85,"weight":8,"owner":"TrustOS, QA, Security, Claims Governance, Release Engineering, and Internal Research Team","currentStrength":"Continuous review agents, loops, controls, innovation tracks, internal research assignments, evidence routes, and blocked claims are mapped.","weakness":"Human review remains mandatory before production remediation, public claims, security coverage language, or quantum positioning.","upgrade":"Promote continuous review into protected work queues for accuracy sampling, evidence source aging, claims guard review, security drift, regression review, and internal research gates.","evidenceSnapshot":"7 agents, 8 loops, 6 controls, 5 innovation tracks, and 4 internal research assignments.","evidenceRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief","/qa-evidence","/service-reliability"],"retainedBoundary":"Agent-assisted review only; no managed SOC/MDR, no autonomous production remediation, no public quantum claim, no certification, and no live-care authority."},{"name":"Scalability, reliability, launch, and release operations","status":"watch","score":82,"weight":9,"owner":"Release Steward, Platform, Service Reliability, TrustOps, Customer Operations, Finance, and Legal Ops","currentStrength":"Launch gates, release continuity, service controls, enterprise scale domains, support boundaries, incident/change paths, and cost controls are visible.","weakness":"Enterprise traffic, buyer workspaces, support commitments, regional deployment, and reliability language must remain gated.","upgrade":"Attach capacity assumptions, tenant owners, queue/backpressure controls, support-tier review, cost thresholds, incident/change path, and no-SLA boundary to every expansion.","evidenceSnapshot":"10 launch tracks, 6 release gates, 10 reliability controls, 9 scale domains, 10 scale controls, and 5 open scale bottlenecks.","evidenceRoutes":["/launch-readiness","/release-continuity","/service-reliability","/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"retainedBoundary":"Readiness only; no contractual SLA, uptime guarantee, managed-service commitment, production support guarantee, PHI authority, or connector approval."},{"name":"Competitive defense, security posture, and uniqueness","status":"strong","score":87,"weight":8,"owner":"Founder, Product Strategy, Legal Ops, Privacy, Security, TrustOS, and Release Steward","currentStrength":"Competitor threat profiles, strength-hardening tracks, legal/privacy/cyber controls, infiltration-deterrence layers, and external-review gates are explicit.","weakness":"Public competitor, privacy, cyber, and security language is high-risk unless source-backed and routed through qualified review.","upgrade":"Attach source, counter-position, proof route, no-copy boundary, and legal/privacy/cyber gate to every competitor or security claim.","evidenceSnapshot":"10 threat profiles, 6 hardening tracks, 8 legal/privacy/cyber controls, 6 deterrence layers, and 6 hard stops.","evidenceRoutes":["/competitive-defense","/api/competitive-defense","/api/competitive-defense/brief","/competitive-intelligence","/trust-safety-operations"],"retainedBoundary":"Strategic readiness only; no legal advice, privacy approval, security certification, penetration-test authorization, partnership, protection guarantee, PHI, or live care."},{"name":"Investor, clinic, partner, and capital readiness","status":"watch","score":83,"weight":8,"owner":"Founder, Capital Operations, Product Console, FaithCore, Legal Ops, Finance, and Claim Guard","currentStrength":"Weakness relief, competitive edge, audience packets, revenue capabilities, moat signals, investor milestones, and funding workstreams are mapped.","weakness":"Investor and clinic materials must avoid securities, solicitation, valuation, donor, tax, customer proof, reimbursement, PHI, clinical, certification, and revenue claims.","upgrade":"Route each audience through one packet, one proof route, one blocked-claim check, one qualified-review path, and one next move.","evidenceSnapshot":"10 weakness relief tracks, 8 edge signals, 10 audience packets, 8 revenue capabilities, 9 moat signals, and 8 funding workstreams.","evidenceRoutes":["/investor-audience-readiness","/api/investor-audience-readiness","/api/investor-audience-readiness/brief","/capital-vitality","/growth-engine","/pilot-deal-room"],"retainedBoundary":"Readiness material only; no securities offer, solicitation, investment advice, valuation assurance, donor advice, tax advice, audited financials, or revenue guarantee."},{"name":"Operational efficiency, limitations, boundaries, and workarounds","status":"strong","score":86,"weight":8,"owner":"Boundary Owners, Operational Efficiency, Product Console, TrustOS, Legal, Finance, Security, and Clinical Governance","currentStrength":"Cross-system gaps, inefficiencies, bottlenecks, workarounds, escalation owners, proof routes, hard stops, and boundary resolutions are centralized.","weakness":"Blocked requests can still become informal exceptions if the team does not route every issue through the workaround and boundary registers.","upgrade":"Every blocked action gets a safe packet, owner, proof route, expiration rule, escalation trigger, and graduation gate.","evidenceSnapshot":"155 efficiency records, 9 resolution sprints, 12 limitation tracks, 8 workaround packets, and 120 boundary records.","evidenceRoutes":["/operational-efficiency","/api/operational-efficiency","/api/operational-efficiency/brief","/limitations-workarounds","/boundary-resolution"],"retainedBoundary":"Operating control only; no approval, certification, PHI authority, clinical authority, release authority, or qualified-review waiver."},{"name":"Navigation, proof access, and company clarity","status":"strong","score":89,"weight":7,"owner":"Product Console, Release Steward, TrustOS, Navigation, and Buyer Diligence","currentStrength":"Public route inventory, API route patterns, smoke coverage, navigation groups, role journeys, and limitation controls are visible.","weakness":"Navigation must stay ahead of the product surface as routes multiply, or buyers and operators will struggle to find the right action.","upgrade":"Keep Company Assessment, Product Console, Hub, Navigation Audit, Launch Readiness, Workarounds, and Service Delivery in the first decision path.","evidenceSnapshot":"164 page routes, 439 API route patterns, 76 smoke-covered HTML routes, 8 navigation groups, and 14 role journeys.","evidenceRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief","/hub","/product"],"retainedBoundary":"Navigation and proof access only; route visibility does not prove protected execution, approval, certification, PHI authority, or clinical authority."}],"companyStrengths":["SCRIMED now has a coherent operating-system structure: product console, hub, navigation audit, proof routes, service delivery, launch readiness, and release continuity.","The product/service portfolio is packaged enough to sell assessments, readiness sprints, synthetic pilots, enterprise activation, operating-layer licensing, and retainers.","Service delivery has scoped work orders, acceptance criteria, artifacts, buyer handoffs, margin protections, and hard stops.","Revenue operations are stronger because deal desk, margin control, legal/accounting/tax review, billing readiness, and blocked business claims are explicit.","Investor and audience readiness turns weakness relief into usable packets for angels, corporate strategics, private investors, faith-based clinics, health systems, payers, public-sector funders, and partners.","Competitive defense is a differentiator because competitor pressure is translated into claims-safe product, legal, privacy, security, and infiltration-deterrence controls.","24/7 review and innovation loops are designed with agent-assisted review and human-gated internal research boundaries.","Health-record and interoperability work is safer because source attribution, standards mapping, no-PHI extraction, safety checks, and live-data blocks are explicit.","Global approval and certification readiness is structurally prepared, even where external evidence is still required.","Platform power has a realistic API/UI/AI upgrade path with model-route, agent-approval, eval, retrieval, and cost controls.","Limitations and workaround operations prevent blocked requests from becoming informal, unowned exceptions.","Navigation and smoke coverage make the growing company operating system easier to inspect, demo, audit, and improve."],"companyAuditFindings":[{"area":"Commercial story clarity","rating":"strength-to-amplify","strength":"SCRIMED has a broad operating system with product, service, trust, evidence, and launch surfaces already connected.","weakness":"The surface area can feel too large if buyers do not immediately see the three purchase paths: assessment, synthetic pilot, and enterprise operating layer.","improvement":"Keep public copy, demos, pricing, and onboarding anchored to one buyer pain, one recommended package, one proof route, and one retained boundary.","revenueImpact":"Shortens buyer education time, reduces custom-scope drift, and turns navigation into conversion instead of exploration.","competitiveSignal":"Competitors tend to lead with simple outcomes such as ambient documentation relief, agentic automation, payer intelligence, or incumbent platform reach.","proofRoutes":["/offerings","/pricing","/client-onboarding","/demos"],"retainedBoundary":"Commercial story clarity is not a signed quote, contract approval, procurement approval, ROI guarantee, or revenue guarantee."},{"area":"No-PHI proof engine","rating":"revenue-unlock","strength":"Synthetic demos, pilot paths, health-record safety checks, evidence routes, and no-PHI hard stops let SCRIMED show value before protected data is authorized.","weakness":"Customer-specific proof and live clinical evidence still require protected AAL2 release, customer authority, and qualified review.","improvement":"Package synthetic benchmark snapshots, redacted workflow findings, and buyer-safe proof packets for every pilot and diligence motion.","revenueImpact":"Creates a lower-friction paid entry point and makes protected enterprise pilots easier to approve later.","competitiveSignal":"Market leaders win confidence by showing measurable workflow lift while keeping health-system risk low during evaluation.","proofRoutes":["/pilot-demo-commercial-readiness","/pilot-evidence","/health-records","/qa-buyer-proof-release"],"retainedBoundary":"No-PHI proof is not PHI authority, clinical validation, live-care authorization, customer permission, or production connector approval."},{"area":"Trust, boundaries, and buyer confidence","rating":"strength-to-amplify","strength":"TrustOS, Claim Guard, Boundary Resolution, Limitations Workarounds, and the Boundary Escalation Matrix make SCRIMED inspectable.","weakness":"Boundaries can sound like limitations unless they are positioned as safer purchasing, diligence, and implementation controls.","improvement":"Make trust language buyer-facing: proof before production risk, known hard stops, accountable escalation, and human-gated release.","revenueImpact":"Turns compliance caution into procurement confidence and reduces late-stage deal friction.","competitiveSignal":"Healthcare buyers increasingly compare AI vendors on governance, evidence, security posture, and human-control pathways, not only feature lists.","proofRoutes":["/boundary-resolution","/limitations-workarounds","/trust-center","/qa-claim-guard"],"retainedBoundary":"Trust positioning is not compliance certification, legal advice, security assurance, attack-proof guarantee, or managed SOC/MDR coverage."},{"area":"Enterprise business discipline","rating":"revenue-unlock","strength":"Deal desk, price floors, margin controls, billing readiness, revenue-recognition triage, tax awareness, and blocked claims are explicit.","weakness":"Enterprise opportunities can still erode margin if custom requests bypass package boundaries or qualified review.","improvement":"Require a deal desk pass before every proposal, renewal, strategic partnership, investor packet, and faith-based clinic package.","revenueImpact":"Protects gross margin, improves contract quality, and makes SCRIMED easier to finance or diligence.","competitiveSignal":"Enterprise health-tech buyers expect vendor maturity around contracts, billing, privacy, security, support, and executive accountability.","proofRoutes":["/enterprise-business-ops","/capital-vitality","/growth-engine","/service-delivery"],"retainedBoundary":"Business discipline is not accounting advice, tax advice, legal advice, audited financial reporting, securities material, or valuation assurance."},{"area":"Interoperability and health-record readiness","rating":"gap-to-close","strength":"SCRIMED can map standards, extract synthetic records, preserve source attribution, and gate patient-safety risks before production work.","weakness":"Live EHR writeback, patient matching, payer submission, production connectors, and clinical data processing remain blocked.","improvement":"Add a buyer-ready sandbox simulator, connector readiness questionnaire, and patient-safety acceptance checklist to every integration conversation.","revenueImpact":"Creates paid interoperability readiness work before full integration authority exists.","competitiveSignal":"Incumbent EHR, RCM, and payer platforms can lean on existing integrations; SCRIMED must win by being safer, clearer, and faster to evaluate.","proofRoutes":["/health-records","/api/health-records/extract","/interoperability","/clinical-production-readiness"],"retainedBoundary":"Interoperability readiness is not production connectivity, EHR writeback approval, payer submission approval, PHI authority, or live clinical care."},{"area":"Agentic review and future infrastructure","rating":"strength-to-amplify","strength":"Continuous review, audit loops, internal innovation tracks, and research assignments create a 24/7 improvement posture.","weakness":"Autonomous production remediation, public quantum claims, and live autonomous AI authority remain intentionally blocked.","improvement":"Make the external story about governed review loops while keeping quantum and advanced autonomy inside internal research gates.","revenueImpact":"Supports premium retainers and enterprise confidence without overclaiming future technology.","competitiveSignal":"Agentic healthcare platforms are pushing automation claims, so SCRIMED should differentiate with accountable human-gated agents and auditable loops.","proofRoutes":["/continuous-review-audit","/platform-power","/operational-efficiency","/evaluation"],"retainedBoundary":"Agentic review is not live autonomous care, production remediation authority, public quantum capability, or model-routing approval."},{"area":"Investor and strategic funding readiness","rating":"gap-to-close","strength":"Audience packets, capital vitality, moat signals, KPI posture, and funding workstreams are already mapped.","weakness":"Investor-facing materials still need audited financial boundaries, customer-evidence discipline, valuation controls, and tighter KPI packaging.","improvement":"Create a diligence-ready packet map with operating metrics, proof route inventory, current safe revenue motions, and blocked-claim language.","revenueImpact":"Improves capital conversations while protecting the company from securities, valuation, or revenue overclaims.","competitiveSignal":"Capital partners compare defensibility, proof velocity, compliance maturity, and market wedge clarity before funding healthcare AI companies.","proofRoutes":["/investor-audience-readiness","/capital-vitality","/public-market-readiness","/pilot-deal-room"],"retainedBoundary":"Investor readiness is not investment advice, solicitation, securities material, valuation assurance, audited financial reporting, or revenue guarantee."},{"area":"Cybersecurity, privacy, and infiltration deterrence","rating":"risk-to-control","strength":"Competitive Defense, Trust Center, Release Continuity, and protected workspaces define legal, privacy, cyber, and infiltration controls.","weakness":"Security language remains high-risk until certification, penetration testing, vendor risk, and customer-specific reviews are externally validated.","improvement":"Maintain a security-review roadmap with protected evidence references, dependency controls, release gates, and no-certification language.","revenueImpact":"Improves enterprise diligence pass rates and lowers late-stage security review surprises.","competitiveSignal":"Large incumbents and enterprise AI vendors can sell institutional trust; SCRIMED must show discipline, proof, and transparent retained limits.","proofRoutes":["/competitive-defense","/trust-center","/service-reliability","/release-continuity"],"retainedBoundary":"Cyber readiness is not security certification, penetration-test authorization, attack-proof assurance, or customer security approval."}],"revenueBuilders":[{"name":"No-PHI workflow assessment","buyer":"Clinic, health-system department, payer operations team, or investor diligence owner","packageMotion":"Fixed-scope assessment that maps workflow pain, evidence gaps, buyer-safe value hypotheses, and retained clinical or data boundaries.","marginLever":"Template-led delivery, bounded interviews, synthetic-only artifacts, and clear change-order triggers.","conversionPath":"Assessment to synthetic pilot, protected enterprise pilot, or trust diligence package.","proofRoutes":["/offerings","/service-delivery","/client-onboarding"],"retainedBoundary":"Assessment output is not clinical advice, ROI assurance, legal advice, procurement approval, or production authorization."},{"name":"Synthetic pilot conversion engine","buyer":"Executive sponsor, innovation leader, operations owner, or faith-based clinic sponsor","packageMotion":"Time-boxed synthetic pilot with workflow scenario, source-attributed outputs, acceptance criteria, and buyer presentation packet.","marginLever":"Reusable pilot templates, acceptance gates, no-PHI fixtures, and package-based pricing boundaries.","conversionPath":"Synthetic pilot to protected proof workspace, annual operating-layer license, or managed review retainer.","proofRoutes":["/pilot-demo-commercial-readiness","/pilots","/pilot-evidence","/qa-buyer-proof-release"],"retainedBoundary":"Synthetic pilot is not customer data processing, PHI authority, clinical validation, or live-care authorization."},{"name":"Trust diligence fast pass","buyer":"Security, privacy, legal, compliance, procurement, or investor diligence team","packageMotion":"Evidence-room orientation with no-authority headers, blocked claims, review owners, protected proof paths, and risk register.","marginLever":"Repeatable due-diligence packet, standardized claims language, and clear escalation pricing for external review support.","conversionPath":"Diligence package to enterprise pilot, security review workbench, or readiness retainer.","proofRoutes":["/trust-center","/approvals-readiness","/global-certification-readiness","/boundary-resolution"],"retainedBoundary":"Diligence support is not certification, legal advice, security assurance, BAA/DPA execution, or customer approval."},{"name":"Interoperability readiness sprint","buyer":"Health-system integration owner, EHR program lead, payer data team, or clinical operations sponsor","packageMotion":"No-PHI standards map, sandbox test plan, source-attribution checklist, patient-safety acceptance criteria, and authority gap log.","marginLever":"Pre-integration readiness work that stays valuable before expensive production connector commitments.","conversionPath":"Readiness sprint to customer sandbox acceptance tests, protected connector diligence, or service-delivery work order.","proofRoutes":["/health-records","/interoperability","/clinical-production-readiness","/service-delivery"],"retainedBoundary":"Readiness sprint is not production connector approval, PHI processing, payer submission, EHR mutation, or live clinical care."},{"name":"24/7 governed review retainer","buyer":"Enterprise operations, QA, compliance, clinical governance, or AI oversight leader","packageMotion":"Recurring review loop for evidence aging, claims drift, accuracy sampling, audit findings, issue triage, and innovation backlog.","marginLever":"Recurring revenue with queue-based scope, human approval gates, and bounded reporting cadence.","conversionPath":"Retainer to enterprise operating-layer license, TrustOS expansion, or platform hardening sprint.","proofRoutes":["/continuous-review-audit","/operational-efficiency","/service-reliability"],"retainedBoundary":"Review retainer is not managed SOC/MDR coverage, autonomous remediation, clinical review replacement, or certification."},{"name":"Enterprise healthcare intelligence operating layer","buyer":"Health-system executive, payer operations leader, platform partner, or strategic corporate investor","packageMotion":"Operating-layer license around Product Console, TrustOS, Claim Guard, AgentOS review lanes, service work orders, and proof routing.","marginLever":"Higher-value annual platform packaging with professional services separated from license scope.","conversionPath":"Synthetic pilot to annual license, strategic partnership, or enterprise activation program.","proofRoutes":["/product","/platform-power","/enterprise-scalability","/enterprise-business-ops"],"retainedBoundary":"Operating-layer license is not EHR replacement, QHIN participation, production SLA, PHI authority, or live autonomous care."},{"name":"Investor and clinic readiness package","buyer":"Angel investor, private investor, corporate strategic, faith-based clinic investor, or mission-led clinic sponsor","packageMotion":"Audience-specific packet with safe company narrative, proof routes, revenue motions, weakness relief, diligence boundaries, and next-step menu.","marginLever":"Reusable packets with qualified-review gates for securities, tax, donor, valuation, and customer-proof language.","conversionPath":"Readiness package to paid assessment, pilot sponsorship, diligence room, or strategic partnership exploration.","proofRoutes":["/investor-audience-readiness","/capital-vitality","/growth-engine","/market-activation"],"retainedBoundary":"Readiness package is not securities material, solicitation, investment advice, donor advice, tax advice, valuation assurance, or revenue guarantee."},{"name":"Launch and scale readiness package","buyer":"Founder, operator, enterprise sponsor, or customer success leader preparing a controlled launch","packageMotion":"Launch readiness, navigation, reliability, support-tier, incident/change, sandbox DNS, and boundary-control review.","marginLever":"Structured checklist delivery with clear phase gates before support or SLA commitments expand.","conversionPath":"Readiness package to release support retainer, enterprise scalability work order, or protected activation plan.","proofRoutes":["/launch-readiness","/enterprise-scalability","/service-reliability","/navigation"],"retainedBoundary":"Launch readiness is not public launch approval, contractual SLA, uptime guarantee, support guarantee, PHI authority, or customer go-live approval."}],"competitiveEdgeAmplifiers":[{"name":"Proof before production risk","marketPressure":"Ambient AI, automation, payer intelligence, and incumbent platforms all promise faster operational lift.","scrimedEdge":"SCRIMED can prove workflow value through no-PHI, synthetic, source-attributed, claim-guarded evidence before production data risk exists.","makeApparentBy":"Lead buyer pages with no-PHI demos, synthetic pilots, proof routes, hard stops, and the exact next purchase path.","buyerProof":"A buyer can inspect Product Console, demos, pilots, service delivery, and Claim Guard before live data is discussed.","proofRoutes":["/product","/demos","/pilots","/qa-claim-guard"],"retainedBoundary":"Proof-before-risk messaging is not clinical validation, ROI assurance, customer authorization, or production authority."},{"name":"Healthcare intelligence operating layer","marketPressure":"Point solutions often sell one lane such as documentation, intake, RCM, utilization management, or analytics.","scrimedEdge":"SCRIMED can position as the governed operating layer across evidence, workflows, trust, service delivery, AI agents, and health-record safety.","makeApparentBy":"Use the phrase healthcare intelligence operating layer consistently across Product, Company Assessment, Investor Readiness, and Enterprise Scalability.","buyerProof":"Company Assessment and Product Console connect revenue, trust, platform, health records, delivery, launch, and limitations in one inspectable map.","proofRoutes":["/company-assessment","/product","/platform-power","/enterprise-scalability"],"retainedBoundary":"Operating-layer positioning is not EHR replacement, payer system replacement, QHIN authority, or live clinical authority."},{"name":"TrustOS plus Claim Guard plus Boundary Matrix","marketPressure":"Enterprise healthcare buyers penalize AI vendors that cannot explain what is blocked, reviewed, or externally approved.","scrimedEdge":"SCRIMED turns safety, claims control, and boundary escalation into a visible product capability.","makeApparentBy":"Put trust proof near every commercial CTA so the boundary reads as a buying advantage.","buyerProof":"Limitations Workarounds, Boundary Resolution, Claim Guard, and Trust Center all describe owners, proof routes, and retained authority.","proofRoutes":["/limitations-workarounds","/boundary-resolution","/trust-center","/qa-claim-guard"],"retainedBoundary":"TrustOS positioning is not legal advice, compliance certification, security certification, or attack-proof guarantee."},{"name":"No-PHI evaluation path","marketPressure":"Health systems move slowly when vendor evaluation depends on PHI, production access, or complex contracting first.","scrimedEdge":"SCRIMED can sell valuable no-PHI assessments and synthetic pilots while preserving the approval path for later protected work.","makeApparentBy":"Make the no-PHI entry point obvious on homepage, demos, pilots, onboarding, and pricing surfaces.","buyerProof":"Pilot Demo Commercial Readiness and Health Records Safety Exchange show what can be done now without protected data.","proofRoutes":["/pilot-demo-commercial-readiness","/health-records","/client-onboarding","/pricing"],"retainedBoundary":"No-PHI evaluation path does not authorize PHI, production connectors, live records, patient matching, or care decisions."},{"name":"Interoperability-aware without overclaiming integration","marketPressure":"Large EHR, RCM, and payer platforms can claim installed-base advantage and deeper production integrations.","scrimedEdge":"SCRIMED can win the pre-integration decision by being standards-aware, safety-gated, and clear about what is not yet approved.","makeApparentBy":"Package standards mapping, sandbox fixtures, patient-safety lint, and connector authority gaps as paid readiness work.","buyerProof":"Health Records and Interoperability surfaces show standards, extraction boundaries, safety checks, and live-data hard stops.","proofRoutes":["/health-records","/api/health-records/extract","/interoperability","/clinical-production-readiness"],"retainedBoundary":"Interoperability-aware messaging is not production integration, EHR writeback, payer submission, PHI authority, or certification."},{"name":"Human-gated agents and continuous audit","marketPressure":"Agentic workflow vendors are pushing automation breadth and speed.","scrimedEdge":"SCRIMED can claim a safer agent posture: continuous review, audit loops, and human approval before external claims or production impact.","makeApparentBy":"Show the agent loop as review, evidence aging, claims drift, incident learning, and innovation triage, not uncontrolled automation.","buyerProof":"Continuous Review and Audit documents agent roles, loops, innovation tracks, controls, and no-authority language.","proofRoutes":["/continuous-review-audit","/agents","/evaluation","/operational-efficiency"],"retainedBoundary":"Human-gated agents are not autonomous clinical care, autonomous remediation, legal review replacement, or security monitoring guarantee."},{"name":"Buyer-ready product plus services packaging","marketPressure":"Mature competitors reduce buying friction with clear product packages, implementation paths, and procurement-ready language.","scrimedEdge":"SCRIMED has both product surfaces and scoped services, allowing buyers to start small and expand without a vague custom project.","makeApparentBy":"Tie every CTA to a specific offer, price posture, work order, demo, pilot, or diligence packet.","buyerProof":"Offerings, Pricing, Service Delivery, Client Onboarding, and Product Console share the same routes and boundaries.","proofRoutes":["/offerings","/pricing","/service-delivery","/client-onboarding"],"retainedBoundary":"Packaging is not a signed quote, contract, procurement approval, revenue guarantee, or profit-margin guarantee."},{"name":"Mission-aware clinic and enterprise path","marketPressure":"Most healthcare AI positioning is either enterprise-only or point-solution-only, leaving community and faith-based clinic sponsors underserved.","scrimedEdge":"SCRIMED can speak to enterprise buyers, investors, and mission-led clinics with the same trust, no-PHI, workflow, and diligence discipline.","makeApparentBy":"Create audience-specific paths that preserve donor, tax, clinical, privacy, and securities boundaries while showing practical clinic value.","buyerProof":"Investor Audience Readiness and Client Onboarding can route angels, private investors, faith-based clinics, and health systems into safe packets.","proofRoutes":["/investor-audience-readiness","/client-onboarding","/faithcore","/growth-engine"],"retainedBoundary":"Mission-aware positioning is not religious endorsement, donor advice, tax advice, clinical authority, securities material, or reimbursement assurance."}],"improvementPriorities":[{"name":"Compress the buyer front door","priority":"P0","gap":"The product surface is powerful, but first-time buyers need a shorter path from pain to package to next action.","unblockMove":"Make assessment, synthetic pilot, and enterprise operating-layer license the dominant three-path CTA across public pages.","owner":"Product Console, Growth, Revenue Operations, and Client Onboarding","proofRoutes":["/","/offerings","/pricing","/client-onboarding"],"successSignal":"A buyer can choose the right path in under one page without reading the whole operating map.","retainedBoundary":"CTA clarity is not contract approval, signed quote, procurement approval, or revenue assurance."},{"name":"Create a revenue proof ladder","priority":"P0","gap":"Revenue motions exist, but buyer and investor proof needs a cleaner ladder from current safe use to protected enterprise expansion.","unblockMove":"Link each revenue builder to accepted proof artifacts, package scope, price-floor control, and blocked claims.","owner":"Revenue Operations, Finance, Deal Desk, Product, and Claim Guard","proofRoutes":["/growth-engine","/capital-vitality","/enterprise-business-ops"],"successSignal":"Every commercial conversation names one revenue builder, one proof artifact, and one retained financial boundary.","retainedBoundary":"Revenue proof ladder is not ROI assurance, audited financial reporting, securities material, valuation assurance, or revenue guarantee."},{"name":"Promote trust as a buying advantage","priority":"P0","gap":"SCRIMED has strong boundaries, but the market-facing story must make those controls persuasive rather than defensive.","unblockMove":"Place proof-before-risk, Claim Guard, Boundary Matrix, and human-gated release language near commercial CTAs.","owner":"TrustOS, Product Marketing, Legal Ops, Security, and Buyer Diligence","proofRoutes":["/trust-center","/boundary-resolution","/limitations-workarounds","/qa-claim-guard"],"successSignal":"Trust language directly supports demo booking, pilot conversion, procurement diligence, and investor confidence.","retainedBoundary":"Trust messaging is not certification, legal advice, security assurance, or attack-proof guarantee."},{"name":"Package interoperability readiness","priority":"P1","gap":"Health-record safety is strong, but buyers need a concrete paid path before live connectors are authorized.","unblockMove":"Create a standards map, no-PHI fixture, connector questionnaire, and patient-safety acceptance template for every integration inquiry.","owner":"Interoperability, Health Records Safety, Clinical Governance, Privacy, and Security","proofRoutes":["/health-records","/interoperability","/clinical-production-readiness"],"successSignal":"Integration conversations convert into readiness sprints without implying production connector authority.","retainedBoundary":"Interoperability readiness is not PHI authority, EHR writeback approval, payer submission approval, or live-care authority."},{"name":"Formalize the enterprise deal desk","priority":"P1","gap":"Enterprise business controls exist, but they should become mandatory before external proposals, pricing exceptions, or strategic partnerships.","unblockMove":"Add a deal-desk checklist with package, scope, price floor, margin, billing, contract, tax, accounting, and blocked-claim decisions.","owner":"Finance, Accounting, Tax, Legal Ops, Revenue Operations, and Deal Desk","proofRoutes":["/enterprise-business-ops","/service-delivery","/pilot-deal-room"],"successSignal":"No enterprise proposal leaves without margin, billing, legal, tax, accounting, and claims review.","retainedBoundary":"Deal desk readiness is not legal advice, accounting advice, tax advice, contract approval, or profit guarantee."},{"name":"Strengthen protected proof evidence","priority":"P1","gap":"The public path is strong, but protected buyer proof still depends on human AAL2 execution and release decisions.","unblockMove":"Keep protected proof as a controlled release chain with reviewer signoff, recipient control, access logs, and current-state language.","owner":"TrustOS, Release Steward, Buyer Diligence, Customer Operations, and Legal Ops","proofRoutes":["/qa-buyer-proof-release","/buyer-release-control-run","/pilot-workspace/access"],"successSignal":"Buyer-specific evidence is shareable only through a traceable, approved, claim-guarded path.","retainedBoundary":"Protected proof readiness is not customer permission, production authorization, or public evidence release approval."},{"name":"Convert continuous review into paid operations","priority":"P2","gap":"24/7 review and innovation loops are credible internally, but need a buyer-safe recurring service wrapper.","unblockMove":"Offer governed review retainers around evidence aging, claims drift, QA sampling, issue triage, and future research watchlists.","owner":"TrustOS, QA, Customer Operations, Internal Research Team, and Finance","proofRoutes":["/continuous-review-audit","/operational-efficiency","/service-reliability"],"successSignal":"Continuous review becomes a scoped recurring revenue motion without autonomous production authority.","retainedBoundary":"Review operations are not managed SOC/MDR, autonomous remediation, certification, or clinical review replacement."},{"name":"Build the capital diligence room map","priority":"P2","gap":"Capital and audience readiness are mapped, but investor diligence needs clearer current-safe metrics, proof inventory, and blocked claims.","unblockMove":"Maintain an investor packet index for company narrative, revenue builders, moat signals, current limitations, KPI posture, and qualified-review needs.","owner":"Founder, Capital Operations, Finance, Legal Ops, Product Console, and Claim Guard","proofRoutes":["/investor-audience-readiness","/capital-vitality","/public-market-readiness"],"successSignal":"Investor conversations stay focused on evidence-backed current capabilities and clearly retained external-review boundaries.","retainedBoundary":"Capital diligence map is not securities material, solicitation, investment advice, valuation assurance, or audited financial reporting."}],"weaknessReliefQueue":[{"name":"External approvals and certifications are readiness-only","severity":"critical","currentImpact":"SCRIMED can prepare evidence, but cannot claim HIPAA, SOC 2, HITRUST, FDA, ONC, EU, or global certification approval early.","reliefMove":"Move required evidence into metadata-only evidence rooms with accountable qualified-review owners and expiration cadence.","owner":"Legal, Privacy, Security, Clinical Governance, AI Governance, and Regional Counsel","proofRoutes":["/approvals-readiness","/global-certification-readiness","/boundary-resolution"],"retainedBoundary":"No certification or regulated approval claim."},{"name":"Live clinical and PHI authority remain blocked","severity":"critical","currentImpact":"Health-record safety and interoperability are strong, but live care, PHI, EHR writeback, and payer submission require customer and qualified approvals.","reliefMove":"Use no-PHI synthetic extraction, customer sandbox acceptance tests, source-attribution checks, and protected clinical authority evidence rooms.","owner":"Clinical Governance, Privacy, Security, Interoperability, and Customer Authority Owners","proofRoutes":["/health-records","/clinical-authority-readiness","/pilot-workspace/access"],"retainedBoundary":"No PHI, no live data, no live care, no connector approval."},{"name":"Revenue and margin claims need qualified business controls","severity":"high","currentImpact":"Enterprise buyers and investors will ask for ROI, savings, pricing, and margin language that can overrun current evidence.","reliefMove":"Gate every proposal through deal desk, margin model, finance/accounting/tax triage, Claim Guard, and protected proof release.","owner":"Finance, Accounting, Tax, Revenue Operations, Legal Ops, and Deal Desk","proofRoutes":["/enterprise-business-ops","/capital-vitality","/qa-claim-guard"],"retainedBoundary":"No revenue, ROI, savings, audited financial, valuation, tax, or profit-margin guarantee."},{"name":"Buyer proof release is protected and human-gated","severity":"high","currentImpact":"SCRIMED has compelling proof paths, but customer-specific evidence cannot be shared casually.","reliefMove":"Require AAL2 workspace, release decision, reviewer signoff, recipient control, access-log path, and claim guard before external sharing.","owner":"Buyer Diligence, Release Steward, TrustOS, Legal Ops, and Customer Operations","proofRoutes":["/qa-buyer-proof-release","/buyer-release-control-run","/pilot-workspace/access"],"retainedBoundary":"No customer-specific release, customer permission, or external proof claim without protected approval chain."},{"name":"Scale language must remain bounded","severity":"high","currentImpact":"Enterprise positioning can invite unsupported SLA, managed-service, support, region, or trillion-scale equivalence claims.","reliefMove":"Attach capacity assumptions, support tier, SLO readiness, incident/change path, region review, cost guardrails, and no-SLA boundaries to each expansion.","owner":"Platform, Service Reliability, Customer Operations, Finance, Legal Ops, and Tenant Governance","proofRoutes":["/enterprise-scalability","/service-reliability","/platform-power"],"retainedBoundary":"No SLA, uptime, managed-service, public API SLA, or scale-equivalence claim."},{"name":"Autonomous AI and quantum positioning are internal-only","severity":"medium","currentImpact":"Future-facing research can strengthen differentiation, but public claims create regulatory, security, and accuracy risk.","reliefMove":"Keep quantum and advanced autonomous remediation inside internal research queues with promotion gates, evaluation evidence, and qualified review.","owner":"Internal Research Team, AI Platform, TrustOS, Security, and Claims Governance","proofRoutes":["/continuous-review-audit","/platform-power","/evaluation"],"retainedBoundary":"No public quantum, autonomous-remediation, production model-routing, or live autonomous AI claim."},{"name":"Communication and onboarding still require human send approval","severity":"medium","currentImpact":"Email, calendar, demo, deck, and pilot workflows are stronger, but external communication must stay controlled.","reliefMove":"Use calendar-safe packets, no-PHI templates, follow-up owners, and presentation Claim Guard before external use.","owner":"Revenue Operations, Sales Engineering, Customer Operations, Legal Ops, and Claim Guard","proofRoutes":["/client-onboarding","/demos","/qa-claim-guard"],"retainedBoundary":"No automatic send, invite creation, contract approval, procurement approval, or sensitive artifact sharing."},{"name":"Workarounds must not become informal authority","severity":"medium","currentImpact":"Workaround packets solve bottlenecks, but repeated exceptions can undermine auditability.","reliefMove":"Assign every workaround an owner, proof route, expiration, escalation trigger, and graduation gate.","owner":"Boundary Owners, Operational Efficiency, TrustOS, Legal, Finance, Security, and Clinical Governance","proofRoutes":["/limitations-workarounds","/operational-efficiency","/boundary-resolution"],"retainedBoundary":"No workaround waives retained gates, approvals, PHI authority, certification, or qualified review."}],"missingCapabilityClosures":[{"slug":"production-tenant-sso-and-invitation-activation","capability":"Production tenant, SSO, and invitation activation","severity":"critical","whyItMatters":"Enterprise buyers will eventually require customer-specific tenant provisioning, identity controls, invitation flows, retention rules, and support ownership before serious production evaluation.","currentWorkaround":"Use protected pilot workspace access, tenant lifecycle packets, AAL2 reviewer gates, and synthetic-only buyer rooms for evaluation without creating live customer infrastructure.","permanentBuild":"Implement signed customer tenant architecture, production SSO configuration, automated invite policy, retention/deletion controls, support owner routing, and customer authority evidence packets.","owner":"Platform, Security, Customer Operations, Legal Ops, and Release Steward","proofRoutes":["/pilot-workspace/access","/enterprise-scalability","/service-delivery"],"successMetric":"Every enterprise pilot has a tenant activation packet with owner, access model, support path, retention posture, and release gate.","blockedUntil":"Customer tenant architecture, SSO policy, invite authority, retention plan, and qualified security/privacy review are complete.","retainedBoundary":"Closure planning is not customer SSO approval, production tenancy, invite automation approval, PHI authority, or customer go-live approval."},{"slug":"live-connector-authority-and-sandbox-acceptance","capability":"Live EHR, payer, HIE, imaging, device, and writeback connector authority","severity":"critical","whyItMatters":"Health systems and payers will ask how SCRIMED moves from synthetic proof into real workflows without unsafe data exchange or unapproved writeback.","currentWorkaround":"Route every integration ask through no-PHI extraction, standards mapping, connector questionnaires, synthetic fixture validation, and patient-safety acceptance criteria.","permanentBuild":"Build customer-approved sandbox acceptance kits, connector contract tests, BAA/DPA pathway references, security review evidence, writeback prohibition controls, and go-live approval artifacts.","owner":"Interoperability, Health Records Safety, Privacy, Security, Clinical Governance, and Customer Authority Owners","proofRoutes":["/health-records","/interoperability","/clinical-production-readiness"],"successMetric":"Every integration conversation resolves to a standards map, fixture set, safety checklist, authority gap, and customer approval dependency.","blockedUntil":"Customer authority, privacy/security review, connector acceptance, clinical governance, and live-data approvals are recorded.","retainedBoundary":"Connector closure is not PHI processing approval, production EHR/HIE/payer/device access, writeback approval, payer submission approval, or live-care authority."},{"slug":"clinical-validation-and-regulated-claims-dossier","capability":"Clinical validation and regulated-claims dossier","severity":"critical","whyItMatters":"SCRIMED can sell operational intelligence now, but regulated clinical claims need evidence, intended-use classification, qualified review, and customer or regulator-specific approval.","currentWorkaround":"Keep offers positioned as no-PHI workflow intelligence, governance, documentation support, and evidence organization with explicit clinical authority hard stops.","permanentBuild":"Create intended-use dossiers, evaluation protocols, clinical reviewer matrices, external evidence references, regional classification records, and post-market monitoring plans where required.","owner":"Clinical Governance, Legal Ops, Regulatory Review, Product, TrustOS, and Claims Governance","proofRoutes":["/clinical-production-readiness","/clinical-authority-readiness","/approvals-readiness"],"successMetric":"Every clinical-adjacent capability has intended use, blocked claims, reviewer owner, evidence class, and approval dependency.","blockedUntil":"Qualified clinical/regulatory/legal review and customer or regional approval evidence exist for the specific use.","retainedBoundary":"Dossier planning is not medical advice, clinical validation, FDA/ONC approval, regional approval, diagnosis, treatment, triage, or live clinical authority."},{"slug":"external-security-compliance-and-vendor-risk-evidence","capability":"External security, compliance, and vendor-risk evidence","severity":"critical","whyItMatters":"Enterprise procurement will require proof beyond internal controls: security assessment, audit references, vendor risk answers, dependency hygiene, and incident posture.","currentWorkaround":"Use Trust Center, Competitive Defense, Service Reliability, Launch Readiness, protected provider security review readiness, and no-certification language.","permanentBuild":"Commission qualified security review, define SOC 2/ISO/HITRUST readiness evidence rooms, maintain vendor-risk packets, dependency audit cadence, vulnerability response, and incident evidence retention.","owner":"Security, Privacy, TrustOS, Legal Ops, Release Steward, and Vendor Risk Review","proofRoutes":["/competitive-defense","/service-reliability","/global-certification-readiness"],"successMetric":"Each procurement packet has current controls, missing external evidence, reviewer owner, review date, and prohibited certification language.","blockedUntil":"External security/compliance evidence and qualified reviewer attestations exist for the specific buyer claim.","retainedBoundary":"Security readiness is not SOC 2, HITRUST, ISO, HIPAA, penetration-test, attack-proof, procurement, or vendor-risk approval."},{"slug":"buyer-proof-release-automation-with-human-control","capability":"Buyer proof release automation with human control","severity":"high","whyItMatters":"SCRIMED has strong proof assets, but buyer-specific proof can become risky if recipient, release decision, reviewer signoff, and claims language are not enforced.","currentWorkaround":"Use QA Buyer Proof Release, Buyer Release Control Runbook, AAL2 workspaces, release decisions, recipient controls, access-log reconciliation, and Claim Guard.","permanentBuild":"Add release-policy orchestration, recipient attestation workflows, packet versioning, expiry timers, reviewer dashboards, claim diffing, and evidence-room access-log reconciliation.","owner":"Buyer Diligence, TrustOS, Release Steward, Customer Operations, Legal Ops, and Claims Governance","proofRoutes":["/qa-buyer-proof-release","/buyer-release-control-run","/pilot-workspace/access"],"successMetric":"No buyer-specific packet can be referenced unless release chain, recipient control, claim guard, and audit evidence are complete.","blockedUntil":"AAL2 reviewer signoff, release decision, recipient control, access-log path, and approved current-state language are present.","retainedBoundary":"Release automation planning is not customer permission, public proof authority, distribution approval, legal approval, or production authorization."},{"slug":"support-sla-incident-and-managed-service-readiness","capability":"Support, SLA, incident, and managed-service readiness","severity":"high","whyItMatters":"Larger customers will ask for support coverage, uptime, incident response, escalation, and managed service commitments before expanding scope.","currentWorkaround":"Keep support language readiness-only and route requests through Service Reliability, Enterprise Scalability, Operational Efficiency, and Launch Readiness.","permanentBuild":"Define support tiers, incident severities, on-call rotation, escalation SLAs, customer communication templates, post-incident review packets, cost guardrails, and contract-reviewed commitments.","owner":"Service Reliability, Customer Operations, Platform, Legal Ops, Finance, and Release Steward","proofRoutes":["/service-reliability","/enterprise-scalability","/launch-readiness"],"successMetric":"Every enterprise support request has a tier, cost model, incident path, communication owner, and contract-review boundary.","blockedUntil":"Support tier, funding model, incident process, staffing, contract terms, and legal review are approved.","retainedBoundary":"Support readiness is not contractual SLA, uptime guarantee, managed-service commitment, 24/7 SOC/MDR, or production support guarantee."},{"slug":"evidence-vault-retention-deletion-and-artifact-governance","capability":"Evidence vault, retention, deletion, and artifact governance","severity":"high","whyItMatters":"Buyer diligence will become sensitive as proof packets, access logs, external references, release decisions, and procurement evidence grow.","currentWorkaround":"Use metadata-only references, protected packets, no raw artifact storage, no PHI, and explicit retained-source controls inside protected workspaces.","permanentBuild":"Design artifact classification, object storage policy, encryption/key ownership, deletion workflows, retention schedules, legal hold, audit export, and evidence vault access controls.","owner":"Security, Privacy, Legal Ops, Buyer Diligence, Platform, and Customer Operations","proofRoutes":["/pilot-workspace/access","/public-market-readiness","/qa-buyer-proof-release"],"successMetric":"Every evidence artifact class has retention rule, deletion rule, owner, access policy, and prohibited-content check.","blockedUntil":"Artifact governance, storage, retention, deletion, legal hold, and access controls are approved.","retainedBoundary":"Evidence vault planning is not sensitive-document storage approval, PHI storage, signed artifact storage, raw log storage, or legal-hold approval."},{"slug":"model-evaluation-red-team-and-source-quality-benchmarking","capability":"Model evaluation, red-team, and source-quality benchmarking","severity":"high","whyItMatters":"AI credibility depends on repeatable evals, source attribution quality, refusal behavior, hallucination controls, escalation quality, and cost/latency tradeoffs.","currentWorkaround":"Use synthetic AgentOS evaluation, TrustOS controls, QA evidence, continuous review loops, and source-attribution checks before claims expand.","permanentBuild":"Build versioned eval suites, adversarial prompt tests, source-quality scorecards, model-route comparison, override sampling, reviewer calibration, and cost/latency telemetry.","owner":"AI Platform, TrustOS, QA, Clinical Governance, Product, and Finance","proofRoutes":["/evaluation","/continuous-review-audit","/platform-power"],"successMetric":"Every agent or model route has evaluation version, failure taxonomy, reviewer calibration, source-quality metric, and blocked claim list.","blockedUntil":"Evaluation protocol, reviewer threshold, source-quality score, model route owner, and escalation behavior are verified.","retainedBoundary":"Eval benchmarking is not clinical validation, model-safety certification, error-free AI proof, live autonomous AI authority, or production model-routing approval."},{"slug":"crm-billing-accounting-and-revenue-operations-automation","capability":"CRM, billing, accounting, and revenue operations automation","severity":"medium","whyItMatters":"Revenue quality will degrade if attribution, proposal scope, billing triggers, collections, margin review, and revenue-recognition triage remain manual memory.","currentWorkaround":"Use Sales Operations, Attribution Analytics, Enterprise Business Ops, Deal Desk, Service Delivery work orders, and no-guarantee pricing boundaries.","permanentBuild":"Integrate CRM stage hygiene, quote-to-work-order handoff, invoice trigger tracking, collections queue, margin exception review, renewal forecasting, and accounting evidence packets.","owner":"Revenue Operations, Finance, Accounting, Tax, Deal Desk, Customer Operations, and Legal Ops","proofRoutes":["/enterprise-business-ops","/growth-engine","/service-delivery"],"successMetric":"Every opportunity has source, stage, package, price floor, billing trigger, margin status, and blocked financial claims.","blockedUntil":"CRM, billing, revenue-recognition triage, tax review, and collections ownership are operationalized.","retainedBoundary":"Revenue operations automation is not audited financial reporting, accounting advice, tax advice, contract approval, revenue guarantee, or profit guarantee."},{"slug":"investor-kpi-data-room-and-board-metrics-discipline","capability":"Investor KPI, data-room, and board metrics discipline","severity":"medium","whyItMatters":"Capital conversations need clear traction logic, current-safe metrics, proof inventory, limitations, and blocked claims without securities or valuation overreach.","currentWorkaround":"Use Investor Audience Readiness, Capital Vitality, Public Market Readiness, Company Assessment, and protected no-PHI metric packets.","permanentBuild":"Maintain investor data-room index, KPI definitions, cohort methodology, proof inventory, board scorecard cadence, finance methodology gates, and external-review log.","owner":"Founder, Capital Operations, Finance, Legal Ops, Product Console, and Claim Guard","proofRoutes":["/investor-audience-readiness","/capital-vitality","/public-market-readiness"],"successMetric":"Every investor packet includes current safe metric definitions, proof source, limitation, external-review need, and prohibited claim list.","blockedUntil":"KPI methodology, finance review, evidence provenance, legal review, and audience-specific boundaries are complete.","retainedBoundary":"Investor data-room discipline is not securities material, solicitation, investment advice, valuation assurance, audited financial reporting, or revenue assurance."}],"upgradeWorkstreams":[{"name":"Company command review","horizon":"now","owner":"Executive Operating Council","objective":"Use the company assessment as the daily source of truth before launch, buyer, investor, or service expansion decisions.","sequence":["Review overall score and watch dimensions","Pick one now-risk and one revenue unlock","Assign owner and proof route","Record blocked claims and retained boundaries"],"proofRoutes":["/company-assessment","/hub","/product","/navigation"],"successSignal":"Every major company decision references one route, one owner, one proof path, and one retained boundary.","retainedBoundary":"Operating guidance only; no launch, buyer, legal, financial, or clinical approval."},{"name":"Approval and certification evidence room","horizon":"30-days","owner":"Legal, Privacy, Security, Clinical Governance, and Regional Counsel","objective":"Prepare domestic and global approval paths with metadata-only evidence references and qualified-review owners.","sequence":["Prioritize HIPAA/BAA, SOC 2/ISO, FDA/CDS/SaMD, ONC/connectors, EU AI Act/GDPR, and regional packs","Assign reviewer owner and evidence class","Define expiration and renewal cadence","Block public claims until review is complete"],"proofRoutes":["/approvals-readiness","/global-certification-readiness","/pilot-workspace/access"],"successSignal":"Top approval tracks have evidence owner, artifact reference policy, review status, and blocked-claim language.","retainedBoundary":"Readiness only; no certification or regulatory approval."},{"name":"Enterprise deal desk and margin lock","horizon":"now","owner":"Finance, Accounting, Tax, Legal Ops, Revenue Operations, and Deal Desk","objective":"Protect profit margin and enterprise credibility before every proposal, renewal, pilot, and investor packet.","sequence":["Select package and scope","Apply price floor and margin control","Run accounting/revenue-recognition and tax triage","Review legal, billing, and blocked claims"],"proofRoutes":["/enterprise-business-ops","/offerings","/service-delivery"],"successSignal":"No proposal leaves without scope, price-floor, billing, contract, margin, and blocked-claim review.","retainedBoundary":"No accounting, tax, legal, revenue, profit, securities, or valuation assurance."},{"name":"Protected buyer proof release chain","horizon":"30-days","owner":"Buyer Diligence, TrustOS, Release Steward, Legal Ops, and Customer Operations","objective":"Make every customer-specific proof release traceable, recipient-controlled, and claim-guarded.","sequence":["Use protected workspace","Attach release decision","Capture reviewer signoff","Confirm recipient and access-log path","Run Claim Guard"],"proofRoutes":["/qa-buyer-proof-release","/buyer-release-control-run","/pilot-workspace/access"],"successSignal":"Buyer proof packets have AAL2 release trail, reviewer signoff, and current-state buyer language.","retainedBoundary":"No customer permission, external distribution, or protected proof claim without approval chain."},{"name":"Health-record sandbox and safety evaluator","horizon":"60-days","owner":"Interoperability, Health Records Safety, Privacy, Security, and Clinical Governance","objective":"Create customer-specific sandbox tests before live connector or health-system record work.","sequence":["Choose standards and record types","Create no-PHI test fixtures","Run source attribution and patient-safety lint","Route live-data gates to authority evidence room"],"proofRoutes":["/health-records","/api/health-records/extract","/interoperability","/clinical-authority-readiness"],"successSignal":"Every integration conversation has no-PHI fixtures, standards map, source-attribution test, and live-data approval list.","retainedBoundary":"No PHI, live connector, EHR writeback, payer submission, diagnosis, treatment, or care authorization."},{"name":"24/7 review work queues","horizon":"30-days","owner":"TrustOS, QA, Security, Claims Governance, and Internal Research Team","objective":"Turn continuous-review design into accountable queues for accuracy, evidence, security, claims, incidents, and future research.","sequence":["Create queue owners","Define sampling cadence","Log evidence aging and claim drift","Route production-impact changes to human approval"],"proofRoutes":["/continuous-review-audit","/qa-evidence","/service-reliability","/operational-efficiency"],"successSignal":"Accuracy sampling, source aging, claim guard, security drift, QA regression, and incident learning have owners and retained decisions.","retainedBoundary":"No managed SOC/MDR, autonomous production remediation, certification, or public quantum claim."},{"name":"API, UI, AI platform hardening","horizon":"60-days","owner":"Platform Engineering, AI Platform, Product Console, Design Systems, Security, and Finance","objective":"Upgrade SCRIMED into a more contract-backed platform with stronger model, agent, UI, eval, and cost controls.","sequence":["Formalize API contract register","Prioritize role-based UI command paths","Create model-route and agent approval registers","Attach eval, red-team, retrieval, and cost telemetry"],"proofRoutes":["/platform-power","/agents","/evaluation","/trust-os"],"successSignal":"Platform claims can point to contract, role, model, agent, eval, retrieval, and cost-control evidence.","retainedBoundary":"No public API SLA, accessibility certification, production model routing, live autonomous AI, PHI, or scale-equivalence claim."},{"name":"Enterprise scale and service reliability package","horizon":"60-days","owner":"Platform, Service Reliability, Customer Operations, Finance, Legal Ops, and Tenant Governance","objective":"Make enterprise scalability sellable without unsupported uptime, support, region, or managed-service commitments.","sequence":["Attach tenant owner and capacity assumptions","Define queues and backpressure","Add incident/change path","Set support-tier and cost guardrails","Document no-SLA boundary"],"proofRoutes":["/enterprise-scalability","/service-reliability","/release-continuity","/launch-readiness"],"successSignal":"Scale conversations include SLO readiness, support model, incident/change route, region gate, and cost threshold.","retainedBoundary":"No contractual SLA, uptime guarantee, managed-service commitment, production support guarantee, PHI, or connector approval."},{"name":"Investor and clinic packet discipline","horizon":"30-days","owner":"Founder, Capital Operations, Product Console, FaithCore, Legal Ops, Finance, and Claim Guard","objective":"Make every angel, strategic, private, faith-based clinic, payer, health-system, and partner conversation packet-driven.","sequence":["Select audience packet","Attach proof route and blocked claims","Choose next move","Route sensitive or financial language to qualified review"],"proofRoutes":["/investor-audience-readiness","/capital-vitality","/growth-engine","/pilot-deal-room"],"successSignal":"Audience-specific materials stay current, proof-backed, and free of securities, valuation, donor, tax, customer, PHI, or revenue overclaims.","retainedBoundary":"No investment advice, securities material, solicitation, valuation, donor advice, tax advice, or revenue guarantee."},{"name":"Navigation and public clarity release loop","horizon":"now","owner":"Product Console, Release Steward, Navigation, TrustOS, and Buyer Diligence","objective":"Keep SCRIMED easy to navigate as the operating surface grows.","sequence":["Add high-value route to primary navigation","Add role journey and limitation control","Add smoke coverage","Update README and project-status references"],"proofRoutes":["/navigation","/company-assessment","/hub","/product"],"successSignal":"Company-critical routes remain discoverable from home, hub, product, command navigation, and smoke coverage.","retainedBoundary":"Navigation route visibility is not proof of protected execution, approval, PHI authority, or clinical authority."}],"companyAssessmentTeamLanes":[{"team":"Executive Operating Council","mandate":"Own whole-company prioritization, launch gates, investor posture, buyer commitments, and escalation decisions.","requiredRoles":["Founder","Product Console owner","Release Steward","Revenue Operations","TrustOS lead"],"operatingCadence":"Weekly company assessment review; daily launch or buyer-deadline standup when risk is active.","approvalStops":["launch approval","customer-specific proof release","pricing exception","public claim expansion"],"proofRoutes":["/company-assessment","/product","/launch-readiness","/qa-claim-guard"]},{"team":"Legal, Privacy, And Security Review Bench","mandate":"Keep contracts, privacy, cyber, healthcare authority, data handling, competitor language, and certification claims inside qualified-review gates.","requiredRoles":["Qualified counsel","Privacy reviewer","Security reviewer","Clinical governance reviewer","Claims governance"],"operatingCadence":"Twice-weekly queue triage plus same-day review for public, buyer, investor, or protected proof releases.","approvalStops":["PHI request","BAA or DPA claim","SOC 2/HITRUST/ISO claim","FDA/ONC/clinical claim","penetration-test request"],"proofRoutes":["/approvals-readiness","/global-certification-readiness","/competitive-defense","/boundary-resolution"]},{"team":"Finance, Accounting, Tax, And Deal Desk","mandate":"Control price floors, scope creep, revenue-recognition triage, billing readiness, margin protection, investment language, and capital-readiness evidence.","requiredRoles":["Finance lead","Qualified accountant","Tax reviewer","Deal desk owner","Revenue operations"],"operatingCadence":"Every enterprise proposal, renewal, investor packet, and service expansion passes through a margin and authority check.","approvalStops":["revenue guarantee","profit-margin guarantee","valuation claim","securities language","unreviewed payment or tax term"],"proofRoutes":["/enterprise-business-ops","/capital-vitality","/growth-engine","/public-market-readiness"]},{"team":"Product, AI, Interoperability, And Delivery","mandate":"Build sellable offers, API/UI/AI power, health-record safety, service work orders, onboarding flows, evidence outputs, and protected delivery artifacts.","requiredRoles":["Product lead","AI platform lead","Interoperability lead","Delivery lead","Customer operations"],"operatingCadence":"Daily build queue; weekly offer, delivery, evidence, and technical boundary review.","approvalStops":["production model routing","live connector","EHR writeback","unscoped implementation","PHI or live data dependency"],"proofRoutes":["/offerings","/service-delivery","/platform-power","/health-records","/client-onboarding"]},{"team":"24/7 Review And Internal Research","mandate":"Operate agent-assisted review loops, accuracy sampling, evidence aging, claims guard, security drift, QA regression, incident learning, and internal future-research tracks.","requiredRoles":["TrustOS","QA","Security","Internal Research Team","Release engineering"],"operatingCadence":"Continuous agent-assisted monitoring with human review before production actions or external claims.","approvalStops":["autonomous remediation","public quantum claim","managed SOC/MDR claim","unreviewed incident learning","unsupported accuracy statement"],"proofRoutes":["/continuous-review-audit","/qa-evidence","/service-reliability","/operational-efficiency"]}],"hardStops":["No PHI, patient identifiers, source medical records, payer member IDs, production credentials, or live endpoints in public or synthetic workflows.","No public legal, privacy, regulatory, tax, accounting, securities, valuation, investment, donor, reimbursement, or certification conclusions without qualified review.","No revenue, savings, ROI, uptime, trillion-scale, error-free AI, attack-proof, profit-margin, customer outcome, reimbursement, or public market-readiness guarantee.","No live clinical care, diagnosis, treatment, triage, prescribing, patient outreach, EHR mutation, payer submission, or autonomous care routing.","No production connector, health-system integration, EHR writeback, customer SSO, automated invitation, signed document storage, or external artifact storage until the protected approval chain exists.","No customer-specific proof release without AAL2 workspace, reviewer signoff, release decision, recipient control, access-log path, and Claim Guard language.","No buyer or investor deck expands beyond the current proof route, retained boundary, and approved no-authority language.","No paid delivery begins without selected package, no-PHI intake, scope matrix, acceptance criteria, work-order template, owner, margin control, and hard stop list.","No public quantum, autonomous remediation, managed SOC/MDR, production model-routing, accessibility-certification, security-certification, or API-SLA claim.","No broad global operations claim without region-specific privacy, AI governance, cyber, procurement, residency, clinical, and qualified local review gates.","No workaround graduates into authority until evidence, owner approval, external-review need, expiration cadence, and route-level proof are present.","No enterprise proposal leaves without deal desk, counsel review, accounting/revenue-recognition triage, tax awareness, billing readiness, and contract authority.","No scale commitment expands without capacity assumptions, tenant owner, queue/backpressure model, support tier, incident/change path, cost guardrail, and no-SLA boundary.","No competitor comparison, privacy/security positioning, or infiltration-deterrence claim without source, proof route, no-copy boundary, and qualified review where needed."],"evidenceRoutes":["/company-assessment","/api/company-assessment","/api/company-assessment/brief","/offerings","/api/offerings","/api/offerings/brief","/service-delivery","/api/service-delivery","/api/service-delivery/brief","/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief","/capital-vitality","/growth-engine","/public-market-readiness","/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief","/demos","/pilot","/approvals-readiness","/api/approvals-readiness","/api/approvals-readiness/brief","/global-certification-readiness","/api/global-certification-readiness","/api/global-certification-readiness/brief","/platform-power","/api/platform-power","/api/platform-power/brief","/agents","/evaluation","/trust-os","/health-records","/api/health-records","/api/health-records/brief","/api/health-records/extract","/interoperability","/clinical-authority-readiness","/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief","/qa-evidence","/service-reliability","/launch-readiness","/release-continuity","/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief","/competitive-defense","/api/competitive-defense","/api/competitive-defense/brief","/competitive-intelligence","/trust-safety-operations","/investor-audience-readiness","/api/investor-audience-readiness","/api/investor-audience-readiness/brief","/pilot-deal-room","/operational-efficiency","/api/operational-efficiency","/api/operational-efficiency/brief","/limitations-workarounds","/boundary-resolution","/navigation","/api/navigation-audit","/api/navigation-audit/brief","/hub","/product"],"prioritySequence":["Use Company Assessment as the top-level command path before any launch, buyer, investor, service, or protected-proof decision.","Keep Product Console and Offerings as the commercial source of truth.","Send every buyer conversation through Client Onboarding, then Service Delivery or Pilot intake.","Send every enterprise proposal through Enterprise Business Ops and Claim Guard.","Send every regulated, clinical, PHI, certification, privacy, security, reimbursement, or global claim through Approvals, Global Certification, Clinical Authority, Health Records Safety, and Boundary Resolution.","Send every blocked action through Limitations Workarounds and Operational Efficiency.","Send every protected proof release through QA Buyer Proof Release, Buyer Release Control, and AAL2 workspace."],"summaries":{"approvals":{"service":"scrimed-approvals-readiness","route":"/approvals-readiness","apiRoute":"/api/approvals-readiness","briefRoute":"/api/approvals-readiness/brief","status":"approvals-readiness-operating-ladder-active","briefStatus":"approvals-readiness-brief-no-approval-claim","authorizationStatus":"public-operations-only-no-regulated-approval","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","securityCertification":"not-security-certified","regulatoryAuthority":"external-review-required","reimbursementAuthority":"no-reimbursement-guarantee","boundary":"SCRIMED Approvals Readiness organizes public operating posture, HIPAA/BAA preparation, SOC 2 and HITRUST readiness, FDA/CDS/SaMD classification, ONC and connector certification planning, state care-delivery review, and buyer-specific release evidence. It does not grant legal approval, HIPAA compliance certification, SOC 2/HITRUST certification, FDA clearance, ONC certification, reimbursement certainty, PHI processing authority, production connector approval, public customer permission, or live clinical care authority.","trackCount":7,"publicReadyCount":1,"evidenceBuildCount":3,"externalReviewCount":2,"blockedBeforeApprovalCount":1,"agentControlCount":5,"processCount":5,"sourceReferenceCount":7,"tracks":[{"key":"public-claims-boundary","name":"Public claims and intended-use boundary","status":"public-operations-ready","operatingGoal":"Keep SCRIMED publicly sellable as healthcare operations intelligence, governed synthetic pilots, evidence organization, and buyer diligence.","currentBoundary":"Public copy cannot claim diagnosis, treatment, clinical triage, PHI processing, compliance certification, reimbursement certainty, production connector approval, or live clinical care.","safeWorkaround":"Use operations-first language and route regulated claims through Claim Guard, Boundary Resolution, and qualified release authority.","requiredEvidence":["Approved Intended Use Memo","Claims register with allowed, evidence-required, and prohibited language","Qualified reviewer sign-off for customer-specific or public claims"],"nextAction":"Create the first founder-approved Intended Use Memo and use it as the source of truth for website, deck, demo, and buyer-room language.","accountableOwners":["Founder","Product","Legal reviewer","Clinical governance reviewer"],"proofRoutes":["/claims","/boundary-resolution","/qa-claim-guard","/public-market-readiness"]},{"key":"hipaa-baa-security-rule","name":"HIPAA, BAA, and Security Rule readiness","status":"evidence-build-required","operatingGoal":"Prepare SCRIMED to handle healthcare buyer diligence and future PHI/ePHI scopes without enabling PHI by default.","currentBoundary":"SCRIMED does not currently claim HIPAA compliance certification or production PHI processing authority.","safeWorkaround":"Keep public/product flows synthetic-only or metadata-only while building risk analysis, safeguards, BAA/DPA, breach, access, and vendor evidence.","requiredEvidence":["HIPAA Security Risk Analysis","Administrative, physical, and technical safeguard map","BAA/DPA templates or written non-PHI determination","Breach notification and incident response process","Subprocessor and vendor-risk register"],"nextAction":"Stand up a HIPAA readiness evidence room with policy owners, risk register, access review cadence, incident runbook, and BAA/DPA templates.","accountableOwners":["Privacy","Security","Legal","Operations"],"proofRoutes":["/trust-center","/trust-safety-operations","/pilot-workspace/access","/clinical-authority-readiness"]},{"key":"soc2-hitrust-security-assurance","name":"SOC 2, HITRUST, and security assurance","status":"evidence-build-required","operatingGoal":"Create a buyer-trust path from readiness controls to independent assurance evidence.","currentBoundary":"SCRIMED has security and procurement readiness surfaces, but it is not SOC 2 certified, HITRUST certified, ISO certified, FedRAMP authorized, or penetration-test approved unless issued evidence exists.","safeWorkaround":"Use a readiness packet, control inventory, audit logs, vendor-risk responses, and no-sensitive-artifact references before formal attestation.","requiredEvidence":["SOC 2 readiness assessment and control owner map","Security, availability, confidentiality, privacy, and change-management control evidence","Penetration-test scope and remediation evidence when required","HITRUST target-level decision after SOC 2 readiness","Customer vendor-risk acceptance record"],"nextAction":"Run SOC 2 readiness first, collect 60 to 90 days of control evidence, then choose SOC 2 Type I/Type II timing and HITRUST i1/r2 only when buyer demand justifies it.","accountableOwners":["Security","Operations","Engineering","External auditor"],"proofRoutes":["/trust-safety-operations","/public-market-readiness","/pilot-workspace/access"]},{"key":"fda-cds-samd-classification","name":"FDA CDS/SaMD classification","status":"external-review-required","operatingGoal":"Keep clinical-regulatory exposure controlled while deciding whether any SCRIMED function should intentionally pursue regulated clinical authority.","currentBoundary":"SCRIMED must not make patient-specific diagnosis, treatment, triage, or autonomous clinical action claims before intended-use and FDA classification review.","safeWorkaround":"Frame current product as operations intelligence and synthetic evaluation; keep clinical outputs draft-only, transparent, and human-reviewed.","requiredEvidence":["Intended Use Memo","Clinical decision support criteria analysis","SaMD risk classification memo","Human factors, transparency, validation, and hazard analysis plan","FDA Q-Submission or regulatory counsel recommendation if regulated"],"nextAction":"Hire a digital-health regulatory advisor to classify SCRIMED modules before clinical claims, patient-specific pilots, or medical-device language are used.","accountableOwners":["Product","Regulatory advisor","Clinical governance","Legal"],"proofRoutes":["/clinical-authority-readiness","/clinical-care-activation","/trust-os","/workflows"]},{"key":"onc-interoperability-connectors","name":"ONC, interoperability, and connector approval","status":"external-review-required","operatingGoal":"Prepare connector, EHR, FHIR, HL7, DICOM, X12, and health IT claims without implying certification or live exchange authority.","currentBoundary":"Synthetic conformance kits do not equal ONC certification, EHR marketplace approval, payer connection approval, or production data exchange authority.","safeWorkaround":"Use synthetic fixtures, connector contracts, conformance evidence, and partner/customer acceptance gates before live integration.","requiredEvidence":["Target connector scope and purpose-of-use map","FHIR/HL7/DICOM/X12 conformance evidence","Customer sandbox test plan","EHR, payer, marketplace, or certification-body acceptance where required","Monitoring, reconciliation, least-privilege, and rollback plan"],"nextAction":"Pick one connector path and build a certification/marketplace decision memo before claiming certified health IT or production integration.","accountableOwners":["Interoperability","Security","Customer integration","Platform partner"],"proofRoutes":["/interoperability","/interoperability/evaluations","/integrations","/deployment-profiles"]},{"key":"state-care-delivery-and-telehealth","name":"State care-delivery and telehealth review","status":"blocked-before-approval","operatingGoal":"Prevent product, agent, or workflow expansion from accidentally becoming unauthorized care delivery.","currentBoundary":"SCRIMED does not provide care, prescribe, contact patients, route emergencies, employ clinical judgment, or operate as a telehealth provider.","safeWorkaround":"Keep workflows as enterprise operations planning and clinician-reviewed support until care-delivery counsel, licensed governance, and customer approval exist.","requiredEvidence":["State-by-state clinical practice and telehealth review if care delivery is introduced","Corporate practice of medicine analysis where relevant","Licensed clinician role model and malpractice coverage review","Patient consent, emergency escalation, and adverse-event policies","Customer clinical operating procedure and shutdown authority"],"nextAction":"Keep this track blocked and only reopen it after the Intended Use Memo deliberately includes care-delivery scope.","accountableOwners":["Healthcare counsel","Clinical governance","Operations","Customer sponsor"],"proofRoutes":["/clinical-care-activation","/clinical-authority-readiness","/operations"]},{"key":"buyer-specific-release-chain","name":"Buyer-specific release chain","status":"evidence-build-required","operatingGoal":"Convert protected proof into shareable buyer evidence only after external approvals, release decisions, reviewers, recipient controls, and audit logs are retained.","currentBoundary":"Buyer diligence can use protected no-PHI evidence, but buyer-specific external sharing is blocked until release-control gates are satisfied.","safeWorkaround":"Use the protected Buyer Release Control Runbook, verifier, remediation plan, metadata drafts, and checklist without bypassing AAL2 or human review.","requiredEvidence":["Retained Buyer Diligence Export audit","External approval evidence references","Versioned release decision","Named reviewer sign-offs","Recipient attestations and access-log reconciliation"],"nextAction":"Complete the buyer release-control chain before any customer-specific public proof, case study, distribution, or external room sharing.","accountableOwners":["Founder","Sales","Legal reviewer","Security reviewer"],"proofRoutes":["/buyer-release-control-run","/pilot-workspace/access","/qa-buyer-proof-release"]}],"agentControls":[{"agent":"Claim Guard Agent","mission":"Prevents sales, investor, PR, website, and operator language from crossing into unsupported regulated claims.","allowedNow":["Classify claims","Route review triggers","Suggest operations-first wording"],"blockedActions":["Approve public claims","Claim certification","Claim live clinical authority"],"evidenceOutput":"Allowed/evidence-required/prohibited claim decision with retained gate.","humanCheckpoint":"Founder or qualified reviewer approval before public release."},{"agent":"Approval Evidence Router","mission":"Maps every future approval artifact to the right external system of record and stores only safe metadata references.","allowedNow":["Create evidence checklists","Track owner labels","Track expiration and renewal posture"],"blockedActions":["Store PHI","Store signed sensitive artifacts","Treat metadata references as approval"],"evidenceOutput":"No-PHI evidence route, owner, status, expiration, and renewal action.","humanCheckpoint":"Legal/security/privacy review before artifact retention or external sharing."},{"agent":"Regulatory Classification Agent","mission":"Keeps intended-use and FDA/CDS/SaMD classification questions visible before clinical language enters product or sales motion.","allowedNow":["Prepare classification questions","Compare intended-use boundaries","Identify review triggers"],"blockedActions":["Provide legal/regulatory opinion","Submit to FDA","Approve clinical claims"],"evidenceOutput":"Classification memo draft inputs and trigger list for qualified advisor review.","humanCheckpoint":"Digital-health regulatory advisor sign-off."},{"agent":"Security Assurance Agent","mission":"Organizes SOC 2/HITRUST readiness evidence and routes gaps to owners.","allowedNow":["Map controls","Track evidence freshness","Flag missing audit artifacts"],"blockedActions":["Claim certification","Issue audit opinion","Accept customer vendor risk"],"evidenceOutput":"Control owner map, missing evidence, and readiness sequence.","humanCheckpoint":"External auditor or customer vendor-risk acceptance."},{"agent":"Buyer Release Steward","mission":"Sequences buyer-specific release gates without bypassing AAL2, qualified review, recipient control, or audit logging.","allowedNow":["Read verifier status","Generate remediation plans","Prepare safe metadata drafts"],"blockedActions":["Approve release","Share externally","Store recipient lists or raw logs"],"evidenceOutput":"Gate status, blocked items, next action, and packet route.","humanCheckpoint":"Named reviewer and release authority sign-off."}],"processes":[{"phase":"1. Public operations launch","objective":"Operate publicly with operations-first language and synthetic evidence.","entryCriteria":["Claims register active","No PHI","No clinical authority claims","Public smoke passes"],"exitCriteria":["Approved Intended Use Memo","Release-control owner assigned"],"hardStop":"Any diagnosis, treatment, triage, HIPAA certified, FDA cleared, SOC 2 certified, or PHI-ready claim without evidence."},{"phase":"2. Healthcare trust foundation","objective":"Prepare HIPAA, BAA, security, privacy, incident, and vendor-risk evidence.","entryCriteria":["Security owner assigned","Data boundary documented","Subprocessor register started"],"exitCriteria":["Risk analysis complete","BAA/DPA templates ready","Incident and breach runbooks approved"],"hardStop":"No production PHI/ePHI or customer credentials before signed authorization."},{"phase":"3. Independent assurance","objective":"Move from internal controls to SOC 2/HITRUST-ready external evidence.","entryCriteria":["Control inventory","Audit log evidence","Change management","Access reviews"],"exitCriteria":["SOC 2 readiness complete","Audit scope selected","Evidence window retained"],"hardStop":"No certification claim before issued report and scoped customer acceptance."},{"phase":"4. Clinical/regulatory classification","objective":"Decide whether any module intentionally enters FDA/CDS/SaMD or care-delivery review.","entryCriteria":["Narrow intended use","Human-review model","Output transparency","Hazard analysis draft"],"exitCriteria":["Qualified regulatory classification memo","Submission/no-submission decision","Claim language approved"],"hardStop":"No patient-specific clinical recommendation or medical-device claim before review."},{"phase":"5. Buyer-specific controlled release","objective":"Release buyer proof only through retained reviewer, recipient, access, and audit gates.","entryCriteria":["Retained packet evidence","External approval references","Named reviewers","Recipient controls"],"exitCriteria":["Versioned release decision","Access-log reconciliation","Buyer-safe packet retained"],"hardStop":"No external sharing, public case study, customer permission claim, or production connector claim before release authority."}],"sourceReferences":[{"name":"FDA Clinical Decision Support Software Guidance","sourceType":"official-government","url":"https://www.fda.gov/regulatory-information/search-fda-guidance-documents/clinical-decision-support-software","sourceCheckedAt":"2026-06-23","readinessImplication":"Intended use, transparency, user role, and independent clinical review determine whether CDS stays outside device regulation or needs medical-device review."},{"name":"FDA How to Study and Market Your Device","sourceType":"official-government","url":"https://www.fda.gov/medical-devices/device-advice-comprehensive-regulatory-assistance/how-study-and-market-your-device","sourceCheckedAt":"2026-06-23","readinessImplication":"If a SCRIMED function becomes a device, classification and the correct premarket pathway come before marketing regulated claims."},{"name":"HHS Covered Entities and Business Associates","sourceType":"official-government","url":"https://www.hhs.gov/hipaa/for-professionals/covered-entities/index.html","sourceCheckedAt":"2026-06-23","readinessImplication":"Healthcare customers may require SCRIMED to operate as a business associate with written contract terms and direct HIPAA obligations."},{"name":"HHS HIPAA Security Rule Summary","sourceType":"official-government","url":"https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html","sourceCheckedAt":"2026-06-23","readinessImplication":"Administrative, physical, and technical safeguards plus risk analysis are the trust foundation before ePHI processing."},{"name":"ONC Health IT Certification Program","sourceType":"official-government","url":"https://healthit.gov/certification-health-it/about-onc-health-it-certification-program/","sourceCheckedAt":"2026-06-23","readinessImplication":"Certified health IT and interoperability claims require certification criteria, test methods, and applicable acceptance evidence."},{"name":"AICPA SOC Suite of Services","sourceType":"assurance-standard","url":"https://www.aicpa-cima.com/resources/landing/system-and-organization-controls-soc-suite-of-services","sourceCheckedAt":"2026-06-23","readinessImplication":"SOC reports provide independent assurance over system-level controls; SCRIMED should complete readiness before audit."},{"name":"SCRIMED protected release and boundary systems","sourceType":"internal-control","sourceCheckedAt":"2026-06-23","readinessImplication":"Current controls support public operations, synthetic evaluation, no-PHI evidence, protected release gates, and future approvals preparation, not final approval."}],"nextOperatorActions":["Use operations-first language as the default public launch posture.","Create a founder-approved Intended Use Memo before expanding claims.","Build HIPAA/BAA and SOC 2 readiness evidence before accepting PHI or certification requests.","Route FDA/CDS/SaMD questions to qualified regulatory review before clinical claims.","Keep buyer-specific release evidence gated behind protected AAL2 workflows and named human review."],"updated":"2026-06-23"},"boundaryResolution":{"service":"scrimed-boundary-resolution-register","route":"/boundary-resolution","apiRoute":"/api/boundary-resolution","briefRoute":"/api/boundary-resolution/brief","status":"boundary-resolution-register-active","proofStackStatus":"cross-system-boundary-resolution-register-no-authority-claim","briefProofStackStatus":"boundary-resolution-brief-no-approval-claim","boundary":"SCRIMED Boundary Resolution Register organizes known product, service-packaging, client-onboarding, communications, calendar, demo, presentation, scalability, SLO/SLA, managed-service, support, incident, regional hosting, API, UI, AI model-routing, agent execution, evidence retrieval, accessibility, limitation-workaround, clinical, PHI, health-records, legal, regional, reimbursement, security, QA, public-market, global certification, continuous review, innovation, enterprise legal/finance, revenue, and production-readiness boundaries into owned controls, safe workarounds, proof routes, and remaining gates. It does not authorize live clinical care, PHI processing, legal approval, regional regulatory approval, reimbursement certainty, security certification, accessibility certification, production clinical authorization, autonomous clinical decisions, live autonomous AI, production model routing, public API SLAs, patient outreach, autonomous email send, autonomous calendar invite creation, contract approval, procurement approval, contractual SLAs, uptime guarantees, managed service commitments, production support guarantees, data-residency approval, payer submission, EHR writeback, public customer claims, audited financial reporting, revenue or profit guarantees, managed 24/7 SOC/MDR coverage, public quantum capability claims, trillion-dollar-scale equivalence claims, or securities offering material.","recordCount":120,"countsByState":{"active-control":27,"safe-workaround-active":9,"human-aal2-required":11,"customer-specific-required":16,"external-approval-required":38,"blocked-before-approval":19},"countsByCategory":{"clinical-authority":8,"clinical-care-activation":16,"agent-workspace":8,"qa-evidence":7,"public-market-readiness":5,"global-certification-readiness":6,"continuous-review-audit":13,"health-records-safety-exchange":5,"product-service-offerings":6,"client-onboarding-communications":8,"enterprise-scalability-operations":10,"limitations-workaround-operations":12,"platform-power-operations":12,"enterprise-growth-operations":4},"activeControlCount":27,"safeWorkaroundCount":9,"humanAal2RequiredCount":11,"externalGateCount":73,"blockedBeforeApprovalCount":19,"addressedPosition":"Every known boundary in this register has an owner, proof route, safe workaround, and remaining gate. Boundaries that require licensed clinicians, counsel, customer approval, security certification, reimbursement review, regional approval, or human AAL2 evidence remain explicitly unresolved until the right external evidence exists.","safeCommercialPosition":"SCRIMED remains sellable as a governed synthetic pilot, workflow intelligence assessment, AI readiness and governance audit, and clinical operations automation blueprint while live clinical care, PHI processing, production connectors, public claims, and reimbursement actions stay gated.","operatingRules":["Do not enter PHI, payer member data, production credentials, source contracts, medical records, or patient identifiers into current public or synthetic pilot workflows.","Use Health Records Safety Exchange for no-PHI extraction planning, patient-safety lint, source attribution, and live-data workaround routing before any record workflow expands.","Use Product and Services Portfolio before pricing, pilots, diligence, implementation, or enterprise-license work expands so every opportunity has one package, one offer, one proof route, one margin control, and one retained boundary.","Use Client Onboarding and Communications before buyer meetings, demo follow-up, pilot workshops, decks, emails, and calendar-ready agendas leave SCRIMED; humans must approve sends and events.","Use Enterprise Scalability Operations before enterprise traffic, tenant scale, support tiers, SLO/SLA language, regional hosting, disaster recovery, or cost commitments expand.","Use Platform Power Operations before API, UI, AI, model-routing, agent-tool, evidence-retrieval, accessibility, or trillion-scale positioning claims expand.","Use Limitations and Workaround Operations when an issue is blocked so every safe alternative has a packet, owner, proof route, escalation trigger, expiration rule, and graduation gate.","Do not claim live clinical authority, legal approval, reimbursement certainty, security certification, regional regulatory approval, or production go-live before signed external evidence exists.","Do not claim HIPAA, SOC 2, HITRUST, ISO, FDA, ONC, EU AI Act, GDPR, NHS, MHRA, Essential Eight, or other certification/approval status before the qualified external authority exists.","Do not position 24/7 review agents as managed SOC/MDR coverage, autonomous remediation, error-free AI review, clinical validation, or public quantum capability.","Do not present revenue, ROI, profit margin, valuation, fundraising, legal, accounting, or tax conclusions without qualified review and retained release authority.","Use protected AAL2 workspaces and no-secret evidence packets for operator proof.","Use synthetic fixtures, metadata-only references, and external evidence-room references while sensitive artifacts remain outside SCRIMED.","Escalate high-risk clinical, legal, privacy, security, payer, public-claims, or production connector requests to the retained owner instead of improvising."],"nextRecommendedBuildStep":"Turn the register into a release preflight: require every buyer, investor, regional, certification, 24/7 review, innovation, API, UI, AI, model-route, agent-tool, legal/finance, workaround, and clinical claim to resolve to an approved route, explicit boundary, owner, prohibited-claim list, safe packet, and retained evidence gate before external use.","records":[{"id":"authority-live-clinical-care-authority","category":"clinical-authority","name":"Live clinical care authority","state":"blocked-before-approval","buyerImpact":"SCRIMED may demonstrate synthetic workflow intelligence and readiness planning, but it may not deliver care, triage emergencies, diagnose, treat, prescribe, order, or communicate patient instructions.","currentBoundary":"SCRIMED may demonstrate synthetic workflow intelligence and readiness planning, but it may not deliver care, triage emergencies, diagnose, treat, prescribe, order, or communicate patient instructions.","currentControl":"Clinical-care gates, Trust Cards, blocked capability lists, human-review controls, and protected clinical activation dossiers are available for review.","safeWorkaround":"Sell synthetic pilot evaluation, workflow intelligence assessment, and draft-only clinician-reviewed planning.","remainingGate":"No patient-impacting workflow until licensed clinical sign-off and customer go-live approval are recorded.","owner":"Clinical governance, Product, Legal, Customer clinical sponsor","proofRoutes":["/clinical-care-activation","/pilot-workspace/access","/trust-os"],"nextAction":"Named licensed clinical governance board or medical director","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"authority-phi-processing-authority","category":"clinical-authority","name":"PHI and ePHI processing authority","state":"customer-specific-required","buyerImpact":"Public routes, demos, smoke checks, and readiness packets remain synthetic-only or metadata-only. No live patient identifiers, payer member records, or production clinical records are authorized.","currentBoundary":"Public routes, demos, smoke checks, and readiness packets remain synthetic-only or metadata-only. No live patient identifiers, payer member records, or production clinical records are authorized.","currentControl":"Protected workspaces, AAL2 gates, audit logs, evidence-room metadata controls, provider security review, and procurement evidence registry are in place.","safeWorkaround":"Use synthetic fixtures, de-identified data only when contract-approved, and no-sensitive-artifact evidence links.","remainingGate":"No PHI, ePHI, patient record, payer member data, or production credential enters SCRIMED until legal and privacy/security authorization is signed.","owner":"Privacy, Security, Legal, Customer compliance","proofRoutes":["/trust-center","/public-market-readiness","/pilot-workspace/access"],"nextAction":"BAA or written non-PHI determination","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"authority-legal-contracting-approval","category":"clinical-authority","name":"Legal approval and contracting authority","state":"customer-specific-required","buyerImpact":"SCRIMED materials can describe readiness, pilots, and retained gates. They are not legal advice, executed contracting authority, certification, or production authorization.","currentBoundary":"SCRIMED materials can describe readiness, pilots, and retained gates. They are not legal advice, executed contracting authority, certification, or production authorization.","currentControl":"Approved/prohibited claim controls, release decisions, named reviewer sign-offs, distribution lockbox, release authority attestations, and external approval evidence links are active.","safeWorkaround":"Use controlled buyer packets with explicit boundaries and no public customer or certification claims.","remainingGate":"No public customer claim, live care claim, certified compliance claim, or production deployment claim without qualified release approval.","owner":"Legal, Sales, Founder, Customer executive sponsor","proofRoutes":["/trust-center","/public-market-readiness","/global-reach"],"nextAction":"Master services agreement and statement of work","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"authority-regional-regulatory-approval","category":"clinical-authority","name":"Regional regulatory approval","state":"external-approval-required","buyerImpact":"Global Reach maps priority regions and localization requirements, but it does not create regional legal, procurement, privacy, data-residency, or clinical authorization.","currentBoundary":"Global Reach maps priority regions and localization requirements, but it does not create regional legal, procurement, privacy, data-residency, or clinical authorization.","currentControl":"Region packs, deployment profiles, sovereign-readiness posture, localization questions, and retained approval gates are organized.","safeWorkaround":"Run synthetic executive evaluations and partner qualification without live data, public authority claims, or production integrations.","remainingGate":"No production regional launch, government program claim, or local clinical deployment claim until the region-specific authority path is approved.","owner":"Regional counsel, Global partnerships, Security, Customer sponsor","proofRoutes":["/global-reach","/deployment-profiles","/market-activation"],"nextAction":"Region-specific counsel review","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"authority-reimbursement-policy-approval","category":"clinical-authority","name":"Reimbursement, coverage, coding, and payer policy approval","state":"customer-specific-required","buyerImpact":"SCRIMED can support draft operational intelligence for prior authorization, denial risk, and revenue-cycle review, but it cannot guarantee reimbursement or submit claims without authorized human review.","currentBoundary":"SCRIMED can support draft operational intelligence for prior authorization, denial risk, and revenue-cycle review, but it cannot guarantee reimbursement or submit claims without authorized human review.","currentControl":"Finance methodology gates, KPI definitions, no-guarantee language, protected metric rollups, and public-market operating discipline are available.","safeWorkaround":"Deliver denial-risk review, prior-authorization packet drafting, and revenue leakage analysis as human-reviewed draft support.","remainingGate":"No coverage determination, final coding, claim submission, denial appeal submission, or reimbursement claim without qualified review.","owner":"Revenue cycle, Finance, Legal, Customer operations","proofRoutes":["/public-market-readiness","/pricing","/pilot-deal-room"],"nextAction":"CMS, payer, and local policy review for the specific workflow","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"authority-security-certification-procurement","category":"clinical-authority","name":"Security certification and procurement approval","state":"external-approval-required","buyerImpact":"SCRIMED has security-ready architecture evidence and protected review workflows, but it does not claim SOC 2, ISO, HITRUST, FedRAMP, penetration-test approval, or customer vendor-risk approval unless those artifacts are actually issued.","currentBoundary":"SCRIMED has security-ready architecture evidence and protected review workflows, but it does not claim SOC 2, ISO, HITRUST, FedRAMP, penetration-test approval, or customer vendor-risk approval unless those artifacts are actually issued.","currentControl":"Provider security review, procurement evidence registry, access-log reconciliation, Trust Safety Ops, incident workspaces, and audit packets are active.","safeWorkaround":"Present readiness posture, control inventory, and no-sensitive-artifact evidence links while independent certification remains pending.","remainingGate":"No security certification, procurement approval, or production security acceptance claim without issued evidence and customer acceptance.","owner":"Security, Procurement, Compliance, Customer vendor-risk team","proofRoutes":["/trust-safety-operations","/public-market-readiness","/pilot-workspace/access"],"nextAction":"Independent security assessment or certification scope","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"authority-production-clinical-authorization","category":"clinical-authority","name":"Production clinical authorization","state":"blocked-before-approval","buyerImpact":"Production clinical execution is denied. No live workflow may write records, message patients, submit payer transactions, or affect clinical operations without final authorization.","currentBoundary":"Production clinical execution is denied. No live workflow may write records, message patients, submit payer transactions, or affect clinical operations without final authorization.","currentControl":"Customer activation approvals, production SSO readiness, buyer diligence room, command intelligence packets, and clinical activation approval workflow are linked.","safeWorkaround":"Use protected pilot rooms, command snapshots, and readiness packets to prepare the go-live decision without activating production care.","remainingGate":"No production tenant go-live until customer, clinical, legal, privacy, security, support, and SCRIMED release authority sign off.","owner":"Operations, Security, Clinical governance, Customer executive sponsor","proofRoutes":["/pilot-workspace/access","/clinical-care-activation","/operations"],"nextAction":"Production go-live checklist and signed release decision","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"authority-certified-health-it-connector-approval","category":"clinical-authority","name":"Certified health IT and connector approval","state":"external-approval-required","buyerImpact":"SCRIMED can demonstrate synthetic FHIR, HL7, DICOM, X12, and EHR-readiness concepts, but it does not claim ONC certification, EHR marketplace approval, payer connection approval, or live connector certification.","currentBoundary":"SCRIMED can demonstrate synthetic FHIR, HL7, DICOM, X12, and EHR-readiness concepts, but it does not claim ONC certification, EHR marketplace approval, payer connection approval, or live connector certification.","currentControl":"Interoperability standards registry, synthetic conformance kits, integration contracts, and deployment profile evidence are active.","safeWorkaround":"Use synthetic conformance tests, fixture validation, and connector contracts with live connector actions denied.","remainingGate":"No production connector read, write, order, referral, claim, imaging retrieval, or record mutation until customer and platform approval are complete.","owner":"Interoperability, Security, Customer integration, Platform partner","proofRoutes":["/interoperability","/interoperability/evaluations","/integrations/fixture-validation"],"nextAction":"Customer sandbox access and test plan","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"care-intended-use-regulatory-classification","category":"clinical-care-activation","name":"Intended-use and regulatory classification review","state":"external-approval-required","buyerImpact":"Any clinical decision-support, diagnostic, treatment, or medical-device-like deployment claim.","currentBoundary":"Intended-use and regulatory classification review is external-review-required; blocked capabilities: clinical decision support claims, diagnosis support, treatment recommendations.","currentControl":"FDA CDS/SaMD boundary review, intended-use statement, public claim review, labeling scope, and product-risk memo.","safeWorkaround":"Keep outputs framed as operational intelligence, synthetic evaluation, draft support, or clinician-reviewed planning until classification is approved.","remainingGate":"Any clinical decision-support, diagnostic, treatment, or medical-device-like deployment claim.","owner":"Regulatory counsel and clinical governance","proofRoutes":["/clinical-care-activation","/api/clinical-care-activation"],"nextAction":"FDA CDS/SaMD boundary review, intended-use statement, public claim review, labeling scope, and product-risk memo.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"care-licensed-clinical-governance","category":"clinical-care-activation","name":"Licensed clinical governance board and accountable medical director","state":"blocked-before-approval","buyerImpact":"Any care-team workflow that influences patient-specific clinical decisions.","currentBoundary":"Licensed clinical governance board and accountable medical director is blocked; blocked capabilities: live patient triage, care-plan recommendation, clinical safety scoring.","currentControl":"Named licensed reviewers, approval charter, escalation policy, scope-specific protocols, and sign-off records.","safeWorkaround":"Run buyer demos and synthetic workflow reviews with clear non-clinical boundary language.","remainingGate":"Any care-team workflow that influences patient-specific clinical decisions.","owner":"Clinical governance","proofRoutes":["/clinical-care-activation","/api/clinical-care-activation"],"nextAction":"Named licensed reviewers, approval charter, escalation policy, scope-specific protocols, and sign-off records.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"care-clinical-safety-case","category":"clinical-care-activation","name":"Clinical safety case, hazard analysis, and escalation model","state":"external-approval-required","buyerImpact":"Prospective clinical pilots, patient-specific risk prompts, or human-reviewed clinical workflows.","currentBoundary":"Clinical safety case, hazard analysis, and escalation model is external-review-required; blocked capabilities: patient-specific risk horizon prompts, emergency guidance, clinical escalation automation.","currentControl":"Hazard log, unsafe-output taxonomy, clinician escalation policy, emergency boundary, safety acceptance criteria, and rollback plan.","safeWorkaround":"Use TrustOS blocked-action traces and synthetic risk examples without patient-specific execution.","remainingGate":"Prospective clinical pilots, patient-specific risk prompts, or human-reviewed clinical workflows.","owner":"Clinical safety, legal, privacy, security, and product leadership","proofRoutes":["/clinical-care-activation","/api/clinical-care-activation"],"nextAction":"Hazard log, unsafe-output taxonomy, clinician escalation policy, emergency boundary, safety acceptance criteria, and rollback plan.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"care-signed-customer-clinical-scope","category":"clinical-care-activation","name":"Signed customer clinical scope and care-setting authorization","state":"customer-specific-required","buyerImpact":"Any customer-environment clinical pilot or production workflow.","currentBoundary":"Signed customer clinical scope and care-setting authorization is customer-specific; blocked capabilities: customer production pilot, site-specific workflow execution, customer go-live.","currentControl":"Executed statement of work, care-setting scope, allowed users, excluded workflows, pilot objectives, and go-live approvers.","safeWorkaround":"Sell and deliver synthetic pilot evaluation, readiness assessment, governance audit, and implementation blueprint packages.","remainingGate":"Any customer-environment clinical pilot or production workflow.","owner":"Enterprise sales, legal, customer sponsor, and clinical operations","proofRoutes":["/clinical-care-activation","/api/clinical-care-activation"],"nextAction":"Executed statement of work, care-setting scope, allowed users, excluded workflows, pilot objectives, and go-live approvers.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"care-baa-dpa-privacy-review","category":"clinical-care-activation","name":"BAA/DPA path, privacy notices, retention, residency, and processing register","state":"customer-specific-required","buyerImpact":"Any PHI, ePHI, payer member data, live clinical record, or patient identifier enters SCRIMED systems.","currentBoundary":"BAA/DPA path, privacy notices, retention, residency, and processing register is customer-specific; blocked capabilities: PHI processing, patient identifiers, payer member data, live clinical records.","currentControl":"BAA or non-PHI determination, DPA where applicable, privacy notice review, retention schedule, data residency map, and processor register.","safeWorkaround":"Keep public and pilot routes synthetic-only and metadata-only until the customer-specific data path is signed.","remainingGate":"Any PHI, ePHI, payer member data, live clinical record, or patient identifier enters SCRIMED systems.","owner":"Privacy, legal, security, and customer compliance","proofRoutes":["/clinical-care-activation","/api/clinical-care-activation"],"nextAction":"BAA or non-PHI determination, DPA where applicable, privacy notice review, retention schedule, data residency map, and processor register.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"care-hipaa-security-safeguard-map","category":"clinical-care-activation","name":"HIPAA Security Rule safeguard mapping","state":"external-approval-required","buyerImpact":"Any ePHI processing or production healthcare customer security review.","currentBoundary":"HIPAA Security Rule safeguard mapping is external-review-required; blocked capabilities: ePHI workflows, clinical data storage, production tenant PHI processing.","currentControl":"Administrative, physical, and technical safeguard mapping; risk analysis; access controls; audit controls; transmission security; and contingency plan.","safeWorkaround":"Use current TrustOS, protected workspace, audit, rate-limit, passkey/AAL2, and no-PHI controls as readiness evidence, not compliance certification.","remainingGate":"Any ePHI processing or production healthcare customer security review.","owner":"Security, privacy, compliance, and qualified external reviewer","proofRoutes":["/clinical-care-activation","/api/clinical-care-activation"],"nextAction":"Administrative, physical, and technical safeguard mapping; risk analysis; access controls; audit controls; transmission security; and contingency plan.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"care-production-identity-access","category":"clinical-care-activation","name":"Production identity, RBAC, AAL2/SSO, and access review","state":"active-control","buyerImpact":"Customer users access protected clinical or operational workspaces.","currentBoundary":"Production identity, RBAC, AAL2/SSO, and access review is foundation-ready; blocked capabilities: broad customer user onboarding, patient-context access, break-glass access.","currentControl":"Supabase Auth, passkey or magic-link sign-in, AAL2 gates for protected actions, tenant-admin checks, and access-review planning.","safeWorkaround":"Continue protected synthetic pilots with tenant-admin AAL2 and explicit role boundaries while customer SSO remains gated.","remainingGate":"Customer users access protected clinical or operational workspaces.","owner":"Security engineering and customer identity administrator","proofRoutes":["/clinical-care-activation","/api/clinical-care-activation"],"nextAction":"Supabase Auth, passkey or magic-link sign-in, AAL2 gates for protected actions, tenant-admin checks, and access-review planning.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"care-phi-data-architecture","category":"clinical-care-activation","name":"PHI-ready data architecture, encryption, deletion, legal hold, and regional controls","state":"blocked-before-approval","buyerImpact":"Any live clinical data persistence, evidence vault upload, or production workspace memory.","currentBoundary":"PHI-ready data architecture, encryption, deletion, legal hold, and regional controls is blocked; blocked capabilities: clinical memory persistence, medical-record storage, evidence vault PHI upload.","currentControl":"Data classification, encryption/key management, DLP, malware scanning, deletion workflow, legal hold, residency, backup, and restore testing.","safeWorkaround":"Keep evidence vault readiness metadata-only and disable sensitive document upload until signed controls exist.","remainingGate":"Any live clinical data persistence, evidence vault upload, or production workspace memory.","owner":"Security architecture, privacy, platform engineering, and customer compliance","proofRoutes":["/clinical-care-activation","/api/clinical-care-activation"],"nextAction":"Data classification, encryption/key management, DLP, malware scanning, deletion workflow, legal hold, residency, backup, and restore testing.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"care-connector-validation","category":"clinical-care-activation","name":"FHIR, HL7, DICOM, X12, payer, and EHR connector validation","state":"blocked-before-approval","buyerImpact":"Any production connector reads, writes, orders, referrals, payer transactions, imaging retrieval, or record mutation.","currentBoundary":"FHIR, HL7, DICOM, X12, payer, and EHR connector validation is blocked; blocked capabilities: EHR writeback, order entry, referral submission, claim submission, imaging retrieval.","currentControl":"Conformance testing, customer sandbox acceptance, interface monitoring, reconciliation, mapping review, purpose-of-use policy, and partner sign-off.","safeWorkaround":"Use deterministic synthetic conformance kits, integration fixtures, and connector contracts until a customer sandbox is approved.","remainingGate":"Any production connector reads, writes, orders, referrals, payer transactions, imaging retrieval, or record mutation.","owner":"Interoperability engineering, customer integration team, and clinical operations","proofRoutes":["/clinical-care-activation","/api/clinical-care-activation"],"nextAction":"Conformance testing, customer sandbox acceptance, interface monitoring, reconciliation, mapping review, purpose-of-use policy, and partner sign-off.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"care-human-authority-override","category":"clinical-care-activation","name":"Human authority model, reviewer workflow, and override logging","state":"active-control","buyerImpact":"Any AI-assisted workflow that influences clinical, payer, or operational actions.","currentBoundary":"Human authority model, reviewer workflow, and override logging is foundation-ready; blocked capabilities: autonomous clinical decisions, autonomous outreach, autonomous payer submission.","currentControl":"Human review required controls, reviewer status fields, blocked actions, Trust Cards, audit traces, and protected packet exports.","safeWorkaround":"Keep every output draft-only, recommendation-like, evidence-backed, and review-required.","remainingGate":"Any AI-assisted workflow that influences clinical, payer, or operational actions.","owner":"TrustOS, clinical operations, and customer workflow owner","proofRoutes":["/clinical-care-activation","/api/clinical-care-activation"],"nextAction":"Human review required controls, reviewer status fields, blocked actions, Trust Cards, audit traces, and protected packet exports.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"care-clinical-validation-protocol","category":"clinical-care-activation","name":"Clinical validation protocol and licensed sign-off","state":"blocked-before-approval","buyerImpact":"Any patient-specific output is used in care delivery or clinical operations.","currentBoundary":"Clinical validation protocol and licensed sign-off is blocked; blocked capabilities: clinical correctness scoring in care, risk prediction, care-gap scoring.","currentControl":"Validation cohort, inclusion/exclusion criteria, source truth, reviewer rubric, acceptance thresholds, bias/equity review, and sign-off.","safeWorkaround":"Measure workflow outcomes on synthetic or approved de-identified data while clinical correctness remains unvalidated.","remainingGate":"Any patient-specific output is used in care delivery or clinical operations.","owner":"Clinical validation lead, customer medical leadership, and quality team","proofRoutes":["/clinical-care-activation","/api/clinical-care-activation"],"nextAction":"Validation cohort, inclusion/exclusion criteria, source truth, reviewer rubric, acceptance thresholds, bias/equity review, and sign-off.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"care-incident-response-playbook","category":"clinical-care-activation","name":"Clinical, privacy, security, and AI incident response playbooks","state":"external-approval-required","buyerImpact":"Any production clinical, PHI, or customer-integrated workflow.","currentBoundary":"Clinical, privacy, security, and AI incident response playbooks is external-review-required; blocked capabilities: 24/7 clinical operations, production PHI incident handling, adverse-event handling.","currentControl":"Severity model, notification matrix, breach analysis path, adverse-event escalation, containment actions, legal hold, and post-incident review.","safeWorkaround":"Use current Trust Safety Operations incident workspaces for no-PHI synthetic issues and readiness rehearsal.","remainingGate":"Any production clinical, PHI, or customer-integrated workflow.","owner":"Trust safety operations, security, privacy, legal, and clinical governance","proofRoutes":["/clinical-care-activation","/api/clinical-care-activation"],"nextAction":"Severity model, notification matrix, breach analysis path, adverse-event escalation, containment actions, legal hold, and post-incident review.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"care-continuous-monitoring-outcomes","category":"clinical-care-activation","name":"Continuous validation, monitoring, drift, and outcome learning","state":"active-control","buyerImpact":"Scaled pilots, model-route changes, and production workflow expansion.","currentBoundary":"Continuous validation, monitoring, drift, and outcome learning is foundation-ready; blocked capabilities: automated scale-up, model route auto-promotion, unmonitored workflow execution.","currentControl":"QA evidence ledger, manual run evidence capture, workflow outcome metrics, command snapshots, trust metrics, and escalation rates.","safeWorkaround":"Retain synthetic QA and buyer-demo evidence while production observability remains customer-specific.","remainingGate":"Scaled pilots, model-route changes, and production workflow expansion.","owner":"TrustOS, QA, product analytics, and customer operations","proofRoutes":["/clinical-care-activation","/api/clinical-care-activation"],"nextAction":"QA evidence ledger, manual run evidence capture, workflow outcome metrics, command snapshots, trust metrics, and escalation rates.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"care-reimbursement-claims-review","category":"clinical-care-activation","name":"Reimbursement, claims, coding, and payer policy review","state":"customer-specific-required","buyerImpact":"Any prior authorization, claim, coding, denial appeal, reimbursement, or payer-submission workflow.","currentBoundary":"Reimbursement, claims, coding, and payer policy review is customer-specific; blocked capabilities: coverage determination, claim submission, billing finalization, reimbursement guarantee.","currentControl":"Payer policy sources, CMS/coverage review, coding compliance review, no-guarantee reimbursement language, and human approval.","safeWorkaround":"Provide denial-risk review and prior-auth support as draft, evidence-backed, human-reviewed operational intelligence.","remainingGate":"Any prior authorization, claim, coding, denial appeal, reimbursement, or payer-submission workflow.","owner":"Revenue cycle expert, payer policy lead, legal, and customer operations","proofRoutes":["/clinical-care-activation","/api/clinical-care-activation"],"nextAction":"Payer policy sources, CMS/coverage review, coding compliance review, no-guarantee reimbursement language, and human approval.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"care-patient-communication-consent","category":"clinical-care-activation","name":"Patient communication, consent, accessibility, and emergency-care boundary","state":"blocked-before-approval","buyerImpact":"Any patient-facing outreach, education, triage, scheduling, or care-plan communication.","currentBoundary":"Patient communication, consent, accessibility, and emergency-care boundary is blocked; blocked capabilities: patient outreach, patient education delivery, triage messaging, emergency advice.","currentControl":"Consent model, communication templates, accessibility review, language support, patient-safety disclaimers, and emergency escalation policy.","safeWorkaround":"Keep patient-facing materials as internal draft templates for authorized human review.","remainingGate":"Any patient-facing outreach, education, triage, scheduling, or care-plan communication.","owner":"Clinical operations, legal, privacy, patient experience, and customer sponsor","proofRoutes":["/clinical-care-activation","/api/clinical-care-activation"],"nextAction":"Consent model, communication templates, accessibility review, language support, patient-safety disclaimers, and emergency escalation policy.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"care-go-live-rollback-approval","category":"clinical-care-activation","name":"Production go-live approval, rollback plan, and post-launch controls","state":"customer-specific-required","buyerImpact":"Any live clinical-care production launch.","currentBoundary":"Production go-live approval, rollback plan, and post-launch controls is customer-specific; blocked capabilities: production launch, expanded production rollout, customer-wide activation.","currentControl":"Go-live checklist, launch approval packet, rollback plan, monitoring dashboard, support coverage, and post-launch review cadence.","safeWorkaround":"Use buyer diligence exports, command intelligence packets, and clinical activation readiness briefs to prepare for approval.","remainingGate":"Any live clinical-care production launch.","owner":"SCRIMED operator, customer executive sponsor, clinical sponsor, security, privacy, and legal","proofRoutes":["/clinical-care-activation","/api/clinical-care-activation"],"nextAction":"Go-live checklist, launch approval packet, rollback plan, monitoring dashboard, support coverage, and post-launch review cadence.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"agent-live-phi-ingestion-is-not-enabled","category":"agent-workspace","name":"Live PHI ingestion is not enabled.","state":"safe-workaround-active","buyerImpact":"SCRIMED cannot yet process real patient records inside production workflows.","currentBoundary":"SCRIMED cannot yet process real patient records inside production workflows.","currentControl":"Use synthetic fixtures, no-PHI buyer intake, protected pilot sessions, TrustOS decisions, and metadata-only evidence packets.","safeWorkaround":"Use synthetic fixtures, no-PHI buyer intake, protected pilot sessions, TrustOS decisions, and metadata-only evidence packets.","remainingGate":"BAA/DPA, privacy notice, consent, retention, security review, and customer authorization.","owner":"AgentOS, TrustOS, platform, security, clinical governance, and customer operator owners","proofRoutes":["/pilot-evidence"],"nextAction":"BAA/DPA, privacy notice, consent, retention, security review, and customer authorization.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"agent-autonomous-clinical-decisions-remain-prohibited","category":"agent-workspace","name":"Autonomous clinical decisions remain prohibited.","state":"active-control","buyerImpact":"SCRIMED cannot diagnose, treat, instruct patients, or replace clinician judgment.","currentBoundary":"SCRIMED cannot diagnose, treat, instruct patients, or replace clinician judgment.","currentControl":"Every clinical-adjacent work order is held behind TrustQA, Clinical Guardian, reviewer checkpoints, blocked actions, and proof packet boundaries.","safeWorkaround":"Every clinical-adjacent work order is held behind TrustQA, Clinical Guardian, reviewer checkpoints, blocked actions, and proof packet boundaries.","remainingGate":"Licensed clinician validation and regulatory intended-use review before clinical decision-support claims.","owner":"AgentOS, TrustOS, platform, security, clinical governance, and customer operator owners","proofRoutes":["/trust-os"],"nextAction":"Licensed clinician validation and regulatory intended-use review before clinical decision-support claims.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"agent-clinical-correctness-and-safety-scores-are-not-externally-validated","category":"agent-workspace","name":"Clinical correctness and safety scores are not externally validated.","state":"external-approval-required","buyerImpact":"Validation fields cannot be marketed as clinical-performance claims.","currentBoundary":"Validation fields cannot be marketed as clinical-performance claims.","currentControl":"Expose completeness, source attribution, evidence trail, confidence, reviewer status, and audit fields while marking clinical scoring as clinician-validation required.","safeWorkaround":"Expose completeness, source attribution, evidence trail, confidence, reviewer status, and audit fields while marking clinical scoring as clinician-validation required.","remainingGate":"Clinician rubric, validation study, data-quality review, and governance sign-off.","owner":"AgentOS, TrustOS, platform, security, clinical governance, and customer operator owners","proofRoutes":["/healthcare-intelligence-os"],"nextAction":"Clinician rubric, validation study, data-quality review, and governance sign-off.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"agent-dedicated-long-running-work-order-persistence-requires-per-environment-migration","category":"agent-workspace","name":"Dedicated long-running work-order persistence requires per-environment migration verification.","state":"active-control","buyerImpact":"Work-order creation and resume must fail closed until each deployment has the dedicated RLS tables, RPCs, and grants applied.","currentBoundary":"Work-order creation and resume must fail closed until each deployment has the dedicated RLS tables, RPCs, and grants applied.","currentControl":"Use dedicated agent workspace work-order tables, append-only work-order events, explicit authenticated grants, and RPC-only mutations with route-level AAL2 and rate-limit checks.","safeWorkaround":"Use dedicated agent workspace work-order tables, append-only work-order events, explicit authenticated grants, and RPC-only mutations with route-level AAL2 and rate-limit checks.","remainingGate":"Apply migration, verify RLS with an authenticated tenant, run database advisors, and approve customer-specific retention/legal-hold policy.","owner":"AgentOS, TrustOS, platform, security, clinical governance, and customer operator owners","proofRoutes":["/api/agent-workspaces/{workspaceSlug}/work-orders"],"nextAction":"Apply migration, verify RLS with an authenticated tenant, run database advisors, and approve customer-specific retention/legal-hold policy.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"agent-production-model-routing-across-vendors-is-not-active","category":"agent-workspace","name":"Production model routing across vendors is not active.","state":"safe-workaround-active","buyerImpact":"SCRIMED should not route PHI or regulated tasks to unapproved providers.","currentBoundary":"SCRIMED should not route PHI or regulated tasks to unapproved providers.","currentControl":"Attach provider-class, fallback, PHI sensitivity, denial conditions, and human escalation to every work-order template.","safeWorkaround":"Attach provider-class, fallback, PHI sensitivity, denial conditions, and human escalation to every work-order template.","remainingGate":"Vendor contracts, BAA/DPA path, regional rules, telemetry, cost limits, and rollback tests.","owner":"AgentOS, TrustOS, platform, security, clinical governance, and customer operator owners","proofRoutes":["/agent-workspace"],"nextAction":"Vendor contracts, BAA/DPA path, regional rules, telemetry, cost limits, and rollback tests.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"agent-live-ehr-payer-imaging-and-device-connectors-remain-blocked","category":"agent-workspace","name":"Live EHR, payer, imaging, and device connectors remain blocked.","state":"active-control","buyerImpact":"SCRIMED cannot mutate production records, submit payer transactions, or ingest live images/devices.","currentBoundary":"SCRIMED cannot mutate production records, submit payer transactions, or ingest live images/devices.","currentControl":"Use interoperability standards registry, synthetic conformance kits, fixture validation, and connector-readiness gates.","safeWorkaround":"Use interoperability standards registry, synthetic conformance kits, fixture validation, and connector-readiness gates.","remainingGate":"Customer connector approval, security review, consent, audit, monitoring, and partner acceptance.","owner":"AgentOS, TrustOS, platform, security, clinical governance, and customer operator owners","proofRoutes":["/interoperability/evaluations"],"nextAction":"Customer connector approval, security review, consent, audit, monitoring, and partner acceptance.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"agent-sovereign-deployment-is-not-implemented","category":"agent-workspace","name":"Sovereign deployment is not implemented.","state":"external-approval-required","buyerImpact":"Some hospitals, governments, and regions may require private, on-prem, or sovereign deployments before live data.","currentBoundary":"Some hospitals, governments, and regions may require private, on-prem, or sovereign deployments before live data.","currentControl":"Define managed cloud, private cloud, hospital-controlled, government/sovereign, and edge/on-prem profiles with required controls.","safeWorkaround":"Define managed cloud, private cloud, hospital-controlled, government/sovereign, and edge/on-prem profiles with required controls.","remainingGate":"Customer architecture review, regional compliance mapping, private networking, and local audit design.","owner":"AgentOS, TrustOS, platform, security, clinical governance, and customer operator owners","proofRoutes":["/healthcare-intelligence-os"],"nextAction":"Customer architecture review, regional compliance mapping, private networking, and local audit design.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"agent-legal-hipaa-soc-2-regulatory-and-reimbursement-claims-require-external-review","category":"agent-workspace","name":"Legal, HIPAA, SOC 2, regulatory, and reimbursement claims require external review.","state":"external-approval-required","buyerImpact":"SCRIMED cannot truthfully claim certification, clearance, compliance, reimbursement, or production readiness without evidence.","currentBoundary":"SCRIMED cannot truthfully claim certification, clearance, compliance, reimbursement, or production readiness without evidence.","currentControl":"Keep claims register, Trust Center, diligence brief, prohibited-claims controls, and buyer-facing boundary language active.","safeWorkaround":"Keep claims register, Trust Center, diligence brief, prohibited-claims controls, and buyer-facing boundary language active.","remainingGate":"Qualified counsel, security assessor, privacy owner, regulatory reviewer, and payer/reimbursement expert review.","owner":"AgentOS, TrustOS, platform, security, clinical governance, and customer operator owners","proofRoutes":["/trust-center"],"nextAction":"Qualified counsel, security assessor, privacy owner, regulatory reviewer, and payer/reimbursement expert review.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"qa-workflow-sales-demo-session-qa","category":"qa-evidence","name":"Sales Demo Session QA activation","state":"human-aal2-required","buyerImpact":"Adds tenant-scoped evidence that SCRIMED can create and audit a governed synthetic buyer demo session under human AAL2 control.","currentBoundary":"No authenticated sales-demo CI evidence can be claimed until a human runs the workflow with a fresh short-lived AAL2 token.","currentControl":"All surrounding controls remain verified by public smoke and fail-closed checks; the activation plan prevents token material from becoming evidence.","safeWorkaround":"All surrounding controls remain verified by public smoke and fail-closed checks; the activation plan prevents token material from becoming evidence.","remainingGate":"Fresh human AAL2 run, temporary secret disposal, protected persistence, packet hash, and Buyer Diligence export.","owner":"SCRIMED operator, release engineering, and tenant governance owner","proofRoutes":["/qa-execution-readiness","/qa-run-control","/qa-launch-kit","/qa-aal2-run-evidence","/api/qa-evidence/aal2-run-evidence","/qa-manual-execution-console","/qa-completion-bridge","/qa-claim-guard","/qa-activation-seal","/qa-proof-promotion","/qa-buyer-proof-release","/api/qa-evidence/activation-plan","/api/qa-evidence/activation-plan/brief",".github/workflows/sales-demo-session-qa-smoke.yml","/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets"],"nextAction":"Run the manual workflow once a fresh AAL2 tenant-admin token and safe synthetic intake target are available.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","authenticated QA completed without a human AAL2 run","bearer token retained as evidence"]},{"id":"qa-workflow-authority-reference-qa","category":"qa-evidence","name":"Authority Reference QA activation","state":"human-aal2-required","buyerImpact":"Adds tenant-scoped evidence that SCRIMED can record and audit no-PHI authority-reference readiness metadata under human AAL2 control.","currentBoundary":"No authenticated authority-reference CI evidence can be claimed until a human runs the workflow with a fresh short-lived AAL2 token.","currentControl":"The renewal queue, fail-closed protected routes, stateless packet generation, and no-secret persistence bridge are already verified without storing credentials.","safeWorkaround":"The renewal queue, fail-closed protected routes, stateless packet generation, and no-secret persistence bridge are already verified without storing credentials.","remainingGate":"Fresh human AAL2 run, temporary secret disposal, protected persistence, packet hash, and Buyer Diligence export.","owner":"SCRIMED operator, release engineering, and tenant governance owner","proofRoutes":["/qa-execution-readiness","/qa-run-control","/qa-launch-kit","/qa-aal2-run-evidence","/api/qa-evidence/aal2-run-evidence","/qa-manual-execution-console","/qa-completion-bridge","/qa-claim-guard","/qa-activation-seal","/qa-proof-promotion","/qa-buyer-proof-release","/api/qa-evidence/activation-plan","/api/qa-evidence/activation-plan/brief",".github/workflows/authority-reference-qa-smoke.yml","/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets"],"nextAction":"Run the manual workflow once a fresh AAL2 tenant governance token and synthetic workspace target are available.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","authenticated QA completed without a human AAL2 run","bearer token retained as evidence"]},{"id":"qa-limitation-first-authenticated-sales-demo-session-qa-ci-evidence-is-pending","category":"qa-evidence","name":"First authenticated Sales Demo Session QA CI evidence is pending","state":"human-aal2-required","buyerImpact":"SCRIMED has the workflow and token policy, but cannot claim an authenticated CI mutation run until a fresh AAL2 operator token is used deliberately.","currentBoundary":"SCRIMED has the workflow and token policy, but cannot claim an authenticated CI mutation run until a fresh AAL2 operator token is used deliberately.","currentControl":"Manual-only GitHub workflow, short-lived JWT preflight, explicit intake targeting, Run Control mission brief, Launch Kit handoff, Human Run Packet dispatch validation, protected Manual QA Execution Console, Completion Bridge candidate validation, Claim Guard overclaim prevention, Activation Seal final check, Proof Promotion gate, Buyer Proof Release gate, fail-closed public smoke, and no long-lived secret storage.","safeWorkaround":"Manual-only GitHub workflow, short-lived JWT preflight, explicit intake targeting, Run Control mission brief, Launch Kit handoff, Human Run Packet dispatch validation, protected Manual QA Execution Console, Completion Bridge candidate validation, Claim Guard overclaim prevention, Activation Seal final check, Proof Promotion gate, Buyer Proof Release gate, fail-closed public smoke, and no long-lived secret storage.","remainingGate":"Use /pilot-workspace/access#manual-qa-execution-console, mint a fresh AAL2 token from the tenant-admin session, run the workflow once against a synthetic intake ID, archive only safe IDs, validate them through /qa-completion-bridge, persist the packet hash, delete or rotate the token secret, then use /qa-buyer-proof-release before buyer proof claims.","owner":"QA, TrustOS, release engineering, and operator governance","proofRoutes":["/qa-evidence","/api/qa-evidence","/api/qa-evidence/brief","/qa-aal2-run-evidence","/api/qa-evidence/aal2-run-evidence","/api/pilot-workspaces/{workspaceSlug}/qa-evidence/aal2-run-evidence","/qa-launch-kit","/qa-manual-execution-console","/qa-completion-bridge","/qa-claim-guard","/qa-activation-seal","/qa-proof-promotion","/qa-buyer-proof-release"],"nextAction":"Use /pilot-workspace/access#manual-qa-execution-console, mint a fresh AAL2 token from the tenant-admin session, run the workflow once against a synthetic intake ID, archive only safe IDs, validate them through /qa-completion-bridge, persist the packet hash, delete or rotate the token secret, then use /qa-buyer-proof-release before buyer proof claims.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"qa-limitation-authority-reference-qa-retained-aal2-evidence-is-captured","category":"qa-evidence","name":"Authority Reference QA retained AAL2 evidence is captured","state":"safe-workaround-active","buyerImpact":"SCRIMED has one protected authority-reference synthetic QA run retained as no-secret AAL2 evidence through Run Control. GitHub-hosted CI evidence remains optional until browser secret placement is available.","currentBoundary":"SCRIMED has one protected authority-reference synthetic QA run retained as no-secret AAL2 evidence through Run Control. GitHub-hosted CI evidence remains optional until browser secret placement is available.","currentControl":"Run Control witness, short-lived JWT preflight, workspace targeting, protected authority-reference smoke, Manual QA Evidence persistence, packet SHA-256 retention, append-only audit event, Claim Guard, Activation Seal, Proof Promotion, Buyer Proof Release, fail-closed public smoke, and no long-lived secret storage.","safeWorkaround":"Run Control witness, short-lived JWT preflight, workspace targeting, protected authority-reference smoke, Manual QA Evidence persistence, packet SHA-256 retention, append-only audit event, Claim Guard, Activation Seal, Proof Promotion, Buyer Proof Release, fail-closed public smoke, and no long-lived secret storage.","remainingGate":"Use the retained packet hash and audit event only for bounded buyer diligence. Re-run through GitHub Actions later if a separate CI-hosted evidence trail is required.","owner":"QA, TrustOS, release engineering, and operator governance","proofRoutes":["/qa-evidence","/api/qa-evidence","/api/qa-evidence/brief","/qa-aal2-run-evidence","/api/qa-evidence/aal2-run-evidence","/api/pilot-workspaces/{workspaceSlug}/qa-evidence/aal2-run-evidence","/qa-launch-kit","/qa-manual-execution-console","/qa-completion-bridge","/qa-claim-guard","/qa-activation-seal","/qa-proof-promotion","/qa-buyer-proof-release"],"nextAction":"Use the retained packet hash and audit event only for bounded buyer diligence. Re-run through GitHub Actions later if a separate CI-hosted evidence trail is required.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"qa-limitation-first-protected-aal2-synthetic-category-evidence-is-retained","category":"qa-evidence","name":"First protected AAL2 synthetic category evidence is retained","state":"safe-workaround-active","buyerImpact":"The required buyer-proof QA categories now have one retained no-secret AAL2 packet, packet hash, and append-only audit signal. Category notes remain bounded to synthetic QA posture and do not create clinical validation, PHI authority, or live-care approval.","currentBoundary":"The required buyer-proof QA categories now have one retained no-secret AAL2 packet, packet hash, and append-only audit signal. Category notes remain bounded to synthetic QA posture and do not create clinical validation, PHI authority, or live-care approval.","currentControl":"AAL2 Run Evidence Package, Manual QA Execution Console, Human Run Packet, Completion Bridge, Activation Seal, Proof Promotion, Claim Guard, Buyer Proof Release, synthetic-only headers, fail-closed protected routes, and no-secret packet validation.","safeWorkaround":"AAL2 Run Evidence Package, Manual QA Execution Console, Human Run Packet, Completion Bridge, Activation Seal, Proof Promotion, Claim Guard, Buyer Proof Release, synthetic-only headers, fail-closed protected routes, and no-secret packet validation.","remainingGate":"Use the protected Buyer Proof Release output for buyer diligence, include only the workflow run ID, packet hash, audit event reference, synthetic boundary, and blocked authority language, and keep production authority gates closed.","owner":"QA, TrustOS, release engineering, and operator governance","proofRoutes":["/qa-evidence","/api/qa-evidence","/api/qa-evidence/brief","/qa-aal2-run-evidence","/api/qa-evidence/aal2-run-evidence","/api/pilot-workspaces/{workspaceSlug}/qa-evidence/aal2-run-evidence","/qa-launch-kit","/qa-manual-execution-console","/qa-completion-bridge","/qa-claim-guard","/qa-activation-seal","/qa-proof-promotion","/qa-buyer-proof-release"],"nextAction":"Use the protected Buyer Proof Release output for buyer diligence, include only the workflow run ID, packet hash, audit event reference, synthetic boundary, and blocked authority language, and keep production authority gates closed.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"qa-limitation-managed-local-shell-may-omit-npm-node-from-path","category":"qa-evidence","name":"Managed local shell may omit npm/node from PATH","state":"safe-workaround-active","buyerImpact":"Local package scripts can fail even when the repository, CI, and Vercel build path are healthy.","currentBoundary":"Local package scripts can fail even when the repository, CI, and Vercel build path are healthy.","currentControl":"Bundled Node absolute path verifies TypeScript, ESLint, generated integrity, Next build, and smoke scripts without changing the product.","safeWorkaround":"Bundled Node absolute path verifies TypeScript, ESLint, generated integrity, Next build, and smoke scripts without changing the product.","remainingGate":"Restore PATH in the local Codex shell when available; keep CI and Vercel on standard Node 22.","owner":"QA, TrustOS, release engineering, and operator governance","proofRoutes":["/qa-evidence","/api/qa-evidence","/api/qa-evidence/brief","/qa-aal2-run-evidence","/api/qa-evidence/aal2-run-evidence","/api/pilot-workspaces/{workspaceSlug}/qa-evidence/aal2-run-evidence","/qa-launch-kit","/qa-manual-execution-console","/qa-completion-bridge","/qa-claim-guard","/qa-activation-seal","/qa-proof-promotion","/qa-buyer-proof-release"],"nextAction":"Restore PATH in the local Codex shell when available; keep CI and Vercel on standard Node 22.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"qa-limitation-live-clinical-execution-remains-intentionally-blocked","category":"qa-evidence","name":"Live clinical execution remains intentionally blocked","state":"external-approval-required","buyerImpact":"SCRIMED remains sellable as a governed synthetic pilot and enterprise evaluation product, not live diagnosis, treatment, payer submission, or autonomous care execution.","currentBoundary":"SCRIMED remains sellable as a governed synthetic pilot and enterprise evaluation product, not live diagnosis, treatment, payer submission, or autonomous care execution.","currentControl":"Synthetic-only evidence, human-review boundaries, protected route fail-closed behavior, claims controls, and clinical/legal/privacy/security review gates.","safeWorkaround":"Synthetic-only evidence, human-review boundaries, protected route fail-closed behavior, claims controls, and clinical/legal/privacy/security review gates.","remainingGate":"Complete customer-specific identity, privacy, BAA, connector, audit, clinical validation, risk, and human operating controls before any production healthcare workflow.","owner":"QA, TrustOS, release engineering, and operator governance","proofRoutes":["/qa-evidence","/api/qa-evidence","/api/qa-evidence/brief","/qa-aal2-run-evidence","/api/qa-evidence/aal2-run-evidence","/api/pilot-workspaces/{workspaceSlug}/qa-evidence/aal2-run-evidence","/qa-launch-kit","/qa-manual-execution-console","/qa-completion-bridge","/qa-claim-guard","/qa-activation-seal","/qa-proof-promotion","/qa-buyer-proof-release"],"nextAction":"Complete customer-specific identity, privacy, BAA, connector, audit, clinical validation, risk, and human operating controls before any production healthcare workflow.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed"]},{"id":"public-market-no-audited-financial-statements-inside-scrimed-yet","category":"public-market-readiness","name":"No audited financial statements inside SCRIMED yet","state":"external-approval-required","buyerImpact":"External investors cannot treat current KPI stack as audited financial reporting.","currentBoundary":"External investors cannot treat current KPI stack as audited financial reporting.","currentControl":"Use the KPI definitions, pricing tiers, sales audit evidence, and proof packets as operating-readiness material while finance and accounting review is completed.","safeWorkaround":"Use the KPI definitions, pricing tiers, sales audit evidence, and proof packets as operating-readiness material while finance and accounting review is completed.","remainingGate":"Finance-reviewed chart of accounts, revenue recognition policy, cost allocation, and audit-ready reporting.","owner":"Founder, finance, legal, investor relations, security, privacy, and customer sponsor as applicable","proofRoutes":["/public-market-readiness","/api/public-market-readiness","/api/public-market-readiness/brief"],"nextAction":"Finance-reviewed chart of accounts, revenue recognition policy, cost allocation, and audit-ready reporting.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","audited financial reporting completed","securities offering material approved","valuation guaranteed"]},{"id":"public-market-no-live-clinical-outcomes","category":"public-market-readiness","name":"No live clinical outcomes","state":"external-approval-required","buyerImpact":"SCRIMED cannot claim patient-outcome improvement from production deployment.","currentBoundary":"SCRIMED cannot claim patient-outcome improvement from production deployment.","currentControl":"Report synthetic and protected-pilot operational metrics only, then graduate to customer-approved outcome studies after legal, clinical, privacy, and data rights approval.","safeWorkaround":"Report synthetic and protected-pilot operational metrics only, then graduate to customer-approved outcome studies after legal, clinical, privacy, and data rights approval.","remainingGate":"Customer-approved clinical governance protocol, IRB or ethics review when required, and signed data-processing path.","owner":"Founder, finance, legal, investor relations, security, privacy, and customer sponsor as applicable","proofRoutes":["/public-market-readiness","/api/public-market-readiness","/api/public-market-readiness/brief"],"nextAction":"Customer-approved clinical governance protocol, IRB or ethics review when required, and signed data-processing path.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","audited financial reporting completed","securities offering material approved","valuation guaranteed"]},{"id":"public-market-no-phi-enabled-cost-telemetry","category":"public-market-readiness","name":"No PHI-enabled cost telemetry","state":"external-approval-required","buyerImpact":"Patient-level cost per interaction remains a pilot-equivalent definition.","currentBoundary":"Patient-level cost per interaction remains a pilot-equivalent definition.","currentControl":"Use synthetic interactions and buyer-approved aggregate workflow baselines until PHI authorization, BAA/DPA, consent, and production controls exist.","safeWorkaround":"Use synthetic interactions and buyer-approved aggregate workflow baselines until PHI authorization, BAA/DPA, consent, and production controls exist.","remainingGate":"Approved production data boundary, minimum-necessary design, audit controls, and customer authorization.","owner":"Founder, finance, legal, investor relations, security, privacy, and customer sponsor as applicable","proofRoutes":["/public-market-readiness","/api/public-market-readiness","/api/public-market-readiness/brief"],"nextAction":"Approved production data boundary, minimum-necessary design, audit controls, and customer authorization.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","audited financial reporting completed","securities offering material approved","valuation guaranteed"]},{"id":"public-market-no-securities-offering-or-valuation-guarantee","category":"public-market-readiness","name":"No securities offering or valuation guarantee","state":"external-approval-required","buyerImpact":"Investor narrative must stay as strategic positioning, not investment solicitation.","currentBoundary":"Investor narrative must stay as strategic positioning, not investment solicitation.","currentControl":"Keep public-market readiness language framed as internal operating discipline and diligence preparation, with counsel-reviewed materials before fundraising use.","safeWorkaround":"Keep public-market readiness language framed as internal operating discipline and diligence preparation, with counsel-reviewed materials before fundraising use.","remainingGate":"Qualified securities counsel, approved investor materials, and controlled data-room process.","owner":"Founder, finance, legal, investor relations, security, privacy, and customer sponsor as applicable","proofRoutes":["/public-market-readiness","/api/public-market-readiness","/api/public-market-readiness/brief"],"nextAction":"Qualified securities counsel, approved investor materials, and controlled data-room process.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","audited financial reporting completed","securities offering material approved","valuation guaranteed"]},{"id":"public-market-secure-evidence-vault-storage-remains-disabled-by-default","category":"public-market-readiness","name":"Secure evidence vault storage remains disabled by default","state":"external-approval-required","buyerImpact":"Sensitive buyer diligence artifacts cannot be uploaded into SCRIMED yet.","currentBoundary":"Sensitive buyer diligence artifacts cannot be uploaded into SCRIMED yet.","currentControl":"Use metadata-only vault readiness and buyer-approved external secure channels until DLP, malware scanning, encryption, retention, legal hold, and access reviews are approved.","safeWorkaround":"Use metadata-only vault readiness and buyer-approved external secure channels until DLP, malware scanning, encryption, retention, legal hold, and access reviews are approved.","remainingGate":"Approved storage provider, security controls, legal terms, incident response, and access-review workflow.","owner":"Founder, finance, legal, investor relations, security, privacy, and customer sponsor as applicable","proofRoutes":["/public-market-readiness","/api/public-market-readiness","/api/public-market-readiness/brief"],"nextAction":"Approved storage provider, security controls, legal terms, incident response, and access-review workflow.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","audited financial reporting completed","securities offering material approved","valuation guaranteed"]},{"id":"global-certification-us-hipaa-baa-phi-readiness","category":"global-certification-readiness","name":"U.S. HIPAA, BAA, and PHI Readiness","state":"safe-workaround-active","buyerImpact":"Prepare SCRIMED for healthcare buyer diligence and future PHI/ePHI scope while keeping current public and pilot flows synthetic-only.","currentBoundary":"U.S. HIPAA, BAA, and PHI Readiness remains evidence-build-required; blocked claims: HIPAA certified, PHI approved, BAA executed, production ePHI processing.","currentControl":"Create a HIPAA evidence-room checklist","safeWorkaround":"Prepare SCRIMED for healthcare buyer diligence and future PHI/ePHI scope while keeping current public and pilot flows synthetic-only.","remainingGate":"Qualified healthcare privacy counsel and customer BAA/DPA review","owner":"Privacy, Security, Legal, Operations","proofRoutes":["/global-certification-readiness","/api/global-certification-readiness","/api/global-certification-readiness/brief","/approvals-readiness","/trust-center","/trust-safety-operations","/pilot-workspace/access"],"nextAction":"Stand up a metadata-only HIPAA evidence room and assign risk-analysis, BAA, breach, access-review, and subprocessor owners.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","HIPAA certified","PHI approved","BAA executed","production ePHI processing"]},{"id":"global-certification-us-fda-cds-samd-classification","category":"global-certification-readiness","name":"U.S. FDA CDS and SaMD Classification","state":"external-approval-required","buyerImpact":"Prevent clinical-intelligence features from becoming unauthorized device claims while preserving a route to regulated clinical productization if deliberately chosen.","currentBoundary":"U.S. FDA CDS and SaMD Classification remains external-review-required; blocked claims: FDA cleared, diagnostic device, autonomous clinical decision, medical device approved.","currentControl":"Tag every module with operations-only, CDS-review, or SaMD-review posture","safeWorkaround":"Prevent clinical-intelligence features from becoming unauthorized device claims while preserving a route to regulated clinical productization if deliberately chosen.","remainingGate":"FDA digital-health regulatory counsel and FDA pathway where required","owner":"Product, Clinical governance, Regulatory counsel, Quality","proofRoutes":["/global-certification-readiness","/api/global-certification-readiness","/api/global-certification-readiness/brief","/clinical-authority-readiness","/clinical-care-activation","/qa-claim-guard","/trust-os"],"nextAction":"Produce a module-by-module intended-use and CDS/SaMD classification memo before adding any patient-specific clinical claim.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","FDA cleared","diagnostic device","autonomous clinical decision","medical device approved"]},{"id":"global-certification-security-assurance-certifications","category":"global-certification-readiness","name":"SOC 2, HITRUST, ISO 27001, and ISO 42001 Sequencing","state":"safe-workaround-active","buyerImpact":"Move from internal control readiness to independent security, privacy, and AI governance assurance without claiming certification early.","currentBoundary":"SOC 2, HITRUST, ISO 27001, and ISO 42001 Sequencing remains evidence-build-required; blocked claims: SOC 2 certified, HITRUST certified, ISO certified, security certified.","currentControl":"Map current TrustOS, QA, release, access, and audit artifacts to SOC 2 control families","safeWorkaround":"Move from internal control readiness to independent security, privacy, and AI governance assurance without claiming certification early.","remainingGate":"Independent auditor or accredited certification body","owner":"Security, Engineering, Operations, External auditor","proofRoutes":["/global-certification-readiness","/api/global-certification-readiness","/api/global-certification-readiness/brief","/trust-center","/service-reliability","/release-continuity","/qa-evidence"],"nextAction":"Create a certification sequencing board: SOC 2 readiness first, ISO 42001 AI management in parallel, HITRUST/ISO 27001 after buyer-driven scope.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","SOC 2 certified","HITRUST certified","ISO certified","security certified"]},{"id":"global-certification-eu-ai-act-gdpr-ehds-readiness","category":"global-certification-readiness","name":"EU AI Act, GDPR, and European Health Data Readiness","state":"external-approval-required","buyerImpact":"Prepare SCRIMED for EU deployment conversations with high-risk AI triage, personal-data governance, cross-border transfer controls, and deployer documentation.","currentBoundary":"EU AI Act, GDPR, and European Health Data Readiness remains external-review-required; blocked claims: GDPR compliant, EU AI Act conformant, CE marked, EU production approved.","currentControl":"Create EU deployment profile labels for no-personal-data, personal-data, high-risk-AI-review, and medical-device-review","safeWorkaround":"Prepare SCRIMED for EU deployment conversations with high-risk AI triage, personal-data governance, cross-border transfer controls, and deployer documentation.","remainingGate":"EU privacy counsel, notified body or market surveillance/conformity route where applicable","owner":"EU privacy counsel, AI governance, Security, Deployment","proofRoutes":["/global-certification-readiness","/api/global-certification-readiness","/api/global-certification-readiness/brief","/global-reach","/deployment-profiles","/strategic-intelligence","/trust-center"],"nextAction":"Add EU-specific deployment-profile gates for AI Act high-risk triage, GDPR DPIA, SCC/DPA, hosting, and post-market monitoring.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","GDPR compliant","EU AI Act conformant","CE marked","EU production approved"]},{"id":"global-certification-uk-nhs-mhra-dtac-readiness","category":"global-certification-readiness","name":"UK NHS DTAC and MHRA Software/AI Readiness","state":"external-approval-required","buyerImpact":"Prepare SCRIMED for UK NHS and private-provider review with DTAC evidence, clinical-safety controls, MHRA intended-purpose classification, and medical-device escalation gates.","currentBoundary":"UK NHS DTAC and MHRA Software/AI Readiness remains external-review-required; blocked claims: NHS approved, DTAC passed, MHRA approved, UK medical device certified.","currentControl":"Create a UK buyer diligence pack mapped to DTAC sections","safeWorkaround":"Prepare SCRIMED for UK NHS and private-provider review with DTAC evidence, clinical-safety controls, MHRA intended-purpose classification, and medical-device escalation gates.","remainingGate":"NHS buyer assurance, ICO, MHRA, Approved Body, or qualified UK counsel where applicable","owner":"UK clinical safety officer, Security, Privacy, Regulatory counsel","proofRoutes":["/global-certification-readiness","/api/global-certification-readiness","/api/global-certification-readiness/brief","/global-reach","/clinical-authority-readiness","/interoperability","/trust-center"],"nextAction":"Build a UK DTAC/MHRA evidence checklist and attach it to the global buyer localization pack.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","NHS approved","DTAC passed","MHRA approved","UK medical device certified"]},{"id":"global-certification-australia-essential-eight-health-deployment","category":"global-certification-readiness","name":"Australia Essential Eight and Health Deployment Readiness","state":"safe-workaround-active","buyerImpact":"Prepare SCRIMED for Australian provider, public-sector, and partner diligence with cyber baseline evidence and local privacy/procurement review gates.","currentBoundary":"Australia Essential Eight and Health Deployment Readiness remains evidence-build-required; blocked claims: Australian government approved, Essential Eight certified, public-sector approved, health deployment authorized.","currentControl":"Map service reliability and release controls to Essential Eight maturity language","safeWorkaround":"Prepare SCRIMED for Australian provider, public-sector, and partner diligence with cyber baseline evidence and local privacy/procurement review gates.","remainingGate":"Australian buyer security review, privacy counsel, and public-sector procurement process where applicable","owner":"Security, Global partnerships, Regional counsel, Implementation","proofRoutes":["/global-certification-readiness","/api/global-certification-readiness","/api/global-certification-readiness/brief","/global-reach","/service-reliability","/deployment-profiles","/trust-center"],"nextAction":"Add Australia to deployment-profile readiness with Essential Eight evidence labels and privacy/procurement hard stops.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","Australian government approved","Essential Eight certified","public-sector approved","health deployment authorized"]},{"id":"continuous-review-agent-accuracy-review-agent","category":"continuous-review-audit","name":"Accuracy Review Agent","state":"active-control","buyerImpact":"Sample outputs, workflow results, API summaries, and buyer-facing copy for factual consistency, stale claims, missing caveats, and unsupported conclusions.","currentBoundary":"Accuracy Review Agent may flag discrepancy, open review item, route to owner, recommend smoke assertion; blocked actions: silently rewrite public claims, approve clinical content, certify accuracy without reviewer.","currentControl":"Continuous queue with daily sampled review and weekly executive exception digest. Watches: product pages, API summaries, briefs, proof packets, buyer-facing claims.","safeWorkaround":"Flag, route, recommend, and preserve evidence while humans retain approval authority.","remainingGate":"Escalate on: clinical implication, certification claim, buyer-impacting metric, source-date drift.","owner":"Accuracy Review Agent plus accountable domain owner","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief","/claims","/qa-claim-guard","/source-intelligence","/product"],"nextAction":"clinical implication","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","silently rewrite public claims","approve clinical content","certify accuracy without reviewer"]},{"id":"continuous-review-agent-evidence-attribution-agent","category":"continuous-review-audit","name":"Evidence Attribution Agent","state":"active-control","buyerImpact":"Ensure every strategic, regulatory, market, technical, and product assertion has a source, route, owner, or explicit boundary.","currentBoundary":"Evidence Attribution Agent may mark missing source, queue source refresh, add owner checklist, request citation review; blocked actions: invent source support, quote large copyrighted text, claim third-party endorsement.","currentControl":"Continuous on new routes and briefs; daily source-drift digest. Watches: source URLs, reviewed dates, proof routes, blocked claims, documentation updates.","safeWorkaround":"Flag, route, recommend, and preserve evidence while humans retain approval authority.","remainingGate":"Escalate on: unsupported public claim, stale regulatory source, broken evidence route.","owner":"Evidence Attribution Agent plus accountable domain owner","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief","/source-intelligence","/competitive-intelligence","/global-certification-readiness"],"nextAction":"unsupported public claim","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","invent source support","quote large copyrighted text","claim third-party endorsement"]},{"id":"continuous-review-agent-claims-boundary-agent","category":"continuous-review-audit","name":"Claims and Boundary Agent","state":"active-control","buyerImpact":"Compare public language, briefs, APIs, and sales paths against prohibited claims, authority boundaries, and no-PHI/no-live-care constraints.","currentBoundary":"Claims and Boundary Agent may block unsupported claim, attach boundary, request legal/privacy review; blocked actions: approve legal claim, approve advertising substantiation, waive external review.","currentControl":"Every release, every buyer packet, and every claims-related route change. Watches: claims register, release notes, buyer packets, homepage copy, API boundary headers.","safeWorkaround":"Flag, route, recommend, and preserve evidence while humans retain approval authority.","remainingGate":"Escalate on: HIPAA/FDA/SOC/ISO claim, ROI guarantee, clinical authority wording, customer reference.","owner":"Claims and Boundary Agent plus accountable domain owner","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief","/claims","/approvals-readiness","/global-certification-readiness","/qa-claim-guard"],"nextAction":"HIPAA/FDA/SOC/ISO claim","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","approve legal claim","approve advertising substantiation","waive external review"]},{"id":"continuous-review-agent-security-drift-agent","category":"continuous-review-audit","name":"Security Drift Agent","state":"external-approval-required","buyerImpact":"Track dependency posture, route headers, fail-closed behavior, evidence vault boundaries, and post-quantum readiness signals.","currentBoundary":"Security Drift Agent may open security drift item, recommend patch, route to security owner, request audit evidence; blocked actions: apply unmanaged production patch, rotate customer secrets autonomously, claim SOC/MDR coverage.","currentControl":"Daily dependency/config review, weekly protected fail-closed review, quarterly quantum-safe inventory. Watches: package versions, headers, protected API behavior, auth gates, cryptographic dependency inventory.","safeWorkaround":"Flag, route, recommend, and preserve evidence while humans retain approval authority.","remainingGate":"Escalate on: critical CVE, protected route opens publicly, secret exposure risk, obsolete cryptographic dependency.","owner":"Security Drift Agent plus accountable domain owner","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief","/service-reliability","/trust-center/security","/release-continuity","/continuous-review-audit"],"nextAction":"critical CVE","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","apply unmanaged production patch","rotate customer secrets autonomously","claim SOC/MDR coverage"]},{"id":"continuous-review-agent-qa-regression-agent","category":"continuous-review-audit","name":"QA Regression Agent","state":"active-control","buyerImpact":"Continuously translate discovered mistakes into deterministic smoke, typecheck, lint, build, and protected fail-closed assertions.","currentBoundary":"QA Regression Agent may propose test, expand smoke coverage, classify regression, route owner; blocked actions: bypass failing smoke, mark retained proof without protected packet, run authenticated happy path without AAL2.","currentControl":"Every change set; nightly regression queue design; weekly smoke scope review. Watches: smoke failures, route inventory, typecheck output, build output, known limitations.","safeWorkaround":"Flag, route, recommend, and preserve evidence while humans retain approval authority.","remainingGate":"Escalate on: route-count mismatch, broken buyer-critical page, missing boundary header, protected path exposure.","owner":"QA Regression Agent plus accountable domain owner","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief","/navigation","/qa-evidence","/qa-run-control","/release-continuity"],"nextAction":"route-count mismatch","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","bypass failing smoke","mark retained proof without protected packet","run authenticated happy path without AAL2"]},{"id":"continuous-review-agent-incident-learning-agent","category":"continuous-review-audit","name":"Incident Learning Agent","state":"external-approval-required","buyerImpact":"Convert TrustOps incidents, near misses, buyer questions, and support gaps into root-cause notes, controls, and future prevention tasks.","currentBoundary":"Incident Learning Agent may summarize incident, draft prevention task, recommend reviewer, connect evidence route; blocked actions: make breach determination, notify regulator, close incident without reviewer.","currentControl":"Immediate for high/critical issues, daily for open incidents, monthly for learning review. Watches: TrustOps incidents, customer questions, legal-hold watch, post-incident reviews.","safeWorkaround":"Flag, route, recommend, and preserve evidence while humans retain approval authority.","remainingGate":"Escalate on: critical incident, legal-hold signal, privacy/security issue, repeated defect.","owner":"Incident Learning Agent plus accountable domain owner","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief","/trust-safety-operations","/pilot-workspace/access","/service-reliability"],"nextAction":"critical incident","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","make breach determination","notify regulator","close incident without reviewer"]},{"id":"continuous-review-agent-innovation-scout-agent","category":"continuous-review-audit","name":"Innovation Scout Agent","state":"blocked-before-approval","buyerImpact":"Track AI, healthcare infrastructure, interoperability, security, quantum-safe, privacy-preserving, and deployment futures for internal research assignment.","currentBoundary":"Innovation Scout Agent may create research brief, assign internal team, recommend prototype, flag claim guard; blocked actions: publish quantum claims, promise future product, claim clinical advantage, commit to procurement timeline.","currentControl":"Weekly horizon scan, monthly research council, quarterly promotion gate. Watches: official standards, technical shifts, competitor signals, buyer requests, internal limitations.","safeWorkaround":"Flag, route, recommend, and preserve evidence while humans retain approval authority.","remainingGate":"Escalate on: strategic inflection, security standard change, regulatory movement, platform opportunity.","owner":"Innovation Scout Agent plus accountable domain owner","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief","/source-intelligence","/strategic-intelligence","/global-certification-readiness"],"nextAction":"strategic inflection","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","publish quantum claims","promise future product","claim clinical advantage","commit to procurement timeline"]},{"id":"continuous-audit-control-no-autonomous-production-remediation","category":"continuous-review-audit","name":"No autonomous production remediation","state":"external-approval-required","buyerImpact":"Prevent agents from silently changing production behavior or regulated workflows.","currentBoundary":"Hard stops: production change without reviewer, clinical workflow mutation, credential rotation without owner.","currentControl":"owner approval, diff, validation result, rollback note","safeWorkaround":"Create review evidence and route exceptions to the accountable owner before claims or production change.","remainingGate":"production change without reviewer, clinical workflow mutation, credential rotation without owner","owner":"Release Steward + Security","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief"],"nextAction":"owner approval","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","production change without reviewer","clinical workflow mutation","credential rotation without owner"]},{"id":"continuous-audit-control-no-phi-review-queue","category":"continuous-review-audit","name":"No-PHI review queue","state":"active-control","buyerImpact":"Keep review and audit evidence metadata-only until PHI authority exists.","currentBoundary":"Hard stops: patient identifier, clinical record, payer member identifier, artifact URL.","currentControl":"PHI hard-stop result, safe metadata template, protected route status","safeWorkaround":"Create review evidence and route exceptions to the accountable owner before claims or production change.","remainingGate":"patient identifier, clinical record, payer member identifier, artifact URL","owner":"Privacy + TrustOps","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief"],"nextAction":"PHI hard-stop result","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","patient identifier","clinical record","payer member identifier","artifact URL"]},{"id":"continuous-audit-control-boundary-header-enforcement","category":"continuous-review-audit","name":"Boundary header enforcement","state":"active-control","buyerImpact":"Ensure buyer-critical APIs carry no-authority, no-PHI, no-certification, and no-live-care headers.","currentBoundary":"Hard stops: missing data boundary, missing PHI block, missing security certification block.","currentControl":"smoke assertion, API route, header list","safeWorkaround":"Create review evidence and route exceptions to the accountable owner before claims or production change.","remainingGate":"missing data boundary, missing PHI block, missing security certification block","owner":"QA Regression Agent","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief"],"nextAction":"smoke assertion","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","missing data boundary","missing PHI block","missing security certification block"]},{"id":"continuous-audit-control-evidence-source-aging","category":"continuous-review-audit","name":"Evidence source aging","state":"active-control","buyerImpact":"Refresh official-source review dates and route stale source-sensitive claims for human review.","currentBoundary":"Hard stops: stale legal/regulatory source, unsupported market claim, missing source owner.","currentControl":"source URL, reviewedAt, owner, refresh decision","safeWorkaround":"Create review evidence and route exceptions to the accountable owner before claims or production change.","remainingGate":"stale legal/regulatory source, unsupported market claim, missing source owner","owner":"Evidence Attribution Agent","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief"],"nextAction":"source URL","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","stale legal/regulatory source","unsupported market claim","missing source owner"]},{"id":"continuous-audit-control-post-incident-learning","category":"continuous-review-audit","name":"Post-incident learning","state":"external-approval-required","buyerImpact":"Require every meaningful incident, near miss, or repeated defect to create a prevention action.","currentBoundary":"Hard stops: incident closed without review, legal hold ignored, customer-impacting issue unowned.","currentControl":"root cause, owner, prevention task, validation route","safeWorkaround":"Create review evidence and route exceptions to the accountable owner before claims or production change.","remainingGate":"incident closed without review, legal hold ignored, customer-impacting issue unowned","owner":"Incident Learning Agent","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief"],"nextAction":"root cause","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","incident closed without review","legal hold ignored","customer-impacting issue unowned"]},{"id":"continuous-audit-control-internal-research-claim-guard","category":"continuous-review-audit","name":"Internal research claim guard","state":"blocked-before-approval","buyerImpact":"Keep quantum, frontier AI, privacy-preserving compute, and future infrastructure work internal until approved.","currentBoundary":"Hard stops: public quantum advantage claim, future product guarantee, clinical superiority claim.","currentControl":"research brief, visibility flag, blocked claims, promotion gate","safeWorkaround":"Create review evidence and route exceptions to the accountable owner before claims or production change.","remainingGate":"public quantum advantage claim, future product guarantee, clinical superiority claim","owner":"Innovation Scout Agent + Claims reviewer","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief"],"nextAction":"research brief","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","public quantum advantage claim","future product guarantee","clinical superiority claim"]},{"id":"health-records-live-phi-and-patient-identifiers","category":"health-records-safety-exchange","name":"Live PHI and patient identifiers","state":"blocked-before-approval","buyerImpact":"Privacy breach, contractual breach, regulatory exposure, and loss of buyer trust.","currentBoundary":"Privacy breach, contractual breach, regulatory exposure, and loss of buyer trust.","currentControl":"Public and synthetic routes reject PHI and live records; extraction evaluator requires syntheticOnly=true.","safeWorkaround":"Use synthetic fixtures, metadata-only references, and customer sandbox placeholders.","remainingGate":"Signed BAA/DPA or non-PHI determination, privacy/security review, retention policy, and customer approval.","owner":"Privacy, security, legal, customer compliance, and data governance","proofRoutes":["/health-records","/clinical-care-activation","/approvals-readiness"],"nextAction":"Use synthetic fixtures, metadata-only references, and customer sandbox placeholders.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","live PHI ingestion authorized","production EHR access approved","patient matching approved","EHR writeback approved","payer submission approved"]},{"id":"health-records-production-ehr-hie-payer-imaging-and-device-connectors","category":"health-records-safety-exchange","name":"Production EHR, HIE, payer, imaging, and device connectors","state":"blocked-before-approval","buyerImpact":"Unsafe data exchange, silent record mutation, trading-partner breach, and patient-safety exposure.","currentBoundary":"Unsafe data exchange, silent record mutation, trading-partner breach, and patient-safety exposure.","currentControl":"Connector work remains standards-aware and synthetic until partner acceptance testing exists.","safeWorkaround":"Run conformance kits, fixture validation, CapabilityStatement review, and sandbox mapping packets.","remainingGate":"Customer sandbox approval, partner acceptance, security review, purpose-of-use, consent, audit, monitoring, and rollback.","owner":"Interoperability engineering, customer integration owner, security, and clinical governance","proofRoutes":["/interoperability","/interoperability/evaluations","/health-records"],"nextAction":"Run conformance kits, fixture validation, CapabilityStatement review, and sandbox mapping packets.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","live PHI ingestion authorized","production EHR access approved","patient matching approved","EHR writeback approved","payer submission approved"]},{"id":"health-records-patient-safety-and-clinical-action","category":"health-records-safety-exchange","name":"Patient safety and clinical action","state":"blocked-before-approval","buyerImpact":"Incorrect patient context, unsafe care recommendation, missed escalation, or unauthorized clinical decision support.","currentBoundary":"Incorrect patient context, unsafe care recommendation, missed escalation, or unauthorized clinical decision support.","currentControl":"Outputs are draft-only, source-attributed, reviewer-gated, and blocked from clinical action.","safeWorkaround":"Produce reviewer checklists, missing-data registers, and escalation queues instead of recommendations.","remainingGate":"Licensed clinical governance, intended-use review, validation protocol, safety case, and customer go-live approval.","owner":"Clinical governance, TrustOS, product, and customer clinical owner","proofRoutes":["/clinical-authority-readiness","/clinical-care-activation","/health-records"],"nextAction":"Produce reviewer checklists, missing-data registers, and escalation queues instead of recommendations.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","live PHI ingestion authorized","production EHR access approved","patient matching approved","EHR writeback approved","payer submission approved"]},{"id":"health-records-patient-matching-and-longitudinal-record-assembly","category":"health-records-safety-exchange","name":"Patient matching and longitudinal record assembly","state":"blocked-before-approval","buyerImpact":"Wrong-patient record merge, duplicate facts, incomplete histories, and unsafe downstream automation.","currentBoundary":"Wrong-patient record merge, duplicate facts, incomplete histories, and unsafe downstream automation.","currentControl":"SCRIMED does not match live patients or merge production longitudinal records.","safeWorkaround":"Use synthetic identity placeholders and route matching to customer MPI or identity-governance owners.","remainingGate":"Customer MPI acceptance tests, identity policy, consent path, error reconciliation, audit, and clinical owner approval.","owner":"Customer identity governance, interoperability engineering, and clinical safety","proofRoutes":["/health-records","/interoperability","/workflows/runtime-safety"],"nextAction":"Use synthetic identity placeholders and route matching to customer MPI or identity-governance owners.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","live PHI ingestion authorized","production EHR access approved","patient matching approved","EHR writeback approved","payer submission approved"]},{"id":"health-records-payer-submission-and-reimbursement-outcomes","category":"health-records-safety-exchange","name":"Payer submission and reimbursement outcomes","state":"blocked-before-approval","buyerImpact":"Improper payer transaction, false reimbursement expectation, and regulatory or contract exposure.","currentBoundary":"Improper payer transaction, false reimbursement expectation, and regulatory or contract exposure.","currentControl":"SCRIMED creates synthetic prior-auth support packets and missing-evidence lists only.","safeWorkaround":"Route payer work to human RCM review and customer payer-policy owners.","remainingGate":"Payer/trading-partner approval, X12/FHIR API testing, coding review, legal review, and customer release authority.","owner":"RCM owner, legal, customer sponsor, and payer integration owner","proofRoutes":["/health-records","/growth-engine","/enterprise-business-ops"],"nextAction":"Route payer work to human RCM review and customer payer-policy owners.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","live PHI ingestion authorized","production EHR access approved","patient matching approved","EHR writeback approved","payer submission approved"]},{"id":"product-service-package-confusion","category":"product-service-offerings","name":"Offer sprawl and buyer confusion","state":"active-control","buyerImpact":"Buyers, sales, delivery, and reviewers may discuss different scopes, causing slower deals and higher delivery risk.","currentBoundary":"Buyers, sales, delivery, and reviewers may discuss different scopes, causing slower deals and higher delivery risk.","currentControl":"One portfolio registry maps offers, packages, delivery windows, proof routes, and retained boundaries.","safeWorkaround":"Route every buyer conversation to /offerings before pricing, pilot, diligence, or implementation scope expands.","remainingGate":"Buyer-specific SOW, price, payment terms, and approval trail before commitment.","owner":"Product Console + Revenue Operations","proofRoutes":["/offerings","/api/offerings","/pricing","/growth-engine"],"nextAction":"Route every buyer conversation to /offerings before pricing, pilot, diligence, or implementation scope expands.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","custom scope approved without review","implementation included by default"]},{"id":"product-service-custom-scope-margin-leak","category":"product-service-offerings","name":"Custom scope margin leakage","state":"customer-specific-required","buyerImpact":"Enterprise urgency can move SCRIMED into unpaid diligence, weak payment terms, or unpriced implementation labor.","currentBoundary":"Enterprise urgency can move SCRIMED into unpaid diligence, weak payment terms, or unpriced implementation labor.","currentControl":"Margin controls require package selection, price-floor review, scope cap, diligence pricing, and services/license separation.","safeWorkaround":"Offer a capped assessment, readiness sprint, synthetic pilot, or paid diligence package before custom SOW work.","remainingGate":"Finance, legal, executive, and customer approval for custom scope and payment terms.","owner":"Finance + Legal Ops + Deal Desk","proofRoutes":["/offerings","/enterprise-business-ops","/pilot-deal-room"],"nextAction":"Offer a capped assessment, readiness sprint, synthetic pilot, or paid diligence package before custom SOW work.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","discount approved","profit margin guaranteed","contract approved"]},{"id":"product-service-clinical-data-ask","category":"product-service-offerings","name":"Buyer asks for PHI, live records, connectors, EHR writeback, or payer submission","state":"blocked-before-approval","buyerImpact":"Unsafe data exposure or unauthorized healthcare action could cross privacy, security, clinical, reimbursement, and connector boundaries.","currentBoundary":"Unsafe data exposure or unauthorized healthcare action could cross privacy, security, clinical, reimbursement, and connector boundaries.","currentControl":"Health Records Safety Assessment and Interoperability Readiness Sprint keep work no-PHI and synthetic until live-data owners approve.","safeWorkaround":"Use synthetic fixtures, metadata-only system descriptions, sandbox planning, source attribution, and live-data gate mapping.","remainingGate":"BAA/privacy/security approval, customer environment approval, clinical authority, connector acceptance, payer or EHR authorization as applicable.","owner":"Privacy + Security + Interoperability + Clinical Governance","proofRoutes":["/health-records","/interoperability","/clinical-authority-readiness","/boundary-resolution"],"nextAction":"Use synthetic fixtures, metadata-only system descriptions, sandbox planning, source attribution, and live-data gate mapping.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","PHI processing approved","production connector approved","EHR writeback approved","payer submission approved"]},{"id":"product-service-roi-reimbursement-overclaim","category":"product-service-offerings","name":"ROI, reimbursement, customer value, and revenue overclaim","state":"external-approval-required","buyerImpact":"Sales, investor, or buyer language could outrun evidence and create legal, trust, reimbursement, or securities risk.","currentBoundary":"Sales, investor, or buyer language could outrun evidence and create legal, trust, reimbursement, or securities risk.","currentControl":"Claims review, buyer-approved baseline questions, finance methodology gates, and no-guarantee headers keep claims qualified.","safeWorkaround":"Use measured pilot signals, directional workflow metrics, and readiness-only language until customer permission and qualified review exist.","remainingGate":"Buyer-approved baseline, retained measurement evidence, customer permission, counsel review, finance review, and release decision.","owner":"Claims Governance + Finance + Counsel + Customer Sponsor","proofRoutes":["/qa-claim-guard","/public-market-readiness","/enterprise-business-ops","/boundary-resolution"],"nextAction":"Use measured pilot signals, directional workflow metrics, and readiness-only language until customer permission and qualified review exist.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","ROI guaranteed","reimbursement guaranteed","revenue guaranteed","customer value claim approved"]},{"id":"product-service-certification-approval-overclaim","category":"product-service-offerings","name":"Certification, approval, and regional authority overclaim","state":"external-approval-required","buyerImpact":"SCRIMED could appear to claim HIPAA, SOC 2, HITRUST, FDA, ONC, GDPR, EU AI Act, NHS, MHRA, Australia, or regional approval before qualified evidence exists.","currentBoundary":"SCRIMED could appear to claim HIPAA, SOC 2, HITRUST, FDA, ONC, GDPR, EU AI Act, NHS, MHRA, Australia, or regional approval before qualified evidence exists.","currentControl":"Global Certification Readiness Pack keeps requests in evidence-building and external-review mode.","safeWorkaround":"Package readiness tracks, blocked claims, evidence gaps, and external-review owners without saying approval exists.","remainingGate":"Qualified external authority, applicable audit or certification process, regional counsel, security/privacy review, and buyer-specific acceptance.","owner":"Legal + Security + Privacy + Regional Counsel + Qualified Reviewers","proofRoutes":["/global-certification-readiness","/approvals-readiness","/global-reach","/boundary-resolution"],"nextAction":"Package readiness tracks, blocked claims, evidence gaps, and external-review owners without saying approval exists.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","HIPAA certified","SOC 2 certified","FDA cleared","regional approval granted"]},{"id":"product-service-continuous-review-autonomy-overclaim","category":"product-service-offerings","name":"Continuous review and innovation overclaim","state":"customer-specific-required","buyerImpact":"24/7 review loops or internal research could be mistaken for error-free AI, managed SOC/MDR coverage, autonomous remediation, or public quantum capability.","currentBoundary":"24/7 review loops or internal research could be mistaken for error-free AI, managed SOC/MDR coverage, autonomous remediation, or public quantum capability.","currentControl":"Continuous Review and Innovation Retainer separates agent-assisted review, human approval, remediation scope, and internal research.","safeWorkaround":"Use agents to flag, route, recommend, and preserve evidence; keep humans in charge of changes and keep quantum research internal.","remainingGate":"Human approval, security review, customer permission, evidence retention, and claims review before public or production use.","owner":"TrustOps + QA + Security + Internal Research Team","proofRoutes":["/continuous-review-audit","/service-reliability","/operational-efficiency","/boundary-resolution"],"nextAction":"Use agents to flag, route, recommend, and preserve evidence; keep humans in charge of changes and keep quantum research internal.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","error-free AI","managed SOC/MDR","autonomous remediation","public quantum capability"]},{"id":"client-onboarding-human-send-approval","category":"client-onboarding-communications","name":"Human send approval","state":"customer-specific-required","buyerImpact":"Prevent drafts from becoming external communications without accountable review.","currentBoundary":"Human send approval remains human-review-required; hard stops: automatic send attempted, unsupported claim present, recipient list unknown.","currentControl":"Template selected, Recipient context checked, No-PHI scan, Claim guard reviewed","safeWorkaround":"Use human-reviewed templates, calendar-safe packets, proof routes, owner handoffs, and no-PHI meeting notes before external communication or buyer commitment.","remainingGate":"automatic send attempted, unsupported claim present, recipient list unknown","owner":"Revenue Operations","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"nextAction":"Template selected","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","automatic send attempted","unsupported claim present","recipient list unknown","email sent automatically","calendar invite created automatically","customer approved","contract approved","procurement approved","BAA approved","security review passed","HIPAA certified","SOC 2 certified","HITRUST certified","FDA cleared","ONC certified","PHI processing approved","live data approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","ROI guaranteed","patient identifiers","production credentials","certification claims","guaranteed ROI","PHI","credentials","signed contracts","security secrets","live patient data","customer claim without permission","clinical validation claim","diagnosis","treatment recommendation","reimbursement guarantee","security certification claim","guaranteed savings","approved clinical use","production endpoint","unreviewed SOW","price commitment without deal desk","contract accepted","contract secrets","access before approval","customer public claim","ROI guarantee","compliance certified","clinical validation","customer value proof without permission","security certification","live patient use","autonomous clinical decision","PHI approved","production activation","clinical care authorized","customer endorsement","public case study approved"]},{"id":"client-onboarding-no-phi-communication","category":"client-onboarding-communications","name":"No-PHI communication boundary","state":"blocked-before-approval","buyerImpact":"Keep email, invite bodies, agendas, and presentation notes free of PHI, identifiers, credentials, and live records.","currentBoundary":"No-PHI communication boundary remains blocked-before-approval; hard stops: PHI in message, production credentials in invite, live record attached.","currentControl":"No-PHI reminder in calendar-ready content, Sensitive artifact route separated, Owner assigned for exceptions","safeWorkaround":"Use human-reviewed templates, calendar-safe packets, proof routes, owner handoffs, and no-PHI meeting notes before external communication or buyer commitment.","remainingGate":"PHI in message, production credentials in invite, live record attached","owner":"Privacy + TrustOS","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"nextAction":"No-PHI reminder in calendar-ready content","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","PHI in message","production credentials in invite","live record attached","email sent automatically","calendar invite created automatically","customer approved","contract approved","procurement approved","BAA approved","security review passed","HIPAA certified","SOC 2 certified","HITRUST certified","FDA cleared","ONC certified","PHI processing approved","live data approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","ROI guaranteed","patient identifiers","production credentials","certification claims","guaranteed ROI","PHI","credentials","signed contracts","security secrets","live patient data","customer claim without permission","clinical validation claim","diagnosis","treatment recommendation","reimbursement guarantee","security certification claim","guaranteed savings","approved clinical use","production endpoint","unreviewed SOW","price commitment without deal desk","contract accepted","contract secrets","access before approval","customer public claim","ROI guarantee","compliance certified","clinical validation","customer value proof without permission","security certification","live patient use","autonomous clinical decision","PHI approved","production activation","clinical care authorized","customer endorsement","public case study approved"]},{"id":"client-onboarding-calendar-safe-fields","category":"client-onboarding-communications","name":"Calendar-safe field policy","state":"active-control","buyerImpact":"Make events schedulable without leaking sensitive data or implying approvals.","currentBoundary":"Calendar-safe field policy remains ready; hard stops: sensitive artifacts in event body, attendees not approved, approval claim in title.","currentControl":"Meeting type, duration, approved attendees, no-PHI description, follow-up SLA","safeWorkaround":"Use human-reviewed templates, calendar-safe packets, proof routes, owner handoffs, and no-PHI meeting notes before external communication or buyer commitment.","remainingGate":"sensitive artifacts in event body, attendees not approved, approval claim in title","owner":"Revenue Operations + Security","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"nextAction":"Meeting type","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","sensitive artifacts in event body","attendees not approved","approval claim in title","email sent automatically","calendar invite created automatically","customer approved","contract approved","procurement approved","BAA approved","security review passed","HIPAA certified","SOC 2 certified","HITRUST certified","FDA cleared","ONC certified","PHI processing approved","live data approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","ROI guaranteed","patient identifiers","production credentials","certification claims","guaranteed ROI","PHI","credentials","signed contracts","security secrets","live patient data","customer claim without permission","clinical validation claim","diagnosis","treatment recommendation","reimbursement guarantee","security certification claim","guaranteed savings","approved clinical use","production endpoint","unreviewed SOW","price commitment without deal desk","contract accepted","contract secrets","access before approval","customer public claim","ROI guarantee","compliance certified","clinical validation","customer value proof without permission","security certification","live patient use","autonomous clinical decision","PHI approved","production activation","clinical care authorized","customer endorsement","public case study approved"]},{"id":"client-onboarding-presentation-claim-guard","category":"client-onboarding-communications","name":"Presentation claim guard","state":"external-approval-required","buyerImpact":"Keep demos, decks, and meeting language aligned to retained evidence and blocked claims.","currentBoundary":"Presentation claim guard remains external-review-required; hard stops: customer claim without permission, certification claim, ROI or revenue guarantee.","currentControl":"Proof route list, Blocked claims reviewed, Buyer-specific claims approved before use","safeWorkaround":"Use human-reviewed templates, calendar-safe packets, proof routes, owner handoffs, and no-PHI meeting notes before external communication or buyer commitment.","remainingGate":"customer claim without permission, certification claim, ROI or revenue guarantee","owner":"Claims Governance + Legal Ops","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"nextAction":"Proof route list","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","customer claim without permission","certification claim","ROI or revenue guarantee","email sent automatically","calendar invite created automatically","customer approved","contract approved","procurement approved","BAA approved","security review passed","HIPAA certified","SOC 2 certified","HITRUST certified","FDA cleared","ONC certified","PHI processing approved","live data approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","ROI guaranteed","patient identifiers","production credentials","certification claims","guaranteed ROI","PHI","credentials","signed contracts","security secrets","live patient data","customer claim without permission","clinical validation claim","diagnosis","treatment recommendation","reimbursement guarantee","security certification claim","guaranteed savings","approved clinical use","production endpoint","unreviewed SOW","price commitment without deal desk","contract accepted","contract secrets","access before approval","customer public claim","ROI guarantee","compliance certified","clinical validation","customer value proof without permission","security certification","live patient use","autonomous clinical decision","PHI approved","production activation","clinical care authorized","customer endorsement","public case study approved"]},{"id":"client-onboarding-crm-and-source-logging","category":"client-onboarding-communications","name":"CRM and source logging","state":"active-control","buyerImpact":"Capture contact source, stage, owner, and next action without storing sensitive content.","currentBoundary":"CRM and source logging remains ready; hard stops: contact source missing, owner missing, sensitive notes copied into CRM.","currentControl":"Source captured, Stage assigned, Owner assigned, Follow-up SLA set","safeWorkaround":"Use human-reviewed templates, calendar-safe packets, proof routes, owner handoffs, and no-PHI meeting notes before external communication or buyer commitment.","remainingGate":"contact source missing, owner missing, sensitive notes copied into CRM","owner":"Sales Operations","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"nextAction":"Source captured","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","contact source missing","owner missing","sensitive notes copied into CRM","email sent automatically","calendar invite created automatically","customer approved","contract approved","procurement approved","BAA approved","security review passed","HIPAA certified","SOC 2 certified","HITRUST certified","FDA cleared","ONC certified","PHI processing approved","live data approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","ROI guaranteed","patient identifiers","production credentials","certification claims","guaranteed ROI","PHI","credentials","signed contracts","security secrets","live patient data","customer claim without permission","clinical validation claim","diagnosis","treatment recommendation","reimbursement guarantee","security certification claim","guaranteed savings","approved clinical use","production endpoint","unreviewed SOW","price commitment without deal desk","contract accepted","contract secrets","access before approval","customer public claim","ROI guarantee","compliance certified","clinical validation","customer value proof without permission","security certification","live patient use","autonomous clinical decision","PHI approved","production activation","clinical care authorized","customer endorsement","public case study approved"]},{"id":"client-onboarding-follow-up-sla","category":"client-onboarding-communications","name":"Follow-up SLA","state":"active-control","buyerImpact":"Ensure demos, workshops, diligence reviews, and kickoff meetings produce timely next actions.","currentBoundary":"Follow-up SLA remains ready; hard stops: no owner for open item, follow-up without boundary review, unreviewed custom scope.","currentControl":"Meeting outcome, Open items, Owner map, Due date","safeWorkaround":"Use human-reviewed templates, calendar-safe packets, proof routes, owner handoffs, and no-PHI meeting notes before external communication or buyer commitment.","remainingGate":"no owner for open item, follow-up without boundary review, unreviewed custom scope","owner":"Revenue Operations + Customer Operations","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"nextAction":"Meeting outcome","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","no owner for open item","follow-up without boundary review","unreviewed custom scope","email sent automatically","calendar invite created automatically","customer approved","contract approved","procurement approved","BAA approved","security review passed","HIPAA certified","SOC 2 certified","HITRUST certified","FDA cleared","ONC certified","PHI processing approved","live data approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","ROI guaranteed","patient identifiers","production credentials","certification claims","guaranteed ROI","PHI","credentials","signed contracts","security secrets","live patient data","customer claim without permission","clinical validation claim","diagnosis","treatment recommendation","reimbursement guarantee","security certification claim","guaranteed savings","approved clinical use","production endpoint","unreviewed SOW","price commitment without deal desk","contract accepted","contract secrets","access before approval","customer public claim","ROI guarantee","compliance certified","clinical validation","customer value proof without permission","security certification","live patient use","autonomous clinical decision","PHI approved","production activation","clinical care authorized","customer endorsement","public case study approved"]},{"id":"client-onboarding-handoff-before-commitment","category":"client-onboarding-communications","name":"Handoff before commitment","state":"customer-specific-required","buyerImpact":"Move opportunities between sales, product, delivery, trust, legal, finance, and customer operations with artifacts instead of informal memory.","currentBoundary":"Handoff before commitment remains human-review-required; hard stops: commitment made before handoff, price or scope not reviewed, production gate omitted.","currentControl":"Selected package, Proof routes, Open gates, Decision owner, Next action","safeWorkaround":"Use human-reviewed templates, calendar-safe packets, proof routes, owner handoffs, and no-PHI meeting notes before external communication or buyer commitment.","remainingGate":"commitment made before handoff, price or scope not reviewed, production gate omitted","owner":"Deal Desk + Product + TrustOS","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"nextAction":"Selected package","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","commitment made before handoff","price or scope not reviewed","production gate omitted","email sent automatically","calendar invite created automatically","customer approved","contract approved","procurement approved","BAA approved","security review passed","HIPAA certified","SOC 2 certified","HITRUST certified","FDA cleared","ONC certified","PHI processing approved","live data approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","ROI guaranteed","patient identifiers","production credentials","certification claims","guaranteed ROI","PHI","credentials","signed contracts","security secrets","live patient data","customer claim without permission","clinical validation claim","diagnosis","treatment recommendation","reimbursement guarantee","security certification claim","guaranteed savings","approved clinical use","production endpoint","unreviewed SOW","price commitment without deal desk","contract accepted","contract secrets","access before approval","customer public claim","ROI guarantee","compliance certified","clinical validation","customer value proof without permission","security certification","live patient use","autonomous clinical decision","PHI approved","production activation","clinical care authorized","customer endorsement","public case study approved"]},{"id":"client-onboarding-meeting-notes-boundary","category":"client-onboarding-communications","name":"Meeting notes boundary","state":"active-control","buyerImpact":"Keep notes useful for execution while excluding PHI, secrets, unsupported claims, and contract conclusions.","currentBoundary":"Meeting notes boundary remains ready; hard stops: PHI in notes, contract conclusion in notes, security-sensitive artifact copied.","currentControl":"Notes owner, No-PHI scan, Open claims separated, Sensitive artifact references externalized","safeWorkaround":"Use human-reviewed templates, calendar-safe packets, proof routes, owner handoffs, and no-PHI meeting notes before external communication or buyer commitment.","remainingGate":"PHI in notes, contract conclusion in notes, security-sensitive artifact copied","owner":"Customer Operations","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"nextAction":"Notes owner","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","PHI in notes","contract conclusion in notes","security-sensitive artifact copied","email sent automatically","calendar invite created automatically","customer approved","contract approved","procurement approved","BAA approved","security review passed","HIPAA certified","SOC 2 certified","HITRUST certified","FDA cleared","ONC certified","PHI processing approved","live data approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","ROI guaranteed","patient identifiers","production credentials","certification claims","guaranteed ROI","PHI","credentials","signed contracts","security secrets","live patient data","customer claim without permission","clinical validation claim","diagnosis","treatment recommendation","reimbursement guarantee","security certification claim","guaranteed savings","approved clinical use","production endpoint","unreviewed SOW","price commitment without deal desk","contract accepted","contract secrets","access before approval","customer public claim","ROI guarantee","compliance certified","clinical validation","customer value proof without permission","security certification","live patient use","autonomous clinical decision","PHI approved","production activation","clinical care authorized","customer endorsement","public case study approved"]},{"id":"enterprise-scale-control-capacity-forecast-load-test-plan","category":"enterprise-scalability-operations","name":"Capacity forecast and load-test plan","state":"active-control","buyerImpact":"Translate buyer volume, routes, concurrency, evidence jobs, and protected workspace use into measurable pre-release pressure.","currentBoundary":"Capacity forecast and load-test plan remains active-control-plane; hard stops: traffic volume unknown, route owner missing, fallback behavior missing, contractual uptime implied.","currentControl":"traffic assumption, route class, load-test target, fallback behavior, owner","safeWorkaround":"Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand.","remainingGate":"traffic volume unknown, route owner missing, fallback behavior missing, contractual uptime implied","owner":"Platform engineering + release steward","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"nextAction":"traffic assumption","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","traffic volume unknown","route owner missing","fallback behavior missing","contractual uptime implied","contractual SLA approved","uptime guaranteed","managed service commitment active","24/7 production support staffed","SOC coverage active","MDR coverage active","production incident response guaranteed","production disaster recovery tested","regional data residency approved","sovereign hosting approved","customer tenancy approved","tenant isolation certified","security certification granted","SOC 2 certified","HITRUST certified","ISO 27001 certified","PHI processing authorized","live data processing approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","profit margin guaranteed"]},{"id":"enterprise-scale-control-rate-limit-backpressure","category":"enterprise-scalability-operations","name":"Rate-limit and backpressure review","state":"customer-specific-required","buyerImpact":"Prevent scaled workflows, demos, API calls, and proof generation from overrunning operators or infrastructure.","currentBoundary":"Rate-limit and backpressure review remains human-review-required; hard stops: unbounded retry, duplicate evidence risk, autonomous remediation implied.","currentControl":"rate ceiling, retry ceiling, queue threshold, operator escalation, blocked automation rule","safeWorkaround":"Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand.","remainingGate":"unbounded retry, duplicate evidence risk, autonomous remediation implied","owner":"Runtime safety + platform","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"nextAction":"rate ceiling","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","unbounded retry","duplicate evidence risk","autonomous remediation implied","contractual SLA approved","uptime guaranteed","managed service commitment active","24/7 production support staffed","SOC coverage active","MDR coverage active","production incident response guaranteed","production disaster recovery tested","regional data residency approved","sovereign hosting approved","customer tenancy approved","tenant isolation certified","security certification granted","SOC 2 certified","HITRUST certified","ISO 27001 certified","PHI processing authorized","live data processing approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","profit margin guaranteed"]},{"id":"enterprise-scale-control-tenant-isolation-access-review","category":"enterprise-scalability-operations","name":"Tenant isolation and access review","state":"customer-specific-required","buyerImpact":"Keep buyer workspaces, access, role boundaries, and metadata-only evidence separated before any customer-specific expansion.","currentBoundary":"Tenant isolation and access review remains human-review-required; hard stops: PHI introduced, production credential shared, customer tenancy approved informally, AAL2 bypass attempted.","currentControl":"tenant owner, role matrix, access review cadence, archive trigger, no-PHI attestation","safeWorkaround":"Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand.","remainingGate":"PHI introduced, production credential shared, customer tenancy approved informally, AAL2 bypass attempted","owner":"Security + tenant governance","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"nextAction":"tenant owner","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","PHI introduced","production credential shared","customer tenancy approved informally","AAL2 bypass attempted","contractual SLA approved","uptime guaranteed","managed service commitment active","24/7 production support staffed","SOC coverage active","MDR coverage active","production incident response guaranteed","production disaster recovery tested","regional data residency approved","sovereign hosting approved","customer tenancy approved","tenant isolation certified","security certification granted","SOC 2 certified","HITRUST certified","ISO 27001 certified","PHI processing authorized","live data processing approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","profit margin guaranteed"]},{"id":"enterprise-scale-control-slo-sla-language-guard","category":"enterprise-scalability-operations","name":"SLO and SLA language guard","state":"customer-specific-required","buyerImpact":"Separate internal SLO candidates from external contractual commitments before sales or procurement materials use reliability language.","currentBoundary":"SLO and SLA language guard remains human-review-required; hard stops: SLA promised, uptime guaranteed, support response guaranteed, contract language unreviewed.","currentControl":"metric owner, measurement source, internal-only label, contract-review requirement","safeWorkaround":"Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand.","remainingGate":"SLA promised, uptime guaranteed, support response guaranteed, contract language unreviewed","owner":"Legal ops + service reliability","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"nextAction":"metric owner","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","SLA promised","uptime guaranteed","support response guaranteed","contract language unreviewed","contractual SLA approved","uptime guaranteed","managed service commitment active","24/7 production support staffed","SOC coverage active","MDR coverage active","production incident response guaranteed","production disaster recovery tested","regional data residency approved","sovereign hosting approved","customer tenancy approved","tenant isolation certified","security certification granted","SOC 2 certified","HITRUST certified","ISO 27001 certified","PHI processing authorized","live data processing approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","profit margin guaranteed"]},{"id":"enterprise-scale-control-incident-severity-escalation","category":"enterprise-scalability-operations","name":"Incident severity and escalation matrix","state":"customer-specific-required","buyerImpact":"Route defects, security concerns, customer questions, and release regressions to accountable owners with communication boundaries.","currentBoundary":"Incident severity and escalation matrix remains human-review-required; hard stops: managed SOC claimed, MDR claimed, customer incident notice sent without review.","currentControl":"severity class, owner, customer communication rule, postmortem requirement, claim update need","safeWorkaround":"Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand.","remainingGate":"managed SOC claimed, MDR claimed, customer incident notice sent without review","owner":"TrustOps + customer operations","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"nextAction":"severity class","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","managed SOC claimed","MDR claimed","customer incident notice sent without review","contractual SLA approved","uptime guaranteed","managed service commitment active","24/7 production support staffed","SOC coverage active","MDR coverage active","production incident response guaranteed","production disaster recovery tested","regional data residency approved","sovereign hosting approved","customer tenancy approved","tenant isolation certified","security certification granted","SOC 2 certified","HITRUST certified","ISO 27001 certified","PHI processing authorized","live data processing approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","profit margin guaranteed"]},{"id":"enterprise-scale-control-change-freeze-rollback","category":"enterprise-scalability-operations","name":"Change freeze and rollback readiness","state":"active-control","buyerImpact":"Avoid unplanned enterprise regressions by pairing change windows, rollback steps, smoke checks, and evidence capture.","currentBoundary":"Change freeze and rollback readiness remains active-control-plane; hard stops: release gate skipped, rollback path missing, buyer-critical route untested.","currentControl":"change window, rollback owner, smoke route, boundary header, release evidence","safeWorkaround":"Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand.","remainingGate":"release gate skipped, rollback path missing, buyer-critical route untested","owner":"Release steward + platform","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"nextAction":"change window","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","release gate skipped","rollback path missing","buyer-critical route untested","contractual SLA approved","uptime guaranteed","managed service commitment active","24/7 production support staffed","SOC coverage active","MDR coverage active","production incident response guaranteed","production disaster recovery tested","regional data residency approved","sovereign hosting approved","customer tenancy approved","tenant isolation certified","security certification granted","SOC 2 certified","HITRUST certified","ISO 27001 certified","PHI processing authorized","live data processing approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","profit margin guaranteed"]},{"id":"enterprise-scale-control-usage-cost-margin-thresholds","category":"enterprise-scalability-operations","name":"Usage-cost and margin thresholds","state":"active-control","buyerImpact":"Keep model, storage, support, diligence, and implementation costs visible before enterprise usage erodes margins.","currentBoundary":"Usage-cost and margin thresholds remains active-control-plane; hard stops: unpriced custom work, unbounded support, profit margin guaranteed, accounting advice implied.","currentControl":"usage ceiling, cost owner, margin floor, support load assumption, change-order trigger","safeWorkaround":"Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand.","remainingGate":"unpriced custom work, unbounded support, profit margin guaranteed, accounting advice implied","owner":"Finance + product operations","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"nextAction":"usage ceiling","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","unpriced custom work","unbounded support","profit margin guaranteed","accounting advice implied","contractual SLA approved","uptime guaranteed","managed service commitment active","24/7 production support staffed","SOC coverage active","MDR coverage active","production incident response guaranteed","production disaster recovery tested","regional data residency approved","sovereign hosting approved","customer tenancy approved","tenant isolation certified","security certification granted","SOC 2 certified","HITRUST certified","ISO 27001 certified","PHI processing authorized","live data processing approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","profit margin guaranteed"]},{"id":"enterprise-scale-control-regional-hosting-residency-gate","category":"enterprise-scalability-operations","name":"Regional hosting and residency gate","state":"external-approval-required","buyerImpact":"Keep global expansion, residency, backup, and hosting statements behind qualified review and deployment-profile evidence.","currentBoundary":"Regional hosting and residency gate remains external-review-required; hard stops: data residency approved, sovereign hosting approved, regional legal approval claimed.","currentControl":"deployment profile, regional counsel owner, privacy/security review, residency question list","safeWorkaround":"Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand.","remainingGate":"data residency approved, sovereign hosting approved, regional legal approval claimed","owner":"Regional counsel + security + platform","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"nextAction":"deployment profile","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","data residency approved","sovereign hosting approved","regional legal approval claimed","contractual SLA approved","uptime guaranteed","managed service commitment active","24/7 production support staffed","SOC coverage active","MDR coverage active","production incident response guaranteed","production disaster recovery tested","regional data residency approved","sovereign hosting approved","customer tenancy approved","tenant isolation certified","security certification granted","SOC 2 certified","HITRUST certified","ISO 27001 certified","PHI processing authorized","live data processing approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","profit margin guaranteed"]},{"id":"enterprise-scale-control-support-tier-approval","category":"enterprise-scalability-operations","name":"Support tier and response target approval","state":"customer-specific-required","buyerImpact":"Prepare enterprise support coverage, escalation, renewal cadence, and response targets without creating unreviewed obligations.","currentBoundary":"Support tier and response target approval remains human-review-required; hard stops: 24/7 support guaranteed, response SLA promised, managed service implied.","currentControl":"support tier, coverage assumption, escalation path, response target label, contract review gate","safeWorkaround":"Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand.","remainingGate":"24/7 support guaranteed, response SLA promised, managed service implied","owner":"Customer operations + legal ops","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"nextAction":"support tier","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","24/7 support guaranteed","response SLA promised","managed service implied","contractual SLA approved","uptime guaranteed","managed service commitment active","24/7 production support staffed","SOC coverage active","MDR coverage active","production incident response guaranteed","production disaster recovery tested","regional data residency approved","sovereign hosting approved","customer tenancy approved","tenant isolation certified","security certification granted","SOC 2 certified","HITRUST certified","ISO 27001 certified","PHI processing authorized","live data processing approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","profit margin guaranteed"]},{"id":"enterprise-scale-control-data-lifecycle-retention-archive","category":"enterprise-scalability-operations","name":"Data lifecycle, retention, and archive review","state":"external-approval-required","buyerImpact":"Keep retention, deletion, archive, backup, and external evidence references aligned before sensitive or customer-specific artifacts appear.","currentBoundary":"Data lifecycle, retention, and archive review remains external-review-required; hard stops: PHI retained, confidential artifact stored, signed agreement stored without approval, data retention approved informally.","currentControl":"retention class, archive trigger, external evidence reference, deletion owner, customer review gate","safeWorkaround":"Use scale readiness evidence, no-SLA language, capacity assumptions, tenant owners, support-tier review, and qualified external review before commitments expand.","remainingGate":"PHI retained, confidential artifact stored, signed agreement stored without approval, data retention approved informally","owner":"Privacy, security, customer authority owners, and platform","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"nextAction":"retention class","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","PHI retained","confidential artifact stored","signed agreement stored without approval","data retention approved informally","contractual SLA approved","uptime guaranteed","managed service commitment active","24/7 production support staffed","SOC coverage active","MDR coverage active","production incident response guaranteed","production disaster recovery tested","regional data residency approved","sovereign hosting approved","customer tenancy approved","tenant isolation certified","security certification granted","SOC 2 certified","HITRUST certified","ISO 27001 certified","PHI processing authorized","live data processing approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","profit margin guaranteed"]},{"id":"limitations-workaround-phi-live-data-boundary","category":"limitations-workaround-operations","name":"PHI and live patient-data boundary","state":"blocked-before-approval","buyerImpact":"A buyer demo or pilot could accidentally become regulated production data processing before privacy, security, BAA/DPA, customer environment, and clinical governance approvals exist.","currentBoundary":"PHI and live patient-data boundary remains blocked-until-approved; blocked claims: PHI processing authorized, live patient data connected, patient matching approved.","currentControl":"No-PHI intake lint, route headers, source-class labels, blocked-input copy, and protected AAL2 evidence references.","safeWorkaround":"Use synthetic fixtures, metadata-only references, external evidence-room pointers, no-PHI excerpts, and Health Records Safety Exchange source mapping.","remainingGate":"Executed customer authority, BAA/DPA when required, security review, clinical governance approval, connector approval, monitoring, rollback, and retained evidence.","owner":"Privacy, security, clinical governance, customer authority owner, and TrustOS","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/health-records","/clinical-authority-readiness","/boundary-resolution"],"nextAction":"Any PHI, identifier, live chart, production credential, patient matching, or data-residency request appears.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","PHI processing authorized","live patient data connected","patient matching approved","PHI processing authorized","live clinical care authorized","patient matching approved","EHR writeback approved","payer submission approved","production connector approved","public API SLA approved","contractual uptime guaranteed","managed service coverage active","autonomous remediation approved","live autonomous AI approved","production model routing approved","legal advice provided","accounting advice provided","tax advice provided","audited financial reporting completed","securities offering material approved","revenue guaranteed","profit margin guaranteed","security certified","accessibility certified","regulatory approval granted","public quantum capability available","buyer release approved"]},{"id":"limitations-workaround-clinical-care-authority-boundary","category":"limitations-workaround-operations","name":"Live clinical care and CDS authority","state":"external-approval-required","buyerImpact":"Operational language could be interpreted as clinical authority, medical advice, or production CDS/SaMD readiness before qualified review.","currentBoundary":"Live clinical care and CDS authority remains external-review-required; blocked claims: live clinical care authorized, clinical decision support cleared, autonomous diagnosis or treatment permitted.","currentControl":"Clinical Authority Readiness, Clinical Care Activation gates, Claim Guard, and no-live-care headers.","safeWorkaround":"Frame outputs as synthetic workflow planning, review queues, draft-only documentation, and clinical-governance preparation with explicit human review.","remainingGate":"Clinical governance approval, regulatory classification, customer scope, clinician workflow controls, monitoring, override, and rollback evidence.","owner":"Clinical governance, qualified clinicians, legal, privacy, and release stewardship","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/clinical-authority-readiness","/clinical-care-activation","/qa-claim-guard"],"nextAction":"A claim implies diagnosis, treatment, live triage, autonomous care coordination, or production CDS.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","live clinical care authorized","clinical decision support cleared","autonomous diagnosis or treatment permitted","PHI processing authorized","live clinical care authorized","patient matching approved","EHR writeback approved","payer submission approved","production connector approved","public API SLA approved","contractual uptime guaranteed","managed service coverage active","autonomous remediation approved","live autonomous AI approved","production model routing approved","legal advice provided","accounting advice provided","tax advice provided","audited financial reporting completed","securities offering material approved","revenue guaranteed","profit margin guaranteed","security certified","accessibility certified","regulatory approval granted","public quantum capability available","buyer release approved"]},{"id":"limitations-workaround-ehr-writeback-connector-boundary","category":"limitations-workaround-operations","name":"Production EHR connector and writeback boundary","state":"blocked-before-approval","buyerImpact":"Integration demos can turn into unsafe production connector promises, mutation claims, or payer-submission commitments.","currentBoundary":"Production EHR connector and writeback boundary remains blocked-until-approved; blocked claims: production connector approved, EHR writeback approved, payer submission approved.","currentControl":"Interoperability standards map, Health Records Safety Exchange, connector blocked-claim list, and synthetic extraction evaluator.","safeWorkaround":"Use fixture validation, synthetic conformance kits, connector contract review, external artifact references, and no-mutation evidence.","remainingGate":"Customer sandbox, security review, connector contract, data boundary approval, mutation policy, audit, monitoring, and rollback evidence.","owner":"Interoperability, platform engineering, privacy, security, clinical governance, and customer integration owner","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/interoperability","/health-records","/integrations/fixture-validation"],"nextAction":"Production endpoint, credential, writeback, payer submission, patient match, or live HIE/EHR request appears.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","production connector approved","EHR writeback approved","payer submission approved","PHI processing authorized","live clinical care authorized","patient matching approved","EHR writeback approved","payer submission approved","production connector approved","public API SLA approved","contractual uptime guaranteed","managed service coverage active","autonomous remediation approved","live autonomous AI approved","production model routing approved","legal advice provided","accounting advice provided","tax advice provided","audited financial reporting completed","securities offering material approved","revenue guaranteed","profit margin guaranteed","security certified","accessibility certified","regulatory approval granted","public quantum capability available","buyer release approved"]},{"id":"limitations-workaround-public-api-sla-boundary","category":"limitations-workaround-operations","name":"Public API, SLA, and unlimited-scale boundary","state":"human-aal2-required","buyerImpact":"Enterprise diligence could mistake technical maturity for contractual support, public availability, unlimited usage, or managed-service coverage.","currentBoundary":"Public API, SLA, and unlimited-scale boundary remains human-review-required; blocked claims: public API SLA approved, unlimited API scale approved, contractual uptime guaranteed.","currentControl":"Platform Power API contract register, Enterprise Scalability SLO readiness, Service Reliability fault classes, and Navigation Audit route counts.","safeWorkaround":"Use route summaries, boundary headers, version posture, draft quotas, rate-limit classes, support assumptions, and no-SLA language.","remainingGate":"Contract terms, staffing model, support tier, incident response, monitoring, rate limits, price model, and executive approval.","owner":"Platform engineering, legal ops, service reliability, customer operations, and finance","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/platform-power","/enterprise-scalability","/service-reliability"],"nextAction":"Public API, unlimited usage, uptime, SLA, support, or managed-service language appears.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","public API SLA approved","unlimited API scale approved","contractual uptime guaranteed","PHI processing authorized","live clinical care authorized","patient matching approved","EHR writeback approved","payer submission approved","production connector approved","public API SLA approved","contractual uptime guaranteed","managed service coverage active","autonomous remediation approved","live autonomous AI approved","production model routing approved","legal advice provided","accounting advice provided","tax advice provided","audited financial reporting completed","securities offering material approved","revenue guaranteed","profit margin guaranteed","security certified","accessibility certified","regulatory approval granted","public quantum capability available","buyer release approved"]},{"id":"limitations-workaround-ai-agent-autonomy-boundary","category":"limitations-workaround-operations","name":"Live AI, production model-routing, and agent autonomy boundary","state":"external-approval-required","buyerImpact":"Agent language can imply production model approval, autonomous remediation, clinical action, legal advice, or financial decision authority.","currentBoundary":"Live AI, production model-routing, and agent autonomy boundary remains external-review-required; blocked claims: live autonomous AI approved, production model routing approved, agent actions fully autonomous.","currentControl":"AgentOS, TrustOS, Platform Power, QA Claim Guard, Runtime Safety, and Continuous Review loops.","safeWorkaround":"Use model-route registers, allowed/blocked data classes, eval packs, red-team loops, human approval triggers, and protected AAL2 operator lanes.","remainingGate":"Approved provider, model route, data policy, eval pass criteria, monitoring, tool schema, approval UI, rollback, audit persistence, and customer authority.","owner":"AI platform, AgentOS, TrustOS, QA, security, finance, and clinical governance","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/agents","/trust-os","/platform-power","/continuous-review-audit"],"nextAction":"The system is asked to act without approval, route PHI to a model, self-remediate production, or make clinical/legal/financial decisions.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","live autonomous AI approved","production model routing approved","agent actions fully autonomous","PHI processing authorized","live clinical care authorized","patient matching approved","EHR writeback approved","payer submission approved","production connector approved","public API SLA approved","contractual uptime guaranteed","managed service coverage active","autonomous remediation approved","live autonomous AI approved","production model routing approved","legal advice provided","accounting advice provided","tax advice provided","audited financial reporting completed","securities offering material approved","revenue guaranteed","profit margin guaranteed","security certified","accessibility certified","regulatory approval granted","public quantum capability available","buyer release approved"]},{"id":"limitations-workaround-security-certification-boundary","category":"limitations-workaround-operations","name":"Security, privacy, SOC 2, HITRUST, and certification boundary","state":"external-approval-required","buyerImpact":"Procurement packets could overstate security posture, compliance status, or customer-specific readiness.","currentBoundary":"Security, privacy, SOC 2, HITRUST, and certification boundary remains external-review-required; blocked claims: security certified, SOC 2 certified, HITRUST certified.","currentControl":"Evidence-room metadata, owner matrix, certification tracks, blocked claims, renewal queue, and protected access logs.","safeWorkaround":"Use Trust Center, Provider Security Reviews, Procurement Evidence Registry, Global Certification Readiness, and no-sensitive-artifact references.","remainingGate":"Qualified assessment, remediation evidence, approved artifact reference, customer-specific acceptance, and release authority.","owner":"Security, privacy, legal, trust operations, customer authority owner, and qualified external reviewers","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/trust-center","/global-certification-readiness","/pilot-workspace/access"],"nextAction":"A buyer asks for SOC 2, HITRUST, ISO, HIPAA certification, pentest, BAA/DPA, vendor-risk approval, or security signoff.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","security certified","SOC 2 certified","HITRUST certified","PHI processing authorized","live clinical care authorized","patient matching approved","EHR writeback approved","payer submission approved","production connector approved","public API SLA approved","contractual uptime guaranteed","managed service coverage active","autonomous remediation approved","live autonomous AI approved","production model routing approved","legal advice provided","accounting advice provided","tax advice provided","audited financial reporting completed","securities offering material approved","revenue guaranteed","profit margin guaranteed","security certified","accessibility certified","regulatory approval granted","public quantum capability available","buyer release approved"]},{"id":"limitations-workaround-global-legal-privacy-boundary","category":"limitations-workaround-operations","name":"Global legal, privacy, AI Act, GDPR, NHS, MHRA, and regional boundary","state":"external-approval-required","buyerImpact":"Public-sector and global buyer conversations can become unsupported country-launch or conformity claims.","currentBoundary":"Global legal, privacy, AI Act, GDPR, NHS, MHRA, and regional boundary remains external-review-required; blocked claims: EU AI Act conformant, GDPR approved, government endorsed.","currentControl":"Global Certification Readiness, Global Reach, Deployment Profiles, Claim Guard, and Boundary Resolution.","safeWorkaround":"Use regional buyer packs, deployment profiles, official-source evidence implications, partner authority registers, and qualified regional counsel review.","remainingGate":"Qualified regional legal/privacy/security review, hosting decision, procurement authority, partner approval, and retained release evidence.","owner":"Regional counsel, privacy, security, clinical governance, global partnerships, and customer procurement owner","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/global-certification-readiness","/global-reach","/deployment-profiles"],"nextAction":"A claim names country launch, public-sector approval, local hosting approval, GDPR/EU AI Act conformity, NHS/MHRA/Australia approval, or government endorsement.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","EU AI Act conformant","GDPR approved","government endorsed","PHI processing authorized","live clinical care authorized","patient matching approved","EHR writeback approved","payer submission approved","production connector approved","public API SLA approved","contractual uptime guaranteed","managed service coverage active","autonomous remediation approved","live autonomous AI approved","production model routing approved","legal advice provided","accounting advice provided","tax advice provided","audited financial reporting completed","securities offering material approved","revenue guaranteed","profit margin guaranteed","security certified","accessibility certified","regulatory approval granted","public quantum capability available","buyer release approved"]},{"id":"limitations-workaround-legal-finance-revenue-boundary","category":"limitations-workaround-operations","name":"Legal, finance, accounting, tax, revenue, and profit boundary","state":"external-approval-required","buyerImpact":"Sales, board, investor, and buyer materials could become unsupported professional advice, financial reporting, securities material, or commercial promises.","currentBoundary":"Legal, finance, accounting, tax, revenue, and profit boundary remains external-review-required; blocked claims: legal advice provided, revenue guaranteed, profit margin guaranteed.","currentControl":"Enterprise Business Ops, Growth Engine, Capital Vitality, Public Market Readiness, Deal Room, and Claim Guard.","safeWorkaround":"Use fixed-scope offers, price floors, buyer-approved measurement plans, counsel review slots, finance/accounting/tax triage, and qualified release authority.","remainingGate":"Qualified review, signed approval, buyer baseline, measurement plan, billing setup, payment terms, and retained release authority.","owner":"Founder, deal desk, legal, finance, accounting, tax, revenue operations, and qualified reviewers","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/enterprise-business-ops","/growth-engine","/capital-vitality","/public-market-readiness"],"nextAction":"A proposal includes contract approval, non-standard terms, revenue impact, ROI, reimbursement, valuation, fundraising, tax, accounting, or legal conclusions.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","legal advice provided","revenue guaranteed","profit margin guaranteed","PHI processing authorized","live clinical care authorized","patient matching approved","EHR writeback approved","payer submission approved","production connector approved","public API SLA approved","contractual uptime guaranteed","managed service coverage active","autonomous remediation approved","live autonomous AI approved","production model routing approved","legal advice provided","accounting advice provided","tax advice provided","audited financial reporting completed","securities offering material approved","revenue guaranteed","profit margin guaranteed","security certified","accessibility certified","regulatory approval granted","public quantum capability available","buyer release approved"]},{"id":"limitations-workaround-autonomous-communications-boundary","category":"limitations-workaround-operations","name":"Email, calendar, demo, meeting, and buyer communication boundary","state":"human-aal2-required","buyerImpact":"A draft could become an unauthorized buyer commitment, meeting invite, sales promise, procurement statement, or customer-specific claim.","currentBoundary":"Email, calendar, demo, meeting, and buyer communication boundary remains human-review-required; blocked claims: email sent autonomously, calendar invite created autonomously, buyer commitment approved.","currentControl":"Client Onboarding and Communications stages, handoffs, templates, calendar packets, and blocked-content list.","safeWorkaround":"Use human-reviewed templates, meeting packets, owner handoffs, no-PHI notes, and explicit send/invite approval fields.","remainingGate":"Human approval of exact content, recipients, timing, scope, no-PHI boundary, pricing, and follow-up owner.","owner":"Revenue operations, sales engineering, customer operations, legal ops, finance, and product owner","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/client-onboarding","/offerings","/pilot-deal-room"],"nextAction":"The communication contains PHI, security claims, contract language, pricing exceptions, procurement claims, or clinical promises.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","email sent autonomously","calendar invite created autonomously","buyer commitment approved","PHI processing authorized","live clinical care authorized","patient matching approved","EHR writeback approved","payer submission approved","production connector approved","public API SLA approved","contractual uptime guaranteed","managed service coverage active","autonomous remediation approved","live autonomous AI approved","production model routing approved","legal advice provided","accounting advice provided","tax advice provided","audited financial reporting completed","securities offering material approved","revenue guaranteed","profit margin guaranteed","security certified","accessibility certified","regulatory approval granted","public quantum capability available","buyer release approved"]},{"id":"limitations-workaround-release-proof-boundary","category":"limitations-workaround-operations","name":"Protected QA, buyer proof, and release authority boundary","state":"human-aal2-required","buyerImpact":"Public checks could be mistaken for retained protected evidence, customer permission, or release authority.","currentBoundary":"Protected QA, buyer proof, and release authority boundary remains human-review-required; blocked claims: protected happy path completed without AAL2, buyer release approved, bearer token retained as evidence.","currentControl":"Release Continuity, QA Launch Kit, Manual QA Execution Console, Buyer Release Control Runbook, protected evidence packets, and no-token policy.","safeWorkaround":"Use AAL2 protected workspaces, no-secret operator packets, QA Completion Bridge, Activation Seal, Proof Promotion, Buyer Proof Release, and release-control runbooks.","remainingGate":"Fresh human AAL2 run, no-secret packet, reviewer signoff, release decision, lockbox, recipient authority, access-log reconciliation, and claim guard approval.","owner":"Release engineering, TrustOS, tenant governance, approved operator, and buyer diligence","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/release-continuity","/qa-manual-execution-console","/buyer-release-control-run","/pilot-workspace/access"],"nextAction":"A claim references retained protected proof, customer release, authenticated QA, token handling, evidence-room access, or buyer distribution.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","protected happy path completed without AAL2","buyer release approved","bearer token retained as evidence","PHI processing authorized","live clinical care authorized","patient matching approved","EHR writeback approved","payer submission approved","production connector approved","public API SLA approved","contractual uptime guaranteed","managed service coverage active","autonomous remediation approved","live autonomous AI approved","production model routing approved","legal advice provided","accounting advice provided","tax advice provided","audited financial reporting completed","securities offering material approved","revenue guaranteed","profit margin guaranteed","security certified","accessibility certified","regulatory approval granted","public quantum capability available","buyer release approved"]},{"id":"limitations-workaround-ui-accessibility-boundary","category":"limitations-workaround-operations","name":"UI quality, accessibility, and seamless navigation boundary","state":"safe-workaround-active","buyerImpact":"Enterprise demos could overstate accessibility certification or leave high-value workflows hard to find.","currentBoundary":"UI quality, accessibility, and seamless navigation boundary remains workaround-active; blocked claims: accessibility certified, WCAG conformance approved, VPAT completed.","currentControl":"SiteNavigation, Navigation Audit inventory, Product Console proof stack, Platform Power UI role journey control, and smoke checks.","safeWorkaround":"Use site navigation, role journeys, Navigation Audit, Product Console, Hub cards, smoke-covered routes, and manual UI review before demos.","remainingGate":"Manual responsive review, keyboard path review, contrast review, copy fit, accessibility remediation evidence, and qualified external review if claims expand.","owner":"Frontend, Product Console, QA, accessibility reviewer, customer operations, and sales engineering","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/navigation","/product","/hub","/platform-power"],"nextAction":"A buyer-critical route is hidden, text overlaps, mobile route is unusable, keyboard path is unclear, or accessibility certification is implied.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","accessibility certified","WCAG conformance approved","VPAT completed","PHI processing authorized","live clinical care authorized","patient matching approved","EHR writeback approved","payer submission approved","production connector approved","public API SLA approved","contractual uptime guaranteed","managed service coverage active","autonomous remediation approved","live autonomous AI approved","production model routing approved","legal advice provided","accounting advice provided","tax advice provided","audited financial reporting completed","securities offering material approved","revenue guaranteed","profit margin guaranteed","security certified","accessibility certified","regulatory approval granted","public quantum capability available","buyer release approved"]},{"id":"limitations-workaround-innovation-quantum-boundary","category":"limitations-workaround-operations","name":"Internal innovation, quantum, and future infrastructure boundary","state":"blocked-before-approval","buyerImpact":"Future-looking research language could become unsupported buyer, investor, clinical, security, or public-market claims.","currentBoundary":"Internal innovation, quantum, and future infrastructure boundary remains blocked-until-approved; blocked claims: public quantum capability available, quantum clinical advantage, future infrastructure superiority proven.","currentControl":"Continuous Review and Innovation control plane, internal research assignments, Claim Guard, Boundary Resolution, and no-public-quantum authority headers.","safeWorkaround":"Keep research assigned to the internal research team with private hypotheses, no-public-claim labels, source logs, review owners, and claim-guard blocks.","remainingGate":"Validated technical evidence, risk review, qualified legal/security review, buyer-safe claim language, and approved release decision.","owner":"Internal Research Team, TrustOS, AI platform, security, legal, finance, and founder","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/continuous-review-audit","/qa-claim-guard","/boundary-resolution"],"nextAction":"Quantum, model advantage, cryptographic, clinical, security, financial, or infrastructure superiority language appears in external material.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","public quantum capability available","quantum clinical advantage","future infrastructure superiority proven","PHI processing authorized","live clinical care authorized","patient matching approved","EHR writeback approved","payer submission approved","production connector approved","public API SLA approved","contractual uptime guaranteed","managed service coverage active","autonomous remediation approved","live autonomous AI approved","production model routing approved","legal advice provided","accounting advice provided","tax advice provided","audited financial reporting completed","securities offering material approved","revenue guaranteed","profit margin guaranteed","security certified","accessibility certified","regulatory approval granted","public quantum capability available","buyer release approved"]},{"id":"platform-power-control-api-contract-register","category":"platform-power-operations","name":"API contract register","state":"active-control","buyerImpact":"Track route owner, schema, examples, version, auth posture, data boundary, and blocked claims for buyer-critical APIs.","currentBoundary":"API contract register remains active-control-plane; hard stops: route lacks owner, schema missing, boundary headers missing, public API SLA implied.","currentControl":"route, owner, schema, version, auth posture, boundary headers","safeWorkaround":"Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand.","remainingGate":"route lacks owner, schema missing, boundary headers missing, public API SLA implied","owner":"Platform engineering + product","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"nextAction":"route","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","route lacks owner","schema missing","boundary headers missing","public API SLA implied","trillion-dollar company parity guaranteed","public API SLA approved","production API marketplace launched","unlimited API scale approved","production API uptime guaranteed","live autonomous AI approved","production model routing approved","external LLM provider approved for production PHI","agent actions fully autonomous","tool execution approved without human review","RAG answers clinically validated","model safety certified","AI governance certification granted","accessibility certified","security certification granted","SOC 2 certified","HITRUST certified","PHI processing authorized","EHR access approved","FHIR writeback approved","payer submission approved","clinical decision support authorized","contractual uptime guaranteed","managed service commitment active","error-free AI guaranteed"]},{"id":"platform-power-control-api-versioning-deprecation","category":"platform-power-operations","name":"API versioning and deprecation discipline","state":"human-aal2-required","buyerImpact":"Prevent enterprise integrations from breaking silently as contracts mature from readiness to customer-specific use.","currentBoundary":"API versioning and deprecation discipline remains human-review-required; hard stops: breaking change unannounced, migration path missing, customer-specific approval missing.","currentControl":"version policy, change log, migration path, deprecation window, buyer communication owner","safeWorkaround":"Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand.","remainingGate":"breaking change unannounced, migration path missing, customer-specific approval missing","owner":"Developer experience + release stewardship","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"nextAction":"version policy","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","breaking change unannounced","migration path missing","customer-specific approval missing","trillion-dollar company parity guaranteed","public API SLA approved","production API marketplace launched","unlimited API scale approved","production API uptime guaranteed","live autonomous AI approved","production model routing approved","external LLM provider approved for production PHI","agent actions fully autonomous","tool execution approved without human review","RAG answers clinically validated","model safety certified","AI governance certification granted","accessibility certified","security certification granted","SOC 2 certified","HITRUST certified","PHI processing authorized","EHR access approved","FHIR writeback approved","payer submission approved","clinical decision support authorized","contractual uptime guaranteed","managed service commitment active","error-free AI guaranteed"]},{"id":"platform-power-control-tenant-auth-scope-review","category":"platform-power-operations","name":"Tenant auth and scope review","state":"human-aal2-required","buyerImpact":"Ensure protected APIs require the right identity, tenant, role, AAL2 path, revocation rule, and no-PHI payload scope.","currentBoundary":"Tenant auth and scope review remains human-review-required; hard stops: PHI requested, production credential requested, AAL2 bypass attempted, tenant owner missing.","currentControl":"tenant owner, role map, AAL2 gate, token handling, revocation rule","safeWorkaround":"Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand.","remainingGate":"PHI requested, production credential requested, AAL2 bypass attempted, tenant owner missing","owner":"Security + tenant governance","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"nextAction":"tenant owner","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","PHI requested","production credential requested","AAL2 bypass attempted","tenant owner missing","trillion-dollar company parity guaranteed","public API SLA approved","production API marketplace launched","unlimited API scale approved","production API uptime guaranteed","live autonomous AI approved","production model routing approved","external LLM provider approved for production PHI","agent actions fully autonomous","tool execution approved without human review","RAG answers clinically validated","model safety certified","AI governance certification granted","accessibility certified","security certification granted","SOC 2 certified","HITRUST certified","PHI processing authorized","EHR access approved","FHIR writeback approved","payer submission approved","clinical decision support authorized","contractual uptime guaranteed","managed service commitment active","error-free AI guaranteed"]},{"id":"platform-power-control-idempotency-retry-contract","category":"platform-power-operations","name":"Idempotency and retry contract","state":"active-control","buyerImpact":"Avoid duplicated work, duplicate proof packets, and uncontrolled retries when API or agent jobs are repeated.","currentBoundary":"Idempotency and retry contract remains active-control-plane; hard stops: retry ceiling absent, duplicate evidence risk, dead-letter owner missing, autonomous remediation implied.","currentControl":"idempotency key, retry ceiling, duplicate detection, dead-letter owner, manual remediation path","safeWorkaround":"Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand.","remainingGate":"retry ceiling absent, duplicate evidence risk, dead-letter owner missing, autonomous remediation implied","owner":"Runtime safety + QA","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"nextAction":"idempotency key","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","retry ceiling absent","duplicate evidence risk","dead-letter owner missing","autonomous remediation implied","trillion-dollar company parity guaranteed","public API SLA approved","production API marketplace launched","unlimited API scale approved","production API uptime guaranteed","live autonomous AI approved","production model routing approved","external LLM provider approved for production PHI","agent actions fully autonomous","tool execution approved without human review","RAG answers clinically validated","model safety certified","AI governance certification granted","accessibility certified","security certification granted","SOC 2 certified","HITRUST certified","PHI processing authorized","EHR access approved","FHIR writeback approved","payer submission approved","clinical decision support authorized","contractual uptime guaranteed","managed service commitment active","error-free AI guaranteed"]},{"id":"platform-power-control-rate-limit-abuse-control","category":"platform-power-operations","name":"Rate limit and abuse control","state":"human-aal2-required","buyerImpact":"Prepare quotas, throttles, and abuse-response behavior before enterprise pilots expand traffic or expose premium endpoints.","currentBoundary":"Rate limit and abuse control remains human-review-required; hard stops: unlimited usage promised, abuse path missing, contractual uptime implied, support coverage implied.","currentControl":"route class, quota, burst limit, abuse signal, operator escalation path","safeWorkaround":"Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand.","remainingGate":"unlimited usage promised, abuse path missing, contractual uptime implied, support coverage implied","owner":"Platform + service reliability + security","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"nextAction":"route class","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","unlimited usage promised","abuse path missing","contractual uptime implied","support coverage implied","trillion-dollar company parity guaranteed","public API SLA approved","production API marketplace launched","unlimited API scale approved","production API uptime guaranteed","live autonomous AI approved","production model routing approved","external LLM provider approved for production PHI","agent actions fully autonomous","tool execution approved without human review","RAG answers clinically validated","model safety certified","AI governance certification granted","accessibility certified","security certification granted","SOC 2 certified","HITRUST certified","PHI processing authorized","EHR access approved","FHIR writeback approved","payer submission approved","clinical decision support authorized","contractual uptime guaranteed","managed service commitment active","error-free AI guaranteed"]},{"id":"platform-power-control-ui-role-journey-control","category":"platform-power-operations","name":"UI role journey control","state":"active-control","buyerImpact":"Make API, UI, AI, reliability, scale, business, and approval tasks discoverable by audience without requiring tribal knowledge.","currentBoundary":"UI role journey control remains active-control-plane; hard stops: route orphaned, buyer-critical task hidden, limitation path missing.","currentControl":"primary nav link, hub view, product action, role journey, limitation link","safeWorkaround":"Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand.","remainingGate":"route orphaned, buyer-critical task hidden, limitation path missing","owner":"Product Console + customer operations","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"nextAction":"primary nav link","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","route orphaned","buyer-critical task hidden","limitation path missing","trillion-dollar company parity guaranteed","public API SLA approved","production API marketplace launched","unlimited API scale approved","production API uptime guaranteed","live autonomous AI approved","production model routing approved","external LLM provider approved for production PHI","agent actions fully autonomous","tool execution approved without human review","RAG answers clinically validated","model safety certified","AI governance certification granted","accessibility certified","security certification granted","SOC 2 certified","HITRUST certified","PHI processing authorized","EHR access approved","FHIR writeback approved","payer submission approved","clinical decision support authorized","contractual uptime guaranteed","managed service commitment active","error-free AI guaranteed"]},{"id":"platform-power-control-ui-quality-accessibility-review","category":"platform-power-operations","name":"UI quality and accessibility review","state":"human-aal2-required","buyerImpact":"Keep enterprise UI layouts readable, navigable, responsive, and keyboard-reviewable before external demos or buyer training.","currentBoundary":"UI quality and accessibility review remains human-review-required; hard stops: text overlap, mobile route unusable, accessibility certification claimed, unreviewed external demo.","currentControl":"responsive route, copy review, keyboard path, contrast review, manual screenshot check","safeWorkaround":"Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand.","remainingGate":"text overlap, mobile route unusable, accessibility certification claimed, unreviewed external demo","owner":"Frontend + QA + accessibility reviewer","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"nextAction":"responsive route","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","text overlap","mobile route unusable","accessibility certification claimed","unreviewed external demo","trillion-dollar company parity guaranteed","public API SLA approved","production API marketplace launched","unlimited API scale approved","production API uptime guaranteed","live autonomous AI approved","production model routing approved","external LLM provider approved for production PHI","agent actions fully autonomous","tool execution approved without human review","RAG answers clinically validated","model safety certified","AI governance certification granted","accessibility certified","security certification granted","SOC 2 certified","HITRUST certified","PHI processing authorized","EHR access approved","FHIR writeback approved","payer submission approved","clinical decision support authorized","contractual uptime guaranteed","managed service commitment active","error-free AI guaranteed"]},{"id":"platform-power-control-ai-model-route-register","category":"platform-power-operations","name":"AI model-route register","state":"external-approval-required","buyerImpact":"Track provider, model, allowed data, blocked data, fallback, cost owner, eval pack, and approval status before model use expands.","currentBoundary":"AI model-route register remains external-review-required; hard stops: PHI routed to model, provider approval missing, production model approval implied, cost owner missing.","currentControl":"provider, model class, allowed data, blocked data, fallback, cost tag, eval pack","safeWorkaround":"Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand.","remainingGate":"PHI routed to model, provider approval missing, production model approval implied, cost owner missing","owner":"AI platform + TrustOS + security + finance","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"nextAction":"provider","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","PHI routed to model","provider approval missing","production model approval implied","cost owner missing","trillion-dollar company parity guaranteed","public API SLA approved","production API marketplace launched","unlimited API scale approved","production API uptime guaranteed","live autonomous AI approved","production model routing approved","external LLM provider approved for production PHI","agent actions fully autonomous","tool execution approved without human review","RAG answers clinically validated","model safety certified","AI governance certification granted","accessibility certified","security certification granted","SOC 2 certified","HITRUST certified","PHI processing authorized","EHR access approved","FHIR writeback approved","payer submission approved","clinical decision support authorized","contractual uptime guaranteed","managed service commitment active","error-free AI guaranteed"]},{"id":"platform-power-control-agent-tool-approval","category":"platform-power-operations","name":"Agent tool approval and escalation","state":"human-aal2-required","buyerImpact":"Ensure agents recommend and route work without executing protected, clinical, financial, legal, customer, or production actions alone.","currentBoundary":"Agent tool approval and escalation remains human-review-required; hard stops: tool execution without approval, clinical action requested, contract or payment action requested, production remediation requested.","currentControl":"allowed tools, blocked tools, approval trigger, escalation owner, audit output","safeWorkaround":"Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand.","remainingGate":"tool execution without approval, clinical action requested, contract or payment action requested, production remediation requested","owner":"AgentOS + TrustOS + QA","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"nextAction":"allowed tools","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","tool execution without approval","clinical action requested","contract or payment action requested","production remediation requested","trillion-dollar company parity guaranteed","public API SLA approved","production API marketplace launched","unlimited API scale approved","production API uptime guaranteed","live autonomous AI approved","production model routing approved","external LLM provider approved for production PHI","agent actions fully autonomous","tool execution approved without human review","RAG answers clinically validated","model safety certified","AI governance certification granted","accessibility certified","security certification granted","SOC 2 certified","HITRUST certified","PHI processing authorized","EHR access approved","FHIR writeback approved","payer submission approved","clinical decision support authorized","contractual uptime guaranteed","managed service commitment active","error-free AI guaranteed"]},{"id":"platform-power-control-ai-evaluation-red-team","category":"platform-power-operations","name":"AI evaluation and red-team loop","state":"active-control","buyerImpact":"Convert repeated mistakes, hallucination risk, unsafe claims, and future AI research into eval sets, smoke checks, and controlled backlog.","currentBoundary":"AI evaluation and red-team loop remains active-control-plane; hard stops: error-free AI claimed, clinical validation claimed, unsafe output untriaged, public quantum claim made.","currentControl":"eval set, claims guard, red-team prompt, regression owner, promotion rule","safeWorkaround":"Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand.","remainingGate":"error-free AI claimed, clinical validation claimed, unsafe output untriaged, public quantum claim made","owner":"Continuous review, QA, TrustOps, and internal research","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"nextAction":"eval set","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","error-free AI claimed","clinical validation claimed","unsafe output untriaged","public quantum claim made","trillion-dollar company parity guaranteed","public API SLA approved","production API marketplace launched","unlimited API scale approved","production API uptime guaranteed","live autonomous AI approved","production model routing approved","external LLM provider approved for production PHI","agent actions fully autonomous","tool execution approved without human review","RAG answers clinically validated","model safety certified","AI governance certification granted","accessibility certified","security certification granted","SOC 2 certified","HITRUST certified","PHI processing authorized","EHR access approved","FHIR writeback approved","payer submission approved","clinical decision support authorized","contractual uptime guaranteed","managed service commitment active","error-free AI guaranteed"]},{"id":"platform-power-control-evidence-rag-source-attribution","category":"platform-power-operations","name":"Evidence retrieval and source attribution","state":"active-control","buyerImpact":"Keep extracted data, summaries, and AI answers tied to source class, evidence route, freshness requirement, and reviewer boundary.","currentBoundary":"Evidence retrieval and source attribution remains active-control-plane; hard stops: source missing, PHI included, clinical validation implied, EHR writeback requested.","currentControl":"source class, evidence route, freshness check, confidence boundary, reviewer need","safeWorkaround":"Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand.","remainingGate":"source missing, PHI included, clinical validation implied, EHR writeback requested","owner":"Atlas + source intelligence + interoperability","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"nextAction":"source class","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","source missing","PHI included","clinical validation implied","EHR writeback requested","trillion-dollar company parity guaranteed","public API SLA approved","production API marketplace launched","unlimited API scale approved","production API uptime guaranteed","live autonomous AI approved","production model routing approved","external LLM provider approved for production PHI","agent actions fully autonomous","tool execution approved without human review","RAG answers clinically validated","model safety certified","AI governance certification granted","accessibility certified","security certification granted","SOC 2 certified","HITRUST certified","PHI processing authorized","EHR access approved","FHIR writeback approved","payer submission approved","clinical decision support authorized","contractual uptime guaranteed","managed service commitment active","error-free AI guaranteed"]},{"id":"platform-power-control-platform-cost-latency-observability","category":"platform-power-operations","name":"Platform cost, latency, and quality observability","state":"active-control","buyerImpact":"Track API, UI, AI, evidence, review, support, and model-cost pressure before enterprise packages outgrow margins.","currentBoundary":"Platform cost, latency, and quality observability remains active-control-plane; hard stops: profit guarantee claimed, cost owner missing, SLA implied, support commitment unfunded.","currentControl":"cost owner, usage threshold, latency target, quality signal, margin floor","safeWorkaround":"Use API contract packets, role-based UI command paths, model-route registers, agent approval triggers, eval evidence, and explicit no-live-AI/no-PHI boundaries before claims expand.","remainingGate":"profit guarantee claimed, cost owner missing, SLA implied, support commitment unfunded","owner":"Service reliability + finance + platform operations","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"nextAction":"cost owner","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","profit guarantee claimed","cost owner missing","SLA implied","support commitment unfunded","trillion-dollar company parity guaranteed","public API SLA approved","production API marketplace launched","unlimited API scale approved","production API uptime guaranteed","live autonomous AI approved","production model routing approved","external LLM provider approved for production PHI","agent actions fully autonomous","tool execution approved without human review","RAG answers clinically validated","model safety certified","AI governance certification granted","accessibility certified","security certification granted","SOC 2 certified","HITRUST certified","PHI processing authorized","EHR access approved","FHIR writeback approved","payer submission approved","clinical decision support authorized","contractual uptime guaranteed","managed service commitment active","error-free AI guaranteed"]},{"id":"enterprise-growth-legal-finance-authority","category":"enterprise-growth-operations","name":"Enterprise legal, finance, accounting, and tax authority","state":"external-approval-required","buyerImpact":"Enterprise deals can be prepared, priced, scoped, and routed, but SCRIMED cannot self-approve legal, accounting, tax, or contract conclusions.","currentBoundary":"Enterprise Business Operations is operating-readiness material only; qualified counsel, accounting, tax, finance, and executive approvers retain authority.","currentControl":"Deal desk, quote-to-contract packet, price-floor review, scope control, counsel review, accounting/revenue-recognition triage, tax awareness, and billing readiness.","safeWorkaround":"Use business-contact and metadata-only deal packets with explicit approval slots instead of presenting signed authority or professional advice.","remainingGate":"Qualified counsel/accountant/tax review, executive contract approval, customer sign-off, and retained billing evidence.","owner":"Founder, deal desk, legal, finance, accounting, tax, and executive approver","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/growth-engine","/capital-vitality"],"nextAction":"Route every enterprise proposal through deal desk with price, scope, data-boundary, payment-term, and review evidence before external release.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","legal advice provided","accounting advice provided","tax advice provided","contract approved"]},{"id":"enterprise-growth-revenue-margin-claims","category":"enterprise-growth-operations","name":"Revenue, ROI, and profit-margin claims","state":"external-approval-required","buyerImpact":"SCRIMED can package sellable assessments, synthetic pilots, diligence rooms, and operating licenses without guaranteeing buyer revenue, savings, reimbursement, ROI, or margin.","currentBoundary":"Growth, Capital Vitality, Public Market Readiness, and Enterprise Business Ops are readiness lanes; they are not audited financial reports or revenue guarantees.","currentControl":"Price floors, paid diligence packaging, buyer-approved baselines, finance methodology gates, claim guard, and counsel-reviewed external-use language.","safeWorkaround":"Sell fixed-scope no-PHI assessments and synthetic pilots with buyer-approved measurement plans while keeping ROI and reimbursement language qualified.","remainingGate":"Buyer-approved baseline, finance methodology, qualified legal/finance review, customer permission, and retained measurement evidence.","owner":"Founder, enterprise sales, finance, legal, customer sponsor, and revenue operations","proofRoutes":["/growth-engine","/capital-vitality","/public-market-readiness","/enterprise-business-ops"],"nextAction":"Attach each commercial conversation to one proof route, one value metric, one measurement boundary, and one retained approval gate.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","revenue guaranteed","ROI guaranteed","profit margin guaranteed","reimbursement guaranteed"]},{"id":"enterprise-growth-investor-securities-boundary","category":"enterprise-growth-operations","name":"Investor, securities, valuation, and fundraising language","state":"external-approval-required","buyerImpact":"Capital and board materials can organize diligence readiness, but they cannot become securities offering material, investment advice, or valuation assurance.","currentBoundary":"Capital Vitality and Public Market Readiness are operating-discipline surfaces, not audited financial statements or fundraising documents.","currentControl":"Investor milestone register, public-market claim controls, board cadence, protected release decisions, and external-review gates.","safeWorkaround":"Use internal readiness summaries and route investment, valuation, securities, tax, or fundraising language to qualified advisors before sharing externally.","remainingGate":"Qualified securities counsel, finance/accounting review, advisor review, recipient context, and approved release decision.","owner":"Founder, finance, counsel, investor relations, and board/advisor reviewers","proofRoutes":["/capital-vitality","/public-market-readiness","/boundary-resolution","/qa-claim-guard"],"nextAction":"Keep investor-facing material in readiness mode until qualified counsel and finance/accounting reviewers approve exact language and recipients.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","securities offering material approved","investment advice provided","valuation assured","audited financial statements complete"]},{"id":"enterprise-growth-global-partner-claims","category":"enterprise-growth-operations","name":"Global partner, public-sector, and regional procurement claims","state":"external-approval-required","buyerImpact":"SCRIMED can pursue global partner discovery and localization packs without claiming country launch, public-sector approval, data-residency approval, or government endorsement.","currentBoundary":"Global Reach and Growth Engine prepare regional conversations only; local legal, privacy, security, procurement, hosting, and partner authority remain external gates.","currentControl":"Regional packs, deployment profiles, public-sector questions, data-residency review, partner authority register, and claim guard.","safeWorkaround":"Frame global work as synthetic/no-personal-data discovery and buyer localization until regional approval evidence exists.","remainingGate":"Regional counsel, privacy/security review, hosting decision, procurement authority, partner signoff, and customer-specific approval.","owner":"Founder, global partnerships, regional counsel, privacy, security, procurement, and partner operations","proofRoutes":["/global-reach","/global-certification-readiness","/deployment-profiles","/growth-engine"],"nextAction":"Pair every regional or public-sector conversation with a deployment-profile gate and qualified regional review owner.","prohibitedClaims":["live clinical care authorized","PHI processing authorized","HIPAA certified","SOC 2 certified","FDA cleared","regional regulatory approval granted","reimbursement guaranteed","production clinical authorization granted","autonomous diagnosis or treatment permitted","managed 24/7 SOC or MDR coverage active","quantum-safe certified","audited financial reporting completed","revenue or profit margin guaranteed","legal accounting or tax advice provided","contractual SLA approved","managed service commitment active","production support guaranteed","public API SLA approved","live autonomous AI approved","production model routing approved","accessibility certified","trillion-dollar company parity guaranteed","country launch approved","public-sector procurement approved","government endorsed","data residency approved"]}],"updated":"2026-06-26"},"capitalVitality":{"service":"scrimed-capital-vitality","route":"/capital-vitality","apiRoute":"/api/capital-vitality","briefRoute":"/api/capital-vitality/brief","status":"capital-vitality-revenue-funding-readiness-active","briefStatus":"capital-vitality-brief-ready-no-securities-offer","fundingVitalityPosture":"investor-ready-readiness-materials-no-securities-offer","boundary":"SCRIMED Capital Vitality organizes revenue capabilities, competitive moat evidence, investor-readiness milestones, funding workstreams, and retained external-review gates. It strengthens commercial execution and diligence readiness, but it is not investment advice, securities offering material, audited financial reporting, valuation assurance, legal advice, tax advice, reimbursement assurance, customer revenue guarantee, security certification, regulatory approval, PHI processing approval, production connector approval, or live clinical care authorization.","authority":{"dataBoundary":"synthetic-only","financialAuthority":"not-audited-financial-report","securitiesAuthority":"not-securities-offering-material","investmentAdvice":"not-investment-advice","valuationAuthority":"not-valuation-assurance","reimbursementAuthority":"no-reimbursement-guarantee","approvalAuthority":"external-review-required","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","securityCertification":"not-security-certified"},"sourceAlignment":{"pageRouteCount":164,"apiRoutePatternCount":439,"smokeCoveredHtmlRouteCount":76,"commercialPricingStatus":"pricing-and-sales-motion-ready","marketActivationStatus":"revenue-message-comms-foundation-ready","publicMarketReadinessStatus":"capital-efficiency-kpi-stack-ready","salesDealRoomStatus":"public-organization-and-protected-packet-ready","serviceReliabilityStatus":"service-reliability-hardening-active"},"revenueCapabilityCount":8,"activeRevenueCapabilityCount":2,"packagedRevenueCapabilityCount":3,"protectedGatedRevenueCapabilityCount":2,"externalReviewRevenueCapabilityCount":1,"moatSignalCount":9,"highMoatSignalCount":4,"investorMilestoneCount":8,"readyInvestorMilestoneCount":4,"externalReviewMilestoneCount":2,"operatorRequiredMilestoneCount":1,"fundingWorkstreamCount":8,"activeFundingWorkstreamCount":3,"externalReviewWorkstreamCount":3,"retainedExternalReviewCount":5,"proofRouteCount":51,"revenueCapabilities":[{"name":"Synthetic Atlas Pilot","buyer":"Health systems, payers, public-sector health teams, and enterprise innovation sponsors","status":"packaged","revenueMotion":"30 to 90 day governed synthetic pilot with executive findings and production-readiness gates.","priceLogic":"Packaged as a premium fixed-fee pilot before any protected enterprise or production-license commitment.","proofRoutes":["/product","/pilot-deal-room","/pilots","/pricing"],"limitation":"Pilot evidence remains synthetic or protected-evaluation only until buyer-specific live controls are approved.","nextAction":"Use the Deal Room and Pilot Intake to qualify sponsor, workflow scope, review team, and success metrics."},{"name":"Workflow Intelligence Assessment","buyer":"Clinical operations, access, revenue cycle, documentation, and transformation leaders","status":"active","revenueMotion":"Short paid assessment that maps workflow friction, AI readiness, governance gaps, and pilot candidates.","priceLogic":"Fixed-scope assessment with clear upgrade path into Synthetic Atlas Pilot.","proofRoutes":["/pricing","/product","/pilot","/sales-operations"],"limitation":"Findings are operational intelligence for human leaders, not medical, legal, reimbursement, or accounting advice.","nextAction":"Keep assessment outputs tied to proof routes, governance gates, and buyer-approved baselines."},{"name":"AI Readiness + Governance Audit","buyer":"Compliance, security, legal, clinical governance, innovation, and executive sponsors","status":"packaged","revenueMotion":"Readiness engagement for claims control, privacy posture, auditability, role controls, runtime safety, and approval gates.","priceLogic":"Assessment fee that can expand into protected pilot controls and enterprise diligence work.","proofRoutes":["/approvals-readiness","/boundary-resolution","/clinical-authority-readiness","/trust-center"],"limitation":"Readiness audit does not certify HIPAA, SOC 2, HITRUST, FDA, ONC, security posture, or legal compliance.","nextAction":"Route any certification, regulatory, or legal claim through qualified external reviewers."},{"name":"Clinical Operations Automation Blueprint","buyer":"Hospitals, clinics, payers, and public-sector health programs planning phased automation","status":"packaged","revenueMotion":"Blueprint package for agent responsibilities, connector plan, review queues, safety controls, and staged deployment path.","priceLogic":"Strategy and implementation-planning package that precedes protected pilot or enterprise license.","proofRoutes":["/agents","/workflows","/healthcare-intelligence-os","/interoperability"],"limitation":"Blueprint remains review-only and does not authorize live clinical workflow execution or production connectors.","nextAction":"Translate each automation candidate into blocked actions, human checkpoints, and audit evidence."},{"name":"Protected Buyer Diligence Rooms","buyer":"Enterprise buyers, procurement, security reviewers, investor diligence teams, and executive sponsors","status":"protected-gated","revenueMotion":"Paid buyer-specific diligence packaging with proof packets, release controls, and metadata-only evidence routing.","priceLogic":"Bundled into enterprise pilot/procurement motion; future premium service when release authority is retained.","proofRoutes":["/pilot-workspace/access","/buyer-release-control-run","/pilot-deal-room"],"limitation":"External sharing remains blocked until release decisions, reviewer signoffs, recipient controls, and access-log reconciliation are retained.","nextAction":"Complete the protected release-control chain before any buyer-specific external distribution."},{"name":"TrustOps Incident And Claims Control","buyer":"Enterprise risk, legal, security, marketing, buyer diligence, and operator teams","status":"active","revenueMotion":"Trust, safety, claims, and incident-readiness support for enterprise AI operations and buyer confidence.","priceLogic":"Packaged as governance support attached to pilots and enterprise readiness work.","proofRoutes":["/trust-safety-operations","/qa-claim-guard","/claims","/trust-center"],"limitation":"Operating model does not create managed 24/7 coverage, legal approval, public-claim approval, or certification by itself.","nextAction":"Keep buyer, investor, PR, advertising, and operator claims routed through Claim Guard before publication."},{"name":"Deployment Profile Advisory","buyer":"Security-sensitive hospitals, governments, sovereign programs, and infrastructure partners","status":"external-review-required","revenueMotion":"Advisory package for managed cloud, private cloud, hospital-controlled, sovereign, and edge deployment readiness.","priceLogic":"Premium planning motion that can expand into strategic platform partnership after legal/security review.","proofRoutes":["/deployment-profiles","/global-reach","/market-activation","/interoperability"],"limitation":"Deployment profiles do not grant regional approval, data-residency approval, security certification, or procurement acceptance.","nextAction":"Attach qualified regional legal, privacy, security, and procurement review before external claims expand."},{"name":"Interoperability Conformance Readiness","buyer":"IT, interoperability, EHR, payer, research, and device-integration reviewers","status":"protected-gated","revenueMotion":"Conformance-readiness engagement around standards mapping, fixtures, synthetic tests, and live connector prerequisites.","priceLogic":"Technical diligence package that supports pilots and future implementation scope.","proofRoutes":["/interoperability","/interoperability/evaluations","/integrations","/synthetic/validation"],"limitation":"Synthetic conformance evidence is not live connector certification, trading-partner acceptance, or production data exchange authority.","nextAction":"Keep live connector claims blocked until buyer, legal, security, privacy, and partner approvals exist."}],"competitiveMoatSignals":[{"name":"Healthcare Intelligence OS category position","strength":"high","evidence":"SCRIMED combines AgentOS, Atlas Intelligence Core, TrustOS, workflows, interoperability, and buyer diligence into one healthcare operations layer.","proofRoutes":["/healthcare-intelligence-os","/product","/agents","/atlas"],"defendability":"The moat is domain workflow orchestration plus trust evidence, not general model access.","retainedBoundary":"Architecture proof is not production authorization or clinical validation."},{"name":"TrustOS and Claim Guard discipline","strength":"high","evidence":"Policy evaluation, claim control, blocked authority language, and no-authority headers are embedded across high-risk routes.","proofRoutes":["/trust-os","/qa-claim-guard","/claims","/api/product/console"],"defendability":"Healthcare buyers need governed explainability, boundaries, and audit posture before automation scale.","retainedBoundary":"Trust controls are readiness evidence, not legal advice or compliance certification."},{"name":"Atlas evidence and Trust Cards","strength":"high","evidence":"Evidence routes, Trust Cards, source intelligence, and workflow result packets create inspectable support for buyer review.","proofRoutes":["/atlas","/trust","/source-intelligence","/workflows/results"],"defendability":"Evidence-backed workflow outputs are harder to copy than a model wrapper.","retainedBoundary":"Evidence organization does not guarantee clinical outcome, reimbursement, or customer revenue."},{"name":"Protected buyer release-control chain","strength":"high","evidence":"Buyer release decisions, reviewer signoffs, disabled distribution lockbox controls, recipient controls, and access-log reconciliation are staged before external sharing.","proofRoutes":["/buyer-release-control-run","/pilot-workspace/access","/qa-buyer-proof-release"],"defendability":"Enterprise diligence friction becomes a managed product capability.","retainedBoundary":"Release-control readiness is not release approval or customer permission."},{"name":"Service Reliability fault/control map","strength":"medium","evidence":"Product/service controls, fault classes, efficiency improvements, open gates, and owners are inspectable before claims expand.","proofRoutes":["/service-reliability","/navigation","/release-continuity"],"defendability":"Operational maturity compounds as every new surface inherits route, smoke, and boundary checks.","retainedBoundary":"Reliability hardening is not security certification or approval authority."},{"name":"Public route and smoke discipline","strength":"medium","evidence":"Navigation Audit ties page inventory, API pattern count, route groups, smoke coverage, and protected fail-closed behavior together.","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"defendability":"Route-count controls reduce drift as the product surface grows.","retainedBoundary":"Route control does not prove protected happy-path execution."},{"name":"Public Market KPI and protected board metric ladder","strength":"medium","evidence":"KPI definitions, unit-economics packages, protected operator metrics, board scorecards, and finance methodology gates are mapped.","proofRoutes":["/public-market-readiness","/api/public-market-readiness","/pilot-workspace/access"],"defendability":"Operating metrics connect product usage, workflow value, and governance proof for diligence.","retainedBoundary":"KPI readiness is not audited financial reporting, valuation assurance, or securities material."},{"name":"Interoperability-first synthetic validation","strength":"medium","evidence":"Standards registry, fixture validation, conformance evaluations, and synthetic workflow validation are visible before live integration.","proofRoutes":["/interoperability","/interoperability/evaluations","/integrations/fixture-validation"],"defendability":"Healthcare integration readiness is encoded as a repeatable evidence system.","retainedBoundary":"Synthetic validation does not approve live connectors or PHI ingestion."},{"name":"Commercial packaging and sales operations linkage","strength":"watch","evidence":"Pricing tiers, pilot programs, Deal Room, Sales Operations, attribution, and buyer workspaces are connected.","proofRoutes":["/pricing","/pilot-deal-room","/sales-operations","/attribution-analytics"],"defendability":"Revenue operations become inspectable and tied to proof instead of ad hoc founder selling.","retainedBoundary":"Sales packaging does not guarantee conversion, revenue, customer permission, or procurement approval."}],"investorReadinessMilestones":[{"name":"Category narrative packaged","status":"ready","investorQuestion":"What is SCRIMED building that is bigger than a feature?","evidence":"Healthcare Intelligence OS, public product console, and public-market thesis are live.","proofRoutes":["/healthcare-intelligence-os","/product","/public-market-readiness"],"fundingImpact":"Improves narrative clarity and makes the company easier to diligence.","retainedBoundary":"Narrative is operating posture, not an investment recommendation."},{"name":"Revenue streams mapped","status":"ready","investorQuestion":"How can SCRIMED make money before production clinical authority?","evidence":"Assessments, synthetic pilots, governance audits, blueprints, diligence rooms, and advisory work are packaged.","proofRoutes":["/capital-vitality","/pricing","/market-activation"],"fundingImpact":"Shows near-term non-PHI, synthetic, and review-only revenue paths.","retainedBoundary":"Revenue capability is not a sales forecast, audited result, or customer commitment."},{"name":"Proof stack deployed","status":"ready","investorQuestion":"Is the product real, inspectable, and deployed?","evidence":"Homepage, Hub, Product Console, Deal Room, APIs, briefs, smoke coverage, and production deployment exist.","proofRoutes":["/","/hub","/product","/pilot-deal-room"],"fundingImpact":"Reduces demo risk and gives reviewers direct inspection paths.","retainedBoundary":"Public proof stack does not prove protected customer production execution."},{"name":"Unit economics framework","status":"in-progress","investorQuestion":"Can SCRIMED measure cost, margin, and value by offer?","evidence":"Public Market Readiness defines cost-per-workflow, gross margin by offer, protected operator metrics, and finance methodology gates.","proofRoutes":["/public-market-readiness","/pilot-workspace/access"],"fundingImpact":"Creates the operating skeleton for future board and investor reporting.","retainedBoundary":"Framework is not audited financial reporting, accounting advice, tax advice, or valuation assurance."},{"name":"Claims and approvals controls","status":"ready","investorQuestion":"Can SCRIMED grow without overclaiming regulated authority?","evidence":"Approvals Readiness, Boundary Resolution, Clinical Authority Readiness, and Claim Guard are active.","proofRoutes":["/approvals-readiness","/boundary-resolution","/clinical-authority-readiness","/qa-claim-guard"],"fundingImpact":"Improves credibility with regulated buyers and risk-aware investors.","retainedBoundary":"Controls do not replace counsel, security assessors, regulators, or buyer approvers."},{"name":"Protected AAL2 proof retained","status":"operator-required","investorQuestion":"Can SCRIMED prove authenticated protected workflows without leaking secrets?","evidence":"Protected Manual QA Evidence and Buyer Proof Release exist, with browser AAL2 session requirements.","proofRoutes":["/qa-aal2-run-evidence","/qa-manual-execution-console","/pilot-workspace/access"],"fundingImpact":"Creates a path from public demo proof into protected diligence proof.","retainedBoundary":"Protected happy-path proof requires approved human AAL2 operation and no token retention."},{"name":"Funding data room sequence","status":"external-review-required","investorQuestion":"Which documents can be shared externally and under what authority?","evidence":"Buyer release-control chain can be repurposed as a funding-review release-control checklist.","proofRoutes":["/buyer-release-control-run","/pilot-workspace/access","/qa-buyer-proof-release"],"fundingImpact":"Clarifies how investor materials move through review without uncontrolled distribution.","retainedBoundary":"Funding materials require counsel and do not become securities offering material by default."},{"name":"Security and compliance evidence path","status":"external-review-required","investorQuestion":"What must happen before enterprise production trust claims?","evidence":"Provider security review readiness, procurement evidence routing, and Approvals Readiness tracks are mapped.","proofRoutes":["/approvals-readiness","/pilot-workspace/access","/trust-center"],"fundingImpact":"Shows a credible path toward enterprise-grade assurance without premature claims.","retainedBoundary":"Security posture is not SOC 2, HITRUST, HIPAA, pentest, or BAA execution."}],"fundingVitalityWorkstreams":[{"name":"Investor narrative brief","owner":"Founder + Product Console","status":"packaged","capability":"Use Capital Vitality brief as the top-level investor and board diligence summary.","proof":"/api/capital-vitality/brief","limitation":"Brief is not securities offering material or investment advice.","nextAction":"Review with counsel before using in fundraising or investor solicitation."},{"name":"Pilot conversion proof","owner":"Sales operations + Buyer Diligence","status":"active","capability":"Tie Deal Room, pricing, pilot intake, sales operations, and attribution analytics into one conversion path.","proof":"/pilot-deal-room, /pricing, /sales-operations, /attribution-analytics","limitation":"Conversion proof is operating evidence, not customer revenue guarantee.","nextAction":"Keep every opportunity source, buyer segment, offer, and next action tagged."},{"name":"Unit economics and board metrics","owner":"Finance + protected operator metrics owner","status":"operator-required","capability":"Collect no-PHI operator metrics, board scorecards, rollups, and methodology gates in protected workspaces.","proof":"/public-market-readiness and /pilot-workspace/access","limitation":"Protected metrics are not audited financial statements.","nextAction":"Use AAL2 protected capture for real operating metrics and preserve methodology notes."},{"name":"Security and compliance review packet","owner":"Security + legal + qualified external reviewers","status":"external-review-required","capability":"Package provider security reviews, procurement evidence routing, and approval tracks.","proof":"/approvals-readiness and /pilot-workspace/access","limitation":"Readiness packet is not security certification or legal approval.","nextAction":"Retain qualified reviewers before enterprise assurance language expands."},{"name":"Customer reference and public proof permission","owner":"Buyer Diligence + Release Steward + counsel","status":"external-review-required","capability":"Use release-control chain before any customer-specific evidence, logo, case study, or testimonial is shared.","proof":"/buyer-release-control-run","limitation":"No public customer proof is allowed without explicit approval and retained release evidence.","nextAction":"Keep distribution lockbox disabled until reviewer signoffs and recipient/access controls exist."},{"name":"Offer packaging and pricing discipline","owner":"Enterprise sales + product","status":"active","capability":"Keep assessments, pilots, governance audits, blueprints, protected pilots, and strategic partnerships packaged.","proof":"/pricing","limitation":"Pricing is non-binding and does not imply production authority or procurement acceptance.","nextAction":"Use fixed scopes and clear upgrade paths to protect margin and reduce buyer ambiguity."},{"name":"Competitive edge proof refresh","owner":"Founder + market activation + source intelligence","status":"active","capability":"Maintain moat signals as proof-backed operating claims rather than broad market assertions.","proof":"/competitive-edge, /source-intelligence, /market-activation","limitation":"Competitive positioning cannot imply third-party endorsement, partnership, certification, or guaranteed outcomes.","nextAction":"Refresh proof routes when product capabilities or external review posture changes."},{"name":"Legal and securities review","owner":"Founder + qualified counsel","status":"external-review-required","capability":"Separate operating readiness from fundraising solicitation, securities material, valuation, and investor advice.","proof":"/capital-vitality and /public-market-readiness","limitation":"SCRIMED cannot self-authorize investment materials or securities offering language.","nextAction":"Run any investor solicitation, SAFE/equity note, valuation, or offering deck through counsel."}],"proofRoutes":["/product","/pilot-deal-room","/pilots","/pricing","/pilot","/sales-operations","/approvals-readiness","/boundary-resolution","/clinical-authority-readiness","/trust-center","/agents","/workflows","/healthcare-intelligence-os","/interoperability","/pilot-workspace/access","/buyer-release-control-run","/trust-safety-operations","/qa-claim-guard","/claims","/deployment-profiles","/global-reach","/market-activation","/interoperability/evaluations","/integrations","/synthetic/validation","/atlas","/trust-os","/api/product/console","/trust","/source-intelligence","/workflows/results","/qa-buyer-proof-release","/service-reliability","/navigation","/release-continuity","/api/navigation-audit","/api/navigation-audit/brief","/public-market-readiness","/api/public-market-readiness","/integrations/fixture-validation","/attribution-analytics","/capital-vitality","/","/hub","/qa-aal2-run-evidence","/qa-manual-execution-console","/api/capital-vitality/brief","/public-market-readiness and /pilot-workspace/access","/approvals-readiness and /pilot-workspace/access","/competitive-edge","/capital-vitality and /public-market-readiness"],"nextCapitalMove":"Use Capital Vitality as the executive growth lane: sell packaged synthetic and governance offers now, keep protected buyer/funding proof gated through AAL2 and release controls, refresh moat evidence before claims expand, and route any fundraising, valuation, securities, legal, reimbursement, security, PHI, or live-care claim through qualified external review.","updated":"2026-06-24"},"clientOnboarding":{"service":"scrimed-client-onboarding-communications","route":"/client-onboarding","apiRoute":"/api/client-onboarding","briefRoute":"/api/client-onboarding/brief","status":"client-onboarding-communications-control-plane-active","briefStatus":"client-onboarding-communications-brief-ready-no-sent-communication","boundary":"SCRIMED Client Onboarding and Communications organizes buyer onboarding, demos, pilots, presentations, meeting cadences, email-ready copy, calendar-ready agendas, internal handoffs, and follow-up discipline for business-contact and workflow metadata only. It drafts and routes communications; it does not send email, create calendar invites, bind contracts, approve procurement, store PHI, process live clinical records, create customer permission, provide legal/accounting/tax advice, certify compliance, approve security posture, guarantee revenue, approve production connectors, or authorize live clinical care.","authority":{"communicationAuthority":"templates-only-human-send-required","calendarAuthority":"calendar-ready-not-invite-created","dataBoundary":"business-contact-workflow-and-metadata-only","phiAuthority":"not-authorized-production-phi","clinicalCareAuthority":"not-authorized-live-care","contractAuthority":"not-contract-approval","procurementAuthority":"not-procurement-approval","legalAuthority":"qualified-review-required","accountingAuthority":"qualified-accounting-review-required","securityCertification":"not-security-certified","revenueAuthority":"not-revenue-guarantee"},"stageCount":8,"humanReviewStageCount":3,"externalReviewStageCount":2,"templateCount":9,"emailTemplateCount":3,"calendarTemplateCount":3,"calendarPacketCount":6,"meetingCadenceCount":5,"presentationPacketCount":5,"controlCount":8,"handoffCount":6,"proofRouteCount":24,"hardStopCount":61,"blockedContentCount":55,"personalizationFieldCount":28,"approvalGateCount":32,"ownerCount":17,"stageStatusCounts":{"ready":2,"human-review-required":3,"buyer-input-required":1,"external-review-required":2},"controlStatusCounts":{"human-review-required":2,"blocked-before-approval":1,"ready":4,"external-review-required":1},"recommendedOperatingPath":["Inquiry qualification","Discovery scheduling","Demo preparation","Demo follow-up","Pilot scoping","Security and procurement review","Kickoff and onboarding","Review, renewal, and expansion"],"nextBuildStep":"Use /client-onboarding as the communication control plane for every buyer meeting: choose the stage, select a human-reviewed template, use the calendar-safe packet, assign follow-up owner, and route any legal, finance, security, PHI, production, or clinical request to the proper boundary owner before external commitments expand.","clientOnboardingStages":[{"slug":"inquiry-qualification","name":"Inquiry Qualification","status":"ready","buyerMoment":"A buyer, partner, advisor, or internal sponsor asks what SCRIMED can do.","owner":"Founder + Revenue Operations","objective":"Classify buyer fit, urgency, workflow target, sponsor, no-PHI boundary, and best next meeting.","requiredInputs":["Business contact","Organization type","Workflow pain","Sponsor role","No-PHI acknowledgement"],"buyerOutputs":["Fit response","Discovery scheduling options","Safe proof route"],"internalOutputs":["Qualified lead note","Selected onboarding path","Initial disqualifier check"],"proofRoutes":["/offerings","/pricing","/pilot","/boundary-resolution"],"hardStops":["PHI in intake","production credential shared","legal or clinical approval requested"]},{"slug":"discovery-scheduling","name":"Discovery Scheduling","status":"human-review-required","buyerMoment":"A qualified contact needs a meeting that is easy to accept and safe to route.","owner":"Revenue Operations","objective":"Send a concise agenda, required attendees, no-PHI rule, and outcome definition before the call.","requiredInputs":["Buyer role","Preferred times","Target workflow","Attendee list","Communication consent"],"buyerOutputs":["Calendar-ready description","Discovery agenda","Pre-call no-PHI note"],"internalOutputs":["Meeting owner","CRM-safe record","Follow-up SLA timer"],"proofRoutes":["/client-onboarding","/sales-operations","/growth-engine"],"hardStops":["calendar invite without human approval","PHI or credentials in event body","unsupported promise in agenda"]},{"slug":"demo-preparation","name":"Demo Preparation","status":"ready","buyerMoment":"A buyer needs a tailored demonstration matched to their use case and proof needs.","owner":"Sales Engineering + Product Console","objective":"Pair the buyer problem with the correct demo, proof route, talk track, and claim guard.","requiredInputs":["Selected offer","Buyer priority","Demo route","Success question","Known objections"],"buyerOutputs":["Demo confirmation","Run-of-show","Proof route list"],"internalOutputs":["Demo script","Blocked-claim checklist","Follow-up packet plan"],"proofRoutes":["/demos","/pilot-deal-room","/qa-claim-guard","/offerings"],"hardStops":["live patient data requested","custom claim without evidence","customer reference implied without permission"]},{"slug":"demo-follow-up","name":"Demo Follow-Up","status":"human-review-required","buyerMoment":"The buyer has seen the product and needs a clear next decision path.","owner":"Revenue Operations + Buyer Diligence","objective":"Deliver recap, decision criteria, next-step options, proof routes, and unanswered-question owners within one business day.","requiredInputs":["Attendee questions","Selected next action","Proof gaps","Decision owner","Follow-up owner"],"buyerOutputs":["Recap email","Proof route links","Next-step recommendation"],"internalOutputs":["Opportunity update","Objection log","Pilot or diligence handoff"],"proofRoutes":["/pilot-deal-room","/sales-operations","/offerings"],"hardStops":["ROI guarantee","clinical approval implied","unpriced custom work promised"]},{"slug":"pilot-scoping","name":"Pilot Scoping","status":"buyer-input-required","buyerMoment":"A buying committee wants a governed pilot with scope, criteria, and owners.","owner":"Deal Desk + Product + TrustOS","objective":"Convert interest into scoped pilot package, decision criteria, success metrics, data boundary, and review path.","requiredInputs":["Sponsor","Workflows","Success metrics","Review team","Procurement path","Data boundary"],"buyerOutputs":["Pilot scoping note","Workshop agenda","Decision criteria"],"internalOutputs":["Pilot package","Price floor","Diligence path","Required approvals"],"proofRoutes":["/pilots","/pilot","/enterprise-business-ops","/global-certification-readiness"],"hardStops":["PHI in pilot scope","production connector dependency","SOW or price commitment without review"]},{"slug":"security-procurement-review","name":"Security and Procurement Review","status":"external-review-required","buyerMoment":"Security, privacy, legal, procurement, or finance reviewers need diligence material.","owner":"TrustOps + Legal Ops + Finance","objective":"Route no-PHI diligence packets, blocked claims, security review needs, legal/finance owners, and remaining gates.","requiredInputs":["Reviewer roles","Questionnaire class","Procurement process","Security expectations","Contract path"],"buyerOutputs":["Diligence packet outline","Reviewer agenda","Open-gate register"],"internalOutputs":["External-review queue","Counsel/accounting/tax routing","Security evidence request"],"proofRoutes":["/enterprise-business-ops","/approvals-readiness","/global-certification-readiness","/boundary-resolution"],"hardStops":["certification claim without proof","contract language approved informally","security review represented as passed"]},{"slug":"kickoff-onboarding","name":"Kickoff and Onboarding","status":"human-review-required","buyerMoment":"A scoped assessment or pilot needs a structured start with owners, cadence, and evidence rules.","owner":"Customer Operations + Product + TrustOS","objective":"Start delivery with no-PHI rules, owners, evidence cadence, escalation path, and meeting rhythm.","requiredInputs":["Signed or approved scope","Named owners","Cadence","Proof routes","Escalation owners"],"buyerOutputs":["Kickoff invite","Onboarding checklist","Evidence cadence"],"internalOutputs":["Delivery workspace","Owner matrix","First-week action plan"],"proofRoutes":["/pilot-workspace/access","/continuous-review-audit","/service-reliability","/operational-efficiency"],"hardStops":["scope not approved","PHI requested before BAA/security gate","customer invitation before tenant/access approval"]},{"slug":"review-renewal-expansion","name":"Review, Renewal, and Expansion","status":"external-review-required","buyerMoment":"A pilot, assessment, or retainer needs a progress review, renewal, or expansion conversation.","owner":"Customer Operations + Revenue Operations + Finance","objective":"Summarize outcomes, open gates, next-package recommendation, renewal health, and expansion constraints.","requiredInputs":["Approved evidence","Open gates","Buyer feedback","Usage assumptions","Commercial next step"],"buyerOutputs":["Review agenda","Renewal or expansion packet","Open-gate summary"],"internalOutputs":["Renewal health note","Expansion scope","Finance and claim review queue"],"proofRoutes":["/continuous-review-audit","/enterprise-business-ops","/public-market-readiness","/qa-buyer-proof-release"],"hardStops":["customer value claim without permission","revenue or ROI guarantee","production expansion without approvals"]}],"clientCommunicationTemplates":[{"slug":"qualified-inquiry-response","name":"Qualified Inquiry Response","channel":"email","trigger":"New buyer, partner, advisor, or internal sponsor passes initial no-PHI fit check.","audience":"Prospective buyer or partner sponsor","subject":"SCRIMED next step: discovery for {workflow_or_priority}","template":"Hi {first_name}, thanks for reaching out. Based on your note about {workflow_or_priority}, the safest next step is a no-PHI discovery call focused on current workflow friction, review owners, and the right SCRIMED proof route. We will not ask for patient data, credentials, production access, or sensitive records in this call. If useful, I can send a 30-minute calendar hold with the agenda below.","personalizationFields":["first_name","workflow_or_priority","organization","preferred_times"],"approvalGates":["Human send approval","No PHI in thread","No unsupported claims","CRM-safe source captured"],"blockedContent":["patient identifiers","production credentials","certification claims","guaranteed ROI"]},{"slug":"discovery-calendar-description","name":"Discovery Calendar Description","channel":"calendar-invite","trigger":"Qualified inquiry is approved for discovery scheduling.","audience":"Buyer sponsor, workflow owner, and SCRIMED revenue owner","subject":"SCRIMED discovery: {workflow_or_priority}","template":"Agenda: 1. Confirm workflow priority and buyer goals. 2. Identify review owners and decision criteria. 3. Match the need to demos, offerings, or pilot paths. 4. Confirm no-PHI boundaries and next steps. Please do not include PHI, patient identifiers, production credentials, live clinical records, contract secrets, or security-sensitive artifacts in this invitation or call.","personalizationFields":["workflow_or_priority","attendees","meeting_owner","conference_link"],"approvalGates":["Calendar owner approval","No PHI or credentials","Attendee list approved"],"blockedContent":["PHI","patient identifiers","credentials","signed contracts","security secrets"]},{"slug":"demo-confirmation","name":"Demo Confirmation Email","channel":"email","trigger":"Discovery identifies the right SCRIMED demonstration route.","audience":"Demo attendees and buyer sponsor","subject":"SCRIMED demo confirmation: {demo_name}","template":"Hi {first_name}, confirming our SCRIMED demo for {demo_name}. We will use synthetic examples only and focus on how the workflow, evidence, controls, and retained approval boundaries work. The goal is to decide whether a scoped assessment, pilot workshop, diligence packet, or no-go decision is the right next step.","personalizationFields":["first_name","demo_name","demo_route","decision_question"],"approvalGates":["Demo owner approval","Claims guard reviewed","No customer reference without permission"],"blockedContent":["live patient data","customer claim without permission","clinical validation claim"]},{"slug":"demo-run-of-show","name":"Demo Run Of Show","channel":"demo-script","trigger":"Demo is scheduled and proof routes are selected.","audience":"SCRIMED demo operator and sales engineering","subject":"Internal demo run of show: {demo_name}","template":"Open with buyer problem, no-PHI boundary, and expected decision. Show the selected demo route, proof routes, and evidence controls. Pause for buyer questions, classify each as product, security, clinical, legal, finance, data, or procurement. Close with one recommended next step and blocked claims that remain unavailable.","personalizationFields":["demo_name","buyer_problem","proof_routes","next_step"],"approvalGates":["Operator runbook reviewed","Blocked claims checked","Follow-up owner assigned"],"blockedContent":["diagnosis","treatment recommendation","reimbursement guarantee","security certification claim"]},{"slug":"demo-follow-up","name":"Demo Follow-Up Email","channel":"email","trigger":"Demo ends and buyer questions are captured.","audience":"Buyer sponsor and attendees","subject":"SCRIMED recap and recommended next step","template":"Thank you for the time today. The main workflow themes were {themes}. The best next step appears to be {recommended_next_step}, with these proof routes: {proof_routes}. Open items: {open_items}. We are keeping this in no-PHI, synthetic-evaluation mode until any privacy, security, legal, clinical, or production approvals are formally reviewed.","personalizationFields":["themes","recommended_next_step","proof_routes","open_items"],"approvalGates":["Human send approval","Open items assigned","No unsupported ROI/customer claims"],"blockedContent":["guaranteed savings","approved clinical use","security review passed","contract approved"]},{"slug":"pilot-workshop-invite","name":"Pilot Workshop Invite","channel":"calendar-invite","trigger":"Buyer wants to scope a paid synthetic pilot or readiness sprint.","audience":"Buyer sponsor, workflow owner, security/privacy reviewer, finance/procurement contact, SCRIMED owner","subject":"SCRIMED pilot scoping workshop: {workflow_or_priority}","template":"Agenda: 1. Confirm pilot objective and decision criteria. 2. Identify workflows, excluded data, and no-PHI requirements. 3. Review proof routes, cadence, and reviewer roles. 4. Confirm commercial, legal, security, and procurement gates. Outcome: scoped next-step recommendation, open-gate register, and owner map.","personalizationFields":["workflow_or_priority","attendees","decision_criteria","review_owners"],"approvalGates":["Workshop owner approval","Reviewer roles identified","No production access request"],"blockedContent":["PHI","production endpoint","unreviewed SOW","price commitment without deal desk"]},{"slug":"security-procurement-note","name":"Security And Procurement Packet Note","channel":"handoff-note","trigger":"Security, privacy, legal, finance, or procurement diligence enters the buyer path.","audience":"Buyer diligence reviewers and SCRIMED legal/finance/security owners","subject":"SCRIMED diligence packet and open gates","template":"Attached is the SCRIMED diligence path for {buyer_context}. This material summarizes readiness evidence, proof routes, open approvals, and blocked claims. It does not certify compliance, approve security posture, authorize PHI processing, approve a BAA, or bind contract terms. Please route reviewer-specific questions to the assigned owner list.","personalizationFields":["buyer_context","assigned_owners","open_gates","proof_routes"],"approvalGates":["Qualified owner review","No certification claim","Contract authority separated"],"blockedContent":["BAA approved","SOC 2 certified","HIPAA certified","contract accepted"]},{"slug":"kickoff-invite","name":"Kickoff Invite And Agenda","channel":"calendar-invite","trigger":"Scope is approved for assessment, sprint, pilot, or retained review.","audience":"Buyer sponsor, implementation owner, review owners, SCRIMED delivery team","subject":"SCRIMED kickoff: {engagement_name}","template":"Agenda: 1. Confirm approved scope, owners, and no-PHI rules. 2. Review delivery cadence and proof routes. 3. Assign first-week actions and escalation owners. 4. Confirm evidence, follow-up, and change-control process. Please do not place PHI, credentials, production records, or confidential contract artifacts in the event body.","personalizationFields":["engagement_name","owners","cadence","first_week_actions"],"approvalGates":["Scope approval retained","Access or tenant gate approved if needed","No PHI in event"],"blockedContent":["PHI","production credentials","contract secrets","access before approval"]},{"slug":"renewal-expansion-review","name":"Renewal And Expansion Review","channel":"presentation","trigger":"Pilot, assessment, or retainer reaches review, renewal, or expansion point.","audience":"Executive sponsor, buyer team, SCRIMED revenue and delivery owners","subject":"SCRIMED review: outcomes, open gates, and next package","template":"Frame the review around approved evidence, open gates, unresolved risks, next package options, and retained approval boundaries. Avoid customer-value, ROI, clinical, security, or compliance claims unless exact language has approval and retained evidence.","personalizationFields":["outcomes","open_gates","next_package","approval_status"],"approvalGates":["Evidence reviewed","Customer permission checked","Finance/legal claims reviewed"],"blockedContent":["customer public claim","ROI guarantee","clinical validation claim","compliance certified"]}],"clientCalendarPackets":[{"slug":"discovery-call","title":"SCRIMED Discovery Call","durationMinutes":30,"meetingType":"discovery","calendarDescription":"Confirm workflow priority, review owners, no-PHI rule, and best SCRIMED next step. Do not include PHI, patient identifiers, credentials, or production records.","attendeeRules":["Buyer sponsor","Workflow owner when available","SCRIMED revenue owner"],"schedulingRules":["Offer two to three time windows","Include no-PHI notice","Assign follow-up owner before send"],"followUpSla":"Send recap and recommended next step within one business day.","boundary":"Discovery does not approve pilot scope, procurement, PHI, or clinical use."},{"slug":"tailored-demo","title":"SCRIMED Tailored Demo","durationMinutes":45,"meetingType":"demo","calendarDescription":"Review the selected synthetic demo, proof routes, decision criteria, and retained approval boundaries.","attendeeRules":["Buyer sponsor","Workflow owner","Optional security/privacy reviewer","SCRIMED demo operator"],"schedulingRules":["Attach demo route","Block unsupported customer claims","Confirm synthetic-only setup"],"followUpSla":"Send demo recap, open questions, and recommended next action within one business day.","boundary":"Demo uses synthetic examples only and does not authorize live data or production workflow execution."},{"slug":"pilot-scoping-workshop","title":"SCRIMED Pilot Scoping Workshop","durationMinutes":60,"meetingType":"pilot-workshop","calendarDescription":"Define pilot objective, success metrics, workflow scope, review owners, commercial path, and open approval gates.","attendeeRules":["Executive sponsor","Workflow owner","Security/privacy contact","Procurement or finance contact","SCRIMED deal owner"],"schedulingRules":["Confirm buyer decision criteria","Reject PHI and production endpoint details","Route custom work to deal desk"],"followUpSla":"Deliver scoping note and owner map within two business days.","boundary":"Workshop does not create signed scope, price commitment, production access, or customer approval."},{"slug":"security-procurement-review","title":"SCRIMED Security And Procurement Review","durationMinutes":45,"meetingType":"security-review","calendarDescription":"Review diligence evidence, open security/privacy/legal/procurement gates, blocked claims, and owner assignments.","attendeeRules":["Buyer security/privacy reviewer","Buyer procurement or legal contact","SCRIMED security/legal/finance owner"],"schedulingRules":["Use no-PHI diligence material","Separate contract authority","Keep certification claims behind proof"],"followUpSla":"Return open-gate register and owner list within two business days.","boundary":"Review does not certify security, approve BAA, approve contract terms, or authorize PHI."},{"slug":"pilot-kickoff","title":"SCRIMED Pilot Kickoff","durationMinutes":60,"meetingType":"kickoff","calendarDescription":"Confirm approved scope, owners, cadence, no-PHI rules, proof routes, escalation path, and first-week actions.","attendeeRules":["Buyer sponsor","Implementation owner","Review owners","SCRIMED delivery and trust owners"],"schedulingRules":["Require approved scope","Confirm evidence cadence","Keep sensitive artifacts out of invite body"],"followUpSla":"Publish owner matrix and first-week actions within one business day.","boundary":"Kickoff does not bypass access, tenant, BAA, security, connector, or clinical approval gates."},{"slug":"renewal-expansion-review","title":"SCRIMED Renewal And Expansion Review","durationMinutes":45,"meetingType":"renewal-review","calendarDescription":"Review approved evidence, open gates, outcomes, renewal health, expansion options, and retained boundaries.","attendeeRules":["Executive sponsor","Buyer workflow owner","SCRIMED revenue owner","Finance or delivery owner when needed"],"schedulingRules":["Use approved evidence only","Do not include customer value claims without permission","Route expansion through deal desk"],"followUpSla":"Send review packet and next-package recommendation within three business days.","boundary":"Review does not guarantee ROI, reimbursement, revenue, production approval, or customer public permission."}],"clientMeetingCadences":[{"slug":"lead-response-triage","name":"Lead Response Triage","cadence":"Daily business-day review with same-day response target for qualified inbound interest.","owner":"Revenue Operations","attendees":["Founder or revenue owner","Product Console owner when technical fit is unclear"],"agenda":["Classify source and buyer role","Check no-PHI boundary","Assign next communication","Log follow-up SLA"],"inputs":["Inbound note","Source attribution","Buyer organization","Workflow topic"],"outputs":["Qualified, nurture, partner, or no-fit label","Approved response template","Owner assignment"],"schedulingRules":["Do not request PHI","Do not promise a demo before fit is checked","Use CRM-safe notes only"],"boundary":"Triage is not customer acceptance, clinical advice, legal advice, or contract approval."},{"slug":"demo-office-hours","name":"Demo Office Hours","cadence":"Twice weekly pooled demo blocks for qualified prospects.","owner":"Sales Engineering","attendees":["Demo operator","Revenue owner","Product owner as needed"],"agenda":["Confirm demo fit","Review script","Check claims guard","Capture buyer questions"],"inputs":["Buyer profile","Selected demo","Proof routes","Blocked claims"],"outputs":["Demo-ready runbook","Follow-up owner","Pilot or diligence recommendation"],"schedulingRules":["Use synthetic demos only","Avoid customer-specific claims","Keep unsupported requests in open items"],"boundary":"Demo office hours do not create production approval or customer reference permission."},{"slug":"pilot-scope-board","name":"Pilot Scope Board","cadence":"Weekly review of active pilot scoping opportunities.","owner":"Deal Desk + Product","attendees":["Revenue owner","Product owner","TrustOS owner","Finance or legal reviewer when needed"],"agenda":["Review scope","Check data boundary","Confirm price floor","Assign open approvals"],"inputs":["Pilot workshop notes","Buyer decision criteria","Workflow count","Open gates"],"outputs":["Pilot package","Diligence path","Approval owner map","Next action"],"schedulingRules":["No unpriced implementation work","No PHI-dependent pilot scope","Separate custom proof packets from standard work"],"boundary":"Pilot scope board does not approve contract terms, PHI, security posture, or production connectors."},{"slug":"security-procurement-queue","name":"Security And Procurement Queue","cadence":"Weekly or deal-triggered review when diligence questions arrive.","owner":"TrustOps + Legal Ops + Finance","attendees":["Security owner","Legal owner","Finance owner","Revenue owner"],"agenda":["Classify diligence request","Attach existing proof routes","Assign qualified reviewer","Block unsupported claims"],"inputs":["Questionnaire","Reviewer role","Contract path","Open claims"],"outputs":["Reviewer packet","Open-gate register","Owner list","Blocked claim note"],"schedulingRules":["Do not self-certify","Do not approve contract terms in operational notes","Do not store sensitive artifacts"],"boundary":"Queue prepares evidence only; qualified reviewers retain authority."},{"slug":"pilot-steering","name":"Pilot Steering Cadence","cadence":"Weekly during active pilot or readiness sprint; biweekly for retainer review.","owner":"Customer Operations + TrustOS","attendees":["Buyer sponsor","Workflow owner","SCRIMED delivery owner","TrustOS or QA owner"],"agenda":["Review progress","Inspect open gates","Confirm evidence cadence","Assign next actions"],"inputs":["Approved scope","Evidence route","Open blockers","Buyer feedback"],"outputs":["Action register","Risk update","Next proof packet","Renewal or expansion signal"],"schedulingRules":["Keep PHI out of notes","Route scope changes to deal desk","Do not expand claims without proof"],"boundary":"Steering cadence does not authorize clinical use, public claims, or production expansion."}],"clientPresentationPackets":[{"slug":"executive-buyer-overview","name":"Executive Buyer Overview","audience":"C-suite, transformation, operations, clinical informatics, and board-adjacent buyer sponsors","route":"/product","sections":["Buyer problem","SCRIMED operating model","Offer path","Proof routes","Retained boundaries","Recommended next step"],"talkTrack":["Start with workflow friction and governance risk, not AI novelty.","Show the route from assessment to synthetic pilot to protected diligence.","End with one next decision and the no-PHI boundary."],"proofRoutes":["/product","/offerings","/pilot-deal-room","/boundary-resolution"],"blockedClaims":["clinical validation","customer value proof without permission","security certification"],"approvalGate":"Claims governance review before buyer-specific sharing."},{"slug":"demo-operator-deck","name":"Demo Operator Deck","audience":"Sales engineering, buyer workflow owners, and product reviewers","route":"/demos","sections":["No-PHI boundary","Demo objective","Workflow walkthrough","Evidence controls","Questions","Next step"],"talkTrack":["Anchor every scene to the buyer decision question.","Show source trace, review state, controls, and limits.","Capture objections into the follow-up owner map."],"proofRoutes":["/demos","/qa-claim-guard","/pilot-deal-room"],"blockedClaims":["live patient use","autonomous clinical decision","guaranteed savings"],"approvalGate":"Demo script and blocked claims reviewed before use."},{"slug":"security-procurement-packet","name":"Security And Procurement Packet","audience":"Security, privacy, legal, procurement, finance, and compliance reviewers","route":"/enterprise-business-ops","sections":["Scope boundary","Evidence routes","Approval tracks","Open gates","Reviewer owner map","Blocked claims"],"talkTrack":["Separate readiness evidence from certification or approval claims.","Make open gates explicit and owned.","Route sensitive artifacts to approved external systems rather than event bodies or public pages."],"proofRoutes":["/approvals-readiness","/global-certification-readiness","/enterprise-business-ops","/boundary-resolution"],"blockedClaims":["BAA approved","SOC 2 certified","contract approved","PHI approved"],"approvalGate":"Qualified legal, security, privacy, and finance review for buyer-specific use."},{"slug":"pilot-kickoff-deck","name":"Pilot Kickoff Deck","audience":"Buyer sponsor, workflow owner, delivery team, and review owners","route":"/pilot-workspace/access","sections":["Approved scope","Owner matrix","No-PHI rules","Cadence","Evidence route","Escalation path","First-week actions"],"talkTrack":["Confirm what is approved and what remains blocked.","Give every owner a first-week action.","Keep proof cadence and escalation visible from day one."],"proofRoutes":["/pilot-workspace/access","/continuous-review-audit","/service-reliability"],"blockedClaims":["production activation","live data approved","clinical care authorized"],"approvalGate":"Scope, owner, access, and evidence-cadence approval retained before kickoff."},{"slug":"renewal-expansion-proof-review","name":"Renewal And Expansion Proof Review","audience":"Executive sponsor, finance, operations, product, and delivery owners","route":"/public-market-readiness","sections":["Approved evidence","Operational outcomes","Open gates","Renewal health","Expansion options","Claim constraints"],"talkTrack":["Use approved evidence and open gates side by side.","Keep financial or customer-value language qualified until reviewed.","Convert expansion interest into scoped package options."],"proofRoutes":["/public-market-readiness","/enterprise-business-ops","/qa-buyer-proof-release","/offerings"],"blockedClaims":["ROI guaranteed","customer endorsement","public case study approved"],"approvalGate":"Customer permission, counsel, finance, and release decision before external value claims."}],"clientOnboardingControls":[{"slug":"human-send-approval","control":"Human send approval","status":"human-review-required","owner":"Revenue Operations","purpose":"Prevent drafts from becoming external communications without accountable review.","requiredEvidence":["Template selected","Recipient context checked","No-PHI scan","Claim guard reviewed"],"hardStops":["automatic send attempted","unsupported claim present","recipient list unknown"]},{"slug":"no-phi-communication","control":"No-PHI communication boundary","status":"blocked-before-approval","owner":"Privacy + TrustOS","purpose":"Keep email, invite bodies, agendas, and presentation notes free of PHI, identifiers, credentials, and live records.","requiredEvidence":["No-PHI reminder in calendar-ready content","Sensitive artifact route separated","Owner assigned for exceptions"],"hardStops":["PHI in message","production credentials in invite","live record attached"]},{"slug":"calendar-safe-fields","control":"Calendar-safe field policy","status":"ready","owner":"Revenue Operations + Security","purpose":"Make events schedulable without leaking sensitive data or implying approvals.","requiredEvidence":["Meeting type","duration","approved attendees","no-PHI description","follow-up SLA"],"hardStops":["sensitive artifacts in event body","attendees not approved","approval claim in title"]},{"slug":"presentation-claim-guard","control":"Presentation claim guard","status":"external-review-required","owner":"Claims Governance + Legal Ops","purpose":"Keep demos, decks, and meeting language aligned to retained evidence and blocked claims.","requiredEvidence":["Proof route list","Blocked claims reviewed","Buyer-specific claims approved before use"],"hardStops":["customer claim without permission","certification claim","ROI or revenue guarantee"]},{"slug":"crm-and-source-logging","control":"CRM and source logging","status":"ready","owner":"Sales Operations","purpose":"Capture contact source, stage, owner, and next action without storing sensitive content.","requiredEvidence":["Source captured","Stage assigned","Owner assigned","Follow-up SLA set"],"hardStops":["contact source missing","owner missing","sensitive notes copied into CRM"]},{"slug":"follow-up-sla","control":"Follow-up SLA","status":"ready","owner":"Revenue Operations + Customer Operations","purpose":"Ensure demos, workshops, diligence reviews, and kickoff meetings produce timely next actions.","requiredEvidence":["Meeting outcome","Open items","Owner map","Due date"],"hardStops":["no owner for open item","follow-up without boundary review","unreviewed custom scope"]},{"slug":"handoff-before-commitment","control":"Handoff before commitment","status":"human-review-required","owner":"Deal Desk + Product + TrustOS","purpose":"Move opportunities between sales, product, delivery, trust, legal, finance, and customer operations with artifacts instead of informal memory.","requiredEvidence":["Selected package","Proof routes","Open gates","Decision owner","Next action"],"hardStops":["commitment made before handoff","price or scope not reviewed","production gate omitted"]},{"slug":"meeting-notes-boundary","control":"Meeting notes boundary","status":"ready","owner":"Customer Operations","purpose":"Keep notes useful for execution while excluding PHI, secrets, unsupported claims, and contract conclusions.","requiredEvidence":["Notes owner","No-PHI scan","Open claims separated","Sensitive artifact references externalized"],"hardStops":["PHI in notes","contract conclusion in notes","security-sensitive artifact copied"]}],"clientOnboardingHandoffs":[{"slug":"inquiry-to-discovery","from":"Inbound or referral source","to":"Revenue Operations","trigger":"Buyer fit and no-PHI acknowledgement are present.","requiredArtifacts":["Qualified lead note","Source attribution","Initial workflow priority","Preferred scheduling windows"],"nextAction":"Approve response and send discovery calendar-ready copy.","proofRoutes":["/client-onboarding","/sales-attribution","/growth-engine"],"hardStops":["PHI in intake","no contact consent","no owner assigned"]},{"slug":"discovery-to-demo","from":"Revenue Operations","to":"Sales Engineering + Product Console","trigger":"Discovery identifies a demo-worthy use case and decision question.","requiredArtifacts":["Buyer problem","Selected demo","Decision question","Blocked claims","Proof route list"],"nextAction":"Prepare demo script and confirmation email.","proofRoutes":["/demos","/offerings","/qa-claim-guard"],"hardStops":["demo requires live patient data","unsupported customer reference requested","no follow-up owner"]},{"slug":"demo-to-pilot-scoping","from":"Sales Engineering","to":"Deal Desk + Product + TrustOS","trigger":"Buyer asks for pilot, assessment, diligence, or implementation path.","requiredArtifacts":["Demo recap","Open questions","Recommended package","Decision criteria","Open gates"],"nextAction":"Schedule pilot scoping workshop and price-floor review.","proofRoutes":["/pilots","/enterprise-business-ops","/pilot-deal-room"],"hardStops":["price commitment without deal desk","PHI-dependent scope","unreviewed SOW language"]},{"slug":"pilot-to-security-procurement","from":"Deal Desk","to":"TrustOps + Legal Ops + Finance","trigger":"Buyer diligence, security, privacy, procurement, legal, or finance review begins.","requiredArtifacts":["Scope draft","Reviewer roles","Open-gate register","Blocked claims","Diligence packet route"],"nextAction":"Assign qualified reviewers and return no-authority packet.","proofRoutes":["/approvals-readiness","/global-certification-readiness","/boundary-resolution"],"hardStops":["certification self-claim","contract approval implied","BAA or PHI approval represented"]},{"slug":"approved-scope-to-kickoff","from":"Deal Desk + Revenue Operations","to":"Customer Operations + Delivery + TrustOS","trigger":"Assessment, sprint, pilot, or retainer scope is approved for kickoff.","requiredArtifacts":["Approved scope","Owner matrix","No-PHI rules","Meeting cadence","Evidence routes","Escalation path"],"nextAction":"Schedule kickoff and publish first-week action register.","proofRoutes":["/pilot-workspace/access","/continuous-review-audit","/operational-efficiency"],"hardStops":["scope not approved","access gate skipped","sensitive data requested before approval"]},{"slug":"delivery-to-renewal","from":"Customer Operations + Delivery","to":"Revenue Operations + Finance + Product","trigger":"Pilot, assessment, or retainer reaches review or renewal checkpoint.","requiredArtifacts":["Approved evidence","Open gates","Buyer feedback","Support load","Next-package option"],"nextAction":"Prepare renewal or expansion review with claims and finance review.","proofRoutes":["/public-market-readiness","/enterprise-business-ops","/qa-buyer-proof-release"],"hardStops":["customer value claim without permission","ROI guarantee","production expansion without approvals"]}],"proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief","/offerings","/pricing","/pilot","/boundary-resolution","/sales-operations","/growth-engine","/demos","/pilot-deal-room","/qa-claim-guard","/pilots","/enterprise-business-ops","/global-certification-readiness","/approvals-readiness","/pilot-workspace/access","/continuous-review-audit","/service-reliability","/operational-efficiency","/public-market-readiness","/qa-buyer-proof-release","/product","/sales-attribution"],"hardStops":["PHI in intake","production credential shared","legal or clinical approval requested","calendar invite without human approval","PHI or credentials in event body","unsupported promise in agenda","live patient data requested","custom claim without evidence","customer reference implied without permission","ROI guarantee","clinical approval implied","unpriced custom work promised","PHI in pilot scope","production connector dependency","SOW or price commitment without review","certification claim without proof","contract language approved informally","security review represented as passed","scope not approved","PHI requested before BAA/security gate","customer invitation before tenant/access approval","customer value claim without permission","revenue or ROI guarantee","production expansion without approvals","automatic send attempted","unsupported claim present","recipient list unknown","PHI in message","production credentials in invite","live record attached","sensitive artifacts in event body","attendees not approved","approval claim in title","customer claim without permission","certification claim","ROI or revenue guarantee","contact source missing","owner missing","sensitive notes copied into CRM","no owner for open item","follow-up without boundary review","unreviewed custom scope","commitment made before handoff","price or scope not reviewed","production gate omitted","PHI in notes","contract conclusion in notes","security-sensitive artifact copied","no contact consent","no owner assigned","demo requires live patient data","unsupported customer reference requested","no follow-up owner","price commitment without deal desk","PHI-dependent scope","unreviewed SOW language","certification self-claim","contract approval implied","BAA or PHI approval represented","access gate skipped","sensitive data requested before approval"],"blockedContent":["email sent automatically","calendar invite created automatically","customer approved","contract approved","procurement approved","BAA approved","security review passed","HIPAA certified","SOC 2 certified","HITRUST certified","FDA cleared","ONC certified","PHI processing approved","live data approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","ROI guaranteed","patient identifiers","production credentials","certification claims","guaranteed ROI","PHI","credentials","signed contracts","security secrets","live patient data","customer claim without permission","clinical validation claim","diagnosis","treatment recommendation","reimbursement guarantee","security certification claim","guaranteed savings","approved clinical use","production endpoint","unreviewed SOW","price commitment without deal desk","contract accepted","contract secrets","access before approval","customer public claim","ROI guarantee","compliance certified","clinical validation","customer value proof without permission","security certification","live patient use","autonomous clinical decision","PHI approved","production activation","clinical care authorized","customer endorsement","public case study approved"],"personalizationFields":["first_name","workflow_or_priority","organization","preferred_times","attendees","meeting_owner","conference_link","demo_name","demo_route","decision_question","buyer_problem","proof_routes","next_step","themes","recommended_next_step","open_items","decision_criteria","review_owners","buyer_context","assigned_owners","open_gates","engagement_name","owners","cadence","first_week_actions","outcomes","next_package","approval_status"],"approvalGates":["Human send approval","No PHI in thread","No unsupported claims","CRM-safe source captured","Calendar owner approval","No PHI or credentials","Attendee list approved","Demo owner approval","Claims guard reviewed","No customer reference without permission","Operator runbook reviewed","Blocked claims checked","Follow-up owner assigned","Open items assigned","No unsupported ROI/customer claims","Workshop owner approval","Reviewer roles identified","No production access request","Qualified owner review","No certification claim","Contract authority separated","Scope approval retained","Access or tenant gate approved if needed","No PHI in event","Evidence reviewed","Customer permission checked","Finance/legal claims reviewed","Claims governance review before buyer-specific sharing.","Demo script and blocked claims reviewed before use.","Qualified legal, security, privacy, and finance review for buyer-specific use.","Scope, owner, access, and evidence-cadence approval retained before kickoff.","Customer permission, counsel, finance, and release decision before external value claims."],"owners":["Founder + Revenue Operations","Revenue Operations","Sales Engineering + Product Console","Revenue Operations + Buyer Diligence","Deal Desk + Product + TrustOS","TrustOps + Legal Ops + Finance","Customer Operations + Product + TrustOS","Customer Operations + Revenue Operations + Finance","Sales Engineering","Deal Desk + Product","Customer Operations + TrustOS","Privacy + TrustOS","Revenue Operations + Security","Claims Governance + Legal Ops","Sales Operations","Revenue Operations + Customer Operations","Customer Operations"],"updated":"2026-06-26"},"competitiveDefense":{"service":"scrimed-competitive-defense","status":"competitive-defense-hardening-active","briefStatus":"competitive-defense-brief-ready-no-legal-security-certification","route":"/competitive-defense","apiRoute":"/api/competitive-defense","briefRoute":"/api/competitive-defense/brief","reviewedAt":"2026-06-26","posture":"competitor-aware-legal-privacy-cyber-hardening-with-no-copy-no-phi-no-certification-boundaries","boundary":"SCRIMED Competitive Defense translates public competitor positioning, known SCRIMED weaknesses, legal/privacy/cybersecurity requirements, and infiltration risks into owned hardening controls. It is strategic readiness evidence only. It does not copy competitor products, assert partnerships, provide legal advice, certify security or compliance, authorize PHI processing, approve penetration testing, guarantee protection from attack, approve customer release, or authorize live clinical care.","marketIntelligenceStatus":"competitor-informed-build-map-active","marketIntelligenceRoute":"/competitive-intelligence","competitorSourceCount":18,"competitorThreatProfileCount":10,"strengthHardeningTrackCount":6,"hardenNowCount":10,"externalReviewRequiredCount":2,"legalPrivacyCyberControlCount":8,"infiltrationDeterrenceLayerCount":6,"externalReviewGateCount":4,"hardStopCount":6,"frameworkSourceCount":3,"competitorSourceUrls":["https://www.abridge.com/","https://www.ambiencehealthcare.com/","https://www.nabla.com/","https://www.suki.ai/","https://www.microsoft.com/en-us/ai/health","https://www.oracle.com/health/","https://www.hippocraticai.com/","https://www.notablehealth.com/","https://www.commure.com/","https://innovaccer.com/","https://www.smarterdx.com/","https://www.coherehealth.com/","https://www.getfreed.ai/","https://www.qventus.com/","https://redoxengine.com/","https://healthgorilla.com/","https://www.aidoc.com/","https://trust.notablehealth.com/"],"frameworkSourceAlignment":[{"name":"NIST Cybersecurity Framework 2.0","url":"https://www.nist.gov/cyberframework","implication":"Use Govern, Identify, Protect, Detect, Respond, and Recover as the operating grammar for SCRIMED cyber readiness."},{"name":"HHS HIPAA Security Rule","url":"https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html","implication":"Treat administrative, physical, and technical safeguards as qualified-review gates before any ePHI path is enabled."},{"name":"OWASP Top 10 for LLM Applications","url":"https://owasp.org/www-project-top-10-for-large-language-model-applications/","implication":"Model prompt injection, sensitive information disclosure, excessive agency, supply-chain, output-handling, and model-behavior risks as product controls, not afterthoughts."}],"threatProfiles":[{"competitor":"Abridge","category":"ambient-ai","officialSource":"https://www.abridge.com/","marketStrength":"Full clinical conversation workflow, health-system adoption proof, clinician-facing trust, and downstream documentation/revenue-cycle story.","scrimedWeaknessExposed":"SCRIMED cannot yet claim comparable ambient clinical deployment, health-system customer outcomes, or production note-generation authority.","counterPosition":"Position SCRIMED as governed healthcare workflow intelligence, not a scribe clone: evidence trace, TrustOS gate, synthetic pilot, and downstream operating proof.","hardeningMove":"Package every demo as a context-to-evidence-to-human-review operating loop with explicit no-live-care and no-PHI boundaries.","proofRoute":"/competitive-intelligence","legalPrivacyCyberBoundary":"No copied clinical documentation models, no patient data, no customer-logo implication, and no clinical superiority claim."},{"competitor":"Ambience Healthcare","category":"ambient-ai","officialSource":"https://www.ambiencehealthcare.com/","marketStrength":"Specialty-oriented documentation, coding, measurable adoption, bake-off proof, and enterprise clinical quality positioning.","scrimedWeaknessExposed":"SCRIMED needs clearer specialty scorecards and buyer-controlled success metrics before larger clinical operations teams will compare it fairly.","counterPosition":"Run synthetic specialty bake-offs where buyers score evidence completeness, review friction, policy fit, operational actionability, and claim safety.","hardeningMove":"Create a no-PHI bake-off packet and route all time-saved, ROI, coding, and clinical-quality phrases through claim guard and qualified review.","proofRoute":"/qa-claim-guard","legalPrivacyCyberBoundary":"No specialty performance, coding accuracy, reimbursement, or clinical quality claims without qualified external review."},{"competitor":"Nabla","category":"ambient-ai","officialSource":"https://www.nabla.com/","marketStrength":"Visible API, mobile/web/extension footprint, EHR integration posture, security, privacy, and governance packaging.","scrimedWeaknessExposed":"SCRIMED must make connector and API boundaries easier for technical buyers to inspect before live integrations exist.","counterPosition":"Use the Health Records Safety Exchange, interoperability conformance, API contract catalog, and Platform Power controls as the visible trust catalog.","hardeningMove":"Label every connector family as synthetic-ready, contract-ready, protected-gated, or blocked-live-use.","proofRoute":"/health-records","legalPrivacyCyberBoundary":"No production connector, EHR integration, API SLA, PHI authority, or customer deployment claim until buyer-approved contracts exist."},{"competitor":"Suki","category":"ambient-ai","officialSource":"https://www.suki.ai/","marketStrength":"Enterprise ambient intelligence, EHR breadth, partner tooling, revenue-cycle assistance, clinical reasoning positioning, and trust portal signaling.","scrimedWeaknessExposed":"SCRIMED needs a clearer answer for large-enterprise security diligence and revenue/documentation adjacency without sounding like a generic assistant.","counterPosition":"Lead with healthcare operating-system breadth: Atlas evidence, AgentOS workflows, TrustOS controls, PayerIQ evidence, and protected buyer proof.","hardeningMove":"Add security-and-revenue adjacency controls to every sales packet and keep all ROI/security/certification claims in blocked-claim registers.","proofRoute":"/enterprise-business-ops","legalPrivacyCyberBoundary":"No trust-portal equivalence, EHR breadth claim, ROI guarantee, security certification, or clinical reasoning authority."},{"competitor":"Microsoft Dragon Copilot","category":"platform-incumbent","officialSource":"https://www.microsoft.com/en-us/ai/health","marketStrength":"Massive enterprise platform trust, healthcare AI brand recognition, Azure ecosystem, Microsoft security tooling, and Dragon clinical workflow footprint.","scrimedWeaknessExposed":"SCRIMED cannot win by claiming scale parity with Microsoft; it needs sharper category focus and faster buyer-specific proof.","counterPosition":"Win as the inspectable governance-and-workflow overlay that can prepare no-PHI proof packets before an incumbent platform procurement decision hardens.","hardeningMove":"Make launch readiness, legal/privacy/cyber boundaries, buyer packet evidence, and workflow loops visible before every sales call.","proofRoute":"/launch-readiness","legalPrivacyCyberBoundary":"No Microsoft partnership, Azure equivalence, platform-scale equivalence, Dragon parity, or managed-security implication."},{"competitor":"Oracle Health","category":"platform-incumbent","officialSource":"https://www.oracle.com/health/","marketStrength":"Incumbent EHR, payer, financial, cloud, data, interoperability, service, and enterprise operations footprint.","scrimedWeaknessExposed":"SCRIMED needs to avoid any EHR-replacement impression and present itself as an overlay proof and workflow intelligence layer.","counterPosition":"Position SCRIMED as complementing incumbent systems through governed no-PHI pilots, connector prerequisites, and operational evidence packets.","hardeningMove":"Attach an incumbent-system complement boundary to interoperability, health records, payer, financial, and deployment profile copy.","proofRoute":"/interoperability","legalPrivacyCyberBoundary":"No Oracle integration, EHR replacement, ONC certification, production connector, or incumbent-data migration claim."},{"competitor":"Hippocratic AI","category":"safety-agent","officialSource":"https://www.hippocraticai.com/","marketStrength":"Safety-first healthcare agent brand, human escalation, voice-agent category ownership, customer proof, and clinical validation emphasis.","scrimedWeaknessExposed":"SCRIMED must show safety as product infrastructure, not just legal caution, and must avoid public claims before validation.","counterPosition":"Treat TrustOS, Clinical Guardian, human review, no-live-care boundary, claim guard, and protected evidence release as the safety product.","hardeningMove":"Add agent threat modeling, clinical escalation boundaries, and model-output review to the defense operating cadence.","proofRoute":"/trust-os","legalPrivacyCyberBoundary":"No clinical validation, voice-agent parity, autonomous care, diagnosis, prescribing, or customer-logo claim."},{"competitor":"Notable","category":"agent-workforce","officialSource":"https://www.notablehealth.com/","marketStrength":"AI agent workforce story across access, revenue cycle, care operations, contact center, workflow builder, and connector hub.","scrimedWeaknessExposed":"SCRIMED needs reusable workflow templates and clearer operations-to-value proof without overclaiming autonomous execution.","counterPosition":"Package AgentOS as a governed workforce builder with approvals, audit, no-PHI fixtures, and buyer-defined success metrics.","hardeningMove":"Add agent permission boundaries, tool-call approvals, and excessive-agency checks to every workflow template.","proofRoute":"/agents","legalPrivacyCyberBoundary":"No autonomous patient outreach, production writeback, connector-hub parity, or unsupervised operations claim."},{"competitor":"Commure","category":"rcm-payer","officialSource":"https://www.commure.com/","marketStrength":"Patient access, ambient AI, RCM automation, EHR breadth, unified data model, and quantified operational-scale story.","scrimedWeaknessExposed":"SCRIMED needs a tighter financial-evidence story that does not promise reimbursement, revenue, or live RCM integration.","counterPosition":"Use PayerIQ, Atlas, finance methodology gates, and no-PHI revenue-risk packets to show evidence readiness before value claims.","hardeningMove":"Route every revenue, denial, coding, or margin phrase through Enterprise Business Ops and finance methodology controls.","proofRoute":"/capital-vitality","legalPrivacyCyberBoundary":"No reimbursement guarantee, revenue guarantee, ROI guarantee, coding finality, or production billing automation claim."},{"competitor":"Cohere Health","category":"rcm-payer","officialSource":"https://www.coherehealth.com/","marketStrength":"Utilization management, prior authorization, payment integrity, appeals, care management, quality, APIs, and human-in-control payer operations.","scrimedWeaknessExposed":"SCRIMED needs payer-policy proof that stays clearly separated from actual payer submission or authorization.","counterPosition":"Make PayerIQ policy evidence, appeal packet preparation, and payer-friction detection human-reviewed and synthetic-only.","hardeningMove":"Add payer-submission hard stops to workflow outputs and brief exports.","proofRoute":"/workflows/results","legalPrivacyCyberBoundary":"No payer approval, prior authorization submission, payment-integrity certification, claim submission, or appeal filing authority."}],"strengthHardeningTracks":[{"pillar":"Governance-first healthcare intelligence OS","status":"active","existingStrength":"SCRIMED already links Atlas, AgentOS, TrustOS, protected workspaces, launch readiness, and claim guard into one visible operating map.","weaknessToRelieve":"The breadth can look abstract unless every page proves a buyer-facing workflow and a hard boundary.","hardeningMove":"Attach one proof route, one buyer outcome, one blocked claim, and one human-review gate to each product claim.","proofRoute":"/product","owner":"Product strategy","retainedBoundary":"Operating-system language cannot imply production integration, autonomous care, security certification, or regulatory approval."},{"pillar":"No-PHI protected pilot pathway","status":"active","existingStrength":"Protected buyer workspaces, release controls, lockbox-style evidence routing, AAL2 checks, and synthetic proof packets are already visible.","weaknessToRelieve":"Buyers may still ask whether diligence evidence can be shared externally or whether PHI can be processed immediately.","hardeningMove":"Keep protected evidence exports disabled or gated until named reviewer signoff, customer permission, and release authority are recorded.","proofRoute":"/pilot-workspace/access","owner":"Trust and release operations","retainedBoundary":"No external distribution, PHI processing, customer proof use, or production connector activation without explicit approval."},{"pillar":"Interoperability and health-record safety","status":"harden-now","existingStrength":"Health Records Safety Exchange and interoperability conformance already map FHIR, HL7, DICOM, X12, terminology, and live-data blockers.","weaknessToRelieve":"Competitors often appear stronger because they show EHR integration earlier in the buying motion.","hardeningMove":"Expose connector maturity labels and required contracts before any pilot, demo, or API conversation.","proofRoute":"/health-records","owner":"Interoperability and security","retainedBoundary":"No live PHI ingestion, EHR writeback, patient matching, payer submission, or production connector claim."},{"pillar":"Claims-safe competitor counter-positioning","status":"harden-now","existingStrength":"Competitive intelligence already translates public market patterns into original SCRIMED build priorities with no-copy boundaries.","weaknessToRelieve":"Competitive analysis can create legal risk if sales or investor language drifts into parity, partnership, customer proof, or certification claims.","hardeningMove":"Route all competitor-counter statements through no-copy, no-partnership, no-parity, no-certification, no-customer-proof checks.","proofRoute":"/competitive-intelligence","owner":"Founder, product marketing, and counsel","retainedBoundary":"No copied proprietary workflows, confidential data, customer-logo implication, or competitor-certified comparison."},{"pillar":"Legal, privacy, and cybersecurity gatekeeping","status":"external-review-required","existingStrength":"SCRIMED has explicit authority headers and boundaries across launch, claims, PHI, clinical care, finance, and customer release.","weaknessToRelieve":"Headers and internal controls are not a substitute for counsel review, HIPAA risk analysis, SOC 2 readiness, penetration testing, or incident-response rehearsal.","hardeningMove":"Define qualified-review gates, evidence owners, and blocked public claims for each legal/privacy/cyber domain before public growth campaigns expand.","proofRoute":"/global-certification-readiness","owner":"Legal, privacy, and security leads","retainedBoundary":"No legal advice, HIPAA certification, SOC 2 certification, penetration-test approval, data-residency approval, or security guarantee."},{"pillar":"24/7 review and innovation loop","status":"active","existingStrength":"Continuous Review and Audit already routes agent-assisted accuracy checks, evidence attribution, claims guard, drift watch, QA regression, and internal research.","weaknessToRelieve":"Always-on review language can be mistaken for managed SOC/MDR, autonomous remediation, or public quantum capability.","hardeningMove":"Keep the loop as internal readiness, create escalation-only incident handoff, and keep future research private until qualified review.","proofRoute":"/continuous-review-audit","owner":"Trust, safety, and research operations","retainedBoundary":"No autonomous production remediation, public quantum claim, managed 24/7 SOC/MDR promise, or bypass of human review."}],"legalPrivacyCyberControls":[{"control":"Claims and legal review firewall","status":"harden-now","frameworkAlignment":["Qualified counsel review","Claims register","No-copy competitor boundary"],"riskReduced":"False advertising, competitor IP misuse, unauthorized partnership implication, investment overclaim, regulatory overclaim, and customer-proof misuse.","implementation":"Every sales, investor, marketing, PR, website, and competitor-comparison claim must map to approved, evidence-required, or prohibited status.","deterrenceMechanism":"Prevents public language from becoming an attack surface for legal challenge, buyer distrust, or competitor escalation.","evidenceRoute":"/claims","retainedBoundary":"This is not legal advice or final approval; qualified counsel remains required for legal positions.","owner":"Legal operations and founder"},{"control":"No-PHI default and minimum-necessary privacy path","status":"active","frameworkAlignment":["HHS HIPAA Security Rule","Data minimization","Protected workspace no-PHI boundary"],"riskReduced":"Premature ePHI processing, accidental sensitive-data collection, unauthorized health-record use, and privacy claims before BAA/DPA execution.","implementation":"Public and pilot workflows remain synthetic, metadata-only, or business-contact-only until PHI authority, BAA/DPA, risk analysis, and customer approvals exist.","deterrenceMechanism":"Narrows breach impact and reduces the value of public routes to attackers because live patient data is not present.","evidenceRoute":"/health-records","retainedBoundary":"No PHI processing authority, HIPAA compliance certification, BAA execution, or live data approval is created by this control.","owner":"Privacy and interoperability"},{"control":"NIST CSF operating profile","status":"harden-now","frameworkAlignment":["NIST CSF 2.0 Govern","Identify","Protect","Detect","Respond","Recover"],"riskReduced":"Unowned cyber controls, missing incident owners, unsupported security claims, and untested recovery paths.","implementation":"Map each SCRIMED launch and buyer route to an owner, protected asset class, preventive control, detection signal, response action, and recovery evidence.","deterrenceMechanism":"Converts cybersecurity into accountable operating proof, making infiltration harder to hide and easier to contain.","evidenceRoute":"/service-reliability","retainedBoundary":"This profile is readiness evidence only; it is not SOC 2, HITRUST, ISO, penetration-test, or managed-security certification.","owner":"Security operations"},{"control":"LLM and agent threat model","status":"harden-now","frameworkAlignment":["OWASP LLM Top 10","AgentOS approval gates","TrustOS evaluation"],"riskReduced":"Prompt injection, sensitive-information disclosure, excessive agency, tool abuse, unsafe output handling, and model-route drift.","implementation":"Each agent workflow must name allowed tools, denied tools, prompt-injection checks, output handling rules, human-review triggers, and audit evidence.","deterrenceMechanism":"Limits what an infiltrator can coerce an agent to read, reveal, call, write, or approve.","evidenceRoute":"/trust-os","retainedBoundary":"This is not a model-safety certification, live autonomous AI approval, or permission to process PHI.","owner":"AI safety and TrustOS"},{"control":"Identity, AAL2, and secret hygiene","status":"active","frameworkAlignment":["AAL2 operator boundary","Passkey authentication","No-secret public smoke"],"riskReduced":"Credential compromise, token leakage, unauthorized protected workspace access, and secret exposure in public tests.","implementation":"Protected mutation and packet routes require tenant identity, AAL2-capable operator proof, no-secret test flows, and explicit token-disposal instructions.","deterrenceMechanism":"Raises attacker cost by separating public read paths from protected mutation and evidence-release authority.","evidenceRoute":"/pilot-workspace/access","retainedBoundary":"No bypass of AAL2, no token minting by readiness pages, and no public secret storage.","owner":"Identity and workspace operations"},{"control":"Dependency and supply-chain review","status":"harden-now","frameworkAlignment":["NIST CSF Identify/Protect","Software supply-chain review","Build verification"],"riskReduced":"Compromised dependencies, unsafe package upgrades, build-time injection, and unreviewed generated artifacts.","implementation":"Run typecheck, lint, build, audit, and integrity checks before production promotion; record exceptions as limitation packets.","deterrenceMechanism":"Makes compromise harder to ship silently and forces unresolved supply-chain risk into visible launch hard stops.","evidenceRoute":"/launch-readiness","retainedBoundary":"This is not a completed third-party security assessment or guarantee against supply-chain attack.","owner":"Engineering and release operations"},{"control":"Incident response and breach-notification readiness","status":"external-review-required","frameworkAlignment":["NIST CSF Respond/Recover","HIPAA breach-review readiness","Trust Safety Ops"],"riskReduced":"Slow containment, unclear legal notification paths, unmanaged customer communication, and evidence loss after a suspected incident.","implementation":"Classify incidents, preserve audit evidence, notify qualified legal/privacy/security reviewers, freeze affected releases, and prepare customer-safe communications.","deterrenceMechanism":"Reduces dwell time and prevents attackers from exploiting confusion between engineering, legal, privacy, and customer teams.","evidenceRoute":"/trust-safety-operations","retainedBoundary":"This does not provide legal advice, breach determination, notification approval, or managed incident-response service.","owner":"Trust safety, legal, and security"},{"control":"Vendor, connector, and buyer evidence room gate","status":"protected-gated","frameworkAlignment":["BAA/DPA readiness","Vendor-risk review","Connector approval"],"riskReduced":"Unauthorized integrations, vendor-risk blind spots, evidence-room leakage, customer-permission confusion, and procurement blockers.","implementation":"Route provider security reviews, procurement evidence, external approval evidence, and connector references through protected metadata-only workspaces.","deterrenceMechanism":"Prevents infiltrators or rushed operators from turning diligence artifacts into live integration authority.","evidenceRoute":"/pilot-workspace/access","retainedBoundary":"No BAA/DPA execution, vendor approval, connector approval, customer release, or procurement approval is created here.","owner":"Security, procurement, and release authority"}],"infiltrationDeterrenceLayers":[{"layer":"Public route and API surface","status":"harden-now","likelyAttackPath":"Enumeration, spam, scraping, abuse of public APIs, malformed requests, and attempts to infer protected-state details.","prevention":"Keep public APIs read-only, synthetic-only, rate-limit-ready, cache-safe, header-bounded, and free of secrets or PHI.","detection":"Monitor unusual request volume, response-code spikes, route misses, API schema drift, and smoke failures.","response":"Freeze release promotion, add limitation record, tighten API output, and route firewall or hosting changes through qualified operators.","evidenceRoute":"/navigation","hardStop":"No public endpoint may expose secrets, PHI, protected packet contents, or tenant mutation authority."},{"layer":"Tenant identity and protected workspace","status":"active","likelyAttackPath":"Credential theft, session replay, role confusion, unauthorized packet export, or protected mutation attempts.","prevention":"Require tenant-scoped identity, AAL2-capable operator proof, fail-closed protected routes, and explicit release authority.","detection":"Track access-log reconciliation, packet export attempts, reviewer signoff gaps, and tenant session verification failures.","response":"Disable export, revoke passkeys or sessions, require named reviewer signoff, and preserve audit packet.","evidenceRoute":"/pilot-workspace/access","hardStop":"No protected packet export without authenticated workspace access and release authority chain."},{"layer":"Agent tool execution","status":"harden-now","likelyAttackPath":"Prompt injection, tool misuse, excessive agency, unauthorized data retrieval, or hidden instruction escalation.","prevention":"Use tool allowlists, human approval checkpoints, denied action lists, prompt-injection review, and output handling boundaries.","detection":"Record tool attempts, denied action counts, reviewer overrides, anomalous prompt patterns, and TrustOS decisions.","response":"Quarantine workflow result, require human review, downgrade model/tool authority, and update the claims/workaround register.","evidenceRoute":"/agents","hardStop":"No autonomous clinical action, payer submission, writeback, patient outreach, or production connector call."},{"layer":"Health-record and interoperability path","status":"protected-gated","likelyAttackPath":"Attempted live PHI ingestion, connector impersonation, patient matching, unsafe extraction, or EHR writeback pressure.","prevention":"Restrict to synthetic fixtures, no-PHI extraction, metadata-only connector planning, and contract-ready/live-blocked labels.","detection":"Flag live-data fields, production endpoint URLs, patient identifiers, connector credential requests, and writeback verbs.","response":"Stop workflow, remove sensitive input, issue privacy/legal review task, and update Health Records Safety Exchange boundaries.","evidenceRoute":"/health-records","hardStop":"No PHI, patient matching, live connector, diagnosis, order entry, payer submission, or EHR writeback."},{"layer":"Commercial, investor, and legal claims","status":"harden-now","likelyAttackPath":"Sales overclaim, investor overclaim, competitor-comparison drift, security-certification drift, or public customer-proof misuse.","prevention":"Claims register, QA Claim Guard, no-copy competitor boundary, investor-readiness boundaries, and legal review gates.","detection":"Scan copy for guarantee, certification, partnership, valuation, securities, reimbursement, clinical, or customer-permission phrases.","response":"Block publication, route to qualified review, replace with evidence-safe language, and retain the redline reason.","evidenceRoute":"/qa-claim-guard","hardStop":"No public claim of certification, approval, partnership, customer proof, revenue guarantee, or legal conclusion."},{"layer":"Build and dependency pipeline","status":"harden-now","likelyAttackPath":"Dependency compromise, build-cache drift, malicious generated artifacts, test bypass, or unreviewed deployment.","prevention":"Run typecheck, lint, build, audit, public smoke, launch-domain preflight, and no-secret operator checks before promotion.","detection":"Compare smoke deltas, lockfile changes, generated artifacts, route inventory changes, and unexpected API/header changes.","response":"Block deployment, record limitation, isolate the package or artifact, and require maintainer review before release.","evidenceRoute":"/release-continuity","hardStop":"No production promotion when build, smoke, audit, or launch-domain evidence fails without documented workaround."}],"externalReviewGates":[{"name":"Counsel-reviewed claims and competitor comparison","status":"required-before-public-claim","owner":"Qualified counsel and founder","trigger":"Any page, deck, PR, investor packet, email, or sales call compares SCRIMED to a named competitor or asserts legal/security/compliance status.","output":"Approved, evidence-required, or prohibited claim classification.","blockedUntilComplete":["Partnership implication","competitor superiority claim","certification claim","customer-proof claim","securities or valuation language"]},{"name":"Privacy and HIPAA risk analysis","status":"required-before-production","owner":"Privacy officer, counsel, and security lead","trigger":"Any workflow proposes ePHI, patient identifiers, live health records, provider connector credentials, or customer production data.","output":"Risk analysis, BAA/DPA path, minimum-necessary scope, retention rule, and incident-response owner.","blockedUntilComplete":["PHI processing","live connector activation","patient matching","clinical data retention","customer production import"]},{"name":"Security assessment and penetration-test authorization","status":"required-before-production","owner":"Security lead and qualified assessor","trigger":"Any customer asks for production deployment, security certification, public trust badge, or penetration-test proof.","output":"Scoped test authorization, remediation plan, evidence packet, and public-claim decision.","blockedUntilComplete":["security certification claim","penetration-test claim","production support guarantee","public trust badge","customer-specific security approval"]},{"name":"Customer release and evidence distribution","status":"required-before-buyer-release","owner":"Named reviewer, release authority, and customer sponsor","trigger":"Any buyer proof packet, customer-named result, diligence artifact, or protected workspace evidence is proposed for external distribution.","output":"Named reviewer signoff, recipient list, lockbox/access log, approved language, and expiry.","blockedUntilComplete":["public customer proof","external distribution","buyer packet release","sales deck evidence","investor customer-reference claim"]}],"hardStops":["No public endpoint may expose secrets, PHI, protected packet contents, or tenant mutation authority.","No protected packet export without authenticated workspace access and release authority chain.","No autonomous clinical action, payer submission, writeback, patient outreach, or production connector call.","No PHI, patient matching, live connector, diagnosis, order entry, payer submission, or EHR writeback.","No public claim of certification, approval, partnership, customer proof, revenue guarantee, or legal conclusion.","No production promotion when build, smoke, audit, or launch-domain evidence fails without documented workaround."],"noAuthority":{"legalAdvice":"not-legal-advice","privacyAdvice":"qualified-privacy-review-required","securityCertification":"not-security-certified","penetrationTesting":"not-penetration-test-authorization","phiProcessing":"not-authorized-production-phi","customerRelease":"customer-permission-and-release-control-required","competitorPartnership":"not-third-party-partnership","attackGuarantee":"not-protection-guarantee","clinicalCare":"not-authorized-live-care"},"nextHardeningMove":"Run every public competitor, investor, sales, security, privacy, and launch claim through Competitive Defense before expansion: prove the source, name the SCRIMED counter-position, attach the proof route, preserve no-copy/no-PHI/no-certification boundaries, and escalate legal/privacy/cyber claims to qualified review."},"continuousReview":{"service":"scrimed-continuous-review-audit-innovation","status":"continuous-review-audit-innovation-control-plane-active","briefStatus":"continuous-review-audit-brief-ready-no-autonomous-claims","route":"/continuous-review-audit","apiRoute":"/api/continuous-review-audit","briefRoute":"/api/continuous-review-audit/brief","boundary":"SCRIMED Continuous Review, Audit, and Innovation Control Plane organizes 24/7 agent-assisted review, evidence checks, error reduction loops, human escalation, and internal future research. It does not provide managed 24/7 SOC/MDR coverage, autonomous production remediation, legal advice, security certification, regulatory approval, PHI processing authority, clinical care authority, public quantum capability claims, product commitment, investment advice, or permission to bypass human review.","updated":"2026-06-25","sourceCount":5,"agentCount":7,"loopCount":8,"controlCount":6,"innovationTrackCount":5,"internalResearchAssignmentCount":4,"evidenceRouteCount":17,"ownerCount":26,"blockedClaimCount":56,"humanReviewRequiredAgentCount":2,"internalResearchOnlyAgentCount":1,"activeControlAgentCount":4,"quantumTrackStatus":"internal-research-only-no-public-claim","managedCoverageAuthority":"not-managed-24-7-soc-mdr","autonomousRemediationAuthority":"human-review-required-before-production-change","dataBoundary":"synthetic-and-metadata-only","sources":[{"name":"NIST Cybersecurity Framework 2.0","url":"https://www.nist.gov/cyberframework","sourceType":"official-framework","reviewedAt":"2026-06-25","signal":"NIST frames CSF 2.0 as a way for industry, government, and organizations to reduce cybersecurity risks, with governance, profiles, references, and practical implementation resources.","scrimedApplication":"Map 24/7 audit loops to Govern, Identify, Protect, Detect, Respond, and Recover language without claiming managed SOC coverage."},{"name":"NIST AI Risk Management Framework","url":"https://www.nist.gov/itl/ai-risk-management-framework","sourceType":"official-framework","reviewedAt":"2026-06-25","signal":"NIST AI RMF is voluntary and intended to improve incorporation of trustworthiness considerations into design, development, use, and evaluation of AI systems.","scrimedApplication":"Use Map, Measure, Manage, and Govern style evidence to review agent outputs, drift, citations, human oversight, and improvement actions."},{"name":"NIST Post-Quantum Cryptography Standards","url":"https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards","sourceType":"official-standard","reviewedAt":"2026-06-25","signal":"NIST finalized post-quantum encryption standards and encourages system administrators to begin transitioning because integration takes time.","scrimedApplication":"Assign quantum-safe cryptography readiness to internal research, beginning with dependency inventory, vendor questions, key-lifecycle mapping, and no-public-claim controls."},{"name":"SCRIMED Trust and Safety Operations","url":"/trust-safety-operations","sourceType":"internal-operating-source","reviewedAt":"2026-06-25","signal":"SCRIMED already defines trust, safety, monitoring, auditing, fixing, improving, and escalation loops while retaining production managed coverage as a staffed external gate.","scrimedApplication":"Promote TrustOps from a response model into a continuous review and audit operating system with regression, evidence, claims, security, and innovation monitors."},{"name":"SCRIMED Global Certification Readiness","url":"/global-certification-readiness","sourceType":"internal-operating-source","reviewedAt":"2026-06-25","signal":"SCRIMED already maps HIPAA/BAA, FDA CDS/SaMD, SOC 2, HITRUST, ISO, EU AI Act, GDPR, NHS DTAC, MHRA, Australia, and regional approval gates.","scrimedApplication":"Feed continuous audit exceptions into approval/certification evidence rooms before claims, pilots, or production pathways expand."}],"agents":[{"slug":"accuracy-review-agent","name":"Accuracy Review Agent","status":"active-control-plane","mission":"Sample outputs, workflow results, API summaries, and buyer-facing copy for factual consistency, stale claims, missing caveats, and unsupported conclusions.","cadence":"Continuous queue with daily sampled review and weekly executive exception digest.","watches":["product pages","API summaries","briefs","proof packets","buyer-facing claims"],"allowedActions":["flag discrepancy","open review item","route to owner","recommend smoke assertion"],"escalationTriggers":["clinical implication","certification claim","buyer-impacting metric","source-date drift"],"blockedActions":["silently rewrite public claims","approve clinical content","certify accuracy without reviewer"],"evidenceRoutes":["/claims","/qa-claim-guard","/source-intelligence","/product"]},{"slug":"evidence-attribution-agent","name":"Evidence Attribution Agent","status":"active-control-plane","mission":"Ensure every strategic, regulatory, market, technical, and product assertion has a source, route, owner, or explicit boundary.","cadence":"Continuous on new routes and briefs; daily source-drift digest.","watches":["source URLs","reviewed dates","proof routes","blocked claims","documentation updates"],"allowedActions":["mark missing source","queue source refresh","add owner checklist","request citation review"],"escalationTriggers":["unsupported public claim","stale regulatory source","broken evidence route"],"blockedActions":["invent source support","quote large copyrighted text","claim third-party endorsement"],"evidenceRoutes":["/source-intelligence","/competitive-intelligence","/global-certification-readiness"]},{"slug":"claims-boundary-agent","name":"Claims and Boundary Agent","status":"active-control-plane","mission":"Compare public language, briefs, APIs, and sales paths against prohibited claims, authority boundaries, and no-PHI/no-live-care constraints.","cadence":"Every release, every buyer packet, and every claims-related route change.","watches":["claims register","release notes","buyer packets","homepage copy","API boundary headers"],"allowedActions":["block unsupported claim","attach boundary","request legal/privacy review"],"escalationTriggers":["HIPAA/FDA/SOC/ISO claim","ROI guarantee","clinical authority wording","customer reference"],"blockedActions":["approve legal claim","approve advertising substantiation","waive external review"],"evidenceRoutes":["/claims","/approvals-readiness","/global-certification-readiness","/qa-claim-guard"]},{"slug":"security-drift-agent","name":"Security Drift Agent","status":"human-review-required","mission":"Track dependency posture, route headers, fail-closed behavior, evidence vault boundaries, and post-quantum readiness signals.","cadence":"Daily dependency/config review, weekly protected fail-closed review, quarterly quantum-safe inventory.","watches":["package versions","headers","protected API behavior","auth gates","cryptographic dependency inventory"],"allowedActions":["open security drift item","recommend patch","route to security owner","request audit evidence"],"escalationTriggers":["critical CVE","protected route opens publicly","secret exposure risk","obsolete cryptographic dependency"],"blockedActions":["apply unmanaged production patch","rotate customer secrets autonomously","claim SOC/MDR coverage"],"evidenceRoutes":["/service-reliability","/trust-center/security","/release-continuity","/continuous-review-audit"]},{"slug":"qa-regression-agent","name":"QA Regression Agent","status":"active-control-plane","mission":"Continuously translate discovered mistakes into deterministic smoke, typecheck, lint, build, and protected fail-closed assertions.","cadence":"Every change set; nightly regression queue design; weekly smoke scope review.","watches":["smoke failures","route inventory","typecheck output","build output","known limitations"],"allowedActions":["propose test","expand smoke coverage","classify regression","route owner"],"escalationTriggers":["route-count mismatch","broken buyer-critical page","missing boundary header","protected path exposure"],"blockedActions":["bypass failing smoke","mark retained proof without protected packet","run authenticated happy path without AAL2"],"evidenceRoutes":["/navigation","/qa-evidence","/qa-run-control","/release-continuity"]},{"slug":"incident-learning-agent","name":"Incident Learning Agent","status":"human-review-required","mission":"Convert TrustOps incidents, near misses, buyer questions, and support gaps into root-cause notes, controls, and future prevention tasks.","cadence":"Immediate for high/critical issues, daily for open incidents, monthly for learning review.","watches":["TrustOps incidents","customer questions","legal-hold watch","post-incident reviews"],"allowedActions":["summarize incident","draft prevention task","recommend reviewer","connect evidence route"],"escalationTriggers":["critical incident","legal-hold signal","privacy/security issue","repeated defect"],"blockedActions":["make breach determination","notify regulator","close incident without reviewer"],"evidenceRoutes":["/trust-safety-operations","/pilot-workspace/access","/service-reliability"]},{"slug":"innovation-scout-agent","name":"Innovation Scout Agent","status":"internal-research-only","mission":"Track AI, healthcare infrastructure, interoperability, security, quantum-safe, privacy-preserving, and deployment futures for internal research assignment.","cadence":"Weekly horizon scan, monthly research council, quarterly promotion gate.","watches":["official standards","technical shifts","competitor signals","buyer requests","internal limitations"],"allowedActions":["create research brief","assign internal team","recommend prototype","flag claim guard"],"escalationTriggers":["strategic inflection","security standard change","regulatory movement","platform opportunity"],"blockedActions":["publish quantum claims","promise future product","claim clinical advantage","commit to procurement timeline"],"evidenceRoutes":["/source-intelligence","/strategic-intelligence","/global-certification-readiness"]}],"loops":[{"stage":"Always-on sentinels","cadence":"Continuous design; public smoke at release and scheduled when infrastructure is approved.","owner":"QA Regression Agent + Release Steward","action":"Watch route health, boundary headers, proof-stack posture, protected fail-closed paths, and critical API contracts.","evidence":["public smoke output","route inventory","boundary headers","protected fail-closed status"],"errorReductionMechanism":"Turns every repeated route or header mistake into a deterministic smoke assertion.","boundary":"Continuous sentinel design is not a managed SOC/MDR service and cannot claim every issue will be detected."},{"stage":"Accuracy sampling","cadence":"Daily sample queue plus high-risk output review before buyer use.","owner":"Accuracy Review Agent + domain owner","action":"Sample product copy, API summaries, briefs, and workflow outputs for factual accuracy and unsupported claims.","evidence":["sample log","owner decision","source route","fix or accepted-risk note"],"errorReductionMechanism":"Creates feedback loops for stale facts, overclaims, missing sources, and ambiguous language.","boundary":"Sampling improves accuracy but does not replace qualified legal, clinical, security, or regulatory review."},{"stage":"Evidence attribution sweep","cadence":"Daily for new source-sensitive work; weekly source aging review.","owner":"Evidence Attribution Agent","action":"Check that official sources, reviewed dates, proof routes, and blocked claims remain attached.","evidence":["source register","reviewedAt date","linked route","missing-source ticket"],"errorReductionMechanism":"Reduces hallucination risk by requiring source-backed or boundary-backed claims.","boundary":"Source mapping does not create third-party endorsement, certification, or legal authority."},{"stage":"Claims and authority guard","cadence":"Every release and every buyer packet.","owner":"Claims and Boundary Agent + qualified reviewer when needed","action":"Compare claims against allowed language, prohibited claims, approval boundaries, and data authority.","evidence":["claims decision","blocked claim list","reviewer route","release note"],"errorReductionMechanism":"Prevents sales, product, investor, and public copy from outrunning retained evidence.","boundary":"Agents may block and route claims; they do not grant legal approval or certification."},{"stage":"Security and dependency drift review","cadence":"Daily triage, weekly control review, quarterly post-quantum inventory.","owner":"Security Drift Agent + engineering owner","action":"Track dependency, auth, cryptography, route, and protected access drift.","evidence":["dependency review","config review","cryptography inventory","security owner note"],"errorReductionMechanism":"Surfaces risky drift early before it becomes buyer-impacting or production-blocking.","boundary":"Security review is readiness evidence only; it is not certification, pentest attestation, or managed response coverage."},{"stage":"Human escalation and remediation","cadence":"Immediate for high/critical items; daily for open work queue.","owner":"Founder, domain owner, security/privacy/legal/clinical reviewer as needed","action":"Assign accountable owner, implement fix, preserve evidence, and require validation before reopening path.","evidence":["owner assignment","diff","test result","approval note","residual-risk note"],"errorReductionMechanism":"Keeps remediation accountable instead of relying on unattended autonomous repair.","boundary":"No agent may autonomously remediate production healthcare, legal, clinical, or security-critical workflows."},{"stage":"Innovation horizon scan","cadence":"Weekly internal scan and monthly research council.","owner":"Innovation Scout Agent + Internal Research Team","action":"Convert future signals into research assignments, prototype gates, and claim-guarded roadmap options.","evidence":["research brief","prototype decision","claim guard","promotion criteria"],"errorReductionMechanism":"Separates useful future sensing from public hype or premature product commitment.","boundary":"Innovation research remains internal until governance, security, evidence, and product readiness gates approve release."},{"stage":"Governance rehearsal","cadence":"Quarterly","owner":"Executive governance council","action":"Review repeated defects, open risks, innovation bets, quantum-safe readiness, audit gaps, and external-review needs.","evidence":["quarterly review packet","risk register","roadmap decision","external reviewer task"],"errorReductionMechanism":"Moves recurring mistakes into durable controls and moves mature research into governed build work.","boundary":"Governance rehearsal is internal readiness; external claims still require qualified approval."}],"controls":[{"control":"No autonomous production remediation","owner":"Release Steward + Security","status":"human-review-required","purpose":"Prevent agents from silently changing production behavior or regulated workflows.","requiredEvidence":["owner approval","diff","validation result","rollback note"],"hardStops":["production change without reviewer","clinical workflow mutation","credential rotation without owner"]},{"control":"No-PHI review queue","owner":"Privacy + TrustOps","status":"active-control-plane","purpose":"Keep review and audit evidence metadata-only until PHI authority exists.","requiredEvidence":["PHI hard-stop result","safe metadata template","protected route status"],"hardStops":["patient identifier","clinical record","payer member identifier","artifact URL"]},{"control":"Boundary header enforcement","owner":"QA Regression Agent","status":"active-control-plane","purpose":"Ensure buyer-critical APIs carry no-authority, no-PHI, no-certification, and no-live-care headers.","requiredEvidence":["smoke assertion","API route","header list"],"hardStops":["missing data boundary","missing PHI block","missing security certification block"]},{"control":"Evidence source aging","owner":"Evidence Attribution Agent","status":"active-control-plane","purpose":"Refresh official-source review dates and route stale source-sensitive claims for human review.","requiredEvidence":["source URL","reviewedAt","owner","refresh decision"],"hardStops":["stale legal/regulatory source","unsupported market claim","missing source owner"]},{"control":"Post-incident learning","owner":"Incident Learning Agent","status":"human-review-required","purpose":"Require every meaningful incident, near miss, or repeated defect to create a prevention action.","requiredEvidence":["root cause","owner","prevention task","validation route"],"hardStops":["incident closed without review","legal hold ignored","customer-impacting issue unowned"]},{"control":"Internal research claim guard","owner":"Innovation Scout Agent + Claims reviewer","status":"internal-research-only","purpose":"Keep quantum, frontier AI, privacy-preserving compute, and future infrastructure work internal until approved.","requiredEvidence":["research brief","visibility flag","blocked claims","promotion gate"],"hardStops":["public quantum advantage claim","future product guarantee","clinical superiority claim"]}],"innovationTracks":[{"slug":"quantum-safe-readiness","title":"Quantum-Safe and Post-Quantum Readiness","visibility":"internal-only","owner":"Internal Research Team - Quantum Horizon","researchQuestion":"How should SCRIMED inventory cryptographic dependencies, vendor commitments, key lifecycles, and buyer questions before post-quantum migration becomes procurement-critical?","nearTermWork":["Map public/private key use across app, Supabase, Vercel, vendor APIs, and buyer evidence exchange","Track NIST PQC standards and vendor support timelines","Prepare buyer-facing answers that say readiness planning is internal and no quantum-safe certification is claimed","Identify where hybrid TLS, signatures, backups, and archive retention may matter later"],"promotionGate":["Security owner approves inventory","Vendor posture is documented","No customer cryptography promise is made","External security review confirms messaging"],"blockedClaims":["quantum-safe certified","quantum clinical advantage","post-quantum production ready"]},{"slug":"agentic-review-automation","title":"Agentic Review Automation","visibility":"board-review","owner":"Internal Research Team - AgentOS Lab","researchQuestion":"How can SCRIMED reduce human error by using agents to propose review items, tests, and evidence links while humans retain approval authority?","nearTermWork":["Prototype review queues for accuracy, source attribution, claims boundaries, and smoke suggestions","Score confidence and route low-confidence outputs to human reviewers","Measure false-positive and false-negative rates in synthetic review tasks"],"promotionGate":["Human override is retained","False-negative threshold is acceptable","Audit trail is durable","No clinical approval is delegated"],"blockedClaims":["autonomous audit approval","error-free AI review","clinician-free validation"]},{"slug":"privacy-preserving-compute","title":"Privacy-Preserving Compute","visibility":"internal-only","owner":"Internal Research Team - Privacy Lab","researchQuestion":"Which privacy-preserving methods could eventually support analytics, evaluation, or federation without moving sensitive healthcare data?","nearTermWork":["Compare de-identification, synthetic data, confidential compute, federated evaluation, and differential privacy patterns","Define no-PHI prototype constraints","Map privacy counsel review questions"],"promotionGate":["Privacy/legal approval","Threat model complete","Customer data path blocked until agreement","Synthetic-only proof exists"],"blockedClaims":["privacy guaranteed","HIPAA approved analytics","customer data safe by default"]},{"slug":"clinical-simulation-lab","title":"Clinical Simulation and Synthetic Safety Lab","visibility":"board-review","owner":"Internal Research Team - Validation Trust Lab","researchQuestion":"How can SCRIMED improve synthetic evaluation depth for clinical operations workflows without crossing diagnosis or treatment boundaries?","nearTermWork":["Add adversarial synthetic scenarios","Measure source attribution, escalation, abstention, and reviewer burden","Create specialty-specific review prompts for oncology, cardiology, endocrinology, and RCM"],"promotionGate":["Clinical governance review","No patient-specific claims","Synthetic-only data","FDA/CDS/SaMD classification review before external claims"],"blockedClaims":["clinical validation complete","diagnostic accuracy","treatment optimization"]},{"slug":"interoperability-futures","title":"Interoperability and Sovereign Deployment Futures","visibility":"future-public-after-approval","owner":"Internal Research Team - Interoperability Futures","researchQuestion":"Which interoperability, data residency, and sovereign deployment patterns will matter most for global health-system buyers?","nearTermWork":["Track FHIR, SMART, DICOMweb, X12, IHE, terminology, residency, and regional procurement signals","Prototype deployment-profile gates","Map public-sector buyer evidence requirements"],"promotionGate":["Regional counsel review","Customer-specific deployment profile","Security/privacy evidence","No production connector promise"],"blockedClaims":["sovereign-ready certified","EHR production approved","public-sector approved"]}],"internalResearchAssignments":[{"team":"Quantum Horizon","focus":"Post-quantum cryptography inventory, vendor posture, key lifecycle, and future buyer diligence.","cadence":"Monthly internal research brief; quarterly security review.","outputs":["PQC dependency inventory","vendor question set","blocked quantum claims","migration watchlist"],"restrictions":["internal-only","no buyer quantum claims","no production cryptography change without security review"]},{"team":"AgentOS Lab","focus":"Agent-assisted review queues, audit scoring, auto-test suggestions, and human approval checkpoints.","cadence":"Weekly prototype review; monthly governance demo.","outputs":["review queue spec","false-negative metrics","human override matrix"],"restrictions":["no autonomous approval","no clinical validation delegation","no unattended protected happy path"]},{"team":"Validation Trust Lab","focus":"Adversarial synthetic scenarios, accuracy sampling, and specialty workflow safety evaluation.","cadence":"Weekly scenario review; monthly clinical-governance readout.","outputs":["synthetic scenario set","error taxonomy","reviewer-burden metric"],"restrictions":["synthetic-only","no diagnosis claims","clinical reviewer required before external use"]},{"team":"Privacy Lab","focus":"Privacy-preserving analytics, de-identification boundaries, and no-PHI evaluation methods.","cadence":"Biweekly privacy research review.","outputs":["privacy pattern comparison","DPIA question set","no-PHI prototype constraints"],"restrictions":["no customer data","no PHI processing","privacy counsel gate before promotion"]}],"evidenceRoutes":["/claims","/qa-claim-guard","/source-intelligence","/product","/competitive-intelligence","/global-certification-readiness","/approvals-readiness","/service-reliability","/trust-center/security","/release-continuity","/continuous-review-audit","/navigation","/qa-evidence","/qa-run-control","/trust-safety-operations","/pilot-workspace/access","/strategic-intelligence"],"owners":["Accuracy Review Agent","Evidence Attribution Agent","Claims and Boundary Agent","Security Drift Agent","QA Regression Agent","Incident Learning Agent","Innovation Scout Agent","QA Regression Agent + Release Steward","Accuracy Review Agent + domain owner","Claims and Boundary Agent + qualified reviewer when needed","Security Drift Agent + engineering owner","Founder, domain owner, security/privacy/legal/clinical reviewer as needed","Innovation Scout Agent + Internal Research Team","Executive governance council","Release Steward + Security","Privacy + TrustOps","Innovation Scout Agent + Claims reviewer","Internal Research Team - Quantum Horizon","Internal Research Team - AgentOS Lab","Internal Research Team - Privacy Lab","Internal Research Team - Validation Trust Lab","Internal Research Team - Interoperability Futures","Quantum Horizon","AgentOS Lab","Validation Trust Lab","Privacy Lab"],"blockedClaims":["silently rewrite public claims","approve clinical content","certify accuracy without reviewer","invent source support","quote large copyrighted text","claim third-party endorsement","approve legal claim","approve advertising substantiation","waive external review","apply unmanaged production patch","rotate customer secrets autonomously","claim SOC/MDR coverage","bypass failing smoke","mark retained proof without protected packet","run authenticated happy path without AAL2","make breach determination","notify regulator","close incident without reviewer","publish quantum claims","promise future product","claim clinical advantage","commit to procurement timeline","production change without reviewer","clinical workflow mutation","credential rotation without owner","patient identifier","clinical record","payer member identifier","artifact URL","missing data boundary","missing PHI block","missing security certification block","stale legal/regulatory source","unsupported market claim","missing source owner","incident closed without review","legal hold ignored","customer-impacting issue unowned","public quantum advantage claim","future product guarantee","clinical superiority claim","quantum-safe certified","quantum clinical advantage","post-quantum production ready","autonomous audit approval","error-free AI review","clinician-free validation","privacy guaranteed","HIPAA approved analytics","customer data safe by default","clinical validation complete","diagnostic accuracy","treatment optimization","sovereign-ready certified","EHR production approved","public-sector approved"],"nextBuildStep":"Turn the continuous review model into protected work queues for accuracy sampling, evidence source aging, claims guard review, security drift, post-incident learning, and internal research promotion gates."},"enterpriseBusinessOps":{"service":"scrimed-enterprise-business-operations","route":"/enterprise-business-ops","apiRoute":"/api/enterprise-business-ops","briefRoute":"/api/enterprise-business-ops/brief","status":"enterprise-business-ops-revenue-margin-control-plane-active","briefStatus":"enterprise-business-ops-brief-ready-no-legal-accounting-advice","boundary":"SCRIMED Enterprise Business Operations organizes revenue capability, profit-margin discipline, legal operations, finance/accounting controls, tax-awareness routing, enterprise deal approval, and audit evidence for qualified human review. It is operating-readiness material only. It is not legal advice, accounting advice, tax advice, audited financial reporting, securities offering material, investment advice, valuation assurance, contract approval, revenue guarantee, profit-margin guarantee, reimbursement assurance, customer permission, certification, PHI processing authority, production connector approval, or live clinical care authorization.","sourceCount":7,"officialSourceCount":4,"revenueCapabilityCount":9,"humanReviewRevenueCapabilityCount":2,"qualifiedReviewRevenueCapabilityCount":3,"marginControlCount":10,"qualifiedReviewMarginControlCount":5,"teamRoleCount":11,"legalRoleCount":4,"financeAccountingTaxRoleCount":6,"enterpriseControlCount":10,"operatingCadenceCount":8,"profitLeverCount":10,"blockedClaimCount":16,"proofRouteCount":23,"allProofRoutes":["/pricing","/growth-engine","/capital-vitality","/sales-operations","/pilot-deal-room","/enterprise-business-ops","/public-market-readiness","/pilot-workspace/access","/buyer-release-control-run","/qa-buyer-proof-release","/product","/healthcare-intelligence-os","/interoperability","/pilot-evidence","/global-reach","/deployment-profiles","/service-reliability","/workflows/results","/global-certification-readiness","/continuous-review-audit","/trust-safety-operations","/trust-center","/approvals-readiness"],"sourceCounts":{"capitalRevenueCapabilityCount":8,"growthEnginePlayCount":6,"growthEngineConversionLaneCount":4,"publicMarketMetricCount":10,"publicMarketUnitEconomicsPackageCount":4,"publicMarketCustomerProofStageCount":5},"authority":{"legalAuthority":"qualified-counsel-review-required","accountingAuthority":"qualified-accounting-review-required","taxAuthority":"qualified-tax-review-required","financialAuthority":"not-audited-financial-report","revenueAuthority":"not-revenue-guarantee","profitAuthority":"not-profit-margin-guarantee","securitiesAuthority":"not-securities-offering-material","investmentAdvice":"not-investment-advice","valuationAuthority":"not-valuation-assurance","contractAuthority":"human-executive-approval-required","dataBoundary":"business-and-metadata-only","phiAuthority":"not-authorized-production-phi","clinicalCareAuthority":"not-authorized-live-care","certificationAuthority":"not-certification"},"nextBusinessMove":"Run every enterprise opportunity through Deal Desk, price-floor review, scope control, counsel review, accounting/revenue-recognition triage, tax awareness, billing readiness, and margin review before proposal release; keep all legal, accounting, tax, revenue, profit, securities, valuation, customer-value, reimbursement, PHI, connector, certification, and live-care claims blocked until the qualified authority exists.","sources":[{"name":"DOJ Evaluation of Corporate Compliance Programs","sourceType":"official-government","url":"https://www.justice.gov/criminal-fraud/page/file/937501/download","reviewedAt":"2026-06-25","signal":"The September 2024 DOJ guidance evaluates whether a compliance program is well designed, adequately resourced and empowered, and works in practice, with attention to risk assessment, emerging technology, reporting channels, investigations, training, incentives, and internal controls.","scrimedApplication":"Route enterprise deals, public claims, partner arrangements, AI use, and escalation processes through documented compliance ownership and evidence trails."},{"name":"COSO Internal Control - Integrated Framework","sourceType":"official-framework","url":"https://www.coso.org/guidance-on-ic","reviewedAt":"2026-06-25","signal":"COSO frames internal control as supporting operations, reporting, and compliance objectives, with monitoring, information quality, control activities, and healthcare-provider implementation guidance called out on its official internal-control page.","scrimedApplication":"Structure finance, quote-to-contract, revenue-recognition review, audit evidence retention, and margin controls as owned control activities rather than informal founder judgment."},{"name":"AICPA SOC Suite of Services","sourceType":"official-accounting-body","url":"https://www.aicpa-cima.com/resources/landing/system-and-organization-controls-soc-suite-of-services","reviewedAt":"2026-06-25","signal":"AICPA describes SOC as service offerings CPAs may provide for system-level controls of a service organization or entity-level controls of other organizations, supporting user assessment of outsourcing risks.","scrimedApplication":"Keep SOC-related buyer language in readiness mode until an independent qualified CPA firm performs any applicable engagement."},{"name":"OECD Transfer Pricing Guidelines","sourceType":"official-tax-guidance","url":"https://www.oecd.org/en/publications/oecd-transfer-pricing-guidelines-for-multinational-enterprises-and-tax-administrations-2022_0e655865-en.html","reviewedAt":"2026-06-25","signal":"OECD guidance anchors cross-border associated-enterprise pricing to the arm's length principle and helps tax administrations and businesses reduce disputes across jurisdictions.","scrimedApplication":"Prepare global expansion, partner, reseller, affiliate, and intercompany motions for qualified tax review before SCRIMED enters complex cross-border revenue structures."},{"name":"SCRIMED Capital Vitality","sourceType":"internal-operating-source","url":"/capital-vitality","reviewedAt":"2026-06-25","signal":"SCRIMED already maps revenue capabilities, moat signals, investor milestones, funding workstreams, and external-review gates.","scrimedApplication":"Tie enterprise business operations to sellable revenue packages without turning readiness language into investor solicitation or audited financial claims."},{"name":"SCRIMED Growth Engine","sourceType":"internal-operating-source","url":"/growth-engine","reviewedAt":"2026-06-25","signal":"SCRIMED already prioritizes buyer segments, sellable offers, conversion lanes, revenue proof steps, bottlenecks, and proof routes.","scrimedApplication":"Convert commercial execution into deal-desk controls, discount approval gates, and contract-ready handoffs."},{"name":"SCRIMED Public Market Readiness","sourceType":"internal-operating-source","url":"/public-market-readiness","reviewedAt":"2026-06-25","signal":"SCRIMED already defines KPI, unit-economics, model-efficiency, customer proof, board, and finance-methodology readiness without claiming audited financial reporting.","scrimedApplication":"Feed enterprise margin controls, board packs, and finance methodology gates while preserving no-audit and no-securities boundaries."}],"revenueCapabilities":[{"slug":"enterprise-pricing-packaging","name":"Enterprise pricing and packaging architecture","status":"active-control-plane","buyer":"Health systems, payers, government health programs, and strategic platform partners","revenueMotion":"Package assessment, synthetic pilot, protected diligence room, implementation blueprint, and enterprise operating license as separate value steps.","marginContribution":"Improves price realization by preventing custom enterprise work from being bundled into low-margin pilots.","proofRoutes":["/pricing","/growth-engine","/capital-vitality"],"retainedGate":"Qualified commercial, legal, and finance review before external price commitments or buyer-specific discount promises.","nextAction":"Attach each opportunity to one approved package, price floor, deliverable boundary, and upgrade path before proposal release."},{"slug":"deal-desk-quote-to-contract","name":"Deal desk and quote-to-contract control","status":"human-review-required","buyer":"Enterprise buying committees, procurement, security, legal, and finance stakeholders","revenueMotion":"Move qualified opportunities from sales discovery into counsel-reviewable order form, SOW, data boundary, and implementation assumptions.","marginContribution":"Reduces margin leakage from uncontrolled custom terms, scope creep, weak payment terms, and unapproved concessions.","proofRoutes":["/sales-operations","/pilot-deal-room","/enterprise-business-ops"],"retainedGate":"Human executive approval, qualified counsel review, finance review, and customer sign-off required before contract execution.","nextAction":"Create a quote-to-contract packet with package, scope, pricing, discount rationale, billing terms, data boundary, and approval trail."},{"slug":"annual-prepay-and-multiyear","name":"Annual prepay and multi-year enterprise commitments","status":"qualified-review-required","buyer":"CFO, CIO, procurement, transformation sponsors, and budget owners","revenueMotion":"Use annual prepay and multi-year optionality for qualified enterprise pilots and operating licenses after scope and renewal gates are clear.","marginContribution":"Improves cash conversion, lowers collection risk, and creates implementation runway without claiming guaranteed savings.","proofRoutes":["/capital-vitality","/public-market-readiness","/pricing"],"retainedGate":"Finance, accounting, tax, and legal review before payment-term, revenue-recognition, or renewal language leaves SCRIMED.","nextAction":"Prepare payment term menu with finance-approved cash, recognition, refund, cancellation, and renewal assumptions."},{"slug":"protected-diligence-monetization","name":"Protected buyer diligence monetization","status":"human-review-required","buyer":"Procurement, security reviewers, legal reviewers, investor diligence teams, and executive sponsors","revenueMotion":"Convert high-effort diligence, proof packets, security review, and evidence-room packaging into an explicit paid diligence or enterprise activation line item.","marginContribution":"Prevents expensive evidence packaging from becoming unpaid sales labor while reinforcing trust posture.","proofRoutes":["/pilot-workspace/access","/buyer-release-control-run","/qa-buyer-proof-release"],"retainedGate":"AAL2 protected workspace, release decisions, reviewer signoffs, and customer permission before buyer-specific external sharing.","nextAction":"Price buyer-diligence packaging separately when procurement, security, legal, or investor review requires custom packet work."},{"slug":"implementation-services-margin","name":"Implementation services and blueprint attach","status":"active-control-plane","buyer":"Clinical operations, transformation, interoperability, and revenue-cycle leaders","revenueMotion":"Attach implementation blueprint, workflow design, governance design, and integration-readiness planning to pilots before production scope.","marginContribution":"Separates high-touch services from license economics and makes labor assumptions visible before commitments expand.","proofRoutes":["/product","/healthcare-intelligence-os","/interoperability"],"retainedGate":"SOW, staffing, deliverables, timeline, data boundary, and implementation acceptance criteria must be approved before delivery.","nextAction":"Template the implementation blueprint as a paid, capped-scope service with clear assumptions and change-order triggers."},{"slug":"renewal-expansion-discipline","name":"Renewal and expansion discipline","status":"active-control-plane","buyer":"Customer sponsors, finance owners, operations leaders, and executive steering committees","revenueMotion":"Tie renewal and expansion to buyer-approved evidence, adopted workflows, governance completion, and implementation milestones.","marginContribution":"Improves net retention while avoiding unsupported ROI, reimbursement, or customer-revenue claims.","proofRoutes":["/public-market-readiness","/pilot-evidence","/sales-operations"],"retainedGate":"Buyer finance methodology, customer permission, and legal review before any external customer-value claim.","nextAction":"Create a renewal health packet with adoption, workflow volume, support load, model cost, reviewed value signals, and next expansion gate."},{"slug":"channel-and-partner-economics","name":"Channel and partner economics","status":"qualified-review-required","buyer":"Health system networks, regional partners, services firms, sovereign programs, and marketplace channels","revenueMotion":"Model reseller, referral, integration, and implementation partner economics before SCRIMED enters margin-sharing agreements.","marginContribution":"Prevents channel discounts, partner delivery cost, tax complexity, and indemnity terms from eroding enterprise margins.","proofRoutes":["/global-reach","/deployment-profiles","/enterprise-business-ops"],"retainedGate":"Qualified counsel, finance, tax, privacy, security, and regional review before partner or reseller terms are represented externally.","nextAction":"Maintain a partner economics worksheet with referral fee, reseller margin, implementation owner, data role, liability, and tax-review state."},{"slug":"usage-and-model-cost-alignment","name":"Usage-based value aligned to model cost","status":"active-control-plane","buyer":"Enterprise buyers with high workflow volume, review queues, and AI cost sensitivity","revenueMotion":"Tie high-volume packages to workflow count, reviewer volume, proof-packet output, and model-routing cost assumptions.","marginContribution":"Keeps AI unit cost, infrastructure, support, and reviewer labor aligned with price bands and overage policy.","proofRoutes":["/public-market-readiness","/service-reliability","/workflows/results"],"retainedGate":"Finance review of cost model, support tier, model-route assumptions, and overage language before proposal release.","nextAction":"Add unit-cost review to every high-volume proposal and require approval when projected gross margin falls below threshold."},{"slug":"public-sector-enterprise-procurement","name":"Public-sector and sovereign procurement readiness","status":"qualified-review-required","buyer":"Government health systems, public payers, sovereign healthcare programs, and procurement authorities","revenueMotion":"Create readiness-only procurement packs for jurisdiction-specific buying paths, security questionnaires, data residency, and external approval gates.","marginContribution":"Prevents under-scoped public-sector pursuits from consuming enterprise resources without a realistic procurement and compliance path.","proofRoutes":["/global-certification-readiness","/global-reach","/pilot-deal-room"],"retainedGate":"Qualified public-sector procurement, regional legal, privacy, security, tax, and compliance review before pursuing binding commitments.","nextAction":"Score every public-sector opportunity against approval complexity, security burden, payment timing, implementation effort, and strategic value."}],"marginControls":[{"control":"Price floor and discount approval","owner":"Founder + CFO/FP&A + Deal Desk","status":"human-review-required","marginRisk":"Enterprise urgency can create unmanaged discounts, free diligence work, and low-margin custom scope.","operatingPolicy":"Every proposal must show list price, discount, approval reason, gross-margin estimate, and expiration date.","evidenceRoutes":["/pricing","/sales-operations","/enterprise-business-ops"],"blockedUntilReviewed":["discount below floor","free paid-diligence package","unapproved multi-year concession"]},{"control":"Revenue-recognition review gate","owner":"Controller + Revenue Accounting Lead","status":"qualified-review-required","marginRisk":"Bundled services, cancellation rights, success fees, refunds, or variable pricing can create accounting and reporting risk.","operatingPolicy":"Contract terms that affect timing, deliverables, performance obligations, variable consideration, or refunds require accounting review.","evidenceRoutes":["/public-market-readiness","/enterprise-business-ops"],"blockedUntilReviewed":["audited revenue claim","recognized revenue guidance","financial statement treatment claim"]},{"control":"Implementation labor and scope control","owner":"Implementation Lead + Finance","status":"active-control-plane","marginRisk":"Unbounded implementation work can turn high-value pilots into services-heavy margin drains.","operatingPolicy":"Each implementation package needs capped hours, change-order triggers, named deliverables, and staffing assumptions.","evidenceRoutes":["/product","/growth-engine","/interoperability"],"blockedUntilReviewed":["uncapped implementation promise","unpriced integration work","live connector timeline guarantee"]},{"control":"AI and cloud unit-cost routing","owner":"Product Engineering + FP&A","status":"active-control-plane","marginRisk":"Model routing, retries, large-context workflows, and proof-packet generation can silently compress margins.","operatingPolicy":"High-volume workflows must include model-route assumptions, usage guardrails, cached evidence reuse, and cost-per-workflow review.","evidenceRoutes":["/public-market-readiness","/service-reliability","/continuous-review-audit"],"blockedUntilReviewed":["unbounded model usage","free high-volume pilot","cost target represented as guarantee"]},{"control":"Support tier and success coverage","owner":"Customer Success + Finance","status":"active-control-plane","marginRisk":"Premium customer expectations can create unfunded white-glove support obligations.","operatingPolicy":"Support coverage, response windows, executive reporting, and escalation channels must map to paid tier and staffing model.","evidenceRoutes":["/sales-operations","/trust-safety-operations","/service-reliability"],"blockedUntilReviewed":["24/7 managed support claim","unpriced executive reporting","unapproved SLA commitment"]},{"control":"Billing, collections, and cash conversion","owner":"Billing/AR Owner + CFO","status":"human-review-required","marginRisk":"Weak payment terms, delayed invoicing, or uncollected receivables can make profitable contracts cash-negative.","operatingPolicy":"Contract packet must include invoice schedule, payment term, late-payment path, purchase-order requirements, and collections owner.","evidenceRoutes":["/enterprise-business-ops","/sales-operations"],"blockedUntilReviewed":["start work without billing trigger","non-standard payment term","customer procurement blocker ignored"]},{"control":"Vendor and subprocessor spend approval","owner":"Procurement + Security + Finance","status":"qualified-review-required","marginRisk":"Enterprise buyer requirements can create unmanaged vendor, audit, storage, security, or regional hosting costs.","operatingPolicy":"New vendors, subprocessors, hosting regions, and evidence-vault costs require security, privacy, finance, and legal review.","evidenceRoutes":["/deployment-profiles","/trust-center","/enterprise-business-ops"],"blockedUntilReviewed":["new subprocessor commitment","unpriced dedicated environment","unsupported data-residency claim"]},{"control":"Legal template and indemnity guardrails","owner":"General Counsel / Outside Counsel","status":"qualified-review-required","marginRisk":"Uncapped liability, unsupported warranties, IP terms, or data obligations can overwhelm contract value.","operatingPolicy":"Non-standard liability, warranty, indemnity, IP, privacy, regulated-use, and publicity terms require qualified counsel review.","evidenceRoutes":["/approvals-readiness","/global-certification-readiness","/enterprise-business-ops"],"blockedUntilReviewed":["uncapped liability","unsupported compliance warranty","customer-publicity claim"]},{"control":"Tax nexus and transfer pricing triage","owner":"Tax Advisor + CFO","status":"qualified-review-required","marginRisk":"Cross-border enterprise, reseller, affiliate, and sovereign deals can create tax exposure and profit allocation complexity.","operatingPolicy":"Global revenue structures require qualified tax review for nexus, withholding, VAT/GST, transfer pricing, and local filing implications.","evidenceRoutes":["/global-reach","/global-certification-readiness","/enterprise-business-ops"],"blockedUntilReviewed":["tax advice claim","cross-border reseller margin","intercompany pricing commitment"]},{"control":"Board, investor, and fundraising material review","owner":"Founder + CFO + Securities Counsel","status":"qualified-review-required","marginRisk":"Revenue, margin, customer, market, and valuation language can create securities, investor, or audit risk.","operatingPolicy":"Investor materials must stay counsel-reviewed, source-backed, and clearly separated from audited financial reporting or securities offering claims.","evidenceRoutes":["/capital-vitality","/public-market-readiness","/enterprise-business-ops"],"blockedUntilReviewed":["securities offering material","valuation assurance","audited financial statement claim"]}],"teamRoles":[{"role":"General Counsel / Outside Counsel","team":"legal","status":"qualified-review-required","responsibility":"Own contract authority, legal risk routing, claim review, dispute posture, and privileged escalation.","approvalAuthority":"Can recommend or approve legal language only within qualified engagement scope.","escalationTrigger":"Non-standard legal term, regulated-use claim, customer dispute, public claim, or investor/fundraising material."},{"role":"Commercial Contracts Counsel","team":"legal","status":"qualified-review-required","responsibility":"Review order forms, SOWs, MSAs, DPAs, BAAs, partner agreements, and procurement terms.","approvalAuthority":"Qualified counsel review required before contract execution or legal term representation.","escalationTrigger":"Liability, warranty, indemnity, data-use, IP, publicity, payment, termination, or regulated workflow term."},{"role":"Privacy and Security Counsel","team":"legal","status":"qualified-review-required","responsibility":"Review HIPAA/BAA, DPA, cross-border data transfer, subprocessor, evidence-room, and security questionnaire language.","approvalAuthority":"Can approve privacy/security legal posture only within qualified review scope.","escalationTrigger":"PHI/ePHI, personal data, data residency, subprocessor, incident, breach, or security warranty request."},{"role":"Corporate and Securities Counsel","team":"legal","status":"qualified-review-required","responsibility":"Review fundraising, investor, board, equity, governance, corporate authority, and securities-sensitive materials.","approvalAuthority":"Required for securities, investment, valuation, financing, or corporate-governance claims.","escalationTrigger":"Investor deck, financing discussion, valuation language, shareholder material, or public market narrative."},{"role":"CFO / Finance Lead","team":"finance","status":"human-review-required","responsibility":"Own pricing floors, margin model, cash plan, board finance pack, vendor spend, billing posture, and financial controls.","approvalAuthority":"Approves business economics but does not issue audited financial statements or tax/accounting advice alone.","escalationTrigger":"Discount below floor, gross-margin risk, cash exposure, vendor spend, financing, or board-level financial metric."},{"role":"Controller","team":"accounting","status":"qualified-review-required","responsibility":"Own close process, chart of accounts, revenue recognition review, billing reconciliation, and audit evidence discipline.","approvalAuthority":"Controls accounting process but audited opinions require qualified external auditor where applicable.","escalationTrigger":"Revenue treatment, deferred revenue, refund/cancellation term, close exception, audit evidence gap, or financial report."},{"role":"Revenue Accounting Lead","team":"accounting","status":"qualified-review-required","responsibility":"Review contract deliverables, performance obligations, variable consideration, credits, refunds, and recognition timing.","approvalAuthority":"Accounting review required before SCRIMED presents revenue treatment or financial reporting posture externally.","escalationTrigger":"Bundled deliverables, success fees, usage tiers, refund rights, non-standard acceptance, or multi-year contract."},{"role":"FP&A and Margin Analyst","team":"finance","status":"active-control-plane","responsibility":"Maintain offer-level margin model, unit-cost assumptions, implementation labor allocation, and scenario analysis.","approvalAuthority":"Recommends margin thresholds and exceptions for CFO/executive approval.","escalationTrigger":"Projected margin below floor, model cost spike, support burden, unpriced service work, or high-volume buyer proposal."},{"role":"Tax Advisor","team":"tax","status":"qualified-review-required","responsibility":"Review sales tax, VAT/GST, withholding, nexus, transfer pricing, entity, and cross-border revenue implications.","approvalAuthority":"Qualified tax review required before tax treatment, cross-border structure, or intercompany pricing is represented.","escalationTrigger":"New country, reseller/channel agreement, sovereign buyer, affiliate/intercompany motion, or marketplace payout."},{"role":"Deal Desk and Revenue Operations","team":"revenue-operations","status":"human-review-required","responsibility":"Coordinate quote-to-contract packets, approvals, scope, pricing, discount evidence, billing triggers, and CRM hygiene.","approvalAuthority":"Can route and validate process completion but cannot approve legal/accounting/tax exceptions independently.","escalationTrigger":"Missing approver, stale quote, unapproved discount, customer procurement blocker, or unsupported sales claim."},{"role":"Billing and Accounts Receivable Owner","team":"finance","status":"human-review-required","responsibility":"Own invoice schedule, purchase-order readiness, collection workflow, payment status, and cash exception reporting.","approvalAuthority":"Can enforce billing controls and escalate non-payment; cannot alter contract economics without approval.","escalationTrigger":"Late payment, missing PO, invoice dispute, payment-term exception, or work starting before billing trigger."}],"enterpriseControls":[{"control":"Quote-to-contract approval packet","purpose":"Tie package, price, discount, SOW, payment terms, data boundary, implementation scope, and approvals together.","owner":"Deal Desk + CFO + Counsel","evidence":["approved quote","SOW","discount approval","data-boundary memo","billing schedule"],"hardStops":["missing counsel review","missing finance approval","unapproved non-standard term"]},{"control":"Revenue-recognition intake","purpose":"Route contract features that affect recognition or reporting to qualified accounting review.","owner":"Controller + Revenue Accounting Lead","evidence":["contract checklist","deliverable map","payment terms","acceptance criteria","review signoff"],"hardStops":["audited revenue claim","accounting treatment represented without review","unclear performance obligation"]},{"control":"Discount and concession approval","purpose":"Prevent uncontrolled discounting, extended trials, free diligence work, and unfunded success coverage.","owner":"CFO + Founder","evidence":["list price","discount rationale","margin estimate","expiration","approval record"],"hardStops":["below-floor discount","unpriced custom work","open-ended concession"]},{"control":"Payment and collections control","purpose":"Keep profitable contracts from becoming cash-negative because billing triggers or collections paths are missing.","owner":"Billing/AR Owner + CFO","evidence":["invoice schedule","PO requirement","payment term","collections owner","exception log"],"hardStops":["work begins before billing trigger","missing invoice owner","unapproved payment term"]},{"control":"Vendor and subprocessor spend approval","purpose":"Prevent enterprise-specific vendor, storage, audit, hosting, and security obligations from eroding margin.","owner":"Procurement + Security + Finance","evidence":["vendor review","subprocessor review","spend approval","security review","data-boundary impact"],"hardStops":["new subprocessor without review","dedicated environment without pricing","unsupported data-residency commitment"]},{"control":"Customer diligence and legal artifact workflow","purpose":"Route security, procurement, legal, and compliance artifacts through metadata-only protected evidence paths.","owner":"Buyer Diligence + Legal Ops","evidence":["artifact owner","review status","expiration","release decision","recipient controls"],"hardStops":["sensitive artifact stored publicly","expired artifact represented as current","external sharing without release decision"]},{"control":"Board and investor material review","purpose":"Separate operating metrics from securities material, valuation assurance, audited financial reporting, and investment advice.","owner":"Founder + CFO + Securities Counsel","evidence":["source-backed metric","boundary language","counsel review","version log","recipient context"],"hardStops":["securities claim without counsel","audited metric claim without audit","valuation assurance claim"]},{"control":"Audit evidence retention and legal hold routing","purpose":"Preserve business decisions, approvals, evidence packets, and exceptions for qualified audit, legal, or diligence review.","owner":"Controller + Legal Ops + TrustOps","evidence":["approval trail","packet hash","retention label","legal-hold flag","owner attestation"],"hardStops":["delete relevant evidence under hold","untracked approval exception","missing packet owner"]},{"control":"Tax nexus and transfer pricing triage","purpose":"Make global revenue, reseller, affiliate, and sovereign motions visible to qualified tax advisors before commitments expand.","owner":"Tax Advisor + CFO","evidence":["jurisdiction checklist","buyer location","partner economics","VAT/GST flag","transfer-pricing review"],"hardStops":["tax advice without advisor","cross-border reseller commitment","intercompany price represented externally"]},{"control":"Enterprise claims and authority guard","purpose":"Keep sales, investor, legal, accounting, tax, revenue, margin, certification, and customer-proof claims inside retained evidence.","owner":"Claim Guard + Legal + Finance","evidence":["claim classification","source","owner","review status","blocked claim list"],"hardStops":["guaranteed profit margin","legal approval without counsel","audited financial statements claim"]}],"operatingCadences":[{"cadence":"Weekly deal desk","owner":"Founder + Revenue Ops + Counsel + Finance","reviewedSignals":["qualified opportunities","discount requests","scope exceptions","legal blockers","payment terms"],"decisionOutput":"Approve, revise, hold, or disqualify enterprise proposal before buyer release.","retainedBoundary":"Deal desk review is not contract execution or legal approval without qualified counsel."},{"cadence":"Weekly pipeline and margin review","owner":"Founder + CFO/FP&A","reviewedSignals":["pipeline stage","expected package","unit economics","support burden","implementation hours"],"decisionOutput":"Prioritized account list with price floor, margin threshold, and next approved action.","retainedBoundary":"Forecast review is internal operating planning, not revenue assurance."},{"cadence":"Daily billing and collections exception sweep","owner":"Billing/AR Owner","reviewedSignals":["missing PO","invoice due","late payment","billing trigger","contract start date"],"decisionOutput":"Exception queue with owner, customer action, and work-start or hold status.","retainedBoundary":"Collections workflow does not alter contract terms without approved amendment."},{"cadence":"Monthly close readiness","owner":"Controller + CFO","reviewedSignals":["invoices","deferred revenue","expenses","vendor accruals","contract changes","metric evidence"],"decisionOutput":"Close checklist, unresolved exceptions, and external accountant review packet where needed.","retainedBoundary":"Close readiness is not audited financial reporting."},{"cadence":"Monthly gross-margin review","owner":"FP&A + Product Engineering + Customer Success","reviewedSignals":["cost per workflow","model spend","cloud spend","support load","implementation hours","price realization"],"decisionOutput":"Offer-level margin actions, routing changes, support tier changes, and pricing update candidates.","retainedBoundary":"Margin review guides decisions but does not guarantee customer margin or company profit."},{"cadence":"Quarterly board and finance pack","owner":"Founder + CFO + Controller","reviewedSignals":["pipeline","cash","gross margin","unit economics","risk register","customer proof","blocked claims"],"decisionOutput":"Board-ready operating pack with counsel/accounting boundaries attached.","retainedBoundary":"Board pack is not securities offering material unless separately prepared and approved."},{"cadence":"Quarterly legal and compliance review","owner":"General Counsel / Outside Counsel + TrustOps","reviewedSignals":["contract exceptions","claims","incidents","privacy/security issues","approvals","regional expansion"],"decisionOutput":"Updated legal risk register, claim constraints, contract template changes, and escalation tasks.","retainedBoundary":"Internal review does not replace jurisdiction-specific legal advice."},{"cadence":"Annual tax, audit, and assurance readiness","owner":"CFO + Controller + Tax Advisor + External Accountant/Auditor","reviewedSignals":["revenue contracts","entity structure","cross-border activity","vendor spend","SOC readiness","audit evidence"],"decisionOutput":"Advisor-reviewed annual readiness plan for tax, accounting, audit, and assurance priorities.","retainedBoundary":"Readiness plan is not tax advice, audited financial statements, or SOC certification."}],"profitLevers":[{"lever":"Package entry work as paid assessment","useCase":"Discovery, workflow mapping, governance audit, and buyer readiness before synthetic pilot.","marginPath":"Turns early enterprise effort into paid, bounded scope instead of unpaid selling labor.","requiredControl":"Assessment SOW, price floor, scope cap, and no-PHI boundary.","blockedClaim":"guaranteed conversion to enterprise license"},{"lever":"Annual prepay incentive","useCase":"Qualified enterprise licenses and protected-pilot extensions with stable scope.","marginPath":"Improves cash flow and reduces collection friction without promising financial outcomes.","requiredControl":"Finance, accounting, tax, and legal review of payment terms.","blockedClaim":"cash-flow or revenue recognition advice"},{"lever":"Multi-year renewal architecture","useCase":"Large buyers needing budget certainty and staged workflow expansion.","marginPath":"Improves retention visibility while keeping implementation milestones explicit.","requiredControl":"Renewal terms, cancellation language, scope changes, and acceptance criteria reviewed.","blockedClaim":"guaranteed renewal"},{"lever":"Paid protected diligence room","useCase":"Security, procurement, legal, investor, and executive diligence requiring custom proof packets.","marginPath":"Monetizes high-effort trust work and reduces unfunded sales engineering burden.","requiredControl":"Release decision, recipient controls, AAL2 workspace, and customer permission.","blockedClaim":"public release approved"},{"lever":"Implementation templates and change orders","useCase":"Workflow blueprint, governance design, interoperability planning, and deployment readiness.","marginPath":"Controls labor cost and moves scope expansion into approved paid work.","requiredControl":"SOW, assumptions, capped hours, and change-order triggers.","blockedClaim":"unlimited implementation included"},{"lever":"Margin-aware model routing","useCase":"High-volume workflow packets, document intelligence, and evidence generation.","marginPath":"Reduces AI unit cost through model selection, caching, prompt discipline, and usage thresholds.","requiredControl":"Cost-per-workflow review and finance-approved usage bands.","blockedClaim":"fixed cost savings guarantee"},{"lever":"Support tiering","useCase":"Executive reporting, response windows, incident escalation, and premium customer success coverage.","marginPath":"Aligns support obligations with paid tier instead of absorbing enterprise expectations for free.","requiredControl":"Support policy, escalation matrix, staffing assumptions, and SLA review.","blockedClaim":"managed 24/7 SOC/MDR or clinical support coverage"},{"lever":"Usage overage and volume bands","useCase":"Buyers with variable workflow volume, proof-packet generation, and reviewer activity.","marginPath":"Protects gross margin when usage exceeds original assumptions.","requiredControl":"Usage measurement, billing logic, customer notice, and legal/accounting review.","blockedClaim":"unlimited usage at fixed pilot price"},{"lever":"Channel economics guardrails","useCase":"Referral, reseller, implementation partner, and marketplace routes.","marginPath":"Keeps partner margin, liability, support, taxes, and delivery ownership visible.","requiredControl":"Partner agreement, tax review, discount cap, and delivery responsibility map.","blockedClaim":"partner-authorized compliance or government endorsement"},{"lever":"Collections-first activation","useCase":"Enterprise work that depends on PO, invoice, onboarding, or procurement acceptance.","marginPath":"Prevents SCRIMED from starting expensive work before payment path and contract authority are clear.","requiredControl":"Billing trigger, PO status, invoice owner, and executive exception approval.","blockedClaim":"work started equals contract approved"}],"blockedClaims":["guaranteed profit margin","guaranteed revenue","audited financial statements","accounting advice","tax advice","legal approval without counsel","contract approved without executive signature","securities offering material","investment advice","valuation assurance","SOC certified","customer value guaranteed","reimbursement guaranteed","PHI processing authorized","production connector approved","live clinical care authorized"],"capitalVitalitySummary":{"service":"scrimed-capital-vitality","route":"/capital-vitality","apiRoute":"/api/capital-vitality","briefRoute":"/api/capital-vitality/brief","status":"capital-vitality-revenue-funding-readiness-active","briefStatus":"capital-vitality-brief-ready-no-securities-offer","fundingVitalityPosture":"investor-ready-readiness-materials-no-securities-offer","boundary":"SCRIMED Capital Vitality organizes revenue capabilities, competitive moat evidence, investor-readiness milestones, funding workstreams, and retained external-review gates. It strengthens commercial execution and diligence readiness, but it is not investment advice, securities offering material, audited financial reporting, valuation assurance, legal advice, tax advice, reimbursement assurance, customer revenue guarantee, security certification, regulatory approval, PHI processing approval, production connector approval, or live clinical care authorization.","authority":{"dataBoundary":"synthetic-only","financialAuthority":"not-audited-financial-report","securitiesAuthority":"not-securities-offering-material","investmentAdvice":"not-investment-advice","valuationAuthority":"not-valuation-assurance","reimbursementAuthority":"no-reimbursement-guarantee","approvalAuthority":"external-review-required","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","securityCertification":"not-security-certified"},"sourceAlignment":{"pageRouteCount":164,"apiRoutePatternCount":439,"smokeCoveredHtmlRouteCount":76,"commercialPricingStatus":"pricing-and-sales-motion-ready","marketActivationStatus":"revenue-message-comms-foundation-ready","publicMarketReadinessStatus":"capital-efficiency-kpi-stack-ready","salesDealRoomStatus":"public-organization-and-protected-packet-ready","serviceReliabilityStatus":"service-reliability-hardening-active"},"revenueCapabilityCount":8,"activeRevenueCapabilityCount":2,"packagedRevenueCapabilityCount":3,"protectedGatedRevenueCapabilityCount":2,"externalReviewRevenueCapabilityCount":1,"moatSignalCount":9,"highMoatSignalCount":4,"investorMilestoneCount":8,"readyInvestorMilestoneCount":4,"externalReviewMilestoneCount":2,"operatorRequiredMilestoneCount":1,"fundingWorkstreamCount":8,"activeFundingWorkstreamCount":3,"externalReviewWorkstreamCount":3,"retainedExternalReviewCount":5,"proofRouteCount":51,"revenueCapabilities":[{"name":"Synthetic Atlas Pilot","buyer":"Health systems, payers, public-sector health teams, and enterprise innovation sponsors","status":"packaged","revenueMotion":"30 to 90 day governed synthetic pilot with executive findings and production-readiness gates.","priceLogic":"Packaged as a premium fixed-fee pilot before any protected enterprise or production-license commitment.","proofRoutes":["/product","/pilot-deal-room","/pilots","/pricing"],"limitation":"Pilot evidence remains synthetic or protected-evaluation only until buyer-specific live controls are approved.","nextAction":"Use the Deal Room and Pilot Intake to qualify sponsor, workflow scope, review team, and success metrics."},{"name":"Workflow Intelligence Assessment","buyer":"Clinical operations, access, revenue cycle, documentation, and transformation leaders","status":"active","revenueMotion":"Short paid assessment that maps workflow friction, AI readiness, governance gaps, and pilot candidates.","priceLogic":"Fixed-scope assessment with clear upgrade path into Synthetic Atlas Pilot.","proofRoutes":["/pricing","/product","/pilot","/sales-operations"],"limitation":"Findings are operational intelligence for human leaders, not medical, legal, reimbursement, or accounting advice.","nextAction":"Keep assessment outputs tied to proof routes, governance gates, and buyer-approved baselines."},{"name":"AI Readiness + Governance Audit","buyer":"Compliance, security, legal, clinical governance, innovation, and executive sponsors","status":"packaged","revenueMotion":"Readiness engagement for claims control, privacy posture, auditability, role controls, runtime safety, and approval gates.","priceLogic":"Assessment fee that can expand into protected pilot controls and enterprise diligence work.","proofRoutes":["/approvals-readiness","/boundary-resolution","/clinical-authority-readiness","/trust-center"],"limitation":"Readiness audit does not certify HIPAA, SOC 2, HITRUST, FDA, ONC, security posture, or legal compliance.","nextAction":"Route any certification, regulatory, or legal claim through qualified external reviewers."},{"name":"Clinical Operations Automation Blueprint","buyer":"Hospitals, clinics, payers, and public-sector health programs planning phased automation","status":"packaged","revenueMotion":"Blueprint package for agent responsibilities, connector plan, review queues, safety controls, and staged deployment path.","priceLogic":"Strategy and implementation-planning package that precedes protected pilot or enterprise license.","proofRoutes":["/agents","/workflows","/healthcare-intelligence-os","/interoperability"],"limitation":"Blueprint remains review-only and does not authorize live clinical workflow execution or production connectors.","nextAction":"Translate each automation candidate into blocked actions, human checkpoints, and audit evidence."},{"name":"Protected Buyer Diligence Rooms","buyer":"Enterprise buyers, procurement, security reviewers, investor diligence teams, and executive sponsors","status":"protected-gated","revenueMotion":"Paid buyer-specific diligence packaging with proof packets, release controls, and metadata-only evidence routing.","priceLogic":"Bundled into enterprise pilot/procurement motion; future premium service when release authority is retained.","proofRoutes":["/pilot-workspace/access","/buyer-release-control-run","/pilot-deal-room"],"limitation":"External sharing remains blocked until release decisions, reviewer signoffs, recipient controls, and access-log reconciliation are retained.","nextAction":"Complete the protected release-control chain before any buyer-specific external distribution."},{"name":"TrustOps Incident And Claims Control","buyer":"Enterprise risk, legal, security, marketing, buyer diligence, and operator teams","status":"active","revenueMotion":"Trust, safety, claims, and incident-readiness support for enterprise AI operations and buyer confidence.","priceLogic":"Packaged as governance support attached to pilots and enterprise readiness work.","proofRoutes":["/trust-safety-operations","/qa-claim-guard","/claims","/trust-center"],"limitation":"Operating model does not create managed 24/7 coverage, legal approval, public-claim approval, or certification by itself.","nextAction":"Keep buyer, investor, PR, advertising, and operator claims routed through Claim Guard before publication."},{"name":"Deployment Profile Advisory","buyer":"Security-sensitive hospitals, governments, sovereign programs, and infrastructure partners","status":"external-review-required","revenueMotion":"Advisory package for managed cloud, private cloud, hospital-controlled, sovereign, and edge deployment readiness.","priceLogic":"Premium planning motion that can expand into strategic platform partnership after legal/security review.","proofRoutes":["/deployment-profiles","/global-reach","/market-activation","/interoperability"],"limitation":"Deployment profiles do not grant regional approval, data-residency approval, security certification, or procurement acceptance.","nextAction":"Attach qualified regional legal, privacy, security, and procurement review before external claims expand."},{"name":"Interoperability Conformance Readiness","buyer":"IT, interoperability, EHR, payer, research, and device-integration reviewers","status":"protected-gated","revenueMotion":"Conformance-readiness engagement around standards mapping, fixtures, synthetic tests, and live connector prerequisites.","priceLogic":"Technical diligence package that supports pilots and future implementation scope.","proofRoutes":["/interoperability","/interoperability/evaluations","/integrations","/synthetic/validation"],"limitation":"Synthetic conformance evidence is not live connector certification, trading-partner acceptance, or production data exchange authority.","nextAction":"Keep live connector claims blocked until buyer, legal, security, privacy, and partner approvals exist."}],"competitiveMoatSignals":[{"name":"Healthcare Intelligence OS category position","strength":"high","evidence":"SCRIMED combines AgentOS, Atlas Intelligence Core, TrustOS, workflows, interoperability, and buyer diligence into one healthcare operations layer.","proofRoutes":["/healthcare-intelligence-os","/product","/agents","/atlas"],"defendability":"The moat is domain workflow orchestration plus trust evidence, not general model access.","retainedBoundary":"Architecture proof is not production authorization or clinical validation."},{"name":"TrustOS and Claim Guard discipline","strength":"high","evidence":"Policy evaluation, claim control, blocked authority language, and no-authority headers are embedded across high-risk routes.","proofRoutes":["/trust-os","/qa-claim-guard","/claims","/api/product/console"],"defendability":"Healthcare buyers need governed explainability, boundaries, and audit posture before automation scale.","retainedBoundary":"Trust controls are readiness evidence, not legal advice or compliance certification."},{"name":"Atlas evidence and Trust Cards","strength":"high","evidence":"Evidence routes, Trust Cards, source intelligence, and workflow result packets create inspectable support for buyer review.","proofRoutes":["/atlas","/trust","/source-intelligence","/workflows/results"],"defendability":"Evidence-backed workflow outputs are harder to copy than a model wrapper.","retainedBoundary":"Evidence organization does not guarantee clinical outcome, reimbursement, or customer revenue."},{"name":"Protected buyer release-control chain","strength":"high","evidence":"Buyer release decisions, reviewer signoffs, disabled distribution lockbox controls, recipient controls, and access-log reconciliation are staged before external sharing.","proofRoutes":["/buyer-release-control-run","/pilot-workspace/access","/qa-buyer-proof-release"],"defendability":"Enterprise diligence friction becomes a managed product capability.","retainedBoundary":"Release-control readiness is not release approval or customer permission."},{"name":"Service Reliability fault/control map","strength":"medium","evidence":"Product/service controls, fault classes, efficiency improvements, open gates, and owners are inspectable before claims expand.","proofRoutes":["/service-reliability","/navigation","/release-continuity"],"defendability":"Operational maturity compounds as every new surface inherits route, smoke, and boundary checks.","retainedBoundary":"Reliability hardening is not security certification or approval authority."},{"name":"Public route and smoke discipline","strength":"medium","evidence":"Navigation Audit ties page inventory, API pattern count, route groups, smoke coverage, and protected fail-closed behavior together.","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"defendability":"Route-count controls reduce drift as the product surface grows.","retainedBoundary":"Route control does not prove protected happy-path execution."},{"name":"Public Market KPI and protected board metric ladder","strength":"medium","evidence":"KPI definitions, unit-economics packages, protected operator metrics, board scorecards, and finance methodology gates are mapped.","proofRoutes":["/public-market-readiness","/api/public-market-readiness","/pilot-workspace/access"],"defendability":"Operating metrics connect product usage, workflow value, and governance proof for diligence.","retainedBoundary":"KPI readiness is not audited financial reporting, valuation assurance, or securities material."},{"name":"Interoperability-first synthetic validation","strength":"medium","evidence":"Standards registry, fixture validation, conformance evaluations, and synthetic workflow validation are visible before live integration.","proofRoutes":["/interoperability","/interoperability/evaluations","/integrations/fixture-validation"],"defendability":"Healthcare integration readiness is encoded as a repeatable evidence system.","retainedBoundary":"Synthetic validation does not approve live connectors or PHI ingestion."},{"name":"Commercial packaging and sales operations linkage","strength":"watch","evidence":"Pricing tiers, pilot programs, Deal Room, Sales Operations, attribution, and buyer workspaces are connected.","proofRoutes":["/pricing","/pilot-deal-room","/sales-operations","/attribution-analytics"],"defendability":"Revenue operations become inspectable and tied to proof instead of ad hoc founder selling.","retainedBoundary":"Sales packaging does not guarantee conversion, revenue, customer permission, or procurement approval."}],"investorReadinessMilestones":[{"name":"Category narrative packaged","status":"ready","investorQuestion":"What is SCRIMED building that is bigger than a feature?","evidence":"Healthcare Intelligence OS, public product console, and public-market thesis are live.","proofRoutes":["/healthcare-intelligence-os","/product","/public-market-readiness"],"fundingImpact":"Improves narrative clarity and makes the company easier to diligence.","retainedBoundary":"Narrative is operating posture, not an investment recommendation."},{"name":"Revenue streams mapped","status":"ready","investorQuestion":"How can SCRIMED make money before production clinical authority?","evidence":"Assessments, synthetic pilots, governance audits, blueprints, diligence rooms, and advisory work are packaged.","proofRoutes":["/capital-vitality","/pricing","/market-activation"],"fundingImpact":"Shows near-term non-PHI, synthetic, and review-only revenue paths.","retainedBoundary":"Revenue capability is not a sales forecast, audited result, or customer commitment."},{"name":"Proof stack deployed","status":"ready","investorQuestion":"Is the product real, inspectable, and deployed?","evidence":"Homepage, Hub, Product Console, Deal Room, APIs, briefs, smoke coverage, and production deployment exist.","proofRoutes":["/","/hub","/product","/pilot-deal-room"],"fundingImpact":"Reduces demo risk and gives reviewers direct inspection paths.","retainedBoundary":"Public proof stack does not prove protected customer production execution."},{"name":"Unit economics framework","status":"in-progress","investorQuestion":"Can SCRIMED measure cost, margin, and value by offer?","evidence":"Public Market Readiness defines cost-per-workflow, gross margin by offer, protected operator metrics, and finance methodology gates.","proofRoutes":["/public-market-readiness","/pilot-workspace/access"],"fundingImpact":"Creates the operating skeleton for future board and investor reporting.","retainedBoundary":"Framework is not audited financial reporting, accounting advice, tax advice, or valuation assurance."},{"name":"Claims and approvals controls","status":"ready","investorQuestion":"Can SCRIMED grow without overclaiming regulated authority?","evidence":"Approvals Readiness, Boundary Resolution, Clinical Authority Readiness, and Claim Guard are active.","proofRoutes":["/approvals-readiness","/boundary-resolution","/clinical-authority-readiness","/qa-claim-guard"],"fundingImpact":"Improves credibility with regulated buyers and risk-aware investors.","retainedBoundary":"Controls do not replace counsel, security assessors, regulators, or buyer approvers."},{"name":"Protected AAL2 proof retained","status":"operator-required","investorQuestion":"Can SCRIMED prove authenticated protected workflows without leaking secrets?","evidence":"Protected Manual QA Evidence and Buyer Proof Release exist, with browser AAL2 session requirements.","proofRoutes":["/qa-aal2-run-evidence","/qa-manual-execution-console","/pilot-workspace/access"],"fundingImpact":"Creates a path from public demo proof into protected diligence proof.","retainedBoundary":"Protected happy-path proof requires approved human AAL2 operation and no token retention."},{"name":"Funding data room sequence","status":"external-review-required","investorQuestion":"Which documents can be shared externally and under what authority?","evidence":"Buyer release-control chain can be repurposed as a funding-review release-control checklist.","proofRoutes":["/buyer-release-control-run","/pilot-workspace/access","/qa-buyer-proof-release"],"fundingImpact":"Clarifies how investor materials move through review without uncontrolled distribution.","retainedBoundary":"Funding materials require counsel and do not become securities offering material by default."},{"name":"Security and compliance evidence path","status":"external-review-required","investorQuestion":"What must happen before enterprise production trust claims?","evidence":"Provider security review readiness, procurement evidence routing, and Approvals Readiness tracks are mapped.","proofRoutes":["/approvals-readiness","/pilot-workspace/access","/trust-center"],"fundingImpact":"Shows a credible path toward enterprise-grade assurance without premature claims.","retainedBoundary":"Security posture is not SOC 2, HITRUST, HIPAA, pentest, or BAA execution."}],"fundingVitalityWorkstreams":[{"name":"Investor narrative brief","owner":"Founder + Product Console","status":"packaged","capability":"Use Capital Vitality brief as the top-level investor and board diligence summary.","proof":"/api/capital-vitality/brief","limitation":"Brief is not securities offering material or investment advice.","nextAction":"Review with counsel before using in fundraising or investor solicitation."},{"name":"Pilot conversion proof","owner":"Sales operations + Buyer Diligence","status":"active","capability":"Tie Deal Room, pricing, pilot intake, sales operations, and attribution analytics into one conversion path.","proof":"/pilot-deal-room, /pricing, /sales-operations, /attribution-analytics","limitation":"Conversion proof is operating evidence, not customer revenue guarantee.","nextAction":"Keep every opportunity source, buyer segment, offer, and next action tagged."},{"name":"Unit economics and board metrics","owner":"Finance + protected operator metrics owner","status":"operator-required","capability":"Collect no-PHI operator metrics, board scorecards, rollups, and methodology gates in protected workspaces.","proof":"/public-market-readiness and /pilot-workspace/access","limitation":"Protected metrics are not audited financial statements.","nextAction":"Use AAL2 protected capture for real operating metrics and preserve methodology notes."},{"name":"Security and compliance review packet","owner":"Security + legal + qualified external reviewers","status":"external-review-required","capability":"Package provider security reviews, procurement evidence routing, and approval tracks.","proof":"/approvals-readiness and /pilot-workspace/access","limitation":"Readiness packet is not security certification or legal approval.","nextAction":"Retain qualified reviewers before enterprise assurance language expands."},{"name":"Customer reference and public proof permission","owner":"Buyer Diligence + Release Steward + counsel","status":"external-review-required","capability":"Use release-control chain before any customer-specific evidence, logo, case study, or testimonial is shared.","proof":"/buyer-release-control-run","limitation":"No public customer proof is allowed without explicit approval and retained release evidence.","nextAction":"Keep distribution lockbox disabled until reviewer signoffs and recipient/access controls exist."},{"name":"Offer packaging and pricing discipline","owner":"Enterprise sales + product","status":"active","capability":"Keep assessments, pilots, governance audits, blueprints, protected pilots, and strategic partnerships packaged.","proof":"/pricing","limitation":"Pricing is non-binding and does not imply production authority or procurement acceptance.","nextAction":"Use fixed scopes and clear upgrade paths to protect margin and reduce buyer ambiguity."},{"name":"Competitive edge proof refresh","owner":"Founder + market activation + source intelligence","status":"active","capability":"Maintain moat signals as proof-backed operating claims rather than broad market assertions.","proof":"/competitive-edge, /source-intelligence, /market-activation","limitation":"Competitive positioning cannot imply third-party endorsement, partnership, certification, or guaranteed outcomes.","nextAction":"Refresh proof routes when product capabilities or external review posture changes."},{"name":"Legal and securities review","owner":"Founder + qualified counsel","status":"external-review-required","capability":"Separate operating readiness from fundraising solicitation, securities material, valuation, and investor advice.","proof":"/capital-vitality and /public-market-readiness","limitation":"SCRIMED cannot self-authorize investment materials or securities offering language.","nextAction":"Run any investor solicitation, SAFE/equity note, valuation, or offering deck through counsel."}],"proofRoutes":["/product","/pilot-deal-room","/pilots","/pricing","/pilot","/sales-operations","/approvals-readiness","/boundary-resolution","/clinical-authority-readiness","/trust-center","/agents","/workflows","/healthcare-intelligence-os","/interoperability","/pilot-workspace/access","/buyer-release-control-run","/trust-safety-operations","/qa-claim-guard","/claims","/deployment-profiles","/global-reach","/market-activation","/interoperability/evaluations","/integrations","/synthetic/validation","/atlas","/trust-os","/api/product/console","/trust","/source-intelligence","/workflows/results","/qa-buyer-proof-release","/service-reliability","/navigation","/release-continuity","/api/navigation-audit","/api/navigation-audit/brief","/public-market-readiness","/api/public-market-readiness","/integrations/fixture-validation","/attribution-analytics","/capital-vitality","/","/hub","/qa-aal2-run-evidence","/qa-manual-execution-console","/api/capital-vitality/brief","/public-market-readiness and /pilot-workspace/access","/approvals-readiness and /pilot-workspace/access","/competitive-edge","/capital-vitality and /public-market-readiness"],"nextCapitalMove":"Use Capital Vitality as the executive growth lane: sell packaged synthetic and governance offers now, keep protected buyer/funding proof gated through AAL2 and release controls, refresh moat evidence before claims expand, and route any fundraising, valuation, securities, legal, reimbursement, security, PHI, or live-care claim through qualified external review.","updated":"2026-06-24"},"growthEngineSummary":{"service":"scrimed-commercial-growth-engine","route":"/growth-engine","apiRoute":"/api/growth-engine","briefRoute":"/api/growth-engine/brief","status":"commercial-growth-engine-active","briefStatus":"commercial-growth-engine-brief-ready-no-revenue-guarantee","boundary":"SCRIMED Commercial Growth Engine organizes buyer segments, sellable offers, revenue motions, proof routes, conversion actions, bottlenecks, and retained approval gates for synthetic evaluations, readiness assessments, and protected enterprise pilots. It is growth execution readiness only. It is not a customer revenue guarantee, investment advice, securities offering material, audited financial reporting, valuation assurance, legal advice, tax advice, reimbursement assurance, procurement approval, customer permission, security certification, regulatory approval, PHI processing approval, production connector approval, or live clinical care authorization.","growthPlayCount":6,"executeNowPlayCount":2,"packageNextPlayCount":2,"protectedGatedPlayCount":1,"externalReviewPlayCount":1,"conversionLaneCount":4,"proofLadderStepCount":5,"growthBottleneckCount":4,"operatorRequiredBottleneckCount":1,"protectedGatedBottleneckCount":1,"externalReviewBottleneckCount":1,"proofRouteCount":25,"allProofRoutes":["/pricing","/product","/demos","/pilot","/sales-operations","/capital-vitality","/pilots","/pilot-deal-room","/evaluation","/approvals-readiness","/boundary-resolution","/qa-claim-guard","/trust-center","/buyer-release-control-run","/pilot-workspace/access","/global-reach","/deployment-profiles","/market-activation","/public-market-readiness","/workflows/results","/atlas","/growth-engine","/healthcare-intelligence-os","/qa-evidence","/clinical-authority-readiness"],"sourceCounts":{"pricingTierCount":6,"salesMotionStepCount":5,"valueMetricCount":5,"revenueStreamCount":5,"targetAudienceCount":8,"capitalRevenueCapabilityCount":8,"moatSignalCount":9,"investorMilestoneCount":8,"fundingWorkstreamCount":8,"publicMarketMetricCount":10,"publicMarketCustomerProofStageCount":5,"dealRoomStageCount":6},"authority":{"dataBoundary":"synthetic-only","revenueAuthority":"not-revenue-guarantee","investmentAdvice":"not-investment-advice","securitiesAuthority":"not-securities-offering-material","financialAuthority":"not-audited-financial-report","valuationAuthority":"not-valuation-assurance","approvalAuthority":"external-review-required","phiAuthority":"not-authorized-production-phi","clinicalCareAuthority":"not-authorized-live-care","securityCertification":"not-security-certified"},"nextGrowthMove":"Run founder-led assessment and synthetic-pilot outreach from /growth-engine, attach each conversation to one proof route, keep buyer-specific evidence protected, and route revenue, securities, legal, tax, valuation, reimbursement, PHI, security, connector, and live-care claims through retained external gates.","growthPlays":[{"name":"Founder-led assessment sprint","status":"execute-now","buyerSegment":"Health system operations, access, documentation, transformation, and revenue-cycle leaders","primaryOffer":"Workflow Intelligence Assessment","revenueMotion":"Convert warm executive conversations into paid fixed-scope assessments with one to three workflow targets.","commercialEvidence":"Pricing, market activation, product console, demos, pilot intake, and sales operations already support this motion.","proofRoutes":["/pricing","/product","/demos","/pilot","/sales-operations"],"owner":"Founder + enterprise sales","blockedBoundary":"No PHI, no live clinical execution, no savings guarantee, and no medical advice.","nextAction":"Run a weekly sponsor list, route qualified buyers to Pilot Intake, and package each call around one workflow pain plus one proof route."},{"name":"Synthetic Atlas pilot pipeline","status":"execute-now","buyerSegment":"Enterprise sponsors ready to test governed workflow intelligence before integration","primaryOffer":"Synthetic Pilot Evaluation","revenueMotion":"Move qualified assessment or demo interest into a 45 to 90 day synthetic pilot with success metrics and proof packets.","commercialEvidence":"Capital Vitality, Pilot Programs, Pilot Deal Room, and AgentOS evaluation make the synthetic pilot inspectable.","proofRoutes":["/capital-vitality","/pilots","/pilot-deal-room","/evaluation"],"owner":"Founder + sales engineering","blockedBoundary":"Synthetic-only evidence until buyer-specific approvals, security review, and governance gates are retained.","nextAction":"Use the Deal Room to frame pilot scope, review team, synthetic packet, decision metric, and protected workspace path."},{"name":"AI governance audit wedge","status":"package-next","buyerSegment":"Compliance, legal, privacy, security, clinical governance, and innovation leaders","primaryOffer":"AI Readiness + Governance Audit","revenueMotion":"Sell governance readiness as a paid entry point for teams under pressure to control healthcare AI adoption.","commercialEvidence":"Approvals Readiness, Boundary Resolution, Claim Guard, Trust Center, and Service Reliability show operating discipline.","proofRoutes":["/approvals-readiness","/boundary-resolution","/qa-claim-guard","/trust-center"],"owner":"Founder + trust operations","blockedBoundary":"Readiness audit is not HIPAA certification, SOC 2 certification, HITRUST certification, legal approval, or FDA clearance.","nextAction":"Create counsel-reviewable sales language and keep every certification or regulatory phrase behind external-review gates."},{"name":"Protected buyer diligence upgrade","status":"protected-gated","buyerSegment":"Procurement, security, investor diligence, and executive buying committees","primaryOffer":"Protected Buyer Diligence Room","revenueMotion":"Attach paid diligence packaging to enterprise pilot pursuits once buyer-specific evidence needs are known.","commercialEvidence":"Buyer Release Control Runbook, protected workspace, evidence-room routing, and distribution lockbox readiness exist.","proofRoutes":["/buyer-release-control-run","/pilot-workspace/access","/pilot-deal-room"],"owner":"Buyer diligence + release steward","blockedBoundary":"External sharing stays blocked until release decisions, reviewer signoffs, recipient controls, access logs, and customer permission are retained.","nextAction":"Keep diligence packaging metadata-only until buyer-approved storage, access review, DLP, retention, and legal hold controls exist."},{"name":"Public-sector and global partner program","status":"external-review-required","buyerSegment":"Government health systems, sovereign programs, public-sector buyers, and qualified channel partners","primaryOffer":"Strategic Platform Partnership","revenueMotion":"Use global buyer packs and deployment profiles to scope strategic programs before procurement or regional claims expand.","commercialEvidence":"Global Reach, Deployment Profiles, Market Activation, and Public Market Readiness encode the strategic partnership path.","proofRoutes":["/global-reach","/deployment-profiles","/market-activation","/public-market-readiness"],"owner":"Founder + strategic partnerships + qualified reviewers","blockedBoundary":"No regional legal approval, public-sector procurement approval, data-residency approval, or government endorsement claim.","nextAction":"Pair every regional or public-sector conversation with qualified legal, privacy, security, procurement, and deployment review."},{"name":"Revenue-cycle proof wedge","status":"package-next","buyerSegment":"Payer, provider, and revenue-cycle leaders with denial, authorization, and documentation friction","primaryOffer":"Revenue workflow synthetic pilot","revenueMotion":"Position denial-risk, missing-evidence, and policy-friction workflows as measurable synthetic pilots before buyer data exposure.","commercialEvidence":"Public Market KPI definitions, workflow result packets, pricing value metrics, and Atlas evidence routes support the wedge.","proofRoutes":["/public-market-readiness","/workflows/results","/pricing","/atlas"],"owner":"Founder + product + sales engineering","blockedBoundary":"No final billing action, no payer submission, no reimbursement guarantee, and no audited financial impact claim.","nextAction":"Package a no-PHI demonstration around one denial or prior-authorization support workflow and one buyer-approved value metric."}],"conversionLanes":[{"source":"Founder network and direct executive outreach","buyerTrigger":"Visible operational pain, AI governance pressure, or transformation mandate","entryRoute":"/product","proofRoute":"/pilot-deal-room","conversionEvent":"Pilot Intake submitted with named sponsor and workflow scope","followUp":"Route to Sales Operations and schedule assessment or synthetic-pilot scoping.","disqualifiers":["Requires PHI in first call","Wants autonomous clinical decisions","No executive or operational sponsor"]},{"source":"Product-led proof review","buyerTrigger":"Buyer inspects demos, pricing, Trust Center, and proof routes before contacting SCRIMED","entryRoute":"/demos","proofRoute":"/pricing","conversionEvent":"Buyer asks for pilot pricing, workflow evidence, or governance packet","followUp":"Send assessment/pilot framing with no-PHI boundary and buyer-specific questions.","disqualifiers":["Requests unsupported compliance claims","Needs immediate production connector"]},{"source":"Governance and security review","buyerTrigger":"AI risk, vendor diligence, BAA/DPA planning, claims control, or board scrutiny","entryRoute":"/trust-center","proofRoute":"/approvals-readiness","conversionEvent":"Buyer asks for governance audit, evidence room, or protected pilot controls","followUp":"Offer AI Readiness + Governance Audit and map required external-review domains.","disqualifiers":["Wants certification without external audit","Rejects human-review or no-PHI boundaries"]},{"source":"Investor, board, and advisor diligence","buyerTrigger":"Category, moat, unit economics, customer proof, or growth strategy review","entryRoute":"/capital-vitality","proofRoute":"/growth-engine","conversionEvent":"Reviewer asks for operating cadence, proof ladder, or commercial priorities","followUp":"Share readiness-only brief and route securities, valuation, legal, or tax questions to qualified advisors.","disqualifiers":["Requests investment advice","Requests fundraising materials without counsel review"]}],"revenueProofLadder":[{"stage":"Public proof","commercialQuestion":"Can the buyer understand what SCRIMED is and why it is different?","answer":"Use Product Console, Healthcare Intelligence OS, demos, Trust Center, and Capital Vitality.","metric":"Qualified buyer moves to intake or executive review.","proofRoutes":["/product","/healthcare-intelligence-os","/demos","/trust-center","/capital-vitality"],"status":"ready","retainedGate":"No public customer, clinical, revenue, securities, or certification overclaim."},{"stage":"Paid assessment","commercialQuestion":"Can SCRIMED sell a bounded first engagement without live data exposure?","answer":"Use Workflow Intelligence Assessment with no-PHI scope, buyer baseline questions, and governance review.","metric":"Assessment sponsor, workflow scope, and decision criteria retained.","proofRoutes":["/pricing","/pilot","/sales-operations"],"status":"ready","retainedGate":"No PHI, no medical advice, no guaranteed savings."},{"stage":"Synthetic pilot","commercialQuestion":"Can SCRIMED prove workflow value through governed synthetic evidence?","answer":"Use Synthetic Atlas Pilot, AgentOS evaluation, workflow results, QA proof, and Deal Room packaging.","metric":"Synthetic work packet complete with reviewable outcome, Trust Card, and buyer decision route.","proofRoutes":["/pilots","/evaluation","/workflows/results","/qa-evidence","/pilot-deal-room"],"status":"measurement-required","retainedGate":"Buyer-approved metrics before external value claims."},{"stage":"Protected enterprise pilot","commercialQuestion":"Can the buyer safely move from synthetic proof into controlled protected evaluation?","answer":"Use protected workspace, release-control chain, authority readiness, provider security review, and procurement evidence routing.","metric":"Protected workspace and no-PHI packet controls active with retained AAL2 operator proof.","proofRoutes":["/pilot-workspace/access","/buyer-release-control-run","/clinical-authority-readiness"],"status":"protected-gated","retainedGate":"AAL2, external approvals, buyer permission, legal/privacy/security gates, and no-PHI evidence rules."},{"stage":"Enterprise license","commercialQuestion":"Can SCRIMED expand into annual operating value after protected validation?","answer":"Use deployment profiles, public-market KPI discipline, finance methodology gates, and board scorecards.","metric":"Buyer-approved operating value, security posture, implementation scope, and license owner.","proofRoutes":["/deployment-profiles","/public-market-readiness","/pilot-workspace/access"],"status":"external-review-required","retainedGate":"Customer contracts, security review, legal approval, connector approval, and production authority."}],"growthBottlenecks":[{"name":"Founder-led selling is still the fastest path","status":"operator-required","impact":"SCRIMED has proof depth, but early enterprise conversion still needs direct founder narrative and qualification.","workaround":"Run weekly target-account review, use Pilot Intake for every qualified call, and keep proof routes attached to each follow-up.","graduationGate":"Repeatable source-to-pilot conversion cohorts in Attribution Analytics.","owner":"Founder + sales operations"},{"name":"Buyer proof cannot outrun retained approvals","status":"protected-gated","impact":"The strongest enterprise proof is protected and cannot be shared publicly without release controls.","workaround":"Use metadata-only public summaries and route buyer-specific artifacts through protected release-control and distribution lockbox gates.","graduationGate":"Release decisions, reviewer signoffs, recipient controls, and customer permission retained.","owner":"Release steward + buyer diligence"},{"name":"Revenue impact claims require buyer baselines","status":"contained","impact":"Revenue-cycle value is compelling, but unsupported revenue claims can create legal, reimbursement, or investor risk.","workaround":"Frame revenue impact as buyer-reviewed operational signal until protected buyer methodology and finance review exist.","graduationGate":"Buyer-approved baseline, finance methodology gate, and counsel-reviewed external-use language.","owner":"Founder + finance reviewers"},{"name":"Fundraising and investor materials need counsel review","status":"external-review-required","impact":"Capital readiness can be mistaken for offering material or investment advice.","workaround":"Keep public routes readiness-only and route fundraising decks, valuation, securities language, tax, and legal questions through qualified counsel.","graduationGate":"Approved investor materials, controlled data-room process, and qualified securities counsel review.","owner":"Founder + qualified counsel"}],"capitalVitalitySummary":{"service":"scrimed-capital-vitality","route":"/capital-vitality","apiRoute":"/api/capital-vitality","briefRoute":"/api/capital-vitality/brief","status":"capital-vitality-revenue-funding-readiness-active","briefStatus":"capital-vitality-brief-ready-no-securities-offer","fundingVitalityPosture":"investor-ready-readiness-materials-no-securities-offer","boundary":"SCRIMED Capital Vitality organizes revenue capabilities, competitive moat evidence, investor-readiness milestones, funding workstreams, and retained external-review gates. It strengthens commercial execution and diligence readiness, but it is not investment advice, securities offering material, audited financial reporting, valuation assurance, legal advice, tax advice, reimbursement assurance, customer revenue guarantee, security certification, regulatory approval, PHI processing approval, production connector approval, or live clinical care authorization.","authority":{"dataBoundary":"synthetic-only","financialAuthority":"not-audited-financial-report","securitiesAuthority":"not-securities-offering-material","investmentAdvice":"not-investment-advice","valuationAuthority":"not-valuation-assurance","reimbursementAuthority":"no-reimbursement-guarantee","approvalAuthority":"external-review-required","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","securityCertification":"not-security-certified"},"sourceAlignment":{"pageRouteCount":164,"apiRoutePatternCount":439,"smokeCoveredHtmlRouteCount":76,"commercialPricingStatus":"pricing-and-sales-motion-ready","marketActivationStatus":"revenue-message-comms-foundation-ready","publicMarketReadinessStatus":"capital-efficiency-kpi-stack-ready","salesDealRoomStatus":"public-organization-and-protected-packet-ready","serviceReliabilityStatus":"service-reliability-hardening-active"},"revenueCapabilityCount":8,"activeRevenueCapabilityCount":2,"packagedRevenueCapabilityCount":3,"protectedGatedRevenueCapabilityCount":2,"externalReviewRevenueCapabilityCount":1,"moatSignalCount":9,"highMoatSignalCount":4,"investorMilestoneCount":8,"readyInvestorMilestoneCount":4,"externalReviewMilestoneCount":2,"operatorRequiredMilestoneCount":1,"fundingWorkstreamCount":8,"activeFundingWorkstreamCount":3,"externalReviewWorkstreamCount":3,"retainedExternalReviewCount":5,"proofRouteCount":51,"revenueCapabilities":[{"name":"Synthetic Atlas Pilot","buyer":"Health systems, payers, public-sector health teams, and enterprise innovation sponsors","status":"packaged","revenueMotion":"30 to 90 day governed synthetic pilot with executive findings and production-readiness gates.","priceLogic":"Packaged as a premium fixed-fee pilot before any protected enterprise or production-license commitment.","proofRoutes":["/product","/pilot-deal-room","/pilots","/pricing"],"limitation":"Pilot evidence remains synthetic or protected-evaluation only until buyer-specific live controls are approved.","nextAction":"Use the Deal Room and Pilot Intake to qualify sponsor, workflow scope, review team, and success metrics."},{"name":"Workflow Intelligence Assessment","buyer":"Clinical operations, access, revenue cycle, documentation, and transformation leaders","status":"active","revenueMotion":"Short paid assessment that maps workflow friction, AI readiness, governance gaps, and pilot candidates.","priceLogic":"Fixed-scope assessment with clear upgrade path into Synthetic Atlas Pilot.","proofRoutes":["/pricing","/product","/pilot","/sales-operations"],"limitation":"Findings are operational intelligence for human leaders, not medical, legal, reimbursement, or accounting advice.","nextAction":"Keep assessment outputs tied to proof routes, governance gates, and buyer-approved baselines."},{"name":"AI Readiness + Governance Audit","buyer":"Compliance, security, legal, clinical governance, innovation, and executive sponsors","status":"packaged","revenueMotion":"Readiness engagement for claims control, privacy posture, auditability, role controls, runtime safety, and approval gates.","priceLogic":"Assessment fee that can expand into protected pilot controls and enterprise diligence work.","proofRoutes":["/approvals-readiness","/boundary-resolution","/clinical-authority-readiness","/trust-center"],"limitation":"Readiness audit does not certify HIPAA, SOC 2, HITRUST, FDA, ONC, security posture, or legal compliance.","nextAction":"Route any certification, regulatory, or legal claim through qualified external reviewers."},{"name":"Clinical Operations Automation Blueprint","buyer":"Hospitals, clinics, payers, and public-sector health programs planning phased automation","status":"packaged","revenueMotion":"Blueprint package for agent responsibilities, connector plan, review queues, safety controls, and staged deployment path.","priceLogic":"Strategy and implementation-planning package that precedes protected pilot or enterprise license.","proofRoutes":["/agents","/workflows","/healthcare-intelligence-os","/interoperability"],"limitation":"Blueprint remains review-only and does not authorize live clinical workflow execution or production connectors.","nextAction":"Translate each automation candidate into blocked actions, human checkpoints, and audit evidence."},{"name":"Protected Buyer Diligence Rooms","buyer":"Enterprise buyers, procurement, security reviewers, investor diligence teams, and executive sponsors","status":"protected-gated","revenueMotion":"Paid buyer-specific diligence packaging with proof packets, release controls, and metadata-only evidence routing.","priceLogic":"Bundled into enterprise pilot/procurement motion; future premium service when release authority is retained.","proofRoutes":["/pilot-workspace/access","/buyer-release-control-run","/pilot-deal-room"],"limitation":"External sharing remains blocked until release decisions, reviewer signoffs, recipient controls, and access-log reconciliation are retained.","nextAction":"Complete the protected release-control chain before any buyer-specific external distribution."},{"name":"TrustOps Incident And Claims Control","buyer":"Enterprise risk, legal, security, marketing, buyer diligence, and operator teams","status":"active","revenueMotion":"Trust, safety, claims, and incident-readiness support for enterprise AI operations and buyer confidence.","priceLogic":"Packaged as governance support attached to pilots and enterprise readiness work.","proofRoutes":["/trust-safety-operations","/qa-claim-guard","/claims","/trust-center"],"limitation":"Operating model does not create managed 24/7 coverage, legal approval, public-claim approval, or certification by itself.","nextAction":"Keep buyer, investor, PR, advertising, and operator claims routed through Claim Guard before publication."},{"name":"Deployment Profile Advisory","buyer":"Security-sensitive hospitals, governments, sovereign programs, and infrastructure partners","status":"external-review-required","revenueMotion":"Advisory package for managed cloud, private cloud, hospital-controlled, sovereign, and edge deployment readiness.","priceLogic":"Premium planning motion that can expand into strategic platform partnership after legal/security review.","proofRoutes":["/deployment-profiles","/global-reach","/market-activation","/interoperability"],"limitation":"Deployment profiles do not grant regional approval, data-residency approval, security certification, or procurement acceptance.","nextAction":"Attach qualified regional legal, privacy, security, and procurement review before external claims expand."},{"name":"Interoperability Conformance Readiness","buyer":"IT, interoperability, EHR, payer, research, and device-integration reviewers","status":"protected-gated","revenueMotion":"Conformance-readiness engagement around standards mapping, fixtures, synthetic tests, and live connector prerequisites.","priceLogic":"Technical diligence package that supports pilots and future implementation scope.","proofRoutes":["/interoperability","/interoperability/evaluations","/integrations","/synthetic/validation"],"limitation":"Synthetic conformance evidence is not live connector certification, trading-partner acceptance, or production data exchange authority.","nextAction":"Keep live connector claims blocked until buyer, legal, security, privacy, and partner approvals exist."}],"competitiveMoatSignals":[{"name":"Healthcare Intelligence OS category position","strength":"high","evidence":"SCRIMED combines AgentOS, Atlas Intelligence Core, TrustOS, workflows, interoperability, and buyer diligence into one healthcare operations layer.","proofRoutes":["/healthcare-intelligence-os","/product","/agents","/atlas"],"defendability":"The moat is domain workflow orchestration plus trust evidence, not general model access.","retainedBoundary":"Architecture proof is not production authorization or clinical validation."},{"name":"TrustOS and Claim Guard discipline","strength":"high","evidence":"Policy evaluation, claim control, blocked authority language, and no-authority headers are embedded across high-risk routes.","proofRoutes":["/trust-os","/qa-claim-guard","/claims","/api/product/console"],"defendability":"Healthcare buyers need governed explainability, boundaries, and audit posture before automation scale.","retainedBoundary":"Trust controls are readiness evidence, not legal advice or compliance certification."},{"name":"Atlas evidence and Trust Cards","strength":"high","evidence":"Evidence routes, Trust Cards, source intelligence, and workflow result packets create inspectable support for buyer review.","proofRoutes":["/atlas","/trust","/source-intelligence","/workflows/results"],"defendability":"Evidence-backed workflow outputs are harder to copy than a model wrapper.","retainedBoundary":"Evidence organization does not guarantee clinical outcome, reimbursement, or customer revenue."},{"name":"Protected buyer release-control chain","strength":"high","evidence":"Buyer release decisions, reviewer signoffs, disabled distribution lockbox controls, recipient controls, and access-log reconciliation are staged before external sharing.","proofRoutes":["/buyer-release-control-run","/pilot-workspace/access","/qa-buyer-proof-release"],"defendability":"Enterprise diligence friction becomes a managed product capability.","retainedBoundary":"Release-control readiness is not release approval or customer permission."},{"name":"Service Reliability fault/control map","strength":"medium","evidence":"Product/service controls, fault classes, efficiency improvements, open gates, and owners are inspectable before claims expand.","proofRoutes":["/service-reliability","/navigation","/release-continuity"],"defendability":"Operational maturity compounds as every new surface inherits route, smoke, and boundary checks.","retainedBoundary":"Reliability hardening is not security certification or approval authority."},{"name":"Public route and smoke discipline","strength":"medium","evidence":"Navigation Audit ties page inventory, API pattern count, route groups, smoke coverage, and protected fail-closed behavior together.","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"defendability":"Route-count controls reduce drift as the product surface grows.","retainedBoundary":"Route control does not prove protected happy-path execution."},{"name":"Public Market KPI and protected board metric ladder","strength":"medium","evidence":"KPI definitions, unit-economics packages, protected operator metrics, board scorecards, and finance methodology gates are mapped.","proofRoutes":["/public-market-readiness","/api/public-market-readiness","/pilot-workspace/access"],"defendability":"Operating metrics connect product usage, workflow value, and governance proof for diligence.","retainedBoundary":"KPI readiness is not audited financial reporting, valuation assurance, or securities material."},{"name":"Interoperability-first synthetic validation","strength":"medium","evidence":"Standards registry, fixture validation, conformance evaluations, and synthetic workflow validation are visible before live integration.","proofRoutes":["/interoperability","/interoperability/evaluations","/integrations/fixture-validation"],"defendability":"Healthcare integration readiness is encoded as a repeatable evidence system.","retainedBoundary":"Synthetic validation does not approve live connectors or PHI ingestion."},{"name":"Commercial packaging and sales operations linkage","strength":"watch","evidence":"Pricing tiers, pilot programs, Deal Room, Sales Operations, attribution, and buyer workspaces are connected.","proofRoutes":["/pricing","/pilot-deal-room","/sales-operations","/attribution-analytics"],"defendability":"Revenue operations become inspectable and tied to proof instead of ad hoc founder selling.","retainedBoundary":"Sales packaging does not guarantee conversion, revenue, customer permission, or procurement approval."}],"investorReadinessMilestones":[{"name":"Category narrative packaged","status":"ready","investorQuestion":"What is SCRIMED building that is bigger than a feature?","evidence":"Healthcare Intelligence OS, public product console, and public-market thesis are live.","proofRoutes":["/healthcare-intelligence-os","/product","/public-market-readiness"],"fundingImpact":"Improves narrative clarity and makes the company easier to diligence.","retainedBoundary":"Narrative is operating posture, not an investment recommendation."},{"name":"Revenue streams mapped","status":"ready","investorQuestion":"How can SCRIMED make money before production clinical authority?","evidence":"Assessments, synthetic pilots, governance audits, blueprints, diligence rooms, and advisory work are packaged.","proofRoutes":["/capital-vitality","/pricing","/market-activation"],"fundingImpact":"Shows near-term non-PHI, synthetic, and review-only revenue paths.","retainedBoundary":"Revenue capability is not a sales forecast, audited result, or customer commitment."},{"name":"Proof stack deployed","status":"ready","investorQuestion":"Is the product real, inspectable, and deployed?","evidence":"Homepage, Hub, Product Console, Deal Room, APIs, briefs, smoke coverage, and production deployment exist.","proofRoutes":["/","/hub","/product","/pilot-deal-room"],"fundingImpact":"Reduces demo risk and gives reviewers direct inspection paths.","retainedBoundary":"Public proof stack does not prove protected customer production execution."},{"name":"Unit economics framework","status":"in-progress","investorQuestion":"Can SCRIMED measure cost, margin, and value by offer?","evidence":"Public Market Readiness defines cost-per-workflow, gross margin by offer, protected operator metrics, and finance methodology gates.","proofRoutes":["/public-market-readiness","/pilot-workspace/access"],"fundingImpact":"Creates the operating skeleton for future board and investor reporting.","retainedBoundary":"Framework is not audited financial reporting, accounting advice, tax advice, or valuation assurance."},{"name":"Claims and approvals controls","status":"ready","investorQuestion":"Can SCRIMED grow without overclaiming regulated authority?","evidence":"Approvals Readiness, Boundary Resolution, Clinical Authority Readiness, and Claim Guard are active.","proofRoutes":["/approvals-readiness","/boundary-resolution","/clinical-authority-readiness","/qa-claim-guard"],"fundingImpact":"Improves credibility with regulated buyers and risk-aware investors.","retainedBoundary":"Controls do not replace counsel, security assessors, regulators, or buyer approvers."},{"name":"Protected AAL2 proof retained","status":"operator-required","investorQuestion":"Can SCRIMED prove authenticated protected workflows without leaking secrets?","evidence":"Protected Manual QA Evidence and Buyer Proof Release exist, with browser AAL2 session requirements.","proofRoutes":["/qa-aal2-run-evidence","/qa-manual-execution-console","/pilot-workspace/access"],"fundingImpact":"Creates a path from public demo proof into protected diligence proof.","retainedBoundary":"Protected happy-path proof requires approved human AAL2 operation and no token retention."},{"name":"Funding data room sequence","status":"external-review-required","investorQuestion":"Which documents can be shared externally and under what authority?","evidence":"Buyer release-control chain can be repurposed as a funding-review release-control checklist.","proofRoutes":["/buyer-release-control-run","/pilot-workspace/access","/qa-buyer-proof-release"],"fundingImpact":"Clarifies how investor materials move through review without uncontrolled distribution.","retainedBoundary":"Funding materials require counsel and do not become securities offering material by default."},{"name":"Security and compliance evidence path","status":"external-review-required","investorQuestion":"What must happen before enterprise production trust claims?","evidence":"Provider security review readiness, procurement evidence routing, and Approvals Readiness tracks are mapped.","proofRoutes":["/approvals-readiness","/pilot-workspace/access","/trust-center"],"fundingImpact":"Shows a credible path toward enterprise-grade assurance without premature claims.","retainedBoundary":"Security posture is not SOC 2, HITRUST, HIPAA, pentest, or BAA execution."}],"fundingVitalityWorkstreams":[{"name":"Investor narrative brief","owner":"Founder + Product Console","status":"packaged","capability":"Use Capital Vitality brief as the top-level investor and board diligence summary.","proof":"/api/capital-vitality/brief","limitation":"Brief is not securities offering material or investment advice.","nextAction":"Review with counsel before using in fundraising or investor solicitation."},{"name":"Pilot conversion proof","owner":"Sales operations + Buyer Diligence","status":"active","capability":"Tie Deal Room, pricing, pilot intake, sales operations, and attribution analytics into one conversion path.","proof":"/pilot-deal-room, /pricing, /sales-operations, /attribution-analytics","limitation":"Conversion proof is operating evidence, not customer revenue guarantee.","nextAction":"Keep every opportunity source, buyer segment, offer, and next action tagged."},{"name":"Unit economics and board metrics","owner":"Finance + protected operator metrics owner","status":"operator-required","capability":"Collect no-PHI operator metrics, board scorecards, rollups, and methodology gates in protected workspaces.","proof":"/public-market-readiness and /pilot-workspace/access","limitation":"Protected metrics are not audited financial statements.","nextAction":"Use AAL2 protected capture for real operating metrics and preserve methodology notes."},{"name":"Security and compliance review packet","owner":"Security + legal + qualified external reviewers","status":"external-review-required","capability":"Package provider security reviews, procurement evidence routing, and approval tracks.","proof":"/approvals-readiness and /pilot-workspace/access","limitation":"Readiness packet is not security certification or legal approval.","nextAction":"Retain qualified reviewers before enterprise assurance language expands."},{"name":"Customer reference and public proof permission","owner":"Buyer Diligence + Release Steward + counsel","status":"external-review-required","capability":"Use release-control chain before any customer-specific evidence, logo, case study, or testimonial is shared.","proof":"/buyer-release-control-run","limitation":"No public customer proof is allowed without explicit approval and retained release evidence.","nextAction":"Keep distribution lockbox disabled until reviewer signoffs and recipient/access controls exist."},{"name":"Offer packaging and pricing discipline","owner":"Enterprise sales + product","status":"active","capability":"Keep assessments, pilots, governance audits, blueprints, protected pilots, and strategic partnerships packaged.","proof":"/pricing","limitation":"Pricing is non-binding and does not imply production authority or procurement acceptance.","nextAction":"Use fixed scopes and clear upgrade paths to protect margin and reduce buyer ambiguity."},{"name":"Competitive edge proof refresh","owner":"Founder + market activation + source intelligence","status":"active","capability":"Maintain moat signals as proof-backed operating claims rather than broad market assertions.","proof":"/competitive-edge, /source-intelligence, /market-activation","limitation":"Competitive positioning cannot imply third-party endorsement, partnership, certification, or guaranteed outcomes.","nextAction":"Refresh proof routes when product capabilities or external review posture changes."},{"name":"Legal and securities review","owner":"Founder + qualified counsel","status":"external-review-required","capability":"Separate operating readiness from fundraising solicitation, securities material, valuation, and investor advice.","proof":"/capital-vitality and /public-market-readiness","limitation":"SCRIMED cannot self-authorize investment materials or securities offering language.","nextAction":"Run any investor solicitation, SAFE/equity note, valuation, or offering deck through counsel."}],"proofRoutes":["/product","/pilot-deal-room","/pilots","/pricing","/pilot","/sales-operations","/approvals-readiness","/boundary-resolution","/clinical-authority-readiness","/trust-center","/agents","/workflows","/healthcare-intelligence-os","/interoperability","/pilot-workspace/access","/buyer-release-control-run","/trust-safety-operations","/qa-claim-guard","/claims","/deployment-profiles","/global-reach","/market-activation","/interoperability/evaluations","/integrations","/synthetic/validation","/atlas","/trust-os","/api/product/console","/trust","/source-intelligence","/workflows/results","/qa-buyer-proof-release","/service-reliability","/navigation","/release-continuity","/api/navigation-audit","/api/navigation-audit/brief","/public-market-readiness","/api/public-market-readiness","/integrations/fixture-validation","/attribution-analytics","/capital-vitality","/","/hub","/qa-aal2-run-evidence","/qa-manual-execution-console","/api/capital-vitality/brief","/public-market-readiness and /pilot-workspace/access","/approvals-readiness and /pilot-workspace/access","/competitive-edge","/capital-vitality and /public-market-readiness"],"nextCapitalMove":"Use Capital Vitality as the executive growth lane: sell packaged synthetic and governance offers now, keep protected buyer/funding proof gated through AAL2 and release controls, refresh moat evidence before claims expand, and route any fundraising, valuation, securities, legal, reimbursement, security, PHI, or live-care claim through qualified external review.","updated":"2026-06-24"},"marketActivationSummary":{"service":"scrimed-market-activation","status":"revenue-message-comms-foundation-ready","route":"/market-activation","apiRoute":"/api/market-activation","boundary":"SCRIMED market activation governs revenue, messaging, public relations, communications, advertising, and target-audience strategy for synthetic evaluations, readiness assessments, and protected pilots. It does not authorize medical claims, compliance certification claims, live clinical execution, payer submission, or patient outreach.","revenueStreamCount":5,"targetAudienceCount":8,"communicationsChannelCount":5,"advertisingCampaignCount":3,"faithCoreProgramCount":2,"revenueStreams":[{"name":"Workflow Intelligence Assessment","status":"ready-for-controlled-use","buyer":"Hospitals, clinics, payers, and healthcare transformation leaders with visible operational friction.","offer":"Fixed-fee workflow mapping, AI readiness, governance review, and executive decision packet.","priceSignal":"$50k floor; typical $75k-$150k.","conversionPath":"Official website -> Product Console -> Pilot Intake -> Sales Operations -> assessment invitation.","proofRoute":"/pricing","owner":"Enterprise sales","guardrails":["Do not request PHI.","Do not promise savings.","Frame findings as operational intelligence for human leaders."]},{"name":"Synthetic Pilot Evaluation","status":"ready-for-controlled-use","buyer":"Enterprise teams ready to test SCRIMED against synthetic workflows before integration.","offer":"45-90 day governed synthetic pilot with AgentOS, Atlas Trust Cards, proof packets, and observability.","priceSignal":"$150k floor; typical $200k-$500k.","conversionPath":"Demo Center -> Pilot Program -> no-PHI intake -> governance pack -> protected workspace planning.","proofRoute":"/pilots","owner":"Sales engineering and delivery","guardrails":["Synthetic data only.","No diagnosis, treatment, payer submission, or patient outreach.","Pilot metrics are directional business evidence."]},{"name":"Protected Enterprise Pilot","status":"approval-required","buyer":"Large health systems, payers, employers, and public-sector programs preparing controlled deployment.","offer":"Tenant-authenticated workspace, durable audit, activation governance, role-based review, and deployment profile planning.","priceSignal":"$750k floor; typical $1M-$2.5M.","conversionPath":"Synthetic pilot proof -> security/legal/privacy review -> protected workspace -> enterprise license proposal.","proofRoute":"/pilot-workspace","owner":"Enterprise sales, security, privacy, and implementation","guardrails":["Requires legal, privacy, security, and governance review.","Live PHI requires written approval and appropriate agreements.","Human review remains required."]},{"name":"Annual Healthcare Intelligence OS License","status":"approval-required","buyer":"Multi-site organizations expanding from one workflow to operating-layer adoption.","offer":"Annual platform access for AgentOS, Atlas, TrustOS, workflow modules, governance, observability, and support.","priceSignal":"$2.5M floor; enterprise range $3M-$12M+.","conversionPath":"Protected pilot -> value review -> deployment profile -> annual license -> expansion roadmap.","proofRoute":"/product","owner":"Executive enterprise sales","guardrails":["Separate platform license from implementation services.","Scope workflows, connectors, and support explicitly.","Do not imply unrestricted production permissions."]},{"name":"Strategic Platform Partnership","status":"external-review-required","buyer":"Governments, national programs, major payers, and strategic healthcare networks.","offer":"Multi-year healthcare intelligence infrastructure partnership with regional governance and deployment planning.","priceSignal":"$10M+ multi-year; national or ecosystem programs $25M+.","conversionPath":"Executive briefing -> sovereign/public-sector profile -> legal/procurement review -> strategic program.","proofRoute":"/deployment-profiles","owner":"Founder and strategic partnerships","guardrails":["No government approval claim.","Jurisdiction-specific legal and data-residency review required.","Public-sector claims must be reviewed before publication."]}],"targetAudiences":[{"segment":"Health system operations executives","priority":"primary","buyerTrigger":"Referral leakage, access delays, documentation burden, capacity strain, and fragmented work queues.","pain":"Operational teams lack decision-grade visibility across workflows before bottlenecks become expensive.","primaryOffer":"Workflow Intelligence Assessment","message":"SCRIMED transforms fragmented operational workflows into governed, human-reviewed intelligence that leaders can act on.","proofRoutes":["/product","/demos","/pilot-evidence"],"disqualifiers":["Buyer wants autonomous clinical decisions","Buyer requires live PHI in public intake"]},{"segment":"Payer and revenue cycle leaders","priority":"primary","buyerTrigger":"Denials, prior authorization friction, documentation gaps, and revenue leakage.","pain":"Administrative teams lose time and revenue when policy evidence and workflow risk are hard to see.","primaryOffer":"Synthetic Pilot Evaluation","message":"SCRIMED helps revenue and payer teams surface denial-risk, missing evidence, and policy friction through governed synthetic workflows.","proofRoutes":["/agents/revenue-cycle-agent","/workflows/results","/pricing"],"disqualifiers":["Buyer expects reimbursement guarantees","Buyer wants payer submission automation before approval"]},{"segment":"Security, privacy, legal, and governance buyers","priority":"primary","buyerTrigger":"AI adoption pressure, shadow AI risk, vendor diligence, BAA/DPA planning, and audit requirements.","pain":"Healthcare organizations need AI controls they can inspect before data exposure.","primaryOffer":"AI Readiness + Governance Audit","message":"SCRIMED gives healthcare AI buyers an inspectable trust layer with claims controls, audit trails, role boundaries, and activation governance.","proofRoutes":["/trust-center","/claims","/governance-packs"],"disqualifiers":["Buyer asks for compliance certification without audit","Buyer refuses human-review boundaries"]},{"segment":"Government and public-sector healthcare leaders","priority":"strategic","buyerTrigger":"National access, population health, sovereign data, workforce constraints, and digital transformation mandates.","pain":"Public systems need healthcare intelligence infrastructure that can be regionally governed and trusted.","primaryOffer":"Strategic Platform Partnership","message":"SCRIMED is building a healthcare intelligence infrastructure layer that can be evaluated with synthetic evidence before sovereign deployment decisions.","proofRoutes":["/deployment-profiles","/strategic-intelligence","/governance-packs"],"disqualifiers":["Buyer needs immediate public health reporting","Buyer requires jurisdictional approval before scoping"]},{"segment":"Life sciences and research operations leaders","priority":"strategic","buyerTrigger":"Trial matching delays, eligibility evidence gaps, oncology workflow friction, and research operations burden.","pain":"Research teams need explainable, reviewable operations intelligence without patient enrollment automation or treatment claims.","primaryOffer":"TrialCore Research Operations Synthetic Pilot","message":"SCRIMED can structure research operations evidence, eligibility gaps, and reviewer queues while keeping patient outreach, enrollment, and treatment recommendations gated.","proofRoutes":["/modules/trialcore","/demos/trialcore-research-operations","/global-reach"],"disqualifiers":["Buyer wants patient enrollment guarantees","Buyer bypasses research governance"]},{"segment":"Employers and benefits leaders","priority":"secondary","buyerTrigger":"Rising healthcare costs, access friction, care navigation gaps, and workforce health program complexity.","pain":"Employers need privacy-safe operational intelligence without becoming a medical decision-maker or exposing member data prematurely.","primaryOffer":"Workflow Intelligence Assessment","message":"SCRIMED helps employers evaluate access, navigation, and care-gap workflows through no-member-data assessment before any protected pilot.","proofRoutes":["/global-reach","/pilot-evidence","/trust-center"],"disqualifiers":["Buyer wants employee diagnosis","Buyer requires member data before agreements"]},{"segment":"Global channel partners and implementers","priority":"strategic","buyerTrigger":"Regional partners need differentiated healthcare AI infrastructure with trust, proof, and deployment readiness.","pain":"Partners need a credible operating layer and safe claims path before co-selling regulated healthcare AI.","primaryOffer":"Strategic Platform Partnership","message":"SCRIMED equips qualified partners with global buyer packs, deployment profiles, protected proof paths, and claims-safe regional positioning.","proofRoutes":["/global-reach","/deployment-profiles","/pilot-deal-room"],"disqualifiers":["Partner claims authorization without agreement","Partner lacks healthcare-grade security posture"]},{"segment":"Faith-aligned care, community, and patient-experience leaders","priority":"secondary","buyerTrigger":"Desire for dignity, trust, encouragement, spiritual support, and culturally sensitive patient experience.","pain":"Faith-aligned support is often disconnected from clinical safety, consent, and professional boundaries.","primaryOffer":"FaithCore Trust And Encouragement Layer","message":"FaithCore provides opt-in spiritual encouragement and dignity-centered trust support while keeping clinical judgment and emergency care with qualified professionals.","proofRoutes":["/faithcore","/operating-context","/trust-center"],"disqualifiers":["Buyer wants spiritual guidance to replace clinical care","Buyer does not accept opt-in consent boundaries"]}],"messageHouse":{"coreMessage":"SCRIMED is the governed healthcare intelligence operating layer that turns fragmented workflows into evidence-backed, human-reviewed operational intelligence.","positioning":"Not a chatbot, not an ambient scribe alone, and not a consulting wrapper. SCRIMED is an AI-native healthcare infrastructure platform for workflows, agents, interoperability, trust, and proof.","approvedProofPoints":["Governed synthetic pilots and enterprise evaluations are available now.","AgentOS, Atlas, TrustOS, protected workspaces, proof packets, and governance packs are inspectable in the product.","SCRIMED maintains clear boundaries: synthetic-only public flows, human review, no autonomous diagnosis, no payer submission, and no live clinical execution without approvals.","Global Reach maps regions, buyer packs, partner paths, procurement questions, and retained gates before international expansion claims scale.","Revenue value is measured through time saved, workflow friction reduced, documentation quality, denial-risk signals, access bottlenecks, and trust completeness."],"toneRules":["Use confident enterprise language without hype.","Lead with trust, outcomes, interoperability, and operational intelligence.","Use FaithCore only as opt-in dignity, encouragement, and trust support.","Separate vision from current capability."],"prohibitedClaims":["HIPAA certified","SOC 2 certified","FDA cleared","guaranteed revenue","guaranteed reimbursement","autonomous diagnosis","treats patients","government approved"]},"communicationsPlaybook":[{"channel":"Official website","status":"ready-for-controlled-use","audience":"Executives, buyers, advisors, investors, and partners.","message":"SCRIMED is the governed healthcare intelligence operating layer that turns fragmented workflows into evidence-backed, human-reviewed operational intelligence.","proofAsset":"/product","approvalGate":"Claims must match the public claims register before publishing."},{"channel":"Founder and investor narrative","status":"ready-for-controlled-use","audience":"Investors, advisors, strategic partners, and enterprise champions.","message":"SCRIMED is building the trusted healthcare intelligence infrastructure layer for global healthcare workflows.","proofAsset":"/strategic-intelligence","approvalGate":"Vision statements must remain separate from current sellable pilot capability."},{"channel":"Public relations","status":"approval-required","audience":"Healthcare business media, innovation leaders, community stakeholders, and ecosystem partners.","message":"SCRIMED is advancing governed AI for healthcare operations through synthetic pilots, trust controls, and interoperability-first product design.","proofAsset":"/trust-center","approvalGate":"Legal, privacy, brand, and claims-control review before distribution."},{"channel":"Enterprise sales outreach","status":"ready-for-controlled-use","audience":"Named healthcare executives and workflow owners.","message":"SCRIMED can run a governed synthetic evaluation of high-friction workflows before live data, production connectors, or clinical execution are considered.","proofAsset":"/pilot","approvalGate":"No PHI requests, no guarantees, and no compliance certification claims."},{"channel":"Incident, trust, and public response","status":"approval-required","audience":"Customers, public stakeholders, regulators, and partners where applicable.","message":"SCRIMED communicates boundaries, evidence, impact, and corrective actions through a documented trust and governance process.","proofAsset":"/claims","approvalGate":"Security, privacy, legal, and communications approval required."}],"advertisingCampaigns":[{"channel":"LinkedIn executive demand generation","status":"approval-required","targetAudience":"Health system operations, payer operations, revenue cycle, AI governance, and healthcare transformation executives.","objective":"Drive qualified enterprise pilot intake and assessment calls.","landingRoute":"/pilot","budgetPosture":"Start with controlled small-budget tests after abuse monitoring and claim review.","conversionEvent":"No-PHI pilot intake with boundary acknowledgement.","claimControl":"Use approved pilot, workflow, trust, and interoperability claims only.","blockedClaims":["clinical outcome guarantees","HIPAA certified","reimbursement guaranteed"]},{"channel":"Search advertising","status":"approval-required","targetAudience":"Buyers searching for healthcare AI governance, workflow automation, prior authorization AI, RCM AI, and interoperability readiness.","objective":"Capture high-intent buyer research and route to Product Console or Pilot Intake.","landingRoute":"/product","budgetPosture":"Delay scale until intake abuse controls, CRM routing, and campaign review are active.","conversionEvent":"Product console engagement or pilot intake.","claimControl":"Avoid disease, treatment, diagnosis, and guaranteed savings language.","blockedClaims":["diagnosis automation","patient treatment","guaranteed ROI"]},{"channel":"FaithCore community awareness","status":"approval-required","targetAudience":"Faith-aligned health leaders, patient-experience teams, community health organizations, and chaplaincy-adjacent stakeholders.","objective":"Position FaithCore as opt-in dignity and encouragement support with clear clinical boundaries.","landingRoute":"/faithcore","budgetPosture":"Use careful organic and partner-led education before paid campaigns.","conversionEvent":"FaithCore discovery call or enterprise trust assessment.","claimControl":"Spiritual encouragement only; no medical, mental health, emergency, or pastoral authority claims.","blockedClaims":["replaces clinician","replaces chaplain","heals","emergency support"]}],"faithCoreMarketPrograms":[{"name":"FaithCore Trust And Encouragement Layer","status":"ready-for-controlled-use","audience":"Opt-in patients, communities, and care teams that value spiritually aligned support.","message":"FaithCore supports dignity, hope, and trust while keeping clinical care, consent, and emergency decisions with qualified professionals.","useCase":"Patient-experience, community trust, culturally sensitive support, and whole-person encouragement.","revenueUse":"Add-on to patient-experience, community health, and faith-aligned enterprise pilots after governance review.","route":"/faithcore","boundaries":["Opt-in only","No diagnosis or treatment","No emergency guidance","No replacement for clinicians, chaplains, counselors, or professional care","Culturally sensitive and faith-aware, not coercive"]},{"name":"FaithCore Staff Resilience And Mission Alignment","status":"approval-required","audience":"Care teams and organizations seeking values-aligned reflection and encouragement.","message":"FaithCore can support values-based reflection and staff encouragement without becoming HR, clinical, or pastoral authority.","useCase":"Staff resilience pilots, mission-centered reflection, and ethical culture support.","revenueUse":"Enterprise add-on for organizations that explicitly opt into FaithCore programming.","route":"/faithcore","boundaries":["No employment advice","No mental health treatment","No coercive faith participation","Human leadership and professional support remain accountable"]}],"nextBuildStep":"Use Attribution Analytics to review source-to-pilot cohorts before scaling campaigns, then add tenant-admin export packets for board, investor, and enterprise pipeline reviews.","updated":"2026-06-15"},"commercialStrategySummary":{"service":"scrimed-commercial-strategy","route":"/pricing","apiRoute":"/api/commercial/pricing","status":"pricing-and-sales-motion-ready","recommendedModel":"Hybrid enterprise model: free public preview, paid assessment, paid synthetic pilot, protected enterprise pilot, annual platform license, and custom strategic partnerships.","recommendedAppDomain":"app.scrimedsolutions.com","boundary":"SCRIMED pricing and sales motions currently sell governed synthetic evaluations, readiness assessments, and protected enterprise pilots. Pricing does not imply live clinical execution, autonomous diagnosis, payer submission, reimbursement guarantees, or production medical-record processing.","productAccessRoutes":[{"surface":"Official Wix website","route":"https://www.scrimedsolutions.com","buyerIntent":"Brand discovery, credibility, founder story, high-level product education, and public contact capture.","owner":"SCRIMED marketing site"},{"surface":"Vercel app subdomain","route":"https://app.scrimedsolutions.com","buyerIntent":"Product console, AgentOS evaluation, pilot intake, pricing, trust, workflows, and enterprise proof stack.","owner":"SCRIMED product platform"},{"surface":"Product Console","route":"/product","buyerIntent":"Inspect sellable offers, workflow examples, proof stack, governance controls, and readiness brief.","owner":"Product and sales"},{"surface":"Demo Center","route":"/demos","buyerIntent":"Inspect executable product demos, proof routes, outcome signals, governance boundaries, and production exclusions.","owner":"Sales engineering and product"},{"surface":"Pilot Programs","route":"/pilots","buyerIntent":"Compare structured enterprise programs by duration, deliverables, inputs, metrics, gates, and engagement model.","owner":"Enterprise sales and delivery"},{"surface":"Pilot Deal Room","route":"/pilot-deal-room","buyerIntent":"Understand how SCRIMED moves from public product proof to sales opportunity, Buyer Pilot Room, audited packet, and paid pilot.","owner":"Enterprise sales and product"},{"surface":"AgentOS Evaluation Workspace","route":"/evaluation","buyerIntent":"Run a synthetic workflow packet through AgentOS and Atlas Trust Cards before a sales call.","owner":"Sales engineering"},{"surface":"Pilot Intake","route":"/pilot","buyerIntent":"Request an assessment, synthetic pilot, governance audit, or automation blueprint.","owner":"Enterprise sales"}],"pricingTiers":[{"name":"Public Product Preview","status":"public-preview","recommendedDisplayPrice":"Free public access","buyer":"Website visitors, investors, advisors, and early enterprise evaluators","entryCriteria":["No account required","No PHI or live data submitted","Buyer is learning SCRIMED's product category and trust posture"],"includes":["Product Console","AgentOS Evaluation Workspace using synthetic examples","Trust, workflow, pricing, and readiness surfaces","Downloadable readiness brief"],"successMetric":"Qualified buyer moves from education to pilot intake.","expansionPath":"Synthetic Pilot Evaluation","boundary":"Public preview is a product education surface, not a live clinical system.","primaryAction":{"label":"Open Product Console","href":"/product"}},{"name":"Workflow Intelligence Assessment","status":"sellable-now","recommendedDisplayPrice":"Standard $25k-$75k; mission-clinic access path $12.5k-$25k for one no-PHI workflow; enterprise assessment $75k-$150k","buyer":"Hospitals, clinics, payers, and transformation teams validating workflow opportunity before a pilot","entryCriteria":["Executive or operational sponsor identified","One to three workflows selected","Buyer can describe current process, constraints, and governance needs"],"includes":["Workflow friction map","AI readiness and governance review","Interoperability target map","AgentOS evaluation packet","Executive findings call"],"successMetric":"Buyer approves pilot scope, value hypothesis, and governance gates.","expansionPath":"Synthetic Pilot Evaluation or AI Readiness + Governance Audit","boundary":"Assessment produces operational intelligence for human leaders; it is not clinical advice.","primaryAction":{"label":"Book Assessment","href":"/pilot?offer=workflow-intelligence-assessment"}},{"name":"Synthetic Pilot Evaluation","status":"sellable-now","recommendedDisplayPrice":"Standard $125k-$350k for 45-90 days; $350k-$500k when multiple workflows, diligence, or executive proof packets expand scope","buyer":"Enterprise buyers who want to evaluate SCRIMED against synthetic workflows before live integration","entryCriteria":["Named sponsor and review team","Synthetic workflow packet approved","Pilot outcome metrics selected","No live PHI or production connector required"],"includes":["AgentOS orchestration for selected workflows","Atlas Trust Cards and evidence source mapping","Synthetic workflow result packets","Audit and observability report","Production-readiness decision register"],"successMetric":"Buyer validates workflow value, trust posture, and protected-pilot business case.","expansionPath":"Protected Enterprise Pilot","boundary":"Synthetic data only; no diagnosis, treatment, payer submission, or patient outreach.","primaryAction":{"label":"Request Pilot","href":"/pilot?offer=synthetic-pilot-evaluation"}},{"name":"Protected Enterprise Pilot","status":"protected-pilot","recommendedDisplayPrice":"Standard $400k-$1.25M for 90-180 days; $1.25M-$2M+ for multi-site, protected diligence, sandbox planning, or expanded scope","buyer":"Health systems, payers, public-sector programs, and enterprise operators preparing controlled deployment","entryCriteria":["Security, privacy, compliance, and legal review underway","BAA and data-boundary decisions defined","Tenant identity and reviewer roles approved","Workflow owner and success baseline confirmed"],"includes":["Tenant-scoped pilot environment","Role-based review workflows","Connector implementation plan","Durable audit design","Operational outcomes report","Enterprise license proposal"],"successMetric":"Buyer approves annual operating license, connector scope, and governed production plan.","expansionPath":"Enterprise Operating License","boundary":"Protected pilot still requires human review and approved controls before any live clinical workflow use.","primaryAction":{"label":"Start Protected Pilot","href":"/pilot?offer=clinical-operations-automation-blueprint"}},{"name":"Enterprise Operating License","status":"enterprise-license","recommendedDisplayPrice":"Initial annual operating layer $1.5M-$6M; multi-department or multi-region expansion $6M-$12M+","buyer":"Large hospitals, payers, government health agencies, and multi-site healthcare organizations","entryCriteria":["Protected pilot validated","Approved identity, audit, security, connector, and governance controls","Annual budget owner identified","Expansion workflows prioritized"],"includes":["SCRIMED AgentOS and Atlas operating layer","Workflow, agent, and connector packages","TrustQA, audit, observability, and governance stack","Enterprise support and implementation cadence","Quarterly value and safety reviews"],"successMetric":"Multi-workflow expansion with measurable operational value and governed trust posture.","expansionPath":"Strategic Platform Partnership","boundary":"Production use requires signed controls, approved workflows, and human-review operating procedures.","primaryAction":{"label":"Contact Enterprise Sales","href":"/pilot?offer=ai-readiness-governance-audit"}},{"name":"Strategic Platform Partnership","status":"strategic","recommendedDisplayPrice":"Multi-year partnerships $8M-$25M+, sales-led, region-aware, and external-review-gated","buyer":"Governments, national health systems, major payers, strategic hospital networks, and global partners","entryCriteria":["Multi-organization mandate","Long-term interoperability, governance, or transformation program","Executive steering committee","Regional compliance and deployment model defined"],"includes":["Dedicated roadmap alignment","Regional compliance and sovereignty planning","Custom agent and connector strategy","Executive governance reporting","Strategic implementation support"],"successMetric":"SCRIMED becomes a governed healthcare intelligence infrastructure partner.","expansionPath":"Regional or ecosystem-level deployment","boundary":"Strategic work remains governed, auditable, human-reviewed, and regionally compliant.","primaryAction":{"label":"Request Strategic Review","href":"/pilot?offer=ai-readiness-governance-audit"}}],"premiumPricingPrinciples":[{"principle":"Protect enterprise price integrity","policy":"Use starts-at floors and scoped enterprise ranges; do not publish low monthly plans for the operating layer.","rationale":"SCRIMED sells governed healthcare intelligence infrastructure, workflow transformation, trust controls, and enterprise proof, not a commodity chatbot seat.","guardrail":"Discount only by reducing scope, duration, services, integrations, or support commitments."},{"principle":"Price against workflow value and governance scope","policy":"Anchor fees to workflows under governance, departments served, integrations, support level, security review, and proof-stack depth.","rationale":"Healthcare buyers pay for measurable operational intelligence, trusted controls, and deployment readiness across high-friction workflows.","guardrail":"Measured pilot outcomes are directional business evidence, not guaranteed clinical, payer, or reimbursement outcomes."},{"principle":"Separate platform license from implementation services","policy":"Keep annual platform licensing distinct from assessment, pilot, connector, migration, security, training, and advisory work.","rationale":"This preserves SCRIMED's long-term platform margin while making complex enterprise delivery transparent to buyers.","guardrail":"Live connector, PHI, clinical, payer, or sovereign deployment work requires approved written scope and controls."},{"principle":"Move qualified buyers toward multi-year commitments","policy":"Use paid assessments and synthetic pilots to validate scope, then convert protected pilots into annual or multi-year platform agreements.","rationale":"Enterprise healthcare transformation compounds through trust, workflow ownership, integrations, and institutional memory.","guardrail":"No customer should enter production use without legal, privacy, security, governance, and human-review approvals."}],"salesMotion":[{"phase":"discover","name":"Website to Product","route":"https://www.scrimedsolutions.com -> https://app.scrimedsolutions.com/product","buyerAction":"Buyer learns the brand on Wix and clicks into the SCRIMED product app.","scrimedAction":"Route buyer to Product Console, Pricing, Evaluation, or Pilot Intake.","qualificationGate":"Buyer has healthcare workflow, governance, interoperability, or AI readiness need.","nextCommitment":"Run evaluation or submit pilot intake."},{"phase":"evaluate","name":"Self-Guided Product Evaluation","route":"/evaluation","buyerAction":"Buyer inspects synthetic AgentOS/Atlas outputs without needing Vercel or an account.","scrimedAction":"Package product proof around task plans, Trust Cards, audit preview, and observability.","qualificationGate":"Buyer confirms one or more high-value workflows and a sponsor.","nextCommitment":"Paid assessment or synthetic pilot."},{"phase":"pilot","name":"Paid Evaluation or Synthetic Pilot","route":"/pilot-deal-room","buyerAction":"Buyer reviews the Pilot Deal Room, requests scoped assessment or pilot, and acknowledges no-PHI boundary.","scrimedAction":"Qualify buyer, define scope, metrics, governance gates, decision criteria, and deal-room packet.","qualificationGate":"Sponsor, budget range, workflow owner, review team, and pilot success metrics exist.","nextCommitment":"Protected pilot or annual license proposal."},{"phase":"license","name":"Protected Pilot to Enterprise License","route":"/pricing","buyerAction":"Buyer reviews implementation, security, compliance, and annual operating model.","scrimedAction":"Propose base platform license plus workflow, connector, agent, support, and usage scope.","qualificationGate":"BAA, identity, audit, connector, security, and human-review controls approved.","nextCommitment":"Annual enterprise agreement."},{"phase":"expand","name":"Enterprise Expansion","route":"/observability","buyerAction":"Buyer expands from one workflow to multiple departments, regions, or organizations.","scrimedAction":"Use observability, trust metrics, and governance reporting to support expansion.","qualificationGate":"Measured value and safety posture remain strong under review.","nextCommitment":"Multi-year strategic partnership."}],"valueMetrics":[{"metric":"Workflows under governance","whyItMatters":"Healthcare buyers buy workflow transformation, not generic AI usage.","pricingUse":"Primary enterprise package metric for pilots and annual licenses.","guardrail":"Workflow expansion requires approved human-review and audit controls."},{"metric":"Agent and service modules enabled","whyItMatters":"Sanar AI, DocuTwin, CareExplain, Ambient Scribe, TrialCore, PayerIQ, and future services carry different value and risk.","pricingUse":"Module add-ons and tier expansion.","guardrail":"No module implies autonomous diagnosis, treatment, payer submission, or patient outreach."},{"metric":"Connector and integration scope","whyItMatters":"EHR, payer, CRM, knowledge, and analytics connectors drive implementation cost and enterprise value.","pricingUse":"Implementation and annual support scope.","guardrail":"Live connectors require BAA, tenant identity, audit, security, and approval controls."},{"metric":"Evaluation and task volume","whyItMatters":"AI-heavy usage should scale with actual activity without surprising buyers.","pricingUse":"Usage band or credit pool after pilot validation.","guardrail":"Usage pricing should be capped or contracted to preserve buyer trust."},{"metric":"Organizations, regions, and departments","whyItMatters":"SCRIMED can expand from department workflow to enterprise operating layer.","pricingUse":"Enterprise and strategic partnership expansion.","guardrail":"Regional compliance, data residency, language, and governance needs must be explicit."}],"commercialGuardrails":[{"guardrail":"Do not publish low consumer-style pricing","detail":"SCRIMED is an enterprise healthcare operating layer. Public pricing should show package ranges or 'starts at' for evaluations, with enterprise pilots handled by sales."},{"guardrail":"Sell outcomes as measured pilot signals","detail":"Use time saved, workflow friction, denial risk, access bottlenecks, documentation quality, and trust completeness as pilot metrics, not unsupported clinical claims."},{"guardrail":"Separate public preview from paid pilots","detail":"Website visitors can inspect the product, but paid assessments and pilots require sponsor, workflow scope, governance needs, and no-PHI acknowledgement."},{"guardrail":"Keep medical-device and clinical claims out of sales copy","detail":"SCRIMED should present as governed operational intelligence until clinical, regulatory, and production execution controls are explicitly approved."},{"guardrail":"Use enterprise sales with sales engineering","detail":"Healthcare buyers need security, compliance, workflow, interoperability, ROI, and trust review before annual license commitment."}],"marketPricingBenchmarks":[{"segment":"Individual AI scribe subscriptions","publicSignal":"Freed, Tali, and Heidi show free or low monthly clinician entry points for narrow documentation workflows.","source":"Public competitor pricing pages and plan pages","scrimedImplication":"SCRIMED should not compete as a low-cost per-seat scribe; free demos are the entry point, while paid work is enterprise workflow, governance, interoperability, and proof packaging."},{"segment":"Enterprise clinical AI assistants","publicSignal":"Suki, Ambience, Abridge, and similar vendors lead with workflow breadth, EHR adjacency, specialty support, and sales-led enterprise pricing.","source":"Public enterprise product pages and case-study positioning","scrimedImplication":"SCRIMED pilot pricing should scale by workflow family, departments, governance burden, proof depth, implementation complexity, and protected controls."},{"segment":"Healthcare integration infrastructure","publicSignal":"Redox-style integration platforms use custom pricing because EHR connectivity, uptime, security, data exchange, and trading-partner requirements drive cost.","source":"Public healthcare integration product and pricing-positioning pages","scrimedImplication":"Connector and production data-exchange work must remain outside standard demo and synthetic-pilot prices until separately reviewed and priced."},{"segment":"Health-system-owned AI infrastructure","publicSignal":"The 2026 Berta open-source scribe paper reports commercial AI scribes at $99-$600 per physician per month and internal operating costs below $30 per physician per month.","source":"Berta arXiv paper","scrimedImplication":"SCRIMED must defend enterprise price through proof, governance, safety, workflow redesign, interoperability readiness, and margin-transparent implementation."}],"pricingAlignmentDecisions":[{"lane":"Public demos","decision":"Keep free, no-PHI, no-account public demos and qualified standard guided demos.","rationale":"Market leaders reduce friction with trials or low-cost entry before enterprise review.","marginProtection":"Custom prep, questionnaires, buyer-specific proof packets, and diligence release work move into paid scope."},{"lane":"Assessments","decision":"Use $25k-$75k as the standard assessment band, with a $12.5k-$25k mission-clinic access path and $75k-$150k enterprise assessment band.","rationale":"This stays approachable for early buyers without pricing SCRIMED like a commodity seat subscription.","marginProtection":"Cap workflow count, meetings, artifacts, and review cycles; discount only by reducing scope."},{"lane":"Synthetic pilots","decision":"Use $125k-$350k as the standard 45-90 day synthetic pilot band and $350k-$500k for expanded proof scope.","rationale":"Enterprise pilots should be materially above individual scribe subscriptions while staying below production integration commitments.","marginProtection":"Separate custom packets, protected workspaces, integration planning, legal/security diligence, and implementation labor."},{"lane":"Protected enterprise pilots","decision":"Use $400k-$1.25M as the standard 90-180 day protected pilot band and $1.25M-$2M+ for multi-site or heavy diligence scope.","rationale":"Protected pilots carry security, privacy, tenant, evidence-room, support, and connector-readiness costs.","marginProtection":"Separate annual license, services, support, model usage, evidence-room release, connector work, and change orders."},{"lane":"Enterprise operating license","decision":"Use $1.5M-$6M annual for initial enterprise layer and $6M-$12M+ for multi-department or multi-region expansion.","rationale":"This aligns with infrastructure-level value while giving buyers a believable expansion ladder after pilots prove value.","marginProtection":"Keep implementation, support, connector, usage, and continuous review retainers out of the base license unless explicitly priced."}],"updated":"2026-06-26"},"publicMarketReadinessSummary":{"service":"scrimed-public-market-readiness","route":"/public-market-readiness","apiRoute":"/api/public-market-readiness","briefRoute":"/api/public-market-readiness/brief","protectedOperatorMetricRoute":"/pilot-workspace/access","protectedOperatorMetricApiRoute":"/api/pilot-workspaces/{workspaceSlug}/operator-metrics","protectedMetricRollupRoute":"/pilot-workspace/access","protectedMetricRollupApiRoute":"/api/pilot-workspaces/{workspaceSlug}/metric-rollups","protectedMetricRollupPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/metric-rollups/{snapshotId}/packet","protectedMetricTrendRoute":"/pilot-workspace/access","protectedMetricTrendApiRoute":"/api/pilot-workspaces/{workspaceSlug}/metric-trends","protectedMetricTrendPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/metric-trends/{reviewId}/packet","protectedBoardScorecardRoute":"/pilot-workspace/access","protectedBoardScorecardApiRoute":"/api/pilot-workspaces/{workspaceSlug}/board-scorecards","protectedBoardScorecardPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/board-scorecards/{scorecardId}/packet","protectedFinanceMethodologyRoute":"/pilot-workspace/access","protectedFinanceMethodologyApiRoute":"/api/pilot-workspaces/{workspaceSlug}/finance-methodology","protectedFinanceMethodologyPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/finance-methodology/packet","protectedExternalApprovalEvidenceRoute":"/pilot-workspace/access","protectedExternalApprovalEvidenceApiRoute":"/api/pilot-workspaces/{workspaceSlug}/external-approval-evidence","protectedExternalApprovalEvidencePacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/external-approval-evidence/packet","protectedReleaseDecisionRoute":"/pilot-workspace/access","protectedReleaseDecisionApiRoute":"/api/pilot-workspaces/{workspaceSlug}/release-decisions","protectedReleaseDecisionPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/release-decisions/packet","protectedNamedReviewerSignoffRoute":"/pilot-workspace/access","protectedNamedReviewerSignoffApiRoute":"/api/pilot-workspaces/{workspaceSlug}/reviewer-signoffs","protectedNamedReviewerSignoffPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/reviewer-signoffs/packet","protectedDistributionLockboxRoute":"/pilot-workspace/access","protectedDistributionLockboxApiRoute":"/api/pilot-workspaces/{workspaceSlug}/distribution-lockbox","protectedDistributionLockboxPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/distribution-lockbox/packet","protectedReleaseAuthorityAttestationRoute":"/pilot-workspace/access","protectedReleaseAuthorityAttestationApiRoute":"/api/pilot-workspaces/{workspaceSlug}/release-authority-attestations","protectedReleaseAuthorityAttestationPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/release-authority-attestations/packet","protectedEvidenceRoomRecipientAttestationRoute":"/pilot-workspace/access","protectedEvidenceRoomRecipientAttestationApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-recipient-attestations","protectedEvidenceRoomRecipientAttestationPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-recipient-attestations/packet","protectedEvidenceRoomAccessLogReconciliationRoute":"/pilot-workspace/access","protectedEvidenceRoomAccessLogReconciliationApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-access-log-reconciliation","protectedEvidenceRoomAccessLogReconciliationPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-access-log-reconciliation/packet","protectedEvidenceRoomProviderAdapterRoute":"/pilot-workspace/access","protectedEvidenceRoomProviderAdapterApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-provider-adapters","protectedEvidenceRoomProviderAdapterPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-provider-adapters/packet","protectedProviderSecurityReviewRoute":"/pilot-workspace/access","protectedProviderSecurityReviewApiRoute":"/api/pilot-workspaces/{workspaceSlug}/provider-security-reviews","protectedProviderSecurityReviewPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/provider-security-reviews/packet","protectedProcurementEvidenceRegistryRoute":"/pilot-workspace/access","protectedProcurementEvidenceRegistryApiRoute":"/api/pilot-workspaces/{workspaceSlug}/procurement-evidence","protectedProcurementEvidenceRegistryPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/procurement-evidence/packet","status":"capital-efficiency-kpi-stack-ready","proofStackStatus":"public-market-readiness-capital-efficiency-kpi-stack","briefProofStackStatus":"public-market-readiness-board-brief-no-financial-advice","protectedOperatorMetricStatus":"aal2-protected-operator-metric-capture-no-phi","protectedMetricRollupStatus":"aal2-finance-reviewed-metric-rollups-no-phi","protectedMetricRollupPacketStatus":"aal2-audited-board-metric-packets-no-phi","protectedMetricTrendStatus":"aal2-board-trend-review-no-phi","protectedMetricTrendPacketStatus":"aal2-audited-board-trend-packets-no-phi","protectedBoardScorecardStatus":"aal2-rolling-quarter-board-scorecards-no-phi","protectedBoardScorecardPacketStatus":"aal2-audited-board-scorecard-packets-no-phi","protectedFinanceMethodologyStatus":"aal2-finance-methodology-gates-no-phi","protectedFinanceMethodologyPacketStatus":"aal2-audited-finance-methodology-gate-packets-no-phi","protectedExternalApprovalEvidenceStatus":"aal2-qualified-external-approval-evidence-links-no-phi","protectedExternalApprovalEvidencePacketStatus":"aal2-audited-external-approval-evidence-link-packets-no-phi","protectedReleaseDecisionStatus":"aal2-qualified-release-decision-workflow-no-phi","protectedReleaseDecisionPacketStatus":"aal2-audited-release-decision-claim-registry-packets-no-phi","protectedNamedReviewerSignoffStatus":"aal2-named-reviewer-signoff-metadata-no-phi","protectedNamedReviewerSignoffPacketStatus":"aal2-audited-named-reviewer-signoff-packets-no-phi","protectedDistributionLockboxStatus":"aal2-external-distribution-lockbox-disabled-no-phi","protectedDistributionLockboxPacketStatus":"aal2-audited-distribution-lockbox-packets-no-phi","protectedReleaseAuthorityAttestationStatus":"aal2-external-release-authority-attestations-disabled-no-phi","protectedReleaseAuthorityAttestationPacketStatus":"aal2-audited-release-authority-attestation-packets-no-phi","protectedEvidenceRoomRecipientAttestationStatus":"aal2-evidence-room-recipient-attestations-disabled-no-phi","protectedEvidenceRoomRecipientAttestationPacketStatus":"aal2-audited-evidence-room-recipient-attestation-packets-no-phi","protectedEvidenceRoomAccessLogReconciliationStatus":"aal2-evidence-room-access-log-reconciliation-disabled-no-phi","protectedEvidenceRoomAccessLogReconciliationPacketStatus":"aal2-audited-evidence-room-access-log-reconciliation-packets-no-phi","protectedEvidenceRoomProviderAdapterStatus":"aal2-evidence-room-provider-adapter-contracts-disabled-no-phi","protectedEvidenceRoomProviderAdapterPacketStatus":"aal2-audited-evidence-room-provider-adapter-packets-no-phi","protectedProviderSecurityReviewStatus":"aal2-provider-security-review-workbench-no-phi","protectedProviderSecurityReviewPacketStatus":"aal2-audited-provider-security-review-packets-no-phi","protectedProcurementEvidenceRegistryStatus":"aal2-procurement-evidence-registry-no-sensitive-artifacts","protectedProcurementEvidenceRegistryPacketStatus":"aal2-audited-procurement-evidence-registry-packets-no-sensitive-artifacts","thesis":"SCRIMED is healthcare intelligence infrastructure, not another AI model company.","investorNarrative":"While frontier labs burn billions to build general intelligence, SCRIMED captures healthcare-specific value by owning the workflow, trust layer, data loops, governance evidence, interoperability path, and measurable outcomes around healthcare operations.","efficientHealthcareIntelligence":"SCRIMED should own healthcare workflows, trust evidence, and outcomes while using model routing, task-specific agents, open/closed model optionality, and token-cost controls to avoid frontier-model dependency.","boundary":"SCRIMED Public Market Readiness organizes KPI definitions, unit-economics discipline, compliance logs, customer proof, governance documentation, model-efficiency controls, and investor narrative for enterprise operating maturity. It is not audited financial reporting, securities offering material, investment advice, accounting advice, tax advice, a valuation guarantee, clinical validation, reimbursement assurance, compliance certification, or live clinical execution authorization.","metricCount":10,"unitEconomicsPackageCount":4,"modelEfficiencyControlCount":4,"complianceLogCount":6,"customerProofStageCount":5,"boardCadenceCount":4,"limitationCount":5,"operatorMetricCatalogCount":5,"operatingMetrics":[{"id":"cost-per-workflow","name":"Cost per governed workflow","category":"unit-economics","unit":"USD per completed workflow packet","formula":"(model cost + infrastructure cost + review labor + support allocation) / completed governed workflow packets","targetDirection":"lower-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"AgentOS task trace, QA evidence ledger, proof-packet release audit, and workflow result validation.","proofRoute":"/workflows/results","boundary":"Synthetic and protected-pilot workflows only until buyer-approved production baselines exist."},{"id":"cost-per-patient-interaction","name":"Cost per patient interaction equivalent","category":"unit-economics","unit":"USD per synthetic or approved pilot interaction","formula":"(agent execution cost + routing cost + human-review cost) / synthetic or approved pilot interaction count","targetDirection":"lower-is-better","currentMaturity":"protected-pilot-measurement-required","auditSource":"Protected pilot sessions, buyer demo sessions, and approved customer baselines.","proofRoute":"/pilot-workspace/access","boundary":"No live patient interaction is authorized. Current use is a pilot-equivalent metric definition."},{"id":"cost-per-chart","name":"Cost per chart review","category":"unit-economics","unit":"USD per synthetic or approved chart-review work order","formula":"(document intelligence cost + model extraction cost + TrustQA review cost + reviewer time) / chart-review work orders","targetDirection":"lower-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"DocuTwin work orders, Trust Cards, and manual QA evidence packets.","proofRoute":"/modules/docutwin","boundary":"No PHI, record mutation, diagnosis insertion, or final note filing is authorized."},{"id":"cost-per-prior-auth","name":"Cost per prior authorization support packet","category":"unit-economics","unit":"USD per packet draft","formula":"(policy retrieval cost + document parsing cost + model drafting cost + reviewer time) / prior-auth packet drafts","targetDirection":"lower-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"Agent Workspace work orders, Atlas evidence layer, and proof packet audit.","proofRoute":"/agent-workspace","boundary":"No payer submission, coverage determination, or medical-necessity decision is authorized."},{"id":"cost-per-denial-appeal","name":"Cost per denial appeal support draft","category":"unit-economics","unit":"USD per reviewable appeal draft","formula":"(claim-context parsing + policy evidence retrieval + draft generation + qualified review allocation) / appeal-support drafts","targetDirection":"lower-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"RCM Agent work orders, TrustOS reviewer checkpoints, and governance packets.","proofRoute":"/workflows/results","boundary":"No final coding, billing, appeal submission, or reimbursement guarantee is authorized."},{"id":"time-saved-per-clinician","name":"Time saved per clinician","category":"workflow-value","unit":"minutes saved per reviewed workflow","formula":"buyer-approved baseline minutes - SCRIMED-assisted minutes for the same governed workflow","targetDirection":"higher-is-better","currentMaturity":"protected-pilot-measurement-required","auditSource":"Buyer baseline, protected pilot result packet, reviewer sign-off, and QA evidence.","proofRoute":"/pilot-evidence","boundary":"This is an operational-efficiency metric, not a clinical outcome claim."},{"id":"revenue-protected","name":"Revenue protected per payer or provider workflow","category":"workflow-value","unit":"USD at-risk revenue surfaced for qualified review","formula":"reviewed denial risk, missing-evidence exposure, or leakage opportunity identified under buyer-approved methodology","targetDirection":"higher-is-better","currentMaturity":"protected-pilot-measurement-required","auditSource":"Revenue workflow result packets, buyer finance review, and approved value methodology.","proofRoute":"/pricing","boundary":"Revenue protected is a reviewed operational signal, not a reimbursement promise or audited financial result."},{"id":"compliance-log-completeness","name":"Compliance log completeness","category":"compliance-governance","unit":"percentage of governed events with required metadata","formula":"governed events with required audit metadata / total governed events","targetDirection":"higher-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"Protected pilot audit events, TrustOS decisions, QA packets, and activation attestations.","proofRoute":"/audit","boundary":"Log completeness does not equal compliance certification or regulator acceptance."},{"id":"gross-margin-by-offer","name":"Gross margin by offer","category":"margin-discipline","unit":"percentage margin by package","formula":"(contracted package revenue - model cost - infrastructure cost - implementation labor - support allocation - reviewer allocation) / contracted package revenue","targetDirection":"within-approved-band","currentMaturity":"external-finance-review-required","auditSource":"Pricing model, sales deal room, finance review, usage logs, and delivery time tracking.","proofRoute":"/pricing","boundary":"Requires finance-reviewed cost accounting before external reporting or investor diligence use."},{"id":"model-cost-per-trust-card","name":"Model cost per Trust Card","category":"cost-control","unit":"USD per evidence-backed recommendation card","formula":"(retrieval cost + model route cost + validation cost + reviewer allocation) / Trust Cards generated","targetDirection":"lower-is-better","currentMaturity":"definition-ready","auditSource":"Atlas Trust Cards, model-router logs, validation records, and reviewer status.","proofRoute":"/atlas","boundary":"Trust Cards remain review support, not autonomous clinical decisions."}],"operatorMetricCatalog":[{"metricKey":"model-cost-usd","label":"Model cost","unit":"usd","publicMarketKpiId":"model-cost-per-trust-card","description":"Model, routing, retrieval, validation, and retry cost for a governed workflow window.","proofRoute":"/public-market-readiness","costDiscipline":"Use model routing, smaller task-specific models, retrieval-first execution, and retry budgets."},{"metricKey":"review-time-minutes","label":"Human review time","unit":"minutes","publicMarketKpiId":"time-saved-per-clinician","description":"Operator, reviewer, clinician-adjacent, or sales-engineering review minutes for a governed workflow window.","proofRoute":"/pilot-workspace/access","costDiscipline":"Track review load so SCRIMED can price human-in-the-loop safety without hiding labor cost."},{"metricKey":"delivery-hours","label":"Delivery hours","unit":"hours","publicMarketKpiId":"gross-margin-by-offer","description":"Implementation, QA, sales engineering, governance, or delivery hours spent on a scoped no-PHI workflow window.","proofRoute":"/pricing","costDiscipline":"Separate implementation services from platform license and protect enterprise gross margin."},{"metricKey":"proof-packet-count","label":"Proof packet count","unit":"count","publicMarketKpiId":"compliance-log-completeness","description":"Audited or generated proof packets released for a governed workflow window.","proofRoute":"/qa-evidence","costDiscipline":"Treat proof production as a repeatable evidence factory, not one-off consulting labor."},{"metricKey":"workflow-volume","label":"Workflow volume","unit":"count","publicMarketKpiId":"cost-per-workflow","description":"Completed synthetic, protected-pilot, or buyer-demo workflow packets in a measurement window.","proofRoute":"/workflows/results","costDiscipline":"Normalize operating cost by workflow output so SCRIMED can price against value and throughput."}],"unitEconomicsPackages":[{"packageName":"Workflow Intelligence Assessment","commercialStage":"paid assessment","priceSignal":"Starts at $50k; typical range $75k-$150k fixed fee","measurableValue":["workflow friction map","automation candidate scorecard","governance gap register","pilot success criteria"],"costDrivers":["discovery hours","workflow analysis","buyer workshops","executive findings"],"marginDiscipline":"Keep scope fixed, cap workshop hours, reuse SCRIMED assessment templates, and convert qualified accounts into higher-value pilots.","proofRoutes":["/pricing","/pilot-deal-room","/pilot"],"boundary":"Assessment output is operational intelligence, not legal, clinical, or regulatory advice."},{"packageName":"Synthetic Pilot Evaluation","commercialStage":"sellable pilot","priceSignal":"Starts at $150k; typical range $200k-$500k for 45-90 days","measurableValue":["cost per governed workflow","time saved estimate","workflow friction reduced","Trust Card completeness","production-readiness gates"],"costDrivers":["agent runs","synthetic workflow design","proof packets","review meetings","QA evidence"],"marginDiscipline":"Use task-specific agents, deterministic synthetic fixtures, bounded model routes, and reusable governance packets.","proofRoutes":["/product","/evaluation","/qa-evidence","/demos"],"boundary":"Synthetic data only; no PHI, diagnosis, payer submission, patient outreach, or live execution."},{"packageName":"Protected Enterprise Pilot","commercialStage":"protected pilot","priceSignal":"Starts at $750k; typical range $1M-$2.5M for 90-180 days","measurableValue":["buyer-approved workflow baseline","reviewer acceptance rate","override and escalation rates","cost per work order","readiness gates closed"],"costDrivers":["tenant setup","identity controls","human review","security diligence","governance operations"],"marginDiscipline":"Charge separately for connectors, implementation, evidence vault controls, custom support, and regional compliance work.","proofRoutes":["/pilot-workspace/access","/clinical-care-activation","/trust-safety-operations"],"boundary":"Protected pilot does not authorize live clinical execution until external approvals and customer-specific controls pass."},{"packageName":"Enterprise Operating License","commercialStage":"annual platform license","priceSignal":"Annual platform license starts at $2.5M; enterprise range $3M-$12M+","measurableValue":["workflows under governance","departments served","model cost per workflow","audit completeness","expansion revenue"],"costDrivers":["platform support","workflow count","connectors","monitoring","customer success"],"marginDiscipline":"Separate platform license from implementation services and charge add-ons for workflow, connector, region, and support expansion.","proofRoutes":["/pricing","/observability","/deployment-profiles"],"boundary":"Production terms require signed scope, security review, privacy controls, and human-review operating procedures."}],"modelEfficiencyControls":[{"control":"Task-specific agent routing","operatingPolicy":"Route narrow workflow tasks to specialized agents instead of a single large general-purpose agent.","costControl":"Use deterministic preprocessing, small-model classification, and retrieval-before-generation before escalating to premium models.","safetyControl":"Escalate uncertainty and high-risk clinical-adjacent content to human review.","proofRoute":"/agents"},{"control":"Open and closed model optionality","operatingPolicy":"Keep model-provider abstraction so SCRIMED can route between frontier APIs, healthcare-specific models, open-weight models, and future sovereign deployments.","costControl":"Choose the least expensive route that satisfies safety, latency, context, and evidence requirements.","safetyControl":"Do not route PHI-sensitive or regulated tasks without approved deployment controls.","proofRoute":"/healthcare-intelligence-os"},{"control":"Token and evidence budgets","operatingPolicy":"Attach workflow-level budgets for context size, evidence retrieval depth, model calls, retries, and reviewer effort.","costControl":"Track cost per workflow, Trust Card, chart, prior-auth packet, and denial draft.","safetyControl":"Block budget-driven shortcuts that remove citations, confidence, or review gates.","proofRoute":"/observability"},{"control":"Workflow-owned data loops","operatingPolicy":"Optimize around customer workflow outcomes rather than generic benchmark scores.","costControl":"Invest in reusable workflow traces, corrections, and governance packets that improve future runs without retraining foundation models.","safetyControl":"Use deidentified or synthetic feedback until privacy and customer data rights are approved.","proofRoute":"/pilot-evidence"}],"complianceLogs":[{"log":"Protected pilot audit events","owner":"TrustOS, engineering, and tenant admins","currentSource":"Tenant-scoped Supabase audit events and proof-packet release logs.","proofRoute":"/pilot-workspace/access","metricUse":"Compliance log completeness, customer proof, and buyer diligence.","boundary":"No PHI, secrets, or live medical records are stored in current protected packets."},{"log":"QA evidence ledger","owner":"Engineering and trust operations","currentSource":"Dated smoke, build, manual-run, and no-secret QA evidence.","proofRoute":"/qa-evidence","metricUse":"Release discipline, defect visibility, and investor diligence.","boundary":"QA evidence is product reliability evidence, not certification."},{"log":"Clinical activation dossier and approvals","owner":"Clinical governance, legal, security, privacy, and operations","currentSource":"No-PHI AAL2 clinical activation readiness attestations and packets.","proofRoute":"/clinical-care-activation","metricUse":"Hard-gate closure, readiness posture, and regulated deployment planning.","boundary":"Readiness attestations do not authorize live clinical care."},{"log":"Buyer diligence and secure evidence vault readiness","owner":"Sales operations, legal, privacy, and security","currentSource":"Buyer room, diligence packets, and disabled-by-default vault readiness controls.","proofRoute":"/pilot-deal-room","metricUse":"Customer proof, revenue-stage maturity, and enterprise procurement readiness.","boundary":"Sensitive buyer document storage remains disabled until approved controls exist."},{"log":"Protected operator metric ledger","owner":"Founder, finance advisor, product, and trust operations","currentSource":"AAL2 tenant-scoped no-PHI captures for model cost, review time, delivery hours, proof-packet count, and workflow volume.","proofRoute":"/pilot-workspace/access","metricUse":"Unit-economics discipline, board review, pricing posture, and finance-readiness coverage.","boundary":"Operator metrics are aggregate operating metadata, not audited financial reporting, securities offering material, valuation assurance, reimbursement assurance, or clinical validation."},{"log":"Trust Safety Operations","owner":"Trust, safety, legal, security, communications, and executive leadership","currentSource":"Incident, copyright, public-claims, safety, escalation, and continuous-improvement registers.","proofRoute":"/trust-safety-operations","metricUse":"Public-company operating discipline and brand-risk control.","boundary":"Current registers do not replace managed 24/7 SOC, counsel review, or insurance decisions."}],"customerProofStages":[{"stage":"Public product proof","buyerCommitment":"Self-guided inspection","scrimedProof":"Product console, demos, pricing, Trust Center, and public market readiness.","revenueSignal":"Qualified buyer enters pilot intake or sales conversation.","nextGate":"Paid assessment scope and no-PHI acknowledgement."},{"stage":"Paid assessment","buyerCommitment":"Fixed-fee workflow intelligence engagement","scrimedProof":"Workflow maps, governance gap register, KPI baseline plan, and pilot recommendation.","revenueSignal":"Assessment revenue plus qualified pilot conversion.","nextGate":"Synthetic pilot success criteria and sponsor approval."},{"stage":"Synthetic pilot","buyerCommitment":"45-90 day governed evaluation","scrimedProof":"Synthetic workflow packets, Trust Cards, QA evidence, observability, and buyer diligence export.","revenueSignal":"Pilot revenue and expansion case.","nextGate":"Protected pilot data boundary, security, legal, privacy, and identity approvals."},{"stage":"Protected enterprise pilot","buyerCommitment":"Tenant-isolated governed pilot","scrimedProof":"AAL2 access, audit events, approval workflow, command intelligence, and proof packets.","revenueSignal":"Protected pilot revenue and enterprise license proposal.","nextGate":"Signed production controls, human-review SOP, connector validation, and go-live approval."},{"stage":"Enterprise operating license","buyerCommitment":"Annual or multi-year platform agreement","scrimedProof":"Measured workflow value, margin discipline, governance reporting, and expansion roadmap.","revenueSignal":"Recurring platform revenue, modules, connectors, regions, and support expansion.","nextGate":"Board-level value review and multi-workflow expansion."}],"boardCadence":[{"cadence":"Weekly operating review","owner":"Founder, product, engineering, sales, and trust operations","reviewedSignals":["build and smoke status","protected route failures","sales intake quality","buyer proof packet readiness","known blockers"],"decisionOutput":"fix list, release gate, buyer follow-up, and next build step"},{"cadence":"Monthly metric review","owner":"Founder, finance advisor, sales, product, and delivery","reviewedSignals":["cost per workflow","pilot conversion","time saved signal","model cost trend","delivery effort by package"],"decisionOutput":"pricing adjustments, margin guardrails, and pilot scope standards"},{"cadence":"Quarterly governance review","owner":"Executive leadership, counsel, security, privacy, clinical advisors, and board advisors","reviewedSignals":["claims register","clinical activation gates","security/privacy blockers","incident trends","enterprise-readiness gaps"],"decisionOutput":"approved claims, prohibited claims, risk acceptances, and production readiness decisions"},{"cadence":"Investor diligence review","owner":"Founder, finance, legal, product, and investor relations","reviewedSignals":["customer proof ladder","unit economics maturity","gross margin assumptions","recurring revenue path","competitive edge"],"decisionOutput":"board memo, investor packet, and external-review queue"}],"limitations":[{"limitation":"No audited financial statements inside SCRIMED yet","impact":"External investors cannot treat current KPI stack as audited financial reporting.","workaround":"Use the KPI definitions, pricing tiers, sales audit evidence, and proof packets as operating-readiness material while finance and accounting review is completed.","graduationGate":"Finance-reviewed chart of accounts, revenue recognition policy, cost allocation, and audit-ready reporting."},{"limitation":"No live clinical outcomes","impact":"SCRIMED cannot claim patient-outcome improvement from production deployment.","workaround":"Report synthetic and protected-pilot operational metrics only, then graduate to customer-approved outcome studies after legal, clinical, privacy, and data rights approval.","graduationGate":"Customer-approved clinical governance protocol, IRB or ethics review when required, and signed data-processing path."},{"limitation":"No PHI-enabled cost telemetry","impact":"Patient-level cost per interaction remains a pilot-equivalent definition.","workaround":"Use synthetic interactions and buyer-approved aggregate workflow baselines until PHI authorization, BAA/DPA, consent, and production controls exist.","graduationGate":"Approved production data boundary, minimum-necessary design, audit controls, and customer authorization."},{"limitation":"No securities offering or valuation guarantee","impact":"Investor narrative must stay as strategic positioning, not investment solicitation.","workaround":"Keep public-market readiness language framed as internal operating discipline and diligence preparation, with counsel-reviewed materials before fundraising use.","graduationGate":"Qualified securities counsel, approved investor materials, and controlled data-room process."},{"limitation":"Secure evidence vault storage remains disabled by default","impact":"Sensitive buyer diligence artifacts cannot be uploaded into SCRIMED yet.","workaround":"Use metadata-only vault readiness and buyer-approved external secure channels until DLP, malware scanning, encryption, retention, legal hold, and access reviews are approved.","graduationGate":"Approved storage provider, security controls, legal terms, incident response, and access-review workflow."}],"nextBuildStep":"Add customer-ready security questionnaire response registry and procurement evidence routing without storing confidential questionnaires, SOC reports, penetration-test reports, credentials, PHI, signed legal artifacts, or sensitive customer documents in SCRIMED.","updated":"2026-06-20"},"salesDealRoomSummary":{"service":"scrimed-sales-deal-room","route":"/pilot-deal-room","apiRoute":"/api/pilot-deal-room","protectedPacketRoute":"/api/sales-operations/opportunities/{intakeId}/deal-room-packet","workspaceProvisioningRoute":"/api/sales-operations/opportunities/{intakeId}/workspace-provisioning","workspaceProvisioningPacketRoute":"/api/sales-operations/opportunities/{intakeId}/workspace-provisioning/packet","buyerTenantLifecycleRoute":"/api/sales-operations/opportunities/{intakeId}/tenant-lifecycle","buyerTenantLifecyclePacketRoute":"/api/sales-operations/opportunities/{intakeId}/tenant-lifecycle/packet","productionActivationReadinessRoute":"/api/sales-operations/opportunities/{intakeId}/production-readiness","productionActivationReadinessPacketRoute":"/api/sales-operations/opportunities/{intakeId}/production-readiness/packet","customerActivationApprovalsRoute":"/api/sales-operations/opportunities/{intakeId}/activation-approvals","customerActivationApprovalsPacketRoute":"/api/sales-operations/opportunities/{intakeId}/activation-approvals/packet","buyerDiligenceRoomRoute":"/api/sales-operations/opportunities/{intakeId}/buyer-diligence","buyerDiligenceRoomPacketRoute":"/api/sales-operations/opportunities/{intakeId}/buyer-diligence/packet","secureEvidenceVaultReadinessRoute":"/api/sales-operations/opportunities/{intakeId}/evidence-vault-readiness","secureEvidenceVaultReadinessPacketRoute":"/api/sales-operations/opportunities/{intakeId}/evidence-vault-readiness/packet","status":"public-organization-and-protected-packet-ready","defaultWorkspaceSlug":"atlas-synthetic-evaluation","proofStackStatus":"sales-to-buyer-room-linkage-ready","buyerRoomProofStackStatus":"aal2-buyer-room-evidence-bundle","buyerRoomPacketProofStackStatus":"aal2-audited-buyer-diligence-export","opportunityWorkspaceProvisioningProofStackStatus":"aal2-opportunity-workspace-provisioning","opportunityWorkspaceProvisioningPacketProofStackStatus":"aal2-audited-opportunity-workspace-packets","buyerTenantLifecycleProofStackStatus":"aal2-buyer-tenant-lifecycle-automation","buyerTenantLifecyclePacketProofStackStatus":"aal2-audited-buyer-tenant-lifecycle-packets","productionActivationReadinessProofStackStatus":"aal2-production-sso-invitation-readiness","productionActivationReadinessPacketProofStackStatus":"aal2-audited-production-readiness-packets","customerActivationApprovalsProofStackStatus":"aal2-paid-pilot-activation-approvals","customerActivationApprovalsPacketProofStackStatus":"aal2-audited-activation-approval-packets","buyerDiligenceRoomProofStackStatus":"aal2-buyer-evidence-signed-controls-diligence-room","buyerDiligenceRoomPacketProofStackStatus":"aal2-audited-buyer-diligence-packets","secureEvidenceVaultReadinessProofStackStatus":"aal2-secure-evidence-vault-readiness-disabled-by-default","secureEvidenceVaultReadinessPacketProofStackStatus":"aal2-audited-secure-evidence-vault-readiness-packets","executiveThesis":"SCRIMED converts public product proof, governed pilot intake, tenant-admin sales operations, buyer-room diligence, premium pricing, and protected workspace evidence into one enterprise-ready pilot acquisition path.","stages":[{"stage":"1. Discover","buyerQuestion":"What is SCRIMED and why is it differentiated?","scrimedProof":"Official website, competitive edge page, Product Console, Trust Center, and pricing posture.","primaryRoute":"/competitive-edge","gatedBoundary":"Public education only; no buyer data or clinical claims required."},{"stage":"2. Evaluate","buyerQuestion":"Can the product show governed workflow value before live data?","scrimedProof":"Demos, AgentOS evaluation, workflows, synthetic fixtures, Trust Cards, and proof routes.","primaryRoute":"/demos","gatedBoundary":"Synthetic scenarios only; no PHI or patient-facing execution."},{"stage":"3. Request","buyerQuestion":"Can my organization scope a paid assessment or synthetic pilot?","scrimedProof":"Pilot intake captures buyer segment, workflow targets, governance needs, and no-PHI acknowledgement.","primaryRoute":"/pilot","gatedBoundary":"Business-contact and workflow-scope intake only."},{"stage":"4. Qualify","buyerQuestion":"Can SCRIMED manage opportunity ownership and next steps?","scrimedProof":"Sales Operations provides tenant-admin ownership, pipeline stage, follow-up, assessment scheduling, and audit.","primaryRoute":"/sales-operations","gatedBoundary":"AAL2 tenant-admin access required; no direct table mutation."},{"stage":"5. Prove","buyerQuestion":"Can we inspect tenant-scoped proof and limitations before paying for more scope?","scrimedProof":"Buyer Pilot Room bundles readiness, evidence counts, commercial path, competitive edge, limitations, and packet audit.","primaryRoute":"/pilot-workspace/access","gatedBoundary":"Protected tenant workspace; synthetic-only, write-before-release artifacts."},{"stage":"6. Commit","buyerQuestion":"What commercial step should we approve next?","scrimedProof":"Non-binding deal-room packet, proposal, pricing tier, governance pack, and buyer-specific next action.","primaryRoute":"/pricing","gatedBoundary":"Final scope, legal terms, security review, and production permissions require written approval."}],"siteLanes":[{"lane":"Official Website","audience":"Public buyers, partners, advisors, and press","route":"https://www.scrimedsolutions.com","purpose":"Brand credibility, founder story, broad education, and top-of-funnel trust.","handoff":"Route serious buyers to the product app, pilot intake, or competitive-edge page."},{"lane":"Product App","audience":"Enterprise evaluators, investors, and sales engineering","route":"https://app.scrimedsolutions.com","purpose":"Show the actual SCRIMED product console, demos, pricing, trust posture, workflows, and protected pilot access.","handoff":"Move from self-guided proof to a paid assessment or synthetic pilot."},{"lane":"Protected Workspace","audience":"Approved tenant admins, pilot leads, reviewers, and SCRIMED operators","route":"/pilot-workspace/access","purpose":"Package tenant-scoped synthetic sessions, audit evidence, demo readiness, TrustOps, and Buyer Diligence Exports.","handoff":"Use audited packets for diligence follow-up and protected-pilot planning."},{"lane":"Sales Operations","audience":"SCRIMED tenant-admin commercial operators","route":"/sales-operations","purpose":"Own opportunities, proposals, follow-ups, CRM export, attribution packets, assessment invites, and deal-room packets.","handoff":"Create a buyer-specific packet that links opportunity scope to product proof and the protected Buyer Pilot Room."}],"competitiveEdges":[{"pillar":"Healthcare Intelligence Infrastructure","claim":"SCRIMED is positioned as a governed healthcare intelligence operating layer, not another chatbot, ambient note feature, or isolated automation tool.","proof":"AgentOS, Atlas Intelligence Core, TrustOS, persistent workspaces, interoperability contracts, and audit packets are exposed as one operating stack.","route":"/healthcare-intelligence-os","blockedClaim":"Does not claim autonomous clinical execution or replacement of healthcare professionals."},{"pillar":"Trust-First Enterprise Proof","claim":"Every buyer-facing proof artifact is designed around human review, tenant isolation, synthetic-only boundaries, and write-before-release audit evidence.","proof":"Protected pilot workspaces use Supabase Auth, AAL2 assurance, tenant-scoped RLS, durable sessions, audit events, demo snapshots, and proof packets.","route":"/pilot-workspace/access","blockedClaim":"Does not claim HIPAA certification, SOC 2 certification, FDA clearance, or production authorization."},{"pillar":"Interoperability Sidecar Strategy","claim":"SCRIMED can sit beside existing EHR, payer, imaging, device, and analytics systems as a review-gated intelligence layer instead of replacing the record of truth.","proof":"FHIR, HL7 v2, DICOM/DICOMweb, X12, C-CDA, LOINC, SNOMED CT, RxNorm, ICD, and CPT/HCPCS readiness are represented through synthetic contracts and conformance routes.","route":"/interoperability","blockedClaim":"Does not claim certified live connector status or production EHR writeback during synthetic pilots."},{"pillar":"Evidence-To-Revenue Motion","claim":"SCRIMED sells high-value enterprise evaluation, protected pilots, and operating licenses anchored to workflow value, governance scope, and measurable proof.","proof":"Pricing tiers, pilot intake, Sales Operations, attribution analytics, enterprise proof packets, and the Buyer Diligence Export connect product evidence to commercial execution.","route":"/pricing","blockedClaim":"Does not guarantee savings, reimbursement, denial reduction, or clinical outcomes."},{"pillar":"FaithCore And Atlas Trust Positioning","claim":"SCRIMED can serve enterprise-neutral buyers through Atlas while preserving a distinct spiritually aligned FaithCore pathway for organizations that explicitly want it.","proof":"FaithCore and Atlas remain separate positioning lanes, keeping enterprise compliance language professional while allowing faith-aligned encouragement where appropriate.","route":"/faithcore","blockedClaim":"Does not mix spiritual support with diagnosis, treatment, emergency triage, or clinical authority."},{"pillar":"Global Deployment Optionality","claim":"SCRIMED is being shaped for cloud, private cloud, sovereign cloud, hospital-controlled, and edge/on-prem evaluation paths.","proof":"Deployment profiles, strategic platform intelligence, runtime safety gates, and no-live-data synthetic evaluations preserve buyer optionality before production scope.","route":"/deployment-profiles","blockedClaim":"Does not claim region-specific compliance approval until legal, privacy, security, and customer deployment review are complete."}],"limitations":[{"limitation":"Opportunities now support buyer-specific protected workspace provisioning and lifecycle activation after qualification.","resolution":"Qualified opportunities can provision a protected workspace, activate buyer tenant lifecycle controls, package domain SSO policy, manual invitation delivery, access review cadence, retention/archive controls, and audited packets. Unprovisioned opportunities still route to the default synthetic workspace with clear labeling.","productionGate":"Signed customer tenant architecture, production SSO configuration, transactional email approval, legal review, and live connector authorization."},{"limitation":"Production SSO, automated invitations, and workspace archive execution still require customer-specific approval.","resolution":"Production readiness packets now package buyer-domain verification, redirect/origin registry, invitation template approval, transactional delivery guardrails, access-review attestation, and archive runbook before any automated send or SSO cutover.","productionGate":"Verified buyer domain, approved IdP configuration, approved sending provider, legal/privacy/security sign-off, incident response path, and written enterprise authorization."},{"limitation":"Written SCRIMED approval can unblock paid pilot setup, but not live healthcare operations.","resolution":"Customer activation approval packets now record paid-pilot setup authorization, allowed setup actions, retained blockers, owner approvals, and evidence requirements after production readiness exists.","productionGate":"Separate buyer and SCRIMED written approval for PHI, production connectors, customer SSO cutover, automated bulk invitations, payer submission, patient outreach, clinical validation, and live workflow execution."},{"limitation":"Sensitive buyer diligence documents should not be uploaded until storage, DLP, retention, and legal hold controls are approved.","resolution":"Buyer diligence rooms now track metadata-only evidence requirements, signed-control status, BAA/DPA posture, IdP/domain proof needs, transactional provider decisions, production connector readiness, and packet history without collecting sensitive files.","productionGate":"Approved document storage, malware scanning, DLP, retention/legal hold, access reviews, buyer-approved secure exchange path, and counsel-reviewed signed controls."},{"limitation":"Sensitive evidence vaulting is not enabled until security, privacy, legal, residency, and incident controls are approved.","resolution":"Secure evidence vault readiness now packages disabled-by-default storage-provider decisioning, encryption/key management, DLP, malware scanning, retention/legal hold, access reviews, evidence classification, upload approval, incident response, regional residency, target audience, and revenue-path controls.","productionGate":"Approved vault provider, BAA/DPA path, encryption key ownership, DLP/malware controls, legal hold, deletion workflow, access review cadence, incident response, region policy, counsel review, and buyer authorization."},{"limitation":"Authenticated happy-path automation still requires a short-lived AAL2 bearer token.","resolution":"Keep fail-closed public smoke checks and use human AAL2 browser sessions for buyer packet generation.","productionGate":"Approved CI secret rotation, token expiry, and identity operations."},{"limitation":"Direct live connectors, PHI workflows, payer submission, and patient outreach remain blocked.","resolution":"Use synthetic fixtures, contracts, conformance evidence, and human-reviewed proof packets until production scope is signed.","productionGate":"Legal, privacy, security, clinical governance, BAA/DPA path, and connector validation."}],"boundary":"SCRIMED Pilot Deal Rooms organize public product proof, tenant-admin sales evidence, buyer-room routing, pricing posture, and non-binding proposal artifacts for governed synthetic evaluations only. They do not accept PHI, authorize live clinical execution, certify compliance, guarantee reimbursement, submit payer transactions, or provide medical, legal, or regulatory advice.","updated":"2026-06-17"},"updated":"2026-06-24"},"publicMarketReadinessSummary":{"service":"scrimed-public-market-readiness","route":"/public-market-readiness","apiRoute":"/api/public-market-readiness","briefRoute":"/api/public-market-readiness/brief","protectedOperatorMetricRoute":"/pilot-workspace/access","protectedOperatorMetricApiRoute":"/api/pilot-workspaces/{workspaceSlug}/operator-metrics","protectedMetricRollupRoute":"/pilot-workspace/access","protectedMetricRollupApiRoute":"/api/pilot-workspaces/{workspaceSlug}/metric-rollups","protectedMetricRollupPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/metric-rollups/{snapshotId}/packet","protectedMetricTrendRoute":"/pilot-workspace/access","protectedMetricTrendApiRoute":"/api/pilot-workspaces/{workspaceSlug}/metric-trends","protectedMetricTrendPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/metric-trends/{reviewId}/packet","protectedBoardScorecardRoute":"/pilot-workspace/access","protectedBoardScorecardApiRoute":"/api/pilot-workspaces/{workspaceSlug}/board-scorecards","protectedBoardScorecardPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/board-scorecards/{scorecardId}/packet","protectedFinanceMethodologyRoute":"/pilot-workspace/access","protectedFinanceMethodologyApiRoute":"/api/pilot-workspaces/{workspaceSlug}/finance-methodology","protectedFinanceMethodologyPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/finance-methodology/packet","protectedExternalApprovalEvidenceRoute":"/pilot-workspace/access","protectedExternalApprovalEvidenceApiRoute":"/api/pilot-workspaces/{workspaceSlug}/external-approval-evidence","protectedExternalApprovalEvidencePacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/external-approval-evidence/packet","protectedReleaseDecisionRoute":"/pilot-workspace/access","protectedReleaseDecisionApiRoute":"/api/pilot-workspaces/{workspaceSlug}/release-decisions","protectedReleaseDecisionPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/release-decisions/packet","protectedNamedReviewerSignoffRoute":"/pilot-workspace/access","protectedNamedReviewerSignoffApiRoute":"/api/pilot-workspaces/{workspaceSlug}/reviewer-signoffs","protectedNamedReviewerSignoffPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/reviewer-signoffs/packet","protectedDistributionLockboxRoute":"/pilot-workspace/access","protectedDistributionLockboxApiRoute":"/api/pilot-workspaces/{workspaceSlug}/distribution-lockbox","protectedDistributionLockboxPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/distribution-lockbox/packet","protectedReleaseAuthorityAttestationRoute":"/pilot-workspace/access","protectedReleaseAuthorityAttestationApiRoute":"/api/pilot-workspaces/{workspaceSlug}/release-authority-attestations","protectedReleaseAuthorityAttestationPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/release-authority-attestations/packet","protectedEvidenceRoomRecipientAttestationRoute":"/pilot-workspace/access","protectedEvidenceRoomRecipientAttestationApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-recipient-attestations","protectedEvidenceRoomRecipientAttestationPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-recipient-attestations/packet","protectedEvidenceRoomAccessLogReconciliationRoute":"/pilot-workspace/access","protectedEvidenceRoomAccessLogReconciliationApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-access-log-reconciliation","protectedEvidenceRoomAccessLogReconciliationPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-access-log-reconciliation/packet","protectedEvidenceRoomProviderAdapterRoute":"/pilot-workspace/access","protectedEvidenceRoomProviderAdapterApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-provider-adapters","protectedEvidenceRoomProviderAdapterPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-provider-adapters/packet","protectedProviderSecurityReviewRoute":"/pilot-workspace/access","protectedProviderSecurityReviewApiRoute":"/api/pilot-workspaces/{workspaceSlug}/provider-security-reviews","protectedProviderSecurityReviewPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/provider-security-reviews/packet","protectedProcurementEvidenceRegistryRoute":"/pilot-workspace/access","protectedProcurementEvidenceRegistryApiRoute":"/api/pilot-workspaces/{workspaceSlug}/procurement-evidence","protectedProcurementEvidenceRegistryPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/procurement-evidence/packet","status":"capital-efficiency-kpi-stack-ready","proofStackStatus":"public-market-readiness-capital-efficiency-kpi-stack","briefProofStackStatus":"public-market-readiness-board-brief-no-financial-advice","protectedOperatorMetricStatus":"aal2-protected-operator-metric-capture-no-phi","protectedMetricRollupStatus":"aal2-finance-reviewed-metric-rollups-no-phi","protectedMetricRollupPacketStatus":"aal2-audited-board-metric-packets-no-phi","protectedMetricTrendStatus":"aal2-board-trend-review-no-phi","protectedMetricTrendPacketStatus":"aal2-audited-board-trend-packets-no-phi","protectedBoardScorecardStatus":"aal2-rolling-quarter-board-scorecards-no-phi","protectedBoardScorecardPacketStatus":"aal2-audited-board-scorecard-packets-no-phi","protectedFinanceMethodologyStatus":"aal2-finance-methodology-gates-no-phi","protectedFinanceMethodologyPacketStatus":"aal2-audited-finance-methodology-gate-packets-no-phi","protectedExternalApprovalEvidenceStatus":"aal2-qualified-external-approval-evidence-links-no-phi","protectedExternalApprovalEvidencePacketStatus":"aal2-audited-external-approval-evidence-link-packets-no-phi","protectedReleaseDecisionStatus":"aal2-qualified-release-decision-workflow-no-phi","protectedReleaseDecisionPacketStatus":"aal2-audited-release-decision-claim-registry-packets-no-phi","protectedNamedReviewerSignoffStatus":"aal2-named-reviewer-signoff-metadata-no-phi","protectedNamedReviewerSignoffPacketStatus":"aal2-audited-named-reviewer-signoff-packets-no-phi","protectedDistributionLockboxStatus":"aal2-external-distribution-lockbox-disabled-no-phi","protectedDistributionLockboxPacketStatus":"aal2-audited-distribution-lockbox-packets-no-phi","protectedReleaseAuthorityAttestationStatus":"aal2-external-release-authority-attestations-disabled-no-phi","protectedReleaseAuthorityAttestationPacketStatus":"aal2-audited-release-authority-attestation-packets-no-phi","protectedEvidenceRoomRecipientAttestationStatus":"aal2-evidence-room-recipient-attestations-disabled-no-phi","protectedEvidenceRoomRecipientAttestationPacketStatus":"aal2-audited-evidence-room-recipient-attestation-packets-no-phi","protectedEvidenceRoomAccessLogReconciliationStatus":"aal2-evidence-room-access-log-reconciliation-disabled-no-phi","protectedEvidenceRoomAccessLogReconciliationPacketStatus":"aal2-audited-evidence-room-access-log-reconciliation-packets-no-phi","protectedEvidenceRoomProviderAdapterStatus":"aal2-evidence-room-provider-adapter-contracts-disabled-no-phi","protectedEvidenceRoomProviderAdapterPacketStatus":"aal2-audited-evidence-room-provider-adapter-packets-no-phi","protectedProviderSecurityReviewStatus":"aal2-provider-security-review-workbench-no-phi","protectedProviderSecurityReviewPacketStatus":"aal2-audited-provider-security-review-packets-no-phi","protectedProcurementEvidenceRegistryStatus":"aal2-procurement-evidence-registry-no-sensitive-artifacts","protectedProcurementEvidenceRegistryPacketStatus":"aal2-audited-procurement-evidence-registry-packets-no-sensitive-artifacts","thesis":"SCRIMED is healthcare intelligence infrastructure, not another AI model company.","investorNarrative":"While frontier labs burn billions to build general intelligence, SCRIMED captures healthcare-specific value by owning the workflow, trust layer, data loops, governance evidence, interoperability path, and measurable outcomes around healthcare operations.","efficientHealthcareIntelligence":"SCRIMED should own healthcare workflows, trust evidence, and outcomes while using model routing, task-specific agents, open/closed model optionality, and token-cost controls to avoid frontier-model dependency.","boundary":"SCRIMED Public Market Readiness organizes KPI definitions, unit-economics discipline, compliance logs, customer proof, governance documentation, model-efficiency controls, and investor narrative for enterprise operating maturity. It is not audited financial reporting, securities offering material, investment advice, accounting advice, tax advice, a valuation guarantee, clinical validation, reimbursement assurance, compliance certification, or live clinical execution authorization.","metricCount":10,"unitEconomicsPackageCount":4,"modelEfficiencyControlCount":4,"complianceLogCount":6,"customerProofStageCount":5,"boardCadenceCount":4,"limitationCount":5,"operatorMetricCatalogCount":5,"operatingMetrics":[{"id":"cost-per-workflow","name":"Cost per governed workflow","category":"unit-economics","unit":"USD per completed workflow packet","formula":"(model cost + infrastructure cost + review labor + support allocation) / completed governed workflow packets","targetDirection":"lower-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"AgentOS task trace, QA evidence ledger, proof-packet release audit, and workflow result validation.","proofRoute":"/workflows/results","boundary":"Synthetic and protected-pilot workflows only until buyer-approved production baselines exist."},{"id":"cost-per-patient-interaction","name":"Cost per patient interaction equivalent","category":"unit-economics","unit":"USD per synthetic or approved pilot interaction","formula":"(agent execution cost + routing cost + human-review cost) / synthetic or approved pilot interaction count","targetDirection":"lower-is-better","currentMaturity":"protected-pilot-measurement-required","auditSource":"Protected pilot sessions, buyer demo sessions, and approved customer baselines.","proofRoute":"/pilot-workspace/access","boundary":"No live patient interaction is authorized. Current use is a pilot-equivalent metric definition."},{"id":"cost-per-chart","name":"Cost per chart review","category":"unit-economics","unit":"USD per synthetic or approved chart-review work order","formula":"(document intelligence cost + model extraction cost + TrustQA review cost + reviewer time) / chart-review work orders","targetDirection":"lower-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"DocuTwin work orders, Trust Cards, and manual QA evidence packets.","proofRoute":"/modules/docutwin","boundary":"No PHI, record mutation, diagnosis insertion, or final note filing is authorized."},{"id":"cost-per-prior-auth","name":"Cost per prior authorization support packet","category":"unit-economics","unit":"USD per packet draft","formula":"(policy retrieval cost + document parsing cost + model drafting cost + reviewer time) / prior-auth packet drafts","targetDirection":"lower-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"Agent Workspace work orders, Atlas evidence layer, and proof packet audit.","proofRoute":"/agent-workspace","boundary":"No payer submission, coverage determination, or medical-necessity decision is authorized."},{"id":"cost-per-denial-appeal","name":"Cost per denial appeal support draft","category":"unit-economics","unit":"USD per reviewable appeal draft","formula":"(claim-context parsing + policy evidence retrieval + draft generation + qualified review allocation) / appeal-support drafts","targetDirection":"lower-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"RCM Agent work orders, TrustOS reviewer checkpoints, and governance packets.","proofRoute":"/workflows/results","boundary":"No final coding, billing, appeal submission, or reimbursement guarantee is authorized."},{"id":"time-saved-per-clinician","name":"Time saved per clinician","category":"workflow-value","unit":"minutes saved per reviewed workflow","formula":"buyer-approved baseline minutes - SCRIMED-assisted minutes for the same governed workflow","targetDirection":"higher-is-better","currentMaturity":"protected-pilot-measurement-required","auditSource":"Buyer baseline, protected pilot result packet, reviewer sign-off, and QA evidence.","proofRoute":"/pilot-evidence","boundary":"This is an operational-efficiency metric, not a clinical outcome claim."},{"id":"revenue-protected","name":"Revenue protected per payer or provider workflow","category":"workflow-value","unit":"USD at-risk revenue surfaced for qualified review","formula":"reviewed denial risk, missing-evidence exposure, or leakage opportunity identified under buyer-approved methodology","targetDirection":"higher-is-better","currentMaturity":"protected-pilot-measurement-required","auditSource":"Revenue workflow result packets, buyer finance review, and approved value methodology.","proofRoute":"/pricing","boundary":"Revenue protected is a reviewed operational signal, not a reimbursement promise or audited financial result."},{"id":"compliance-log-completeness","name":"Compliance log completeness","category":"compliance-governance","unit":"percentage of governed events with required metadata","formula":"governed events with required audit metadata / total governed events","targetDirection":"higher-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"Protected pilot audit events, TrustOS decisions, QA packets, and activation attestations.","proofRoute":"/audit","boundary":"Log completeness does not equal compliance certification or regulator acceptance."},{"id":"gross-margin-by-offer","name":"Gross margin by offer","category":"margin-discipline","unit":"percentage margin by package","formula":"(contracted package revenue - model cost - infrastructure cost - implementation labor - support allocation - reviewer allocation) / contracted package revenue","targetDirection":"within-approved-band","currentMaturity":"external-finance-review-required","auditSource":"Pricing model, sales deal room, finance review, usage logs, and delivery time tracking.","proofRoute":"/pricing","boundary":"Requires finance-reviewed cost accounting before external reporting or investor diligence use."},{"id":"model-cost-per-trust-card","name":"Model cost per Trust Card","category":"cost-control","unit":"USD per evidence-backed recommendation card","formula":"(retrieval cost + model route cost + validation cost + reviewer allocation) / Trust Cards generated","targetDirection":"lower-is-better","currentMaturity":"definition-ready","auditSource":"Atlas Trust Cards, model-router logs, validation records, and reviewer status.","proofRoute":"/atlas","boundary":"Trust Cards remain review support, not autonomous clinical decisions."}],"operatorMetricCatalog":[{"metricKey":"model-cost-usd","label":"Model cost","unit":"usd","publicMarketKpiId":"model-cost-per-trust-card","description":"Model, routing, retrieval, validation, and retry cost for a governed workflow window.","proofRoute":"/public-market-readiness","costDiscipline":"Use model routing, smaller task-specific models, retrieval-first execution, and retry budgets."},{"metricKey":"review-time-minutes","label":"Human review time","unit":"minutes","publicMarketKpiId":"time-saved-per-clinician","description":"Operator, reviewer, clinician-adjacent, or sales-engineering review minutes for a governed workflow window.","proofRoute":"/pilot-workspace/access","costDiscipline":"Track review load so SCRIMED can price human-in-the-loop safety without hiding labor cost."},{"metricKey":"delivery-hours","label":"Delivery hours","unit":"hours","publicMarketKpiId":"gross-margin-by-offer","description":"Implementation, QA, sales engineering, governance, or delivery hours spent on a scoped no-PHI workflow window.","proofRoute":"/pricing","costDiscipline":"Separate implementation services from platform license and protect enterprise gross margin."},{"metricKey":"proof-packet-count","label":"Proof packet count","unit":"count","publicMarketKpiId":"compliance-log-completeness","description":"Audited or generated proof packets released for a governed workflow window.","proofRoute":"/qa-evidence","costDiscipline":"Treat proof production as a repeatable evidence factory, not one-off consulting labor."},{"metricKey":"workflow-volume","label":"Workflow volume","unit":"count","publicMarketKpiId":"cost-per-workflow","description":"Completed synthetic, protected-pilot, or buyer-demo workflow packets in a measurement window.","proofRoute":"/workflows/results","costDiscipline":"Normalize operating cost by workflow output so SCRIMED can price against value and throughput."}],"unitEconomicsPackages":[{"packageName":"Workflow Intelligence Assessment","commercialStage":"paid assessment","priceSignal":"Starts at $50k; typical range $75k-$150k fixed fee","measurableValue":["workflow friction map","automation candidate scorecard","governance gap register","pilot success criteria"],"costDrivers":["discovery hours","workflow analysis","buyer workshops","executive findings"],"marginDiscipline":"Keep scope fixed, cap workshop hours, reuse SCRIMED assessment templates, and convert qualified accounts into higher-value pilots.","proofRoutes":["/pricing","/pilot-deal-room","/pilot"],"boundary":"Assessment output is operational intelligence, not legal, clinical, or regulatory advice."},{"packageName":"Synthetic Pilot Evaluation","commercialStage":"sellable pilot","priceSignal":"Starts at $150k; typical range $200k-$500k for 45-90 days","measurableValue":["cost per governed workflow","time saved estimate","workflow friction reduced","Trust Card completeness","production-readiness gates"],"costDrivers":["agent runs","synthetic workflow design","proof packets","review meetings","QA evidence"],"marginDiscipline":"Use task-specific agents, deterministic synthetic fixtures, bounded model routes, and reusable governance packets.","proofRoutes":["/product","/evaluation","/qa-evidence","/demos"],"boundary":"Synthetic data only; no PHI, diagnosis, payer submission, patient outreach, or live execution."},{"packageName":"Protected Enterprise Pilot","commercialStage":"protected pilot","priceSignal":"Starts at $750k; typical range $1M-$2.5M for 90-180 days","measurableValue":["buyer-approved workflow baseline","reviewer acceptance rate","override and escalation rates","cost per work order","readiness gates closed"],"costDrivers":["tenant setup","identity controls","human review","security diligence","governance operations"],"marginDiscipline":"Charge separately for connectors, implementation, evidence vault controls, custom support, and regional compliance work.","proofRoutes":["/pilot-workspace/access","/clinical-care-activation","/trust-safety-operations"],"boundary":"Protected pilot does not authorize live clinical execution until external approvals and customer-specific controls pass."},{"packageName":"Enterprise Operating License","commercialStage":"annual platform license","priceSignal":"Annual platform license starts at $2.5M; enterprise range $3M-$12M+","measurableValue":["workflows under governance","departments served","model cost per workflow","audit completeness","expansion revenue"],"costDrivers":["platform support","workflow count","connectors","monitoring","customer success"],"marginDiscipline":"Separate platform license from implementation services and charge add-ons for workflow, connector, region, and support expansion.","proofRoutes":["/pricing","/observability","/deployment-profiles"],"boundary":"Production terms require signed scope, security review, privacy controls, and human-review operating procedures."}],"modelEfficiencyControls":[{"control":"Task-specific agent routing","operatingPolicy":"Route narrow workflow tasks to specialized agents instead of a single large general-purpose agent.","costControl":"Use deterministic preprocessing, small-model classification, and retrieval-before-generation before escalating to premium models.","safetyControl":"Escalate uncertainty and high-risk clinical-adjacent content to human review.","proofRoute":"/agents"},{"control":"Open and closed model optionality","operatingPolicy":"Keep model-provider abstraction so SCRIMED can route between frontier APIs, healthcare-specific models, open-weight models, and future sovereign deployments.","costControl":"Choose the least expensive route that satisfies safety, latency, context, and evidence requirements.","safetyControl":"Do not route PHI-sensitive or regulated tasks without approved deployment controls.","proofRoute":"/healthcare-intelligence-os"},{"control":"Token and evidence budgets","operatingPolicy":"Attach workflow-level budgets for context size, evidence retrieval depth, model calls, retries, and reviewer effort.","costControl":"Track cost per workflow, Trust Card, chart, prior-auth packet, and denial draft.","safetyControl":"Block budget-driven shortcuts that remove citations, confidence, or review gates.","proofRoute":"/observability"},{"control":"Workflow-owned data loops","operatingPolicy":"Optimize around customer workflow outcomes rather than generic benchmark scores.","costControl":"Invest in reusable workflow traces, corrections, and governance packets that improve future runs without retraining foundation models.","safetyControl":"Use deidentified or synthetic feedback until privacy and customer data rights are approved.","proofRoute":"/pilot-evidence"}],"complianceLogs":[{"log":"Protected pilot audit events","owner":"TrustOS, engineering, and tenant admins","currentSource":"Tenant-scoped Supabase audit events and proof-packet release logs.","proofRoute":"/pilot-workspace/access","metricUse":"Compliance log completeness, customer proof, and buyer diligence.","boundary":"No PHI, secrets, or live medical records are stored in current protected packets."},{"log":"QA evidence ledger","owner":"Engineering and trust operations","currentSource":"Dated smoke, build, manual-run, and no-secret QA evidence.","proofRoute":"/qa-evidence","metricUse":"Release discipline, defect visibility, and investor diligence.","boundary":"QA evidence is product reliability evidence, not certification."},{"log":"Clinical activation dossier and approvals","owner":"Clinical governance, legal, security, privacy, and operations","currentSource":"No-PHI AAL2 clinical activation readiness attestations and packets.","proofRoute":"/clinical-care-activation","metricUse":"Hard-gate closure, readiness posture, and regulated deployment planning.","boundary":"Readiness attestations do not authorize live clinical care."},{"log":"Buyer diligence and secure evidence vault readiness","owner":"Sales operations, legal, privacy, and security","currentSource":"Buyer room, diligence packets, and disabled-by-default vault readiness controls.","proofRoute":"/pilot-deal-room","metricUse":"Customer proof, revenue-stage maturity, and enterprise procurement readiness.","boundary":"Sensitive buyer document storage remains disabled until approved controls exist."},{"log":"Protected operator metric ledger","owner":"Founder, finance advisor, product, and trust operations","currentSource":"AAL2 tenant-scoped no-PHI captures for model cost, review time, delivery hours, proof-packet count, and workflow volume.","proofRoute":"/pilot-workspace/access","metricUse":"Unit-economics discipline, board review, pricing posture, and finance-readiness coverage.","boundary":"Operator metrics are aggregate operating metadata, not audited financial reporting, securities offering material, valuation assurance, reimbursement assurance, or clinical validation."},{"log":"Trust Safety Operations","owner":"Trust, safety, legal, security, communications, and executive leadership","currentSource":"Incident, copyright, public-claims, safety, escalation, and continuous-improvement registers.","proofRoute":"/trust-safety-operations","metricUse":"Public-company operating discipline and brand-risk control.","boundary":"Current registers do not replace managed 24/7 SOC, counsel review, or insurance decisions."}],"customerProofStages":[{"stage":"Public product proof","buyerCommitment":"Self-guided inspection","scrimedProof":"Product console, demos, pricing, Trust Center, and public market readiness.","revenueSignal":"Qualified buyer enters pilot intake or sales conversation.","nextGate":"Paid assessment scope and no-PHI acknowledgement."},{"stage":"Paid assessment","buyerCommitment":"Fixed-fee workflow intelligence engagement","scrimedProof":"Workflow maps, governance gap register, KPI baseline plan, and pilot recommendation.","revenueSignal":"Assessment revenue plus qualified pilot conversion.","nextGate":"Synthetic pilot success criteria and sponsor approval."},{"stage":"Synthetic pilot","buyerCommitment":"45-90 day governed evaluation","scrimedProof":"Synthetic workflow packets, Trust Cards, QA evidence, observability, and buyer diligence export.","revenueSignal":"Pilot revenue and expansion case.","nextGate":"Protected pilot data boundary, security, legal, privacy, and identity approvals."},{"stage":"Protected enterprise pilot","buyerCommitment":"Tenant-isolated governed pilot","scrimedProof":"AAL2 access, audit events, approval workflow, command intelligence, and proof packets.","revenueSignal":"Protected pilot revenue and enterprise license proposal.","nextGate":"Signed production controls, human-review SOP, connector validation, and go-live approval."},{"stage":"Enterprise operating license","buyerCommitment":"Annual or multi-year platform agreement","scrimedProof":"Measured workflow value, margin discipline, governance reporting, and expansion roadmap.","revenueSignal":"Recurring platform revenue, modules, connectors, regions, and support expansion.","nextGate":"Board-level value review and multi-workflow expansion."}],"boardCadence":[{"cadence":"Weekly operating review","owner":"Founder, product, engineering, sales, and trust operations","reviewedSignals":["build and smoke status","protected route failures","sales intake quality","buyer proof packet readiness","known blockers"],"decisionOutput":"fix list, release gate, buyer follow-up, and next build step"},{"cadence":"Monthly metric review","owner":"Founder, finance advisor, sales, product, and delivery","reviewedSignals":["cost per workflow","pilot conversion","time saved signal","model cost trend","delivery effort by package"],"decisionOutput":"pricing adjustments, margin guardrails, and pilot scope standards"},{"cadence":"Quarterly governance review","owner":"Executive leadership, counsel, security, privacy, clinical advisors, and board advisors","reviewedSignals":["claims register","clinical activation gates","security/privacy blockers","incident trends","enterprise-readiness gaps"],"decisionOutput":"approved claims, prohibited claims, risk acceptances, and production readiness decisions"},{"cadence":"Investor diligence review","owner":"Founder, finance, legal, product, and investor relations","reviewedSignals":["customer proof ladder","unit economics maturity","gross margin assumptions","recurring revenue path","competitive edge"],"decisionOutput":"board memo, investor packet, and external-review queue"}],"limitations":[{"limitation":"No audited financial statements inside SCRIMED yet","impact":"External investors cannot treat current KPI stack as audited financial reporting.","workaround":"Use the KPI definitions, pricing tiers, sales audit evidence, and proof packets as operating-readiness material while finance and accounting review is completed.","graduationGate":"Finance-reviewed chart of accounts, revenue recognition policy, cost allocation, and audit-ready reporting."},{"limitation":"No live clinical outcomes","impact":"SCRIMED cannot claim patient-outcome improvement from production deployment.","workaround":"Report synthetic and protected-pilot operational metrics only, then graduate to customer-approved outcome studies after legal, clinical, privacy, and data rights approval.","graduationGate":"Customer-approved clinical governance protocol, IRB or ethics review when required, and signed data-processing path."},{"limitation":"No PHI-enabled cost telemetry","impact":"Patient-level cost per interaction remains a pilot-equivalent definition.","workaround":"Use synthetic interactions and buyer-approved aggregate workflow baselines until PHI authorization, BAA/DPA, consent, and production controls exist.","graduationGate":"Approved production data boundary, minimum-necessary design, audit controls, and customer authorization."},{"limitation":"No securities offering or valuation guarantee","impact":"Investor narrative must stay as strategic positioning, not investment solicitation.","workaround":"Keep public-market readiness language framed as internal operating discipline and diligence preparation, with counsel-reviewed materials before fundraising use.","graduationGate":"Qualified securities counsel, approved investor materials, and controlled data-room process."},{"limitation":"Secure evidence vault storage remains disabled by default","impact":"Sensitive buyer diligence artifacts cannot be uploaded into SCRIMED yet.","workaround":"Use metadata-only vault readiness and buyer-approved external secure channels until DLP, malware scanning, encryption, retention, legal hold, and access reviews are approved.","graduationGate":"Approved storage provider, security controls, legal terms, incident response, and access-review workflow."}],"nextBuildStep":"Add customer-ready security questionnaire response registry and procurement evidence routing without storing confidential questionnaires, SOC reports, penetration-test reports, credentials, PHI, signed legal artifacts, or sensitive customer documents in SCRIMED.","updated":"2026-06-20"},"updated":"2026-06-25"},"enterpriseScalability":{"service":"scrimed-enterprise-scalability-operations","route":"/enterprise-scalability","apiRoute":"/api/enterprise-scalability","briefRoute":"/api/enterprise-scalability/brief","status":"enterprise-scalability-operations-control-plane-active","briefStatus":"enterprise-scalability-operations-brief-ready-no-production-sla","boundary":"SCRIMED Enterprise Scalability Operations organizes capacity planning, tenant isolation, queueing, observability, SLO readiness, incident/change operations, support load, multi-region and data-residency preparation, disaster recovery planning, usage-cost controls, and enterprise operating cadences for synthetic, business-contact, workflow, and metadata-only evaluation. It is readiness and operating-design material only. It is not a contractual SLA, managed service commitment, 24/7 production SOC or MDR coverage, production hosting approval, data-residency approval, security certification, PHI processing authority, production connector approval, customer-specific tenancy approval, revenue guarantee, profit-margin guarantee, legal advice, accounting advice, tax advice, or live clinical care authorization.","authority":{"scaleAuthority":"readiness-only-not-production-sla","slaAuthority":"not-contractual-sla","managedServiceAuthority":"not-managed-service-commitment","dataBoundary":"synthetic-business-and-metadata-only","phiAuthority":"not-authorized-production-phi","clinicalCareAuthority":"not-authorized-live-care","securityCertification":"not-security-certified","connectorAuthority":"not-production-connector-approved","regionalAuthority":"external-review-required","revenueAuthority":"not-revenue-guarantee","profitAuthority":"not-profit-margin-guarantee"},"domainCount":9,"activeDomainCount":3,"humanReviewDomainCount":5,"externalReviewDomainCount":1,"controlCount":10,"humanReviewControlCount":5,"externalReviewControlCount":2,"workstreamCount":6,"cadenceCount":6,"bottleneckCount":6,"openBottleneckCount":5,"proofRouteCount":26,"hardStopCount":67,"ownerCount":35,"blockedClaimCount":23,"domainStatusCounts":{"active-control-plane":3,"human-review-required":5,"external-review-required":1},"controlStatusCounts":{"active-control-plane":3,"human-review-required":5,"external-review-required":2},"bottleneckStatusCounts":{"human-review-required":4,"external-review-required":1,"active-control-plane":1},"recommendedOperatingPath":["Scale preflight pack","Tenant scale readiness","Queue and runtime hardening","Support and success operating model","Global scale and deployment readiness","Cost and margin control loop"],"nextBuildStep":"Use /enterprise-scalability before SCRIMED expands enterprise traffic, support commitments, buyer workspaces, regional deployments, implementation scope, or reliability language: attach capacity assumptions, tenant owners, queue/backpressure controls, support-tier review, cost thresholds, incident/change path, and explicit no-SLA/no-PHI/no-managed-service boundaries before external commitments expand.","domains":[{"slug":"multi-tenant-runtime-capacity","name":"Multi-tenant runtime capacity","status":"active-control-plane","owner":"Platform engineering + Product Console","scaleQuestion":"Can SCRIMED model load, concurrency, rate limits, cold starts, and batch activity before buyer-specific traffic expands?","operatingControl":"Capacity forecasts, load-test targets, route-level owner assignment, queue thresholds, and fail-closed paths are attached to every enterprise release.","evidence":["Route inventory","API route pattern count","load-test plan","capacity forecast","release preflight"],"proofRoutes":["/navigation","/service-reliability","/release-continuity"],"retainedBoundary":"Capacity readiness is not contractual uptime, production throughput approval, or managed service coverage.","nextAction":"Attach expected pilot volume, concurrency, route class, and failure budget to every enterprise opportunity before scoping implementation."},{"slug":"tenant-isolation-data-boundaries","name":"Tenant isolation and data boundaries","status":"human-review-required","owner":"Security, tenant governance, TrustOS, and customer authority owners","scaleQuestion":"Can each buyer workspace remain isolated, metadata-only, and approval-gated before production PHI, credentials, or connector scope appears?","operatingControl":"Tenant role maps, no-PHI intake rules, protected workspace checks, RLS expectations, evidence-room references, and customer authority owners stay explicit.","evidence":["Tenant lifecycle packet","protected workspace fail-closed checks","no-PHI boundary","authority owner matrix"],"proofRoutes":["/pilot-workspace/access","/clinical-authority-readiness","/boundary-resolution"],"retainedBoundary":"Tenant isolation planning is not customer-specific tenancy approval, PHI processing authority, or security certification.","nextAction":"Require buyer-specific tenant owner, access review cadence, archive trigger, and no-PHI proof packet before protected workspace expansion."},{"slug":"queueing-backpressure-retry","name":"Queueing, backpressure, and retry governance","status":"active-control-plane","owner":"Runtime safety, workflow engineering, and QA","scaleQuestion":"Can SCRIMED keep long-running work, repeated requests, and failure retries from overwhelming operators or producing duplicate evidence?","operatingControl":"Idempotency design, retry ceilings, dead-letter routing, duplicate-proof detection, and manual remediation gates remain part of the release path.","evidence":["Execution attempts register","runtime safety controls","manual QA execution console","QA completion bridge"],"proofRoutes":["/workflows/execution-attempts","/workflows/runtime-safety","/qa-manual-execution-console","/qa-completion-bridge"],"retainedBoundary":"Queue readiness does not authorize autonomous remediation, production workflow execution, or live connector use.","nextAction":"Map each scaled workflow to idempotency key, retry ceiling, quarantine owner, and manual completion bridge before production design."},{"slug":"observability-slo-error-budget","name":"Observability, SLO readiness, and error budgets","status":"human-review-required","owner":"Service reliability, observability, QA, and TrustOps","scaleQuestion":"Can SCRIMED distinguish reliability evidence from contractual SLA language while tracking latency, errors, regressions, and evidence quality?","operatingControl":"SLO candidates, error-budget language, alert routing, regression checks, incident learning, and buyer-safe boundary headers are tracked without SLA guarantees.","evidence":["Service reliability controls","continuous review loops","public smoke","boundary headers"],"proofRoutes":["/service-reliability","/continuous-review-audit","/operational-efficiency"],"retainedBoundary":"SLO readiness is internal operating discipline only; no contractual SLA or production support guarantee is created.","nextAction":"Add each buyer-critical route to latency/error/error-budget review with explicit no-SLA language until contract review approves exact commitments."},{"slug":"incident-problem-change-operations","name":"Incident, problem, and change operations","status":"human-review-required","owner":"TrustOps, release steward, legal ops, security, and customer operations","scaleQuestion":"Can incidents, repeated mistakes, change freezes, escalation ownership, and postmortems stay controlled as enterprise pilots multiply?","operatingControl":"Severity classes, incident owners, change windows, rollback paths, postmortem evidence, and claims updates are linked to review and release routes.","evidence":["Trust Safety Ops incidents","release continuity gates","boundary register","continuous defect-to-control loop"],"proofRoutes":["/trust-safety-operations","/release-continuity","/boundary-resolution","/continuous-review-audit"],"retainedBoundary":"Incident readiness is not 24/7 production staffing, managed SOC or MDR coverage, or production remediation authority.","nextAction":"Classify every enterprise incident or near miss into severity, owner, customer communication rule, postmortem, and boundary-update requirement."},{"slug":"enterprise-support-customer-success","name":"Enterprise support and customer success operations","status":"human-review-required","owner":"Customer operations, revenue operations, product, and support leadership","scaleQuestion":"Can onboarding, demos, pilots, diligence, kickoff, support, renewal, and expansion run through repeatable cadences without unsupported promises?","operatingControl":"Support tiers, response targets, meeting cadences, follow-up SLAs, escalation matrix, and renewal health packets remain human-approved and no-PHI.","evidence":["Client onboarding stages","calendar packets","business ops cadences","sales operations"],"proofRoutes":["/client-onboarding","/enterprise-business-ops","/sales-operations"],"retainedBoundary":"Support design does not create managed-service coverage, contractual response SLAs, customer permission, or procurement approval.","nextAction":"Attach each enterprise account to support tier draft, escalation path, meeting cadence, follow-up owner, and blocked-claim checklist."},{"slug":"multi-region-residency-dr","name":"Multi-region, residency, and disaster recovery readiness","status":"external-review-required","owner":"Platform, security, privacy, regional counsel, and customer authority owners","scaleQuestion":"Can SCRIMED prepare deployment profiles, regional hosting assumptions, backup/restore expectations, and residency questions without claiming approval?","operatingControl":"Deployment profiles, regional counsel review, backup/restore drill plan, residency decision record, and external hosting authority are retained gates.","evidence":["Deployment profiles","global certification readiness","global reach packs","release continuity"],"proofRoutes":["/deployment-profiles","/global-certification-readiness","/global-reach","/release-continuity"],"retainedBoundary":"Multi-region readiness is not local legal approval, data-residency approval, DR guarantee, or sovereign hosting authorization.","nextAction":"Pair each regional enterprise opportunity with a deployment profile, residency question list, DR evidence need, and qualified review owner."},{"slug":"usage-cost-margin-governance","name":"Usage, cost, and margin governance","status":"active-control-plane","owner":"Finance, platform operations, product, and deal desk","scaleQuestion":"Can SCRIMED protect margins as model, storage, review, diligence, support, and implementation costs rise with enterprise usage?","operatingControl":"Usage thresholds, model-cost review, paid diligence packaging, support load review, price-floor gates, and change-order triggers are routed before proposals expand.","evidence":["Enterprise Business Ops","operational efficiency sprints","capital vitality","public market readiness"],"proofRoutes":["/enterprise-business-ops","/operational-efficiency","/capital-vitality","/public-market-readiness"],"retainedBoundary":"Cost governance improves margin discipline only; it is not a profit guarantee, audited financial report, accounting advice, or tax advice.","nextAction":"Add usage ceiling, support assumption, cost owner, margin floor, and change-order trigger to every enterprise package and pilot."},{"slug":"identity-access-lifecycle","name":"Enterprise identity and access lifecycle","status":"human-review-required","owner":"Security, tenant governance, customer authority owners, and platform engineering","scaleQuestion":"Can SCRIMED scale invite, role, access review, offboarding, archive, and break-glass decisions without broadening authority?","operatingControl":"Role maps, AAL2 gates, access review cadence, offboarding packets, archive triggers, and break-glass design remain customer-specific approvals.","evidence":["Identity access readiness","buyer tenant lifecycle","protected workspace access","release continuity"],"proofRoutes":["/workflows/identity-access","/pilot-workspace/access","/release-continuity"],"retainedBoundary":"Identity readiness does not bypass AAL2, approve buyer-specific access, or authorize production clinical workflow execution.","nextAction":"Require each enterprise workspace to list roles, approvers, AAL2 path, access review cadence, offboarding trigger, and archive owner."}],"controls":[{"slug":"capacity-forecast-load-test-plan","control":"Capacity forecast and load-test plan","status":"active-control-plane","owner":"Platform engineering + release steward","purpose":"Translate buyer volume, routes, concurrency, evidence jobs, and protected workspace use into measurable pre-release pressure.","requiredEvidence":["traffic assumption","route class","load-test target","fallback behavior","owner"],"hardStops":["traffic volume unknown","route owner missing","fallback behavior missing","contractual uptime implied"]},{"slug":"rate-limit-backpressure","control":"Rate-limit and backpressure review","status":"human-review-required","owner":"Runtime safety + platform","purpose":"Prevent scaled workflows, demos, API calls, and proof generation from overrunning operators or infrastructure.","requiredEvidence":["rate ceiling","retry ceiling","queue threshold","operator escalation","blocked automation rule"],"hardStops":["unbounded retry","duplicate evidence risk","autonomous remediation implied"]},{"slug":"tenant-isolation-access-review","control":"Tenant isolation and access review","status":"human-review-required","owner":"Security + tenant governance","purpose":"Keep buyer workspaces, access, role boundaries, and metadata-only evidence separated before any customer-specific expansion.","requiredEvidence":["tenant owner","role matrix","access review cadence","archive trigger","no-PHI attestation"],"hardStops":["PHI introduced","production credential shared","customer tenancy approved informally","AAL2 bypass attempted"]},{"slug":"slo-sla-language-guard","control":"SLO and SLA language guard","status":"human-review-required","owner":"Legal ops + service reliability","purpose":"Separate internal SLO candidates from external contractual commitments before sales or procurement materials use reliability language.","requiredEvidence":["metric owner","measurement source","internal-only label","contract-review requirement"],"hardStops":["SLA promised","uptime guaranteed","support response guaranteed","contract language unreviewed"]},{"slug":"incident-severity-escalation","control":"Incident severity and escalation matrix","status":"human-review-required","owner":"TrustOps + customer operations","purpose":"Route defects, security concerns, customer questions, and release regressions to accountable owners with communication boundaries.","requiredEvidence":["severity class","owner","customer communication rule","postmortem requirement","claim update need"],"hardStops":["managed SOC claimed","MDR claimed","customer incident notice sent without review"]},{"slug":"change-freeze-rollback","control":"Change freeze and rollback readiness","status":"active-control-plane","owner":"Release steward + platform","purpose":"Avoid unplanned enterprise regressions by pairing change windows, rollback steps, smoke checks, and evidence capture.","requiredEvidence":["change window","rollback owner","smoke route","boundary header","release evidence"],"hardStops":["release gate skipped","rollback path missing","buyer-critical route untested"]},{"slug":"usage-cost-margin-thresholds","control":"Usage-cost and margin thresholds","status":"active-control-plane","owner":"Finance + product operations","purpose":"Keep model, storage, support, diligence, and implementation costs visible before enterprise usage erodes margins.","requiredEvidence":["usage ceiling","cost owner","margin floor","support load assumption","change-order trigger"],"hardStops":["unpriced custom work","unbounded support","profit margin guaranteed","accounting advice implied"]},{"slug":"regional-hosting-residency-gate","control":"Regional hosting and residency gate","status":"external-review-required","owner":"Regional counsel + security + platform","purpose":"Keep global expansion, residency, backup, and hosting statements behind qualified review and deployment-profile evidence.","requiredEvidence":["deployment profile","regional counsel owner","privacy/security review","residency question list"],"hardStops":["data residency approved","sovereign hosting approved","regional legal approval claimed"]},{"slug":"support-tier-approval","control":"Support tier and response target approval","status":"human-review-required","owner":"Customer operations + legal ops","purpose":"Prepare enterprise support coverage, escalation, renewal cadence, and response targets without creating unreviewed obligations.","requiredEvidence":["support tier","coverage assumption","escalation path","response target label","contract review gate"],"hardStops":["24/7 support guaranteed","response SLA promised","managed service implied"]},{"slug":"data-lifecycle-retention-archive","control":"Data lifecycle, retention, and archive review","status":"external-review-required","owner":"Privacy, security, customer authority owners, and platform","purpose":"Keep retention, deletion, archive, backup, and external evidence references aligned before sensitive or customer-specific artifacts appear.","requiredEvidence":["retention class","archive trigger","external evidence reference","deletion owner","customer review gate"],"hardStops":["PHI retained","confidential artifact stored","signed agreement stored without approval","data retention approved informally"]}],"workstreams":[{"slug":"scale-preflight-pack","name":"Enterprise scale preflight pack","owner":"Release steward + product operations","objective":"Turn every enterprise release into a capacity, route, smoke, rollback, and boundary evidence packet.","sequence":["Classify buyer-critical routes and APIs","Attach capacity forecast and load-test target","Verify public smoke and boundary headers","Record rollback owner and retained no-SLA language"],"proofRoutes":["/enterprise-scalability","/navigation","/release-continuity","/service-reliability"],"retainedBoundary":"Preflight evidence does not approve buyer release or contractual uptime."},{"slug":"tenant-scale-readiness","name":"Tenant scale readiness","owner":"Security + tenant governance","objective":"Prepare repeatable tenant creation, access review, offboarding, archive, and no-PHI evidence handling.","sequence":["Assign tenant owner and approvers","Confirm role matrix and AAL2 path","Set access review and archive cadence","Keep protected proof exports behind authenticated workspace controls"],"proofRoutes":["/enterprise-scalability","/pilot-workspace/access","/workflows/identity-access"],"retainedBoundary":"Tenant readiness does not grant customer-specific tenancy approval or production PHI authority."},{"slug":"queue-runtime-hardening","name":"Queue and runtime hardening","owner":"Runtime safety + QA","objective":"Keep scaled work orders, retries, duplicate submissions, and long-running evidence jobs bounded.","sequence":["Define idempotency keys and retry ceilings","Route failures to quarantine owner","Attach completion bridge evidence","Escalate repeated patterns into reliability controls"],"proofRoutes":["/enterprise-scalability","/workflows/runtime-safety","/qa-completion-bridge"],"retainedBoundary":"Runtime hardening does not authorize autonomous production execution."},{"slug":"support-success-operating-model","name":"Enterprise support and success operating model","owner":"Customer operations + revenue operations","objective":"Convert enterprise support, customer success, renewal, and escalation expectations into reviewed operating cadences.","sequence":["Select draft support tier","Assign escalation path and meeting cadence","Route response targets through contract review","Retain renewal health and support-load evidence"],"proofRoutes":["/enterprise-scalability","/client-onboarding","/enterprise-business-ops"],"retainedBoundary":"Support operating models do not create support SLAs or managed-service coverage."},{"slug":"global-scale-deployment-readiness","name":"Global scale and deployment readiness","owner":"Platform + regional counsel + privacy","objective":"Prepare region, residency, deployment, DR, and procurement questions before global enterprise claims expand.","sequence":["Select deployment profile","List regional privacy/security questions","Record DR and backup evidence needs","Route local claims to qualified review"],"proofRoutes":["/enterprise-scalability","/deployment-profiles","/global-certification-readiness","/global-reach"],"retainedBoundary":"Global scale planning is not local legal approval, public-sector approval, or residency approval."},{"slug":"cost-margin-control-loop","name":"Cost and margin control loop","owner":"Finance + deal desk + product","objective":"Keep model costs, diligence effort, support load, implementation work, and customer-specific asks inside priced controls.","sequence":["Attach usage ceiling and cost owner","Review price floor and support assumptions","Route custom work to change-order or paid diligence","Block ROI, revenue, and profit-margin guarantees"],"proofRoutes":["/enterprise-scalability","/enterprise-business-ops","/operational-efficiency"],"retainedBoundary":"Margin control is not a financial audit, accounting advice, tax advice, revenue guarantee, or profit guarantee."}],"cadences":[{"cadence":"Weekly enterprise scale review","owner":"Product operations + platform","reviewedSignals":["route growth","API growth","support load","open scale controls","buyer-critical risks"],"decisionOutput":"Scale preflight priorities and owner assignments.","hardStops":["route drift unreviewed","support load unowned","SLA language used externally"]},{"cadence":"Biweekly SLO and reliability council","owner":"Service reliability + QA","reviewedSignals":["latency candidates","error classes","public smoke","regression patterns","boundary headers"],"decisionOutput":"Internal SLO candidates, no-SLA language, and smoke updates.","hardStops":["contractual SLA implied","error budget claimed without measurement"]},{"cadence":"Monthly tenant access and archive review","owner":"Security + tenant governance","reviewedSignals":["role changes","AAL2 path","inactive workspaces","archive triggers","no-PHI attestations"],"decisionOutput":"Access review notes, archive decisions, and retained customer-specific gates.","hardStops":["AAL2 bypass","PHI or credentials in workspace"]},{"cadence":"Monthly incident and postmortem review","owner":"TrustOps + release steward","reviewedSignals":["incidents","near misses","repeated defects","customer questions","claim updates"],"decisionOutput":"Problem records, postmortem actions, and boundary register updates.","hardStops":["managed SOC/MDR coverage claimed","customer notice sent without review"]},{"cadence":"Quarterly capacity, region, and DR review","owner":"Platform + privacy + regional counsel","reviewedSignals":["volume assumptions","deployment profiles","residency questions","backup/restore evidence","DR drill plan"],"decisionOutput":"Regional readiness questions and retained external review needs.","hardStops":["data residency approved","DR guaranteed","regional approval claimed"]},{"cadence":"Quarterly cost, support, and margin review","owner":"Finance + deal desk + customer operations","reviewedSignals":["model cost","support load","diligence labor","implementation effort","price-floor adherence"],"decisionOutput":"Updated package assumptions, change-order triggers, and margin controls.","hardStops":["unpriced custom work","profit margin guaranteed","accounting/tax advice implied"]}],"bottlenecks":[{"slug":"enterprise-demand-outruns-proof","name":"Enterprise demand outruns scale proof","status":"human-review-required","impact":"Buyers may ask for high-volume, multi-site, or always-on workflows before SCRIMED has route-specific capacity evidence.","workaround":"Use capped synthetic pilots, volume assumptions, route-class reviews, and scale preflight packs before any production wording.","graduationGate":"Load-test evidence, capacity plan, support tier, rollback plan, and qualified contract review.","owner":"Product operations + platform + legal ops","proofRoutes":["/enterprise-scalability","/service-reliability","/release-continuity"]},{"slug":"slo-language-becomes-sla","name":"Internal SLO language becomes buyer SLA language","status":"human-review-required","impact":"Reliability goals can become accidental contractual commitments in decks, emails, procurement answers, or demos.","workaround":"Keep SLO language internal, label external materials as readiness-only, and route SLA wording to counsel and finance.","graduationGate":"Approved contract terms, support coverage, measurement method, and retained authority.","owner":"Service reliability + legal ops + customer operations","proofRoutes":["/enterprise-scalability","/client-onboarding","/enterprise-business-ops","/boundary-resolution"]},{"slug":"tenant-scale-support-load","name":"Tenant scale increases support load","status":"human-review-required","impact":"More workspaces, reviewers, demos, evidence packets, and renewal cadences can turn product execution into unpaid support labor.","workaround":"Attach support assumptions, paid diligence packaging, escalation paths, and renewal health packets to enterprise accounts.","graduationGate":"Support tier approval, price-floor review, response target review, and customer-specific cadence.","owner":"Customer operations + deal desk + finance","proofRoutes":["/enterprise-scalability","/client-onboarding","/enterprise-business-ops","/offerings"]},{"slug":"regional-scale-claims","name":"Regional scale and residency claims arrive early","status":"external-review-required","impact":"Global buyers and partners may require residency, sovereign hosting, public-sector procurement, or local clinical authority claims before external review exists.","workaround":"Use deployment profiles, regional packs, qualified review owners, and no-approval wording until evidence is retained.","graduationGate":"Regional counsel, privacy/security review, hosting decision, procurement authority, and customer approval.","owner":"Global partnerships + regional counsel + security","proofRoutes":["/enterprise-scalability","/global-reach","/global-certification-readiness","/deployment-profiles"]},{"slug":"automation-retry-duplicates-evidence","name":"Retry and automation duplicate evidence","status":"human-review-required","impact":"Repeated API calls, work orders, or proof packet generation can create conflicting artifacts if idempotency and completion checks are missing.","workaround":"Require idempotency keys, retry ceilings, quarantine owners, and QA completion bridge before scaling background work.","graduationGate":"Execution attempt model, duplicate detection, dead-letter queue, and manual remediation approval.","owner":"Runtime safety + QA + platform","proofRoutes":["/enterprise-scalability","/workflows/execution-attempts","/qa-completion-bridge"]},{"slug":"cost-spikes-erode-margin","name":"Usage cost spikes erode margin","status":"active-control-plane","impact":"Model routing, storage, review labor, support work, and custom diligence can outgrow pilot pricing if not bounded.","workaround":"Use usage ceilings, paid diligence, price floors, model-cost review, and change-order triggers before scope expands.","graduationGate":"Finance-approved pricing, support assumptions, usage measurement, and contract review.","owner":"Finance + product operations + deal desk","proofRoutes":["/enterprise-scalability","/enterprise-business-ops","/capital-vitality","/public-market-readiness"]}],"proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief","/navigation","/service-reliability","/release-continuity","/pilot-workspace/access","/clinical-authority-readiness","/boundary-resolution","/workflows/execution-attempts","/workflows/runtime-safety","/qa-manual-execution-console","/qa-completion-bridge","/continuous-review-audit","/operational-efficiency","/trust-safety-operations","/client-onboarding","/enterprise-business-ops","/sales-operations","/deployment-profiles","/global-certification-readiness","/global-reach","/capital-vitality","/public-market-readiness","/workflows/identity-access","/offerings"],"hardStops":["traffic volume unknown","route owner missing","fallback behavior missing","contractual uptime implied","unbounded retry","duplicate evidence risk","autonomous remediation implied","PHI introduced","production credential shared","customer tenancy approved informally","AAL2 bypass attempted","SLA promised","uptime guaranteed","support response guaranteed","contract language unreviewed","managed SOC claimed","MDR claimed","customer incident notice sent without review","release gate skipped","rollback path missing","buyer-critical route untested","unpriced custom work","unbounded support","profit margin guaranteed","accounting advice implied","data residency approved","sovereign hosting approved","regional legal approval claimed","24/7 support guaranteed","response SLA promised","managed service implied","PHI retained","confidential artifact stored","signed agreement stored without approval","data retention approved informally","route drift unreviewed","support load unowned","SLA language used externally","contractual SLA implied","error budget claimed without measurement","AAL2 bypass","PHI or credentials in workspace","managed SOC/MDR coverage claimed","customer notice sent without review","DR guaranteed","regional approval claimed","accounting/tax advice implied","contractual SLA approved","managed service commitment active","24/7 production support staffed","SOC coverage active","MDR coverage active","production incident response guaranteed","production disaster recovery tested","regional data residency approved","customer tenancy approved","tenant isolation certified","security certification granted","SOC 2 certified","HITRUST certified","ISO 27001 certified","PHI processing authorized","live data processing approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed"],"owners":["Platform engineering + Product Console","Security, tenant governance, TrustOS, and customer authority owners","Runtime safety, workflow engineering, and QA","Service reliability, observability, QA, and TrustOps","TrustOps, release steward, legal ops, security, and customer operations","Customer operations, revenue operations, product, and support leadership","Platform, security, privacy, regional counsel, and customer authority owners","Finance, platform operations, product, and deal desk","Security, tenant governance, customer authority owners, and platform engineering","Platform engineering + release steward","Runtime safety + platform","Security + tenant governance","Legal ops + service reliability","TrustOps + customer operations","Release steward + platform","Finance + product operations","Regional counsel + security + platform","Customer operations + legal ops","Privacy, security, customer authority owners, and platform","Release steward + product operations","Runtime safety + QA","Customer operations + revenue operations","Platform + regional counsel + privacy","Finance + deal desk + product","Product operations + platform","Service reliability + QA","TrustOps + release steward","Platform + privacy + regional counsel","Finance + deal desk + customer operations","Product operations + platform + legal ops","Service reliability + legal ops + customer operations","Customer operations + deal desk + finance","Global partnerships + regional counsel + security","Runtime safety + QA + platform","Finance + product operations + deal desk"],"blockedClaims":["contractual SLA approved","uptime guaranteed","managed service commitment active","24/7 production support staffed","SOC coverage active","MDR coverage active","production incident response guaranteed","production disaster recovery tested","regional data residency approved","sovereign hosting approved","customer tenancy approved","tenant isolation certified","security certification granted","SOC 2 certified","HITRUST certified","ISO 27001 certified","PHI processing authorized","live data processing approved","production connector approved","EHR writeback approved","clinical use authorized","revenue guaranteed","profit margin guaranteed"],"updated":"2026-06-26"},"globalCertification":{"service":"scrimed-global-approval-certification-readiness","status":"global-approval-certification-readiness-control-plane-active","briefStatus":"global-approval-certification-brief-ready-no-certification-claim","route":"/global-certification-readiness","apiRoute":"/api/global-certification-readiness","briefRoute":"/api/global-certification-readiness/brief","boundary":"SCRIMED Global Approval and Certification Readiness organizes domestic and international privacy, security, AI governance, medical-device, clinical-safety, interoperability, and procurement evidence needed before production healthcare operation. It is readiness planning only. It does not grant legal advice, regulatory approval, HIPAA compliance certification, SOC 2/HITRUST/ISO certification, FDA clearance, ONC certification, EU AI Act conformity, GDPR compliance assurance, NHS approval, MHRA approval, Australian cyber certification, PHI processing authority, public-sector procurement approval, reimbursement assurance, production connector approval, or live clinical care authority.","updated":"2026-06-25","sourceCount":10,"trackCount":6,"gateCount":5,"regionalPackCount":5,"roadmapPhaseCount":4,"jurisdictionCount":5,"proofRouteCount":15,"blockedClaimCount":24,"ownerCount":22,"requiredEvidenceCount":30,"foundationActiveCount":0,"evidenceBuildRequiredCount":3,"externalReviewRequiredCount":3,"blockedBeforeApprovalCount":0,"jurisdictions":["United States","Global","European Union","United Kingdom","Australia"],"proofRoutes":["/approvals-readiness","/trust-center","/trust-safety-operations","/pilot-workspace/access","/clinical-authority-readiness","/clinical-care-activation","/qa-claim-guard","/trust-os","/service-reliability","/release-continuity","/qa-evidence","/global-reach","/deployment-profiles","/strategic-intelligence","/interoperability"],"blockedClaims":["HIPAA certified","PHI approved","BAA executed","production ePHI processing","FDA cleared","diagnostic device","autonomous clinical decision","medical device approved","SOC 2 certified","HITRUST certified","ISO certified","security certified","GDPR compliant","EU AI Act conformant","CE marked","EU production approved","NHS approved","DTAC passed","MHRA approved","UK medical device certified","Australian government approved","Essential Eight certified","public-sector approved","health deployment authorized"],"owners":["Privacy","Security","Legal","Operations","Product","Clinical governance","Regulatory counsel","Quality","Engineering","External auditor","EU privacy counsel","AI governance","Deployment","UK clinical safety officer","Global partnerships","Regional counsel","Implementation","Product + clinical governance + regulatory counsel","Privacy + legal + security","Security + engineering + operations","TrustOS + quality + clinical governance","Global partnerships + regional counsel + sales"],"requiredEvidence":["HIPAA security risk analysis","Administrative, physical, and technical safeguard matrix","BAA/DPA template and non-PHI determination workflow","Breach notification and incident response runbook","Vendor, subprocessor, access-review, and audit-log registers","Intended-use memo per module","CDS non-device criteria analysis","SaMD risk classification and pathway memo","Clinical evidence and validation plan","Human factors, transparency, model-change, and post-market monitoring plan","Control inventory and ownership map","Risk register and audit evidence cadence","Change management, incident response, access control, vendor risk, and backup evidence","AI inventory, model evaluation, TrustOS decisions, and AI risk treatment plan","External auditor selection and readiness assessment","EU AI Act high-risk classification memo","Technical documentation and logging plan","Data governance, quality, bias, and representative-dataset controls","Human oversight, robustness, cybersecurity, and accuracy evidence","GDPR DPIA, lawful basis, DPA/SCC, retention, data-subject rights, and transfer mechanism","DTAC clinical safety, data protection, technical security, interoperability, usability, and accessibility evidence","DCB0129/DCB0160 clinical-risk-management routing where applicable","DSPT and pre-acquisition questionnaire alignment","MHRA SaMD/AIaMD intended-purpose and classification memo","Post-market surveillance, change-management, and cybersecurity plan","Essential Eight maturity mapping","Patch, MFA, application control, macro hardening, privilege, backup, and logging evidence","Australian privacy and hosting review","Incident-reporting and buyer security questionnaire packet","Local partner authority and implementation support model"],"sources":[{"name":"HHS HIPAA Security Rule","jurisdiction":"United States","sourceType":"official-government","url":"https://www.hhs.gov/hipaa/for-professionals/security/index.html","reviewedAt":"2026-06-25","requirementSignal":"HHS frames the Security Rule around administrative, physical, and technical safeguards for electronic protected health information, with a January 2025 proposed cybersecurity update noted by HHS.","scrimedImplication":"SCRIMED needs a HIPAA risk analysis, safeguard map, BAA/DPA pathway, breach process, access review, and subprocessor register before PHI or ePHI scope."},{"name":"FDA Clinical Decision Support Software Guidance","jurisdiction":"United States","sourceType":"official-regulator","url":"https://www.fda.gov/regulatory-information/search-fda-guidance-documents/clinical-decision-support-software","reviewedAt":"2026-06-25","requirementSignal":"FDA's January 2026 final CDS guidance clarifies when certain decision-support software functions may be excluded from device definition and when device policies continue to apply.","scrimedImplication":"SCRIMED must maintain intended-use analysis, human-review transparency, non-device CDS criteria review, and SaMD escalation gates before clinical recommendation claims."},{"name":"FDA Artificial Intelligence in Software as a Medical Device","jurisdiction":"United States","sourceType":"official-regulator","url":"https://www.fda.gov/medical-devices/software-medical-device-samd/artificial-intelligence-and-machine-learning-software-medical-device","reviewedAt":"2026-06-25","requirementSignal":"FDA highlights lifecycle management, premarket pathways, modifications, good machine-learning practice, transparency, predetermined change control, and AI-enabled device guidance work.","scrimedImplication":"If SCRIMED deliberately enters regulated SaMD territory, it needs QMS, clinical evidence, risk management, performance monitoring, change control, transparency, and regulatory counsel before launch."},{"name":"NIST AI Risk Management Framework","jurisdiction":"United States","sourceType":"official-government","url":"https://www.nist.gov/itl/ai-risk-management-framework","reviewedAt":"2026-06-25","requirementSignal":"NIST AI RMF is voluntary and intended to improve incorporation of trustworthiness considerations into design, development, use, and evaluation of AI systems.","scrimedImplication":"SCRIMED should map AI inventory, risk taxonomy, measurement routines, model evaluation, incident response, and TrustOS evidence to NIST AI RMF language."},{"name":"EU Artificial Intelligence Act","jurisdiction":"European Union","sourceType":"official-regulator","url":"https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai","reviewedAt":"2026-06-25","requirementSignal":"The EU describes high-risk AI obligations including risk assessment, data quality, activity logging, documentation, deployer information, human oversight, robustness, cybersecurity, and accuracy; current implementation timelines include 2027 and 2028 high-risk transition dates.","scrimedImplication":"SCRIMED needs EU high-risk triage, technical documentation, data governance, logs, human oversight, post-market monitoring, serious-incident routing, and conformity-assessment planning before EU production claims."},{"name":"European Commission GDPR Legal Framework","jurisdiction":"European Union","sourceType":"official-government","url":"https://commission.europa.eu/law/law-topic/data-protection/legal-framework-eu-data-protection_en","reviewedAt":"2026-06-25","requirementSignal":"The Commission identifies the GDPR as the EU data-protection framework, applying since 25 May 2018 and covering personal-data rights, controllers/processors, supervisory authorities, and cross-border mechanisms.","scrimedImplication":"SCRIMED needs GDPR role mapping, lawful-basis review, DPIA, DPA/SCC workflows, data-subject rights process, retention schedule, transfer mechanism, and DPO escalation before EU personal-data scope."},{"name":"ISO/IEC 42001:2023","jurisdiction":"Global","sourceType":"official-standard","url":"https://www.iso.org/standard/42001","reviewedAt":"2026-06-25","requirementSignal":"ISO describes ISO/IEC 42001 as an AI management system standard for establishing, implementing, maintaining, and continually improving responsible AI management.","scrimedImplication":"SCRIMED should build an AI Management System with policy, objectives, risk treatment, traceability, transparency, audit cadence, and continuous improvement before pursuing ISO 42001 certification."},{"name":"NHS Digital Technology Assessment Criteria","jurisdiction":"United Kingdom","sourceType":"health-system-assurance","url":"https://digital.nhs.uk/services/digital-technology-assessment-criteria-dtac","reviewedAt":"2026-06-25","requirementSignal":"NHS DTAC covers clinical safety, data protection, technical security, interoperability, usability, and accessibility; NHS notes it does not replace other required approvals.","scrimedImplication":"SCRIMED needs a UK buyer pack for clinical safety, data protection, security, interoperability, usability, accessibility, DSPT alignment, and medical-device escalation."},{"name":"MHRA Software and AI as a Medical Device Change Programme","jurisdiction":"United Kingdom","sourceType":"official-regulator","url":"https://www.gov.uk/government/publications/software-and-ai-as-a-medical-device-change-programme/software-and-ai-as-a-medical-device-change-programme-roadmap","reviewedAt":"2026-06-25","requirementSignal":"MHRA roadmap work covers SaMD qualification, intended purpose, classification, premarket requirements, clinical evidence, post-market surveillance, change management, cybersecurity, and AIaMD-specific issues.","scrimedImplication":"SCRIMED needs UK intended-purpose classification, clinical evidence plan, post-market surveillance model, change-control process, cybersecurity evidence, and MHRA counsel before UK clinical claims."},{"name":"Australian Cyber Security Centre Essential Eight","jurisdiction":"Australia","sourceType":"official-government","url":"https://www.cyber.gov.au/business-government/asds-cyber-security-frameworks/essential-eight","reviewedAt":"2026-06-25","requirementSignal":"The ACSC describes Essential Eight as eight baseline mitigation strategies that make compromise harder, while noting no set of mitigations guarantees protection from every cyber threat.","scrimedImplication":"SCRIMED should map Australian buyer security diligence to Essential Eight maturity evidence, incident reporting, access hardening, patching, backups, application controls, and logging."}],"tracks":[{"slug":"us-hipaa-baa-phi-readiness","title":"U.S. HIPAA, BAA, and PHI Readiness","jurisdiction":"United States","status":"evidence-build-required","sourceNames":["HHS HIPAA Security Rule"],"operatingGoal":"Prepare SCRIMED for healthcare buyer diligence and future PHI/ePHI scope while keeping current public and pilot flows synthetic-only.","requiredEvidence":["HIPAA security risk analysis","Administrative, physical, and technical safeguard matrix","BAA/DPA template and non-PHI determination workflow","Breach notification and incident response runbook","Vendor, subprocessor, access-review, and audit-log registers"],"implementationWork":["Create a HIPAA evidence-room checklist","Map Supabase/Vercel/subprocessor controls to ePHI boundaries","Add quarterly access review and incident tabletop evidence","Keep PHI hard-stop tests in public and protected smoke"],"proofRoutes":["/approvals-readiness","/trust-center","/trust-safety-operations","/pilot-workspace/access"],"accountableOwners":["Privacy","Security","Legal","Operations"],"externalAuthority":"Qualified healthcare privacy counsel and customer BAA/DPA review","blockedClaims":["HIPAA certified","PHI approved","BAA executed","production ePHI processing"],"nextAction":"Stand up a metadata-only HIPAA evidence room and assign risk-analysis, BAA, breach, access-review, and subprocessor owners."},{"slug":"us-fda-cds-samd-classification","title":"U.S. FDA CDS and SaMD Classification","jurisdiction":"United States","status":"external-review-required","sourceNames":["FDA Clinical Decision Support Software Guidance","FDA Artificial Intelligence in Software as a Medical Device"],"operatingGoal":"Prevent clinical-intelligence features from becoming unauthorized device claims while preserving a route to regulated clinical productization if deliberately chosen.","requiredEvidence":["Intended-use memo per module","CDS non-device criteria analysis","SaMD risk classification and pathway memo","Clinical evidence and validation plan","Human factors, transparency, model-change, and post-market monitoring plan"],"implementationWork":["Tag every module with operations-only, CDS-review, or SaMD-review posture","Route clinical claims through Claim Guard and Clinical Authority Readiness","Create Q-Submission decision inputs for regulated scopes","Keep patient-specific recommendation, diagnosis, and treatment actions blocked"],"proofRoutes":["/clinical-authority-readiness","/clinical-care-activation","/qa-claim-guard","/trust-os"],"accountableOwners":["Product","Clinical governance","Regulatory counsel","Quality"],"externalAuthority":"FDA digital-health regulatory counsel and FDA pathway where required","blockedClaims":["FDA cleared","diagnostic device","autonomous clinical decision","medical device approved"],"nextAction":"Produce a module-by-module intended-use and CDS/SaMD classification memo before adding any patient-specific clinical claim."},{"slug":"security-assurance-certifications","title":"SOC 2, HITRUST, ISO 27001, and ISO 42001 Sequencing","jurisdiction":"Global","status":"evidence-build-required","sourceNames":["NIST AI Risk Management Framework","ISO/IEC 42001:2023"],"operatingGoal":"Move from internal control readiness to independent security, privacy, and AI governance assurance without claiming certification early.","requiredEvidence":["Control inventory and ownership map","Risk register and audit evidence cadence","Change management, incident response, access control, vendor risk, and backup evidence","AI inventory, model evaluation, TrustOS decisions, and AI risk treatment plan","External auditor selection and readiness assessment"],"implementationWork":["Map current TrustOS, QA, release, access, and audit artifacts to SOC 2 control families","Add ISO 42001-style AI management policy and risk treatment cadence","Retain 60 to 90 days of control evidence before SOC 2 Type I timing","Use HITRUST and ISO 27001 only after buyer demand and control maturity justify them"],"proofRoutes":["/trust-center","/service-reliability","/release-continuity","/qa-evidence"],"accountableOwners":["Security","Engineering","Operations","External auditor"],"externalAuthority":"Independent auditor or accredited certification body","blockedClaims":["SOC 2 certified","HITRUST certified","ISO certified","security certified"],"nextAction":"Create a certification sequencing board: SOC 2 readiness first, ISO 42001 AI management in parallel, HITRUST/ISO 27001 after buyer-driven scope."},{"slug":"eu-ai-act-gdpr-ehds-readiness","title":"EU AI Act, GDPR, and European Health Data Readiness","jurisdiction":"European Union","status":"external-review-required","sourceNames":["EU Artificial Intelligence Act","European Commission GDPR Legal Framework"],"operatingGoal":"Prepare SCRIMED for EU deployment conversations with high-risk AI triage, personal-data governance, cross-border transfer controls, and deployer documentation.","requiredEvidence":["EU AI Act high-risk classification memo","Technical documentation and logging plan","Data governance, quality, bias, and representative-dataset controls","Human oversight, robustness, cybersecurity, and accuracy evidence","GDPR DPIA, lawful basis, DPA/SCC, retention, data-subject rights, and transfer mechanism"],"implementationWork":["Create EU deployment profile labels for no-personal-data, personal-data, high-risk-AI-review, and medical-device-review","Add serious-incident and post-market monitoring placeholders","Route EU customer proof through legal/privacy review before external distribution","Keep EU production data movement blocked until DPA/SCC and hosting decisions are approved"],"proofRoutes":["/global-reach","/deployment-profiles","/strategic-intelligence","/trust-center"],"accountableOwners":["EU privacy counsel","AI governance","Security","Deployment"],"externalAuthority":"EU privacy counsel, notified body or market surveillance/conformity route where applicable","blockedClaims":["GDPR compliant","EU AI Act conformant","CE marked","EU production approved"],"nextAction":"Add EU-specific deployment-profile gates for AI Act high-risk triage, GDPR DPIA, SCC/DPA, hosting, and post-market monitoring."},{"slug":"uk-nhs-mhra-dtac-readiness","title":"UK NHS DTAC and MHRA Software/AI Readiness","jurisdiction":"United Kingdom","status":"external-review-required","sourceNames":["NHS Digital Technology Assessment Criteria","MHRA Software and AI as a Medical Device Change Programme"],"operatingGoal":"Prepare SCRIMED for UK NHS and private-provider review with DTAC evidence, clinical-safety controls, MHRA intended-purpose classification, and medical-device escalation gates.","requiredEvidence":["DTAC clinical safety, data protection, technical security, interoperability, usability, and accessibility evidence","DCB0129/DCB0160 clinical-risk-management routing where applicable","DSPT and pre-acquisition questionnaire alignment","MHRA SaMD/AIaMD intended-purpose and classification memo","Post-market surveillance, change-management, and cybersecurity plan"],"implementationWork":["Create a UK buyer diligence pack mapped to DTAC sections","Separate NHS assurance from medical-device approval and ICO registration","Add UK intended-purpose and manufacturer-role review to clinical authority gates","Keep NHS use, MHRA approval, and UKCA/CE language blocked until evidence exists"],"proofRoutes":["/global-reach","/clinical-authority-readiness","/interoperability","/trust-center"],"accountableOwners":["UK clinical safety officer","Security","Privacy","Regulatory counsel"],"externalAuthority":"NHS buyer assurance, ICO, MHRA, Approved Body, or qualified UK counsel where applicable","blockedClaims":["NHS approved","DTAC passed","MHRA approved","UK medical device certified"],"nextAction":"Build a UK DTAC/MHRA evidence checklist and attach it to the global buyer localization pack."},{"slug":"australia-essential-eight-health-deployment","title":"Australia Essential Eight and Health Deployment Readiness","jurisdiction":"Australia","status":"evidence-build-required","sourceNames":["Australian Cyber Security Centre Essential Eight"],"operatingGoal":"Prepare SCRIMED for Australian provider, public-sector, and partner diligence with cyber baseline evidence and local privacy/procurement review gates.","requiredEvidence":["Essential Eight maturity mapping","Patch, MFA, application control, macro hardening, privilege, backup, and logging evidence","Australian privacy and hosting review","Incident-reporting and buyer security questionnaire packet","Local partner authority and implementation support model"],"implementationWork":["Map service reliability and release controls to Essential Eight maturity language","Add Australia deployment profile with hosting, privacy, cyber, and public-sector review gates","Keep Australian government, health, or cyber certification claims blocked until qualified evidence exists"],"proofRoutes":["/global-reach","/service-reliability","/deployment-profiles","/trust-center"],"accountableOwners":["Security","Global partnerships","Regional counsel","Implementation"],"externalAuthority":"Australian buyer security review, privacy counsel, and public-sector procurement process where applicable","blockedClaims":["Australian government approved","Essential Eight certified","public-sector approved","health deployment authorized"],"nextAction":"Add Australia to deployment-profile readiness with Essential Eight evidence labels and privacy/procurement hard stops."}],"gates":[{"gate":"Intended-use and claim classification","purpose":"Decide whether each SCRIMED module is operations intelligence, non-device CDS candidate, SaMD review candidate, or blocked care-delivery scope.","owner":"Product + clinical governance + regulatory counsel","requiredBefore":["clinical claims","patient-specific workflows","FDA/MHRA/EU medical-device planning"],"evidenceArtifacts":["intended-use memo","claims register","module classification table"],"blockedUntilComplete":["diagnosis language","treatment language","autonomous triage","medical-device approval claims"]},{"gate":"Privacy and data-boundary approval","purpose":"Prove whether a workflow remains synthetic/no-PHI/no-personal-data or needs HIPAA, GDPR, DPA, SCC, hosting, consent, and retention controls.","owner":"Privacy + legal + security","requiredBefore":["PHI processing","EU personal-data processing","cross-border transfer","customer data ingestion"],"evidenceArtifacts":["risk analysis","DPIA","BAA/DPA","SCC decision","retention schedule"],"blockedUntilComplete":["production PHI","EU personal-data movement","customer upload","patient outreach"]},{"gate":"Security assurance and audit evidence","purpose":"Move internal controls toward audit-ready evidence for SOC 2, ISO 27001, HITRUST, ISO 42001, and buyer security reviews.","owner":"Security + engineering + operations","requiredBefore":["enterprise license","protected production pilot","security certification claims"],"evidenceArtifacts":["control owner map","audit trail","incident response","access reviews","vendor risk register"],"blockedUntilComplete":["SOC 2 certified","HITRUST certified","ISO certified","security approved"]},{"gate":"Human oversight and post-market monitoring","purpose":"Make AI oversight, model drift, incidents, serious malfunctions, and change control inspectable before regulated or global deployment.","owner":"TrustOS + quality + clinical governance","requiredBefore":["EU high-risk AI use","SaMD production scope","adaptive AI deployment"],"evidenceArtifacts":["human oversight plan","monitoring plan","incident taxonomy","change protocol","rollback plan"],"blockedUntilComplete":["autonomous operation","adaptive model release","high-risk AI conformity","post-market compliance claim"]},{"gate":"Regional procurement and localization authority","purpose":"Confirm local legal, privacy, procurement, hosting, language, accessibility, and partner authority before country-specific sales claims.","owner":"Global partnerships + regional counsel + sales","requiredBefore":["public-sector claims","country launch","sovereign deployment","local customer proof"],"evidenceArtifacts":["regional counsel memo","hosting decision","localized claim review","partner authority record"],"blockedUntilComplete":["government approved","country-wide deployment","sovereign-ready approved","local certification complete"]}],"regionalPacks":[{"region":"United States","priority":"launch","requiredWorkstreams":["HIPAA/BAA","SOC 2 readiness","FDA/CDS/SaMD classification","ONC/EHR connector review"],"buyerDiligencePacket":["security questionnaire","BAA path","intended-use memo","SOC 2 readiness map"],"productionHardStops":["PHI authority","clinical authority","production connector approval","security assurance evidence"],"safeNearTermMotion":"Sell governed synthetic evaluations and no-PHI workflow intelligence while HIPAA, FDA, and SOC 2 evidence matures."},{"region":"European Union","priority":"strategic","requiredWorkstreams":["EU AI Act high-risk triage","GDPR DPIA/DPA/SCC","hosting and transfer review","CE/MDR review if medical-device scope"],"buyerDiligencePacket":["AI Act technical-documentation outline","GDPR data map","human oversight plan","deployment profile"],"productionHardStops":["GDPR role/lawful-basis approval","high-risk AI conformity route","EU hosting decision","medical-device review"],"safeNearTermMotion":"Use no-personal-data strategic evaluations and EU buyer localization packs before EU personal-data or high-risk AI commitments."},{"region":"United Kingdom","priority":"strategic","requiredWorkstreams":["NHS DTAC","DSPT alignment","MHRA SaMD/AIaMD classification","UK GDPR/ICO review"],"buyerDiligencePacket":["DTAC evidence checklist","clinical safety file outline","interoperability proof","UK intended-purpose memo"],"productionHardStops":["NHS assurance","clinical safety signoff","MHRA/medical-device route","ICO/privacy review"],"safeNearTermMotion":"Offer UK synthetic pilot proof with DTAC-style diligence packets while medical-device and NHS assurance remain gated."},{"region":"Australia","priority":"watch","requiredWorkstreams":["Essential Eight maturity","privacy and hosting review","health procurement review","regional partner qualification"],"buyerDiligencePacket":["Essential Eight mapping","incident-response summary","deployment profile","privacy/hosting decision memo"],"productionHardStops":["buyer security acceptance","privacy counsel review","public-sector procurement","production data approval"],"safeNearTermMotion":"Use cyber-aligned partner discovery and synthetic pilots while Essential Eight and local privacy evidence are prepared."},{"region":"Middle East strategic markets","priority":"strategic","requiredWorkstreams":["regional counsel","data residency","public-sector procurement","Arabic/English claims review","sovereign deployment profile"],"buyerDiligencePacket":["sovereign deployment profile","regional privacy review","partner authority register","public-sector procurement questions"],"productionHardStops":["government authority","data residency approval","local hosting decision","qualified partner signoff"],"safeNearTermMotion":"Lead with executive synthetic evidence, deployment profiles, and qualified partner review before national-program or sovereign claims."}],"roadmap":[{"phase":"Phase 1","objective":"Turn approval requirements into SCRIMED-owned evidence packages.","buildNow":"Global certification route, API, brief, evidence tracks, regional packs, and blocked-claim register.","exitCriteria":"Every buyer-facing approval or certification question has an owner, evidence artifact, proof route, and blocked claim."},{"phase":"Phase 2","objective":"Stand up audit-ready security, privacy, and AI governance foundations.","buildNow":"HIPAA risk-analysis packet, SOC 2 readiness map, ISO 42001 AI management policy, AI inventory, access-review cadence, and incident tabletop.","exitCriteria":"60 to 90 days of retained control evidence and a qualified external readiness review."},{"phase":"Phase 3","objective":"Prepare regulated healthcare AI productization only where strategically chosen.","buildNow":"FDA/MHRA/EU intended-use classifications, clinical evidence plan, human factors, post-market monitoring, change-control plan, and QMS decision.","exitCriteria":"Qualified regulatory counsel confirms the correct pathway before clinical, patient-specific, or medical-device claims enter sales."},{"phase":"Phase 4","objective":"Scale global deployments through localized assurance packs.","buildNow":"EU, UK, Australia, Middle East, and U.S. buyer diligence packets tied to deployment profiles and protected workspace gates.","exitCriteria":"Regional counsel, privacy, hosting, procurement, security, and customer signoffs are retained before production use."}],"nextBuildStep":"Create metadata-only evidence rooms for HIPAA/BAA, SOC 2/ISO 42001, FDA/CDS/SaMD classification, EU AI Act/GDPR, UK DTAC/MHRA, and regional deployment packs."},"growthEngine":{"service":"scrimed-commercial-growth-engine","route":"/growth-engine","apiRoute":"/api/growth-engine","briefRoute":"/api/growth-engine/brief","status":"commercial-growth-engine-active","briefStatus":"commercial-growth-engine-brief-ready-no-revenue-guarantee","boundary":"SCRIMED Commercial Growth Engine organizes buyer segments, sellable offers, revenue motions, proof routes, conversion actions, bottlenecks, and retained approval gates for synthetic evaluations, readiness assessments, and protected enterprise pilots. It is growth execution readiness only. It is not a customer revenue guarantee, investment advice, securities offering material, audited financial reporting, valuation assurance, legal advice, tax advice, reimbursement assurance, procurement approval, customer permission, security certification, regulatory approval, PHI processing approval, production connector approval, or live clinical care authorization.","growthPlayCount":6,"executeNowPlayCount":2,"packageNextPlayCount":2,"protectedGatedPlayCount":1,"externalReviewPlayCount":1,"conversionLaneCount":4,"proofLadderStepCount":5,"growthBottleneckCount":4,"operatorRequiredBottleneckCount":1,"protectedGatedBottleneckCount":1,"externalReviewBottleneckCount":1,"proofRouteCount":25,"allProofRoutes":["/pricing","/product","/demos","/pilot","/sales-operations","/capital-vitality","/pilots","/pilot-deal-room","/evaluation","/approvals-readiness","/boundary-resolution","/qa-claim-guard","/trust-center","/buyer-release-control-run","/pilot-workspace/access","/global-reach","/deployment-profiles","/market-activation","/public-market-readiness","/workflows/results","/atlas","/growth-engine","/healthcare-intelligence-os","/qa-evidence","/clinical-authority-readiness"],"sourceCounts":{"pricingTierCount":6,"salesMotionStepCount":5,"valueMetricCount":5,"revenueStreamCount":5,"targetAudienceCount":8,"capitalRevenueCapabilityCount":8,"moatSignalCount":9,"investorMilestoneCount":8,"fundingWorkstreamCount":8,"publicMarketMetricCount":10,"publicMarketCustomerProofStageCount":5,"dealRoomStageCount":6},"authority":{"dataBoundary":"synthetic-only","revenueAuthority":"not-revenue-guarantee","investmentAdvice":"not-investment-advice","securitiesAuthority":"not-securities-offering-material","financialAuthority":"not-audited-financial-report","valuationAuthority":"not-valuation-assurance","approvalAuthority":"external-review-required","phiAuthority":"not-authorized-production-phi","clinicalCareAuthority":"not-authorized-live-care","securityCertification":"not-security-certified"},"nextGrowthMove":"Run founder-led assessment and synthetic-pilot outreach from /growth-engine, attach each conversation to one proof route, keep buyer-specific evidence protected, and route revenue, securities, legal, tax, valuation, reimbursement, PHI, security, connector, and live-care claims through retained external gates.","growthPlays":[{"name":"Founder-led assessment sprint","status":"execute-now","buyerSegment":"Health system operations, access, documentation, transformation, and revenue-cycle leaders","primaryOffer":"Workflow Intelligence Assessment","revenueMotion":"Convert warm executive conversations into paid fixed-scope assessments with one to three workflow targets.","commercialEvidence":"Pricing, market activation, product console, demos, pilot intake, and sales operations already support this motion.","proofRoutes":["/pricing","/product","/demos","/pilot","/sales-operations"],"owner":"Founder + enterprise sales","blockedBoundary":"No PHI, no live clinical execution, no savings guarantee, and no medical advice.","nextAction":"Run a weekly sponsor list, route qualified buyers to Pilot Intake, and package each call around one workflow pain plus one proof route."},{"name":"Synthetic Atlas pilot pipeline","status":"execute-now","buyerSegment":"Enterprise sponsors ready to test governed workflow intelligence before integration","primaryOffer":"Synthetic Pilot Evaluation","revenueMotion":"Move qualified assessment or demo interest into a 45 to 90 day synthetic pilot with success metrics and proof packets.","commercialEvidence":"Capital Vitality, Pilot Programs, Pilot Deal Room, and AgentOS evaluation make the synthetic pilot inspectable.","proofRoutes":["/capital-vitality","/pilots","/pilot-deal-room","/evaluation"],"owner":"Founder + sales engineering","blockedBoundary":"Synthetic-only evidence until buyer-specific approvals, security review, and governance gates are retained.","nextAction":"Use the Deal Room to frame pilot scope, review team, synthetic packet, decision metric, and protected workspace path."},{"name":"AI governance audit wedge","status":"package-next","buyerSegment":"Compliance, legal, privacy, security, clinical governance, and innovation leaders","primaryOffer":"AI Readiness + Governance Audit","revenueMotion":"Sell governance readiness as a paid entry point for teams under pressure to control healthcare AI adoption.","commercialEvidence":"Approvals Readiness, Boundary Resolution, Claim Guard, Trust Center, and Service Reliability show operating discipline.","proofRoutes":["/approvals-readiness","/boundary-resolution","/qa-claim-guard","/trust-center"],"owner":"Founder + trust operations","blockedBoundary":"Readiness audit is not HIPAA certification, SOC 2 certification, HITRUST certification, legal approval, or FDA clearance.","nextAction":"Create counsel-reviewable sales language and keep every certification or regulatory phrase behind external-review gates."},{"name":"Protected buyer diligence upgrade","status":"protected-gated","buyerSegment":"Procurement, security, investor diligence, and executive buying committees","primaryOffer":"Protected Buyer Diligence Room","revenueMotion":"Attach paid diligence packaging to enterprise pilot pursuits once buyer-specific evidence needs are known.","commercialEvidence":"Buyer Release Control Runbook, protected workspace, evidence-room routing, and distribution lockbox readiness exist.","proofRoutes":["/buyer-release-control-run","/pilot-workspace/access","/pilot-deal-room"],"owner":"Buyer diligence + release steward","blockedBoundary":"External sharing stays blocked until release decisions, reviewer signoffs, recipient controls, access logs, and customer permission are retained.","nextAction":"Keep diligence packaging metadata-only until buyer-approved storage, access review, DLP, retention, and legal hold controls exist."},{"name":"Public-sector and global partner program","status":"external-review-required","buyerSegment":"Government health systems, sovereign programs, public-sector buyers, and qualified channel partners","primaryOffer":"Strategic Platform Partnership","revenueMotion":"Use global buyer packs and deployment profiles to scope strategic programs before procurement or regional claims expand.","commercialEvidence":"Global Reach, Deployment Profiles, Market Activation, and Public Market Readiness encode the strategic partnership path.","proofRoutes":["/global-reach","/deployment-profiles","/market-activation","/public-market-readiness"],"owner":"Founder + strategic partnerships + qualified reviewers","blockedBoundary":"No regional legal approval, public-sector procurement approval, data-residency approval, or government endorsement claim.","nextAction":"Pair every regional or public-sector conversation with qualified legal, privacy, security, procurement, and deployment review."},{"name":"Revenue-cycle proof wedge","status":"package-next","buyerSegment":"Payer, provider, and revenue-cycle leaders with denial, authorization, and documentation friction","primaryOffer":"Revenue workflow synthetic pilot","revenueMotion":"Position denial-risk, missing-evidence, and policy-friction workflows as measurable synthetic pilots before buyer data exposure.","commercialEvidence":"Public Market KPI definitions, workflow result packets, pricing value metrics, and Atlas evidence routes support the wedge.","proofRoutes":["/public-market-readiness","/workflows/results","/pricing","/atlas"],"owner":"Founder + product + sales engineering","blockedBoundary":"No final billing action, no payer submission, no reimbursement guarantee, and no audited financial impact claim.","nextAction":"Package a no-PHI demonstration around one denial or prior-authorization support workflow and one buyer-approved value metric."}],"conversionLanes":[{"source":"Founder network and direct executive outreach","buyerTrigger":"Visible operational pain, AI governance pressure, or transformation mandate","entryRoute":"/product","proofRoute":"/pilot-deal-room","conversionEvent":"Pilot Intake submitted with named sponsor and workflow scope","followUp":"Route to Sales Operations and schedule assessment or synthetic-pilot scoping.","disqualifiers":["Requires PHI in first call","Wants autonomous clinical decisions","No executive or operational sponsor"]},{"source":"Product-led proof review","buyerTrigger":"Buyer inspects demos, pricing, Trust Center, and proof routes before contacting SCRIMED","entryRoute":"/demos","proofRoute":"/pricing","conversionEvent":"Buyer asks for pilot pricing, workflow evidence, or governance packet","followUp":"Send assessment/pilot framing with no-PHI boundary and buyer-specific questions.","disqualifiers":["Requests unsupported compliance claims","Needs immediate production connector"]},{"source":"Governance and security review","buyerTrigger":"AI risk, vendor diligence, BAA/DPA planning, claims control, or board scrutiny","entryRoute":"/trust-center","proofRoute":"/approvals-readiness","conversionEvent":"Buyer asks for governance audit, evidence room, or protected pilot controls","followUp":"Offer AI Readiness + Governance Audit and map required external-review domains.","disqualifiers":["Wants certification without external audit","Rejects human-review or no-PHI boundaries"]},{"source":"Investor, board, and advisor diligence","buyerTrigger":"Category, moat, unit economics, customer proof, or growth strategy review","entryRoute":"/capital-vitality","proofRoute":"/growth-engine","conversionEvent":"Reviewer asks for operating cadence, proof ladder, or commercial priorities","followUp":"Share readiness-only brief and route securities, valuation, legal, or tax questions to qualified advisors.","disqualifiers":["Requests investment advice","Requests fundraising materials without counsel review"]}],"revenueProofLadder":[{"stage":"Public proof","commercialQuestion":"Can the buyer understand what SCRIMED is and why it is different?","answer":"Use Product Console, Healthcare Intelligence OS, demos, Trust Center, and Capital Vitality.","metric":"Qualified buyer moves to intake or executive review.","proofRoutes":["/product","/healthcare-intelligence-os","/demos","/trust-center","/capital-vitality"],"status":"ready","retainedGate":"No public customer, clinical, revenue, securities, or certification overclaim."},{"stage":"Paid assessment","commercialQuestion":"Can SCRIMED sell a bounded first engagement without live data exposure?","answer":"Use Workflow Intelligence Assessment with no-PHI scope, buyer baseline questions, and governance review.","metric":"Assessment sponsor, workflow scope, and decision criteria retained.","proofRoutes":["/pricing","/pilot","/sales-operations"],"status":"ready","retainedGate":"No PHI, no medical advice, no guaranteed savings."},{"stage":"Synthetic pilot","commercialQuestion":"Can SCRIMED prove workflow value through governed synthetic evidence?","answer":"Use Synthetic Atlas Pilot, AgentOS evaluation, workflow results, QA proof, and Deal Room packaging.","metric":"Synthetic work packet complete with reviewable outcome, Trust Card, and buyer decision route.","proofRoutes":["/pilots","/evaluation","/workflows/results","/qa-evidence","/pilot-deal-room"],"status":"measurement-required","retainedGate":"Buyer-approved metrics before external value claims."},{"stage":"Protected enterprise pilot","commercialQuestion":"Can the buyer safely move from synthetic proof into controlled protected evaluation?","answer":"Use protected workspace, release-control chain, authority readiness, provider security review, and procurement evidence routing.","metric":"Protected workspace and no-PHI packet controls active with retained AAL2 operator proof.","proofRoutes":["/pilot-workspace/access","/buyer-release-control-run","/clinical-authority-readiness"],"status":"protected-gated","retainedGate":"AAL2, external approvals, buyer permission, legal/privacy/security gates, and no-PHI evidence rules."},{"stage":"Enterprise license","commercialQuestion":"Can SCRIMED expand into annual operating value after protected validation?","answer":"Use deployment profiles, public-market KPI discipline, finance methodology gates, and board scorecards.","metric":"Buyer-approved operating value, security posture, implementation scope, and license owner.","proofRoutes":["/deployment-profiles","/public-market-readiness","/pilot-workspace/access"],"status":"external-review-required","retainedGate":"Customer contracts, security review, legal approval, connector approval, and production authority."}],"growthBottlenecks":[{"name":"Founder-led selling is still the fastest path","status":"operator-required","impact":"SCRIMED has proof depth, but early enterprise conversion still needs direct founder narrative and qualification.","workaround":"Run weekly target-account review, use Pilot Intake for every qualified call, and keep proof routes attached to each follow-up.","graduationGate":"Repeatable source-to-pilot conversion cohorts in Attribution Analytics.","owner":"Founder + sales operations"},{"name":"Buyer proof cannot outrun retained approvals","status":"protected-gated","impact":"The strongest enterprise proof is protected and cannot be shared publicly without release controls.","workaround":"Use metadata-only public summaries and route buyer-specific artifacts through protected release-control and distribution lockbox gates.","graduationGate":"Release decisions, reviewer signoffs, recipient controls, and customer permission retained.","owner":"Release steward + buyer diligence"},{"name":"Revenue impact claims require buyer baselines","status":"contained","impact":"Revenue-cycle value is compelling, but unsupported revenue claims can create legal, reimbursement, or investor risk.","workaround":"Frame revenue impact as buyer-reviewed operational signal until protected buyer methodology and finance review exist.","graduationGate":"Buyer-approved baseline, finance methodology gate, and counsel-reviewed external-use language.","owner":"Founder + finance reviewers"},{"name":"Fundraising and investor materials need counsel review","status":"external-review-required","impact":"Capital readiness can be mistaken for offering material or investment advice.","workaround":"Keep public routes readiness-only and route fundraising decks, valuation, securities language, tax, and legal questions through qualified counsel.","graduationGate":"Approved investor materials, controlled data-room process, and qualified securities counsel review.","owner":"Founder + qualified counsel"}],"capitalVitalitySummary":{"service":"scrimed-capital-vitality","route":"/capital-vitality","apiRoute":"/api/capital-vitality","briefRoute":"/api/capital-vitality/brief","status":"capital-vitality-revenue-funding-readiness-active","briefStatus":"capital-vitality-brief-ready-no-securities-offer","fundingVitalityPosture":"investor-ready-readiness-materials-no-securities-offer","boundary":"SCRIMED Capital Vitality organizes revenue capabilities, competitive moat evidence, investor-readiness milestones, funding workstreams, and retained external-review gates. It strengthens commercial execution and diligence readiness, but it is not investment advice, securities offering material, audited financial reporting, valuation assurance, legal advice, tax advice, reimbursement assurance, customer revenue guarantee, security certification, regulatory approval, PHI processing approval, production connector approval, or live clinical care authorization.","authority":{"dataBoundary":"synthetic-only","financialAuthority":"not-audited-financial-report","securitiesAuthority":"not-securities-offering-material","investmentAdvice":"not-investment-advice","valuationAuthority":"not-valuation-assurance","reimbursementAuthority":"no-reimbursement-guarantee","approvalAuthority":"external-review-required","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","securityCertification":"not-security-certified"},"sourceAlignment":{"pageRouteCount":164,"apiRoutePatternCount":439,"smokeCoveredHtmlRouteCount":76,"commercialPricingStatus":"pricing-and-sales-motion-ready","marketActivationStatus":"revenue-message-comms-foundation-ready","publicMarketReadinessStatus":"capital-efficiency-kpi-stack-ready","salesDealRoomStatus":"public-organization-and-protected-packet-ready","serviceReliabilityStatus":"service-reliability-hardening-active"},"revenueCapabilityCount":8,"activeRevenueCapabilityCount":2,"packagedRevenueCapabilityCount":3,"protectedGatedRevenueCapabilityCount":2,"externalReviewRevenueCapabilityCount":1,"moatSignalCount":9,"highMoatSignalCount":4,"investorMilestoneCount":8,"readyInvestorMilestoneCount":4,"externalReviewMilestoneCount":2,"operatorRequiredMilestoneCount":1,"fundingWorkstreamCount":8,"activeFundingWorkstreamCount":3,"externalReviewWorkstreamCount":3,"retainedExternalReviewCount":5,"proofRouteCount":51,"revenueCapabilities":[{"name":"Synthetic Atlas Pilot","buyer":"Health systems, payers, public-sector health teams, and enterprise innovation sponsors","status":"packaged","revenueMotion":"30 to 90 day governed synthetic pilot with executive findings and production-readiness gates.","priceLogic":"Packaged as a premium fixed-fee pilot before any protected enterprise or production-license commitment.","proofRoutes":["/product","/pilot-deal-room","/pilots","/pricing"],"limitation":"Pilot evidence remains synthetic or protected-evaluation only until buyer-specific live controls are approved.","nextAction":"Use the Deal Room and Pilot Intake to qualify sponsor, workflow scope, review team, and success metrics."},{"name":"Workflow Intelligence Assessment","buyer":"Clinical operations, access, revenue cycle, documentation, and transformation leaders","status":"active","revenueMotion":"Short paid assessment that maps workflow friction, AI readiness, governance gaps, and pilot candidates.","priceLogic":"Fixed-scope assessment with clear upgrade path into Synthetic Atlas Pilot.","proofRoutes":["/pricing","/product","/pilot","/sales-operations"],"limitation":"Findings are operational intelligence for human leaders, not medical, legal, reimbursement, or accounting advice.","nextAction":"Keep assessment outputs tied to proof routes, governance gates, and buyer-approved baselines."},{"name":"AI Readiness + Governance Audit","buyer":"Compliance, security, legal, clinical governance, innovation, and executive sponsors","status":"packaged","revenueMotion":"Readiness engagement for claims control, privacy posture, auditability, role controls, runtime safety, and approval gates.","priceLogic":"Assessment fee that can expand into protected pilot controls and enterprise diligence work.","proofRoutes":["/approvals-readiness","/boundary-resolution","/clinical-authority-readiness","/trust-center"],"limitation":"Readiness audit does not certify HIPAA, SOC 2, HITRUST, FDA, ONC, security posture, or legal compliance.","nextAction":"Route any certification, regulatory, or legal claim through qualified external reviewers."},{"name":"Clinical Operations Automation Blueprint","buyer":"Hospitals, clinics, payers, and public-sector health programs planning phased automation","status":"packaged","revenueMotion":"Blueprint package for agent responsibilities, connector plan, review queues, safety controls, and staged deployment path.","priceLogic":"Strategy and implementation-planning package that precedes protected pilot or enterprise license.","proofRoutes":["/agents","/workflows","/healthcare-intelligence-os","/interoperability"],"limitation":"Blueprint remains review-only and does not authorize live clinical workflow execution or production connectors.","nextAction":"Translate each automation candidate into blocked actions, human checkpoints, and audit evidence."},{"name":"Protected Buyer Diligence Rooms","buyer":"Enterprise buyers, procurement, security reviewers, investor diligence teams, and executive sponsors","status":"protected-gated","revenueMotion":"Paid buyer-specific diligence packaging with proof packets, release controls, and metadata-only evidence routing.","priceLogic":"Bundled into enterprise pilot/procurement motion; future premium service when release authority is retained.","proofRoutes":["/pilot-workspace/access","/buyer-release-control-run","/pilot-deal-room"],"limitation":"External sharing remains blocked until release decisions, reviewer signoffs, recipient controls, and access-log reconciliation are retained.","nextAction":"Complete the protected release-control chain before any buyer-specific external distribution."},{"name":"TrustOps Incident And Claims Control","buyer":"Enterprise risk, legal, security, marketing, buyer diligence, and operator teams","status":"active","revenueMotion":"Trust, safety, claims, and incident-readiness support for enterprise AI operations and buyer confidence.","priceLogic":"Packaged as governance support attached to pilots and enterprise readiness work.","proofRoutes":["/trust-safety-operations","/qa-claim-guard","/claims","/trust-center"],"limitation":"Operating model does not create managed 24/7 coverage, legal approval, public-claim approval, or certification by itself.","nextAction":"Keep buyer, investor, PR, advertising, and operator claims routed through Claim Guard before publication."},{"name":"Deployment Profile Advisory","buyer":"Security-sensitive hospitals, governments, sovereign programs, and infrastructure partners","status":"external-review-required","revenueMotion":"Advisory package for managed cloud, private cloud, hospital-controlled, sovereign, and edge deployment readiness.","priceLogic":"Premium planning motion that can expand into strategic platform partnership after legal/security review.","proofRoutes":["/deployment-profiles","/global-reach","/market-activation","/interoperability"],"limitation":"Deployment profiles do not grant regional approval, data-residency approval, security certification, or procurement acceptance.","nextAction":"Attach qualified regional legal, privacy, security, and procurement review before external claims expand."},{"name":"Interoperability Conformance Readiness","buyer":"IT, interoperability, EHR, payer, research, and device-integration reviewers","status":"protected-gated","revenueMotion":"Conformance-readiness engagement around standards mapping, fixtures, synthetic tests, and live connector prerequisites.","priceLogic":"Technical diligence package that supports pilots and future implementation scope.","proofRoutes":["/interoperability","/interoperability/evaluations","/integrations","/synthetic/validation"],"limitation":"Synthetic conformance evidence is not live connector certification, trading-partner acceptance, or production data exchange authority.","nextAction":"Keep live connector claims blocked until buyer, legal, security, privacy, and partner approvals exist."}],"competitiveMoatSignals":[{"name":"Healthcare Intelligence OS category position","strength":"high","evidence":"SCRIMED combines AgentOS, Atlas Intelligence Core, TrustOS, workflows, interoperability, and buyer diligence into one healthcare operations layer.","proofRoutes":["/healthcare-intelligence-os","/product","/agents","/atlas"],"defendability":"The moat is domain workflow orchestration plus trust evidence, not general model access.","retainedBoundary":"Architecture proof is not production authorization or clinical validation."},{"name":"TrustOS and Claim Guard discipline","strength":"high","evidence":"Policy evaluation, claim control, blocked authority language, and no-authority headers are embedded across high-risk routes.","proofRoutes":["/trust-os","/qa-claim-guard","/claims","/api/product/console"],"defendability":"Healthcare buyers need governed explainability, boundaries, and audit posture before automation scale.","retainedBoundary":"Trust controls are readiness evidence, not legal advice or compliance certification."},{"name":"Atlas evidence and Trust Cards","strength":"high","evidence":"Evidence routes, Trust Cards, source intelligence, and workflow result packets create inspectable support for buyer review.","proofRoutes":["/atlas","/trust","/source-intelligence","/workflows/results"],"defendability":"Evidence-backed workflow outputs are harder to copy than a model wrapper.","retainedBoundary":"Evidence organization does not guarantee clinical outcome, reimbursement, or customer revenue."},{"name":"Protected buyer release-control chain","strength":"high","evidence":"Buyer release decisions, reviewer signoffs, disabled distribution lockbox controls, recipient controls, and access-log reconciliation are staged before external sharing.","proofRoutes":["/buyer-release-control-run","/pilot-workspace/access","/qa-buyer-proof-release"],"defendability":"Enterprise diligence friction becomes a managed product capability.","retainedBoundary":"Release-control readiness is not release approval or customer permission."},{"name":"Service Reliability fault/control map","strength":"medium","evidence":"Product/service controls, fault classes, efficiency improvements, open gates, and owners are inspectable before claims expand.","proofRoutes":["/service-reliability","/navigation","/release-continuity"],"defendability":"Operational maturity compounds as every new surface inherits route, smoke, and boundary checks.","retainedBoundary":"Reliability hardening is not security certification or approval authority."},{"name":"Public route and smoke discipline","strength":"medium","evidence":"Navigation Audit ties page inventory, API pattern count, route groups, smoke coverage, and protected fail-closed behavior together.","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"defendability":"Route-count controls reduce drift as the product surface grows.","retainedBoundary":"Route control does not prove protected happy-path execution."},{"name":"Public Market KPI and protected board metric ladder","strength":"medium","evidence":"KPI definitions, unit-economics packages, protected operator metrics, board scorecards, and finance methodology gates are mapped.","proofRoutes":["/public-market-readiness","/api/public-market-readiness","/pilot-workspace/access"],"defendability":"Operating metrics connect product usage, workflow value, and governance proof for diligence.","retainedBoundary":"KPI readiness is not audited financial reporting, valuation assurance, or securities material."},{"name":"Interoperability-first synthetic validation","strength":"medium","evidence":"Standards registry, fixture validation, conformance evaluations, and synthetic workflow validation are visible before live integration.","proofRoutes":["/interoperability","/interoperability/evaluations","/integrations/fixture-validation"],"defendability":"Healthcare integration readiness is encoded as a repeatable evidence system.","retainedBoundary":"Synthetic validation does not approve live connectors or PHI ingestion."},{"name":"Commercial packaging and sales operations linkage","strength":"watch","evidence":"Pricing tiers, pilot programs, Deal Room, Sales Operations, attribution, and buyer workspaces are connected.","proofRoutes":["/pricing","/pilot-deal-room","/sales-operations","/attribution-analytics"],"defendability":"Revenue operations become inspectable and tied to proof instead of ad hoc founder selling.","retainedBoundary":"Sales packaging does not guarantee conversion, revenue, customer permission, or procurement approval."}],"investorReadinessMilestones":[{"name":"Category narrative packaged","status":"ready","investorQuestion":"What is SCRIMED building that is bigger than a feature?","evidence":"Healthcare Intelligence OS, public product console, and public-market thesis are live.","proofRoutes":["/healthcare-intelligence-os","/product","/public-market-readiness"],"fundingImpact":"Improves narrative clarity and makes the company easier to diligence.","retainedBoundary":"Narrative is operating posture, not an investment recommendation."},{"name":"Revenue streams mapped","status":"ready","investorQuestion":"How can SCRIMED make money before production clinical authority?","evidence":"Assessments, synthetic pilots, governance audits, blueprints, diligence rooms, and advisory work are packaged.","proofRoutes":["/capital-vitality","/pricing","/market-activation"],"fundingImpact":"Shows near-term non-PHI, synthetic, and review-only revenue paths.","retainedBoundary":"Revenue capability is not a sales forecast, audited result, or customer commitment."},{"name":"Proof stack deployed","status":"ready","investorQuestion":"Is the product real, inspectable, and deployed?","evidence":"Homepage, Hub, Product Console, Deal Room, APIs, briefs, smoke coverage, and production deployment exist.","proofRoutes":["/","/hub","/product","/pilot-deal-room"],"fundingImpact":"Reduces demo risk and gives reviewers direct inspection paths.","retainedBoundary":"Public proof stack does not prove protected customer production execution."},{"name":"Unit economics framework","status":"in-progress","investorQuestion":"Can SCRIMED measure cost, margin, and value by offer?","evidence":"Public Market Readiness defines cost-per-workflow, gross margin by offer, protected operator metrics, and finance methodology gates.","proofRoutes":["/public-market-readiness","/pilot-workspace/access"],"fundingImpact":"Creates the operating skeleton for future board and investor reporting.","retainedBoundary":"Framework is not audited financial reporting, accounting advice, tax advice, or valuation assurance."},{"name":"Claims and approvals controls","status":"ready","investorQuestion":"Can SCRIMED grow without overclaiming regulated authority?","evidence":"Approvals Readiness, Boundary Resolution, Clinical Authority Readiness, and Claim Guard are active.","proofRoutes":["/approvals-readiness","/boundary-resolution","/clinical-authority-readiness","/qa-claim-guard"],"fundingImpact":"Improves credibility with regulated buyers and risk-aware investors.","retainedBoundary":"Controls do not replace counsel, security assessors, regulators, or buyer approvers."},{"name":"Protected AAL2 proof retained","status":"operator-required","investorQuestion":"Can SCRIMED prove authenticated protected workflows without leaking secrets?","evidence":"Protected Manual QA Evidence and Buyer Proof Release exist, with browser AAL2 session requirements.","proofRoutes":["/qa-aal2-run-evidence","/qa-manual-execution-console","/pilot-workspace/access"],"fundingImpact":"Creates a path from public demo proof into protected diligence proof.","retainedBoundary":"Protected happy-path proof requires approved human AAL2 operation and no token retention."},{"name":"Funding data room sequence","status":"external-review-required","investorQuestion":"Which documents can be shared externally and under what authority?","evidence":"Buyer release-control chain can be repurposed as a funding-review release-control checklist.","proofRoutes":["/buyer-release-control-run","/pilot-workspace/access","/qa-buyer-proof-release"],"fundingImpact":"Clarifies how investor materials move through review without uncontrolled distribution.","retainedBoundary":"Funding materials require counsel and do not become securities offering material by default."},{"name":"Security and compliance evidence path","status":"external-review-required","investorQuestion":"What must happen before enterprise production trust claims?","evidence":"Provider security review readiness, procurement evidence routing, and Approvals Readiness tracks are mapped.","proofRoutes":["/approvals-readiness","/pilot-workspace/access","/trust-center"],"fundingImpact":"Shows a credible path toward enterprise-grade assurance without premature claims.","retainedBoundary":"Security posture is not SOC 2, HITRUST, HIPAA, pentest, or BAA execution."}],"fundingVitalityWorkstreams":[{"name":"Investor narrative brief","owner":"Founder + Product Console","status":"packaged","capability":"Use Capital Vitality brief as the top-level investor and board diligence summary.","proof":"/api/capital-vitality/brief","limitation":"Brief is not securities offering material or investment advice.","nextAction":"Review with counsel before using in fundraising or investor solicitation."},{"name":"Pilot conversion proof","owner":"Sales operations + Buyer Diligence","status":"active","capability":"Tie Deal Room, pricing, pilot intake, sales operations, and attribution analytics into one conversion path.","proof":"/pilot-deal-room, /pricing, /sales-operations, /attribution-analytics","limitation":"Conversion proof is operating evidence, not customer revenue guarantee.","nextAction":"Keep every opportunity source, buyer segment, offer, and next action tagged."},{"name":"Unit economics and board metrics","owner":"Finance + protected operator metrics owner","status":"operator-required","capability":"Collect no-PHI operator metrics, board scorecards, rollups, and methodology gates in protected workspaces.","proof":"/public-market-readiness and /pilot-workspace/access","limitation":"Protected metrics are not audited financial statements.","nextAction":"Use AAL2 protected capture for real operating metrics and preserve methodology notes."},{"name":"Security and compliance review packet","owner":"Security + legal + qualified external reviewers","status":"external-review-required","capability":"Package provider security reviews, procurement evidence routing, and approval tracks.","proof":"/approvals-readiness and /pilot-workspace/access","limitation":"Readiness packet is not security certification or legal approval.","nextAction":"Retain qualified reviewers before enterprise assurance language expands."},{"name":"Customer reference and public proof permission","owner":"Buyer Diligence + Release Steward + counsel","status":"external-review-required","capability":"Use release-control chain before any customer-specific evidence, logo, case study, or testimonial is shared.","proof":"/buyer-release-control-run","limitation":"No public customer proof is allowed without explicit approval and retained release evidence.","nextAction":"Keep distribution lockbox disabled until reviewer signoffs and recipient/access controls exist."},{"name":"Offer packaging and pricing discipline","owner":"Enterprise sales + product","status":"active","capability":"Keep assessments, pilots, governance audits, blueprints, protected pilots, and strategic partnerships packaged.","proof":"/pricing","limitation":"Pricing is non-binding and does not imply production authority or procurement acceptance.","nextAction":"Use fixed scopes and clear upgrade paths to protect margin and reduce buyer ambiguity."},{"name":"Competitive edge proof refresh","owner":"Founder + market activation + source intelligence","status":"active","capability":"Maintain moat signals as proof-backed operating claims rather than broad market assertions.","proof":"/competitive-edge, /source-intelligence, /market-activation","limitation":"Competitive positioning cannot imply third-party endorsement, partnership, certification, or guaranteed outcomes.","nextAction":"Refresh proof routes when product capabilities or external review posture changes."},{"name":"Legal and securities review","owner":"Founder + qualified counsel","status":"external-review-required","capability":"Separate operating readiness from fundraising solicitation, securities material, valuation, and investor advice.","proof":"/capital-vitality and /public-market-readiness","limitation":"SCRIMED cannot self-authorize investment materials or securities offering language.","nextAction":"Run any investor solicitation, SAFE/equity note, valuation, or offering deck through counsel."}],"proofRoutes":["/product","/pilot-deal-room","/pilots","/pricing","/pilot","/sales-operations","/approvals-readiness","/boundary-resolution","/clinical-authority-readiness","/trust-center","/agents","/workflows","/healthcare-intelligence-os","/interoperability","/pilot-workspace/access","/buyer-release-control-run","/trust-safety-operations","/qa-claim-guard","/claims","/deployment-profiles","/global-reach","/market-activation","/interoperability/evaluations","/integrations","/synthetic/validation","/atlas","/trust-os","/api/product/console","/trust","/source-intelligence","/workflows/results","/qa-buyer-proof-release","/service-reliability","/navigation","/release-continuity","/api/navigation-audit","/api/navigation-audit/brief","/public-market-readiness","/api/public-market-readiness","/integrations/fixture-validation","/attribution-analytics","/capital-vitality","/","/hub","/qa-aal2-run-evidence","/qa-manual-execution-console","/api/capital-vitality/brief","/public-market-readiness and /pilot-workspace/access","/approvals-readiness and /pilot-workspace/access","/competitive-edge","/capital-vitality and /public-market-readiness"],"nextCapitalMove":"Use Capital Vitality as the executive growth lane: sell packaged synthetic and governance offers now, keep protected buyer/funding proof gated through AAL2 and release controls, refresh moat evidence before claims expand, and route any fundraising, valuation, securities, legal, reimbursement, security, PHI, or live-care claim through qualified external review.","updated":"2026-06-24"},"marketActivationSummary":{"service":"scrimed-market-activation","status":"revenue-message-comms-foundation-ready","route":"/market-activation","apiRoute":"/api/market-activation","boundary":"SCRIMED market activation governs revenue, messaging, public relations, communications, advertising, and target-audience strategy for synthetic evaluations, readiness assessments, and protected pilots. It does not authorize medical claims, compliance certification claims, live clinical execution, payer submission, or patient outreach.","revenueStreamCount":5,"targetAudienceCount":8,"communicationsChannelCount":5,"advertisingCampaignCount":3,"faithCoreProgramCount":2,"revenueStreams":[{"name":"Workflow Intelligence Assessment","status":"ready-for-controlled-use","buyer":"Hospitals, clinics, payers, and healthcare transformation leaders with visible operational friction.","offer":"Fixed-fee workflow mapping, AI readiness, governance review, and executive decision packet.","priceSignal":"$50k floor; typical $75k-$150k.","conversionPath":"Official website -> Product Console -> Pilot Intake -> Sales Operations -> assessment invitation.","proofRoute":"/pricing","owner":"Enterprise sales","guardrails":["Do not request PHI.","Do not promise savings.","Frame findings as operational intelligence for human leaders."]},{"name":"Synthetic Pilot Evaluation","status":"ready-for-controlled-use","buyer":"Enterprise teams ready to test SCRIMED against synthetic workflows before integration.","offer":"45-90 day governed synthetic pilot with AgentOS, Atlas Trust Cards, proof packets, and observability.","priceSignal":"$150k floor; typical $200k-$500k.","conversionPath":"Demo Center -> Pilot Program -> no-PHI intake -> governance pack -> protected workspace planning.","proofRoute":"/pilots","owner":"Sales engineering and delivery","guardrails":["Synthetic data only.","No diagnosis, treatment, payer submission, or patient outreach.","Pilot metrics are directional business evidence."]},{"name":"Protected Enterprise Pilot","status":"approval-required","buyer":"Large health systems, payers, employers, and public-sector programs preparing controlled deployment.","offer":"Tenant-authenticated workspace, durable audit, activation governance, role-based review, and deployment profile planning.","priceSignal":"$750k floor; typical $1M-$2.5M.","conversionPath":"Synthetic pilot proof -> security/legal/privacy review -> protected workspace -> enterprise license proposal.","proofRoute":"/pilot-workspace","owner":"Enterprise sales, security, privacy, and implementation","guardrails":["Requires legal, privacy, security, and governance review.","Live PHI requires written approval and appropriate agreements.","Human review remains required."]},{"name":"Annual Healthcare Intelligence OS License","status":"approval-required","buyer":"Multi-site organizations expanding from one workflow to operating-layer adoption.","offer":"Annual platform access for AgentOS, Atlas, TrustOS, workflow modules, governance, observability, and support.","priceSignal":"$2.5M floor; enterprise range $3M-$12M+.","conversionPath":"Protected pilot -> value review -> deployment profile -> annual license -> expansion roadmap.","proofRoute":"/product","owner":"Executive enterprise sales","guardrails":["Separate platform license from implementation services.","Scope workflows, connectors, and support explicitly.","Do not imply unrestricted production permissions."]},{"name":"Strategic Platform Partnership","status":"external-review-required","buyer":"Governments, national programs, major payers, and strategic healthcare networks.","offer":"Multi-year healthcare intelligence infrastructure partnership with regional governance and deployment planning.","priceSignal":"$10M+ multi-year; national or ecosystem programs $25M+.","conversionPath":"Executive briefing -> sovereign/public-sector profile -> legal/procurement review -> strategic program.","proofRoute":"/deployment-profiles","owner":"Founder and strategic partnerships","guardrails":["No government approval claim.","Jurisdiction-specific legal and data-residency review required.","Public-sector claims must be reviewed before publication."]}],"targetAudiences":[{"segment":"Health system operations executives","priority":"primary","buyerTrigger":"Referral leakage, access delays, documentation burden, capacity strain, and fragmented work queues.","pain":"Operational teams lack decision-grade visibility across workflows before bottlenecks become expensive.","primaryOffer":"Workflow Intelligence Assessment","message":"SCRIMED transforms fragmented operational workflows into governed, human-reviewed intelligence that leaders can act on.","proofRoutes":["/product","/demos","/pilot-evidence"],"disqualifiers":["Buyer wants autonomous clinical decisions","Buyer requires live PHI in public intake"]},{"segment":"Payer and revenue cycle leaders","priority":"primary","buyerTrigger":"Denials, prior authorization friction, documentation gaps, and revenue leakage.","pain":"Administrative teams lose time and revenue when policy evidence and workflow risk are hard to see.","primaryOffer":"Synthetic Pilot Evaluation","message":"SCRIMED helps revenue and payer teams surface denial-risk, missing evidence, and policy friction through governed synthetic workflows.","proofRoutes":["/agents/revenue-cycle-agent","/workflows/results","/pricing"],"disqualifiers":["Buyer expects reimbursement guarantees","Buyer wants payer submission automation before approval"]},{"segment":"Security, privacy, legal, and governance buyers","priority":"primary","buyerTrigger":"AI adoption pressure, shadow AI risk, vendor diligence, BAA/DPA planning, and audit requirements.","pain":"Healthcare organizations need AI controls they can inspect before data exposure.","primaryOffer":"AI Readiness + Governance Audit","message":"SCRIMED gives healthcare AI buyers an inspectable trust layer with claims controls, audit trails, role boundaries, and activation governance.","proofRoutes":["/trust-center","/claims","/governance-packs"],"disqualifiers":["Buyer asks for compliance certification without audit","Buyer refuses human-review boundaries"]},{"segment":"Government and public-sector healthcare leaders","priority":"strategic","buyerTrigger":"National access, population health, sovereign data, workforce constraints, and digital transformation mandates.","pain":"Public systems need healthcare intelligence infrastructure that can be regionally governed and trusted.","primaryOffer":"Strategic Platform Partnership","message":"SCRIMED is building a healthcare intelligence infrastructure layer that can be evaluated with synthetic evidence before sovereign deployment decisions.","proofRoutes":["/deployment-profiles","/strategic-intelligence","/governance-packs"],"disqualifiers":["Buyer needs immediate public health reporting","Buyer requires jurisdictional approval before scoping"]},{"segment":"Life sciences and research operations leaders","priority":"strategic","buyerTrigger":"Trial matching delays, eligibility evidence gaps, oncology workflow friction, and research operations burden.","pain":"Research teams need explainable, reviewable operations intelligence without patient enrollment automation or treatment claims.","primaryOffer":"TrialCore Research Operations Synthetic Pilot","message":"SCRIMED can structure research operations evidence, eligibility gaps, and reviewer queues while keeping patient outreach, enrollment, and treatment recommendations gated.","proofRoutes":["/modules/trialcore","/demos/trialcore-research-operations","/global-reach"],"disqualifiers":["Buyer wants patient enrollment guarantees","Buyer bypasses research governance"]},{"segment":"Employers and benefits leaders","priority":"secondary","buyerTrigger":"Rising healthcare costs, access friction, care navigation gaps, and workforce health program complexity.","pain":"Employers need privacy-safe operational intelligence without becoming a medical decision-maker or exposing member data prematurely.","primaryOffer":"Workflow Intelligence Assessment","message":"SCRIMED helps employers evaluate access, navigation, and care-gap workflows through no-member-data assessment before any protected pilot.","proofRoutes":["/global-reach","/pilot-evidence","/trust-center"],"disqualifiers":["Buyer wants employee diagnosis","Buyer requires member data before agreements"]},{"segment":"Global channel partners and implementers","priority":"strategic","buyerTrigger":"Regional partners need differentiated healthcare AI infrastructure with trust, proof, and deployment readiness.","pain":"Partners need a credible operating layer and safe claims path before co-selling regulated healthcare AI.","primaryOffer":"Strategic Platform Partnership","message":"SCRIMED equips qualified partners with global buyer packs, deployment profiles, protected proof paths, and claims-safe regional positioning.","proofRoutes":["/global-reach","/deployment-profiles","/pilot-deal-room"],"disqualifiers":["Partner claims authorization without agreement","Partner lacks healthcare-grade security posture"]},{"segment":"Faith-aligned care, community, and patient-experience leaders","priority":"secondary","buyerTrigger":"Desire for dignity, trust, encouragement, spiritual support, and culturally sensitive patient experience.","pain":"Faith-aligned support is often disconnected from clinical safety, consent, and professional boundaries.","primaryOffer":"FaithCore Trust And Encouragement Layer","message":"FaithCore provides opt-in spiritual encouragement and dignity-centered trust support while keeping clinical judgment and emergency care with qualified professionals.","proofRoutes":["/faithcore","/operating-context","/trust-center"],"disqualifiers":["Buyer wants spiritual guidance to replace clinical care","Buyer does not accept opt-in consent boundaries"]}],"messageHouse":{"coreMessage":"SCRIMED is the governed healthcare intelligence operating layer that turns fragmented workflows into evidence-backed, human-reviewed operational intelligence.","positioning":"Not a chatbot, not an ambient scribe alone, and not a consulting wrapper. SCRIMED is an AI-native healthcare infrastructure platform for workflows, agents, interoperability, trust, and proof.","approvedProofPoints":["Governed synthetic pilots and enterprise evaluations are available now.","AgentOS, Atlas, TrustOS, protected workspaces, proof packets, and governance packs are inspectable in the product.","SCRIMED maintains clear boundaries: synthetic-only public flows, human review, no autonomous diagnosis, no payer submission, and no live clinical execution without approvals.","Global Reach maps regions, buyer packs, partner paths, procurement questions, and retained gates before international expansion claims scale.","Revenue value is measured through time saved, workflow friction reduced, documentation quality, denial-risk signals, access bottlenecks, and trust completeness."],"toneRules":["Use confident enterprise language without hype.","Lead with trust, outcomes, interoperability, and operational intelligence.","Use FaithCore only as opt-in dignity, encouragement, and trust support.","Separate vision from current capability."],"prohibitedClaims":["HIPAA certified","SOC 2 certified","FDA cleared","guaranteed revenue","guaranteed reimbursement","autonomous diagnosis","treats patients","government approved"]},"communicationsPlaybook":[{"channel":"Official website","status":"ready-for-controlled-use","audience":"Executives, buyers, advisors, investors, and partners.","message":"SCRIMED is the governed healthcare intelligence operating layer that turns fragmented workflows into evidence-backed, human-reviewed operational intelligence.","proofAsset":"/product","approvalGate":"Claims must match the public claims register before publishing."},{"channel":"Founder and investor narrative","status":"ready-for-controlled-use","audience":"Investors, advisors, strategic partners, and enterprise champions.","message":"SCRIMED is building the trusted healthcare intelligence infrastructure layer for global healthcare workflows.","proofAsset":"/strategic-intelligence","approvalGate":"Vision statements must remain separate from current sellable pilot capability."},{"channel":"Public relations","status":"approval-required","audience":"Healthcare business media, innovation leaders, community stakeholders, and ecosystem partners.","message":"SCRIMED is advancing governed AI for healthcare operations through synthetic pilots, trust controls, and interoperability-first product design.","proofAsset":"/trust-center","approvalGate":"Legal, privacy, brand, and claims-control review before distribution."},{"channel":"Enterprise sales outreach","status":"ready-for-controlled-use","audience":"Named healthcare executives and workflow owners.","message":"SCRIMED can run a governed synthetic evaluation of high-friction workflows before live data, production connectors, or clinical execution are considered.","proofAsset":"/pilot","approvalGate":"No PHI requests, no guarantees, and no compliance certification claims."},{"channel":"Incident, trust, and public response","status":"approval-required","audience":"Customers, public stakeholders, regulators, and partners where applicable.","message":"SCRIMED communicates boundaries, evidence, impact, and corrective actions through a documented trust and governance process.","proofAsset":"/claims","approvalGate":"Security, privacy, legal, and communications approval required."}],"advertisingCampaigns":[{"channel":"LinkedIn executive demand generation","status":"approval-required","targetAudience":"Health system operations, payer operations, revenue cycle, AI governance, and healthcare transformation executives.","objective":"Drive qualified enterprise pilot intake and assessment calls.","landingRoute":"/pilot","budgetPosture":"Start with controlled small-budget tests after abuse monitoring and claim review.","conversionEvent":"No-PHI pilot intake with boundary acknowledgement.","claimControl":"Use approved pilot, workflow, trust, and interoperability claims only.","blockedClaims":["clinical outcome guarantees","HIPAA certified","reimbursement guaranteed"]},{"channel":"Search advertising","status":"approval-required","targetAudience":"Buyers searching for healthcare AI governance, workflow automation, prior authorization AI, RCM AI, and interoperability readiness.","objective":"Capture high-intent buyer research and route to Product Console or Pilot Intake.","landingRoute":"/product","budgetPosture":"Delay scale until intake abuse controls, CRM routing, and campaign review are active.","conversionEvent":"Product console engagement or pilot intake.","claimControl":"Avoid disease, treatment, diagnosis, and guaranteed savings language.","blockedClaims":["diagnosis automation","patient treatment","guaranteed ROI"]},{"channel":"FaithCore community awareness","status":"approval-required","targetAudience":"Faith-aligned health leaders, patient-experience teams, community health organizations, and chaplaincy-adjacent stakeholders.","objective":"Position FaithCore as opt-in dignity and encouragement support with clear clinical boundaries.","landingRoute":"/faithcore","budgetPosture":"Use careful organic and partner-led education before paid campaigns.","conversionEvent":"FaithCore discovery call or enterprise trust assessment.","claimControl":"Spiritual encouragement only; no medical, mental health, emergency, or pastoral authority claims.","blockedClaims":["replaces clinician","replaces chaplain","heals","emergency support"]}],"faithCoreMarketPrograms":[{"name":"FaithCore Trust And Encouragement Layer","status":"ready-for-controlled-use","audience":"Opt-in patients, communities, and care teams that value spiritually aligned support.","message":"FaithCore supports dignity, hope, and trust while keeping clinical care, consent, and emergency decisions with qualified professionals.","useCase":"Patient-experience, community trust, culturally sensitive support, and whole-person encouragement.","revenueUse":"Add-on to patient-experience, community health, and faith-aligned enterprise pilots after governance review.","route":"/faithcore","boundaries":["Opt-in only","No diagnosis or treatment","No emergency guidance","No replacement for clinicians, chaplains, counselors, or professional care","Culturally sensitive and faith-aware, not coercive"]},{"name":"FaithCore Staff Resilience And Mission Alignment","status":"approval-required","audience":"Care teams and organizations seeking values-aligned reflection and encouragement.","message":"FaithCore can support values-based reflection and staff encouragement without becoming HR, clinical, or pastoral authority.","useCase":"Staff resilience pilots, mission-centered reflection, and ethical culture support.","revenueUse":"Enterprise add-on for organizations that explicitly opt into FaithCore programming.","route":"/faithcore","boundaries":["No employment advice","No mental health treatment","No coercive faith participation","Human leadership and professional support remain accountable"]}],"nextBuildStep":"Use Attribution Analytics to review source-to-pilot cohorts before scaling campaigns, then add tenant-admin export packets for board, investor, and enterprise pipeline reviews.","updated":"2026-06-15"},"commercialStrategySummary":{"service":"scrimed-commercial-strategy","route":"/pricing","apiRoute":"/api/commercial/pricing","status":"pricing-and-sales-motion-ready","recommendedModel":"Hybrid enterprise model: free public preview, paid assessment, paid synthetic pilot, protected enterprise pilot, annual platform license, and custom strategic partnerships.","recommendedAppDomain":"app.scrimedsolutions.com","boundary":"SCRIMED pricing and sales motions currently sell governed synthetic evaluations, readiness assessments, and protected enterprise pilots. Pricing does not imply live clinical execution, autonomous diagnosis, payer submission, reimbursement guarantees, or production medical-record processing.","productAccessRoutes":[{"surface":"Official Wix website","route":"https://www.scrimedsolutions.com","buyerIntent":"Brand discovery, credibility, founder story, high-level product education, and public contact capture.","owner":"SCRIMED marketing site"},{"surface":"Vercel app subdomain","route":"https://app.scrimedsolutions.com","buyerIntent":"Product console, AgentOS evaluation, pilot intake, pricing, trust, workflows, and enterprise proof stack.","owner":"SCRIMED product platform"},{"surface":"Product Console","route":"/product","buyerIntent":"Inspect sellable offers, workflow examples, proof stack, governance controls, and readiness brief.","owner":"Product and sales"},{"surface":"Demo Center","route":"/demos","buyerIntent":"Inspect executable product demos, proof routes, outcome signals, governance boundaries, and production exclusions.","owner":"Sales engineering and product"},{"surface":"Pilot Programs","route":"/pilots","buyerIntent":"Compare structured enterprise programs by duration, deliverables, inputs, metrics, gates, and engagement model.","owner":"Enterprise sales and delivery"},{"surface":"Pilot Deal Room","route":"/pilot-deal-room","buyerIntent":"Understand how SCRIMED moves from public product proof to sales opportunity, Buyer Pilot Room, audited packet, and paid pilot.","owner":"Enterprise sales and product"},{"surface":"AgentOS Evaluation Workspace","route":"/evaluation","buyerIntent":"Run a synthetic workflow packet through AgentOS and Atlas Trust Cards before a sales call.","owner":"Sales engineering"},{"surface":"Pilot Intake","route":"/pilot","buyerIntent":"Request an assessment, synthetic pilot, governance audit, or automation blueprint.","owner":"Enterprise sales"}],"pricingTiers":[{"name":"Public Product Preview","status":"public-preview","recommendedDisplayPrice":"Free public access","buyer":"Website visitors, investors, advisors, and early enterprise evaluators","entryCriteria":["No account required","No PHI or live data submitted","Buyer is learning SCRIMED's product category and trust posture"],"includes":["Product Console","AgentOS Evaluation Workspace using synthetic examples","Trust, workflow, pricing, and readiness surfaces","Downloadable readiness brief"],"successMetric":"Qualified buyer moves from education to pilot intake.","expansionPath":"Synthetic Pilot Evaluation","boundary":"Public preview is a product education surface, not a live clinical system.","primaryAction":{"label":"Open Product Console","href":"/product"}},{"name":"Workflow Intelligence Assessment","status":"sellable-now","recommendedDisplayPrice":"Standard $25k-$75k; mission-clinic access path $12.5k-$25k for one no-PHI workflow; enterprise assessment $75k-$150k","buyer":"Hospitals, clinics, payers, and transformation teams validating workflow opportunity before a pilot","entryCriteria":["Executive or operational sponsor identified","One to three workflows selected","Buyer can describe current process, constraints, and governance needs"],"includes":["Workflow friction map","AI readiness and governance review","Interoperability target map","AgentOS evaluation packet","Executive findings call"],"successMetric":"Buyer approves pilot scope, value hypothesis, and governance gates.","expansionPath":"Synthetic Pilot Evaluation or AI Readiness + Governance Audit","boundary":"Assessment produces operational intelligence for human leaders; it is not clinical advice.","primaryAction":{"label":"Book Assessment","href":"/pilot?offer=workflow-intelligence-assessment"}},{"name":"Synthetic Pilot Evaluation","status":"sellable-now","recommendedDisplayPrice":"Standard $125k-$350k for 45-90 days; $350k-$500k when multiple workflows, diligence, or executive proof packets expand scope","buyer":"Enterprise buyers who want to evaluate SCRIMED against synthetic workflows before live integration","entryCriteria":["Named sponsor and review team","Synthetic workflow packet approved","Pilot outcome metrics selected","No live PHI or production connector required"],"includes":["AgentOS orchestration for selected workflows","Atlas Trust Cards and evidence source mapping","Synthetic workflow result packets","Audit and observability report","Production-readiness decision register"],"successMetric":"Buyer validates workflow value, trust posture, and protected-pilot business case.","expansionPath":"Protected Enterprise Pilot","boundary":"Synthetic data only; no diagnosis, treatment, payer submission, or patient outreach.","primaryAction":{"label":"Request Pilot","href":"/pilot?offer=synthetic-pilot-evaluation"}},{"name":"Protected Enterprise Pilot","status":"protected-pilot","recommendedDisplayPrice":"Standard $400k-$1.25M for 90-180 days; $1.25M-$2M+ for multi-site, protected diligence, sandbox planning, or expanded scope","buyer":"Health systems, payers, public-sector programs, and enterprise operators preparing controlled deployment","entryCriteria":["Security, privacy, compliance, and legal review underway","BAA and data-boundary decisions defined","Tenant identity and reviewer roles approved","Workflow owner and success baseline confirmed"],"includes":["Tenant-scoped pilot environment","Role-based review workflows","Connector implementation plan","Durable audit design","Operational outcomes report","Enterprise license proposal"],"successMetric":"Buyer approves annual operating license, connector scope, and governed production plan.","expansionPath":"Enterprise Operating License","boundary":"Protected pilot still requires human review and approved controls before any live clinical workflow use.","primaryAction":{"label":"Start Protected Pilot","href":"/pilot?offer=clinical-operations-automation-blueprint"}},{"name":"Enterprise Operating License","status":"enterprise-license","recommendedDisplayPrice":"Initial annual operating layer $1.5M-$6M; multi-department or multi-region expansion $6M-$12M+","buyer":"Large hospitals, payers, government health agencies, and multi-site healthcare organizations","entryCriteria":["Protected pilot validated","Approved identity, audit, security, connector, and governance controls","Annual budget owner identified","Expansion workflows prioritized"],"includes":["SCRIMED AgentOS and Atlas operating layer","Workflow, agent, and connector packages","TrustQA, audit, observability, and governance stack","Enterprise support and implementation cadence","Quarterly value and safety reviews"],"successMetric":"Multi-workflow expansion with measurable operational value and governed trust posture.","expansionPath":"Strategic Platform Partnership","boundary":"Production use requires signed controls, approved workflows, and human-review operating procedures.","primaryAction":{"label":"Contact Enterprise Sales","href":"/pilot?offer=ai-readiness-governance-audit"}},{"name":"Strategic Platform Partnership","status":"strategic","recommendedDisplayPrice":"Multi-year partnerships $8M-$25M+, sales-led, region-aware, and external-review-gated","buyer":"Governments, national health systems, major payers, strategic hospital networks, and global partners","entryCriteria":["Multi-organization mandate","Long-term interoperability, governance, or transformation program","Executive steering committee","Regional compliance and deployment model defined"],"includes":["Dedicated roadmap alignment","Regional compliance and sovereignty planning","Custom agent and connector strategy","Executive governance reporting","Strategic implementation support"],"successMetric":"SCRIMED becomes a governed healthcare intelligence infrastructure partner.","expansionPath":"Regional or ecosystem-level deployment","boundary":"Strategic work remains governed, auditable, human-reviewed, and regionally compliant.","primaryAction":{"label":"Request Strategic Review","href":"/pilot?offer=ai-readiness-governance-audit"}}],"premiumPricingPrinciples":[{"principle":"Protect enterprise price integrity","policy":"Use starts-at floors and scoped enterprise ranges; do not publish low monthly plans for the operating layer.","rationale":"SCRIMED sells governed healthcare intelligence infrastructure, workflow transformation, trust controls, and enterprise proof, not a commodity chatbot seat.","guardrail":"Discount only by reducing scope, duration, services, integrations, or support commitments."},{"principle":"Price against workflow value and governance scope","policy":"Anchor fees to workflows under governance, departments served, integrations, support level, security review, and proof-stack depth.","rationale":"Healthcare buyers pay for measurable operational intelligence, trusted controls, and deployment readiness across high-friction workflows.","guardrail":"Measured pilot outcomes are directional business evidence, not guaranteed clinical, payer, or reimbursement outcomes."},{"principle":"Separate platform license from implementation services","policy":"Keep annual platform licensing distinct from assessment, pilot, connector, migration, security, training, and advisory work.","rationale":"This preserves SCRIMED's long-term platform margin while making complex enterprise delivery transparent to buyers.","guardrail":"Live connector, PHI, clinical, payer, or sovereign deployment work requires approved written scope and controls."},{"principle":"Move qualified buyers toward multi-year commitments","policy":"Use paid assessments and synthetic pilots to validate scope, then convert protected pilots into annual or multi-year platform agreements.","rationale":"Enterprise healthcare transformation compounds through trust, workflow ownership, integrations, and institutional memory.","guardrail":"No customer should enter production use without legal, privacy, security, governance, and human-review approvals."}],"salesMotion":[{"phase":"discover","name":"Website to Product","route":"https://www.scrimedsolutions.com -> https://app.scrimedsolutions.com/product","buyerAction":"Buyer learns the brand on Wix and clicks into the SCRIMED product app.","scrimedAction":"Route buyer to Product Console, Pricing, Evaluation, or Pilot Intake.","qualificationGate":"Buyer has healthcare workflow, governance, interoperability, or AI readiness need.","nextCommitment":"Run evaluation or submit pilot intake."},{"phase":"evaluate","name":"Self-Guided Product Evaluation","route":"/evaluation","buyerAction":"Buyer inspects synthetic AgentOS/Atlas outputs without needing Vercel or an account.","scrimedAction":"Package product proof around task plans, Trust Cards, audit preview, and observability.","qualificationGate":"Buyer confirms one or more high-value workflows and a sponsor.","nextCommitment":"Paid assessment or synthetic pilot."},{"phase":"pilot","name":"Paid Evaluation or Synthetic Pilot","route":"/pilot-deal-room","buyerAction":"Buyer reviews the Pilot Deal Room, requests scoped assessment or pilot, and acknowledges no-PHI boundary.","scrimedAction":"Qualify buyer, define scope, metrics, governance gates, decision criteria, and deal-room packet.","qualificationGate":"Sponsor, budget range, workflow owner, review team, and pilot success metrics exist.","nextCommitment":"Protected pilot or annual license proposal."},{"phase":"license","name":"Protected Pilot to Enterprise License","route":"/pricing","buyerAction":"Buyer reviews implementation, security, compliance, and annual operating model.","scrimedAction":"Propose base platform license plus workflow, connector, agent, support, and usage scope.","qualificationGate":"BAA, identity, audit, connector, security, and human-review controls approved.","nextCommitment":"Annual enterprise agreement."},{"phase":"expand","name":"Enterprise Expansion","route":"/observability","buyerAction":"Buyer expands from one workflow to multiple departments, regions, or organizations.","scrimedAction":"Use observability, trust metrics, and governance reporting to support expansion.","qualificationGate":"Measured value and safety posture remain strong under review.","nextCommitment":"Multi-year strategic partnership."}],"valueMetrics":[{"metric":"Workflows under governance","whyItMatters":"Healthcare buyers buy workflow transformation, not generic AI usage.","pricingUse":"Primary enterprise package metric for pilots and annual licenses.","guardrail":"Workflow expansion requires approved human-review and audit controls."},{"metric":"Agent and service modules enabled","whyItMatters":"Sanar AI, DocuTwin, CareExplain, Ambient Scribe, TrialCore, PayerIQ, and future services carry different value and risk.","pricingUse":"Module add-ons and tier expansion.","guardrail":"No module implies autonomous diagnosis, treatment, payer submission, or patient outreach."},{"metric":"Connector and integration scope","whyItMatters":"EHR, payer, CRM, knowledge, and analytics connectors drive implementation cost and enterprise value.","pricingUse":"Implementation and annual support scope.","guardrail":"Live connectors require BAA, tenant identity, audit, security, and approval controls."},{"metric":"Evaluation and task volume","whyItMatters":"AI-heavy usage should scale with actual activity without surprising buyers.","pricingUse":"Usage band or credit pool after pilot validation.","guardrail":"Usage pricing should be capped or contracted to preserve buyer trust."},{"metric":"Organizations, regions, and departments","whyItMatters":"SCRIMED can expand from department workflow to enterprise operating layer.","pricingUse":"Enterprise and strategic partnership expansion.","guardrail":"Regional compliance, data residency, language, and governance needs must be explicit."}],"commercialGuardrails":[{"guardrail":"Do not publish low consumer-style pricing","detail":"SCRIMED is an enterprise healthcare operating layer. Public pricing should show package ranges or 'starts at' for evaluations, with enterprise pilots handled by sales."},{"guardrail":"Sell outcomes as measured pilot signals","detail":"Use time saved, workflow friction, denial risk, access bottlenecks, documentation quality, and trust completeness as pilot metrics, not unsupported clinical claims."},{"guardrail":"Separate public preview from paid pilots","detail":"Website visitors can inspect the product, but paid assessments and pilots require sponsor, workflow scope, governance needs, and no-PHI acknowledgement."},{"guardrail":"Keep medical-device and clinical claims out of sales copy","detail":"SCRIMED should present as governed operational intelligence until clinical, regulatory, and production execution controls are explicitly approved."},{"guardrail":"Use enterprise sales with sales engineering","detail":"Healthcare buyers need security, compliance, workflow, interoperability, ROI, and trust review before annual license commitment."}],"marketPricingBenchmarks":[{"segment":"Individual AI scribe subscriptions","publicSignal":"Freed, Tali, and Heidi show free or low monthly clinician entry points for narrow documentation workflows.","source":"Public competitor pricing pages and plan pages","scrimedImplication":"SCRIMED should not compete as a low-cost per-seat scribe; free demos are the entry point, while paid work is enterprise workflow, governance, interoperability, and proof packaging."},{"segment":"Enterprise clinical AI assistants","publicSignal":"Suki, Ambience, Abridge, and similar vendors lead with workflow breadth, EHR adjacency, specialty support, and sales-led enterprise pricing.","source":"Public enterprise product pages and case-study positioning","scrimedImplication":"SCRIMED pilot pricing should scale by workflow family, departments, governance burden, proof depth, implementation complexity, and protected controls."},{"segment":"Healthcare integration infrastructure","publicSignal":"Redox-style integration platforms use custom pricing because EHR connectivity, uptime, security, data exchange, and trading-partner requirements drive cost.","source":"Public healthcare integration product and pricing-positioning pages","scrimedImplication":"Connector and production data-exchange work must remain outside standard demo and synthetic-pilot prices until separately reviewed and priced."},{"segment":"Health-system-owned AI infrastructure","publicSignal":"The 2026 Berta open-source scribe paper reports commercial AI scribes at $99-$600 per physician per month and internal operating costs below $30 per physician per month.","source":"Berta arXiv paper","scrimedImplication":"SCRIMED must defend enterprise price through proof, governance, safety, workflow redesign, interoperability readiness, and margin-transparent implementation."}],"pricingAlignmentDecisions":[{"lane":"Public demos","decision":"Keep free, no-PHI, no-account public demos and qualified standard guided demos.","rationale":"Market leaders reduce friction with trials or low-cost entry before enterprise review.","marginProtection":"Custom prep, questionnaires, buyer-specific proof packets, and diligence release work move into paid scope."},{"lane":"Assessments","decision":"Use $25k-$75k as the standard assessment band, with a $12.5k-$25k mission-clinic access path and $75k-$150k enterprise assessment band.","rationale":"This stays approachable for early buyers without pricing SCRIMED like a commodity seat subscription.","marginProtection":"Cap workflow count, meetings, artifacts, and review cycles; discount only by reducing scope."},{"lane":"Synthetic pilots","decision":"Use $125k-$350k as the standard 45-90 day synthetic pilot band and $350k-$500k for expanded proof scope.","rationale":"Enterprise pilots should be materially above individual scribe subscriptions while staying below production integration commitments.","marginProtection":"Separate custom packets, protected workspaces, integration planning, legal/security diligence, and implementation labor."},{"lane":"Protected enterprise pilots","decision":"Use $400k-$1.25M as the standard 90-180 day protected pilot band and $1.25M-$2M+ for multi-site or heavy diligence scope.","rationale":"Protected pilots carry security, privacy, tenant, evidence-room, support, and connector-readiness costs.","marginProtection":"Separate annual license, services, support, model usage, evidence-room release, connector work, and change orders."},{"lane":"Enterprise operating license","decision":"Use $1.5M-$6M annual for initial enterprise layer and $6M-$12M+ for multi-department or multi-region expansion.","rationale":"This aligns with infrastructure-level value while giving buyers a believable expansion ladder after pilots prove value.","marginProtection":"Keep implementation, support, connector, usage, and continuous review retainers out of the base license unless explicitly priced."}],"updated":"2026-06-26"},"publicMarketReadinessSummary":{"service":"scrimed-public-market-readiness","route":"/public-market-readiness","apiRoute":"/api/public-market-readiness","briefRoute":"/api/public-market-readiness/brief","protectedOperatorMetricRoute":"/pilot-workspace/access","protectedOperatorMetricApiRoute":"/api/pilot-workspaces/{workspaceSlug}/operator-metrics","protectedMetricRollupRoute":"/pilot-workspace/access","protectedMetricRollupApiRoute":"/api/pilot-workspaces/{workspaceSlug}/metric-rollups","protectedMetricRollupPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/metric-rollups/{snapshotId}/packet","protectedMetricTrendRoute":"/pilot-workspace/access","protectedMetricTrendApiRoute":"/api/pilot-workspaces/{workspaceSlug}/metric-trends","protectedMetricTrendPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/metric-trends/{reviewId}/packet","protectedBoardScorecardRoute":"/pilot-workspace/access","protectedBoardScorecardApiRoute":"/api/pilot-workspaces/{workspaceSlug}/board-scorecards","protectedBoardScorecardPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/board-scorecards/{scorecardId}/packet","protectedFinanceMethodologyRoute":"/pilot-workspace/access","protectedFinanceMethodologyApiRoute":"/api/pilot-workspaces/{workspaceSlug}/finance-methodology","protectedFinanceMethodologyPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/finance-methodology/packet","protectedExternalApprovalEvidenceRoute":"/pilot-workspace/access","protectedExternalApprovalEvidenceApiRoute":"/api/pilot-workspaces/{workspaceSlug}/external-approval-evidence","protectedExternalApprovalEvidencePacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/external-approval-evidence/packet","protectedReleaseDecisionRoute":"/pilot-workspace/access","protectedReleaseDecisionApiRoute":"/api/pilot-workspaces/{workspaceSlug}/release-decisions","protectedReleaseDecisionPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/release-decisions/packet","protectedNamedReviewerSignoffRoute":"/pilot-workspace/access","protectedNamedReviewerSignoffApiRoute":"/api/pilot-workspaces/{workspaceSlug}/reviewer-signoffs","protectedNamedReviewerSignoffPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/reviewer-signoffs/packet","protectedDistributionLockboxRoute":"/pilot-workspace/access","protectedDistributionLockboxApiRoute":"/api/pilot-workspaces/{workspaceSlug}/distribution-lockbox","protectedDistributionLockboxPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/distribution-lockbox/packet","protectedReleaseAuthorityAttestationRoute":"/pilot-workspace/access","protectedReleaseAuthorityAttestationApiRoute":"/api/pilot-workspaces/{workspaceSlug}/release-authority-attestations","protectedReleaseAuthorityAttestationPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/release-authority-attestations/packet","protectedEvidenceRoomRecipientAttestationRoute":"/pilot-workspace/access","protectedEvidenceRoomRecipientAttestationApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-recipient-attestations","protectedEvidenceRoomRecipientAttestationPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-recipient-attestations/packet","protectedEvidenceRoomAccessLogReconciliationRoute":"/pilot-workspace/access","protectedEvidenceRoomAccessLogReconciliationApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-access-log-reconciliation","protectedEvidenceRoomAccessLogReconciliationPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-access-log-reconciliation/packet","protectedEvidenceRoomProviderAdapterRoute":"/pilot-workspace/access","protectedEvidenceRoomProviderAdapterApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-provider-adapters","protectedEvidenceRoomProviderAdapterPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-provider-adapters/packet","protectedProviderSecurityReviewRoute":"/pilot-workspace/access","protectedProviderSecurityReviewApiRoute":"/api/pilot-workspaces/{workspaceSlug}/provider-security-reviews","protectedProviderSecurityReviewPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/provider-security-reviews/packet","protectedProcurementEvidenceRegistryRoute":"/pilot-workspace/access","protectedProcurementEvidenceRegistryApiRoute":"/api/pilot-workspaces/{workspaceSlug}/procurement-evidence","protectedProcurementEvidenceRegistryPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/procurement-evidence/packet","status":"capital-efficiency-kpi-stack-ready","proofStackStatus":"public-market-readiness-capital-efficiency-kpi-stack","briefProofStackStatus":"public-market-readiness-board-brief-no-financial-advice","protectedOperatorMetricStatus":"aal2-protected-operator-metric-capture-no-phi","protectedMetricRollupStatus":"aal2-finance-reviewed-metric-rollups-no-phi","protectedMetricRollupPacketStatus":"aal2-audited-board-metric-packets-no-phi","protectedMetricTrendStatus":"aal2-board-trend-review-no-phi","protectedMetricTrendPacketStatus":"aal2-audited-board-trend-packets-no-phi","protectedBoardScorecardStatus":"aal2-rolling-quarter-board-scorecards-no-phi","protectedBoardScorecardPacketStatus":"aal2-audited-board-scorecard-packets-no-phi","protectedFinanceMethodologyStatus":"aal2-finance-methodology-gates-no-phi","protectedFinanceMethodologyPacketStatus":"aal2-audited-finance-methodology-gate-packets-no-phi","protectedExternalApprovalEvidenceStatus":"aal2-qualified-external-approval-evidence-links-no-phi","protectedExternalApprovalEvidencePacketStatus":"aal2-audited-external-approval-evidence-link-packets-no-phi","protectedReleaseDecisionStatus":"aal2-qualified-release-decision-workflow-no-phi","protectedReleaseDecisionPacketStatus":"aal2-audited-release-decision-claim-registry-packets-no-phi","protectedNamedReviewerSignoffStatus":"aal2-named-reviewer-signoff-metadata-no-phi","protectedNamedReviewerSignoffPacketStatus":"aal2-audited-named-reviewer-signoff-packets-no-phi","protectedDistributionLockboxStatus":"aal2-external-distribution-lockbox-disabled-no-phi","protectedDistributionLockboxPacketStatus":"aal2-audited-distribution-lockbox-packets-no-phi","protectedReleaseAuthorityAttestationStatus":"aal2-external-release-authority-attestations-disabled-no-phi","protectedReleaseAuthorityAttestationPacketStatus":"aal2-audited-release-authority-attestation-packets-no-phi","protectedEvidenceRoomRecipientAttestationStatus":"aal2-evidence-room-recipient-attestations-disabled-no-phi","protectedEvidenceRoomRecipientAttestationPacketStatus":"aal2-audited-evidence-room-recipient-attestation-packets-no-phi","protectedEvidenceRoomAccessLogReconciliationStatus":"aal2-evidence-room-access-log-reconciliation-disabled-no-phi","protectedEvidenceRoomAccessLogReconciliationPacketStatus":"aal2-audited-evidence-room-access-log-reconciliation-packets-no-phi","protectedEvidenceRoomProviderAdapterStatus":"aal2-evidence-room-provider-adapter-contracts-disabled-no-phi","protectedEvidenceRoomProviderAdapterPacketStatus":"aal2-audited-evidence-room-provider-adapter-packets-no-phi","protectedProviderSecurityReviewStatus":"aal2-provider-security-review-workbench-no-phi","protectedProviderSecurityReviewPacketStatus":"aal2-audited-provider-security-review-packets-no-phi","protectedProcurementEvidenceRegistryStatus":"aal2-procurement-evidence-registry-no-sensitive-artifacts","protectedProcurementEvidenceRegistryPacketStatus":"aal2-audited-procurement-evidence-registry-packets-no-sensitive-artifacts","thesis":"SCRIMED is healthcare intelligence infrastructure, not another AI model company.","investorNarrative":"While frontier labs burn billions to build general intelligence, SCRIMED captures healthcare-specific value by owning the workflow, trust layer, data loops, governance evidence, interoperability path, and measurable outcomes around healthcare operations.","efficientHealthcareIntelligence":"SCRIMED should own healthcare workflows, trust evidence, and outcomes while using model routing, task-specific agents, open/closed model optionality, and token-cost controls to avoid frontier-model dependency.","boundary":"SCRIMED Public Market Readiness organizes KPI definitions, unit-economics discipline, compliance logs, customer proof, governance documentation, model-efficiency controls, and investor narrative for enterprise operating maturity. It is not audited financial reporting, securities offering material, investment advice, accounting advice, tax advice, a valuation guarantee, clinical validation, reimbursement assurance, compliance certification, or live clinical execution authorization.","metricCount":10,"unitEconomicsPackageCount":4,"modelEfficiencyControlCount":4,"complianceLogCount":6,"customerProofStageCount":5,"boardCadenceCount":4,"limitationCount":5,"operatorMetricCatalogCount":5,"operatingMetrics":[{"id":"cost-per-workflow","name":"Cost per governed workflow","category":"unit-economics","unit":"USD per completed workflow packet","formula":"(model cost + infrastructure cost + review labor + support allocation) / completed governed workflow packets","targetDirection":"lower-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"AgentOS task trace, QA evidence ledger, proof-packet release audit, and workflow result validation.","proofRoute":"/workflows/results","boundary":"Synthetic and protected-pilot workflows only until buyer-approved production baselines exist."},{"id":"cost-per-patient-interaction","name":"Cost per patient interaction equivalent","category":"unit-economics","unit":"USD per synthetic or approved pilot interaction","formula":"(agent execution cost + routing cost + human-review cost) / synthetic or approved pilot interaction count","targetDirection":"lower-is-better","currentMaturity":"protected-pilot-measurement-required","auditSource":"Protected pilot sessions, buyer demo sessions, and approved customer baselines.","proofRoute":"/pilot-workspace/access","boundary":"No live patient interaction is authorized. Current use is a pilot-equivalent metric definition."},{"id":"cost-per-chart","name":"Cost per chart review","category":"unit-economics","unit":"USD per synthetic or approved chart-review work order","formula":"(document intelligence cost + model extraction cost + TrustQA review cost + reviewer time) / chart-review work orders","targetDirection":"lower-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"DocuTwin work orders, Trust Cards, and manual QA evidence packets.","proofRoute":"/modules/docutwin","boundary":"No PHI, record mutation, diagnosis insertion, or final note filing is authorized."},{"id":"cost-per-prior-auth","name":"Cost per prior authorization support packet","category":"unit-economics","unit":"USD per packet draft","formula":"(policy retrieval cost + document parsing cost + model drafting cost + reviewer time) / prior-auth packet drafts","targetDirection":"lower-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"Agent Workspace work orders, Atlas evidence layer, and proof packet audit.","proofRoute":"/agent-workspace","boundary":"No payer submission, coverage determination, or medical-necessity decision is authorized."},{"id":"cost-per-denial-appeal","name":"Cost per denial appeal support draft","category":"unit-economics","unit":"USD per reviewable appeal draft","formula":"(claim-context parsing + policy evidence retrieval + draft generation + qualified review allocation) / appeal-support drafts","targetDirection":"lower-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"RCM Agent work orders, TrustOS reviewer checkpoints, and governance packets.","proofRoute":"/workflows/results","boundary":"No final coding, billing, appeal submission, or reimbursement guarantee is authorized."},{"id":"time-saved-per-clinician","name":"Time saved per clinician","category":"workflow-value","unit":"minutes saved per reviewed workflow","formula":"buyer-approved baseline minutes - SCRIMED-assisted minutes for the same governed workflow","targetDirection":"higher-is-better","currentMaturity":"protected-pilot-measurement-required","auditSource":"Buyer baseline, protected pilot result packet, reviewer sign-off, and QA evidence.","proofRoute":"/pilot-evidence","boundary":"This is an operational-efficiency metric, not a clinical outcome claim."},{"id":"revenue-protected","name":"Revenue protected per payer or provider workflow","category":"workflow-value","unit":"USD at-risk revenue surfaced for qualified review","formula":"reviewed denial risk, missing-evidence exposure, or leakage opportunity identified under buyer-approved methodology","targetDirection":"higher-is-better","currentMaturity":"protected-pilot-measurement-required","auditSource":"Revenue workflow result packets, buyer finance review, and approved value methodology.","proofRoute":"/pricing","boundary":"Revenue protected is a reviewed operational signal, not a reimbursement promise or audited financial result."},{"id":"compliance-log-completeness","name":"Compliance log completeness","category":"compliance-governance","unit":"percentage of governed events with required metadata","formula":"governed events with required audit metadata / total governed events","targetDirection":"higher-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"Protected pilot audit events, TrustOS decisions, QA packets, and activation attestations.","proofRoute":"/audit","boundary":"Log completeness does not equal compliance certification or regulator acceptance."},{"id":"gross-margin-by-offer","name":"Gross margin by offer","category":"margin-discipline","unit":"percentage margin by package","formula":"(contracted package revenue - model cost - infrastructure cost - implementation labor - support allocation - reviewer allocation) / contracted package revenue","targetDirection":"within-approved-band","currentMaturity":"external-finance-review-required","auditSource":"Pricing model, sales deal room, finance review, usage logs, and delivery time tracking.","proofRoute":"/pricing","boundary":"Requires finance-reviewed cost accounting before external reporting or investor diligence use."},{"id":"model-cost-per-trust-card","name":"Model cost per Trust Card","category":"cost-control","unit":"USD per evidence-backed recommendation card","formula":"(retrieval cost + model route cost + validation cost + reviewer allocation) / Trust Cards generated","targetDirection":"lower-is-better","currentMaturity":"definition-ready","auditSource":"Atlas Trust Cards, model-router logs, validation records, and reviewer status.","proofRoute":"/atlas","boundary":"Trust Cards remain review support, not autonomous clinical decisions."}],"operatorMetricCatalog":[{"metricKey":"model-cost-usd","label":"Model cost","unit":"usd","publicMarketKpiId":"model-cost-per-trust-card","description":"Model, routing, retrieval, validation, and retry cost for a governed workflow window.","proofRoute":"/public-market-readiness","costDiscipline":"Use model routing, smaller task-specific models, retrieval-first execution, and retry budgets."},{"metricKey":"review-time-minutes","label":"Human review time","unit":"minutes","publicMarketKpiId":"time-saved-per-clinician","description":"Operator, reviewer, clinician-adjacent, or sales-engineering review minutes for a governed workflow window.","proofRoute":"/pilot-workspace/access","costDiscipline":"Track review load so SCRIMED can price human-in-the-loop safety without hiding labor cost."},{"metricKey":"delivery-hours","label":"Delivery hours","unit":"hours","publicMarketKpiId":"gross-margin-by-offer","description":"Implementation, QA, sales engineering, governance, or delivery hours spent on a scoped no-PHI workflow window.","proofRoute":"/pricing","costDiscipline":"Separate implementation services from platform license and protect enterprise gross margin."},{"metricKey":"proof-packet-count","label":"Proof packet count","unit":"count","publicMarketKpiId":"compliance-log-completeness","description":"Audited or generated proof packets released for a governed workflow window.","proofRoute":"/qa-evidence","costDiscipline":"Treat proof production as a repeatable evidence factory, not one-off consulting labor."},{"metricKey":"workflow-volume","label":"Workflow volume","unit":"count","publicMarketKpiId":"cost-per-workflow","description":"Completed synthetic, protected-pilot, or buyer-demo workflow packets in a measurement window.","proofRoute":"/workflows/results","costDiscipline":"Normalize operating cost by workflow output so SCRIMED can price against value and throughput."}],"unitEconomicsPackages":[{"packageName":"Workflow Intelligence Assessment","commercialStage":"paid assessment","priceSignal":"Starts at $50k; typical range $75k-$150k fixed fee","measurableValue":["workflow friction map","automation candidate scorecard","governance gap register","pilot success criteria"],"costDrivers":["discovery hours","workflow analysis","buyer workshops","executive findings"],"marginDiscipline":"Keep scope fixed, cap workshop hours, reuse SCRIMED assessment templates, and convert qualified accounts into higher-value pilots.","proofRoutes":["/pricing","/pilot-deal-room","/pilot"],"boundary":"Assessment output is operational intelligence, not legal, clinical, or regulatory advice."},{"packageName":"Synthetic Pilot Evaluation","commercialStage":"sellable pilot","priceSignal":"Starts at $150k; typical range $200k-$500k for 45-90 days","measurableValue":["cost per governed workflow","time saved estimate","workflow friction reduced","Trust Card completeness","production-readiness gates"],"costDrivers":["agent runs","synthetic workflow design","proof packets","review meetings","QA evidence"],"marginDiscipline":"Use task-specific agents, deterministic synthetic fixtures, bounded model routes, and reusable governance packets.","proofRoutes":["/product","/evaluation","/qa-evidence","/demos"],"boundary":"Synthetic data only; no PHI, diagnosis, payer submission, patient outreach, or live execution."},{"packageName":"Protected Enterprise Pilot","commercialStage":"protected pilot","priceSignal":"Starts at $750k; typical range $1M-$2.5M for 90-180 days","measurableValue":["buyer-approved workflow baseline","reviewer acceptance rate","override and escalation rates","cost per work order","readiness gates closed"],"costDrivers":["tenant setup","identity controls","human review","security diligence","governance operations"],"marginDiscipline":"Charge separately for connectors, implementation, evidence vault controls, custom support, and regional compliance work.","proofRoutes":["/pilot-workspace/access","/clinical-care-activation","/trust-safety-operations"],"boundary":"Protected pilot does not authorize live clinical execution until external approvals and customer-specific controls pass."},{"packageName":"Enterprise Operating License","commercialStage":"annual platform license","priceSignal":"Annual platform license starts at $2.5M; enterprise range $3M-$12M+","measurableValue":["workflows under governance","departments served","model cost per workflow","audit completeness","expansion revenue"],"costDrivers":["platform support","workflow count","connectors","monitoring","customer success"],"marginDiscipline":"Separate platform license from implementation services and charge add-ons for workflow, connector, region, and support expansion.","proofRoutes":["/pricing","/observability","/deployment-profiles"],"boundary":"Production terms require signed scope, security review, privacy controls, and human-review operating procedures."}],"modelEfficiencyControls":[{"control":"Task-specific agent routing","operatingPolicy":"Route narrow workflow tasks to specialized agents instead of a single large general-purpose agent.","costControl":"Use deterministic preprocessing, small-model classification, and retrieval-before-generation before escalating to premium models.","safetyControl":"Escalate uncertainty and high-risk clinical-adjacent content to human review.","proofRoute":"/agents"},{"control":"Open and closed model optionality","operatingPolicy":"Keep model-provider abstraction so SCRIMED can route between frontier APIs, healthcare-specific models, open-weight models, and future sovereign deployments.","costControl":"Choose the least expensive route that satisfies safety, latency, context, and evidence requirements.","safetyControl":"Do not route PHI-sensitive or regulated tasks without approved deployment controls.","proofRoute":"/healthcare-intelligence-os"},{"control":"Token and evidence budgets","operatingPolicy":"Attach workflow-level budgets for context size, evidence retrieval depth, model calls, retries, and reviewer effort.","costControl":"Track cost per workflow, Trust Card, chart, prior-auth packet, and denial draft.","safetyControl":"Block budget-driven shortcuts that remove citations, confidence, or review gates.","proofRoute":"/observability"},{"control":"Workflow-owned data loops","operatingPolicy":"Optimize around customer workflow outcomes rather than generic benchmark scores.","costControl":"Invest in reusable workflow traces, corrections, and governance packets that improve future runs without retraining foundation models.","safetyControl":"Use deidentified or synthetic feedback until privacy and customer data rights are approved.","proofRoute":"/pilot-evidence"}],"complianceLogs":[{"log":"Protected pilot audit events","owner":"TrustOS, engineering, and tenant admins","currentSource":"Tenant-scoped Supabase audit events and proof-packet release logs.","proofRoute":"/pilot-workspace/access","metricUse":"Compliance log completeness, customer proof, and buyer diligence.","boundary":"No PHI, secrets, or live medical records are stored in current protected packets."},{"log":"QA evidence ledger","owner":"Engineering and trust operations","currentSource":"Dated smoke, build, manual-run, and no-secret QA evidence.","proofRoute":"/qa-evidence","metricUse":"Release discipline, defect visibility, and investor diligence.","boundary":"QA evidence is product reliability evidence, not certification."},{"log":"Clinical activation dossier and approvals","owner":"Clinical governance, legal, security, privacy, and operations","currentSource":"No-PHI AAL2 clinical activation readiness attestations and packets.","proofRoute":"/clinical-care-activation","metricUse":"Hard-gate closure, readiness posture, and regulated deployment planning.","boundary":"Readiness attestations do not authorize live clinical care."},{"log":"Buyer diligence and secure evidence vault readiness","owner":"Sales operations, legal, privacy, and security","currentSource":"Buyer room, diligence packets, and disabled-by-default vault readiness controls.","proofRoute":"/pilot-deal-room","metricUse":"Customer proof, revenue-stage maturity, and enterprise procurement readiness.","boundary":"Sensitive buyer document storage remains disabled until approved controls exist."},{"log":"Protected operator metric ledger","owner":"Founder, finance advisor, product, and trust operations","currentSource":"AAL2 tenant-scoped no-PHI captures for model cost, review time, delivery hours, proof-packet count, and workflow volume.","proofRoute":"/pilot-workspace/access","metricUse":"Unit-economics discipline, board review, pricing posture, and finance-readiness coverage.","boundary":"Operator metrics are aggregate operating metadata, not audited financial reporting, securities offering material, valuation assurance, reimbursement assurance, or clinical validation."},{"log":"Trust Safety Operations","owner":"Trust, safety, legal, security, communications, and executive leadership","currentSource":"Incident, copyright, public-claims, safety, escalation, and continuous-improvement registers.","proofRoute":"/trust-safety-operations","metricUse":"Public-company operating discipline and brand-risk control.","boundary":"Current registers do not replace managed 24/7 SOC, counsel review, or insurance decisions."}],"customerProofStages":[{"stage":"Public product proof","buyerCommitment":"Self-guided inspection","scrimedProof":"Product console, demos, pricing, Trust Center, and public market readiness.","revenueSignal":"Qualified buyer enters pilot intake or sales conversation.","nextGate":"Paid assessment scope and no-PHI acknowledgement."},{"stage":"Paid assessment","buyerCommitment":"Fixed-fee workflow intelligence engagement","scrimedProof":"Workflow maps, governance gap register, KPI baseline plan, and pilot recommendation.","revenueSignal":"Assessment revenue plus qualified pilot conversion.","nextGate":"Synthetic pilot success criteria and sponsor approval."},{"stage":"Synthetic pilot","buyerCommitment":"45-90 day governed evaluation","scrimedProof":"Synthetic workflow packets, Trust Cards, QA evidence, observability, and buyer diligence export.","revenueSignal":"Pilot revenue and expansion case.","nextGate":"Protected pilot data boundary, security, legal, privacy, and identity approvals."},{"stage":"Protected enterprise pilot","buyerCommitment":"Tenant-isolated governed pilot","scrimedProof":"AAL2 access, audit events, approval workflow, command intelligence, and proof packets.","revenueSignal":"Protected pilot revenue and enterprise license proposal.","nextGate":"Signed production controls, human-review SOP, connector validation, and go-live approval."},{"stage":"Enterprise operating license","buyerCommitment":"Annual or multi-year platform agreement","scrimedProof":"Measured workflow value, margin discipline, governance reporting, and expansion roadmap.","revenueSignal":"Recurring platform revenue, modules, connectors, regions, and support expansion.","nextGate":"Board-level value review and multi-workflow expansion."}],"boardCadence":[{"cadence":"Weekly operating review","owner":"Founder, product, engineering, sales, and trust operations","reviewedSignals":["build and smoke status","protected route failures","sales intake quality","buyer proof packet readiness","known blockers"],"decisionOutput":"fix list, release gate, buyer follow-up, and next build step"},{"cadence":"Monthly metric review","owner":"Founder, finance advisor, sales, product, and delivery","reviewedSignals":["cost per workflow","pilot conversion","time saved signal","model cost trend","delivery effort by package"],"decisionOutput":"pricing adjustments, margin guardrails, and pilot scope standards"},{"cadence":"Quarterly governance review","owner":"Executive leadership, counsel, security, privacy, clinical advisors, and board advisors","reviewedSignals":["claims register","clinical activation gates","security/privacy blockers","incident trends","enterprise-readiness gaps"],"decisionOutput":"approved claims, prohibited claims, risk acceptances, and production readiness decisions"},{"cadence":"Investor diligence review","owner":"Founder, finance, legal, product, and investor relations","reviewedSignals":["customer proof ladder","unit economics maturity","gross margin assumptions","recurring revenue path","competitive edge"],"decisionOutput":"board memo, investor packet, and external-review queue"}],"limitations":[{"limitation":"No audited financial statements inside SCRIMED yet","impact":"External investors cannot treat current KPI stack as audited financial reporting.","workaround":"Use the KPI definitions, pricing tiers, sales audit evidence, and proof packets as operating-readiness material while finance and accounting review is completed.","graduationGate":"Finance-reviewed chart of accounts, revenue recognition policy, cost allocation, and audit-ready reporting."},{"limitation":"No live clinical outcomes","impact":"SCRIMED cannot claim patient-outcome improvement from production deployment.","workaround":"Report synthetic and protected-pilot operational metrics only, then graduate to customer-approved outcome studies after legal, clinical, privacy, and data rights approval.","graduationGate":"Customer-approved clinical governance protocol, IRB or ethics review when required, and signed data-processing path."},{"limitation":"No PHI-enabled cost telemetry","impact":"Patient-level cost per interaction remains a pilot-equivalent definition.","workaround":"Use synthetic interactions and buyer-approved aggregate workflow baselines until PHI authorization, BAA/DPA, consent, and production controls exist.","graduationGate":"Approved production data boundary, minimum-necessary design, audit controls, and customer authorization."},{"limitation":"No securities offering or valuation guarantee","impact":"Investor narrative must stay as strategic positioning, not investment solicitation.","workaround":"Keep public-market readiness language framed as internal operating discipline and diligence preparation, with counsel-reviewed materials before fundraising use.","graduationGate":"Qualified securities counsel, approved investor materials, and controlled data-room process."},{"limitation":"Secure evidence vault storage remains disabled by default","impact":"Sensitive buyer diligence artifacts cannot be uploaded into SCRIMED yet.","workaround":"Use metadata-only vault readiness and buyer-approved external secure channels until DLP, malware scanning, encryption, retention, legal hold, and access reviews are approved.","graduationGate":"Approved storage provider, security controls, legal terms, incident response, and access-review workflow."}],"nextBuildStep":"Add customer-ready security questionnaire response registry and procurement evidence routing without storing confidential questionnaires, SOC reports, penetration-test reports, credentials, PHI, signed legal artifacts, or sensitive customer documents in SCRIMED.","updated":"2026-06-20"},"salesDealRoomSummary":{"service":"scrimed-sales-deal-room","route":"/pilot-deal-room","apiRoute":"/api/pilot-deal-room","protectedPacketRoute":"/api/sales-operations/opportunities/{intakeId}/deal-room-packet","workspaceProvisioningRoute":"/api/sales-operations/opportunities/{intakeId}/workspace-provisioning","workspaceProvisioningPacketRoute":"/api/sales-operations/opportunities/{intakeId}/workspace-provisioning/packet","buyerTenantLifecycleRoute":"/api/sales-operations/opportunities/{intakeId}/tenant-lifecycle","buyerTenantLifecyclePacketRoute":"/api/sales-operations/opportunities/{intakeId}/tenant-lifecycle/packet","productionActivationReadinessRoute":"/api/sales-operations/opportunities/{intakeId}/production-readiness","productionActivationReadinessPacketRoute":"/api/sales-operations/opportunities/{intakeId}/production-readiness/packet","customerActivationApprovalsRoute":"/api/sales-operations/opportunities/{intakeId}/activation-approvals","customerActivationApprovalsPacketRoute":"/api/sales-operations/opportunities/{intakeId}/activation-approvals/packet","buyerDiligenceRoomRoute":"/api/sales-operations/opportunities/{intakeId}/buyer-diligence","buyerDiligenceRoomPacketRoute":"/api/sales-operations/opportunities/{intakeId}/buyer-diligence/packet","secureEvidenceVaultReadinessRoute":"/api/sales-operations/opportunities/{intakeId}/evidence-vault-readiness","secureEvidenceVaultReadinessPacketRoute":"/api/sales-operations/opportunities/{intakeId}/evidence-vault-readiness/packet","status":"public-organization-and-protected-packet-ready","defaultWorkspaceSlug":"atlas-synthetic-evaluation","proofStackStatus":"sales-to-buyer-room-linkage-ready","buyerRoomProofStackStatus":"aal2-buyer-room-evidence-bundle","buyerRoomPacketProofStackStatus":"aal2-audited-buyer-diligence-export","opportunityWorkspaceProvisioningProofStackStatus":"aal2-opportunity-workspace-provisioning","opportunityWorkspaceProvisioningPacketProofStackStatus":"aal2-audited-opportunity-workspace-packets","buyerTenantLifecycleProofStackStatus":"aal2-buyer-tenant-lifecycle-automation","buyerTenantLifecyclePacketProofStackStatus":"aal2-audited-buyer-tenant-lifecycle-packets","productionActivationReadinessProofStackStatus":"aal2-production-sso-invitation-readiness","productionActivationReadinessPacketProofStackStatus":"aal2-audited-production-readiness-packets","customerActivationApprovalsProofStackStatus":"aal2-paid-pilot-activation-approvals","customerActivationApprovalsPacketProofStackStatus":"aal2-audited-activation-approval-packets","buyerDiligenceRoomProofStackStatus":"aal2-buyer-evidence-signed-controls-diligence-room","buyerDiligenceRoomPacketProofStackStatus":"aal2-audited-buyer-diligence-packets","secureEvidenceVaultReadinessProofStackStatus":"aal2-secure-evidence-vault-readiness-disabled-by-default","secureEvidenceVaultReadinessPacketProofStackStatus":"aal2-audited-secure-evidence-vault-readiness-packets","executiveThesis":"SCRIMED converts public product proof, governed pilot intake, tenant-admin sales operations, buyer-room diligence, premium pricing, and protected workspace evidence into one enterprise-ready pilot acquisition path.","stages":[{"stage":"1. Discover","buyerQuestion":"What is SCRIMED and why is it differentiated?","scrimedProof":"Official website, competitive edge page, Product Console, Trust Center, and pricing posture.","primaryRoute":"/competitive-edge","gatedBoundary":"Public education only; no buyer data or clinical claims required."},{"stage":"2. Evaluate","buyerQuestion":"Can the product show governed workflow value before live data?","scrimedProof":"Demos, AgentOS evaluation, workflows, synthetic fixtures, Trust Cards, and proof routes.","primaryRoute":"/demos","gatedBoundary":"Synthetic scenarios only; no PHI or patient-facing execution."},{"stage":"3. Request","buyerQuestion":"Can my organization scope a paid assessment or synthetic pilot?","scrimedProof":"Pilot intake captures buyer segment, workflow targets, governance needs, and no-PHI acknowledgement.","primaryRoute":"/pilot","gatedBoundary":"Business-contact and workflow-scope intake only."},{"stage":"4. Qualify","buyerQuestion":"Can SCRIMED manage opportunity ownership and next steps?","scrimedProof":"Sales Operations provides tenant-admin ownership, pipeline stage, follow-up, assessment scheduling, and audit.","primaryRoute":"/sales-operations","gatedBoundary":"AAL2 tenant-admin access required; no direct table mutation."},{"stage":"5. Prove","buyerQuestion":"Can we inspect tenant-scoped proof and limitations before paying for more scope?","scrimedProof":"Buyer Pilot Room bundles readiness, evidence counts, commercial path, competitive edge, limitations, and packet audit.","primaryRoute":"/pilot-workspace/access","gatedBoundary":"Protected tenant workspace; synthetic-only, write-before-release artifacts."},{"stage":"6. Commit","buyerQuestion":"What commercial step should we approve next?","scrimedProof":"Non-binding deal-room packet, proposal, pricing tier, governance pack, and buyer-specific next action.","primaryRoute":"/pricing","gatedBoundary":"Final scope, legal terms, security review, and production permissions require written approval."}],"siteLanes":[{"lane":"Official Website","audience":"Public buyers, partners, advisors, and press","route":"https://www.scrimedsolutions.com","purpose":"Brand credibility, founder story, broad education, and top-of-funnel trust.","handoff":"Route serious buyers to the product app, pilot intake, or competitive-edge page."},{"lane":"Product App","audience":"Enterprise evaluators, investors, and sales engineering","route":"https://app.scrimedsolutions.com","purpose":"Show the actual SCRIMED product console, demos, pricing, trust posture, workflows, and protected pilot access.","handoff":"Move from self-guided proof to a paid assessment or synthetic pilot."},{"lane":"Protected Workspace","audience":"Approved tenant admins, pilot leads, reviewers, and SCRIMED operators","route":"/pilot-workspace/access","purpose":"Package tenant-scoped synthetic sessions, audit evidence, demo readiness, TrustOps, and Buyer Diligence Exports.","handoff":"Use audited packets for diligence follow-up and protected-pilot planning."},{"lane":"Sales Operations","audience":"SCRIMED tenant-admin commercial operators","route":"/sales-operations","purpose":"Own opportunities, proposals, follow-ups, CRM export, attribution packets, assessment invites, and deal-room packets.","handoff":"Create a buyer-specific packet that links opportunity scope to product proof and the protected Buyer Pilot Room."}],"competitiveEdges":[{"pillar":"Healthcare Intelligence Infrastructure","claim":"SCRIMED is positioned as a governed healthcare intelligence operating layer, not another chatbot, ambient note feature, or isolated automation tool.","proof":"AgentOS, Atlas Intelligence Core, TrustOS, persistent workspaces, interoperability contracts, and audit packets are exposed as one operating stack.","route":"/healthcare-intelligence-os","blockedClaim":"Does not claim autonomous clinical execution or replacement of healthcare professionals."},{"pillar":"Trust-First Enterprise Proof","claim":"Every buyer-facing proof artifact is designed around human review, tenant isolation, synthetic-only boundaries, and write-before-release audit evidence.","proof":"Protected pilot workspaces use Supabase Auth, AAL2 assurance, tenant-scoped RLS, durable sessions, audit events, demo snapshots, and proof packets.","route":"/pilot-workspace/access","blockedClaim":"Does not claim HIPAA certification, SOC 2 certification, FDA clearance, or production authorization."},{"pillar":"Interoperability Sidecar Strategy","claim":"SCRIMED can sit beside existing EHR, payer, imaging, device, and analytics systems as a review-gated intelligence layer instead of replacing the record of truth.","proof":"FHIR, HL7 v2, DICOM/DICOMweb, X12, C-CDA, LOINC, SNOMED CT, RxNorm, ICD, and CPT/HCPCS readiness are represented through synthetic contracts and conformance routes.","route":"/interoperability","blockedClaim":"Does not claim certified live connector status or production EHR writeback during synthetic pilots."},{"pillar":"Evidence-To-Revenue Motion","claim":"SCRIMED sells high-value enterprise evaluation, protected pilots, and operating licenses anchored to workflow value, governance scope, and measurable proof.","proof":"Pricing tiers, pilot intake, Sales Operations, attribution analytics, enterprise proof packets, and the Buyer Diligence Export connect product evidence to commercial execution.","route":"/pricing","blockedClaim":"Does not guarantee savings, reimbursement, denial reduction, or clinical outcomes."},{"pillar":"FaithCore And Atlas Trust Positioning","claim":"SCRIMED can serve enterprise-neutral buyers through Atlas while preserving a distinct spiritually aligned FaithCore pathway for organizations that explicitly want it.","proof":"FaithCore and Atlas remain separate positioning lanes, keeping enterprise compliance language professional while allowing faith-aligned encouragement where appropriate.","route":"/faithcore","blockedClaim":"Does not mix spiritual support with diagnosis, treatment, emergency triage, or clinical authority."},{"pillar":"Global Deployment Optionality","claim":"SCRIMED is being shaped for cloud, private cloud, sovereign cloud, hospital-controlled, and edge/on-prem evaluation paths.","proof":"Deployment profiles, strategic platform intelligence, runtime safety gates, and no-live-data synthetic evaluations preserve buyer optionality before production scope.","route":"/deployment-profiles","blockedClaim":"Does not claim region-specific compliance approval until legal, privacy, security, and customer deployment review are complete."}],"limitations":[{"limitation":"Opportunities now support buyer-specific protected workspace provisioning and lifecycle activation after qualification.","resolution":"Qualified opportunities can provision a protected workspace, activate buyer tenant lifecycle controls, package domain SSO policy, manual invitation delivery, access review cadence, retention/archive controls, and audited packets. Unprovisioned opportunities still route to the default synthetic workspace with clear labeling.","productionGate":"Signed customer tenant architecture, production SSO configuration, transactional email approval, legal review, and live connector authorization."},{"limitation":"Production SSO, automated invitations, and workspace archive execution still require customer-specific approval.","resolution":"Production readiness packets now package buyer-domain verification, redirect/origin registry, invitation template approval, transactional delivery guardrails, access-review attestation, and archive runbook before any automated send or SSO cutover.","productionGate":"Verified buyer domain, approved IdP configuration, approved sending provider, legal/privacy/security sign-off, incident response path, and written enterprise authorization."},{"limitation":"Written SCRIMED approval can unblock paid pilot setup, but not live healthcare operations.","resolution":"Customer activation approval packets now record paid-pilot setup authorization, allowed setup actions, retained blockers, owner approvals, and evidence requirements after production readiness exists.","productionGate":"Separate buyer and SCRIMED written approval for PHI, production connectors, customer SSO cutover, automated bulk invitations, payer submission, patient outreach, clinical validation, and live workflow execution."},{"limitation":"Sensitive buyer diligence documents should not be uploaded until storage, DLP, retention, and legal hold controls are approved.","resolution":"Buyer diligence rooms now track metadata-only evidence requirements, signed-control status, BAA/DPA posture, IdP/domain proof needs, transactional provider decisions, production connector readiness, and packet history without collecting sensitive files.","productionGate":"Approved document storage, malware scanning, DLP, retention/legal hold, access reviews, buyer-approved secure exchange path, and counsel-reviewed signed controls."},{"limitation":"Sensitive evidence vaulting is not enabled until security, privacy, legal, residency, and incident controls are approved.","resolution":"Secure evidence vault readiness now packages disabled-by-default storage-provider decisioning, encryption/key management, DLP, malware scanning, retention/legal hold, access reviews, evidence classification, upload approval, incident response, regional residency, target audience, and revenue-path controls.","productionGate":"Approved vault provider, BAA/DPA path, encryption key ownership, DLP/malware controls, legal hold, deletion workflow, access review cadence, incident response, region policy, counsel review, and buyer authorization."},{"limitation":"Authenticated happy-path automation still requires a short-lived AAL2 bearer token.","resolution":"Keep fail-closed public smoke checks and use human AAL2 browser sessions for buyer packet generation.","productionGate":"Approved CI secret rotation, token expiry, and identity operations."},{"limitation":"Direct live connectors, PHI workflows, payer submission, and patient outreach remain blocked.","resolution":"Use synthetic fixtures, contracts, conformance evidence, and human-reviewed proof packets until production scope is signed.","productionGate":"Legal, privacy, security, clinical governance, BAA/DPA path, and connector validation."}],"boundary":"SCRIMED Pilot Deal Rooms organize public product proof, tenant-admin sales evidence, buyer-room routing, pricing posture, and non-binding proposal artifacts for governed synthetic evaluations only. They do not accept PHI, authorize live clinical execution, certify compliance, guarantee reimbursement, submit payer transactions, or provide medical, legal, or regulatory advice.","updated":"2026-06-17"},"updated":"2026-06-24"},"healthRecords":{"service":"scrimed-health-records-safety-exchange","route":"/health-records","apiRoute":"/api/health-records","briefRoute":"/api/health-records/brief","extractRoute":"/api/health-records/extract","status":"health-records-safety-exchange-control-plane-active","briefStatus":"health-records-safety-exchange-brief-ready","extractionStatus":"synthetic-health-record-extraction-evaluator-active","boundary":"SCRIMED Health Records Safety Exchange defines no-PHI health-record ingestion, extraction, normalization, interoperability, and patient-safety controls for synthetic and customer-approved sandbox evaluation. It does not authorize live PHI ingestion, production EHR access, patient matching, diagnosis, treatment, emergency triage, order entry, prescribing, payer submission, patient outreach, autonomous clinical decisions, record mutation, or production connector execution.","capabilityCount":5,"sourceReferenceCount":5,"extractionStageCount":5,"safetyCheckCount":6,"safetyControlCount":31,"boundaryResolutionCount":5,"liveBlockedCapabilityCount":4,"blockedActionCount":20,"workaroundCount":20,"capabilities":[{"slug":"fhir-record-ingestion","name":"FHIR health-record intake and normalization","status":"synthetic-ready","sourceFormats":["fhir-bundle"],"standardBindings":["FHIR R4/R4B","US Core","USCDI","SMART App Launch"],"extractionTargets":["Patient metadata placeholders","Encounter timeline","Observation, lab, and vital signals","Condition and problem context","MedicationRequest and MedicationStatement context","AllergyIntolerance and CarePlan references"],"patientSafetyControls":["synthetic-only assertion","patient-context authorization gate","Provenance and AuditEvent mapping","terminology validation","no silent mutation"],"workarounds":["Use synthetic FHIR bundles and CapabilityStatement review before customer sandbox access.","Generate a mapping ledger instead of storing live patient records.","Keep EHR writeback disabled and export only reviewer packets."],"blockedActions":["live FHIR read","EHR writeback","patient matching","clinical decision automation"],"proofRoutes":["/interoperability","/interoperability/evaluations","/integrations/fixture-validation"]},{"slug":"hl7-v2-extraction","name":"HL7 v2 event and results extraction","status":"customer-sandbox-required","sourceFormats":["hl7-v2-message"],"standardBindings":["HL7 v2 ADT","HL7 v2 ORM/OML","HL7 v2 ORU","deployment-specific interface profiles"],"extractionTargets":["Admission/discharge/transfer events","Order and result identifiers","Observation status","Source-system timestamps","Interface-engine acknowledgement behavior"],"patientSafetyControls":["ACK/NACK reconciliation","dead-letter queue","source timestamp preservation","duplicate event detection","human workflow review"],"workarounds":["Request de-identified or synthetic HL7 v2 samples from the buyer interface team.","Validate segment maps against a sandbox interface engine before production feed access.","Route unmatched segments to a mapping-review queue instead of guessing."],"blockedActions":["production ADT feed","result posting","order mutation","unreviewed segment inference"],"proofRoutes":["/interoperability","/integrations","/health-records"]},{"slug":"clinical-document-extraction","name":"C-CDA and document intelligence extraction","status":"metadata-only","sourceFormats":["c-cda-document","unstructured-note","csv-export"],"standardBindings":["C-CDA","FHIR DocumentReference","LOINC","SNOMED CT","Atlas evidence layer"],"extractionTargets":["Document type and section map","Problem/medication/allergy section placeholders","Missing-section signals","Evidence attribution and document provenance","Reviewer-ready summary outline"],"patientSafetyControls":["source attribution required","stale fact detection","free-text PHI blocker","clinical summary draft-only status","reviewer signoff required"],"workarounds":["Keep public demos on synthetic documents and redact all identifiers.","Use metadata-only external artifact references for buyer evidence rooms.","Create document-section maps without retaining source documents until the customer data path is approved."],"blockedActions":["live note ingestion","patient-specific summary release","diagnosis extraction claim","unreviewed document upload"],"proofRoutes":["/atlas","/pilot-workspace/access#authority-artifact-references","/health-records"]},{"slug":"imaging-record-routing","name":"Imaging record and DICOM metadata routing","status":"metadata-only","sourceFormats":["dicom-metadata"],"standardBindings":["DICOM","DICOMweb","FHIR ImagingStudy","IHE ATNA"],"extractionTargets":["Study and series metadata","Modality and accession placeholders","DICOMweb service readiness","Imaging audit trace","De-identification posture"],"patientSafetyControls":["pixel data excluded","diagnostic interpretation blocked","metadata minimization","de-identification validation","radiology governance review"],"workarounds":["Use metadata-only synthetic DICOMweb fixtures.","Route image interpretation questions to radiology governance before product claims.","Require DICOM Part 2 conformance statements before partner testing."],"blockedActions":["pixel-data ingestion","diagnostic interpretation","PACS retrieval","imaging result writeback"],"proofRoutes":["/interoperability/evaluations/dicomweb-imaging-readiness","/health-records"]},{"slug":"payer-record-prior-auth","name":"Payer, coverage, and prior-authorization record extraction","status":"external-review-required","sourceFormats":["x12-prior-auth","fhir-bundle","csv-export"],"standardBindings":["FHIR Coverage","FHIR Claim","FHIR ExplanationOfBenefit","X12 278","CMS prior authorization APIs"],"extractionTargets":["Coverage and eligibility context","Prior authorization status metadata","Required documentation checklist","Policy evidence links","Human approval state"],"patientSafetyControls":["no payer submission","no reimbursement guarantee","policy-source attribution","coding-review escalation","payer-specific validation"],"workarounds":["Generate synthetic prior-authorization packets and missing-evidence checklists.","Use payer sandbox or policy PDFs only after counsel/customer approval.","Keep financial outcomes qualified and route to human RCM review."],"blockedActions":["payer submission","benefit determination","claim filing","reimbursement guarantee"],"proofRoutes":["/demos/prior-authorization-support","/growth-engine","/health-records"]}],"extractionStages":[{"stage":"Intake gate","owner":"Data governance and integration owner","inputBoundary":"Synthetic fixtures, metadata-only references, or customer-approved sandbox samples only.","output":"Accepted source-format declaration and rejected live-data signal list.","safetyGate":"Block PHI, patient identifiers, payer member data, credentials, production URLs, and source records."},{"stage":"Schema and profile detection","owner":"Interoperability engineering","inputBoundary":"Declared format and sample metadata.","output":"FHIR/HL7/C-CDA/DICOM/X12 profile hypothesis with version uncertainty.","safetyGate":"Require human confirmation before treating a profile as deployment truth."},{"stage":"Extraction and normalization","owner":"Atlas and interoperability agents","inputBoundary":"Synthetic or approved sandbox payload only.","output":"Canonical extraction map, missing-field register, terminology queue, and provenance ledger.","safetyGate":"Draft-only output; no diagnosis, treatment, order, payer, outreach, or writeback action."},{"stage":"Patient-safety lint","owner":"TrustOS and clinical governance","inputBoundary":"Normalized signals and source provenance.","output":"Safety-check results for identity, units, medications, allergies, stale facts, provenance, and action boundary.","safetyGate":"Critical findings block release and route to a qualified reviewer."},{"stage":"Reviewer packet","owner":"Customer workflow owner and SCRIMED operator","inputBoundary":"No-PHI evidence, accepted synthetic findings, and retained external gate list.","output":"Reviewer-ready packet with workarounds, blocked actions, retained gates, and proof routes.","safetyGate":"Human approval required before customer sandbox, PHI, connector, or production workflow expansion."}],"safetyChecks":[{"id":"phi-live-data-blocker","name":"PHI and live-record blocker","severity":"critical","trigger":"Payload declares PHI, patient identifiers, payer member IDs, production URLs, credentials, or live clinical records.","mitigation":"Reject request and return no-storage boundary guidance.","workaround":"Use synthetic fixtures, metadata-only references, or customer-approved sandbox data after signed controls."},{"id":"patient-identity-resolution","name":"Patient identity and matching guard","severity":"critical","trigger":"Request asks SCRIMED to match, merge, deduplicate, or select a live patient.","mitigation":"Block patient matching and route to customer MPI/identity governance.","workaround":"Use synthetic patient placeholders and show the required MPI acceptance test."},{"id":"unit-terminology-drift","name":"Unit, terminology, and semantic drift lint","severity":"high","trigger":"Labs, vitals, medications, procedures, or conditions lack units, code-system version, or mapping provenance.","mitigation":"Mark extracted facts as unresolved and require terminology review.","workaround":"Expose a mapping queue with LOINC, SNOMED CT, RxNorm, ICD, CPT/HCPCS, and local-code placeholders."},{"id":"medication-allergy-safety","name":"Medication and allergy review guard","severity":"critical","trigger":"Medication, allergy, or interaction context is requested for clinical use.","mitigation":"Keep output draft-only and require pharmacist/clinician review before any care action.","workaround":"Generate a review checklist instead of advice, prescribing, or patient instruction."},{"id":"stale-conflicting-source","name":"Stale, conflicting, or unattributed source guard","severity":"high","trigger":"Extracted facts conflict across sources or lack timestamp/provenance.","mitigation":"Block fact promotion into reviewer packet until source conflict is resolved.","workaround":"Create a missing-evidence register and route to the customer records owner."},{"id":"writeback-action-blocker","name":"Writeback and patient-action blocker","severity":"critical","trigger":"Request asks for EHR mutation, order entry, outreach, payer submission, triage, or final clinical recommendation.","mitigation":"Reject the action and preserve a no-authority audit event.","workaround":"Produce a human-reviewed draft packet and retain the live-action gate."}],"boundaryResolutions":[{"boundary":"Live PHI and patient identifiers","riskIfIgnored":"Privacy breach, contractual breach, regulatory exposure, and loss of buyer trust.","currentControl":"Public and synthetic routes reject PHI and live records; extraction evaluator requires syntheticOnly=true.","safeWorkaround":"Use synthetic fixtures, metadata-only references, and customer sandbox placeholders.","remainingGate":"Signed BAA/DPA or non-PHI determination, privacy/security review, retention policy, and customer approval.","owner":"Privacy, security, legal, customer compliance, and data governance","proofRoutes":["/health-records","/clinical-care-activation","/approvals-readiness"]},{"boundary":"Production EHR, HIE, payer, imaging, and device connectors","riskIfIgnored":"Unsafe data exchange, silent record mutation, trading-partner breach, and patient-safety exposure.","currentControl":"Connector work remains standards-aware and synthetic until partner acceptance testing exists.","safeWorkaround":"Run conformance kits, fixture validation, CapabilityStatement review, and sandbox mapping packets.","remainingGate":"Customer sandbox approval, partner acceptance, security review, purpose-of-use, consent, audit, monitoring, and rollback.","owner":"Interoperability engineering, customer integration owner, security, and clinical governance","proofRoutes":["/interoperability","/interoperability/evaluations","/health-records"]},{"boundary":"Patient safety and clinical action","riskIfIgnored":"Incorrect patient context, unsafe care recommendation, missed escalation, or unauthorized clinical decision support.","currentControl":"Outputs are draft-only, source-attributed, reviewer-gated, and blocked from clinical action.","safeWorkaround":"Produce reviewer checklists, missing-data registers, and escalation queues instead of recommendations.","remainingGate":"Licensed clinical governance, intended-use review, validation protocol, safety case, and customer go-live approval.","owner":"Clinical governance, TrustOS, product, and customer clinical owner","proofRoutes":["/clinical-authority-readiness","/clinical-care-activation","/health-records"]},{"boundary":"Patient matching and longitudinal record assembly","riskIfIgnored":"Wrong-patient record merge, duplicate facts, incomplete histories, and unsafe downstream automation.","currentControl":"SCRIMED does not match live patients or merge production longitudinal records.","safeWorkaround":"Use synthetic identity placeholders and route matching to customer MPI or identity-governance owners.","remainingGate":"Customer MPI acceptance tests, identity policy, consent path, error reconciliation, audit, and clinical owner approval.","owner":"Customer identity governance, interoperability engineering, and clinical safety","proofRoutes":["/health-records","/interoperability","/workflows/runtime-safety"]},{"boundary":"Payer submission and reimbursement outcomes","riskIfIgnored":"Improper payer transaction, false reimbursement expectation, and regulatory or contract exposure.","currentControl":"SCRIMED creates synthetic prior-auth support packets and missing-evidence lists only.","safeWorkaround":"Route payer work to human RCM review and customer payer-policy owners.","remainingGate":"Payer/trading-partner approval, X12/FHIR API testing, coding review, legal review, and customer release authority.","owner":"RCM owner, legal, customer sponsor, and payer integration owner","proofRoutes":["/health-records","/growth-engine","/enterprise-business-ops"]}],"sourceReferences":[{"name":"HL7 FHIR R4 and FHIR release directory","url":"https://www.hl7.org/fhir/R4/","checkedAt":"2026-06-25","implication":"FHIR is the primary resource model for synthetic record extraction, CapabilityStatement review, AuditEvent, Provenance, and deployment-specific profile validation."},{"name":"ONC TEFCA","url":"https://healthit.gov/policy/tefca/","checkedAt":"2026-06-25","implication":"Nationwide exchange requires purpose-of-use, participant/QHIN path, privacy/security controls, and exchange governance before real patient data flows."},{"name":"ONC USCDI","url":"https://www.healthit.gov/isa/united-states-core-data-interoperability-uscdi","checkedAt":"2026-06-25","implication":"Record extraction targets must map to standardized data classes before SCRIMED represents health-record interoperability coverage."},{"name":"CMS Interoperability and Prior Authorization Final Rule CMS-0057-F","url":"https://www.cms.gov/initiatives/burden-reduction/overview/interoperability/policies-regulations/cms-interoperability-prior-authorization-final-rule-cms-0057-f","checkedAt":"2026-06-25","implication":"Payer/provider/prior-authorization workflows need API timing, payer policy, transaction governance, and no-guarantee reimbursement controls."},{"name":"DICOM current standard","url":"https://www.dicomstandard.org/current","checkedAt":"2026-06-25","implication":"Imaging metadata can be prepared for routing and provenance, but diagnostic interpretation and pixel-data workflows remain separately gated."}],"operatingRules":["Reject PHI, patient identifiers, payer member IDs, production credentials, source records, and production endpoints in public or synthetic workflows.","Use FHIR, HL7 v2, C-CDA, DICOM/DICOMweb, X12, USCDI, TEFCA, and terminology standards as readiness contracts, not live connector approval.","Keep patient matching, diagnosis, treatment, triage, prescribing, patient outreach, payer submission, and record mutation blocked.","Route ambiguous mappings, missing provenance, stale facts, medication/allergy safety, and units/terminology conflicts to qualified human review.","Require customer sandbox approval, privacy/security/legal review, clinical governance, consent/purpose-of-use, audit, monitoring, rollback, and go-live approval before live data exchange."],"nextActions":["Attach Health Records Safety Exchange to every interoperability, clinical-care activation, and buyer integration conversation.","Use the extraction evaluator to convert synthetic record requests into reviewer packets and retained gates.","Promote only standards-mapped, source-attributed, human-reviewed, no-PHI evidence into buyer diligence.","Create customer-specific sandbox acceptance tests before any live connector work."],"updated":"2026-06-25"},"investorAudience":{"service":"scrimed-investor-audience-readiness","route":"/investor-audience-readiness","apiRoute":"/api/investor-audience-readiness","briefRoute":"/api/investor-audience-readiness/brief","status":"investor-audience-readiness-control-plane-active","briefStatus":"investor-audience-readiness-brief-ready-no-securities-offer","boundary":"SCRIMED Investor and Audience Readiness organizes weakness relief, competitive differentiation, sellable value, and investor or buyer audience packets for readiness review. It is operating-readiness material only. It is not investment advice, securities offering material, audited financial reporting, valuation assurance, legal advice, tax advice, accounting advice, solicitation, private placement approval, Form D filing, crowdfunding approval, nonprofit tax advice, donor advice, faith-based endorsement, customer revenue guarantee, profit guarantee, reimbursement assurance, security certification, regulatory approval, PHI processing approval, production connector approval, or live clinical care authorization.","posture":"weakness-relief-and-audience-packaging-active-no-securities-offer","authority":{"dataBoundary":"synthetic-and-business-readiness-only","securitiesAuthority":"not-securities-offering-material","investmentAdvice":"not-investment-advice","solicitationAuthority":"not-solicitation","valuationAuthority":"not-valuation-assurance","financialAuthority":"not-audited-financial-report","legalAuthority":"qualified-review-required","taxAuthority":"qualified-review-required","nonprofitAuthority":"qualified-review-required","faithBasedAuthority":"not-endorsement-or-donor-advice","revenueAuthority":"not-revenue-guarantee","profitAuthority":"not-profit-margin-guarantee","reimbursementAuthority":"no-reimbursement-guarantee","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","securityCertification":"not-security-certified","customerProofAuthority":"customer-permission-required"},"sourceAlignment":{"capitalRevenueCapabilityCount":8,"capitalMoatSignalCount":9,"capitalInvestorMilestoneCount":8,"growthPlayCount":6,"growthConversionLaneCount":4,"enterpriseBusinessRevenueCapabilityCount":9,"enterpriseBusinessMarginControlCount":10,"marketActivationTargetAudienceCount":8,"marketActivationRevenueStreamCount":5,"publicMarketMetricCount":10,"publicMarketCustomerProofStageCount":5,"limitationsWorkaroundTrackCount":12,"limitationsWorkaroundPacketCount":8},"weaknessTrackCount":10,"criticalWeaknessCount":0,"highWeaknessCount":4,"mediumWeaknessCount":6,"competitiveEdgeSignalCount":8,"audiencePacketCount":10,"readyNowAudienceCount":4,"packageNextAudienceCount":3,"externalReviewAudienceCount":3,"readinessGateCount":8,"strategicTargetCount":4,"diligenceEvidenceReadyCount":3,"diligenceReviewRequiredCount":5,"proofRouteCount":46,"blockedClaimCount":65,"weaknessReliefTracks":[{"weakness":"Fundraising story can sound like broad ambition instead of investable execution","severity":"high","currentExposure":"Multiple strong surfaces exist, but angels and strategics need the narrative compressed into wedge, proof, market, governance, and next capital use.","reliefSystem":"Use audience-specific packets that link Growth Engine, Capital Vitality, Product Console, Public Market Readiness, and protected Deal Room proof.","owner":"Founder + Capital Operations + qualified counsel","workaround":"Use readiness-only investor packets until a counsel-reviewed fundraising deck, data room, and exemption path are approved.","successMetric":"Each investor meeting maps to one audience packet, one proof route set, one ask boundary, and one counsel-review status.","graduationGate":"Approved investor materials, controlled data room, qualified securities counsel review, and founder-approved use-of-funds narrative.","proofRoutes":["/capital-vitality","/growth-engine","/public-market-readiness","/pilot-deal-room"],"blockedClaims":["Investment recommendation","Guaranteed return","Approved securities offering","Valuation assurance"]},{"weakness":"Competitive differentiation can be diluted by generic AI healthcare language","severity":"high","currentExposure":"Healthcare AI buyers hear many model-wrapper pitches; SCRIMED needs the proof to foreground workflow intelligence, governance, and buyer diligence.","reliefSystem":"Lead with Healthcare Intelligence OS, AgentOS, Atlas, TrustOS, no-PHI synthetic validation, and release-control evidence.","owner":"Founder + Product Marketing + Claim Guard","workaround":"Replace generic AI phrases with proof-backed SCRIMED infrastructure claims and route every public claim through Claim Guard.","successMetric":"Every pitch section references at least one proof route and one retained boundary.","graduationGate":"Counsel-reviewed positioning guide plus approved claim library for investor, buyer, press, and partner use.","proofRoutes":["/healthcare-intelligence-os","/agents","/atlas","/trust-os","/qa-claim-guard"],"blockedClaims":["Best AI platform","Clinical validation complete","Certified compliance","Customer outcomes guaranteed"]},{"weakness":"Enterprise credibility depends on legal, finance, accounting, and deal controls being visible","severity":"high","currentExposure":"Large corporate and private investors will test whether SCRIMED can handle contracts, margin, revenue recognition, tax routing, and board-grade evidence.","reliefSystem":"Use Enterprise Business Ops, Capital Vitality, Public Market Readiness, and protected finance methodology gates.","owner":"Finance + Legal Ops + Revenue Operations","workaround":"Keep all finance, tax, accounting, legal, revenue recognition, and contract language in qualified-review mode before external release.","successMetric":"Every enterprise opportunity has package, price floor, scope, approval owner, margin exposure, and review status.","graduationGate":"Qualified legal/accounting/tax review completed for templates, SOWs, revenue methodology, and board/investor materials.","proofRoutes":["/enterprise-business-ops","/public-market-readiness","/pricing","/capital-vitality"],"blockedClaims":["Audited financial report","Tax advice","Contract approval","Revenue guarantee"]},{"weakness":"Faith-based clinic opportunity needs mission alignment without implying endorsement or nonprofit tax conclusions","severity":"medium","currentExposure":"Faith-based clinics may value access, trust, affordability, and stewardship, but public language must avoid religious endorsement, tax advice, or donor solicitation claims.","reliefSystem":"Use a mission-aligned clinic packet that emphasizes no-PHI workflow intelligence, safety, stewardship, and affordability controls.","owner":"Founder + FaithCore + qualified nonprofit counsel","workaround":"Keep faith-based clinic messaging as buyer-readiness and partnership-readiness language until counsel reviews nonprofit, donor, grant, and tax implications.","successMetric":"Each faith-based clinic conversation has mission fit, workflow pain, data boundary, review owner, and nonprofit/tax review status.","graduationGate":"Qualified counsel approves nonprofit, donor, grant, church-affiliated clinic, and charitable-use language before external fundraising or partnership claims.","proofRoutes":["/faithcore","/market-activation","/client-onboarding","/limitations-workarounds"],"blockedClaims":["IRS approval","Tax-deductible investment","Religious endorsement","Donor guarantee"]},{"weakness":"Buyer-specific proof is strong but release controls can slow momentum","severity":"medium","currentExposure":"Protected evidence improves trust, but investors and buyers may ask for named customer proof before customer permission and release gates exist.","reliefSystem":"Use metadata-only proof summaries, public route evidence, and protected release-control chain before buyer-specific artifacts move.","owner":"Buyer Diligence + Release Steward + TrustOps","workaround":"Offer non-confidential proof maps and synthetic evidence while buyer-specific artifacts stay inside AAL2 protected workspaces.","successMetric":"External proof requests are resolved with public proof, protected release decision, or blocked-claim explanation within the review SLA.","graduationGate":"Customer permission, release decision, reviewer signoff, recipient controls, and access-log reconciliation retained.","proofRoutes":["/pilot-workspace/access","/buyer-release-control-run","/qa-buyer-proof-release","/pilot-evidence"],"blockedClaims":["Customer endorsement","Production success","Named customer approval","Public release approved"]},{"weakness":"Clinical and PHI boundaries can make the product look less advanced if not framed correctly","severity":"medium","currentExposure":"No-PHI and no-live-care gates are strengths, but audiences may misread them as lack of ambition unless the staged path is explicit.","reliefSystem":"Frame synthetic proof, human review, authority readiness, interoperability mapping, and clinical activation gates as the safe path to scale.","owner":"Clinical Authority + TrustOS + Product","workaround":"Position live data as a gated future stage and make current sellable value about workflow intelligence, governance, and protected readiness.","successMetric":"Every demo and investor packet shows current no-PHI value plus the explicit gates required before live clinical use.","graduationGate":"Buyer-specific legal, privacy, security, clinical governance, BAA/DPA, connector, and runtime safety approvals retained.","proofRoutes":["/clinical-authority-readiness","/health-records","/interoperability","/approvals-readiness"],"blockedClaims":["PHI authorized","Live care authorized","EHR writeback approved","Clinical decision automation ready"]},{"weakness":"Corporate investors need strategic partnership paths, not only financial upside","severity":"medium","currentExposure":"Large corporations will look for integration leverage, distribution leverage, defensible workflows, procurement posture, and governance controls.","reliefSystem":"Package strategic-investor pathways around co-development, channel, deployment profile, interoperability readiness, and protected pilots.","owner":"Strategic Partnerships + Legal Ops + Product","workaround":"Separate non-binding strategic fit notes from term sheets, exclusivity, reseller economics, data rights, or integration commitments.","successMetric":"Each corporate investor conversation has strategic fit, channel path, integration boundary, data-rights hard stops, and legal review owner.","graduationGate":"Counsel-reviewed partnership term sheet, data rights, exclusivity limits, procurement path, and security review plan.","proofRoutes":["/global-reach","/deployment-profiles","/interoperability","/enterprise-business-ops"],"blockedClaims":["Partnership approved","Exclusive rights granted","Procurement approved","Production connector approved"]},{"weakness":"Private investors will pressure unit economics before real customer cohorts mature","severity":"high","currentExposure":"The business can show disciplined readiness, but actual CAC, retention, gross margin, and payback require measured buyer cohorts.","reliefSystem":"Use Public Market Readiness and Enterprise Business Ops to separate modeled assumptions from measured operating metrics.","owner":"Finance + Growth + Board Review","workaround":"Label unit economics as readiness assumptions until buyer-approved cohorts, finance methodology, and accounting review exist.","successMetric":"Each metric is tagged as modeled, measured, protected, buyer-approved, or external-review-required.","graduationGate":"Finance methodology approved with cohort definitions, margin accounting, customer permission, and board reporting controls.","proofRoutes":["/public-market-readiness","/enterprise-business-ops","/growth-engine","/sales-attribution"],"blockedClaims":["Audited metrics","Guaranteed margins","Guaranteed payback","Customer revenue assured"]},{"weakness":"Global and public-sector audiences need region-specific approval paths","severity":"medium","currentExposure":"Global interest can create overclaim risk if region, procurement, data residency, AI governance, and clinical authority are not separated.","reliefSystem":"Use Global Certification Readiness, Global Reach, Deployment Profiles, and Limitations Workarounds for region-specific packets.","owner":"Global Partnerships + Regional Counsel + Security","workaround":"Keep every country, public-sector, or sovereign conversation in preparation mode until regional legal, privacy, security, procurement, and clinical review exist.","successMetric":"Every global opportunity has region, buyer pack, procurement path, data residency assumption, and retained review owners.","graduationGate":"Regional counsel, privacy/security reviewers, procurement owner, and deployment profile approval retained before external claims expand.","proofRoutes":["/global-certification-readiness","/global-reach","/deployment-profiles","/limitations-workarounds"],"blockedClaims":["Regional approval","Government endorsement","Data residency approved","Conformity certified"]},{"weakness":"The product surface is powerful but can overwhelm first-time investors or clinic leaders","severity":"medium","currentExposure":"The platform has many routes and proof systems; audiences need a simple first path matched to their question.","reliefSystem":"Use this readiness layer as the audience router and keep navigation journeys tied to Product, Proof, Growth, Capital, Trust, and Onboarding.","owner":"Product Console + Navigation Owner + Sales Operations","workaround":"Route each audience to one packet, one executive brief, one proof ladder, and one next meeting action.","successMetric":"Audience path completion improves: packet opened, proof reviewed, next call scheduled, or disqualified with reason.","graduationGate":"Navigation telemetry, CRM source attribution, and buyer/investor feedback show repeatable packet-to-meeting conversion.","proofRoutes":["/navigation","/product","/client-onboarding","/growth-engine"],"blockedClaims":["Automated investor suitability","Automated buyer qualification","Guaranteed conversion","Unreviewed outreach"]}],"competitiveEdgeSignals":[{"signal":"Healthcare Intelligence OS rather than single-feature AI","uniqueness":"SCRIMED combines workflow intelligence, AgentOS, Atlas, TrustOS, evidence routing, and buyer diligence into one operating layer.","sellableValue":"Investors see a platform thesis; buyers see a practical route from workflow pain to governed pilots.","defensibility":"The defensibility is healthcare workflow structure, proof discipline, and trust operations, not raw model access.","pitchLine":"SCRIMED is building governed healthcare intelligence infrastructure for workflow transformation.","proofRoutes":["/healthcare-intelligence-os","/product","/agents","/atlas"],"retainedBoundary":"Platform thesis is not clinical validation, production approval, or investment advice."},{"signal":"Synthetic-first proof reduces early PHI and procurement friction","uniqueness":"The company can sell assessment, synthetic pilot, and governance value before live data access.","sellableValue":"Health systems and clinics can evaluate value without rushing PHI, EHR, or live-care authority.","defensibility":"Synthetic validation, fixture discipline, and no-PHI controls create repeatable buyer evidence while competitors wait for data access.","pitchLine":"SCRIMED can create enterprise learning velocity without crossing live-data gates early.","proofRoutes":["/demos","/pilots","/health-records","/interoperability/evaluations"],"retainedBoundary":"Synthetic evidence is not live clinical proof or PHI authorization."},{"signal":"TrustOS, Claim Guard, and release controls are productized","uniqueness":"Governance is embedded as a product surface with claims boundaries, proof promotion, and buyer release gates.","sellableValue":"Enterprise buyers can inspect how SCRIMED prevents overclaims, uncontrolled distribution, and unmanaged evidence.","defensibility":"Trust controls compound with every new route and proof packet.","pitchLine":"SCRIMED makes healthcare AI diligence operational instead of ad hoc.","proofRoutes":["/trust-os","/qa-claim-guard","/buyer-release-control-run","/pilot-workspace/access"],"retainedBoundary":"Trust readiness is not legal approval, certification, or customer permission."},{"signal":"Audience-specific packaging for capital and clinics","uniqueness":"The platform now separates angel, corporate strategic, private investor, faith-based clinic, public-sector, payer, provider, and global partner readiness.","sellableValue":"Each audience receives the proof and limits that match its decision process.","defensibility":"Audience-routing discipline reduces founder bottleneck and improves conversion quality.","pitchLine":"SCRIMED can speak to capital, clinics, and enterprise buyers without collapsing their risks into one generic pitch.","proofRoutes":["/investor-audience-readiness","/growth-engine","/capital-vitality","/client-onboarding"],"retainedBoundary":"Audience readiness is not investor suitability, solicitation, or procurement approval."},{"signal":"FaithCore and mission-aligned clinic pathway","uniqueness":"Faith-based clinic positioning is handled as stewardship, access, affordability, and safety readiness rather than religious endorsement.","sellableValue":"Mission-led clinics can evaluate workflow intelligence in a way that respects trust and resource constraints.","defensibility":"The positioning gives SCRIMED a differentiated community clinic wedge while retaining nonprofit and tax review boundaries.","pitchLine":"SCRIMED can help mission-led clinics improve operational capacity without forcing enterprise-style procurement first.","proofRoutes":["/faithcore","/market-activation","/client-onboarding","/investor-audience-readiness"],"retainedBoundary":"Faith-based readiness is not tax advice, donor advice, religious endorsement, or nonprofit approval."},{"signal":"Enterprise business operations are visible before scale","uniqueness":"Deal desk, margin, legal, accounting, tax, revenue operations, and approval roles are explicit.","sellableValue":"Large investors can see the operating controls needed for enterprise contracts and responsible growth.","defensibility":"Commercial discipline protects margin and reduces diligence friction.","pitchLine":"SCRIMED is preparing for enterprise-grade growth before enterprise complexity arrives.","proofRoutes":["/enterprise-business-ops","/public-market-readiness","/pricing","/capital-vitality"],"retainedBoundary":"Operating controls are not legal, accounting, tax, audited finance, or contract advice."},{"signal":"Global certification readiness without premature approval claims","uniqueness":"Domestic and global approval paths are mapped while keeping authority claims blocked.","sellableValue":"Corporate strategics and global partners can inspect how SCRIMED will approach region, AI governance, privacy, security, and clinical gates.","defensibility":"Preparation reduces future expansion friction and buyer skepticism.","pitchLine":"SCRIMED can scale globally only through disciplined regional evidence, not shortcut claims.","proofRoutes":["/global-certification-readiness","/global-reach","/deployment-profiles"],"retainedBoundary":"Global readiness is not regional legal approval, certification, conformity, or procurement approval."},{"signal":"Continuous review and innovation loops","uniqueness":"24/7 review, audit, source attribution, QA loops, and internal innovation research are separated from autonomous production authority.","sellableValue":"Investors see learning velocity; buyers see a safer path to accuracy improvement.","defensibility":"The review system turns mistakes and bottlenecks into operational learning rather than hidden risk.","pitchLine":"SCRIMED compounds through review, evidence, and controlled innovation.","proofRoutes":["/continuous-review-audit","/operational-efficiency","/limitations-workarounds"],"retainedBoundary":"Review loops are not managed SOC/MDR coverage, autonomous remediation, or public quantum capability."}],"investorAudiencePackets":[{"audience":"Angel investors and early healthcare operators","readinessStatus":"ready-now","primaryQuestion":"Can SCRIMED explain the wedge, why now, and why this founder-led execution can win?","sellableValue":"A governed synthetic-pilot wedge into healthcare workflow intelligence, with proof routes already live.","pitchAngle":"Lead with category clarity, painful workflow targets, trust moat, no-PHI pilot speed, and specific use of funds.","proofRoutes":["/product","/growth-engine","/capital-vitality","/healthcare-intelligence-os"],"diligencePacket":["Category thesis","Founder-led sales plan","Synthetic pilot examples","Use-of-funds draft"],"nextMove":"Run angel conversations through a counsel-reviewed deck and readiness-only data room before any offering language.","requiredReview":"Qualified securities counsel before solicitation, SAFE/equity note, valuation, or offering documents.","blockedClaims":["Guaranteed return","Investment recommendation","Approved securities offer","Valuation certainty"]},{"audience":"Large corporate strategic investors","readinessStatus":"package-next","primaryQuestion":"Can SCRIMED become strategically useful through distribution, workflow, data, integration, or platform leverage?","sellableValue":"Strategic partner pathways around health-system operations, payer workflows, interoperability, deployment profiles, and governance infrastructure.","pitchAngle":"Lead with strategic fit, protected pilot path, co-development boundary, data-rights hard stops, and channel economics review.","proofRoutes":["/global-reach","/deployment-profiles","/interoperability","/enterprise-business-ops"],"diligencePacket":["Strategic-fit memo","Integration boundary map","Deployment profile","Partner economics review"],"nextMove":"Prepare a non-binding strategic partnership memo before any exclusivity, reseller, integration, or data-rights term sheet.","requiredReview":"Qualified counsel, security, privacy, procurement, and finance review.","blockedClaims":["Partnership approved","Exclusive rights granted","Production connector approved","Data rights assigned"]},{"audience":"Private investors and growth-equity reviewers","readinessStatus":"external-review-required","primaryQuestion":"Can SCRIMED show market size, unit economics, enterprise pricing, margin control, and repeatable growth?","sellableValue":"Operating-readiness proof for enterprise packages, price floors, buyer segments, proof ladder, and finance methodology gates.","pitchAngle":"Separate measured signals from modeled assumptions and show a path from paid assessments to synthetic pilots to enterprise licenses.","proofRoutes":["/public-market-readiness","/enterprise-business-ops","/pricing","/growth-engine"],"diligencePacket":["KPI stack","Unit-economics assumptions","Pricing architecture","Deal-desk controls"],"nextMove":"Move private investor review through finance-methodology and counsel-review packets before external metric claims.","requiredReview":"Qualified finance/accounting/legal review before KPI, valuation, securities, revenue, or margin claims.","blockedClaims":["Audited metrics","Guaranteed margin","Guaranteed revenue","Valuation assurance"]},{"audience":"Faith-based clinics and mission-led clinic investors","readinessStatus":"package-next","primaryQuestion":"Can SCRIMED improve access, stewardship, documentation, and clinic capacity without violating trust boundaries?","sellableValue":"A mission-aligned no-PHI assessment and synthetic pilot path for clinics operating under resource, trust, and affordability constraints.","pitchAngle":"Lead with stewardship, safer workflow review, affordability-aware deployment, human oversight, and no-PHI early evaluation.","proofRoutes":["/faithcore","/client-onboarding","/market-activation","/health-records"],"diligencePacket":["Mission-fit brief","No-PHI clinic workflow assessment","Stewardship value map","Nonprofit/tax review checklist"],"nextMove":"Offer a human-reviewed clinic discovery path and keep donor, nonprofit, grant, and tax language behind qualified review.","requiredReview":"Qualified nonprofit, tax, legal, privacy, and clinical governance review.","blockedClaims":["Tax-deductible investment","Religious endorsement","IRS approval","Donor outcome guarantee"]},{"audience":"Health system executives","readinessStatus":"ready-now","primaryQuestion":"Can SCRIMED relieve workflow pain without forcing immediate live data exposure?","sellableValue":"Paid workflow intelligence assessment and synthetic pilot pathway with governance, evidence, and production-readiness gates.","pitchAngle":"Lead with operational pain, workflow evidence, no-PHI evaluation, leadership decision pack, and staged implementation plan.","proofRoutes":["/product","/demos","/pilots","/pilot-deal-room"],"diligencePacket":["Workflow assessment scope","Synthetic pilot plan","Governance report","Implementation blueprint"],"nextMove":"Route qualified sponsors into Pilot Intake and attach one workflow target, success metric, and review team.","requiredReview":"Buyer clinical, privacy, security, legal, and implementation review before protected or live stages.","blockedClaims":["Clinical outcome guaranteed","PHI approved","Production integration approved","Autonomous care"]},{"audience":"Payers and revenue-cycle buyers","readinessStatus":"package-next","primaryQuestion":"Can SCRIMED find denial, documentation, prior-auth, and evidence gaps without final billing action?","sellableValue":"Synthetic revenue workflow pilots that surface evidence gaps, policy friction, and workflow pressure for human review.","pitchAngle":"Lead with operational intelligence, not reimbursement guarantees, and keep final payer submission blocked.","proofRoutes":["/workflows/results","/atlas","/pricing","/public-market-readiness"],"diligencePacket":["Revenue workflow demo","Evidence-gap map","Policy-friction packet","Finance methodology boundary"],"nextMove":"Package one no-PHI revenue workflow demonstration around a buyer-approved value metric.","requiredReview":"Buyer finance, reimbursement, legal, compliance, and privacy review.","blockedClaims":["Reimbursement guaranteed","Payer submission approved","Revenue lift guaranteed","Final billing action"]},{"audience":"Public-sector, grant, and community health funders","readinessStatus":"external-review-required","primaryQuestion":"Can SCRIMED support access, equity, rural health, or public capacity with governed evidence?","sellableValue":"Community and public-sector readiness packets around safe workflow intelligence, regional approvals, procurement, and reporting controls.","pitchAngle":"Lead with public-good workflows, no-PHI readiness, governance, transparency, and region-specific review.","proofRoutes":["/global-reach","/global-certification-readiness","/deployment-profiles","/market-activation"],"diligencePacket":["Grant-readiness brief","Regional review map","Procurement path","Impact measurement boundary"],"nextMove":"Prepare grant or public-sector language only after procurement, regional legal, privacy, security, and reporting review.","requiredReview":"Qualified grant, procurement, legal, privacy, public-sector, and regional review.","blockedClaims":["Government endorsement","Grant approved","Regional approval","Certified public impact"]},{"audience":"Clinician advisors and medical leadership","readinessStatus":"ready-now","primaryQuestion":"Can clinicians guide the product without taking responsibility for unsafe automation?","sellableValue":"Clinical authority readiness, human-review gates, blocked action lists, and synthetic workflow review.","pitchAngle":"Lead with clinician oversight, workflow design, safety constraints, and explicit no-live-care boundary.","proofRoutes":["/clinical-authority-readiness","/clinical-care-activation","/qa-evidence","/trust-center"],"diligencePacket":["Clinical advisory scope","Blocked-action register","Review protocol","Safety escalation path"],"nextMove":"Invite advisors into bounded workflow review and authority-readiness work before any live-care pilot.","requiredReview":"Clinical governance, legal, privacy, and conflict-of-interest review.","blockedClaims":["Medical advice","Treatment recommendation","Clinical validation","Live-care authority"]},{"audience":"Global partners and regional distributors","readinessStatus":"external-review-required","primaryQuestion":"Can SCRIMED adapt by region without overclaiming approvals or procurement readiness?","sellableValue":"Region-specific buyer packs, deployment profiles, localization paths, and retained approval gates.","pitchAngle":"Lead with local readiness discipline, evidence packets, data residency review, and no premature conformity claims.","proofRoutes":["/global-reach","/deployment-profiles","/global-certification-readiness","/limitations-workarounds"],"diligencePacket":["Regional buyer pack","Deployment profile","Approval-gate map","Partner channel review"],"nextMove":"Qualify partner fit and route regional claims through local counsel, security, privacy, procurement, and clinical review.","requiredReview":"Qualified regional legal, privacy, security, procurement, and clinical reviewers.","blockedClaims":["Regional certification","Procurement approved","Conformity approved","Data residency approved"]},{"audience":"Enterprise innovation and transformation sponsors","readinessStatus":"ready-now","primaryQuestion":"Can SCRIMED create a credible first project that does not get trapped in procurement?","sellableValue":"Fixed-scope assessment and synthetic pilot packages with clear governance, proof, and expansion gates.","pitchAngle":"Lead with small, governed workflow wins that produce an executive decision packet and future implementation plan.","proofRoutes":["/offerings","/client-onboarding","/growth-engine","/pilot"],"diligencePacket":["Assessment packet","Synthetic pilot scope","Meeting cadence","Executive decision brief"],"nextMove":"Use Client Onboarding to move from discovery to demo, workshop, pilot scope, and follow-up without unreviewed promises.","requiredReview":"Buyer sponsor, security, privacy, legal, finance, and implementation owner review.","blockedClaims":["Procurement approved","Savings guaranteed","Customer permission assumed","Production support guaranteed"]}],"investorReadinessGates":[{"gate":"Private offering and solicitation review","source":"SEC capital-raising and private offering guidance","sourceUrl":"https://www.sec.gov/resources-small-businesses/capital-raising-building-blocks/exempt-offerings","readinessUse":"Keep angel, private, corporate, SAFE, note, and equity conversations behind counsel-reviewed materials and a selected exemption path.","hardStop":"No securities offering, solicitation, valuation, or investor suitability language leaves readiness mode without counsel review.","owner":"Founder + qualified securities counsel"},{"gate":"Accredited investor handling","source":"SEC accredited investor guidance","sourceUrl":"https://www.sec.gov/resources-small-businesses/capital-raising-building-blocks/accredited-investors","readinessUse":"Prepare investor routing and diligence questions that distinguish readiness discussions from offering materials.","hardStop":"Do not imply anyone is qualified, suitable, or approved to invest through this product surface.","owner":"Capital Operations + qualified counsel"},{"gate":"Form D timing awareness","source":"SEC Form D guidance","sourceUrl":"https://www.sec.gov/resources-small-businesses/capital-raising-building-blocks/what-form-d","readinessUse":"Flag that private fundraising processes may require notice filing after first securities sale, depending on the exemption path.","hardStop":"SCRIMED public pages do not file Form D or approve fundraising documents.","owner":"Founder + qualified securities counsel"},{"gate":"Crowdfunding boundary","source":"SEC Regulation Crowdfunding guidance","sourceUrl":"https://www.sec.gov/resources-small-businesses/capital-raising-building-blocks/regulation-crowdfunding","readinessUse":"Keep community, clinic, mission, and donor-adjacent conversations separated from any crowdfunding campaign language.","hardStop":"No crowdfunding offer, platform claim, or public investment campaign is approved by this readiness page.","owner":"Founder + qualified securities counsel"},{"gate":"Faith-based clinic and nonprofit tax boundary","source":"IRS 501(c)(3) exemption requirements","sourceUrl":"https://www.irs.gov/charities-non-profits/charitable-organizations/exemption-requirements-501c3-organizations","readinessUse":"Route church-affiliated, nonprofit, charitable, grant, donor, and mission-led clinic language through qualified nonprofit and tax review.","hardStop":"Do not claim tax deductibility, charitable approval, donor benefit, or nonprofit compliance without qualified review.","owner":"FaithCore + qualified nonprofit counsel"},{"gate":"Financial reporting and metric methodology","source":"SCRIMED Public Market Readiness","sourceUrl":"/public-market-readiness","readinessUse":"Separate modeled investor metrics from measured, buyer-approved, protected, or externally reviewed operating metrics.","hardStop":"No audited financial reporting, valuation, margin guarantee, or revenue guarantee claim.","owner":"Finance + accounting reviewers"},{"gate":"Claim Guard before public use","source":"SCRIMED QA Claim Guard","sourceUrl":"/qa-claim-guard","readinessUse":"Run investor, buyer, faith-clinic, public-sector, partner, and PR language through blocked-claim controls.","hardStop":"No unsupported clinical, compliance, certification, revenue, investment, customer, or partnership claim.","owner":"TrustOps + Claim Guard"},{"gate":"Protected diligence release","source":"SCRIMED Buyer Release Control Runbook","sourceUrl":"/buyer-release-control-run","readinessUse":"Keep buyer-specific, investor-specific, and customer-specific evidence in protected release lanes until permissions and controls exist.","hardStop":"No named customer proof, confidential artifact, or protected packet is released without retained approval chain.","owner":"Release Steward + Buyer Diligence"}],"strategicInvestorOutreach":{"status":"strategic-investor-outreach-packets-research-ready-no-solicitation","updated":"2026-07-13","boundary":"SCRIMED Strategic Investor Outreach is an internal, evidence-based preparation layer. It does not imply that any named organization has reviewed, endorsed, partnered with, funded, accepted, or committed to SCRIMED. Official startup and partner programs are ecosystem paths, not assumed investment offers. External decks, financial claims, valuation language, customer proof, securities communications, and partnership terms require founder approval plus qualified legal, finance, accounting, customer-permission, and claim review as applicable.","targetCount":4,"diligenceItemCount":8,"evidenceReadyCount":3,"qualifiedReviewRequiredCount":3,"externalEvidenceRequiredCount":2,"pitchSlideCount":12,"outreachStageCount":6,"targets":[{"id":"openai","organization":"OpenAI","targetType":"strategic-ecosystem","relationshipPath":"Startup ecosystem and healthcare technology discovery","officialProgram":"OpenAI for Startups and OpenAI for Healthcare","officialSource":"https://openai.com/business/why-openai/startups/","strategicFit":"Governed, model-agnostic healthcare workflow orchestration can demonstrate how frontier reasoning is bounded by evidence, verification, human approval, and durable audit controls.","proofThesis":"SCRIMED is not a chatbot wrapper; it is a healthcare intelligence control plane that can route frontier models without assigning them autonomous clinical authority.","specificAsk":"Request a startup or healthcare ecosystem fit conversation, technical architecture feedback, and the correct path for future commercial or strategic engagement.","proofRoutes":["/scrimed-work","/clinical-robustness-lab","/trust-os","/documentation-before-authorization"],"diligenceRequirements":["Provider-neutral architecture diagram","Clinical safety and no-PHI boundary evidence","Evaluation and verification results","Measured pilot economics methodology"],"outreachStatus":"packet-review-required","claimBoundary":"Do not imply OpenAI investment, endorsement, healthcare validation, model exclusivity, or provider approval."},{"id":"nvidia","organization":"NVIDIA","targetType":"strategic-ecosystem","relationshipPath":"NVIDIA Inception startup application and healthcare AI technical discovery","officialProgram":"NVIDIA Inception","officialSource":"https://www.nvidia.com/en-us/startups/","strategicFit":"SCRIMED's private and edge compute roadmap, imaging metadata layer, model benchmarking, and healthcare deployment profiles align with accelerated inference and governed hospital infrastructure needs.","proofThesis":"The strategic wedge is an auditable healthcare compute fabric spanning cloud, customer VPC, air-gapped, and edge deployment modes without claiming final imaging interpretation.","specificAsk":"Prepare an Inception application and request technical guidance on healthcare inference, edge deployment, benchmarking, and partner ecosystem fit.","proofRoutes":["/enterprise-healthcare-infrastructure","/scrimed-clinical-benchmark-suite","/interoperability","/investor-readiness"],"diligenceRequirements":["Compute and deployment architecture","Benchmark methodology","Edge/private inference threat model","GPU economics assumptions labeled as modeled"],"outreachStatus":"research-ready","claimBoundary":"Do not imply NVIDIA investment, Inception acceptance, hardware validation, medical-device capability, or production deployment approval."},{"id":"anthropic","organization":"Anthropic","targetType":"strategic-ecosystem","relationshipPath":"Startup program and partner ecosystem discovery","officialProgram":"Anthropic Startup Program and Claude Partner Network","officialSource":"https://www.anthropic.com/startup-program-official-terms","strategicFit":"SCRIMED's governed MCP gateway, agent policy controls, prompt-injection defenses, verification-first orchestration, and long-running work sessions align with dependable enterprise agent deployment.","proofThesis":"SCRIMED can be a healthcare-specific proof point for controlled agentic work where retrieved content is untrusted and every consequential action is independently reviewed.","specificAsk":"Request program eligibility guidance, technical safety feedback, and the appropriate path for future partner or startup engagement.","proofRoutes":["/scrimed-work","/scrimed-agent-governance","/scrimed-trustops","/trust-center"],"diligenceRequirements":["MCP and tool-permission architecture","Agent evaluation and loop-guard evidence","Prompt-injection threat controls","Human approval and rollback evidence"],"outreachStatus":"packet-review-required","claimBoundary":"Do not imply Anthropic investment, program acceptance, partner status, model safety certification, or exclusive provider alignment."},{"id":"microsoft","organization":"Microsoft","targetType":"strategic-ecosystem","relationshipPath":"Microsoft for Startups and healthcare partner discovery","officialProgram":"Microsoft for Startups","officialSource":"https://www.microsoft.com/en/startups/ai","strategicFit":"SCRIMED's enterprise identity, interoperability, governed deployment, buyer diligence, and health-system workflow architecture can map to future Azure-aligned pilots without creating a cloud dependency.","proofThesis":"The partnership story is enterprise healthcare workflow intelligence with tenant isolation, FHIR-ready context, security evidence, and staged deployment controls.","specificAsk":"Prepare a startup application and request architecture, marketplace, healthcare ecosystem, and enterprise go-to-market guidance.","proofRoutes":["/interoperability","/enterprise-healthcare-infrastructure","/enterprise-business-ops","/pilot-demo-commercial-readiness"],"diligenceRequirements":["Enterprise deployment diagram","Identity and tenant-isolation evidence","Interoperability conformance roadmap","Procurement and pilot activation plan"],"outreachStatus":"research-ready","claimBoundary":"Do not imply Microsoft investment, startup acceptance, Azure certification, marketplace approval, customer deployment, or procurement approval."}],"diligenceManifest":[{"id":"company-narrative","category":"company","title":"One-company narrative and strategic wedge","status":"evidence-ready","evidenceRoutes":["/investor-readiness","/healthcare-intelligence-os","/product"],"owner":"Founder + Product Strategy","nextEvidence":"Approve a concise category thesis and one primary entry workflow for every meeting.","disclosureBoundary":"No trillion-dollar valuation, market leadership, or guaranteed-growth claim."},{"id":"product-proof","category":"product","title":"Working product, PayerIQ workflow, and governed work control plane","status":"evidence-ready","evidenceRoutes":["/documentation-before-authorization","/scrimed-work","/demos"],"owner":"Product + Engineering","nextEvidence":"Retain deterministic smoke, build, and durable lifecycle evidence for each outreach packet.","disclosureBoundary":"Synthetic/no-PHI product evidence is not live clinical or payer production proof."},{"id":"safety-governance","category":"safety","title":"Clinical boundaries, human review, verification, and rollback","status":"evidence-ready","evidenceRoutes":["/trust-os","/clinical-robustness-lab","/risk-register"],"owner":"Clinical Safety + TrustOps","nextEvidence":"Attach current NO-GO boundaries and the approval-path matrix to the diligence room.","disclosureBoundary":"No autonomous diagnosis, treatment, prescribing, imaging interpretation, or live-care authority."},{"id":"security-assurance","category":"security","title":"AAL2, RBAC, tenant isolation, immutable evidence, and secure SDLC","status":"external-evidence-required","evidenceRoutes":["/trust-center","/pilot-workspace/access","/buyer-release-control-run"],"owner":"Security + Platform","nextEvidence":"Complete independent penetration testing, evidence review, incident exercises, and approved control-owner attestations.","disclosureBoundary":"Security readiness is not SOC 2, HIPAA certification, penetration-test assurance, or zero-risk status."},{"id":"commercial-proof","category":"commercial","title":"Pilot offer, ICP, pricing logic, sales motion, and measured outcome plan","status":"qualified-review-required","evidenceRoutes":["/pilot-demo-commercial-readiness","/pricing","/growth-engine"],"owner":"Revenue + Finance","nextEvidence":"Replace modeled assumptions with permissioned cohort metrics and a finance-reviewed measurement methodology.","disclosureBoundary":"No customer, revenue, savings, reimbursement, conversion, or margin guarantee."},{"id":"financial-package","category":"finance","title":"Use of funds, runway, unit economics, cap table, and scenario model","status":"qualified-review-required","evidenceRoutes":["/capital-vitality","/public-market-readiness","/enterprise-business-ops"],"owner":"Founder + qualified Finance/Accounting","nextEvidence":"Prepare a reconciled model, source assumptions, cap table, and board-approved use-of-funds plan.","disclosureBoundary":"No audited-financial, valuation, return, revenue, or profitability assurance."},{"id":"legal-fundraising","category":"legal","title":"Entity, IP, securities path, privacy terms, and investor disclosures","status":"qualified-review-required","evidenceRoutes":["/enterprise-business-ops","/approvals-readiness"],"owner":"Founder + qualified Counsel","nextEvidence":"Complete entity/IP review and approve the offering exemption, deck legends, data-room access, and outreach language.","disclosureBoundary":"This registry is not legal advice, an offer to sell securities, or solicitation."},{"id":"clinical-regulatory-path","category":"clinical-regulatory","title":"Intended use, clinical validation, privacy, interoperability, and regulatory path","status":"external-evidence-required","evidenceRoutes":["/clinical-authority-readiness","/clinical-production-readiness","/interoperability"],"owner":"Clinical Governance + Privacy + Regulatory Counsel","nextEvidence":"Approve intended-use boundaries and execute the required validation, privacy, security, interoperability, and regulatory workstream before claims expand.","disclosureBoundary":"No FDA clearance, HIPAA certification, clinical validation, production connector approval, or customer go-live claim."}],"pitchOutline":[{"order":1,"title":"SCRIMED","decisionQuestion":"Why healthcare needs an intelligence operating system instead of another chatbot","proofRoutes":["/healthcare-intelligence-os"],"claimGuard":"State the category thesis, not market leadership."},{"order":2,"title":"The workflow problem","decisionQuestion":"Where clinical and administrative work loses time, evidence, and continuity","proofRoutes":["/documentation-before-authorization"],"claimGuard":"Use sourced market context; do not fabricate buyer pain or outcomes."},{"order":3,"title":"The entry wedge","decisionQuestion":"Why documentation-before-authorization is a measurable, bounded starting point","proofRoutes":["/documentation-before-authorization","/pricing"],"claimGuard":"Draft and review only; no payer submission authority."},{"order":4,"title":"The product","decisionQuestion":"How SCRIMED turns registered evidence into governed work artifacts","proofRoutes":["/scrimed-work","/product"],"claimGuard":"Demonstrate synthetic/no-PHI behavior only."},{"order":5,"title":"Architecture","decisionQuestion":"How models, agents, context, tools, verification, and approvals remain separable","proofRoutes":["/scrimed-work","/interoperability"],"claimGuard":"Do not claim unavailable provider or connector integrations."},{"order":6,"title":"Trust and safety","decisionQuestion":"Why consequential actions fail closed","proofRoutes":["/trust-os","/risk-register"],"claimGuard":"Readiness controls are not certification or clinical validation."},{"order":7,"title":"Proof","decisionQuestion":"What works now and what remains gated","proofRoutes":["/investor-readiness","/clinical-robustness-lab"],"claimGuard":"Separate synthetic evidence, protected evidence, modeled metrics, and measured results."},{"order":8,"title":"Market and buyer","decisionQuestion":"Who buys first, why, and through which pilot","proofRoutes":["/market-activation","/pilot-demo-commercial-readiness"],"claimGuard":"No unsupported TAM, customer, pipeline, or conversion claim."},{"order":9,"title":"Business model","decisionQuestion":"How pricing captures workflow value while protecting margin","proofRoutes":["/pricing","/enterprise-business-ops"],"claimGuard":"Label assumptions; no revenue or profitability guarantee."},{"order":10,"title":"Defensibility","decisionQuestion":"How healthcare workflow structure, evidence, governance, and outcome learning compound","proofRoutes":["/trust-os","/scrimed-work"],"claimGuard":"Do not claim patent, exclusivity, or proprietary-data rights without evidence."},{"order":11,"title":"Milestones and capital","decisionQuestion":"What the next capital tranche de-risks","proofRoutes":["/capital-vitality","/approvals-readiness"],"claimGuard":"Use counsel- and finance-reviewed use-of-funds language."},{"order":12,"title":"Strategic fit","decisionQuestion":"Why this organization is the right ecosystem or strategic counterpart","proofRoutes":["/investor-audience-readiness"],"claimGuard":"Make a specific ask without implying endorsement, partnership, or investment."}],"outreachStages":[{"order":1,"stage":"Evidence-room gap review","owner":"Founder + Diligence Owner","exitEvidence":"Every manifest item has an owner, source, status, and disclosure boundary.","humanApprovalRequired":true},{"order":2,"stage":"Company-specific packet","owner":"Founder + Product Marketing","exitEvidence":"One thesis, one ask, four to six proof routes, and named blocked claims are approved.","humanApprovalRequired":true},{"order":3,"stage":"Legal and finance review","owner":"Qualified Counsel + Finance/Accounting","exitEvidence":"Deck legends, securities path, financial model, and external claims are approved for intended use.","humanApprovalRequired":true},{"order":4,"stage":"Warm-introduction mapping","owner":"Founder + Strategic Partnerships","exitEvidence":"A permissioned introducer or official program path is selected with no automated outreach.","humanApprovalRequired":true},{"order":5,"stage":"Meeting and technical diligence","owner":"Founder + Product + Security","exitEvidence":"Questions, evidence requests, owners, and follow-up dates are recorded without sharing protected material prematurely.","humanApprovalRequired":true},{"order":6,"stage":"Learning-loop update","owner":"Founder + TrustOps","exitEvidence":"Feedback changes a reviewed artifact, test, narrative, or milestone; no autonomous public update.","humanApprovalRequired":true}],"externalOutreachSent":false,"investmentOrPartnershipImplied":false},"proofRoutes":["/capital-vitality","/growth-engine","/public-market-readiness","/pilot-deal-room","/healthcare-intelligence-os","/agents","/atlas","/trust-os","/qa-claim-guard","/enterprise-business-ops","/pricing","/faithcore","/market-activation","/client-onboarding","/limitations-workarounds","/pilot-workspace/access","/buyer-release-control-run","/qa-buyer-proof-release","/pilot-evidence","/clinical-authority-readiness","/health-records","/interoperability","/approvals-readiness","/global-reach","/deployment-profiles","/sales-attribution","/global-certification-readiness","/navigation","/product","/demos","/pilots","/interoperability/evaluations","/investor-audience-readiness","/continuous-review-audit","/operational-efficiency","/workflows/results","/clinical-care-activation","/qa-evidence","/trust-center","/offerings","/pilot","https://www.sec.gov/resources-small-businesses/capital-raising-building-blocks/exempt-offerings","https://www.sec.gov/resources-small-businesses/capital-raising-building-blocks/accredited-investors","https://www.sec.gov/resources-small-businesses/capital-raising-building-blocks/what-form-d","https://www.sec.gov/resources-small-businesses/capital-raising-building-blocks/regulation-crowdfunding","https://www.irs.gov/charities-non-profits/charitable-organizations/exemption-requirements-501c3-organizations"],"blockedClaims":["Investment recommendation","Guaranteed return","Approved securities offering","Valuation assurance","Best AI platform","Clinical validation complete","Certified compliance","Customer outcomes guaranteed","Audited financial report","Tax advice","Contract approval","Revenue guarantee","IRS approval","Tax-deductible investment","Religious endorsement","Donor guarantee","Customer endorsement","Production success","Named customer approval","Public release approved","PHI authorized","Live care authorized","EHR writeback approved","Clinical decision automation ready","Partnership approved","Exclusive rights granted","Procurement approved","Production connector approved","Audited metrics","Guaranteed margins","Guaranteed payback","Customer revenue assured","Regional approval","Government endorsement","Data residency approved","Conformity certified","Automated investor suitability","Automated buyer qualification","Guaranteed conversion","Unreviewed outreach","Approved securities offer","Valuation certainty","Data rights assigned","Guaranteed margin","Guaranteed revenue","Donor outcome guarantee","Clinical outcome guaranteed","PHI approved","Production integration approved","Autonomous care","Reimbursement guaranteed","Payer submission approved","Revenue lift guaranteed","Final billing action","Grant approved","Certified public impact","Medical advice","Treatment recommendation","Clinical validation","Live-care authority","Regional certification","Conformity approved","Savings guaranteed","Customer permission assumed","Production support guaranteed"],"nextInvestorMove":"Close the qualified-review and external-evidence items in the strategic diligence manifest, approve one company-specific thesis and ask, then use a permissioned introduction or official startup-program path. Keep securities, valuation, legal, tax, customer, PHI, clinical, certification, partnership, revenue, and outcome claims behind the appropriate human review.","updated":"2026-07-13"},"launchReadiness":{"service":"scrimed-launch-readiness","route":"/launch-readiness","apiRoute":"/api/launch-readiness","briefRoute":"/api/launch-readiness/brief","status":"launch-readiness-control-plane-active","briefStatus":"launch-readiness-brief-ready","boundary":"SCRIMED Launch Readiness organizes launch structure, product readiness, service readiness, functional verification, DNS/domain checks, sandbox limitations, and workarounds into one go/no-go control plane. It is operating-readiness evidence only. It does not bypass sandbox restrictions, override DNS, approve production clinical use, authorize PHI processing, certify security or compliance, create a contractual SLA, approve production connectors, approve customer release, provide legal/accounting/tax advice, guarantee revenue or profit, or replace qualified human launch review.","posture":"strict-primary-domain-launch-gate-with-contained-sandbox-dns-workaround","authority":{"sandboxBypassAuthority":"not-authorized","dnsAuthority":"verification-and-routing-only","launchApprovalAuthority":"human-launch-review-required","fallbackAuthority":"continuity-only-not-launch-approval","dataBoundary":"synthetic-business-and-metadata-only","phiAuthority":"not-authorized-production-phi","clinicalCareAuthority":"not-authorized-live-care","connectorAuthority":"not-production-connector-approved","securityCertification":"not-security-certified","slaAuthority":"not-contractual-sla","legalAuthority":"qualified-review-required","accountingAuthority":"qualified-review-required","taxAuthority":"qualified-review-required","revenueAuthority":"not-revenue-guarantee","profitAuthority":"not-profit-margin-guarantee","customerReleaseAuthority":"customer-permission-and-release-control-required"},"sourceAlignment":{"releaseContinuityGateCount":6,"releaseContinuityPassedCheckCount":4,"navigationPageRouteCount":164,"navigationApiRoutePatternCount":439,"smokeCoveredHtmlRouteCount":76,"serviceReliabilityControlCount":10,"operationalEfficiencyRecordCount":155,"workaroundPacketCount":8,"productOfferCount":10,"onboardingStageCount":8,"businessOpsRevenueCapabilityCount":9,"scaleControlCount":10,"platformPowerControlCount":12,"approvalsTrackCount":7,"globalCertificationTrackCount":6,"healthRecordsCapabilityCount":5},"primaryDomain":"https://app.scrimedsolutions.com","fallbackDomain":"https://scrimed-site.vercel.app","launchTrackCount":10,"readyTrackCount":3,"containedTrackCount":3,"operatorRequiredTrackCount":1,"externalReviewRequiredTrackCount":3,"dnsControlCount":3,"strictDnsControlCount":1,"fallbackDnsControlCount":1,"servicePathCount":5,"riskCount":5,"criticalRiskCount":1,"highRiskCount":3,"proofRouteCount":40,"hardStopCount":10,"launchReadinessTracks":[{"name":"Custom domain and DNS preflight","status":"contained","launchQuestion":"Can operators distinguish a restricted sandbox DNS failure from a real production-domain outage?","control":"Run strict production smoke against the branded domain when network DNS is available, and run the launch domain preflight to classify DNS, HTTP, and fallback deployment posture.","owner":"Release Steward + Domain/DNS Administrator","proofRoutes":["/release-continuity","/operations","/navigation","/api/launch-readiness"],"goNoGoGate":"Primary branded domain must resolve and pass smoke from an unrestricted network before public launch approval.","workaround":"When the managed sandbox returns ENOTFOUND, rerun production smoke with approved network access and use the fallback Vercel alias only as supporting evidence, not as launch approval.","hardStop":"Do not mark launch green from fallback-only proof when the branded domain cannot be verified."},{"name":"Source, build, and route inventory","status":"ready","launchQuestion":"Does the deployed product match the source and expose navigable launch-critical routes?","control":"Keep build, typecheck, route inventory, API route pattern count, persistent navigation, and smoke-covered HTML routes aligned before promotion.","owner":"Engineering + Product Console","proofRoutes":["/navigation","/product","/api/navigation-audit","/api/product/console"],"goNoGoGate":"Typecheck, lint, build, navigation inventory, public smoke, and route counts must agree before external promotion.","workaround":"If one dynamic detail route cannot be smoked, keep the canonical route smoke-covered and rely on build/typecheck for the dynamic segment until it becomes buyer-critical.","hardStop":"Do not launch with missing primary navigation, stale route counts, or broken canonical buyer paths."},{"name":"Product and offer packaging","status":"ready","launchQuestion":"Can a buyer understand what SCRIMED sells without internal explanation?","control":"Use the Product Console, Offerings Portfolio, demos, pilots, pricing, and proof stack as the first buyer-facing product path.","owner":"Product Console + Revenue Operations","proofRoutes":["/product","/offerings","/demos","/pilots","/pricing","/pilot-deal-room"],"goNoGoGate":"Every launch conversation has a sellable package, scope boundary, proof route, and next buyer action.","workaround":"Use assessment or synthetic pilot packages when production connectors, PHI, customer proof, or live-care authority are not approved.","hardStop":"Do not sell live clinical execution, EHR writeback, payer submission, or autonomous patient outreach."},{"name":"Service delivery and onboarding","status":"ready","launchQuestion":"Can SCRIMED handle demos, pilots, meetings, handoffs, and follow-up without ad hoc process?","control":"Route client onboarding through human-reviewed emails, calendar-ready agendas, demo scripts, pilot workshops, follow-up SLAs, and handoff controls.","owner":"Customer Operations + Sales Engineering","proofRoutes":["/client-onboarding","/sales-operations","/pilot","/pilot-workspace/access"],"goNoGoGate":"Each opportunity has owner, stage, communication packet, proof routes, scope, retained boundary, and next meeting artifact.","workaround":"Use manual human-send communications and no-PHI meeting packets until email/calendar automation and CRM sync are approved.","hardStop":"Do not auto-send emails, create calendar invites, bind contracts, store PHI, or promise procurement approval."},{"name":"Enterprise operations and margin control","status":"external-review-required","launchQuestion":"Can SCRIMED scale revenue operations without letting contracts, margin, tax, or accounting risk drift?","control":"Run every serious opportunity through deal desk, price floor, margin review, legal/accounting/tax routing, billing readiness, and blocked-claim checks.","owner":"Founder + Legal Ops + Finance + Accounting + Revenue Operations","proofRoutes":["/enterprise-business-ops","/capital-vitality","/public-market-readiness","/growth-engine"],"goNoGoGate":"No enterprise proposal expands beyond approved package, price floor, review owner, contract posture, and margin exposure.","workaround":"Use non-binding readiness packets and qualified-review labels until counsel, accounting, tax, and finance reviewers approve templates.","hardStop":"Do not imply audited financials, legal approval, tax advice, revenue guarantee, profit guarantee, securities material, or contract approval."},{"name":"Scale, support, and reliability posture","status":"contained","launchQuestion":"Can SCRIMED discuss enterprise scale without accidentally promising an SLA or managed service?","control":"Use scale domains, service reliability controls, incident/change operations, support-tier review, cost thresholds, and regional gates before commitments expand.","owner":"Platform + Service Reliability + Customer Operations","proofRoutes":["/enterprise-scalability","/service-reliability","/operational-efficiency","/platform-power"],"goNoGoGate":"Support, uptime, SLO, region, residency, DR, and cost commitments must be contract-reviewed before buyer use.","workaround":"Offer launch-window support plans and review cadences as readiness language, not contractual SLA language.","hardStop":"Do not claim 24/7 production support, SOC/MDR coverage, uptime guarantee, or data-residency approval."},{"name":"Healthcare data, interoperability, and patient safety","status":"external-review-required","launchQuestion":"Can SCRIMED show strong health-record capability while keeping live-data and clinical authority blocked?","control":"Keep health records, interoperability, extraction, patient-safety lint, and clinical activation on synthetic/no-PHI tracks until buyer-specific authority exists.","owner":"Clinical Governance + Interoperability + Privacy + Security","proofRoutes":["/health-records","/interoperability","/clinical-authority-readiness","/clinical-care-activation"],"goNoGoGate":"Live PHI, EHR/HIE/payer connectors, matching, writeback, patient outreach, payer submission, or clinical action require explicit buyer, legal, privacy, security, and clinical approval.","workaround":"Use no-PHI synthetic extraction, metadata-only artifact references, standards mapping, and external evidence pointers.","hardStop":"Do not process PHI, diagnose, triage emergencies, prescribe, mutate records, submit claims, or represent clinical validation."},{"name":"Approvals, certifications, and global launch readiness","status":"external-review-required","launchQuestion":"Can domestic and global launch claims stay prepared without claiming approval?","control":"Route HIPAA/BAA, SOC 2, HITRUST, ISO, FDA, ONC, EU AI Act, GDPR, NHS, MHRA, Australia, public-sector, and region-specific questions through evidence tracks.","owner":"Legal + Security + Privacy + Regional Counsel + AI Governance","proofRoutes":["/approvals-readiness","/global-certification-readiness","/global-reach","/trust-center"],"goNoGoGate":"External certification, conformity, regulatory, legal, privacy, procurement, and security claims must cite qualified evidence before use.","workaround":"Use preparation packets, official-source checklists, and external-review-required headers until formal approvals exist.","hardStop":"Do not claim HIPAA certification, SOC 2/HITRUST/ISO certification, FDA clearance, ONC certification, GDPR assurance, EU AI Act conformity, NHS/MHRA/Australia approval, or public-sector procurement approval."},{"name":"AI, API, UI, agents, and continuous review","status":"contained","launchQuestion":"Can the platform feel enterprise-grade while keeping live AI authority and autonomous remediation blocked?","control":"Keep API contracts, UI command paths, model-route controls, agent approval, eval/red-team loops, evidence retrieval, review agents, and incident learning wired into launch proof.","owner":"Platform Engineering + TrustOS + QA + Internal Research Team","proofRoutes":["/platform-power","/agents","/continuous-review-audit","/qa-claim-guard"],"goNoGoGate":"Launch messaging must show agent-assisted review and AI readiness while preserving human approval, no-PHI, no-live-AI, and no-public-quantum boundaries.","workaround":"Assign speculative technology such as quantum-safe readiness to internal research with no public capability claim.","hardStop":"Do not claim live autonomous AI authority, production model approval, public API SLA, trillion-scale equivalence, security certification, or public quantum capability."},{"name":"Protected proof and customer release","status":"operator-required","launchQuestion":"Can SCRIMED prove diligence value without exposing protected artifacts or customer-specific claims?","control":"Keep protected buyer proof, release decisions, reviewer signoffs, distribution lockbox, recipient attestations, access logs, provider adapters, procurement evidence, and AAL2 proof fail-closed publicly.","owner":"Buyer Diligence + TrustOps + Release Steward + Approved AAL2 Operator","proofRoutes":["/pilot-workspace/access","/buyer-release-control-run","/qa-buyer-proof-release","/qa-manual-execution-console"],"goNoGoGate":"Customer-specific proof must have permission, reviewer signoff, recipient scope, release authority, and access-log reconciliation before external sharing.","workaround":"Use public proof routes, synthetic evidence, and metadata-only protected summaries until customer release is approved.","hardStop":"Do not share named customer proof, confidential buyer artifacts, protected packets, or authenticated evidence without retained approval chain."}],"launchDnsControls":[{"name":"Sandbox DNS classifier","status":"fallback-contained","issue":"Restricted Codex sandbox execution can return getaddrinfo ENOTFOUND for app.scrimedsolutions.com even when the production app is reachable from an approved network.","detection":"The launch domain preflight first resolves the primary host, then requests health endpoints, then tests a fallback Vercel alias when the sandbox cannot resolve DNS.","primaryTarget":"https://app.scrimedsolutions.com","fallbackTarget":"https://scrimed-site.vercel.app","command":"SCRIMED_PRIMARY_BASE_URL=https://app.scrimedsolutions.com SCRIMED_FALLBACK_BASE_URL=https://scrimed-site.vercel.app npm run smoke:launch-domain-preflight","passCondition":"Primary domain resolves and returns SCRIMED health/readiness, or sandbox DNS failure is explicitly classified while fallback health/readiness passes for internal continuity.","launchRule":"Fallback success is not sufficient for launch approval; unrestricted primary-domain smoke is still required.","workaround":"Request approved network execution for production smoke, run the fallback preflight for continuity evidence, and keep the branded domain as the buyer-facing target.","retainedBoundary":"This does not bypass DNS, alter external records, or convert fallback-only evidence into launch approval."},{"name":"Strict production smoke","status":"strict-primary-required","issue":"A green local build does not prove the branded production app, headers, routes, protected fail-closed checks, and public pages are reachable.","detection":"Run the public production smoke against https://app.scrimedsolutions.com from a network that can resolve DNS.","primaryTarget":"https://app.scrimedsolutions.com","fallbackTarget":"https://scrimed-site.vercel.app","command":"SCRIMED_BASE_URL=https://app.scrimedsolutions.com SCRIMED_WORKSPACE_SLUG=atlas-synthetic-evaluation npm run smoke:public","passCondition":"All public HTML routes, JSON APIs, Markdown briefs, headers, and protected fail-closed checks pass.","launchRule":"Required before external launch, buyer campaign activation, investor demo packet distribution, or board-readiness claim.","workaround":"If sandbox DNS blocks this command, rerun with approved network access and attach the preflight classification to the launch note.","retainedBoundary":"The smoke suite does not approve protected AAL2 happy-path mutations or production clinical authority."},{"name":"Domain ownership and route fallback","status":"operator-required","issue":"Custom-domain routing, SSL, Vercel aliasing, and Wix CTA routing are external systems and can drift independently of source code.","detection":"Verify app.scrimedsolutions.com health, product, launch-readiness, and pilot routes after every DNS, Vercel, or Wix CTA change.","primaryTarget":"https://app.scrimedsolutions.com","fallbackTarget":"https://scrimed-site.vercel.app","command":"curl -L --max-time 20 -s -I https://app.scrimedsolutions.com/api/launch-readiness","passCondition":"The branded domain returns launch-readiness headers and buyer routes load without Vercel-auth friction.","launchRule":"Buyer-facing launch material should use the branded domain only after this verification is current.","workaround":"Use direct Vercel deployment URLs or authenticated share links for internal review while branded DNS or CTA routing is repaired.","retainedBoundary":"Fallback routes are continuity aids, not a replacement for branded-domain launch readiness."}],"launchServicePaths":[{"phase":"Public buyer entry","owner":"Founder + Product Console","requiredProof":"Homepage, Product Console, Offerings, Demos, Pilots, Pricing, and Pilot intake load from branded domain.","servicePosture":"Public, no-PHI, synthetic-only, claims-controlled.","customerVisibleOutput":"Clear buyer path from interest to product proof and pilot request.","internalFallback":"Share direct product, demo, pricing, and pilot URLs if Wix CTA routing is delayed."},{"phase":"Guided demo and pilot scoping","owner":"Sales Engineering + Customer Operations","requiredProof":"Client Onboarding packets, demo scripts, meeting agendas, pilot workshop notes, and follow-up controls are ready.","servicePosture":"Human-reviewed communications, no automatic send, no calendar mutation.","customerVisibleOutput":"Professional demo, pilot scope, presentation, and next-step artifacts.","internalFallback":"Manual email/calendar send using approved no-PHI packets."},{"phase":"Protected diligence and evidence","owner":"Buyer Diligence + TrustOps","requiredProof":"Protected workspace fail-closed publicly; AAL2 operator run produces no-secret retained proof when approved.","servicePosture":"AAL2 protected, tenant-scoped, no-PHI, metadata-only where external artifacts are referenced.","customerVisibleOutput":"Controlled diligence packet or public proof map, depending on release authority.","internalFallback":"Public proof routes and synthetic evidence summaries until protected release gates pass."},{"phase":"Enterprise proposal and contract review","owner":"Legal Ops + Finance + Revenue Operations","requiredProof":"Enterprise Business Ops, price floors, margin controls, blocked claims, and qualified-review owners are attached.","servicePosture":"Non-binding until executive, legal, accounting, tax, and buyer authority reviews complete.","customerVisibleOutput":"Scope, proof, assumptions, price logic, retained boundaries, and review path.","internalFallback":"Readiness-only proposal packet and review calendar before formal contracting."},{"phase":"Clinical and global expansion readiness","owner":"Clinical Governance + Regional Counsel + Security","requiredProof":"Approvals, Global Certification, Clinical Authority, Health Records, and Interoperability gates are visible.","servicePosture":"Preparation only until qualified external evidence exists.","customerVisibleOutput":"Region, approval, privacy, security, data, and clinical-authority plan.","internalFallback":"Synthetic, metadata-only, and external-reference evidence lanes until local approvals exist."}],"launchRisks":[{"risk":"Sandbox DNS false negative blocks confidence even when production is healthy.","severity":"high","owner":"Release Steward","containment":"Classify DNS lookup failure separately from application failure and require unrestricted-network smoke before launch approval.","graduationGate":"Primary branded domain resolves and public smoke passes from approved network."},{"risk":"Fallback deployment URL could be mistaken for buyer-ready launch proof.","severity":"high","owner":"Product Console + Domain Administrator","containment":"Label fallback as continuity-only and keep branded-domain proof as the go/no-go requirement.","graduationGate":"Domain, SSL, Vercel alias, Wix CTA, and launch-readiness API headers verified."},{"risk":"Launch breadth overwhelms first-time buyers or investors.","severity":"medium","owner":"Founder + Revenue Operations","containment":"Route audiences into Product, Offerings, Client Onboarding, Investor Readiness, or Pilot Deal Room instead of exposing the full route map first.","graduationGate":"Each launch audience has one packet, one proof ladder, one owner, and one next action."},{"risk":"Product claims outrun approvals, certifications, or healthcare authority.","severity":"critical","owner":"TrustOS + Claim Guard + Qualified Reviewers","containment":"Keep no-authority headers, blocked claims, Claim Guard, approval tracks, and clinical/global gates visible in every launch-critical lane.","graduationGate":"External evidence and qualified reviewer signoff exist for any expanded claim."},{"risk":"Service delivery grows faster than support, margin, or governance.","severity":"high","owner":"Customer Operations + Finance + Legal Ops","containment":"Tie every demo, pilot, assessment, and proposal to onboarding controls, price floors, support posture, and margin review.","graduationGate":"Repeatable onboarding, support, billing, contract, and margin processes are approved for the target segment."}],"proofRoutes":["/release-continuity","/operations","/navigation","/api/launch-readiness","/product","/api/navigation-audit","/api/product/console","/offerings","/demos","/pilots","/pricing","/pilot-deal-room","/client-onboarding","/sales-operations","/pilot","/pilot-workspace/access","/enterprise-business-ops","/capital-vitality","/public-market-readiness","/growth-engine","/enterprise-scalability","/service-reliability","/operational-efficiency","/platform-power","/health-records","/interoperability","/clinical-authority-readiness","/clinical-care-activation","/approvals-readiness","/global-certification-readiness","/global-reach","/trust-center","/agents","/continuous-review-audit","/qa-claim-guard","/buyer-release-control-run","/qa-buyer-proof-release","/qa-manual-execution-console","/api/release-continuity","/limitations-workarounds"],"hardStops":["Do not mark launch green from fallback-only proof when the branded domain cannot be verified.","Do not launch with missing primary navigation, stale route counts, or broken canonical buyer paths.","Do not sell live clinical execution, EHR writeback, payer submission, or autonomous patient outreach.","Do not auto-send emails, create calendar invites, bind contracts, store PHI, or promise procurement approval.","Do not imply audited financials, legal approval, tax advice, revenue guarantee, profit guarantee, securities material, or contract approval.","Do not claim 24/7 production support, SOC/MDR coverage, uptime guarantee, or data-residency approval.","Do not process PHI, diagnose, triage emergencies, prescribe, mutate records, submit claims, or represent clinical validation.","Do not claim HIPAA certification, SOC 2/HITRUST/ISO certification, FDA clearance, ONC certification, GDPR assurance, EU AI Act conformity, NHS/MHRA/Australia approval, or public-sector procurement approval.","Do not claim live autonomous AI authority, production model approval, public API SLA, trillion-scale equivalence, security certification, or public quantum capability.","Do not share named customer proof, confidential buyer artifacts, protected packets, or authenticated evidence without retained approval chain."],"nextLaunchMove":"Use Launch Readiness before any public campaign, buyer demo day, investor packet release, or broader app launch: run build/typecheck/lint, run strict branded-domain public smoke from a network with DNS, run launch-domain preflight to classify sandbox ENOTFOUND separately, keep fallback evidence continuity-only, verify no-authority headers, keep protected AAL2 happy-path proof operator-only, and route unresolved legal, finance, clinical, security, certification, PHI, connector, SLA, customer-release, revenue, and profit claims through qualified review.","updated":"2026-06-26"},"limitationsWorkarounds":{"service":"scrimed-limitations-workaround-operations","route":"/limitations-workarounds","apiRoute":"/api/limitations-workarounds","briefRoute":"/api/limitations-workarounds/brief","status":"limitations-workaround-control-plane-active","briefStatus":"limitations-workaround-brief-ready-no-authority-claim","updated":"2026-06-29","boundary":"SCRIMED Limitations and Workaround Operations turns hard boundaries, defects, bottlenecks, unresolved approvals, and unsupported claims into safe operating alternatives with owners, proof routes, escalation triggers, expiration rules, and graduation gates. It is a workaround and containment layer only. It does not authorize PHI processing, live clinical care, patient matching, EHR writeback, payer submission, production connectors, public API SLAs, contractual uptime, managed service coverage, autonomous remediation, live autonomous AI, production model routing, legal advice, accounting advice, tax advice, audited financial reporting, securities material, revenue guarantees, profit-margin guarantees, security certification, accessibility certification, regulatory approval, public quantum capability claims, or buyer release authority.","authority":{"limitationAuthority":"workaround-control-only","dataBoundary":"synthetic-and-metadata-only","phiAuthority":"not-authorized-production-phi","clinicalCareAuthority":"not-authorized-live-care","connectorAuthority":"not-production-connector-approved","autonomyAuthority":"no-autonomous-production-remediation","aiAuthority":"no-live-autonomous-ai-authority","legalAuthority":"qualified-review-required","financialAuthority":"not-audited-financial-report","revenueAuthority":"not-revenue-guarantee","profitAuthority":"not-profit-margin-guarantee","securityCertification":"not-security-certified","accessibilityCertification":"not-accessibility-certified","slaAuthority":"not-contractual-sla","releaseAuthority":"not-release-approval","quantumAuthority":"internal-research-only-no-public-claim"},"trackCount":12,"packetCount":8,"boundaryEscalationCount":8,"boundaryWorkaroundPlaybookCount":11,"boundaryPreflightRequestCount":5,"boundaryPreflightEvaluationCount":5,"failClosedPreflightCount":1,"safeWorkaroundPreflightCount":1,"resolutionWorkOrderCount":6,"unresolvedResolutionWorkOrderCount":4,"executionLedgerCount":5,"resolvedExecutionLedgerCount":5,"openExecutionLedgerCount":0,"cadenceCount":6,"metricCount":8,"openRiskCount":11,"countsByState":{"resolved-with-control":0,"workaround-active":1,"human-review-required":3,"external-review-required":5,"blocked-until-approved":3},"countsBySeverity":{"critical":4,"high":5,"medium":2,"watch":1},"countsByCategory":{"clinical-phi-data":2,"ehr-interoperability":1,"api-sla-scale":1,"ai-agent-autonomy":1,"security-certification":1,"global-legal-privacy":1,"finance-revenue-contracts":1,"onboarding-communications":1,"release-proof":1,"accessibility-ui":1,"innovation-research":1},"resolutionWorkOrdersByStatus":{"resolved-by-workaround":2,"active-workaround":2,"blocked-external-dependency":1,"requires-human-operator":1},"executionLedgerByState":{"proof-retained-no-secret":3,"control-active":2,"operator-required":0,"external-dependency-open":0},"criticalTrackCount":4,"highTrackCount":5,"proofRouteCount":42,"hardStopCount":180,"blockedClaimCount":24,"ownerCount":46,"tracks":[{"slug":"phi-live-data-boundary","title":"PHI and live patient-data boundary","category":"clinical-phi-data","severity":"critical","state":"blocked-until-approved","limitation":"Current public and synthetic workflows cannot ingest PHI, patient identifiers, payer member data, live charts, production credentials, or source medical records.","riskIfIgnored":"A buyer demo or pilot could accidentally become regulated production data processing before privacy, security, BAA/DPA, customer environment, and clinical governance approvals exist.","safeWorkaround":"Use synthetic fixtures, metadata-only references, external evidence-room pointers, no-PHI excerpts, and Health Records Safety Exchange source mapping.","operatingControl":"No-PHI intake lint, route headers, source-class labels, blocked-input copy, and protected AAL2 evidence references.","fallbackPath":"If a buyer needs live records, convert the ask into a customer-hosted sandbox scoping packet and hold execution until approved authority exists.","owner":"Privacy, security, clinical governance, customer authority owner, and TrustOS","proofRoutes":["/health-records","/clinical-authority-readiness","/boundary-resolution"],"escalationTrigger":"Any PHI, identifier, live chart, production credential, patient matching, or data-residency request appears.","graduationGate":"Executed customer authority, BAA/DPA when required, security review, clinical governance approval, connector approval, monitoring, rollback, and retained evidence.","blockedClaims":["PHI processing authorized","live patient data connected","patient matching approved"],"cadence":"Immediate block plus daily review until safely re-scoped."},{"slug":"clinical-care-authority-boundary","title":"Live clinical care and CDS authority","category":"clinical-phi-data","severity":"critical","state":"external-review-required","limitation":"SCRIMED can prepare workflow intelligence, draft-only outputs, and governance evidence, but cannot diagnose, treat, route patients, sign notes, or provide live clinical decision support.","riskIfIgnored":"Operational language could be interpreted as clinical authority, medical advice, or production CDS/SaMD readiness before qualified review.","safeWorkaround":"Frame outputs as synthetic workflow planning, review queues, draft-only documentation, and clinical-governance preparation with explicit human review.","operatingControl":"Clinical Authority Readiness, Clinical Care Activation gates, Claim Guard, and no-live-care headers.","fallbackPath":"Route clinical intent, care pathway, diagnosis, treatment, triage, or clinician signature requests to clinical governance before any external claim expands.","owner":"Clinical governance, qualified clinicians, legal, privacy, and release stewardship","proofRoutes":["/clinical-authority-readiness","/clinical-care-activation","/qa-claim-guard"],"escalationTrigger":"A claim implies diagnosis, treatment, live triage, autonomous care coordination, or production CDS.","graduationGate":"Clinical governance approval, regulatory classification, customer scope, clinician workflow controls, monitoring, override, and rollback evidence.","blockedClaims":["live clinical care authorized","clinical decision support cleared","autonomous diagnosis or treatment permitted"],"cadence":"Daily claim scan and immediate qualified-review escalation."},{"slug":"ehr-writeback-connector-boundary","title":"Production EHR connector and writeback boundary","category":"ehr-interoperability","severity":"critical","state":"blocked-until-approved","limitation":"FHIR, SMART, HL7, DICOM, X12, terminology, and connector planning are synthetic; production connectors, writeback, payer submission, and patient matching remain blocked.","riskIfIgnored":"Integration demos can turn into unsafe production connector promises, mutation claims, or payer-submission commitments.","safeWorkaround":"Use fixture validation, synthetic conformance kits, connector contract review, external artifact references, and no-mutation evidence.","operatingControl":"Interoperability standards map, Health Records Safety Exchange, connector blocked-claim list, and synthetic extraction evaluator.","fallbackPath":"Convert live integration asks into a standards mapping, sandbox preflight, and customer authority checklist.","owner":"Interoperability, platform engineering, privacy, security, clinical governance, and customer integration owner","proofRoutes":["/interoperability","/health-records","/integrations/fixture-validation"],"escalationTrigger":"Production endpoint, credential, writeback, payer submission, patient match, or live HIE/EHR request appears.","graduationGate":"Customer sandbox, security review, connector contract, data boundary approval, mutation policy, audit, monitoring, and rollback evidence.","blockedClaims":["production connector approved","EHR writeback approved","payer submission approved"],"cadence":"Weekly connector-readiness review plus immediate block on live endpoint requests."},{"slug":"public-api-sla-boundary","title":"Public API, SLA, and unlimited-scale boundary","category":"api-sla-scale","severity":"high","state":"human-review-required","limitation":"Route handlers, summaries, and briefs are inspectable contract-readiness surfaces, not public API marketplace launch, contractual SLA, unlimited rate limit, or uptime guarantee.","riskIfIgnored":"Enterprise diligence could mistake technical maturity for contractual support, public availability, unlimited usage, or managed-service coverage.","safeWorkaround":"Use route summaries, boundary headers, version posture, draft quotas, rate-limit classes, support assumptions, and no-SLA language.","operatingControl":"Platform Power API contract register, Enterprise Scalability SLO readiness, Service Reliability fault classes, and Navigation Audit route counts.","fallbackPath":"If a buyer needs API terms, route to contract review with route class, quota, auth posture, monitoring, incident, support tier, and price floor.","owner":"Platform engineering, legal ops, service reliability, customer operations, and finance","proofRoutes":["/platform-power","/enterprise-scalability","/service-reliability"],"escalationTrigger":"Public API, unlimited usage, uptime, SLA, support, or managed-service language appears.","graduationGate":"Contract terms, staffing model, support tier, incident response, monitoring, rate limits, price model, and executive approval.","blockedClaims":["public API SLA approved","unlimited API scale approved","contractual uptime guaranteed"],"cadence":"Daily API contract review and weekly scale council."},{"slug":"ai-agent-autonomy-boundary","title":"Live AI, production model-routing, and agent autonomy boundary","category":"ai-agent-autonomy","severity":"critical","state":"external-review-required","limitation":"Agents may plan, route, inspect, recommend, and produce synthetic evidence, but they cannot execute protected clinical, legal, financial, customer, or production actions autonomously.","riskIfIgnored":"Agent language can imply production model approval, autonomous remediation, clinical action, legal advice, or financial decision authority.","safeWorkaround":"Use model-route registers, allowed/blocked data classes, eval packs, red-team loops, human approval triggers, and protected AAL2 operator lanes.","operatingControl":"AgentOS, TrustOS, Platform Power, QA Claim Guard, Runtime Safety, and Continuous Review loops.","fallbackPath":"When a tool action is requested, switch to recommendation mode and require named human approval before protected execution.","owner":"AI platform, AgentOS, TrustOS, QA, security, finance, and clinical governance","proofRoutes":["/agents","/trust-os","/platform-power","/continuous-review-audit"],"escalationTrigger":"The system is asked to act without approval, route PHI to a model, self-remediate production, or make clinical/legal/financial decisions.","graduationGate":"Approved provider, model route, data policy, eval pass criteria, monitoring, tool schema, approval UI, rollback, audit persistence, and customer authority.","blockedClaims":["live autonomous AI approved","production model routing approved","agent actions fully autonomous"],"cadence":"Daily AI safety/eval queue plus immediate human escalation for protected actions."},{"slug":"security-certification-boundary","title":"Security, privacy, SOC 2, HITRUST, and certification boundary","category":"security-certification","severity":"high","state":"external-review-required","limitation":"SCRIMED can organize readiness evidence, controls, and protected review paths, but cannot claim SOC 2, HITRUST, ISO, HIPAA certification, penetration-test completion, or security approval without qualified evidence.","riskIfIgnored":"Procurement packets could overstate security posture, compliance status, or customer-specific readiness.","safeWorkaround":"Use Trust Center, Provider Security Reviews, Procurement Evidence Registry, Global Certification Readiness, and no-sensitive-artifact references.","operatingControl":"Evidence-room metadata, owner matrix, certification tracks, blocked claims, renewal queue, and protected access logs.","fallbackPath":"Respond with readiness status, evidence-request owner, due date, and external-review gate instead of certification language.","owner":"Security, privacy, legal, trust operations, customer authority owner, and qualified external reviewers","proofRoutes":["/trust-center","/global-certification-readiness","/pilot-workspace/access"],"escalationTrigger":"A buyer asks for SOC 2, HITRUST, ISO, HIPAA certification, pentest, BAA/DPA, vendor-risk approval, or security signoff.","graduationGate":"Qualified assessment, remediation evidence, approved artifact reference, customer-specific acceptance, and release authority.","blockedClaims":["security certified","SOC 2 certified","HITRUST certified"],"cadence":"Weekly evidence-room review and immediate escalation on procurement claims."},{"slug":"global-legal-privacy-boundary","title":"Global legal, privacy, AI Act, GDPR, NHS, MHRA, and regional boundary","category":"global-legal-privacy","severity":"high","state":"external-review-required","limitation":"Global expansion readiness can map evidence needs and regional packs, but cannot claim local legal approval, procurement approval, data-residency approval, EU AI Act conformity, GDPR compliance approval, NHS DTAC approval, MHRA approval, or government endorsement.","riskIfIgnored":"Public-sector and global buyer conversations can become unsupported country-launch or conformity claims.","safeWorkaround":"Use regional buyer packs, deployment profiles, official-source evidence implications, partner authority registers, and qualified regional counsel review.","operatingControl":"Global Certification Readiness, Global Reach, Deployment Profiles, Claim Guard, and Boundary Resolution.","fallbackPath":"Frame global work as no-PHI discovery and localization planning until regional authority exists.","owner":"Regional counsel, privacy, security, clinical governance, global partnerships, and customer procurement owner","proofRoutes":["/global-certification-readiness","/global-reach","/deployment-profiles"],"escalationTrigger":"A claim names country launch, public-sector approval, local hosting approval, GDPR/EU AI Act conformity, NHS/MHRA/Australia approval, or government endorsement.","graduationGate":"Qualified regional legal/privacy/security review, hosting decision, procurement authority, partner approval, and retained release evidence.","blockedClaims":["EU AI Act conformant","GDPR approved","government endorsed"],"cadence":"Weekly global pack review and regional-counsel escalation before external use."},{"slug":"legal-finance-revenue-boundary","title":"Legal, finance, accounting, tax, revenue, and profit boundary","category":"finance-revenue-contracts","severity":"high","state":"external-review-required","limitation":"Enterprise Business Ops can prepare deal desk, pricing, margin, billing, and review packets, but cannot provide legal/accounting/tax advice, audited financial reporting, contract approval, securities material, revenue guarantees, ROI guarantees, or profit-margin guarantees.","riskIfIgnored":"Sales, board, investor, and buyer materials could become unsupported professional advice, financial reporting, securities material, or commercial promises.","safeWorkaround":"Use fixed-scope offers, price floors, buyer-approved measurement plans, counsel review slots, finance/accounting/tax triage, and qualified release authority.","operatingControl":"Enterprise Business Ops, Growth Engine, Capital Vitality, Public Market Readiness, Deal Room, and Claim Guard.","fallbackPath":"Route exceptions to qualified counsel, finance, accounting, tax, and executive approval before proposal release.","owner":"Founder, deal desk, legal, finance, accounting, tax, revenue operations, and qualified reviewers","proofRoutes":["/enterprise-business-ops","/growth-engine","/capital-vitality","/public-market-readiness"],"escalationTrigger":"A proposal includes contract approval, non-standard terms, revenue impact, ROI, reimbursement, valuation, fundraising, tax, accounting, or legal conclusions.","graduationGate":"Qualified review, signed approval, buyer baseline, measurement plan, billing setup, payment terms, and retained release authority.","blockedClaims":["legal advice provided","revenue guaranteed","profit margin guaranteed"],"cadence":"Per-deal desk review plus weekly margin and contract-risk council."},{"slug":"autonomous-communications-boundary","title":"Email, calendar, demo, meeting, and buyer communication boundary","category":"onboarding-communications","severity":"medium","state":"human-review-required","limitation":"SCRIMED can prepare email-ready copy, calendar-ready agendas, demo scripts, meeting notes, and follow-up packets, but cannot autonomously send emails, create calendar invites, approve procurement, or commit scope.","riskIfIgnored":"A draft could become an unauthorized buyer commitment, meeting invite, sales promise, procurement statement, or customer-specific claim.","safeWorkaround":"Use human-reviewed templates, meeting packets, owner handoffs, no-PHI notes, and explicit send/invite approval fields.","operatingControl":"Client Onboarding and Communications stages, handoffs, templates, calendar packets, and blocked-content list.","fallbackPath":"Hold the communication in draft state and require sender, recipient, scope, data boundary, and approval evidence before use.","owner":"Revenue operations, sales engineering, customer operations, legal ops, finance, and product owner","proofRoutes":["/client-onboarding","/offerings","/pilot-deal-room"],"escalationTrigger":"The communication contains PHI, security claims, contract language, pricing exceptions, procurement claims, or clinical promises.","graduationGate":"Human approval of exact content, recipients, timing, scope, no-PHI boundary, pricing, and follow-up owner.","blockedClaims":["email sent autonomously","calendar invite created autonomously","buyer commitment approved"],"cadence":"Per-message human review and daily onboarding handoff review."},{"slug":"release-proof-boundary","title":"Protected QA, buyer proof, and release authority boundary","category":"release-proof","severity":"high","state":"human-review-required","limitation":"Public smoke can prove route availability and fail-closed protected behavior, but cannot prove protected happy-path execution, buyer-specific release, authenticated QA completion, or customer evidence-room distribution.","riskIfIgnored":"Public checks could be mistaken for retained protected evidence, customer permission, or release authority.","safeWorkaround":"Use AAL2 protected workspaces, no-secret operator packets, QA Completion Bridge, Activation Seal, Proof Promotion, Buyer Proof Release, and release-control runbooks.","operatingControl":"Release Continuity, QA Launch Kit, Manual QA Execution Console, Buyer Release Control Runbook, protected evidence packets, and no-token policy.","fallbackPath":"When protected proof is requested, run the approved human AAL2 flow and retain only no-secret packet hashes and metadata.","owner":"Release engineering, TrustOS, tenant governance, approved operator, and buyer diligence","proofRoutes":["/release-continuity","/qa-manual-execution-console","/buyer-release-control-run","/pilot-workspace/access"],"escalationTrigger":"A claim references retained protected proof, customer release, authenticated QA, token handling, evidence-room access, or buyer distribution.","graduationGate":"Fresh human AAL2 run, no-secret packet, reviewer signoff, release decision, lockbox, recipient authority, access-log reconciliation, and claim guard approval.","blockedClaims":["protected happy path completed without AAL2","buyer release approved","bearer token retained as evidence"],"cadence":"Release preflight and protected proof review before buyer-specific use."},{"slug":"ui-accessibility-boundary","title":"UI quality, accessibility, and seamless navigation boundary","category":"accessibility-ui","severity":"medium","state":"workaround-active","limitation":"Navigation can be improved continuously, but current UI polish, responsive behavior, keyboard path, contrast, and accessibility posture are not formal WCAG, VPAT, Section 508, or external UX certification.","riskIfIgnored":"Enterprise demos could overstate accessibility certification or leave high-value workflows hard to find.","safeWorkaround":"Use site navigation, role journeys, Navigation Audit, Product Console, Hub cards, smoke-covered routes, and manual UI review before demos.","operatingControl":"SiteNavigation, Navigation Audit inventory, Product Console proof stack, Platform Power UI role journey control, and smoke checks.","fallbackPath":"If users cannot find a workflow, add it to primary navigation, role journeys, limitation controls, hub views, product actions, and smoke coverage.","owner":"Frontend, Product Console, QA, accessibility reviewer, customer operations, and sales engineering","proofRoutes":["/navigation","/product","/hub","/platform-power"],"escalationTrigger":"A buyer-critical route is hidden, text overlaps, mobile route is unusable, keyboard path is unclear, or accessibility certification is implied.","graduationGate":"Manual responsive review, keyboard path review, contrast review, copy fit, accessibility remediation evidence, and qualified external review if claims expand.","blockedClaims":["accessibility certified","WCAG conformance approved","VPAT completed"],"cadence":"Daily navigation scan and pre-demo UI review."},{"slug":"innovation-quantum-boundary","title":"Internal innovation, quantum, and future infrastructure boundary","category":"innovation-research","severity":"watch","state":"blocked-until-approved","limitation":"Internal research may investigate quantum, advanced model routing, privacy-preserving computation, and future infrastructure, but public product claims remain blocked.","riskIfIgnored":"Future-looking research language could become unsupported buyer, investor, clinical, security, or public-market claims.","safeWorkaround":"Keep research assigned to the internal research team with private hypotheses, no-public-claim labels, source logs, review owners, and claim-guard blocks.","operatingControl":"Continuous Review and Innovation control plane, internal research assignments, Claim Guard, Boundary Resolution, and no-public-quantum authority headers.","fallbackPath":"Translate future research into internal backlog items and remove public wording until validated evidence and qualified review exist.","owner":"Internal Research Team, TrustOS, AI platform, security, legal, finance, and founder","proofRoutes":["/continuous-review-audit","/qa-claim-guard","/boundary-resolution"],"escalationTrigger":"Quantum, model advantage, cryptographic, clinical, security, financial, or infrastructure superiority language appears in external material.","graduationGate":"Validated technical evidence, risk review, qualified legal/security review, buyer-safe claim language, and approved release decision.","blockedClaims":["public quantum capability available","quantum clinical advantage","future infrastructure superiority proven"],"cadence":"Weekly internal research review and immediate public-claim removal."}],"packets":[{"slug":"synthetic-no-phi-packet","name":"Synthetic no-PHI packet","usedWhen":"A buyer asks for workflow proof, record extraction, AI output, or demo evidence without approved PHI authority.","safeInputs":["synthetic fixtures","metadata-only source labels","de-identified public examples","no-secret operator notes"],"output":"Buyer-safe demo or assessment packet with explicit no-PHI and no-live-care boundary.","owner":"TrustOS + product owner","proofRoutes":["/health-records","/pilot-evidence","/boundary-resolution"],"expiryRule":"Refresh whenever source class, buyer scope, approval state, or claim language changes.","hardStops":["PHI introduced","patient identifier introduced","live chart requested","source artifact pasted"]},{"slug":"external-evidence-reference","name":"External evidence reference","usedWhen":"The artifact is sensitive, confidential, regulated, buyer-owned, or not safe to store in SCRIMED.","safeInputs":["external system name","artifact type","reviewer label","status","expiry date"],"output":"Metadata-only reference that points to the authority source without storing the underlying artifact.","owner":"Customer authority owner + trust operations","proofRoutes":["/pilot-workspace/access","/global-certification-readiness","/trust-center"],"expiryRule":"Renew before expiration, owner change, buyer scope change, or regulation/certification scope change.","hardStops":["artifact uploaded","secret included","contract pasted","medical record pasted"]},{"slug":"human-reviewed-communication","name":"Human-reviewed communication packet","usedWhen":"Email, calendar, demo, presentation, pilot workshop, proposal, or follow-up language is needed.","safeInputs":["recipient role","meeting objective","no-PHI scope","offer","proof route","required reviewer"],"output":"Draft-only communication with approval slot, send owner, follow-up owner, and blocked-content checklist.","owner":"Revenue operations + sales engineering","proofRoutes":["/client-onboarding","/offerings","/enterprise-business-ops"],"expiryRule":"Re-review after 7 days, pricing change, scope change, reviewer change, or new buyer requirement.","hardStops":["autonomous send requested","calendar invite creation requested","contract promise included","PHI included"]},{"slug":"aal2-protected-proof","name":"AAL2 protected proof packet","usedWhen":"A buyer, operator, or reviewer needs retained protected proof instead of public smoke evidence.","safeInputs":["workspace slug","operator role","packet hash","reviewer label","no-secret summary"],"output":"Protected no-secret proof packet with release decision and buyer-safe claim state.","owner":"Approved operator + release stewardship","proofRoutes":["/qa-manual-execution-console","/buyer-release-control-run","/pilot-workspace/access"],"expiryRule":"Re-run when deployment, route, workspace, reviewer, claim language, or evidence packet changes.","hardStops":["token retained","AAL2 bypass attempted","protected route publicly exposed","buyer release claimed early"]},{"slug":"api-contract-readiness","name":"API contract readiness packet","usedWhen":"A technical buyer needs API detail before public API SLA, SDK, or production connector approval exists.","safeInputs":["route","owner","schema","version posture","auth posture","boundary headers"],"output":"Draft API contract packet with examples, rate-limit posture, no-SLA language, and blocked claims.","owner":"Platform engineering + developer experience","proofRoutes":["/platform-power","/navigation","/api/product/console"],"expiryRule":"Re-review on schema change, auth change, rate-limit change, version change, or buyer-specific scope.","hardStops":["public API SLA implied","production connector promised","PHI payload accepted","unlimited usage promised"]},{"slug":"model-route-register","name":"Model-route register packet","usedWhen":"A feature proposes AI model execution, provider routing, fallback, evals, or agent reasoning.","safeInputs":["provider","model class","allowed data","blocked data","eval pack","fallback","cost owner"],"output":"Readiness-only model-route record with human approval triggers and no-live-AI boundary.","owner":"AI platform + TrustOS + finance","proofRoutes":["/platform-power","/agents","/trust-os","/continuous-review-audit"],"expiryRule":"Re-review on provider, model, data class, cost threshold, eval failure, or customer scope change.","hardStops":["PHI routed to model","provider approval missing","production model approval implied","clinical validation claimed"]},{"slug":"deal-desk-exception","name":"Deal desk exception packet","usedWhen":"Pricing, scope, payment terms, ROI, reimbursement, legal, tax, accounting, securities, or contract language is non-standard.","safeInputs":["offer","price floor","scope","payment terms","reviewer role","approval status"],"output":"Qualified-review packet with blocked claims, margin notes, counsel/accounting/tax slots, and release gate.","owner":"Deal desk + legal + finance","proofRoutes":["/enterprise-business-ops","/growth-engine","/capital-vitality"],"expiryRule":"Re-review on price, scope, buyer, term, reviewer, or claim-language change.","hardStops":["legal advice implied","revenue guaranteed","profit guaranteed","contract approved without reviewer"]},{"slug":"global-regional-pack","name":"Global regional workaround pack","usedWhen":"A region, public-sector buyer, channel partner, or global certification question appears before local authority exists.","safeInputs":["region","buyer type","deployment profile","regional counsel owner","blocked claims"],"output":"Localization pack that frames readiness, evidence needs, hosting questions, and retained external gates.","owner":"Global partnerships + regional counsel","proofRoutes":["/global-reach","/global-certification-readiness","/deployment-profiles"],"expiryRule":"Re-review on region, regulation, hosting profile, partner, customer segment, or public-sector scope change.","hardStops":["country launch claimed","government endorsement implied","data residency approved early","regional clinical approval claimed"]}],"boundaryEscalations":[{"slug":"phi-live-data-escalation","requestPattern":"Buyer asks to upload, paste, connect, or analyze PHI, patient identifiers, member IDs, live charts, production records, or customer credentials.","severity":"critical","immediateDecision":"Block the request and re-scope to synthetic, no-PHI, or metadata-only evaluation.","safeResponse":"SCRIMED can evaluate the workflow with synthetic fixtures, metadata-only source references, and a health-record safety plan while PHI authority remains gated.","requiredOwner":"Privacy, security, clinical governance, customer authority owner, and TrustOS","escalationPath":["Health Records Safety Exchange","Clinical Authority Readiness","Boundary Resolution","Qualified customer/privacy approval"],"proofRoutes":["/health-records","/clinical-authority-readiness","/boundary-resolution"],"decisionSla":"Immediate block, same-business-day owner assignment, and daily review until safely re-scoped.","hardStops":["PHI introduced","patient identifier introduced","production credential requested","live chart requested"],"graduationEvidence":["BAA/DPA when required","customer authority","security review","clinical governance approval","connector/data boundary approval"]},{"slug":"live-clinical-care-escalation","requestPattern":"Buyer, demo, sales, or product language asks SCRIMED to diagnose, treat, triage, prescribe, route patients, sign notes, or provide production CDS.","severity":"critical","immediateDecision":"Hold the claim and convert the workflow to draft-only operational planning with human clinical review.","safeResponse":"SCRIMED can prepare workflow intelligence, draft queues, evidence organization, and governance packets, but live clinical decisions require qualified authority.","requiredOwner":"Clinical governance, qualified clinicians, legal, privacy, and release stewardship","escalationPath":["Clinical Care Activation","Clinical Authority Readiness","QA Claim Guard","Regulatory/intended-use review"],"proofRoutes":["/clinical-care-activation","/clinical-authority-readiness","/qa-claim-guard"],"decisionSla":"Immediate claim hold before external use; qualified review required before any clinical wording expands.","hardStops":["diagnosis implied","treatment implied","autonomous triage requested","clinician signature implied"],"graduationEvidence":["intended-use review","clinical governance approval","customer scope","monitoring/override plan","rollback evidence"]},{"slug":"production-connector-escalation","requestPattern":"Buyer requests production EHR, HIE, payer, imaging, device, SMART launch, writeback, patient matching, or payer submission connectivity.","severity":"critical","immediateDecision":"Block live connector execution and route to standards mapping, sandbox preflight, and customer authority review.","safeResponse":"SCRIMED can provide standards-aware synthetic conformance review, connector contract planning, and no-mutation evidence before production connectivity is approved.","requiredOwner":"Interoperability, platform engineering, privacy, security, clinical governance, and customer integration owner","escalationPath":["Interoperability registry","Health Records Safety Exchange","Platform Power API contract register","Customer sandbox authority"],"proofRoutes":["/interoperability","/health-records","/platform-power","/integrations/fixture-validation"],"decisionSla":"Immediate block for production endpoints; weekly connector-readiness review once safely scoped.","hardStops":["production endpoint requested","EHR writeback requested","payer submission requested","patient matching requested"],"graduationEvidence":["customer sandbox","security review","connector contract","mutation policy","audit/monitoring","rollback plan"]},{"slug":"security-certification-escalation","requestPattern":"Procurement asks for SOC 2, HITRUST, ISO, HIPAA certification, penetration testing, vendor-risk approval, BAA/DPA, or security signoff.","severity":"high","immediateDecision":"Respond with readiness posture, available evidence references, missing artifacts, and external-review owner.","safeResponse":"SCRIMED can provide trust-center readiness evidence, metadata-only artifact references, and a review plan without claiming certification or approval.","requiredOwner":"Security, privacy, legal, trust operations, customer authority owner, and qualified external reviewer","escalationPath":["Trust Center","Global Certification Readiness","Provider Security Reviews","Procurement Evidence Registry"],"proofRoutes":["/trust-center","/global-certification-readiness","/pilot-workspace/access"],"decisionSla":"Same-business-day evidence owner assignment; weekly procurement evidence review until artifact status changes.","hardStops":["security certified claimed","SOC 2 certified claimed","HITRUST certified claimed","penetration test complete claimed"],"graduationEvidence":["qualified assessment","remediation evidence","approved artifact reference","customer-specific acceptance","release authority"]},{"slug":"api-sla-scale-escalation","requestPattern":"Buyer asks for public API access, unlimited usage, public SDK, uptime, support coverage, contractual SLA, managed service coverage, or trillion-scale capacity.","severity":"high","immediateDecision":"Route to API contract readiness and deal-desk review before any external commitment.","safeResponse":"SCRIMED can share route summaries, version posture, boundary headers, rate-class planning, and support assumptions without creating an SLA.","requiredOwner":"Platform engineering, service reliability, legal ops, finance, customer operations, and executive approver","escalationPath":["Platform Power","Enterprise Scalability","Service Reliability","Enterprise Business Ops"],"proofRoutes":["/platform-power","/enterprise-scalability","/service-reliability","/enterprise-business-ops"],"decisionSla":"Same-business-day API owner assignment; weekly scale council for quota, support, incident, and price-floor decisions.","hardStops":["public API SLA implied","unlimited usage promised","contractual uptime promised","managed service commitment implied"],"graduationEvidence":["contract terms","rate limits","support tier","incident response plan","monitoring","price model","executive approval"]},{"slug":"autonomous-agent-action-escalation","requestPattern":"User asks agents to send messages, create invites, execute tools, remediate production, make clinical/legal/financial decisions, or act without human approval.","severity":"critical","immediateDecision":"Switch to recommendation mode and require named human approval before any protected action.","safeResponse":"SCRIMED agents can plan, inspect, draft, evaluate, and route work while protected execution remains human-approved and audit-bound.","requiredOwner":"AgentOS, TrustOS, QA, security, finance, clinical governance, and approved operator","escalationPath":["AgentOS","TrustOS","Continuous Review","Manual QA Execution Console","QA Claim Guard"],"proofRoutes":["/agents","/trust-os","/continuous-review-audit","/qa-manual-execution-console","/qa-claim-guard"],"decisionSla":"Immediate stop for protected execution; approval packet required before action resumes.","hardStops":["tool execution without approval","production remediation requested","clinical decision requested","legal or financial decision requested"],"graduationEvidence":["allowed tool schema","blocked tool list","human approval UI","audit persistence","rollback behavior","customer authority"]},{"slug":"deal-investor-finance-escalation","requestPattern":"Proposal, investor, buyer, or board language asks for legal advice, tax/accounting conclusions, audited financials, valuation, securities material, ROI, revenue, reimbursement, or profit guarantees.","severity":"high","immediateDecision":"Hold external release and route to deal desk plus qualified legal, finance, accounting, tax, or securities review.","safeResponse":"SCRIMED can provide readiness evidence, fixed-scope offers, buyer-approved measurement plans, and review slots without giving professional advice or guarantees.","requiredOwner":"Founder, deal desk, legal, finance, accounting, tax, revenue operations, and qualified advisors","escalationPath":["Enterprise Business Ops","Growth Engine","Capital Vitality","Investor Audience Readiness","QA Claim Guard"],"proofRoutes":["/enterprise-business-ops","/growth-engine","/capital-vitality","/investor-audience-readiness","/qa-claim-guard"],"decisionSla":"Hold until qualified reviewer signs off on exact language, recipient, scope, and measurement boundary.","hardStops":["legal advice implied","tax advice implied","securities material implied","ROI or revenue guaranteed"],"graduationEvidence":["qualified review","approved language","buyer baseline","measurement plan","recipient context","release decision"]},{"slug":"regional-global-approval-escalation","requestPattern":"Buyer or partner asks for country launch, public-sector approval, government endorsement, GDPR/EU AI Act conformity, NHS/MHRA/Australia approval, or data-residency approval.","severity":"high","immediateDecision":"Convert to regional discovery and localization planning until qualified regional authority exists.","safeResponse":"SCRIMED can prepare no-PHI regional packs, deployment questions, and evidence implications without claiming local approval or conformity.","requiredOwner":"Regional counsel, privacy, security, global partnerships, procurement, and customer authority owner","escalationPath":["Global Reach","Global Certification Readiness","Deployment Profiles","Boundary Resolution"],"proofRoutes":["/global-reach","/global-certification-readiness","/deployment-profiles","/boundary-resolution"],"decisionSla":"Same-business-day region owner assignment; external regional review before any public-sector or country-specific claim.","hardStops":["country launch approved claimed","government endorsement implied","data residency approved claimed","regional compliance approved claimed"],"graduationEvidence":["regional counsel review","privacy/security review","hosting decision","procurement authority","partner/customer signoff"]}],"boundaryWorkaroundPlaybook":[{"slug":"playbook-live-phi-request","boundary":"live PHI, patient identifiers, member data, live charts, and production credentials","status":"blocked-until-evidence","triggerSignals":["PHI upload","patient identifier","member ID","live chart","production credential"],"immediateDecision":"Block intake, do not store the payload, and re-scope to synthetic or metadata-only review.","safeAlternative":"Use the Synthetic no-PHI packet, Health Records Safety Exchange source mapping, and external evidence references without copying protected records into SCRIMED.","mappedPacket":"synthetic-no-phi-packet","requiredApprovals":["privacy review","security review","customer authority","BAA/DPA when required","clinical governance review"],"proofRoutes":["/health-records","/clinical-authority-readiness","/boundary-resolution","/limitations-workarounds"],"validationCommand":"npm run smoke:limitations-workarounds","failClosedExpectation":"Requests that contain PHI or identifiers remain blocked before storage, model routing, connector execution, or buyer-facing output.","graduationEvidence":["signed authority","data boundary approval","retention policy","monitoring plan","rollback owner"],"residualRisk":"Synthetic proof can support diligence, but it does not validate live PHI operations or patient-specific safety.","hardStops":["PHI pasted into prompt","live chart uploaded","patient matching requested","production credential provided"],"owner":"Privacy, security, clinical governance, customer authority owner, and TrustOS"},{"slug":"playbook-clinical-authority-request","boundary":"diagnosis, treatment, prescribing, triage, patient routing, signed notes, and production CDS","status":"external-approval-required","triggerSignals":["diagnosis","treatment recommendation","prescribing","triage","sign note","clinical decision support"],"immediateDecision":"Convert to draft-only workflow intelligence and require qualified clinical review.","safeAlternative":"Use clinical-governance preparation, synthetic clinical robustness evaluation, evidence organization, and human review queues.","mappedPacket":"synthetic-no-phi-packet","requiredApprovals":["qualified clinician review","intended-use review","regulatory classification","customer scope approval","monitoring and override plan"],"proofRoutes":["/clinical-care-activation","/clinical-authority-readiness","/clinical-robustness-lab","/qa-claim-guard"],"validationCommand":"npm run smoke:clinical-robustness-lab","failClosedExpectation":"Clinical outputs remain research/demo or draft-only and cannot become autonomous care, diagnosis, treatment, prescribing, or signed documentation.","graduationEvidence":["clinical governance signoff","reviewer workflow","risk classification","override policy","rollback evidence"],"residualRisk":"Reviewer-gated drafts can reduce operational burden but do not replace clinician judgment or establish clinical validation.","hardStops":["autonomous diagnosis","treatment plan finalized","prescription action","patient routed without approval"],"owner":"Clinical governance, qualified clinicians, legal, privacy, and release stewardship"},{"slug":"playbook-ehr-writeback-connector-request","boundary":"production EHR/HIE/payer/imaging/device connector use, patient matching, writeback, and mutation","status":"blocked-until-evidence","triggerSignals":["production endpoint","SMART launch","EHR writeback","patient matching","PACS mutation","device feed"],"immediateDecision":"Block production connector execution and convert the ask into standards mapping plus sandbox preflight.","safeAlternative":"Use fixture validation, interoperability conformance metadata, connector contract review, and no-mutation evidence packets.","mappedPacket":"api-contract-readiness","requiredApprovals":["customer sandbox authority","security review","connector contract","mutation policy","audit and rollback review"],"proofRoutes":["/interoperability","/health-records","/integrations/fixture-validation","/platform-power"],"validationCommand":"npm run smoke:public","failClosedExpectation":"Production connector, writeback, patient matching, and raw connector payload logging stay blocked until explicit customer and technical authority exists.","graduationEvidence":["sandbox credentials","scoped connector approval","audit trail","rate limits","rollback plan"],"residualRisk":"Synthetic conformance shows readiness posture only; it cannot prove customer-specific connector acceptance.","hardStops":["production endpoint requested","raw connector payload stored","EHR writeback requested","patient merge requested"],"owner":"Interoperability, platform engineering, privacy, security, clinical governance, and customer integration owner"},{"slug":"playbook-payer-submission-request","boundary":"payer submission, billing submission, claim filing, reimbursement certainty, and medical-necessity determination","status":"human-review-required","triggerSignals":["submit prior authorization","submit claim","bill payer","medical necessity approved","reimbursement guaranteed"],"immediateDecision":"Keep payer work in documentation readiness or draft-review mode and block submission.","safeAlternative":"Use Documentation-Before-Authorization checks, RCM denial-risk metadata, payer-policy lookup scaffolds, and human-reviewed packets.","mappedPacket":"deal-desk-exception","requiredApprovals":["payer workflow owner","clinical reviewer","billing compliance review","customer authorization","release decision"],"proofRoutes":["/scrimed-build-roadmap","/enterprise-business-ops","/qa-claim-guard","/limitations-workarounds"],"validationCommand":"npm run smoke:documentation-before-authorization","failClosedExpectation":"SCRIMED may identify missing documentation and draft review packets, but it does not submit payer transactions or guarantee reimbursement.","graduationEvidence":["customer payer authority","billing compliance signoff","human submitter approval","audit log","rollback/void process"],"residualRisk":"Documentation readiness can lower denial risk but cannot assure payer behavior or reimbursement.","hardStops":["payer transaction submitted","claim filed","reimbursement guaranteed","medical necessity certified"],"owner":"RCM owner, compliance reviewer, clinical governance, customer billing owner, and legal"},{"slug":"playbook-autonomous-agent-action-request","boundary":"autonomous agent execution, production remediation, model routing, tool calls, email/calendar actions, and protected workflow actions","status":"human-review-required","triggerSignals":["execute tool","send email","create calendar invite","auto-remediate","route PHI to model","production model approved"],"immediateDecision":"Switch to recommendation mode and require named human approval before any protected action resumes.","safeAlternative":"Use the Meta-Harness, model-route register, manual QA execution console, and no-secret AAL2 operator lanes.","mappedPacket":"model-route-register","requiredApprovals":["tool permission owner","TrustOS review","security review","cost owner","clinical/legal/finance owner when relevant"],"proofRoutes":["/agents","/trust-os","/scrimed-build-roadmap","/continuous-review-audit","/qa-manual-execution-console"],"validationCommand":"npm run smoke:scrimed-meta-harness","failClosedExpectation":"Agents can plan, inspect, draft, evaluate, and recommend, but protected execution requires permissioned tools, audit logs, and human approval.","graduationEvidence":["allowed tool schema","blocked tool list","approval UI","audit persistence","rollback behavior"],"residualRisk":"Human-reviewed recommendations still require monitoring for drift, misuse, cost spikes, and unsafe automation pressure.","hardStops":["tool execution without approval","patient outreach","production remediation","clinical/legal/financial decision"],"owner":"AgentOS, TrustOS, AI platform, security, QA, finance, and clinical governance"},{"slug":"playbook-security-certification-request","boundary":"SOC 2, HITRUST, ISO, HIPAA certification, penetration test completion, BAA/DPA, and security signoff","status":"external-approval-required","triggerSignals":["SOC 2 certified","HITRUST certified","HIPAA certified","pentest complete","BAA approved","vendor risk approved"],"immediateDecision":"Respond with readiness posture and evidence request owner, not certification language.","safeAlternative":"Use Trust Center readiness, global certification readiness, provider security review metadata, and external evidence references.","mappedPacket":"external-evidence-reference","requiredApprovals":["qualified assessor","security owner","privacy owner","legal owner","customer-specific acceptance"],"proofRoutes":["/trust-center","/global-certification-readiness","/pilot-workspace/access","/boundary-resolution"],"validationCommand":"npm run smoke:limitations-workarounds","failClosedExpectation":"Security and privacy claims remain readiness-only unless qualified evidence and approved release authority exist.","graduationEvidence":["assessment report","remediation evidence","artifact reference","release approval","renewal owner"],"residualRisk":"Readiness artifacts can support procurement but do not substitute for independent assessment or customer acceptance.","hardStops":["certification claimed","assessment implied complete","security signoff promised","BAA accepted without review"],"owner":"Security, privacy, legal, trust operations, and qualified external reviewers"},{"slug":"playbook-api-sla-scale-request","boundary":"public API SLA, unlimited usage, contractual uptime, managed service coverage, support guarantee, and scale-equivalence claims","status":"human-review-required","triggerSignals":["public API","unlimited usage","uptime guaranteed","managed service","support guarantee","trillion-dollar scale"],"immediateDecision":"Route to API contract readiness, pricing, support, incident, and executive review before external commitment.","safeAlternative":"Share route summaries, version posture, boundary headers, draft quotas, rate classes, support assumptions, and no-SLA language.","mappedPacket":"api-contract-readiness","requiredApprovals":["platform owner","service reliability owner","legal","finance","executive approver"],"proofRoutes":["/platform-power","/enterprise-scalability","/service-reliability","/enterprise-business-ops"],"validationCommand":"npm run smoke:public","failClosedExpectation":"Public routes remain inspectable readiness surfaces and do not create contractual SLA, unlimited scale, or managed-service obligations.","graduationEvidence":["contract terms","rate limits","support tier","incident plan","monitoring","price model"],"residualRisk":"Technical availability checks are not contractual commitments and do not prove enterprise support capacity.","hardStops":["unlimited usage promised","contractual uptime promised","managed service active claimed","scale parity guaranteed"],"owner":"Platform engineering, service reliability, legal ops, finance, customer operations, and executive approver"},{"slug":"playbook-legal-finance-investor-request","boundary":"legal advice, tax/accounting conclusions, audited financials, securities material, valuation, ROI, revenue, reimbursement, and profit guarantees","status":"external-approval-required","triggerSignals":["legal advice","tax advice","audited financials","securities material","valuation","ROI guaranteed","revenue guaranteed"],"immediateDecision":"Hold external release and route exact language to qualified legal, finance, accounting, tax, or securities review.","safeAlternative":"Use fixed-scope offers, buyer-approved measurement plans, review slots, finance methodology gates, and no-guarantee language.","mappedPacket":"deal-desk-exception","requiredApprovals":["qualified counsel","finance reviewer","accounting reviewer","tax reviewer when relevant","executive release authority"],"proofRoutes":["/enterprise-business-ops","/growth-engine","/capital-vitality","/investor-audience-readiness"],"validationCommand":"npm run smoke:limitations-workarounds","failClosedExpectation":"Commercial and investor material remains readiness and operating discipline, not legal advice, audited reporting, securities material, or guarantees.","graduationEvidence":["approved language","recipient context","measurement plan","buyer baseline","release decision"],"residualRisk":"Value narratives remain estimates or hypotheses until buyer-approved baselines and qualified review exist.","hardStops":["legal advice provided","tax/accounting conclusion","securities material released","ROI guaranteed"],"owner":"Founder, deal desk, legal, finance, accounting, tax, revenue operations, and qualified advisors"},{"slug":"playbook-global-regional-approval-request","boundary":"country launch, public-sector approval, government endorsement, data residency, GDPR, EU AI Act, NHS, MHRA, and regional procurement claims","status":"external-approval-required","triggerSignals":["country launch","government endorsed","data residency approved","GDPR approved","EU AI Act conformant","NHS approved"],"immediateDecision":"Convert to no-PHI regional discovery and localization planning until qualified local authority exists.","safeAlternative":"Use global regional workaround packs, deployment profiles, regional evidence implications, and local-counsel owner assignment.","mappedPacket":"global-regional-pack","requiredApprovals":["regional counsel","privacy review","security review","hosting decision","procurement authority","partner/customer signoff"],"proofRoutes":["/global-reach","/global-certification-readiness","/deployment-profiles","/boundary-resolution"],"validationCommand":"npm run smoke:limitations-workarounds","failClosedExpectation":"Regional work remains discovery and localization planning, not local approval, procurement acceptance, conformity, or launch authority.","graduationEvidence":["regional counsel review","hosting evidence","privacy/security signoff","partner authority","release decision"],"residualRisk":"Global readiness maps requirements but does not resolve local law, procurement, hosting, or clinical authority.","hardStops":["country launch approved","government endorsement implied","data residency approved early","regional compliance approved"],"owner":"Regional counsel, privacy, security, global partnerships, procurement, and customer authority owner"},{"slug":"playbook-customer-go-live-release-request","boundary":"customer go-live, buyer release, protected proof distribution, production support, and launch approval","status":"human-review-required","triggerSignals":["go-live approved","buyer release","send proof packet","production support","launch approved"],"immediateDecision":"Hold release language and require protected proof, reviewer signoff, recipient authority, and claim guard review.","safeAlternative":"Use QA Completion Bridge, Activation Seal, Manual QA Execution Console, Buyer Proof Release, and no-secret protected evidence packets.","mappedPacket":"aal2-protected-proof","requiredApprovals":["approved AAL2 operator","reviewer signoff","release steward","recipient authority","claim guard"],"proofRoutes":["/release-continuity","/qa-manual-execution-console","/buyer-release-control-run","/pilot-workspace/access"],"validationCommand":"npm run smoke:aal2:readiness","failClosedExpectation":"Public smoke and synthetic proof do not become buyer release authority or customer go-live approval.","graduationEvidence":["fresh AAL2 run","no-secret packet","reviewer signoff","recipient qualification","access-log reconciliation"],"residualRisk":"Protected proof can expire or become stale after deployment, route, reviewer, workspace, recipient, or claim-language changes.","hardStops":["token retained","buyer release claimed early","go-live approved without signoff","protected proof shared without recipient authority"],"owner":"Release engineering, TrustOS, approved operator, reviewer, and buyer diligence owner"},{"slug":"playbook-public-quantum-claim-request","boundary":"public quantum capability, quantum clinical advantage, quantum-safe certification, and future infrastructure superiority","status":"blocked-until-evidence","triggerSignals":["quantum capability","quantum advantage","quantum-safe certified","future infrastructure superiority"],"immediateDecision":"Keep the topic internal research only and remove external product, buyer, investor, or security claims.","safeAlternative":"Use internal research backlog items with hypothesis, source log, review owner, and no-public-claim labels.","mappedPacket":"external-evidence-reference","requiredApprovals":["internal research owner","security review","legal review","claim guard","release decision"],"proofRoutes":["/continuous-review-audit","/qa-claim-guard","/boundary-resolution","/limitations-workarounds"],"validationCommand":"npm run smoke:limitations-workarounds","failClosedExpectation":"Quantum remains internal research and cannot appear as a public capability, certification, clinical advantage, or investor claim.","graduationEvidence":["validated technical evidence","risk review","qualified legal/security review","approved claim language"],"residualRisk":"Future-facing language can quickly become an unsupported superiority claim if not kept behind release review.","hardStops":["public quantum capability claimed","quantum clinical advantage claimed","quantum-safe certification claimed"],"owner":"Internal Research Team, TrustOS, AI platform, security, legal, finance, and founder"}],"boundaryPreflightRequests":[{"requestId":"preflight-live-phi-upload","requestedAction":"Upload a live chart and match the patient before a demo.","requestedSignals":["PHI upload","live chart","patient matching"],"requestedDataClasses":["live chart","patient identifier","production record"],"requestedOutcome":"clinical workflow proof","containsPhi":true,"requestsProtectedAction":true,"customerApprovalEvidencePresent":false,"humanApprovalEvidencePresent":false},{"requestId":"preflight-payer-submit","requestedAction":"Submit the prior authorization and guarantee reimbursement.","requestedSignals":["submit prior authorization","reimbursement guaranteed"],"requestedDataClasses":["synthetic documentation packet"],"requestedOutcome":"payer approval","containsPhi":false,"requestsProtectedAction":true,"customerApprovalEvidencePresent":false,"humanApprovalEvidencePresent":false},{"requestId":"preflight-agent-remediate","requestedAction":"Let an agent auto-remediate production and send the follow-up email.","requestedSignals":["auto-remediate","send email","execute tool"],"requestedDataClasses":["operational metadata"],"requestedOutcome":"autonomous production action","containsPhi":false,"requestsProtectedAction":true,"customerApprovalEvidencePresent":false,"humanApprovalEvidencePresent":false},{"requestId":"preflight-security-certification","requestedAction":"Tell procurement SCRIMED is SOC 2 certified and HIPAA certified.","requestedSignals":["SOC 2 certified","HIPAA certified","vendor risk approved"],"requestedDataClasses":["security readiness metadata"],"requestedOutcome":"procurement approval","containsPhi":false,"requestsProtectedAction":false,"customerApprovalEvidencePresent":false,"humanApprovalEvidencePresent":false},{"requestId":"preflight-safe-synthetic-assessment","requestedAction":"Run a no-PHI synthetic workflow assessment with metadata-only evidence.","requestedSignals":["synthetic assessment","metadata-only","no PHI"],"requestedDataClasses":["synthetic fixture","metadata-only reference"],"requestedOutcome":"buyer-safe workflow assessment","containsPhi":false,"requestsProtectedAction":false,"customerApprovalEvidencePresent":false,"humanApprovalEvidencePresent":true}],"boundaryPreflightEvaluations":[{"requestId":"preflight-live-phi-upload","decision":"block-fail-closed","matchedPlaybookSlugs":["playbook-live-phi-request","playbook-ehr-writeback-connector-request"],"matchedBoundaries":["live PHI, patient identifiers, member data, live charts, and production credentials","production EHR/HIE/payer/imaging/device connector use, patient matching, writeback, and mutation"],"mappedPackets":["synthetic-no-phi-packet","api-contract-readiness"],"immediateDecision":"Block intake, do not store the payload, and re-scope to synthetic or metadata-only review. Block production connector execution and convert the ask into standards mapping plus sandbox preflight.","safeAlternative":"Use the Synthetic no-PHI packet, Health Records Safety Exchange source mapping, and external evidence references without copying protected records into SCRIMED. Use fixture validation, interoperability conformance metadata, connector contract review, and no-mutation evidence packets.","requiredApprovals":["privacy review","security review","customer authority","BAA/DPA when required","clinical governance review","customer sandbox authority","connector contract","mutation policy","audit and rollback review"],"proofRoutes":["/health-records","/clinical-authority-readiness","/boundary-resolution","/limitations-workarounds","/interoperability","/integrations/fixture-validation","/platform-power"],"validationCommands":["npm run smoke:limitations-workarounds","npm run smoke:public"],"hardStops":["PHI pasted into prompt","live chart uploaded","patient matching requested","production credential provided","production endpoint requested","raw connector payload stored","EHR writeback requested","patient merge requested"],"failClosedExpectation":"Requests that contain PHI or identifiers remain blocked before storage, model routing, connector execution, or buyer-facing output. Production connector, writeback, patient matching, and raw connector payload logging stay blocked until explicit customer and technical authority exists.","residualRisk":"Synthetic proof can support diligence, but it does not validate live PHI operations or patient-specific safety. Synthetic conformance shows readiness posture only; it cannot prove customer-specific connector acceptance.","noGoBoundaryPreserved":true,"externalExecutionAllowed":false,"phiProcessingAllowed":false,"autonomousActionAllowed":false,"auditHash":"scrimed-limit-6aad07c3"},{"requestId":"preflight-payer-submit","decision":"human-review-required","matchedPlaybookSlugs":["playbook-payer-submission-request"],"matchedBoundaries":["payer submission, billing submission, claim filing, reimbursement certainty, and medical-necessity determination"],"mappedPackets":["deal-desk-exception"],"immediateDecision":"Keep payer work in documentation readiness or draft-review mode and block submission.","safeAlternative":"Use Documentation-Before-Authorization checks, RCM denial-risk metadata, payer-policy lookup scaffolds, and human-reviewed packets.","requiredApprovals":["payer workflow owner","clinical reviewer","billing compliance review","customer authorization","release decision"],"proofRoutes":["/scrimed-build-roadmap","/enterprise-business-ops","/qa-claim-guard","/limitations-workarounds"],"validationCommands":["npm run smoke:documentation-before-authorization"],"hardStops":["payer transaction submitted","claim filed","reimbursement guaranteed","medical necessity certified"],"failClosedExpectation":"SCRIMED may identify missing documentation and draft review packets, but it does not submit payer transactions or guarantee reimbursement.","residualRisk":"Documentation readiness can lower denial risk but cannot assure payer behavior or reimbursement.","noGoBoundaryPreserved":true,"externalExecutionAllowed":false,"phiProcessingAllowed":false,"autonomousActionAllowed":false,"auditHash":"scrimed-limit-ddf12661"},{"requestId":"preflight-agent-remediate","decision":"human-review-required","matchedPlaybookSlugs":["playbook-autonomous-agent-action-request"],"matchedBoundaries":["autonomous agent execution, production remediation, model routing, tool calls, email/calendar actions, and protected workflow actions"],"mappedPackets":["model-route-register"],"immediateDecision":"Switch to recommendation mode and require named human approval before any protected action resumes.","safeAlternative":"Use the Meta-Harness, model-route register, manual QA execution console, and no-secret AAL2 operator lanes.","requiredApprovals":["tool permission owner","TrustOS review","security review","cost owner","clinical/legal/finance owner when relevant"],"proofRoutes":["/agents","/trust-os","/scrimed-build-roadmap","/continuous-review-audit","/qa-manual-execution-console"],"validationCommands":["npm run smoke:scrimed-meta-harness"],"hardStops":["tool execution without approval","patient outreach","production remediation","clinical/legal/financial decision"],"failClosedExpectation":"Agents can plan, inspect, draft, evaluate, and recommend, but protected execution requires permissioned tools, audit logs, and human approval.","residualRisk":"Human-reviewed recommendations still require monitoring for drift, misuse, cost spikes, and unsafe automation pressure.","noGoBoundaryPreserved":true,"externalExecutionAllowed":false,"phiProcessingAllowed":false,"autonomousActionAllowed":false,"auditHash":"scrimed-limit-286ca658"},{"requestId":"preflight-security-certification","decision":"external-approval-required","matchedPlaybookSlugs":["playbook-security-certification-request"],"matchedBoundaries":["SOC 2, HITRUST, ISO, HIPAA certification, penetration test completion, BAA/DPA, and security signoff"],"mappedPackets":["external-evidence-reference"],"immediateDecision":"Respond with readiness posture and evidence request owner, not certification language.","safeAlternative":"Use Trust Center readiness, global certification readiness, provider security review metadata, and external evidence references.","requiredApprovals":["qualified assessor","security owner","privacy owner","legal owner","customer-specific acceptance"],"proofRoutes":["/trust-center","/global-certification-readiness","/pilot-workspace/access","/boundary-resolution"],"validationCommands":["npm run smoke:limitations-workarounds"],"hardStops":["certification claimed","assessment implied complete","security signoff promised","BAA accepted without review"],"failClosedExpectation":"Security and privacy claims remain readiness-only unless qualified evidence and approved release authority exist.","residualRisk":"Readiness artifacts can support procurement but do not substitute for independent assessment or customer acceptance.","noGoBoundaryPreserved":true,"externalExecutionAllowed":false,"phiProcessingAllowed":false,"autonomousActionAllowed":false,"auditHash":"scrimed-limit-bd76bab8"},{"requestId":"preflight-safe-synthetic-assessment","decision":"safe-workaround-only","matchedPlaybookSlugs":[],"matchedBoundaries":[],"mappedPackets":[],"immediateDecision":"Proceed only as a no-PHI synthetic or metadata-only assessment with no protected execution.","safeAlternative":"Use a buyer-safe synthetic assessment, metadata-only references, and human-reviewed output language.","requiredApprovals":[],"proofRoutes":[],"validationCommands":[],"hardStops":[],"failClosedExpectation":"No live PHI, clinical care, payer submission, EHR writeback, production connector, autonomous execution, certification claim, or release authority is created.","residualRisk":"Even safe synthetic assessment outputs require review before external buyer use.","noGoBoundaryPreserved":true,"externalExecutionAllowed":false,"phiProcessingAllowed":false,"autonomousActionAllowed":false,"auditHash":"scrimed-limit-a4d43dd8"}],"resolutionWorkOrders":[{"slug":"aal2-durable-store-token-smoke","knownLimit":"Future AAL2 durable-store happy-path smoke runs still require an authorized tenant-admin, pilot-lead, or reviewer to supply a fresh short-lived AAL2 bearer token.","status":"requires-human-operator","severity":"high","currentImpact":"The latest strict canary produced protected record, replay, review, idempotency, and unauthenticated fail-closed proof, but every repeat run must still start from a fresh human AAL2 session.","immediateWorkaround":"Run npm run smoke:aal2:readiness first, then use the no-secret helper with an explicit token source: npm run smoke:aal2:token -- --clipboard-token --clear-clipboard --write-env-local, or the hidden prompt path when clipboard transfer is blocked.","durableResolution":"Retain only no-secret smoke status, command names, workspace slug, role class, audit metadata, and packet hashes after a human AAL2 operator runs the strict smoke; never store or paste bearer tokens.","owner":"Tenant governance operator + release engineering + TrustOS","nextProofCommand":"npm run smoke:aal2:durable-store:strict","proofRoutes":["/release-continuity","/qa-manual-execution-console","/api/workflows/execution-attempts/durable-store"],"failClosedCheck":"Missing SCRIMED_BEARER_TOKEN and invalid tokens stop before authenticated mutation; unauthenticated durable-store endpoints remain 401 or 503.","graduationGate":"Fresh AAL2 session, authorized role, gitignored .env.local or shell env only, strict smoke pass, no-token evidence packet, reviewer signoff, and re-run before buyer-specific proof is released.","hardStops":["token pasted into source","token retained in docs","AAL2 bypass attempted","observer role used for writes"]},{"slug":"durable-store-protected-writes-flag","knownLimit":"The deployed app exposes durable-store contracts while protected writes depend on the SCRIMED_EXECUTION_ATTEMPT_DURABLE_STORE_ENABLED runtime flag and protected Supabase RPCs.","status":"active-workaround","severity":"high","currentImpact":"Production protected writes are enabled for the synthetic canary path, but writes remain fail-closed unless Supabase Auth, AAL2, tenant role, workspace membership, no-PHI guards, and route authorization all align.","immediateWorkaround":"Keep public summary and unauthenticated fail-closed smoke active; use strict AAL2 smoke only with a short-lived authorized operator token and synthetic workspace.","durableResolution":"Keep the flag paired with named synthetic canaries, migration evidence, runtime-token configuration, rollback owner, strict AAL2 proof, and protected audit review.","owner":"Platform reliability + database owner + release stewardship","nextProofCommand":"npm run smoke:aal2:durable-store","proofRoutes":["/api/workflows/execution-attempts/durable-store","/workflows/execution-attempts","/release-continuity"],"failClosedCheck":"When protected writes are disabled or auth context is missing, authenticated and unauthenticated mutation attempts do not create durable records.","graduationGate":"Applied migration, server runtime token, feature flag scoped to target, strict AAL2 canary pass, rollback plan, and retained audit event review.","hardStops":["feature flag enabled without migration","production write enabled without AAL2 smoke","rollback owner missing"]},{"slug":"sandbox-dns-network-boundary","knownLimit":"The local sandbox may fail DNS resolution for app.scrimedsolutions.com, which can block live production smoke checks inside the default sandbox.","status":"resolved-by-workaround","severity":"medium","currentImpact":"Local implementation can pass build and static tests while live smoke requires an approved network execution path.","immediateWorkaround":"Retry the exact same smoke command with approved network escalation, or run against a local dev server with SCRIMED_BASE_URL=http://127.0.0.1:3025.","durableResolution":"Keep every live-domain smoke command reproducible, documented, and paired with a local-server equivalent where practical.","owner":"Release engineering + platform reliability","nextProofCommand":"SCRIMED_BASE_URL=https://app.scrimedsolutions.com npm run smoke:public","proofRoutes":["/launch-readiness","/release-continuity","/service-reliability"],"failClosedCheck":"DNS failure is classified as an environment boundary, not an application pass; the same smoke must pass with network access before release proof expands.","graduationGate":"Live smoke passes from an approved network path and local fallback remains documented for sandbox-limited development.","hardStops":["treating ENOTFOUND as product proof","changing application code to bypass DNS","skipping live-domain smoke before release"]},{"slug":"supabase-password-posture","knownLimit":"Supabase leaked-password protection and password-auth posture must be resolved before password sign-in is used for protected operations.","status":"blocked-external-dependency","severity":"high","currentImpact":"Protected routes can stay passkey, magic-link, and AAL2 first, but password-based protected operator flows should not become the default until advisor posture is clean.","immediateWorkaround":"Keep protected durable-store and QA flows on short-lived AAL2 sessions from passkey or magic-link paths; exclude password sign-in from protected smoke instructions.","durableResolution":"Clear the Supabase security advisor item, document the identity posture, and rerun protected AAL2 smoke before broadening password-based operator access.","owner":"Security lead + identity owner","nextProofCommand":"npm run smoke:aal2:token -- --prompt-token","proofRoutes":["/global-certification-readiness","/trust-center","/pilot-workspace/access"],"failClosedCheck":"Protected APIs continue to require verified Supabase Auth, aal=aal2, session_id, tenant role, and route-level authorization.","graduationGate":"Advisor clean or password auth excluded, MFA enrollment verified, AAL2 claims present, and tenant role proof retained without secrets.","hardStops":["claiming HIPAA/SOC certification","using password-only protected access","bypassing AAL2"]},{"slug":"local-next-swc-signature-boundary","knownLimit":"Local Next.js builds may warn that the native Darwin SWC binary has a macOS code-signature mismatch and fall back to WASM bindings.","status":"resolved-by-workaround","severity":"watch","currentImpact":"Builds still complete, but the warning can be mistaken for an application failure or obscure actual build errors.","immediateWorkaround":"Treat the warning as local toolchain noise when npm run build exits 0; preserve the full build result in release notes.","durableResolution":"Refresh local dependencies or reinstall the native SWC package in a clean workspace when the team wants faster native builds.","owner":"Developer experience + platform reliability","nextProofCommand":"npm run build","proofRoutes":["/service-reliability","/release-continuity","/platform-power"],"failClosedCheck":"No release proof is accepted unless build exits 0, lint and typecheck pass, and route generation completes.","graduationGate":"Clean native SWC load or accepted WASM fallback with successful build, typecheck, lint, and smoke evidence.","hardStops":["ignoring nonzero build exit","hiding build warnings from release notes","treating local toolchain warning as production capacity proof"]},{"slug":"dirty-worktree-release-hygiene","knownLimit":"The SCRIMED worktree can carry many staged, modified, and untracked build artifacts across long execution sessions.","status":"active-workaround","severity":"medium","currentImpact":"Implementation can continue, but release proof and investor or buyer evidence must distinguish new changes from prior work and generated output.","immediateWorkaround":"Use git status --short, git diff --name-only, and focused smoke outputs before summarizing; never revert unrelated user or prior-session changes.","durableResolution":"Create a release checkpoint with scoped files, generated-output policy, commit message, tag, and deployment evidence after human review.","owner":"Release stewardship + founder/operator","nextProofCommand":"git status --short","proofRoutes":["/release-continuity","/navigation","/api/product/console"],"failClosedCheck":"No commit, deploy, or buyer proof claim is made until changed files, untracked files, smoke commands, and known exclusions are listed.","graduationGate":"Reviewed diff, successful lint/typecheck/build/smoke, clean or intentionally scoped worktree, and release decision recorded.","hardStops":["reverting unrelated work","committing secrets","claiming release readiness without status and smoke evidence"]}],"executionLedger":[{"slug":"tenant-admin-workspace-bootstrap-complete","title":"Tenant-admin workspace bootstrap completed for synthetic canary","state":"proof-retained-no-secret","resolvedBoundary":"The signed-in founder/operator account existed, but the synthetic workspace did not yet have a verified tenant-admin membership for protected AAL2 smoke execution.","operationalUpgrade":"Created the protected tenant/workspace membership path for atlas-synthetic-evaluation so authorized AAL2 smoke can prove tenant role, status, and workspace scope before mutation.","evidenceRetained":"No-secret membership facts only: workspace slug, active tenant-admin role class, status, and access-review due date.","verificationCommand":"npm run smoke:aal2:token -- --clipboard-token --clear-clipboard --write-env-local","rollbackOrFallback":"Suspend membership or downgrade role in Supabase, then rerun protected smoke to confirm record/replay/review return 401 or 403.","residualBoundary":"Future users still need a governed tenant-access workflow, access review, and offboarding path before they can operate protected workflows.","nextControl":"Promote the founder bootstrap into a reusable tenant-admin access-review checklist with least-privilege role assignment and expiry evidence.","owner":"Tenant governance operator + security lead + release engineering","proofRoutes":["/pilot-workspace/access","/release-continuity","/limitations-workarounds"],"hardStops":["role granted without owner","inactive membership used","workspace slug guessed","access review omitted"]},{"slug":"aal2-token-helper-source-precedence","title":"AAL2 token helper now prefers explicit operator token sources","state":"control-active","resolvedBoundary":"A stale gitignored local bearer token could be read before a newly copied or prompted token, causing false expired-token failures during strict smoke setup.","operationalUpgrade":"The helper now prefers explicit session-file, clipboard, or prompt sources before local environment fallbacks and clears the macOS clipboard when requested.","evidenceRetained":"No bearer token retained in source, docs, logs, or smoke output; only redacted preflight status and token policy metadata are shown.","verificationCommand":"npm run smoke:aal2:policy-test","rollbackOrFallback":"Use the hidden prompt mode and delete SCRIMED_BEARER_TOKEN from .env.local before retrying if clipboard controls are unavailable.","residualBoundary":"A valid JWT still depends on a live AAL2 session and may expire before the protected smoke completes.","nextControl":"Add the token-helper preflight to every protected smoke runbook and keep all token-like values behind redaction.","owner":"Security platform + developer experience","proofRoutes":["/release-continuity","/qa-manual-execution-console","/limitations-workarounds"],"hardStops":["token printed","token committed","stale token reused","AAL2 bypass attempted"]},{"slug":"durable-store-phi-guard-precision-applied","title":"Durable-store PHI guard precision migrations applied","state":"proof-retained-no-secret","resolvedBoundary":"The durable-store no-PHI guard treated safe synthetic envelope identifiers as potential PHI, blocking protected synthetic smoke even when no patient data was present.","operationalUpgrade":"Applied precision migrations so identifier checks use bounded patterns while preserving hard stops for PHI, patient identifiers, live charts, member data, and production records.","evidenceRetained":"Migration file names, contract-check pass state, and synthetic no-PHI smoke result only; no patient data or live records are used.","verificationCommand":"npm run smoke:execution-attempt-durable-store","rollbackOrFallback":"Disable protected writes with SCRIMED_EXECUTION_ATTEMPT_DURABLE_STORE_ENABLED=false and keep public fail-closed smoke active while the guard is reviewed.","residualBoundary":"Guard precision is a synthetic-safety control, not permission to process PHI or live health records.","nextControl":"Keep adding adversarial synthetic strings to the durable-store contract check before broadening any protected workflow surface.","owner":"Database owner + TrustOS + clinical safety reviewer","proofRoutes":["/api/workflows/execution-attempts/durable-store","/health-records","/limitations-workarounds"],"hardStops":["PHI introduced","live chart pasted","member ID used","guard weakened without review"]},{"slug":"strict-aal2-durable-store-smoke-passed","title":"Strict AAL2 durable-store smoke passed for record, replay, review, and idempotency","state":"proof-retained-no-secret","resolvedBoundary":"Before the protected canary, SCRIMED had fail-closed unauthenticated evidence but lacked retained happy-path proof for authenticated durable-store operations.","operationalUpgrade":"Strict smoke now proves unauthenticated record/replay/review fail closed and authorized AAL2 tenant-admin access can create record, reuse idempotency, replay evidence, and submit review disposition.","evidenceRetained":"No-secret pass/fail status, route class, workspace slug, operation classes, and command names; bearer tokens and protected payload details are not retained.","verificationCommand":"npm run smoke:aal2:durable-store:strict","rollbackOrFallback":"Turn off SCRIMED_EXECUTION_ATTEMPT_DURABLE_STORE_ENABLED or revoke the tenant role, then verify protected writes fail closed.","residualBoundary":"This is synthetic protected-workflow proof only; it is not production clinical approval, PHI authority, buyer release authority, or SLA evidence.","nextControl":"Mirror the strict smoke pattern for every future protected workflow before exposing it in demos, pilots, or buyer diligence.","owner":"Release engineering + TrustOS + tenant governance operator","proofRoutes":["/workflows/execution-attempts","/release-continuity","/limitations-workarounds"],"hardStops":["buyer release claimed","PHI authority implied","token retained","observer role used for writes"]},{"slug":"vercel-archive-deploy-hygiene-active","title":"Vercel deploy hygiene hardened around local dependency archives","state":"control-active","resolvedBoundary":"A local dependency archive directory could inflate deploy payloads and obscure whether deployment failures came from product code or local machine artifacts.","operationalUpgrade":"The deploy ignore policy, TypeScript exclusion, and ESLint ignore now contain local dependency artifacts including node_modules 2, and production deploys can use archive mode to reduce file-count risk.","evidenceRetained":"Deployment identifier, ready status, ignore-file policy, and command class only; no secrets or local cache contents are retained.","verificationCommand":"npm run build","rollbackOrFallback":"Remove local generated dependency archives, rerun build, then deploy with the Vercel archive pathway after human release review.","residualBoundary":"A successful lint, build, typecheck, or deploy does not create launch approval, customer release approval, uptime guarantee, or managed-service coverage.","nextControl":"Keep generated-output hygiene in predeploy checks and require release notes to distinguish product changes from local artifacts.","owner":"Platform reliability + release stewardship","proofRoutes":["/launch-readiness","/service-reliability","/limitations-workarounds"],"hardStops":["secret in deploy bundle","generated cache deployed","deploy success treated as launch approval","file-count error ignored"]}],"cadences":[{"cadence":"Daily limitation intake and workaround triage","owner":"Boundary owner + operational efficiency owner","reviewedSignals":["new blocker","new defect","buyer request","claim drift","missing owner","stale route"],"decisionOutput":"Resolve with existing control, assign workaround packet, escalate to qualified review, or block until authority exists.","hardStops":["owner missing","proof route missing","PHI introduced","unsupported claim repeated"]},{"cadence":"Daily no-PHI and clinical authority review","owner":"TrustOS + privacy + clinical governance","reviewedSignals":["PHI hint","patient identifier","clinical advice claim","record mutation","care pathway language"],"decisionOutput":"Hold, re-scope to synthetic/no-PHI, or escalate to clinical/privacy/legal owners.","hardStops":["live record requested","diagnosis implied","treatment implied","patient matching requested"]},{"cadence":"Daily API, UI, and AI boundary scan","owner":"Platform engineering + Product Console + AI platform","reviewedSignals":["new API","UI navigation gap","model route","agent tool request","eval failure","cost spike"],"decisionOutput":"Attach contract packet, UI route, model-route record, agent approval trigger, or cost owner.","hardStops":["public API SLA implied","live AI implied","agent tool execution without approval","route orphaned"]},{"cadence":"Weekly legal, finance, and deal-risk council","owner":"Founder + legal + finance + deal desk","reviewedSignals":["pricing exception","margin risk","contract term","ROI claim","tax/accounting question","investor language"],"decisionOutput":"Approve exact reviewed language, request qualified review, revise scope, or block external use.","hardStops":["legal advice implied","revenue guaranteed","profit guaranteed","securities material created"]},{"cadence":"Weekly global and certification workaround review","owner":"Security + privacy + regional counsel + global partnerships","reviewedSignals":["certification ask","regional buyer","public-sector path","data residency","hosting profile","procurement evidence"],"decisionOutput":"Prepare regional pack, reference external artifact, assign reviewer, or hold until external authority exists.","hardStops":["certified claim","country launch claim","government endorsement","data residency approved early"]},{"cadence":"Pre-demo seamless-navigation review","owner":"Product Console + frontend + sales engineering","reviewedSignals":["buyer-critical route","primary nav","role journey","hub view","product action","limitation link"],"decisionOutput":"Promote route into navigation, add product action, add smoke coverage, or hold the demo until the path is discoverable.","hardStops":["route hidden","text overlap","mobile route unusable","accessibility certification implied"]}],"metrics":[{"metric":"Open limitation pressure","currentSignal":"11 tracks still require human, external, or approval-gated resolution.","targetSignal":"Every open limitation has a safe workaround, owner, proof route, escalation trigger, and graduation gate.","evidenceRoute":"/api/limitations-workarounds","boundary":"Lower open pressure is operating discipline, not approval or certification."},{"metric":"Workaround packet coverage","currentSignal":"8 reusable workaround packets and 8 escalation paths cover the highest-risk boundary classes.","targetSignal":"Every repeated issue resolves to an approved packet or escalation decision before buyer use.","evidenceRoute":"/limitations-workarounds","boundary":"Packets are interim controls; they do not become authority without retained evidence."},{"metric":"Hard-stop visibility","currentSignal":"180 hard stops and blocked claims are visible from this layer.","targetSignal":"Each hard stop has an escalation owner and no-authority language before external use.","evidenceRoute":"/boundary-resolution","boundary":"Hard-stop visibility does not waive qualified review."},{"metric":"Proof-route coverage","currentSignal":"42 proof routes support workaround routing and graduation checks.","targetSignal":"Every workaround links to a live route, API, brief, protected workspace, or external evidence reference.","evidenceRoute":"/navigation","boundary":"Proof routes organize evidence; they do not prove protected execution alone."},{"metric":"Known blocker resolution queue","currentSignal":"6 current operational blockers are tracked, with 4 still requiring active workaround, external dependency closure, or human operator action.","targetSignal":"Every known blocker has a fail-closed check, safe workaround, next proof command, owner, and graduation gate before launch claims expand.","evidenceRoute":"/api/limitations-workarounds","boundary":"A resolution queue is operational control, not production, clinical, security, or release approval."},{"metric":"No-secret execution ledger","currentSignal":"5 recent limitation workarounds are retained with 5 proof-retained or active-control entries and 0 open dependency entries.","targetSignal":"Every resolved boundary keeps verification command, rollback path, residual boundary, owner, hard stops, and no-secret evidence-retention language.","evidenceRoute":"/api/limitations-workarounds","boundary":"Execution ledger entries prove operational control only; they do not retain tokens, PHI, secrets, or buyer-release authority."},{"metric":"Boundary workaround playbook coverage","currentSignal":"11 preserved NO-GO boundaries have trigger signals, immediate decisions, safe alternatives, validation commands, fail-closed expectations, approval gates, and residual-risk language.","targetSignal":"Every high-risk request can be routed to a deterministic workaround before anyone improvises a buyer, clinical, connector, legal, financial, or security promise.","evidenceRoute":"/api/limitations-workarounds","boundary":"A playbook creates operating discipline only; it does not release any preserved boundary."},{"metric":"Boundary preflight fail-closed coverage","currentSignal":"5 synthetic request preflights are evaluated, with 1 fail-closed decisions and 1 safe-workaround-only decisions.","targetSignal":"Every gray-zone buyer, operator, agent, clinical, payer, connector, security, finance, global, or release request is classified before execution or external language expands.","evidenceRoute":"/api/limitations-workarounds","boundary":"Preflight classification is routing and containment only; it does not process PHI, execute tools, submit payer work, or approve customer go-live."}],"buyerConfidenceSignals":[{"buyerConcern":"Can we evaluate SCRIMED without exposing PHI or live operations?","trustMessage":"Yes. Current demos, assessments, and synthetic pilots are designed around no-PHI inputs, synthetic fixtures, metadata-only references, and explicit live-data hard stops.","commercialValue":"Buyers can move into a paid workflow assessment or synthetic pilot before privacy, connector, and live clinical approvals are complete.","proofRoute":"/health-records"},{"buyerConcern":"Will SCRIMED overpromise compliance, security, or clinical readiness?","trustMessage":"No. The claims register, Trust Center, global certification readiness, and limitation routes separate readiness evidence from certification or approval claims.","commercialValue":"Procurement, counsel, and security reviewers can evaluate the current posture without forcing the sales team to invent unsupported answers.","proofRoute":"/trust-center"},{"buyerConcern":"What happens when a buyer asks for something outside today’s capability?","trustMessage":"SCRIMED converts the request into a workaround packet with owner, safe inputs, output, expiry rule, hard stops, escalation trigger, and graduation gate.","commercialValue":"Sales momentum continues through scoped alternatives instead of unsafe custom promises or stalled follow-up.","proofRoute":"/limitations-workarounds"},{"buyerConcern":"How does SCRIMED keep reliability issues from becoming hidden risk?","trustMessage":"Route checks, release proof, TrustOps incidents, operational-efficiency sprints, and continuous review loops make defects and bottlenecks visible.","commercialValue":"Enterprise buyers see a vendor operating model they can inspect before a larger pilot or protected activation.","proofRoute":"/trust-safety-operations"}],"buyerConfidenceSignalCount":4,"blockedClaims":["PHI processing authorized","live clinical care authorized","patient matching approved","EHR writeback approved","payer submission approved","production connector approved","public API SLA approved","contractual uptime guaranteed","managed service coverage active","autonomous remediation approved","live autonomous AI approved","production model routing approved","legal advice provided","accounting advice provided","tax advice provided","audited financial reporting completed","securities offering material approved","revenue guaranteed","profit margin guaranteed","security certified","accessibility certified","regulatory approval granted","public quantum capability available","buyer release approved"],"proofRoutes":["/health-records","/clinical-authority-readiness","/boundary-resolution","/clinical-care-activation","/qa-claim-guard","/interoperability","/integrations/fixture-validation","/platform-power","/enterprise-scalability","/service-reliability","/agents","/trust-os","/continuous-review-audit","/trust-center","/global-certification-readiness","/pilot-workspace/access","/global-reach","/deployment-profiles","/enterprise-business-ops","/growth-engine","/capital-vitality","/public-market-readiness","/client-onboarding","/offerings","/pilot-deal-room","/release-continuity","/qa-manual-execution-console","/buyer-release-control-run","/navigation","/product","/hub","/pilot-evidence","/api/product/console","/investor-audience-readiness","/limitations-workarounds","/clinical-robustness-lab","/scrimed-build-roadmap","/api/workflows/execution-attempts/durable-store","/workflows/execution-attempts","/launch-readiness","/api/limitations-workarounds","/api/limitations-workarounds/brief"],"hardStops":["PHI processing authorized","live patient data connected","patient matching approved","live clinical care authorized","clinical decision support cleared","autonomous diagnosis or treatment permitted","production connector approved","EHR writeback approved","payer submission approved","public API SLA approved","unlimited API scale approved","contractual uptime guaranteed","live autonomous AI approved","production model routing approved","agent actions fully autonomous","security certified","SOC 2 certified","HITRUST certified","EU AI Act conformant","GDPR approved","government endorsed","legal advice provided","revenue guaranteed","profit margin guaranteed","email sent autonomously","calendar invite created autonomously","buyer commitment approved","protected happy path completed without AAL2","buyer release approved","bearer token retained as evidence","accessibility certified","WCAG conformance approved","VPAT completed","public quantum capability available","quantum clinical advantage","future infrastructure superiority proven","PHI introduced","patient identifier introduced","live chart requested","source artifact pasted","artifact uploaded","secret included","contract pasted","medical record pasted","autonomous send requested","calendar invite creation requested","contract promise included","PHI included","token retained","AAL2 bypass attempted","protected route publicly exposed","buyer release claimed early","public API SLA implied","production connector promised","PHI payload accepted","unlimited usage promised","PHI routed to model","provider approval missing","production model approval implied","clinical validation claimed","legal advice implied","profit guaranteed","contract approved without reviewer","country launch claimed","government endorsement implied","data residency approved early","regional clinical approval claimed","owner missing","proof route missing","unsupported claim repeated","live record requested","diagnosis implied","treatment implied","patient matching requested","live AI implied","agent tool execution without approval","route orphaned","securities material created","certified claim","country launch claim","government endorsement","route hidden","text overlap","mobile route unusable","accessibility certification implied","production credential requested","autonomous triage requested","clinician signature implied","production endpoint requested","EHR writeback requested","payer submission requested","security certified claimed","SOC 2 certified claimed","HITRUST certified claimed","penetration test complete claimed","contractual uptime promised","managed service commitment implied","tool execution without approval","production remediation requested","clinical decision requested","legal or financial decision requested","tax advice implied","securities material implied","ROI or revenue guaranteed","country launch approved claimed","data residency approved claimed","regional compliance approved claimed","PHI pasted into prompt","live chart uploaded","production credential provided","autonomous diagnosis","treatment plan finalized","prescription action","patient routed without approval","raw connector payload stored","patient merge requested","payer transaction submitted","claim filed","reimbursement guaranteed","medical necessity certified","patient outreach","production remediation","clinical/legal/financial decision","certification claimed","assessment implied complete","security signoff promised","BAA accepted without review","managed service active claimed","scale parity guaranteed","tax/accounting conclusion","securities material released","ROI guaranteed","country launch approved","regional compliance approved","go-live approved without signoff","protected proof shared without recipient authority","public quantum capability claimed","quantum clinical advantage claimed","quantum-safe certification claimed","token pasted into source","token retained in docs","observer role used for writes","feature flag enabled without migration","production write enabled without AAL2 smoke","rollback owner missing","treating ENOTFOUND as product proof","changing application code to bypass DNS","skipping live-domain smoke before release","claiming HIPAA/SOC certification","using password-only protected access","bypassing AAL2","ignoring nonzero build exit","hiding build warnings from release notes","treating local toolchain warning as production capacity proof","reverting unrelated work","committing secrets","claiming release readiness without status and smoke evidence","role granted without owner","inactive membership used","workspace slug guessed","access review omitted","token printed","token committed","stale token reused","live chart pasted","member ID used","guard weakened without review","buyer release claimed","PHI authority implied","secret in deploy bundle","generated cache deployed","deploy success treated as launch approval","file-count error ignored","managed service coverage active","autonomous remediation approved","accounting advice provided","tax advice provided","audited financial reporting completed","securities offering material approved","regulatory approval granted"],"owners":["Privacy, security, clinical governance, customer authority owner, and TrustOS","Clinical governance, qualified clinicians, legal, privacy, and release stewardship","Interoperability, platform engineering, privacy, security, clinical governance, and customer integration owner","Platform engineering, legal ops, service reliability, customer operations, and finance","AI platform, AgentOS, TrustOS, QA, security, finance, and clinical governance","Security, privacy, legal, trust operations, customer authority owner, and qualified external reviewers","Regional counsel, privacy, security, clinical governance, global partnerships, and customer procurement owner","Founder, deal desk, legal, finance, accounting, tax, revenue operations, and qualified reviewers","Revenue operations, sales engineering, customer operations, legal ops, finance, and product owner","Release engineering, TrustOS, tenant governance, approved operator, and buyer diligence","Frontend, Product Console, QA, accessibility reviewer, customer operations, and sales engineering","Internal Research Team, TrustOS, AI platform, security, legal, finance, and founder","TrustOS + product owner","Customer authority owner + trust operations","Revenue operations + sales engineering","Approved operator + release stewardship","Platform engineering + developer experience","AI platform + TrustOS + finance","Deal desk + legal + finance","Global partnerships + regional counsel","Boundary owner + operational efficiency owner","TrustOS + privacy + clinical governance","Platform engineering + Product Console + AI platform","Founder + legal + finance + deal desk","Security + privacy + regional counsel + global partnerships","Product Console + frontend + sales engineering","Security, privacy, legal, trust operations, customer authority owner, and qualified external reviewer","Platform engineering, service reliability, legal ops, finance, customer operations, and executive approver","AgentOS, TrustOS, QA, security, finance, clinical governance, and approved operator","Founder, deal desk, legal, finance, accounting, tax, revenue operations, and qualified advisors","Regional counsel, privacy, security, global partnerships, procurement, and customer authority owner","RCM owner, compliance reviewer, clinical governance, customer billing owner, and legal","AgentOS, TrustOS, AI platform, security, QA, finance, and clinical governance","Security, privacy, legal, trust operations, and qualified external reviewers","Release engineering, TrustOS, approved operator, reviewer, and buyer diligence owner","Tenant governance operator + release engineering + TrustOS","Platform reliability + database owner + release stewardship","Release engineering + platform reliability","Security lead + identity owner","Developer experience + platform reliability","Release stewardship + founder/operator","Tenant governance operator + security lead + release engineering","Security platform + developer experience","Database owner + TrustOS + clinical safety reviewer","Release engineering + TrustOS + tenant governance operator","Platform reliability + release stewardship"],"operatingPath":["Classify every issue, blocker, limitation, or buyer request by category, severity, owner, proof route, and authority boundary.","Prefer a safe workaround packet before inventing a new process: synthetic no-PHI, external evidence reference, human-reviewed communication, AAL2 proof, API contract, model-route register, deal desk, or regional pack.","Escalate immediately when PHI, live care, legal, finance, tax, security certification, regional approval, production connector, public API SLA, live AI, or buyer-release authority is implied.","Attach an expiration rule so workaround packets do not become stale informal permission.","Graduate the workaround only after the required evidence, qualified review, customer authority, release decision, and smoke or protected proof exist.","Promote repeated issues into Navigation Audit, Operational Efficiency, Boundary Resolution, Platform Power, Service Reliability, or public smoke coverage."],"nextBuildStep":"Attach this workaround layer and boundary escalation matrix to every new limitation found in sales, demos, QA, API, UI, AI, clinical, finance, legal, security, global, and release work; if a workaround repeats twice, promote it into smoke coverage, route inventory, Boundary Resolution, Operational Efficiency, Platform Power, or Service Reliability before claims expand."},"navigationAudit":{"service":"scrimed-navigation-audit","route":"/navigation","apiRoute":"/api/navigation-audit","briefRoute":"/api/navigation-audit/brief","status":"route-navigation-audit-active","briefStatus":"route-navigation-audit-brief-ready","boundary":"SCRIMED Navigation Audit organizes page routes, API route patterns, smoke coverage, protected fail-closed checks, and retained approval boundaries into one operating map. It is an audit and navigation control surface only. It does not certify that every protected workflow has been executed, bypass AAL2, approve public release, authorize PHI processing, grant legal or clinical authority, certify security/compliance, or approve production connectors.","sourceTotals":{"pageRouteCount":164,"apiRoutePatternCount":439,"dynamicPageRouteCount":15},"coverage":{"navigationGroupCount":8,"siteNavigationSectionCount":5,"roleJourneyCount":14,"limitationControlCount":22,"auditedNavigationRouteCount":142,"smokeCoveredHtmlRouteCount":76,"missingInventoryLinkCount":0,"pageInventoryStatus":"all-navigation-links-in-inventory","apiRouteCoverageStatus":"typecheck-build-and-targeted-smoke","protectedCoverageStatus":"fail-closed-publicly-aal2-required-for-happy-path","releaseAuthority":"not-release-approval","phiAuthority":"not-authorized-production-phi","clinicalCareAuthority":"not-authorized-live-care","securityCertification":"not-security-certified","approvalAuthority":"external-review-required"},"bottleneckCount":18,"resolvedBottleneckCount":1,"containedBottleneckCount":9,"operatorRequiredBottleneckCount":2,"externalReviewBottleneckCount":6,"groups":[{"name":"Executive command","purpose":"Give founders, buyers, operators, and reviewers a short path into the active operating surfaces.","owner":"Founder + Product Console","routes":["/","/hub","/company-assessment","/clinical-production-readiness","/pilot-demo-commercial-readiness","/product","/offerings","/service-delivery","/client-onboarding","/competitive-defense","/competitive-intelligence","/global-enterprise-command","/global-certification-readiness","/continuous-review-audit","/enterprise-business-ops","/enterprise-healthcare-infrastructure","/enterprise-scalability","/platform-power","/limitations-workarounds","/launch-readiness","/navigation","/deployment-drift-guard","/service-reliability","/operational-efficiency","/capital-vitality","/growth-engine","/investor-audience-readiness","/scrimed-intelligence-platform","/scrimed-intelligence-safety-stack","/scrimed-operating-command","/scrimed-work","/scrimed-control-plane","/scrimed-automation-autopilot","/strategic-problem-resolution","/healthcare-optimization-command","/healthcare-value-realization","/pilot-activation-planner","/pilot-handoff-command","/pilot-success-review-command","/pilot-value-evidence","/scrimed-upgrade-implementation-plan","/scrimed-agent-governance","/scrimed-reasoning-stability","/scrimed-clinical-benchmark-suite","/scrimed-enterprise-acceleration","/scrimed-governance-learning-loop","/scrimed-guided-execution","/scrimed-proof-packet-studio","/scrimed-cyber-defense","/scrimed-hybrid-retrieval","/scrimed-llmops-observability","/scrimed-ai-infrastructure-watchtower","/scrimed-patient-context-gateway","/pilot-evidence"],"auditStatus":"linked","evidence":"Homepage, Hub, Product Console, and this audit route cross-link the highest-signal operating lanes.","retainedBoundary":"Navigation links are operating guidance, not proof of protected execution."},{"name":"Commercial buyer motion","purpose":"Move qualified buyers from public product proof into demos, pricing, deal-room context, and pilot intake.","owner":"Sales operations + Buyer Diligence","routes":["/pilot-deal-room","/offerings","/service-delivery","/client-onboarding","/launch-readiness","/competitive-defense","/pricing","/pilot-demo-commercial-readiness","/demos","/demos/[slug]","/documentation-before-authorization","/pilots","/pilots/[slug]","/pilot","/competitive-intelligence","/capital-vitality","/growth-engine","/company-assessment","/clinical-production-readiness","/pilot-demo-commercial-readiness","/enterprise-business-ops","/enterprise-healthcare-infrastructure","/enterprise-scalability","/platform-power","/limitations-workarounds","/scrimed-automation-autopilot","/operational-efficiency","/sales-operations","/scrimed-proof-packet-studio","/scrimed-cyber-defense","/healthcare-value-realization","/pilot-activation-planner","/pilot-handoff-command","/pilot-success-review-command","/pilot-value-evidence"],"auditStatus":"smoke-covered","evidence":"Public smoke covers the Deal Room, Client Onboarding, and Sales Operations route; dynamic demo and pilot detail pages compile in the App Router build.","retainedBoundary":"Commercial routes cannot claim customer permission, production activation, autonomous email send, calendar invite creation, or external distribution approval."},{"name":"Approval and authority readiness","purpose":"Keep legal, regulatory, clinical, security, reimbursement, and buyer-release boundaries visible before claims expand.","owner":"Legal, security, clinical governance, and release stewardship","routes":["/approvals-readiness","/company-assessment","/clinical-production-readiness","/competitive-defense","/global-certification-readiness","/continuous-review-audit","/boundary-release-approvals","/boundary-resolution","/limitations-workarounds","/launch-readiness","/clinical-authority-readiness","/clinical-care-activation","/health-records","/public-market-readiness","/capital-vitality","/growth-engine","/enterprise-business-ops","/enterprise-scalability","/platform-power","/limitations-workarounds","/client-onboarding","/service-delivery","/release-continuity","/deployment-drift-guard","/launch-readiness","/service-reliability","/operational-efficiency","/strategic-problem-resolution","/healthcare-value-realization","/pilot-activation-planner","/pilot-handoff-command","/pilot-success-review-command","/pilot-value-evidence"],"auditStatus":"smoke-covered","evidence":"Public smoke checks HTML, JSON APIs, Markdown briefs, boundary headers, and Product Console proof-stack posture for these lanes.","retainedBoundary":"These routes prepare approvals; they do not grant legal approval, clinical authority, certification, or live-care authorization."},{"name":"Protected workspace and AAL2 proof","purpose":"Separate public visibility from tenant-scoped protected evidence, packets, release decisions, and operator-only workflows.","owner":"Tenant admin, pilot lead, TrustOS, and release steward","routes":["/pilot-workspace","/pilot-workspace/access","/buyer-release-control-run","/qa-manual-execution-console","/qa-aal2-run-evidence"],"auditStatus":"operator-required","evidence":"Unauthenticated smoke verifies protected APIs fail closed; successful mutation and packet proof require a fresh human AAL2 session.","retainedBoundary":"No code path may mint, retain, print, or reuse operator bearer tokens to bypass AAL2."},{"name":"QA and release proof","purpose":"Keep manual QA execution, claim guard, activation seal, proof promotion, and buyer proof release staged before any claim expansion.","owner":"TrustOS, release engineering, buyer diligence, and claims governance","routes":["/qa-evidence","/qa-execution-readiness","/qa-run-control","/continuous-review-audit","/qa-launch-kit","/qa-human-run-packet","/qa-completion-bridge","/qa-claim-guard","/qa-activation-seal","/qa-proof-promotion","/qa-buyer-proof-release"],"auditStatus":"smoke-covered","evidence":"Public smoke validates all listed QA pages, APIs, briefs, secret rejection paths, and no-authority headers.","retainedBoundary":"QA routes can prove readiness and no-secret handling; retained authenticated proof remains protected and AAL2 gated."},{"name":"Agent and workflow OS","purpose":"Expose AgentOS, Agent Workspace, memory, audit, observability, workflow contracts, execution readiness, results, and runtime safety.","owner":"AgentOS + Workflow Runtime","routes":["/agents","/competitive-defense","/platform-power","/production-architecture","/scrimed-intelligence-platform","/scrimed-operating-command","/scrimed-work","/scrimed-control-plane","/scrimed-automation-autopilot","/limitations-workarounds","/launch-readiness","/agents/[slug]","/agent-workspace","/evaluation","/documentation-before-authorization","/memory","/audit","/observability","/workflows","/workflows/[slug]","/workflows/contracts","/workflows/identity-access","/workflows/execution-attempts","/workflows/execution-audit","/workflows/audit-persistence","/workflows/results","/workflows/results/validation","/workflows/promotion-review","/workflows/runtime-safety"],"auditStatus":"compile-covered","evidence":"Next build, TypeScript, ESLint, workflow APIs, and protected Agent Workspace fail-closed smoke cover the operating surface.","retainedBoundary":"Workflow execution stays synthetic and deny-by-default until identity, runtime safety, audit, connector, and review gates are approved."},{"name":"Interoperability, integrations, and synthetic validation","purpose":"Keep standards, connector contracts, fixture validation, and synthetic clinical workflows inspectable before production data connections.","owner":"Interoperability control plane + Validation Trust Lab","routes":["/interoperability","/enterprise-healthcare-infrastructure","/health-records","/interoperability/[slug]","/interoperability/evaluations","/interoperability/evaluations/[slug]","/integrations","/integrations/fixture-validation","/integrations/fixtures","/integrations/fixtures/[slug]","/synthetic","/synthetic/[slug]","/synthetic/fixtures","/synthetic/fixtures/[slug]","/synthetic/validation"],"auditStatus":"compile-covered","evidence":"Static build and existing validation APIs cover connector contracts, fixture diffs, and synthetic route rendering.","retainedBoundary":"Synthetic validation does not authorize production connectors, PHI ingestion, payer submission, or live clinical workflow execution."},{"name":"Trust, market, operations, and platform context","purpose":"Maintain public trust posture, market activation, source intelligence, deployment profiles, operations blockers, and platform modules.","owner":"Operations, Trust Safety Ops, and Market Activation","routes":["/trust-center","/trust-center/[slug]","/trust","/company-assessment","/clinical-production-readiness","/pilot-demo-commercial-readiness","/trust-os","/trust-safety-operations","/claims","/limitations-workarounds","/launch-readiness","/competitive-defense","/competitive-intelligence","/continuous-review-audit","/enterprise-business-ops","/enterprise-scalability","/platform-power","/production-architecture","/workflows/execution-attempts","/limitations-workarounds","/offerings","/client-onboarding","/service-delivery","/service-reliability","/operational-efficiency","/scrimed-automation-autopilot","/market-activation","/global-certification-readiness","/global-reach","/sales-attribution","/attribution-analytics","/source-intelligence","/deployment-profiles","/operations","/quality","/operating-context","/health-records","/healthcare-optimization-command","/healthcare-intelligence-os","/production-architecture","/scrimed-intelligence-platform","/scrimed-operating-command","/platform","/governance-packs","/faithcore","/modules/clinical-copilot","/modules/docutwin","/modules/carepath-ai","/modules/trialcore","/modules/watchtower"],"auditStatus":"linked","evidence":"Hub route inventory, Product Console summaries, and public smoke for Global Reach and quality-critical lanes keep these surfaces discoverable.","retainedBoundary":"Public trust and market pages remain claims-controlled and cannot self-certify legal, security, or regulatory approvals."}],"siteNavigationSections":[{"label":"Command","intent":"Fastest path into the operating surfaces used by founders, buyers, and reviewers.","links":[{"label":"Company Assessment","href":"/company-assessment","description":"Whole-company score, strengths, weakness relief, workstreams, team lanes, and hard stops."},{"label":"Clinical Production Readiness","href":"/clinical-production-readiness","description":"Required task ledger, current capability motions, go-live gates, hard stops, and source references for future clinical production."},{"label":"Pilot Demo Accelerator","href":"/pilot-demo-commercial-readiness","description":"Market-aligned demo, pilot, pricing, proof, no-PHI intake, and margin-protection command surface."},{"label":"Product Console","href":"/product","description":"Offers, workflows, proof stack, and buyer actions."},{"label":"Omega Audit","href":"/omega-audit","description":"Complete platform product audit, 12-lens checks, upgrade lanes, and hard stops."},{"label":"Clinical Robustness Lab","href":"/clinical-robustness-lab","description":"Adversarial no-PHI clinical readiness scorecards for SCRIMED agents and clinical products."},{"label":"Launch Readiness","href":"/launch-readiness","description":"Strict production-domain gate, sandbox DNS workaround, launch tracks, service paths, and hard stops."},{"label":"Competitive Defense","href":"/competitive-defense","description":"Competitor pressure, weakness relief, legal/privacy/cyber hardening, and infiltration-deterrence controls."},{"label":"Platform Power","href":"/platform-power","description":"API, UI, and AI platform-power control plane."},{"label":"Production Architecture","href":"/production-architecture","description":"Agent runtime, context engine, Trust Engine v2, model router, evals, ClinSecOps, and workflow controls."},{"label":"SCRIMED OS Plan","href":"/scrimed-os","description":"Implementation roadmap for event mesh, agent identity, MCP, CodeMode, registries, clinical orchestration, observability, IaC, Kubernetes, and safety sandbox."},{"label":"Intelligence Platform","href":"/scrimed-intelligence-platform","description":"Governed intelligence mesh, memory graph, provenance, flight recorder, evaluation pipeline, synthetic patient studio, outcome KPIs, and model-router foundation."},{"label":"Intelligence Safety Stack","href":"/scrimed-intelligence-safety-stack","description":"Project SENTINEL zero-trust agent execution, AI Flight Recorder, clinical correctness envelopes, data adapters, outcomes, orchestration state, and compliance safeguards."},{"label":"SCRIMED Modules","href":"/scrimed-modules","description":"Canonical registry for ClinicalBench, Evidence Graph, Trust Score, Continuous Evaluation, memory, multi-agent runtime, and multi-model routing."},{"label":"TrustOps Intelligence","href":"/scrimed-trustops","description":"Synthetic signal detection, module scoring, governance checks, semantic intelligence, and recommendation-only self-healing workflows."},{"label":"Build Roadmap","href":"/scrimed-build-roadmap","description":"LLM interface boundaries, world models, semantic graph, decision memory, dynamic context injection, workforce/resource intelligence, and benchmark layers."},{"label":"Upgrade Implementation Plan","href":"/scrimed-upgrade-implementation-plan","description":"Secure runtime, contextual policies, observability, clinical evals, routing, knowledge compounding, DevSecOps, edge AI, and workflow automation."},{"label":"Agent Governance","href":"/scrimed-agent-governance","description":"CODE pt. 4 contextual policy, agent identity, session-state risk, approval, and allow/deny/review control plane."},{"label":"Reasoning Stability","href":"/scrimed-reasoning-stability","description":"CODE pt. 4 loop, repetition, consistency, hallucination-risk, retry, confidence, and safety-status layer."},{"label":"Clinical Benchmark Suite","href":"/scrimed-clinical-benchmark-suite","description":"CODE pt. 4 synthetic clinical, administrative, specialty, interoperability, research, and compliance benchmark registry."},{"label":"Hybrid Retrieval","href":"/scrimed-hybrid-retrieval","description":"CODE pt. 4 evidence-first retrieval with BM25, vector, ontology, graph, citation, and source-trust ranking metadata."},{"label":"LLMOps Observability","href":"/scrimed-llmops-observability","description":"CODE pt. 4 synthetic trace, model, cost, token, safety, policy, benchmark, rollback, and readiness telemetry."},{"label":"AI Infrastructure Watchtower","href":"/scrimed-ai-infrastructure-watchtower","description":"CODE pt. 4 strategic infrastructure watch across chips, local models, regulations, energy, cybersecurity, funding, imaging, and drug discovery."},{"label":"Patient Context Gateway","href":"/scrimed-patient-context-gateway","description":"CODE pt. 4 no-PHI patient story continuity, provenance, HIE concept, FHIR abstraction, consent, and no-writeback gateway."},{"label":"Operating Command","href":"/scrimed-operating-command","description":"Owner-bound operating lanes for systems, agents, infrastructure, workflows, products, services, UI, KPIs, proof routes, and retained gates."},{"label":"SCRIMED Work","href":"/scrimed-work","description":"Governed work-session platform for Definition of Done, agents, model routing, context, verification, artifacts, schedules, voice simulation, audit, rollback, and value telemetry."},{"label":"PayerIQ Workbench","href":"/documentation-before-authorization","description":"Interactive synthetic documentation completeness, evidence-gap, reviewer-queue, and no-submission workflow for prior-authorization teams."},{"label":"Intelligence Control Plane","href":"/scrimed-control-plane","description":"Unified executive control plane for agent, skill, workflow, context, model, benchmark, capital, compute, outcome, and audit governance."},{"label":"Automation Autopilot","href":"/scrimed-automation-autopilot","description":"Automation control for safe autonomy modes, human approval gates, bottleneck workarounds, proof routes, and no-production-authority decisions."},{"label":"Workarounds","href":"/limitations-workarounds","description":"Safe alternatives for blocked issues, hard limits, and retained gates."},{"label":"Service Delivery","href":"/service-delivery","description":"Scoped work orders, artifacts, acceptance criteria, and delivery gates."},{"label":"Investor Readiness","href":"/investor-audience-readiness","description":"Weakness relief, moat, sellable value, and audience-specific capital or clinic packets."},{"label":"Investor Command","href":"/investor-readiness","description":"Enterprise diligence snapshot, readiness evidence, no-go boundaries, model/router status, risk register, and product readiness."},{"label":"Enterprise Acceleration","href":"/scrimed-enterprise-acceleration","description":"Strategic command for systems, agents, UI, performance, validity, revenue motions, demo assets, sales pitch, and investor confidence."},{"label":"Market Execution","href":"/scrimed-market-execution","description":"Clean-room market execution lanes that turn competitor research into sales motions, revenue levers, proof artifacts, privacy controls, PR language, and investor narratives."},{"label":"Global Enterprise Command","href":"/global-enterprise-command","description":"international enterprise readiness command for global sales, localization, interoperability, communication, partner qualification, and retained approval gates."},{"label":"Infrastructure Readiness","href":"/enterprise-healthcare-infrastructure","description":"Hospital IT readiness across HL7/FHIR, DICOM/PACS/RIS/HIS, ADT, X12, integration engines, VPNs, VMs, databases, firewalls, and governed agents."},{"label":"Value Realization","href":"/healthcare-value-realization","description":"Turn optimization lanes into buyer-ready outcome evidence, pilot proof packages, risk controls, and no-ROI-guarantee value metrics."},{"label":"Pilot Value Evidence","href":"/pilot-value-evidence","description":"Package buyer-ready evidence artifacts, acceptance criteria, reviewer gates, and claim controls before external sharing."},{"label":"Pilot Activation","href":"/pilot-activation-planner","description":"Convert selected evidence packets into scoped activation plans, owner handoffs, blocker workarounds, and review gates."},{"label":"Pilot Handoff","href":"/pilot-handoff-command","description":"Convert activation plans into human-reviewed buyer, security, implementation, RCM, clinical, and investor handoff packets."},{"label":"Pilot Success Review","href":"/pilot-success-review-command","description":"Convert handoff packets into 30/60/90-day review plans, evidence gaps, expansion readiness, and claims-safe follow-up."},{"label":"Execution Focus","href":"/scrimed-execution-focus","description":"Ranked now/next/blocked operating queue for proof routes, buyer conversion, trust evidence, investor readiness, and retained boundaries."},{"label":"Deployment Drift","href":"/deployment-drift-guard","description":"No-secret route-alignment guard for catching stale deployments before buyer, investor, or operator promotion."},{"label":"Governance Learning Loop","href":"/scrimed-governance-learning-loop","description":"Governance-as-moat loop for memory, learning, policy, A2A/MCP, AI visibility, value pricing, regulatory watch, and activated skills."},{"label":"Guided Execution","href":"/scrimed-guided-execution","description":"Audience-specific execution paths for buyers, investors, pilots, partners, clinics, and internal operators."},{"label":"Proof Packet Studio","href":"/scrimed-proof-packet-studio","description":"Package investor, buyer, pilot, partner, and internal execution narratives with route-backed proof, owners, pricing motions, and retained boundaries."},{"label":"Cyber Defense","href":"/scrimed-cyber-defense","description":"Security controls, proxy sanitization, incident lanes, token protection, and residual-risk tracking for diligence."},{"label":"OS Hub","href":"/hub","description":"Whole-platform route index and operating signals."},{"label":"Navigation Audit","href":"/navigation","description":"Route inventory, smoke coverage, and navigation bottlenecks."},{"label":"Operational Efficiency","href":"/operational-efficiency","description":"Cross-system gaps, bottlenecks, hard stops, and resolution sprints."}]},{"label":"Buy","intent":"Move from public interest to demo, pricing, diligence, and governed pilot intake.","links":[{"label":"Company Assessment","href":"/company-assessment","description":"Company posture, proof routes, risks, buyer-safe strengths, and retained boundaries."},{"label":"Clinical Production Readiness","href":"/clinical-production-readiness","description":"Separate current sellable no-PHI motions from future clinical-production requirements."},{"label":"Pilot Demo Accelerator","href":"/pilot-demo-commercial-readiness","description":"Turn every demo into one pilot recommendation, price band, proof packet, and intake route."},{"label":"Guided Execution","href":"/scrimed-guided-execution","description":"Map buyer or investor intent to the right demo sequence, proof route, pricing motion, and human next step."},{"label":"Proof Packet Studio","href":"/scrimed-proof-packet-studio","description":"Create the buyer or investor packet that ties narrative, demo path, proof evidence, pricing motion, acceptance criteria, and follow-up action together."},{"label":"Offerings","href":"/offerings","description":"Sellable packages, proof routes, margin controls, and delivery boundaries."},{"label":"Service Delivery","href":"/service-delivery","description":"Convert selected offers into scoped work orders, artifacts, acceptance criteria, and buyer handoffs."},{"label":"Production Architecture","href":"/production-architecture","description":"Show buyers SCRIMED's governed runtime, trust, model routing, eval, and workflow control posture."},{"label":"Infrastructure Readiness","href":"/enterprise-healthcare-infrastructure","description":"Show how SCRIMED understands hospital IT, interoperability, imaging, payer, network, compute, and data boundaries before live systems."},{"label":"Value Realization","href":"/healthcare-value-realization","description":"Show measurable synthetic outcome evidence, pilot value packages, and risk controls without ROI or revenue guarantees."},{"label":"Pilot Value Evidence","href":"/pilot-value-evidence","description":"Show packetized pilot evidence, acceptance criteria, review gates, and safe next commercial actions."},{"label":"Pilot Activation","href":"/pilot-activation-planner","description":"Show how packetized evidence becomes a scoped, review-gated pilot activation path without granting live authority."},{"label":"Pilot Handoff","href":"/pilot-handoff-command","description":"Show how activation plans become reviewed handoff packets before any buyer-facing send or live authority."},{"label":"Pilot Success Review","href":"/pilot-success-review-command","description":"Show how reviewed handoffs become success-review plans, evidence-gap controls, and safe expansion recommendations."},{"label":"Cyber Defense","href":"/scrimed-cyber-defense","description":"Show security readiness, hardening controls, protected-route boundaries, and incident response posture without certification claims."},{"label":"Launch Readiness","href":"/launch-readiness","description":"Buyer-facing launch path, branded-domain verification, service readiness, and fallback posture."},{"label":"Onboarding","href":"/client-onboarding","description":"Human-reviewed email, calendar, demo, pilot, deck, meeting, and handoff path."},{"label":"Demos","href":"/demos","description":"Executable governed product demos."},{"label":"PayerIQ Workbench","href":"/documentation-before-authorization","description":"Run the no-PHI documentation-before-authorization product and inspect its governed pilot path."},{"label":"Programs","href":"/pilots","description":"Structured enterprise pilot programs."},{"label":"Pricing","href":"/pricing","description":"Enterprise tiers, sales motion, and commercial guardrails."},{"label":"Deal Room","href":"/pilot-deal-room","description":"Buyer path from proof to activation."},{"label":"Market Intelligence","href":"/competitive-intelligence","description":"Competitor-informed build paths, target-audience plays, proof routes, and no-copy guardrails."},{"label":"Competitive Defense","href":"/competitive-defense","description":"Claims-safe competitor counter-positioning, legal/privacy/cyber gates, and hard stops."},{"label":"Investor Readiness","href":"/investor-audience-readiness","description":"Audience-ready value packets for angels, strategics, private investors, clinics, and partners."},{"label":"Global Enterprise Command","href":"/global-enterprise-command","description":"Show international buyers the region, sales, interoperability, communication, and proof route map without claiming local approval."},{"label":"Request Pilot","href":"/pilot","description":"Validated buyer intake with no-PHI boundary."}]},{"label":"Trust","intent":"Keep claims, approvals, certifications, global readiness, and clinical authority boundaries visible.","links":[{"label":"Company Assessment","href":"/company-assessment","description":"Top-level operating boundary across legal, finance, security, clinical, product, and launch readiness."},{"label":"Clinical Production Readiness","href":"/clinical-production-readiness","description":"Task ledger for PHI, clinical safety, FDA/CDS/SaMD, HIPAA, ONC, security assurance, global privacy, support, and go-live gates."},{"label":"Pilot Demo Accelerator","href":"/pilot-demo-commercial-readiness","description":"Protect commercial claims, price floors, market comparisons, and pilot-package boundaries."},{"label":"Trust Center","href":"/trust-center","description":"Enterprise readiness, owners, evidence, and launch gates."},{"label":"TrustOps Intelligence","href":"/scrimed-trustops","description":"Synthetic TrustOps governance, module scoring, signal detection, validation, and remediation recommendations."},{"label":"Governance Learning Loop","href":"/scrimed-governance-learning-loop","description":"Memory-versus-learning, contextual policy, audit, regulatory watch, value pricing, and human-review learning loop."},{"label":"Proof Packet Studio","href":"/scrimed-proof-packet-studio","description":"Keep investor, buyer, pilot, partner, and internal proof packets claims-safe, no-PHI, and review-ready."},{"label":"Cyber Defense","href":"/scrimed-cyber-defense","description":"Browser hardening, request sanitization, token redaction, protected-route monitoring, incident readiness, and residual-risk controls."},{"label":"Infrastructure Readiness","href":"/enterprise-healthcare-infrastructure","description":"Infrastructure, connector, DICOM/PACS/RIS/HIS, HL7/FHIR, X12, network, and database boundaries for enterprise review."},{"label":"Launch Readiness","href":"/launch-readiness","description":"Launch hard stops, no-authority headers, DNS fallback boundary, and qualified-review gates."},{"label":"Competitive Defense","href":"/competitive-defense","description":"Legal, privacy, cyber, no-copy, no-PHI, no-certification, and no-attack-guarantee boundaries."},{"label":"Production Architecture","href":"/production-architecture","description":"No-PHI architecture contract for agents, context, trust, model routing, evals, ClinSecOps, and workflows."},{"label":"Omega Audit","href":"/omega-audit","description":"Whole-platform audit across products, modules, agents, workflows, APIs, UI, backend, infrastructure, and compliance."},{"label":"Clinical Robustness Lab","href":"/clinical-robustness-lab","description":"Adversarial synthetic clinical evaluation coverage, reviewer queues, and no-authority gates."},{"label":"Risk Register","href":"/risk-register","description":"Enterprise risk register across PHI/privacy, clinical safety, model, bias, cybersecurity, vendor, cost, audit, EHR, payer, and deployment risk."},{"label":"Claims","href":"/claims","description":"Approved, evidence-required, and prohibited claims."},{"label":"Limitations","href":"/boundary-resolution","description":"Central boundary register and safe workarounds."},{"label":"Approval Matrix","href":"/boundary-release-approvals","description":"Boundary-release approval path, required evidence, signoff lanes, safe workarounds, and fail-closed release decisions."},{"label":"Workarounds","href":"/limitations-workarounds","description":"Operator-ready workaround packets, escalation triggers, and graduation gates."},{"label":"Approvals","href":"/approvals-readiness","description":"Public claims, HIPAA/BAA, SOC 2/HITRUST, FDA, ONC, and release gates."},{"label":"Global Enterprise Command","href":"/global-enterprise-command","description":"Global readiness command for international viability, localization, communication, interoperability, and approval-boundary tracking."},{"label":"Global Certifications","href":"/global-certification-readiness","description":"Domestic and global approval/certification readiness."},{"label":"Clinical Authority","href":"/clinical-authority-readiness","description":"Hard gates for PHI, live care, reimbursement, security, connectors, and production."}]},{"label":"Operate","intent":"Run release, reliability, QA, business, and protected-workspace operating controls.","links":[{"label":"Company Assessment","href":"/company-assessment","description":"Whole-company command review, workstreams, team lanes, hard stops, and priority sequence."},{"label":"Clinical Production Readiness","href":"/clinical-production-readiness","description":"Track incomplete clinical-production tasks while maximizing current no-PHI pilots, diligence packets, and readiness services."},{"label":"Pilot Demo Accelerator","href":"/pilot-demo-commercial-readiness","description":"Run demo, pilot, pricing, proof, and margin controls before buyer calls."},{"label":"Launch Readiness","href":"/launch-readiness","description":"Primary-domain smoke, DNS preflight, service paths, protected proof boundaries, and launch go/no-go gates."},{"label":"Competitive Defense","href":"/competitive-defense","description":"Competitor-aware hardening, cyber controls, incident gates, and legal/privacy review paths."},{"label":"Release Continuity","href":"/release-continuity","description":"Production/source checkpoint, public smoke, and AAL2 operator boundary."},{"label":"Deployment Drift","href":"/deployment-drift-guard","description":"Detect stale deployments, route 404s, and source-to-target drift before external proof promotion."},{"label":"Service Reliability","href":"/service-reliability","description":"Controls, fault classes, efficiency improvements, and retained boundaries."},{"label":"Enterprise Scale","href":"/enterprise-scalability","description":"Capacity, tenancy, queues, SLO readiness, support, region, incident, and cost operating controls."},{"label":"Platform Power","href":"/platform-power","description":"API contracts, UI command paths, AI model routing, agent approval, evals, and cost controls."},{"label":"Production Architecture","href":"/production-architecture","description":"Release-facing architecture contract with validation checks and hard stops."},{"label":"Infrastructure Readiness","href":"/enterprise-healthcare-infrastructure","description":"Operationalize hospital IT discovery, integration paths, private runtime assumptions, and infrastructure proof packets."},{"label":"Attempt Store","href":"/workflows/execution-attempts","description":"No-PHI envelopes, durable idempotency, replay lookup, human review dispositions, audit traces, and scorecards."},{"label":"Investor Command","href":"/investor-readiness","description":"Enterprise readiness, risk, product, model, safety, and evidence command center."},{"label":"Workarounds","href":"/limitations-workarounds","description":"Reusable no-PHI, AAL2, API, model-route, deal-desk, and regional workaround packets."},{"label":"Service Delivery","href":"/service-delivery","description":"Repeatable delivery work orders, acceptance gates, artifacts, and margin-safe handoffs."},{"label":"24/7 Review","href":"/continuous-review-audit","description":"Agent-assisted accuracy review, audit, incident learning, and internal innovation."},{"label":"TrustOps Intelligence","href":"/scrimed-trustops","description":"Synthetic operational signals, self-healing recommendations, TrustOps scoring, and human-review gates."},{"label":"Governance Learning Loop","href":"/scrimed-governance-learning-loop","description":"Policy event, audit, correction artifact, retest, monitoring, and skill activation loop for safer operations."},{"label":"Guided Execution","href":"/scrimed-guided-execution","description":"Weekly operating map tying proof routes, demos, sales motions, and next actions to each audience."},{"label":"Proof Packet Studio","href":"/scrimed-proof-packet-studio","description":"Turn weekly operating priorities into audience-specific packet manifests with owners, evidence routes, limitations, and next actions."},{"label":"Cyber Defense","href":"/scrimed-cyber-defense","description":"Run cyber control posture, threat matrix, incident lanes, and no-secret readiness from one route."},{"label":"Business Ops","href":"/enterprise-business-ops","description":"Deal desk, margin controls, legal/accounting/tax routing, and billing readiness."},{"label":"Investor Readiness","href":"/investor-audience-readiness","description":"Capital, clinic, buyer, and partner packet routing with qualified-review boundaries."},{"label":"Growth","href":"/growth-engine","description":"Buyer segments, offers, conversion lanes, bottlenecks, and proof routes."},{"label":"Protected Workspace","href":"/pilot-workspace/access","description":"AAL2 protected no-PHI buyer diligence and operator evidence."}]},{"label":"Build","intent":"Inspect the AI, workflow, interoperability, and evaluation architecture.","links":[{"label":"Company Assessment","href":"/company-assessment","description":"Cross-lane assessment tying platform, AI, interoperability, health records, delivery, and operations together."},{"label":"Clinical Production Readiness","href":"/clinical-production-readiness","description":"Clinical production task ledger tying AI, interoperability, privacy/security, clinical safety, support, and regulated claims together."},{"label":"Pilot Demo Accelerator","href":"/pilot-demo-commercial-readiness","description":"Commercial bridge from executable demos into priced pilot packages and no-PHI intake."},{"label":"Platform Power","href":"/platform-power","description":"API, UI, AI, model route, agent approval, retrieval, eval, and cost readiness."},{"label":"Competitive Defense","href":"/competitive-defense","description":"LLM threat model, API attack paths, supply-chain hardening, and protected evidence boundaries."},{"label":"Production Architecture","href":"/production-architecture","description":"Agent Runtime, Context Engine, Trust Engine v2, Model Router, Evaluation Engine, ClinSecOps, and Workflow Engine."},{"label":"SCRIMED OS Plan","href":"/scrimed-os","description":"Production-ready roadmap and starter architecture for the Healthcare Intelligence Operating System."},{"label":"Intelligence Platform","href":"/scrimed-intelligence-platform","description":"Synthetic-only SCRIMED intelligence control surface for mesh routing, memory graph, provenance, tracing, evals, outcomes, model routing, and education."},{"label":"SCRIMED Work","href":"/scrimed-work","description":"Open the unified workspace for long-running governed sessions, verification-first autonomy, artifact generation, schedules, voice simulation, and SCRIMED Studio registries."},{"label":"PayerIQ Workbench","href":"/documentation-before-authorization","description":"Run enumerated synthetic authorization scenarios through documentation scoring, evidence tracing, human review, audit, and payer-action denial."},{"label":"Intelligence Control Plane","href":"/scrimed-control-plane","description":"Inspect the consolidated mission-control view across Work, Context Fabric, ConsequenceBench, model policy, capital intelligence, compute resilience, learning, and outcomes."},{"label":"SCRIMED Modules","href":"/scrimed-modules","description":"No-PHI module registry for benchmark, evidence, memory, trust, workflow, research, multi-agent, and multi-model platform systems."},{"label":"TrustOps Intelligence","href":"/scrimed-trustops","description":"Module governance, trust scoring, synthetic signal detection, structured validation, semantic graphing, and recommendation-only remediation."},{"label":"Governance Learning Loop","href":"/scrimed-governance-learning-loop","description":"Control plane for agent memory, reviewed learning, policy decisions, A2A/MCP readiness, AI visibility, and value-based pricing."},{"label":"Guided Execution","href":"/scrimed-guided-execution","description":"Route-aware execution layer for audience runbooks, proof paths, pricing motions, and demo follow-up artifacts."},{"label":"Proof Packet Studio","href":"/scrimed-proof-packet-studio","description":"Structured packet layer for proof-backed sales, investor, pilot, partner, and internal execution artifacts."},{"label":"Cyber Defense","href":"/scrimed-cyber-defense","description":"Security headers, proxy sanitization, protected fail-closed behavior, token redaction, and incident response architecture."},{"label":"Build Roadmap","href":"/scrimed-build-roadmap","description":"No-PHI world models, active ontology, semantic graph, memory, context injection, workforce/resource modules, and operational benchmarks."},{"label":"Omega Audit","href":"/omega-audit","description":"Product registry, audit lenses, implementation lanes, proof routes, and hard-stop controls."},{"label":"Clinical Robustness Lab","href":"/clinical-robustness-lab","description":"Adversarial clinical-readiness scenarios for missing, conflicting, noisy, multilingual, unit, temporal, and hallucination failures."},{"label":"Attempt Store","href":"/workflows/execution-attempts","description":"Metadata-only attempt envelopes, tenant-scoped durable store, replay tokens, model-route telemetry, human review, and scorecards."},{"label":"AgentOS","href":"/agents","description":"Agent registry, roles, governance controls, and workflows."},{"label":"Evaluation","href":"/evaluation","description":"Synthetic AgentOS plan, Trust Card, audit preview, and observability packet."},{"label":"Workflows","href":"/workflows","description":"Workflow engine, contracts, results, runtime safety, and promotion controls."},{"label":"Interoperability","href":"/interoperability","description":"FHIR, SMART, HL7, DICOM, X12, terminology, and connector governance."},{"label":"Infrastructure Readiness","href":"/enterprise-healthcare-infrastructure","description":"FHIR, HL7 ADT, DICOM/PACS/RIS/HIS, X12, VPN, VM, database, firewall, and integration-engine readiness map."},{"label":"Health Records","href":"/health-records","description":"No-PHI extraction, record safety, source attribution, and live-data workarounds."},{"label":"TrustOS","href":"/trust-os","description":"Executable AI governance through policy, PHI, tool, clinical, model, and trace controls."},{"label":"Automation Autopilot","href":"/scrimed-automation-autopilot","description":"Keep autonomy synthetic, review-gated, and blocked before PHI, live care, production remediation, or customer go-live."},{"label":"Atlas","href":"/atlas","description":"Structural document intelligence, evidence attribution, validation, and governance."}]}],"roleJourneys":[{"audience":"Clinical production readiness owner","start":"Track what must be complete before clinical production","route":"/clinical-production-readiness","sequence":["/clinical-production-readiness","/clinical-robustness-lab","/company-assessment","/clinical-authority-readiness","/global-certification-readiness","/health-records","/platform-power","/continuous-review-audit","/service-reliability","/enterprise-business-ops","/service-delivery","/qa-buyer-proof-release","/pilot-workspace/access"],"outcome":"Keep PHI, live care, connector, AI, regulatory, support, customer go-live, and commercial-legal tasks tracked while current no-PHI capabilities continue to generate value.","limitationRoute":"/clinical-production-readiness","boundary":"Clinical production readiness tracking is not legal advice, medical advice, regulatory approval, PHI authority, connector approval, certification, customer permission, launch approval, or live clinical authority."},{"audience":"Founder, executive sponsor, or company operator","start":"Assess SCRIMED as a whole","route":"/company-assessment","sequence":["/company-assessment","/product","/offerings","/service-delivery","/enterprise-business-ops","/platform-power","/health-records","/launch-readiness","/approvals-readiness","/global-certification-readiness","/continuous-review-audit","/limitations-workarounds","/qa-buyer-proof-release"],"outcome":"Move from whole-company posture to product, revenue, delivery, platform, safety, launch, approval, review, limitation, and protected proof decisions without losing boundaries.","limitationRoute":"/company-assessment","boundary":"Company assessment is operating readiness only and does not create legal, financial, certification, PHI, launch, revenue, profit, or clinical authority."},{"audience":"Healthcare buyer","start":"Understand SCRIMED quickly","route":"/product","sequence":["/product","/pilot-demo-commercial-readiness","/platform-power","/limitations-workarounds","/offerings","/service-delivery","/client-onboarding","/demos","/pilots","/pricing","/pilot-deal-room","/pilot"],"outcome":"Move from product understanding to governed onboarding, demo, pilot, diligence, and intake without needing to know SCRIMED's internal route map.","limitationRoute":"/limitations-workarounds","boundary":"Buyer navigation remains synthetic-evaluation only and does not authorize production clinical use."},{"audience":"Demo, pilot, or pricing owner","start":"Convert demo interest into a priced pilot path","route":"/pilot-demo-commercial-readiness","sequence":["/pilot-demo-commercial-readiness","/demos","/pilots","/pricing","/offerings","/client-onboarding","/pilot-deal-room","/service-delivery","/pilot"],"outcome":"Map each buyer conversation to one demo, one recommended pilot, one price band, one proof list, one no-PHI intake route, and one retained boundary before custom work expands.","limitationRoute":"/pilot-demo-commercial-readiness","boundary":"Demo and pricing navigation is commercial readiness only and does not create quotes, contracts, procurement approval, revenue or ROI guarantees, PHI authority, connector approval, or clinical authority."},{"audience":"Security or compliance reviewer","start":"Find diligence and limits","route":"/trust-center","sequence":["/trust-center","/competitive-defense","/claims","/approvals-readiness","/global-certification-readiness","/boundary-resolution","/limitations-workarounds","/pilot-workspace/access"],"outcome":"Review evidence, prohibited claims, future approval tracks, and protected no-PHI diligence controls in one path.","limitationRoute":"/competitive-defense","boundary":"Readiness pages do not create legal advice, certification, PHI authority, or approval."},{"audience":"Release or operator owner","start":"Check launch posture","route":"/launch-readiness","sequence":["/launch-readiness","/navigation","/release-continuity","/service-reliability","/scrimed-automation-autopilot","/enterprise-scalability","/platform-power","/limitations-workarounds","/operational-efficiency","/continuous-review-audit","/qa-evidence"],"outcome":"Move from launch go/no-go checks to route inventory, release proof, DNS workaround evidence, reliability controls, scale operations, efficiency bottlenecks, review loops, and QA evidence.","limitationRoute":"/launch-readiness","boundary":"Operational navigation is not release approval and cannot bypass AAL2 or qualified human review."},{"audience":"Launch owner or executive sponsor","start":"Decide whether SCRIMED is launch-structured enough to promote","route":"/launch-readiness","sequence":["/launch-readiness","/product","/offerings","/service-delivery","/client-onboarding","/release-continuity","/navigation","/operations","/service-reliability","/enterprise-business-ops","/global-certification-readiness","/pilot-workspace/access"],"outcome":"Review product packaging, service readiness, branded-domain smoke, sandbox DNS workaround, operations blockers, enterprise controls, external-review gates, and protected proof boundaries before launch promotion.","limitationRoute":"/launch-readiness","boundary":"Launch readiness is human-reviewed operating evidence only; it is not branded-domain launch approval, sandbox bypass, contractual SLA, certification, PHI authority, customer release, or live clinical authority."},{"audience":"Founder, sales, or board reviewer","start":"Focus revenue and margin work","route":"/enterprise-business-ops","sequence":["/enterprise-business-ops","/enterprise-scalability","/platform-power","/competitive-defense","/limitations-workarounds","/offerings","/service-delivery","/client-onboarding","/growth-engine","/capital-vitality","/investor-audience-readiness","/public-market-readiness","/competitive-intelligence","/pilot-deal-room"],"outcome":"Connect revenue capability, scale readiness, onboarding discipline, price floors, proof ladders, capital readiness, audience-specific packets, market position, and buyer diligence.","limitationRoute":"/enterprise-business-ops","boundary":"Business navigation is not legal, accounting, tax, audited financial, securities, revenue, or profit advice."},{"audience":"Legal, privacy, cyber, or competitor-defense owner","start":"Harden strengths without creating legal or security exposure","route":"/competitive-defense","sequence":["/competitive-defense","/competitive-intelligence","/claims","/trust-center","/global-certification-readiness","/health-records","/platform-power","/trust-os","/service-reliability","/release-continuity","/pilot-workspace/access"],"outcome":"Move from competitor pressure and weakness relief to claims control, privacy gates, cyber controls, LLM threat modeling, incident response, supply-chain checks, and protected evidence release.","limitationRoute":"/competitive-defense","boundary":"Competitive defense is readiness only; it is not legal advice, privacy approval, security certification, penetration-test authorization, PHI authority, competitor partnership, or protection guarantee."},{"audience":"Investor, strategic partner, or faith-based clinic sponsor","start":"Understand SCRIMED's investable and sellable value safely","route":"/investor-audience-readiness","sequence":["/investor-audience-readiness","/capital-vitality","/growth-engine","/enterprise-business-ops","/public-market-readiness","/client-onboarding","/pilot-deal-room","/qa-claim-guard"],"outcome":"Match angel, corporate strategic, private, faith-based clinic, public-sector, payer, health-system, clinician, global-partner, or transformation-sponsor questions to proof, next moves, and retained review gates.","limitationRoute":"/investor-audience-readiness","boundary":"Investor and audience navigation is readiness only; it is not securities offering material, solicitation, investment advice, valuation assurance, legal advice, tax advice, donor advice, customer permission, or approval."},{"audience":"Service delivery owner","start":"Turn a sold or scoped offer into accepted delivery work","route":"/service-delivery","sequence":["/service-delivery","/offerings","/client-onboarding","/enterprise-business-ops","/qa-claim-guard","/qa-buyer-proof-release","/pilot-workspace/access","/growth-engine"],"outcome":"Move from packaged offer to scoped work order, kickoff inputs, artifacts, acceptance criteria, release gates, handoff, and next paid package.","limitationRoute":"/service-delivery","boundary":"Service delivery navigation is execution control only and does not create SOW, contract, SLA, PHI, production connector, customer release, revenue, profit, or live-care authority."},{"audience":"Global partner or regional buyer","start":"Validate expansion readiness","route":"/global-enterprise-command","sequence":["/global-enterprise-command","/global-reach","/global-certification-readiness","/deployment-profiles","/trust-center","/approvals-readiness","/pilot"],"outcome":"Find region commands, buyer localization, deployment options, certification tracks, communication lanes, interoperability assumptions, and retained approval gates.","limitationRoute":"/global-certification-readiness","boundary":"Global navigation is preparation only and does not claim local legal, procurement, regulatory, or clinical approval."},{"audience":"Integration, data, or records owner","start":"Validate record extraction safely","route":"/health-records","sequence":["/health-records","/enterprise-healthcare-infrastructure","/interoperability","/platform-power","/limitations-workarounds","/interoperability/evaluations","/integrations/fixture-validation","/clinical-care-activation","/boundary-resolution"],"outcome":"Move from no-PHI record extraction planning to standards mapping, synthetic conformance, safety gates, and retained live-data approvals.","limitationRoute":"/limitations-workarounds","boundary":"Health-record navigation supports synthetic and sandbox planning only; it does not authorize live PHI, patient matching, writeback, payer submission, or clinical action."},{"audience":"Boundary or workaround owner","start":"Resolve a blocked request safely","route":"/limitations-workarounds","sequence":["/limitations-workarounds","/boundary-resolution","/boundary-release-approvals","/operational-efficiency","/scrimed-automation-autopilot","/platform-power","/service-reliability","/continuous-review-audit"],"outcome":"Convert limitations, issues, and bottlenecks into safe workaround packets, escalation owners, approval paths, proof routes, and graduation gates.","limitationRoute":"/limitations-workarounds","boundary":"Workaround navigation is containment only and does not create authority, certification, PHI access, live AI, or release approval."}],"limitationControls":[{"label":"Pilot Demo Commercial Readiness","href":"/pilot-demo-commercial-readiness","description":"Seamless demo-to-pilot package routing, market-aligned price bands, proof assets, margin rules, and hard stops.","boundary":"Does not create signed quotes, contracts, procurement approval, customer permission, revenue guarantees, ROI guarantees, PHI authority, production connector approval, security certification, or live clinical care."},{"label":"Clinical Production Readiness","href":"/clinical-production-readiness","description":"Required clinical-production task ledger, go-live gates, current capability motions, source references, and hard stops.","boundary":"Does not provide legal advice, medical advice, regulatory approval, HIPAA compliance, security certification, FDA clearance, ONC certification, EU AI Act conformity, GDPR assurance, PHI authority, connector approval, customer permission, launch approval, reimbursement assurance, revenue guarantee, profit guarantee, or live clinical care."},{"label":"Clinical Robustness Lab","href":"/clinical-robustness-lab","description":"Adversarial no-PHI clinical readiness scorecards for missing data, conflicting data, abbreviations, noisy notes, wrong units, multilingual notes, incomplete records, temporal inconsistencies, and hallucination risk.","boundary":"Does not provide clinical validation, medical advice, PHI authority, diagnosis, treatment, triage, patient outreach, signed documentation, payer submission, EHR writeback, certification, or live clinical authority."},{"label":"Company Assessment","href":"/company-assessment","description":"Whole-company readiness score, strengths, weakness relief, upgrade workstreams, team lanes, hard stops, and authority boundaries.","boundary":"Does not provide legal advice, accounting advice, tax advice, audited financial reporting, investment advice, securities material, certification, security assurance, PHI authority, launch approval, customer permission, revenue guarantees, profit guarantees, or live clinical care."},{"label":"Competitive Defense","href":"/competitive-defense","description":"Competitor threats, weakness relief, legal/privacy/cyber controls, infiltration-deterrence layers, and external review gates.","boundary":"Does not provide legal advice, privacy approval, security certification, penetration-test authorization, PHI authority, competitor partnership, protection guarantee, customer release, or clinical authority."},{"label":"Launch Readiness","href":"/launch-readiness","description":"Launch structure, DNS sandbox classification, strict branded-domain gate, service paths, risks, workarounds, and hard stops.","boundary":"Does not bypass sandbox DNS, override domain records, approve launch, create SLAs, authorize PHI, certify compliance, approve connectors, or approve customer release."},{"label":"Investor Audience Readiness","href":"/investor-audience-readiness","description":"Weakness relief, competitive edge, sellable value, and audience packets for investors, clinics, buyers, and partners.","boundary":"Does not create investment advice, securities material, solicitation, valuation assurance, legal/tax/accounting advice, donor advice, customer permission, approval, PHI authority, or clinical authority."},{"label":"Limitations Workarounds","href":"/limitations-workarounds","description":"Safe workaround packets, escalation triggers, owners, proof routes, and graduation gates for blocked work.","boundary":"Does not grant approval, certification, PHI authority, live clinical authority, legal/finance advice, SLA, live AI, or release authority."},{"label":"Boundary Resolution","href":"/boundary-resolution","description":"Central limitation register, hard stops, safe workarounds, and prohibited claims.","boundary":"Does not grant approval, certification, production authorization, PHI authority, or live clinical authority."},{"label":"Boundary Release Approval Matrix","href":"/boundary-release-approvals","description":"Approval paths, required evidence, owner signoffs, safe workarounds, release hashes, and fail-closed boundary decisions.","boundary":"Does not relieve preserved boundaries or grant PHI, clinical, payer, EHR, connector, certification, or customer go-live authority."},{"label":"Operational Efficiency","href":"/operational-efficiency","description":"Known gaps, inefficiencies, bottlenecks, proof-route gaps, hard stops, and resolution sprints.","boundary":"Does not authorize autonomous remediation, AAL2 bypass, buyer release, or qualified-review replacement."},{"label":"Automation Autopilot","href":"/scrimed-automation-autopilot","description":"Safe autonomy readiness, approval routing, bottleneck workarounds, proof-route selection, and production-action blocking.","boundary":"Does not authorize live PHI, autonomous clinical care, production remediation, patient outreach, payer submission, EHR writeback, credential mutation, production deploy, SLA, certification, revenue guarantee, or customer go-live."},{"label":"Offerings","href":"/offerings","description":"Packaged product/service offers, proof routes, margin controls, and retained approval boundaries.","boundary":"Does not approve contracts, PHI processing, production connectors, customer claims, revenue, profit, legal, accounting, tax, or clinical authority."},{"label":"Service Delivery","href":"/service-delivery","description":"Scoped work orders, acceptance criteria, artifacts, buyer handoffs, margin protections, and authority gates.","boundary":"Does not create SOWs, contract approval, SLAs, managed-service commitments, PHI authority, production connector approval, customer permission, revenue guarantees, profit guarantees, or live clinical authority."},{"label":"Client Onboarding","href":"/client-onboarding","description":"Human-reviewed onboarding, demo, pilot, meeting, presentation, email, calendar-ready, and handoff controls.","boundary":"Does not send email, create calendar invites, approve contracts, approve procurement, process PHI, approve security posture, or authorize live clinical care."},{"label":"Enterprise Scalability","href":"/enterprise-scalability","description":"Capacity, tenancy, queueing, observability, SLO readiness, support, region, incident, and cost controls.","boundary":"Does not create contractual SLAs, managed service coverage, security certification, production hosting approval, PHI authority, connector approval, revenue guarantees, or profit guarantees."},{"label":"API UI AI Platform Power","href":"/platform-power","description":"API contracts, UI command paths, AI model routing, agent approval, evidence retrieval, evals, and cost controls.","boundary":"Does not create public API SLA authority, live autonomous AI authority, production model approval, PHI authority, accessibility certification, security certification, connector approval, or trillion-scale equivalence claims."},{"label":"Approvals Readiness","href":"/approvals-readiness","description":"Approval ladder for public claims, HIPAA/BAA, SOC 2/HITRUST, FDA/CDS/SaMD, ONC, and buyer release.","boundary":"Does not create legal approval, certification, FDA clearance, ONC certification, PHI authority, or live-care authority."},{"label":"Clinical Authority","href":"/clinical-authority-readiness","description":"Live-care, PHI, legal, regional, reimbursement, security, connector, and production clinical gates.","boundary":"Does not authorize PHI processing, live clinical care, reimbursement, connectors, or production clinical use."},{"label":"Health Records","href":"/health-records","description":"No-PHI health-record extraction, interoperability, safety checks, and live-data workarounds.","boundary":"Does not authorize live PHI, patient matching, production connectors, EHR writeback, payer submission, or clinical action."},{"label":"Global Enterprise Command","href":"/global-enterprise-command","description":"International enterprise readiness, global sales, localization, interoperability, communication, and partner-readiness command surface.","boundary":"Does not claim regional legal approval, procurement approval, certification, production deployment, PHI authority, clinical authority, reseller authority, or customer go-live."},{"label":"Global Certification","href":"/global-certification-readiness","description":"Domestic and global certification/approval preparation across key jurisdictions and frameworks.","boundary":"Does not claim HIPAA, SOC 2, HITRUST, ISO, FDA, GDPR, EU AI Act, NHS, MHRA, or Australian approval."}],"bottlenecks":[{"name":"Whole-company operating fragmentation","status":"contained","impact":"Product, service, launch, revenue, legal, certification, cybersecurity, AI, health-record, investor, and scale decisions can fragment when teams inspect only one lane at a time.","workaround":"Use /company-assessment as the top-level operating cockpit before routing into Product Console, Offerings, Service Delivery, Enterprise Business Ops, Platform Power, Health Records, Launch Readiness, Approvals, Global Certification, Continuous Review, Workarounds, or protected proof release.","owner":"Executive Operating Council + Product Console + TrustOS"},{"name":"Clinical production readiness incompleteness","status":"external-review-required","impact":"Current no-PHI pilots, demos, diligence packets, and readiness services are usable now, but clinical production requires a separate task ledger, qualified external review, customer authority, and live-data controls.","workaround":"Use /clinical-production-readiness before PHI, live-care, connector, clinical AI, certification, customer go-live, or global production language expands; use current capability motions for safe revenue while the task ledger remains incomplete.","owner":"Clinical production readiness owner + qualified external reviewers"},{"name":"Demo-to-pilot pricing friction","status":"contained","impact":"Buyers can stall when public demos, pilot programs, price bands, proof assets, intake steps, and custom diligence boundaries are not tied together before a call.","workaround":"Use /pilot-demo-commercial-readiness before demo, pilot, or pricing conversations so each buyer path has one demo, one recommended pilot, one price band, one proof list, one no-PHI intake route, and one hard-stop boundary.","owner":"Revenue Operations + Product Console + Deal Desk"},{"name":"Service delivery scope drift","status":"contained","impact":"Sellable offers can become low-margin custom work or unsupported commitments if scope, acceptance criteria, artifacts, and authority gates are not attached before kickoff.","workaround":"Use /service-delivery to bind every package to no-PHI intake, scope matrix, work-order templates, buyer handoff, margin controls, release gates, and no-SLA/no-contract/no-live-care boundaries.","owner":"Delivery Lead + Product Console + Revenue Operations"},{"name":"Route sprawl","status":"resolved","impact":"High-value pages and proof routes were harder to discover as the App Router surface grew.","workaround":"Use /navigation as the source-indexed route map and wire it through Homepage, Hub, Product Console, API, brief, README, systems map, and smoke coverage.","owner":"Product Console + Release Steward"},{"name":"Deployment drift","status":"contained","impact":"A reviewed local build can pass while the live production target still serves an older deployment or returns 404 for new buyer-critical routes.","workaround":"Use /deployment-drift-guard, /api/deployment-drift-guard, and npm run smoke:deployment-drift-guard against local and production targets before buyer, investor, launch, or proof-packet promotion.","owner":"Release Steward + Platform Engineering"},{"name":"Protected happy-path proof","status":"operator-required","impact":"Unauthenticated checks can prove fail-closed behavior, but not successful tenant-scoped protected mutations.","workaround":"Use /pilot-workspace/access with an active human AAL2 browser session or a deliberate one-time short-lived token run without retaining token values.","owner":"Approved tenant-admin or pilot-lead operator"},{"name":"Dynamic detail route coverage","status":"contained","impact":"Dynamic pages compile, but public smoke focuses on canonical entry points instead of crawling every slug variant.","workaround":"Keep route inventory visible here, use typecheck/build for every dynamic segment, and add targeted slug smoke when a dynamic route becomes buyer-critical.","owner":"Release Steward"},{"name":"External approvals and certifications","status":"external-review-required","impact":"Navigation can show approval and certification tracks, but SCRIMED cannot self-certify legal, security, HIPAA, FDA, ONC, EU AI Act, GDPR, NHS, MHRA, Australia, reimbursement, procurement, or clinical-use authority.","workaround":"Keep approval and certification routes claims-controlled, attach only qualified external evidence, and preserve no-authority headers until formal approval exists.","owner":"Founder + qualified external reviewers"},{"name":"Capital and securities boundaries","status":"external-review-required","impact":"Revenue, moat, investor, and funding readiness can be mistaken for securities offering material, audited financial reporting, valuation assurance, or investment advice.","workaround":"Use /capital-vitality for readiness-only proof, keep no-securities/no-advice headers visible, and route fundraising, valuation, legal, tax, and investor-solicitation materials through qualified counsel.","owner":"Founder + qualified counsel + finance reviewers"},{"name":"Growth execution concentration","status":"operator-required","impact":"Proof depth can diffuse commercial focus unless buyer segments, sellable offers, conversion lanes, and next actions stay prioritized.","workaround":"Use /growth-engine to keep founder-led assessment outreach, synthetic pilot pipeline, governance audit packaging, and protected diligence upgrades in one operating lane.","owner":"Founder + Product Console + Sales Operations"},{"name":"Enterprise legal and finance operating depth","status":"external-review-required","impact":"Enterprise revenue, margins, contracts, accounting, tax, investor, and board materials can create risk if authority is informal or claims outrun qualified review.","workaround":"Use /enterprise-business-ops to route deal desk, price floors, margin controls, legal/accounting/tax roles, billing readiness, and blocked business claims through named owners before commitments expand.","owner":"Founder + qualified counsel + finance/accounting/tax reviewers"},{"name":"Enterprise scalability commitment boundaries","status":"external-review-required","impact":"Capacity, SLO, support, region, residency, disaster recovery, and managed-service language can become accidental commitments if not routed before buyer use.","workaround":"Use /enterprise-scalability to attach capacity assumptions, tenant owners, support-tier review, no-SLA language, regional gates, cost thresholds, and qualified contract review before commitments expand.","owner":"Platform + service reliability + customer operations + legal ops"},{"name":"API UI AI platform power authority boundaries","status":"external-review-required","impact":"API contracts, UI improvements, live AI, model routing, agent tool use, accessibility, and scale-positioning language can become unsupported enterprise claims if they are not routed through proof and authority controls.","workaround":"Use /platform-power to attach API owners, UI role journeys, model-route registers, agent approval triggers, eval evidence, cost owners, and no-live-AI/no-PHI/no-SLA boundaries before claims expand.","owner":"Platform engineering + Product Console + TrustOS + security + finance"},{"name":"Limitations workaround drift","status":"contained","impact":"Safe alternatives can turn into informal permission when workaround packets do not have expiration rules, escalation triggers, and graduation gates.","workaround":"Use /limitations-workarounds to attach every repeated issue to a packet, owner, proof route, cadence, hard stop, and promotion path before buyer or release language expands.","owner":"Boundary owner + Operational Efficiency + Product Console"},{"name":"Autonomy expansion pressure","status":"contained","impact":"Automation can accelerate SCRIMED, but unsafely expanding it could imply production remediation, patient outreach, payer submission, EHR writeback, credential mutation, clinical authority, or customer go-live.","workaround":"Use /scrimed-automation-autopilot to classify every automation lane as manual-only, recommendation-only, review-gated automation, or synthetic autopilot before action authority expands.","owner":"TrustOS + Platform Engineering + Release Steward"},{"name":"Local shell runtime path","status":"contained","impact":"The managed local shell may omit node/npm from PATH even though the bundled runtime works.","workaround":"Use the bundled Node path for local checks and keep npm lifecycle scripts documented through Release Continuity and Operations readiness.","owner":"Release Steward"},{"name":"Sandbox DNS resolution","status":"contained","impact":"Restricted local sandbox execution can return ENOTFOUND for app.scrimedsolutions.com even when the branded production domain passes from approved network access.","workaround":"Use /launch-readiness and the launch-domain preflight to classify sandbox DNS separately, require strict branded-domain smoke from approved network access before launch, and treat fallback Vercel URL success as continuity-only evidence.","owner":"Release Steward + Domain/DNS administrator"}],"pageRouteInventory":["/","/agent-workspace","/agents","/agents/[slug]","/approvals-readiness","/atlas","/attribution-analytics","/audit","/boundary-release-approvals","/boundary-resolution","/buyer-release-control-run","/capital-vitality","/claims","/client-onboarding","/clinical-authority-readiness","/clinical-care-activation","/clinical-production-readiness","/clinical-robustness-lab","/company-assessment","/competitive-edge","/competitive-defense","/competitive-intelligence","/scrimed-market-execution","/scrimed-execution-focus","/continuous-review-audit","/contracts/[slug]","/demos","/demos/[slug]","/deployment-profiles","/documentation-before-authorization","/enterprise-business-ops","/enterprise-healthcare-infrastructure","/enterprise-scalability","/evaluation","/faithcore","/fixtures/change-review","/global-certification-readiness","/global-enterprise-command","/global-reach","/governance-packs","/health-records","/healthcare-optimization-command","/healthcare-value-realization","/pilot-activation-planner","/pilot-handoff-command","/pilot-success-review-command","/pilot-value-evidence","/growth-engine","/healthcare-intelligence-os","/hub","/hub/events","/hub/readiness","/integrations","/integrations/fixture-validation","/integrations/fixtures","/integrations/fixtures/[slug]","/interoperability","/interoperability/[slug]","/interoperability/evaluations","/interoperability/evaluations/[slug]","/investor-audience-readiness","/investor-readiness","/launch-readiness","/limitations-workarounds","/market-activation","/memory","/modules/carepath-ai","/modules/clinical-copilot","/modules/docutwin","/modules/trialcore","/modules/watchtower","/navigation","/observability","/omega-audit","/operating-context","/operational-efficiency","/operations","/offerings","/pilot","/pilot-demo-commercial-readiness","/pilot-deal-room","/pilot-evidence","/pilot-workspace","/pilot-workspace/access","/pilots","/pilots/[slug]","/platform","/platform-power","/pricing","/production-architecture","/product","/public-market-readiness","/qa-aal2-run-evidence","/qa-activation-seal","/qa-buyer-proof-release","/qa-claim-guard","/qa-completion-bridge","/qa-evidence","/qa-execution-readiness","/qa-human-run-packet","/qa-launch-kit","/qa-manual-execution-console","/qa-proof-promotion","/qa-run-control","/quality","/release-continuity","/deployment-drift-guard","/risk-register","/sales-attribution","/sales-operations","/scrimed-agent-governance","/scrimed-ai-infrastructure-watchtower","/scrimed-automation-autopilot","/scrimed-build-roadmap","/scrimed-clinical-benchmark-suite","/scrimed-cyber-defense","/scrimed-enterprise-acceleration","/scrimed-governance-learning-loop","/scrimed-guided-execution","/scrimed-hybrid-retrieval","/scrimed-intelligence-platform","/scrimed-intelligence-safety-stack","/scrimed-llmops-observability","/scrimed-modules","/scrimed-operating-command","/scrimed-work","/scrimed-control-plane","/scrimed-os","/scrimed-patient-context-gateway","/scrimed-proof-packet-studio","/scrimed-reasoning-stability","/scrimed-trustops","/scrimed-upgrade-implementation-plan","/service-delivery","/service-reliability","/source-intelligence","/strategic-problem-resolution","/strategic-intelligence","/synthetic","/synthetic/[slug]","/synthetic/fixtures","/synthetic/fixtures/[slug]","/synthetic/validation","/trust","/trust-center","/trust-center/[slug]","/trust-os","/trust-safety-operations","/workflows","/workflows/[slug]","/workflows/audit-persistence","/workflows/contracts","/workflows/contracts/[slug]","/workflows/execution-attempts","/workflows/execution-audit","/workflows/execution-audit/[slug]","/workflows/identity-access","/workflows/implementation-readiness","/workflows/implementation-readiness/[slug]","/workflows/promotion-review","/workflows/results","/workflows/results/[slug]","/workflows/results/validation","/workflows/runtime-safety"],"smokeCoveredHtmlRoutes":["/company-assessment","/clinical-production-readiness","/pilot-demo-commercial-readiness","/navigation","/pilot-workspace/access","/sales-operations","/competitive-edge","/competitive-defense","/competitive-intelligence","/scrimed-market-execution","/scrimed-execution-focus","/continuous-review-audit","/enterprise-business-ops","/enterprise-healthcare-infrastructure","/enterprise-scalability","/platform-power","/production-architecture","/pilot-deal-room","/qa-evidence","/clinical-authority-readiness","/clinical-care-activation","/public-market-readiness","/global-enterprise-command","/global-reach","/global-certification-readiness","/health-records","/healthcare-optimization-command","/healthcare-value-realization","/pilot-activation-planner","/pilot-handoff-command","/pilot-success-review-command","/pilot-value-evidence","/scrimed-work","/offerings","/client-onboarding","/boundary-release-approvals","/boundary-resolution","/limitations-workarounds","/approvals-readiness","/release-continuity","/deployment-drift-guard","/service-delivery","/service-reliability","/operational-efficiency","/capital-vitality","/growth-engine","/investor-audience-readiness","/launch-readiness","/qa-execution-readiness","/qa-run-control","/qa-launch-kit","/qa-human-run-packet","/qa-completion-bridge","/qa-claim-guard","/qa-activation-seal","/qa-proof-promotion","/qa-buyer-proof-release","/buyer-release-control-run","/qa-manual-execution-console","/qa-aal2-run-evidence","/scrimed-intelligence-platform","/scrimed-agent-governance","/scrimed-reasoning-stability","/scrimed-clinical-benchmark-suite","/scrimed-automation-autopilot","/scrimed-enterprise-acceleration","/scrimed-governance-learning-loop","/scrimed-guided-execution","/scrimed-proof-packet-studio","/scrimed-cyber-defense","/scrimed-hybrid-retrieval","/scrimed-llmops-observability","/scrimed-ai-infrastructure-watchtower","/scrimed-patient-context-gateway","/documentation-before-authorization","/strategic-problem-resolution"],"auditedNavigationRoutes":["/","/hub","/company-assessment","/clinical-production-readiness","/pilot-demo-commercial-readiness","/product","/offerings","/service-delivery","/client-onboarding","/competitive-defense","/competitive-intelligence","/global-enterprise-command","/global-certification-readiness","/continuous-review-audit","/enterprise-business-ops","/enterprise-healthcare-infrastructure","/enterprise-scalability","/platform-power","/limitations-workarounds","/launch-readiness","/navigation","/deployment-drift-guard","/service-reliability","/operational-efficiency","/capital-vitality","/growth-engine","/investor-audience-readiness","/scrimed-intelligence-platform","/scrimed-intelligence-safety-stack","/scrimed-operating-command","/scrimed-work","/scrimed-control-plane","/scrimed-automation-autopilot","/strategic-problem-resolution","/healthcare-optimization-command","/healthcare-value-realization","/pilot-activation-planner","/pilot-handoff-command","/pilot-success-review-command","/pilot-value-evidence","/scrimed-upgrade-implementation-plan","/scrimed-agent-governance","/scrimed-reasoning-stability","/scrimed-clinical-benchmark-suite","/scrimed-enterprise-acceleration","/scrimed-governance-learning-loop","/scrimed-guided-execution","/scrimed-proof-packet-studio","/scrimed-cyber-defense","/scrimed-hybrid-retrieval","/scrimed-llmops-observability","/scrimed-ai-infrastructure-watchtower","/scrimed-patient-context-gateway","/pilot-evidence","/pilot-deal-room","/pricing","/demos","/demos/[slug]","/documentation-before-authorization","/pilots","/pilots/[slug]","/pilot","/sales-operations","/approvals-readiness","/boundary-release-approvals","/boundary-resolution","/clinical-authority-readiness","/clinical-care-activation","/health-records","/public-market-readiness","/release-continuity","/pilot-workspace","/pilot-workspace/access","/buyer-release-control-run","/qa-manual-execution-console","/qa-aal2-run-evidence","/qa-evidence","/qa-execution-readiness","/qa-run-control","/qa-launch-kit","/qa-human-run-packet","/qa-completion-bridge","/qa-claim-guard","/qa-activation-seal","/qa-proof-promotion","/qa-buyer-proof-release","/agents","/production-architecture","/agents/[slug]","/agent-workspace","/evaluation","/memory","/audit","/observability","/workflows","/workflows/[slug]","/workflows/contracts","/workflows/identity-access","/workflows/execution-attempts","/workflows/execution-audit","/workflows/audit-persistence","/workflows/results","/workflows/results/validation","/workflows/promotion-review","/workflows/runtime-safety","/interoperability","/interoperability/[slug]","/interoperability/evaluations","/interoperability/evaluations/[slug]","/integrations","/integrations/fixture-validation","/integrations/fixtures","/integrations/fixtures/[slug]","/synthetic","/synthetic/[slug]","/synthetic/fixtures","/synthetic/fixtures/[slug]","/synthetic/validation","/trust-center","/trust-center/[slug]","/trust","/trust-os","/trust-safety-operations","/claims","/market-activation","/global-reach","/sales-attribution","/attribution-analytics","/source-intelligence","/deployment-profiles","/operations","/quality","/operating-context","/healthcare-intelligence-os","/platform","/governance-packs","/faithcore","/modules/clinical-copilot","/modules/docutwin","/modules/carepath-ai","/modules/trialcore","/modules/watchtower"],"missingInventoryLinks":[],"nextOperatorActions":["Use /navigation before each release to check route inventory, source counts, smoke scope, and retained limitations.","Use /launch-readiness before public launch, buyer campaigns, investor packet release, or board review to separate sandbox DNS false negatives from real production-domain launch gates.","Use /competitive-defense before public competitor comparisons, security claims, privacy claims, investor packets, sales decks, or launch expansion to keep no-copy, no-PHI, no-certification, no-partnership, and qualified-review gates explicit.","Use the persistent site navigation to move buyers, operators, reviewers, and global partners into their role-specific paths from every page.","Add new high-value routes to the right navigation group and public smoke when they become buyer-critical.","Use /platform-power before API, UI, AI, model-route, agent-tool, accessibility, or scale-equivalence claims expand.","Use /limitations-workarounds when a request is blocked so the safe path, escalation owner, proof route, and graduation gate are explicit.","Use /investor-audience-readiness when preparing angel, corporate strategic, private investor, faith-based clinic, public-sector, payer, health-system, clinician, global partner, or transformation-sponsor conversations.","Keep protected routes fail-closed publicly and run happy-path proof only through an active human AAL2 session.","Keep approval, PHI, clinical-care, connector, release, and security-certification claims gated until qualified external evidence exists."],"updated":"2026-06-26"},"operationalEfficiency":{"service":"scrimed-operational-efficiency","route":"/operational-efficiency","apiRoute":"/api/operational-efficiency","briefRoute":"/api/operational-efficiency/brief","status":"operational-efficiency-bottleneck-resolution-control-plane-active","briefStatus":"operational-efficiency-brief-ready-no-autonomous-authority","boundary":"SCRIMED Operational Efficiency organizes known gaps, inefficiencies, bottlenecks, fault classes, release gates, onboarding and communication handoffs, scalability constraints, API contract gaps, UI command friction, AI model-route limits, agent approval gates, evidence retrieval constraints, SLO/SLA and support boundaries, growth constraints, enterprise controls, and continuous-review hard stops into one operating resolution lane. It improves execution discipline only. It does not authorize autonomous production remediation, bypass AAL2, process PHI, approve live clinical care, certify security, certify accessibility, send email, create calendar invites, approve contracts, create public API SLAs, create contractual SLAs, guarantee uptime, approve live autonomous AI, approve production model routing, commit managed-service coverage, approve production hosting or residency, provide legal/accounting/tax advice, approve production connectors, guarantee revenue, guarantee profit margin, approve buyer release, claim trillion-dollar-scale equivalence, or replace qualified human review.","authority":{"autonomyAuthority":"no-autonomous-production-remediation","dataBoundary":"synthetic-and-metadata-only","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","approvalAuthority":"external-review-required","securityCertification":"not-security-certified","revenueAuthority":"not-revenue-guarantee","profitAuthority":"not-profit-margin-guarantee","financialAuthority":"not-audited-financial-report","legalAuthority":"qualified-review-required"},"recordCount":155,"openBottleneckCount":106,"resolvedCount":49,"countsByStatus":{"resolved":4,"active-control":27,"contained":18,"operator-required":63,"protected-gated":2,"external-review-required":35,"blocked-by-design":6},"countsByDomain":{"release-quality":6,"route-coverage":18,"service-reliability":18,"offering-packaging":8,"client-onboarding":14,"enterprise-scalability":16,"platform-power":19,"limitations-workarounds":20,"commercial-throughput":4,"enterprise-operations":20,"continuous-review":6,"health-records-safety":5,"boundary-control":1},"proofRouteCount":87,"hardStopCount":316,"ownerCount":131,"sprintCount":9,"metricCount":4,"discrepancyFaultTriageCount":8,"criticalDiscrepancyFaultTriageCount":4,"highDiscrepancyFaultTriageCount":4,"sourceAlignment":{"navigationRouteCount":164,"smokeCoveredHtmlRouteCount":76,"serviceOpenGateCount":4,"serviceFaultClassCount":8,"releaseGateCount":6,"productServiceOfferCount":10,"productServicePackageCount":5,"productServiceMarginControlCount":8,"clientOnboardingStageCount":8,"clientOnboardingTemplateCount":9,"clientOnboardingHandoffCount":6,"enterpriseScalabilityDomainCount":9,"enterpriseScalabilityControlCount":10,"enterpriseScalabilityBottleneckCount":6,"platformPowerPillarCount":9,"platformPowerControlCount":12,"platformPowerBottleneckCount":7,"limitationsWorkaroundTrackCount":12,"limitationsWorkaroundPacketCount":8,"limitationsWorkaroundOpenRiskCount":11,"growthBottleneckCount":4,"enterpriseControlCount":10,"continuousAuditControlCount":6,"boundaryRecordCount":120},"records":[{"id":"release-source-control-drift","domain":"release-quality","name":"Source-control drift","status":"resolved","sourceSurface":"Release Continuity","impact":"The approvals readiness and buyer release-control release was committed, tagged, pushed, and verified against origin/main.","inefficiency":"Production-only changes can become hard to audit if Vercel history moves ahead of GitHub.","currentControl":"Keep every production release checkpointed by commit, tag, production smoke, and briefed release boundary.","resolutionPath":"Keep every production release checkpointed by commit, tag, production smoke, and briefed release boundary.","owner":"Founder + Release Steward","proofRoutes":["/product","/api/product/console","/api/release-continuity"],"hardStops":["PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Keep every production release checkpointed by commit, tag, production smoke, and briefed release boundary."},{"id":"release-public-production-smoke","domain":"release-quality","name":"Public production smoke","status":"resolved","sourceSurface":"Release Continuity","impact":"Public smoke validates the custom domain, HTML routes, JSON APIs, Markdown briefs, fail-closed protected routes, and approval boundaries.","inefficiency":"Public readiness can look healthy while protected writes still require explicit AAL2 proof.","currentControl":"Pair public smoke with protected fail-closed checks and a separate AAL2 operator run when a fresh session exists.","resolutionPath":"Pair public smoke with protected fail-closed checks and a separate AAL2 operator run when a fresh session exists.","owner":"Release Steward","proofRoutes":["/api/release-continuity","/api/product/console","/qa-evidence"],"hardStops":["PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Pair public smoke with protected fail-closed checks and a separate AAL2 operator run when a fresh session exists."},{"id":"release-protected-aal2-happy-path","domain":"release-quality","name":"Protected AAL2 happy path","status":"operator-required","sourceSurface":"Release Continuity","impact":"TrustOps, Agent Workspace, and Buyer Release Control fail closed without a tenant-admin or pilot-lead AAL2 session.","inefficiency":"A terminal cannot safely create or retain a fresh human AAL2 bearer token without crossing the no-secret boundary.","currentControl":"Use the protected browser workspace for no-secret verification, or run the CLI smoke only with a fresh external AAL2 token and dispose of it immediately after the run.","resolutionPath":"Use the protected browser workspace for no-secret verification, or run the CLI smoke only with a fresh external AAL2 token and dispose of it immediately after the run.","owner":"Approved tenant-admin or pilot-lead operator","proofRoutes":["/pilot-workspace/access","/buyer-release-control-run","/api/pilot-workspaces/{workspaceSlug}/buyer-release-control-run"],"hardStops":["PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use the protected browser workspace for no-secret verification, or run the CLI smoke only with a fresh external AAL2 token and dispose of it immediately after the run."},{"id":"release-aal2-smoke-readiness-packet","domain":"release-quality","name":"AAL2 smoke readiness packet","status":"operator-required","sourceSurface":"Release Continuity","impact":"The no-secret AAL2 smoke readiness packet is exposed for release review while strict protected writes remain human-token and feature-flag gated.","inefficiency":"A release checklist can prove readiness surfaces exist, but it cannot prove authenticated protected writes without a fresh human AAL2 session.","currentControl":"Inspect /api/qa-evidence/aal2-smoke-readiness, run npm run smoke:aal2:readiness, then use a short-lived authorized AAL2 token only for deliberate strict smoke.","resolutionPath":"Inspect /api/qa-evidence/aal2-smoke-readiness, run npm run smoke:aal2:readiness, then use a short-lived authorized AAL2 token only for deliberate strict smoke.","owner":"Release Steward + Approved AAL2 Operator","proofRoutes":["/qa-aal2-run-evidence","/api/qa-evidence/aal2-smoke-readiness","/api/qa-evidence/aal2-smoke-readiness/brief"],"hardStops":["PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Inspect /api/qa-evidence/aal2-smoke-readiness, run npm run smoke:aal2:readiness, then use a short-lived authorized AAL2 token only for deliberate strict smoke."},{"id":"release-secret-handling","domain":"release-quality","name":"Secret handling","status":"blocked-by-design","sourceSurface":"Release Continuity","impact":"Release scripts skip authenticated mutations unless a deliberate short-lived token is supplied outside the product and outside source control.","inefficiency":"Automating protected happy-path evidence with stored long-lived tokens would weaken the trust boundary.","currentControl":"Prefer browser AAL2 operator panels; when CLI evidence is necessary, use explicit environment variables for one run and never write token values to docs, chat, CI logs, or code.","resolutionPath":"Prefer browser AAL2 operator panels; when CLI evidence is necessary, use explicit environment variables for one run and never write token values to docs, chat, CI logs, or code.","owner":"Security + Operator","proofRoutes":["/qa-run-control","/qa-launch-kit","/qa-human-run-packet"],"hardStops":["PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Prefer browser AAL2 operator panels; when CLI evidence is necessary, use explicit environment variables for one run and never write token values to docs, chat, CI logs, or code."},{"id":"release-regulated-approval-claims","domain":"release-quality","name":"Regulated approval claims","status":"external-review-required","sourceSurface":"Release Continuity","impact":"Approvals Readiness and Boundary Resolution keep legal, HIPAA, SOC 2, HITRUST, FDA, ONC, reimbursement, and public customer-permission claims externally gated.","inefficiency":"SCRIMED can prepare approval evidence, but it cannot self-certify or self-authorize regulated claims.","currentControl":"Route public copy through Claim Guard, keep intended use narrow, retain external approval references, and require qualified reviewer sign-off before any claim expansion.","resolutionPath":"Route public copy through Claim Guard, keep intended use narrow, retain external approval references, and require qualified reviewer sign-off before any claim expansion.","owner":"Founder + Legal/Security/Regulatory reviewers","proofRoutes":["/approvals-readiness","/boundary-resolution","/qa-claim-guard"],"hardStops":["PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Route public copy through Claim Guard, keep intended use narrow, retain external approval references, and require qualified reviewer sign-off before any claim expansion."},{"id":"navigation-whole-company-operating-fragmentation","domain":"route-coverage","name":"Whole-company operating fragmentation","status":"contained","sourceSurface":"Navigation Audit","impact":"Product, service, launch, revenue, legal, certification, cybersecurity, AI, health-record, investor, and scale decisions can fragment when teams inspect only one lane at a time.","inefficiency":"Product, service, launch, revenue, legal, certification, cybersecurity, AI, health-record, investor, and scale decisions can fragment when teams inspect only one lane at a time.","currentControl":"Use /company-assessment as the top-level operating cockpit before routing into Product Console, Offerings, Service Delivery, Enterprise Business Ops, Platform Power, Health Records, Launch Readiness, Approvals, Global Certification, Continuous Review, Workarounds, or protected proof release.","resolutionPath":"Use /company-assessment as the top-level operating cockpit before routing into Product Console, Offerings, Service Delivery, Enterprise Business Ops, Platform Power, Health Records, Launch Readiness, Approvals, Global Certification, Continuous Review, Workarounds, or protected proof release.","owner":"Executive Operating Council + Product Console + TrustOS","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /company-assessment as the top-level operating cockpit before routing into Product Console, Offerings, Service Delivery, Enterprise Business Ops, Platform Power, Health Records, Launch Readiness, Approvals, Global Certification, Continuous Review, Workarounds, or protected proof release."},{"id":"navigation-clinical-production-readiness-incompleteness","domain":"route-coverage","name":"Clinical production readiness incompleteness","status":"external-review-required","sourceSurface":"Navigation Audit","impact":"Current no-PHI pilots, demos, diligence packets, and readiness services are usable now, but clinical production requires a separate task ledger, qualified external review, customer authority, and live-data controls.","inefficiency":"Current no-PHI pilots, demos, diligence packets, and readiness services are usable now, but clinical production requires a separate task ledger, qualified external review, customer authority, and live-data controls.","currentControl":"Use /clinical-production-readiness before PHI, live-care, connector, clinical AI, certification, customer go-live, or global production language expands; use current capability motions for safe revenue while the task ledger remains incomplete.","resolutionPath":"Use /clinical-production-readiness before PHI, live-care, connector, clinical AI, certification, customer go-live, or global production language expands; use current capability motions for safe revenue while the task ledger remains incomplete.","owner":"Clinical production readiness owner + qualified external reviewers","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /clinical-production-readiness before PHI, live-care, connector, clinical AI, certification, customer go-live, or global production language expands; use current capability motions for safe revenue while the task ledger remains incomplete."},{"id":"navigation-demo-to-pilot-pricing-friction","domain":"route-coverage","name":"Demo-to-pilot pricing friction","status":"contained","sourceSurface":"Navigation Audit","impact":"Buyers can stall when public demos, pilot programs, price bands, proof assets, intake steps, and custom diligence boundaries are not tied together before a call.","inefficiency":"Buyers can stall when public demos, pilot programs, price bands, proof assets, intake steps, and custom diligence boundaries are not tied together before a call.","currentControl":"Use /pilot-demo-commercial-readiness before demo, pilot, or pricing conversations so each buyer path has one demo, one recommended pilot, one price band, one proof list, one no-PHI intake route, and one hard-stop boundary.","resolutionPath":"Use /pilot-demo-commercial-readiness before demo, pilot, or pricing conversations so each buyer path has one demo, one recommended pilot, one price band, one proof list, one no-PHI intake route, and one hard-stop boundary.","owner":"Revenue Operations + Product Console + Deal Desk","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /pilot-demo-commercial-readiness before demo, pilot, or pricing conversations so each buyer path has one demo, one recommended pilot, one price band, one proof list, one no-PHI intake route, and one hard-stop boundary."},{"id":"navigation-service-delivery-scope-drift","domain":"route-coverage","name":"Service delivery scope drift","status":"contained","sourceSurface":"Navigation Audit","impact":"Sellable offers can become low-margin custom work or unsupported commitments if scope, acceptance criteria, artifacts, and authority gates are not attached before kickoff.","inefficiency":"Sellable offers can become low-margin custom work or unsupported commitments if scope, acceptance criteria, artifacts, and authority gates are not attached before kickoff.","currentControl":"Use /service-delivery to bind every package to no-PHI intake, scope matrix, work-order templates, buyer handoff, margin controls, release gates, and no-SLA/no-contract/no-live-care boundaries.","resolutionPath":"Use /service-delivery to bind every package to no-PHI intake, scope matrix, work-order templates, buyer handoff, margin controls, release gates, and no-SLA/no-contract/no-live-care boundaries.","owner":"Delivery Lead + Product Console + Revenue Operations","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /service-delivery to bind every package to no-PHI intake, scope matrix, work-order templates, buyer handoff, margin controls, release gates, and no-SLA/no-contract/no-live-care boundaries."},{"id":"navigation-route-sprawl","domain":"route-coverage","name":"Route sprawl","status":"resolved","sourceSurface":"Navigation Audit","impact":"High-value pages and proof routes were harder to discover as the App Router surface grew.","inefficiency":"High-value pages and proof routes were harder to discover as the App Router surface grew.","currentControl":"Use /navigation as the source-indexed route map and wire it through Homepage, Hub, Product Console, API, brief, README, systems map, and smoke coverage.","resolutionPath":"Use /navigation as the source-indexed route map and wire it through Homepage, Hub, Product Console, API, brief, README, systems map, and smoke coverage.","owner":"Product Console + Release Steward","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /navigation as the source-indexed route map and wire it through Homepage, Hub, Product Console, API, brief, README, systems map, and smoke coverage."},{"id":"navigation-deployment-drift","domain":"route-coverage","name":"Deployment drift","status":"contained","sourceSurface":"Navigation Audit","impact":"A reviewed local build can pass while the live production target still serves an older deployment or returns 404 for new buyer-critical routes.","inefficiency":"A reviewed local build can pass while the live production target still serves an older deployment or returns 404 for new buyer-critical routes.","currentControl":"Use /deployment-drift-guard, /api/deployment-drift-guard, and npm run smoke:deployment-drift-guard against local and production targets before buyer, investor, launch, or proof-packet promotion.","resolutionPath":"Use /deployment-drift-guard, /api/deployment-drift-guard, and npm run smoke:deployment-drift-guard against local and production targets before buyer, investor, launch, or proof-packet promotion.","owner":"Release Steward + Platform Engineering","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /deployment-drift-guard, /api/deployment-drift-guard, and npm run smoke:deployment-drift-guard against local and production targets before buyer, investor, launch, or proof-packet promotion."},{"id":"navigation-protected-happy-path-proof","domain":"route-coverage","name":"Protected happy-path proof","status":"operator-required","sourceSurface":"Navigation Audit","impact":"Unauthenticated checks can prove fail-closed behavior, but not successful tenant-scoped protected mutations.","inefficiency":"Unauthenticated checks can prove fail-closed behavior, but not successful tenant-scoped protected mutations.","currentControl":"Use /pilot-workspace/access with an active human AAL2 browser session or a deliberate one-time short-lived token run without retaining token values.","resolutionPath":"Use /pilot-workspace/access with an active human AAL2 browser session or a deliberate one-time short-lived token run without retaining token values.","owner":"Approved tenant-admin or pilot-lead operator","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /pilot-workspace/access with an active human AAL2 browser session or a deliberate one-time short-lived token run without retaining token values."},{"id":"navigation-dynamic-detail-route-coverage","domain":"route-coverage","name":"Dynamic detail route coverage","status":"contained","sourceSurface":"Navigation Audit","impact":"Dynamic pages compile, but public smoke focuses on canonical entry points instead of crawling every slug variant.","inefficiency":"Dynamic pages compile, but public smoke focuses on canonical entry points instead of crawling every slug variant.","currentControl":"Keep route inventory visible here, use typecheck/build for every dynamic segment, and add targeted slug smoke when a dynamic route becomes buyer-critical.","resolutionPath":"Keep route inventory visible here, use typecheck/build for every dynamic segment, and add targeted slug smoke when a dynamic route becomes buyer-critical.","owner":"Release Steward","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Keep route inventory visible here, use typecheck/build for every dynamic segment, and add targeted slug smoke when a dynamic route becomes buyer-critical."},{"id":"navigation-external-approvals-and-certifications","domain":"route-coverage","name":"External approvals and certifications","status":"external-review-required","sourceSurface":"Navigation Audit","impact":"Navigation can show approval and certification tracks, but SCRIMED cannot self-certify legal, security, HIPAA, FDA, ONC, EU AI Act, GDPR, NHS, MHRA, Australia, reimbursement, procurement, or clinical-use authority.","inefficiency":"Navigation can show approval and certification tracks, but SCRIMED cannot self-certify legal, security, HIPAA, FDA, ONC, EU AI Act, GDPR, NHS, MHRA, Australia, reimbursement, procurement, or clinical-use authority.","currentControl":"Keep approval and certification routes claims-controlled, attach only qualified external evidence, and preserve no-authority headers until formal approval exists.","resolutionPath":"Keep approval and certification routes claims-controlled, attach only qualified external evidence, and preserve no-authority headers until formal approval exists.","owner":"Founder + qualified external reviewers","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Keep approval and certification routes claims-controlled, attach only qualified external evidence, and preserve no-authority headers until formal approval exists."},{"id":"navigation-capital-and-securities-boundaries","domain":"route-coverage","name":"Capital and securities boundaries","status":"external-review-required","sourceSurface":"Navigation Audit","impact":"Revenue, moat, investor, and funding readiness can be mistaken for securities offering material, audited financial reporting, valuation assurance, or investment advice.","inefficiency":"Revenue, moat, investor, and funding readiness can be mistaken for securities offering material, audited financial reporting, valuation assurance, or investment advice.","currentControl":"Use /capital-vitality for readiness-only proof, keep no-securities/no-advice headers visible, and route fundraising, valuation, legal, tax, and investor-solicitation materials through qualified counsel.","resolutionPath":"Use /capital-vitality for readiness-only proof, keep no-securities/no-advice headers visible, and route fundraising, valuation, legal, tax, and investor-solicitation materials through qualified counsel.","owner":"Founder + qualified counsel + finance reviewers","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /capital-vitality for readiness-only proof, keep no-securities/no-advice headers visible, and route fundraising, valuation, legal, tax, and investor-solicitation materials through qualified counsel."},{"id":"navigation-growth-execution-concentration","domain":"route-coverage","name":"Growth execution concentration","status":"operator-required","sourceSurface":"Navigation Audit","impact":"Proof depth can diffuse commercial focus unless buyer segments, sellable offers, conversion lanes, and next actions stay prioritized.","inefficiency":"Proof depth can diffuse commercial focus unless buyer segments, sellable offers, conversion lanes, and next actions stay prioritized.","currentControl":"Use /growth-engine to keep founder-led assessment outreach, synthetic pilot pipeline, governance audit packaging, and protected diligence upgrades in one operating lane.","resolutionPath":"Use /growth-engine to keep founder-led assessment outreach, synthetic pilot pipeline, governance audit packaging, and protected diligence upgrades in one operating lane.","owner":"Founder + Product Console + Sales Operations","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /growth-engine to keep founder-led assessment outreach, synthetic pilot pipeline, governance audit packaging, and protected diligence upgrades in one operating lane."},{"id":"navigation-enterprise-legal-and-finance-operating-depth","domain":"route-coverage","name":"Enterprise legal and finance operating depth","status":"external-review-required","sourceSurface":"Navigation Audit","impact":"Enterprise revenue, margins, contracts, accounting, tax, investor, and board materials can create risk if authority is informal or claims outrun qualified review.","inefficiency":"Enterprise revenue, margins, contracts, accounting, tax, investor, and board materials can create risk if authority is informal or claims outrun qualified review.","currentControl":"Use /enterprise-business-ops to route deal desk, price floors, margin controls, legal/accounting/tax roles, billing readiness, and blocked business claims through named owners before commitments expand.","resolutionPath":"Use /enterprise-business-ops to route deal desk, price floors, margin controls, legal/accounting/tax roles, billing readiness, and blocked business claims through named owners before commitments expand.","owner":"Founder + qualified counsel + finance/accounting/tax reviewers","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /enterprise-business-ops to route deal desk, price floors, margin controls, legal/accounting/tax roles, billing readiness, and blocked business claims through named owners before commitments expand."},{"id":"navigation-enterprise-scalability-commitment-boundaries","domain":"route-coverage","name":"Enterprise scalability commitment boundaries","status":"external-review-required","sourceSurface":"Navigation Audit","impact":"Capacity, SLO, support, region, residency, disaster recovery, and managed-service language can become accidental commitments if not routed before buyer use.","inefficiency":"Capacity, SLO, support, region, residency, disaster recovery, and managed-service language can become accidental commitments if not routed before buyer use.","currentControl":"Use /enterprise-scalability to attach capacity assumptions, tenant owners, support-tier review, no-SLA language, regional gates, cost thresholds, and qualified contract review before commitments expand.","resolutionPath":"Use /enterprise-scalability to attach capacity assumptions, tenant owners, support-tier review, no-SLA language, regional gates, cost thresholds, and qualified contract review before commitments expand.","owner":"Platform + service reliability + customer operations + legal ops","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /enterprise-scalability to attach capacity assumptions, tenant owners, support-tier review, no-SLA language, regional gates, cost thresholds, and qualified contract review before commitments expand."},{"id":"navigation-api-ui-ai-platform-power-authority-boundaries","domain":"route-coverage","name":"API UI AI platform power authority boundaries","status":"external-review-required","sourceSurface":"Navigation Audit","impact":"API contracts, UI improvements, live AI, model routing, agent tool use, accessibility, and scale-positioning language can become unsupported enterprise claims if they are not routed through proof and authority controls.","inefficiency":"API contracts, UI improvements, live AI, model routing, agent tool use, accessibility, and scale-positioning language can become unsupported enterprise claims if they are not routed through proof and authority controls.","currentControl":"Use /platform-power to attach API owners, UI role journeys, model-route registers, agent approval triggers, eval evidence, cost owners, and no-live-AI/no-PHI/no-SLA boundaries before claims expand.","resolutionPath":"Use /platform-power to attach API owners, UI role journeys, model-route registers, agent approval triggers, eval evidence, cost owners, and no-live-AI/no-PHI/no-SLA boundaries before claims expand.","owner":"Platform engineering + Product Console + TrustOS + security + finance","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /platform-power to attach API owners, UI role journeys, model-route registers, agent approval triggers, eval evidence, cost owners, and no-live-AI/no-PHI/no-SLA boundaries before claims expand."},{"id":"navigation-limitations-workaround-drift","domain":"route-coverage","name":"Limitations workaround drift","status":"contained","sourceSurface":"Navigation Audit","impact":"Safe alternatives can turn into informal permission when workaround packets do not have expiration rules, escalation triggers, and graduation gates.","inefficiency":"Safe alternatives can turn into informal permission when workaround packets do not have expiration rules, escalation triggers, and graduation gates.","currentControl":"Use /limitations-workarounds to attach every repeated issue to a packet, owner, proof route, cadence, hard stop, and promotion path before buyer or release language expands.","resolutionPath":"Use /limitations-workarounds to attach every repeated issue to a packet, owner, proof route, cadence, hard stop, and promotion path before buyer or release language expands.","owner":"Boundary owner + Operational Efficiency + Product Console","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /limitations-workarounds to attach every repeated issue to a packet, owner, proof route, cadence, hard stop, and promotion path before buyer or release language expands."},{"id":"navigation-autonomy-expansion-pressure","domain":"route-coverage","name":"Autonomy expansion pressure","status":"contained","sourceSurface":"Navigation Audit","impact":"Automation can accelerate SCRIMED, but unsafely expanding it could imply production remediation, patient outreach, payer submission, EHR writeback, credential mutation, clinical authority, or customer go-live.","inefficiency":"Automation can accelerate SCRIMED, but unsafely expanding it could imply production remediation, patient outreach, payer submission, EHR writeback, credential mutation, clinical authority, or customer go-live.","currentControl":"Use /scrimed-automation-autopilot to classify every automation lane as manual-only, recommendation-only, review-gated automation, or synthetic autopilot before action authority expands.","resolutionPath":"Use /scrimed-automation-autopilot to classify every automation lane as manual-only, recommendation-only, review-gated automation, or synthetic autopilot before action authority expands.","owner":"TrustOS + Platform Engineering + Release Steward","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /scrimed-automation-autopilot to classify every automation lane as manual-only, recommendation-only, review-gated automation, or synthetic autopilot before action authority expands."},{"id":"navigation-local-shell-runtime-path","domain":"route-coverage","name":"Local shell runtime path","status":"contained","sourceSurface":"Navigation Audit","impact":"The managed local shell may omit node/npm from PATH even though the bundled runtime works.","inefficiency":"The managed local shell may omit node/npm from PATH even though the bundled runtime works.","currentControl":"Use the bundled Node path for local checks and keep npm lifecycle scripts documented through Release Continuity and Operations readiness.","resolutionPath":"Use the bundled Node path for local checks and keep npm lifecycle scripts documented through Release Continuity and Operations readiness.","owner":"Release Steward","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use the bundled Node path for local checks and keep npm lifecycle scripts documented through Release Continuity and Operations readiness."},{"id":"navigation-sandbox-dns-resolution","domain":"route-coverage","name":"Sandbox DNS resolution","status":"contained","sourceSurface":"Navigation Audit","impact":"Restricted local sandbox execution can return ENOTFOUND for app.scrimedsolutions.com even when the branded production domain passes from approved network access.","inefficiency":"Restricted local sandbox execution can return ENOTFOUND for app.scrimedsolutions.com even when the branded production domain passes from approved network access.","currentControl":"Use /launch-readiness and the launch-domain preflight to classify sandbox DNS separately, require strict branded-domain smoke from approved network access before launch, and treat fallback Vercel URL success as continuity-only evidence.","resolutionPath":"Use /launch-readiness and the launch-domain preflight to classify sandbox DNS separately, require strict branded-domain smoke from approved network access before launch, and treat fallback Vercel URL success as continuity-only evidence.","owner":"Release Steward + Domain/DNS administrator","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /launch-readiness and the launch-domain preflight to classify sandbox DNS separately, require strict branded-domain smoke from approved network access before launch, and treat fallback Vercel URL success as continuity-only evidence."},{"id":"service-control-product-console-and-os-hub-discoverability","domain":"service-reliability","name":"Product Console and OS Hub discoverability","status":"resolved","sourceSurface":"Product, Hub, Homepage, Navigation Audit","impact":"Route sprawl made it easy for high-value proof surfaces to become hard to find.","inefficiency":"Route sprawl made it easy for high-value proof surfaces to become hard to find.","currentControl":"Navigation Audit, Product Console, Hub, and homepage now cross-link the command surfaces and route inventory.","resolutionPath":"Keep new buyer-critical pages inside the navigation audit, hub view, and smoke scope.","owner":"Product Console + Release Steward","proofRoutes":["/product","/hub","/navigation","/api/navigation-audit"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Keep new buyer-critical pages inside the navigation audit, hub view, and smoke scope."},{"id":"service-control-release-continuity-and-source-control-alignment","domain":"service-reliability","name":"Release continuity and source-control alignment","status":"contained","sourceSurface":"Release Continuity","impact":"Production can drift from source control if deployments, tags, smoke proof, and no-secret boundaries are not checkpointed together.","inefficiency":"Production can drift from source control if deployments, tags, smoke proof, and no-secret boundaries are not checkpointed together.","currentControl":"Release Continuity ties deployment proof, GitHub baselines, public smoke, protected fail-closed checks, and AAL2 operator limits into one lane.","resolutionPath":"Run public smoke and update the checkpoint after each production deployment.","owner":"Release Steward","proofRoutes":["/release-continuity","/api/release-continuity","/api/release-continuity/brief"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Run public smoke and update the checkpoint after each production deployment."},{"id":"service-control-clinical-legal-security-and-approval-authority","domain":"service-reliability","name":"Clinical, legal, security, and approval authority","status":"external-review-required","sourceSurface":"Approvals Readiness, Clinical Authority, Boundary Resolution","impact":"SCRIMED can prepare approval evidence but cannot self-certify HIPAA, SOC 2, HITRUST, FDA, ONC, legal, reimbursement, or clinical authority.","inefficiency":"SCRIMED can prepare approval evidence but cannot self-certify HIPAA, SOC 2, HITRUST, FDA, ONC, legal, reimbursement, or clinical authority.","currentControl":"Approvals Readiness and Boundary Resolution keep external evidence requirements, owners, workarounds, and prohibited claims visible.","resolutionPath":"Route claims and buyer-specific evidence through external review before expanding public language.","owner":"Founder + qualified external reviewers","proofRoutes":["/approvals-readiness","/clinical-authority-readiness","/boundary-resolution","/qa-claim-guard"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Route claims and buyer-specific evidence through external review before expanding public language."},{"id":"service-control-manual-aal2-protected-proof","domain":"service-reliability","name":"Manual AAL2 protected proof","status":"operator-required","sourceSurface":"Protected Pilot Workspace, QA Evidence, Buyer Release Control","impact":"Public checks prove fail-closed behavior, but authenticated protected mutations require a fresh human AAL2 session.","inefficiency":"Public checks prove fail-closed behavior, but authenticated protected mutations require a fresh human AAL2 session.","currentControl":"Manual QA Execution Console, QA Run Control, Human Run Packet, and protected workspace panels preserve no-secret human-run proof.","resolutionPath":"Use the browser AAL2 workspace for protected proof or a deliberate one-time token run with no retention.","owner":"Approved tenant-admin or pilot-lead operator","proofRoutes":["/pilot-workspace/access","/qa-manual-execution-console","/qa-run-control","/qa-human-run-packet","/buyer-release-control-run"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use the browser AAL2 workspace for protected proof or a deliberate one-time token run with no retention."},{"id":"service-control-buyer-release-and-external-sharing","domain":"service-reliability","name":"Buyer release and external sharing","status":"protected-gated","sourceSurface":"Buyer Release Control, protected release verifier, distribution lockbox","impact":"Buyer-specific external sharing requires retained release decisions, named reviewer signoffs, recipient controls, authority attestations, and access-log reconciliation.","inefficiency":"Buyer-specific external sharing requires retained release decisions, named reviewer signoffs, recipient controls, authority attestations, and access-log reconciliation.","currentControl":"Buyer Release Control Runbook sequences protected verifier records, packets, timeline, reconciliation, remediation, and disabled lockbox controls.","resolutionPath":"Complete the release-control chain before any buyer-specific external distribution.","owner":"Buyer Diligence + Release Steward + qualified reviewers","proofRoutes":["/buyer-release-control-run","/pilot-workspace/access#buyer-release-control-verifier","/api/pilot-workspaces/{workspaceSlug}/buyer-release-control-run"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Complete the release-control chain before any buyer-specific external distribution."},{"id":"service-control-commercial-buyer-path","domain":"service-reliability","name":"Commercial buyer path","status":"active-control","sourceSurface":"Pilot Deal Room, Pricing, Demos, Pilots, Sales Operations","impact":"Buyer value, proof routes, pricing, demos, protected evidence, and pilot intake can fragment across separate surfaces.","inefficiency":"Buyer value, proof routes, pricing, demos, protected evidence, and pilot intake can fragment across separate surfaces.","currentControl":"Pilot Deal Room, Product Console, pricing, demos, pilot programs, and sales operations now present a continuous buyer path.","resolutionPath":"Keep offers focused on governed synthetic pilots until customer-specific production controls are approved.","owner":"Sales operations + Buyer Diligence","proofRoutes":["/pilot-deal-room","/pricing","/demos","/pilots","/sales-operations"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Keep offers focused on governed synthetic pilots until customer-specific production controls are approved."},{"id":"service-control-agent-and-workflow-operating-system","domain":"service-reliability","name":"Agent and workflow operating system","status":"contained","sourceSurface":"Agents, Workflows, Evaluation, Runtime Safety, Audit","impact":"Agent execution can become unsafe if runtime, identity, audit, connector, and human-review gates are not explicit.","inefficiency":"Agent execution can become unsafe if runtime, identity, audit, connector, and human-review gates are not explicit.","currentControl":"Workflow contracts, deny-by-default implementation readiness, runtime safety, execution audit, and AgentOS evaluation keep execution synthetic and review-gated.","resolutionPath":"Add blocked actions, human checkpoints, audit events, and packet evidence before new agent capabilities move forward.","owner":"AgentOS + Workflow Runtime","proofRoutes":["/agents","/workflows","/workflows/contracts","/workflows/runtime-safety","/workflows/execution-audit","/evaluation"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Add blocked actions, human checkpoints, audit events, and packet evidence before new agent capabilities move forward."},{"id":"service-control-interoperability-and-synthetic-validation","domain":"service-reliability","name":"Interoperability and synthetic validation","status":"contained","sourceSurface":"Interoperability, Integrations, Synthetic Validation","impact":"Connector confidence can be overstated if synthetic conformance and live production authorization are not separated.","inefficiency":"Connector confidence can be overstated if synthetic conformance and live production authorization are not separated.","currentControl":"Standards registry, fixture validation, conformance evaluations, and synthetic validation keep connector readiness inspectable before live use.","resolutionPath":"Keep live connector claims blocked until buyer, legal, security, privacy, and interoperability approvals exist.","owner":"Interoperability Control Plane + Validation Trust Lab","proofRoutes":["/interoperability","/interoperability/evaluations","/integrations","/synthetic/validation"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Keep live connector claims blocked until buyer, legal, security, privacy, and interoperability approvals exist."},{"id":"service-control-trust-claims-and-incident-operations","domain":"service-reliability","name":"Trust, claims, and incident operations","status":"active-control","sourceSurface":"Trust Safety Operations, Trust Center, Claims","impact":"Public language, trust operations, incident posture, and enterprise diligence can diverge from retained evidence.","inefficiency":"Public language, trust operations, incident posture, and enterprise diligence can diverge from retained evidence.","currentControl":"Trust Safety Operations, Claims Register, Enterprise Readiness, and QA Claim Guard keep evidence and claim posture aligned.","resolutionPath":"Review buyer, investor, PR, advertising, and operator language before publication.","owner":"Trust Safety Ops + Legal + Security + Claims Governance","proofRoutes":["/trust-safety-operations","/trust-center","/claims","/qa-claim-guard"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Review buyer, investor, PR, advertising, and operator language before publication."},{"id":"service-control-public-market-and-global-expansion","domain":"service-reliability","name":"Public market and global expansion","status":"external-review-required","sourceSurface":"Public Market Readiness, Global Reach, Deployment Profiles","impact":"Financial, regional, procurement, reimbursement, and legal claims can outpace current evidence without external review.","inefficiency":"Financial, regional, procurement, reimbursement, and legal claims can outpace current evidence without external review.","currentControl":"Public Market Readiness, Global Reach, and Deployment Profiles separate operating discipline from audited financial or regional approval claims.","resolutionPath":"Keep public-market, procurement, and regional expansion claims qualified until external evidence is retained.","owner":"Founder + Finance + Global Partnerships + qualified regional reviewers","proofRoutes":["/public-market-readiness","/global-reach","/deployment-profiles","/market-activation"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Keep public-market, procurement, and regional expansion claims qualified until external evidence is retained."},{"id":"fault-route-inventory-drift","domain":"service-reliability","name":"Route inventory drift","status":"contained","sourceSurface":"Service Reliability","impact":"New App Router pages or APIs added without Navigation Audit and smoke updates.","inefficiency":"New App Router pages or APIs added without Navigation Audit and smoke updates.","currentControl":"Navigation Audit source totals, hub route inventory, and public smoke source-count checks.","resolutionPath":"Release steward updates inventory or keeps the route out of buyer-critical claims.","owner":"Release Steward + domain owner","proofRoutes":["/navigation","/api/navigation-audit"],"hardStops":["fault repeated without control","fail-closed behavior missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Release steward updates inventory or keeps the route out of buyer-critical claims."},{"id":"fault-protected-token-handling","domain":"service-reliability","name":"Protected token handling","status":"operator-required","sourceSurface":"Service Reliability","impact":"Attempting to automate AAL2 protected proof with retained bearer tokens.","inefficiency":"Attempting to automate AAL2 protected proof with retained bearer tokens.","currentControl":"Manual QA runbooks, no-secret smoke, protected fail-closed APIs, and browser-session verification.","resolutionPath":"Reject token storage and require a fresh human AAL2 session or one-time external token disposal.","owner":"Release Steward + domain owner","proofRoutes":["/qa-run-control","/qa-launch-kit","/qa-manual-execution-console"],"hardStops":["fault repeated without control","fail-closed behavior missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Reject token storage and require a fresh human AAL2 session or one-time external token disposal."},{"id":"fault-external-approval-overclaim","domain":"service-reliability","name":"External approval overclaim","status":"operator-required","sourceSurface":"Service Reliability","impact":"Copy, buyer materials, or operator notes implying certification, legal approval, PHI authority, or live-care authority.","inefficiency":"Copy, buyer materials, or operator notes implying certification, legal approval, PHI authority, or live-care authority.","currentControl":"Approvals Readiness, Boundary Resolution, Claim Guard, no-authority headers, and prohibited-claim lists.","resolutionPath":"Downgrade to readiness language and route to qualified external review.","owner":"Release Steward + domain owner","proofRoutes":["/approvals-readiness","/boundary-resolution","/qa-claim-guard"],"hardStops":["fault repeated without control","fail-closed behavior missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Downgrade to readiness language and route to qualified external review."},{"id":"fault-dynamic-route-smoke-gap","domain":"service-reliability","name":"Dynamic route smoke gap","status":"contained","sourceSurface":"Service Reliability","impact":"Dynamic pages compile but are not all crawled by public smoke.","inefficiency":"Dynamic pages compile but are not all crawled by public smoke.","currentControl":"TypeScript, build, dynamic page inventory, and targeted smoke for buyer-critical slug routes.","resolutionPath":"Keep canonical entry points smoked and add slug-specific smoke when needed.","owner":"Release Steward + domain owner","proofRoutes":["/navigation","/demos","/pilots","/workflows"],"hardStops":["fault repeated without control","fail-closed behavior missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Keep canonical entry points smoked and add slug-specific smoke when needed."},{"id":"fault-generated-cache-conflict","domain":"service-reliability","name":"Generated cache conflict","status":"contained","sourceSurface":"Service Reliability","impact":"Local `.next` or quarantine output interfering with checks.","inefficiency":"Local `.next` or quarantine output interfering with checks.","currentControl":"Generated cache cleanup before build/typecheck and generated-integrity check.","resolutionPath":"Clean generated output and rebuild from source.","owner":"Release Steward + domain owner","proofRoutes":["/release-continuity","/operations"],"hardStops":["fault repeated without control","fail-closed behavior missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Clean generated output and rebuild from source."},{"id":"fault-protected-environment-missing-locally","domain":"service-reliability","name":"Protected environment missing locally","status":"contained","sourceSurface":"Service Reliability","impact":"Local shells without Supabase/Vercel protected environment or active AAL2 session.","inefficiency":"Local shells without Supabase/Vercel protected environment or active AAL2 session.","currentControl":"Fail-closed protected smoke, route-level no-authority headers, and operator workaround instructions.","resolutionPath":"Treat public checks as fail-closed proof and require an approved operator for protected proof.","owner":"Release Steward + domain owner","proofRoutes":["/pilot-workspace/access","/release-continuity"],"hardStops":["fault repeated without control","fail-closed behavior missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Treat public checks as fail-closed proof and require an approved operator for protected proof."},{"id":"fault-phi-or-live-care-boundary-breach","domain":"service-reliability","name":"PHI or live-care boundary breach","status":"operator-required","sourceSurface":"Service Reliability","impact":"Inputs, artifacts, or routes attempting to store patient identifiers, clinical records, diagnosis details, or live-care actions.","inefficiency":"Inputs, artifacts, or routes attempting to store patient identifiers, clinical records, diagnosis details, or live-care actions.","currentControl":"Synthetic-only boundaries, prohibited data lists, no-PHI protected panels, intake rejection, and live-care authority headers.","resolutionPath":"Reject or strip prohibited data and keep live-care actions blocked.","owner":"Release Steward + domain owner","proofRoutes":["/clinical-authority-readiness","/clinical-care-activation","/pilot"],"hardStops":["fault repeated without control","fail-closed behavior missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Reject or strip prohibited data and keep live-care actions blocked."},{"id":"fault-public-distribution-lockbox-gap","domain":"service-reliability","name":"Public distribution lockbox gap","status":"operator-required","sourceSurface":"Service Reliability","impact":"Buyer proof referenced outside protected diligence before release-control chain completion.","inefficiency":"Buyer proof referenced outside protected diligence before release-control chain completion.","currentControl":"Buyer Release Control Runbook, protected verifier, disabled distribution lockbox, recipient attestations, and access-log reconciliation.","resolutionPath":"Keep distribution internal-only until retained release decisions and recipient controls exist.","owner":"Release Steward + domain owner","proofRoutes":["/buyer-release-control-run","/pilot-workspace/access#buyer-release-control-verifier"],"hardStops":["fault repeated without control","fail-closed behavior missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Keep distribution internal-only until retained release decisions and recipient controls exist."},{"id":"offering-package-before-custom-sow","domain":"offering-packaging","name":"Package before custom SOW","status":"active-control","sourceSurface":"Product and Services Portfolio","impact":"Custom buyer requests can sprawl into unpaid discovery or unpriced implementation work.","inefficiency":"Custom buyer requests can sprawl into unpaid discovery or unpriced implementation work.","currentControl":"Map each opportunity to an approved package, included offers, excluded work, price floor, and expansion path before custom language leaves SCRIMED.","resolutionPath":"custom SOW before package selected, unpriced implementation work, unsupported success fee","owner":"Revenue operations + Product Console","proofRoutes":["/offerings","/enterprise-business-ops","/growth-engine"],"hardStops":["custom SOW before package selected","unpriced implementation work","unsupported success fee"],"nextAction":"Map each opportunity to an approved package, included offers, excluded work, price floor, and expansion path before custom language leaves SCRIMED."},{"id":"offering-data-boundary-price-floor","domain":"offering-packaging","name":"Data-boundary price floor","status":"operator-required","sourceSurface":"Product and Services Portfolio","impact":"PHI, sandbox, connector, or production requests create security, review, support, and liability costs.","inefficiency":"PHI, sandbox, connector, or production requests create security, review, support, and liability costs.","currentControl":"Keep no-PHI work in standard packages; move sandbox, PHI, connector, or production work into separately reviewed paid scope.","resolutionPath":"PHI requested, production connector requested, BAA/security scope missing","owner":"Finance + Legal Ops + Privacy","proofRoutes":["/health-records","/clinical-authority-readiness","/enterprise-business-ops"],"hardStops":["PHI requested","production connector requested","BAA/security scope missing"],"nextAction":"Keep no-PHI work in standard packages; move sandbox, PHI, connector, or production work into separately reviewed paid scope."},{"id":"offering-diligence-work-monetization","domain":"offering-packaging","name":"Diligence work monetization","status":"active-control","sourceSurface":"Product and Services Portfolio","impact":"Security, legal, procurement, and investor packets can become unpaid enterprise sales labor.","inefficiency":"Security, legal, procurement, and investor packets can become unpaid enterprise sales labor.","currentControl":"Price custom proof packets, evidence-room work, buyer-specific release review, and security questionnaire effort as paid diligence or activation scope.","resolutionPath":"custom packet work without paid scope, external sharing before release decision, recipient controls missing","owner":"Buyer Diligence + Sales Operations","proofRoutes":["/pilot-deal-room","/pilot-workspace/access","/buyer-release-control-run"],"hardStops":["custom packet work without paid scope","external sharing before release decision","recipient controls missing"],"nextAction":"Price custom proof packets, evidence-room work, buyer-specific release review, and security questionnaire effort as paid diligence or activation scope."},{"id":"offering-license-services-separation","domain":"offering-packaging","name":"License and services separation","status":"active-control","sourceSurface":"Product and Services Portfolio","impact":"High-touch services can erode platform license margin if bundled into the annual fee.","inefficiency":"High-touch services can erode platform license margin if bundled into the annual fee.","currentControl":"Separate annual operating license, implementation services, connector work, training, support tier, and continuous review retainer on every enterprise proposal.","resolutionPath":"services bundled into license, support tier undefined, implementation acceptance criteria missing","owner":"Finance + Product + Implementation","proofRoutes":["/pricing","/enterprise-business-ops","/public-market-readiness"],"hardStops":["services bundled into license","support tier undefined","implementation acceptance criteria missing"],"nextAction":"Separate annual operating license, implementation services, connector work, training, support tier, and continuous review retainer on every enterprise proposal."},{"id":"offering-claims-review-before-proof","domain":"offering-packaging","name":"Claims review before proof expansion","status":"external-review-required","sourceSurface":"Product and Services Portfolio","impact":"Unsupported ROI, reimbursement, customer value, certification, or investor claims can create legal and trust risk.","inefficiency":"Unsupported ROI, reimbursement, customer value, certification, or investor claims can create legal and trust risk.","currentControl":"Keep external claims in readiness mode until buyer-approved baselines, customer permission, counsel review, finance review, and release decisions exist.","resolutionPath":"ROI guarantee, reimbursement guarantee, customer claim without permission, certification claim without authority","owner":"Claims governance + Counsel + Finance","proofRoutes":["/qa-claim-guard","/boundary-resolution","/public-market-readiness"],"hardStops":["ROI guarantee","reimbursement guarantee","customer claim without permission","certification claim without authority"],"nextAction":"Keep external claims in readiness mode until buyer-approved baselines, customer permission, counsel review, finance review, and release decisions exist."},{"id":"offering-model-cost-usage-review","domain":"offering-packaging","name":"Model cost and usage review","status":"active-control","sourceSurface":"Product and Services Portfolio","impact":"Large-context extraction, repeated evaluations, and proof-packet generation can silently compress margins.","inefficiency":"Large-context extraction, repeated evaluations, and proof-packet generation can silently compress margins.","currentControl":"Attach usage assumptions, model routing, caching, volume thresholds, and overage review to pilots, retainers, and enterprise licenses.","resolutionPath":"uncapped high-volume usage, model-cost spike, usage threshold missing","owner":"Product Engineering + Finance","proofRoutes":["/service-reliability","/operational-efficiency","/public-market-readiness"],"hardStops":["uncapped high-volume usage","model-cost spike","usage threshold missing"],"nextAction":"Attach usage assumptions, model routing, caching, volume thresholds, and overage review to pilots, retainers, and enterprise licenses."},{"id":"offering-global-partner-economics-review","domain":"offering-packaging","name":"Global partner economics review","status":"external-review-required","sourceSurface":"Product and Services Portfolio","impact":"Partner discounts, reseller terms, regional hosting, tax exposure, and delivery obligations can erode margin.","inefficiency":"Partner discounts, reseller terms, regional hosting, tax exposure, and delivery obligations can erode margin.","currentControl":"Route reseller, referral, sovereign, affiliate, regional hosting, and implementation partner economics through finance, tax, counsel, and delivery review.","resolutionPath":"cross-border margin-sharing commitment, regional tax review missing, partner delivery owner missing","owner":"Strategic Partnerships + Finance + Tax + Regional Counsel","proofRoutes":["/global-reach","/global-certification-readiness","/enterprise-business-ops"],"hardStops":["cross-border margin-sharing commitment","regional tax review missing","partner delivery owner missing"],"nextAction":"Route reseller, referral, sovereign, affiliate, regional hosting, and implementation partner economics through finance, tax, counsel, and delivery review."},{"id":"offering-retainer-escalation-scope","domain":"offering-packaging","name":"Retainer escalation scope","status":"operator-required","sourceSurface":"Product and Services Portfolio","impact":"Continuous review can turn into unbounded remediation, support, or innovation work.","inefficiency":"Continuous review can turn into unbounded remediation, support, or innovation work.","currentControl":"Keep review loops, escalation routing, remediation, implementation, incident response, and innovation research as separate scope classes with approval gates.","resolutionPath":"autonomous remediation promised, managed SOC/MDR claim, implementation work hidden in retainer","owner":"TrustOps + Product + Revenue Operations","proofRoutes":["/continuous-review-audit","/service-reliability","/operational-efficiency"],"hardStops":["autonomous remediation promised","managed SOC/MDR claim","implementation work hidden in retainer"],"nextAction":"Keep review loops, escalation routing, remediation, implementation, incident response, and innovation research as separate scope classes with approval gates."},{"id":"client-onboarding-control-human-send-approval","domain":"client-onboarding","name":"Human send approval","status":"operator-required","sourceSurface":"Client Onboarding and Communications","impact":"Prevent drafts from becoming external communications without accountable review.","inefficiency":"automatic send attempted, unsupported claim present, recipient list unknown","currentControl":"Template selected, Recipient context checked, No-PHI scan, Claim guard reviewed","resolutionPath":"automatic send attempted, unsupported claim present, recipient list unknown","owner":"Revenue Operations","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"hardStops":["automatic send attempted","unsupported claim present","recipient list unknown","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Template selected"},{"id":"client-onboarding-control-no-phi-communication-boundary","domain":"client-onboarding","name":"No-PHI communication boundary","status":"blocked-by-design","sourceSurface":"Client Onboarding and Communications","impact":"Keep email, invite bodies, agendas, and presentation notes free of PHI, identifiers, credentials, and live records.","inefficiency":"PHI in message, production credentials in invite, live record attached","currentControl":"No-PHI reminder in calendar-ready content, Sensitive artifact route separated, Owner assigned for exceptions","resolutionPath":"PHI in message, production credentials in invite, live record attached","owner":"Privacy + TrustOS","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"hardStops":["PHI in message","production credentials in invite","live record attached","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"No-PHI reminder in calendar-ready content"},{"id":"client-onboarding-control-calendar-safe-field-policy","domain":"client-onboarding","name":"Calendar-safe field policy","status":"active-control","sourceSurface":"Client Onboarding and Communications","impact":"Make events schedulable without leaking sensitive data or implying approvals.","inefficiency":"sensitive artifacts in event body, attendees not approved, approval claim in title","currentControl":"Meeting type, duration, approved attendees, no-PHI description, follow-up SLA","resolutionPath":"sensitive artifacts in event body, attendees not approved, approval claim in title","owner":"Revenue Operations + Security","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"hardStops":["sensitive artifacts in event body","attendees not approved","approval claim in title","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Meeting type"},{"id":"client-onboarding-control-presentation-claim-guard","domain":"client-onboarding","name":"Presentation claim guard","status":"external-review-required","sourceSurface":"Client Onboarding and Communications","impact":"Keep demos, decks, and meeting language aligned to retained evidence and blocked claims.","inefficiency":"customer claim without permission, certification claim, ROI or revenue guarantee","currentControl":"Proof route list, Blocked claims reviewed, Buyer-specific claims approved before use","resolutionPath":"customer claim without permission, certification claim, ROI or revenue guarantee","owner":"Claims Governance + Legal Ops","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"hardStops":["customer claim without permission","certification claim","ROI or revenue guarantee","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Proof route list"},{"id":"client-onboarding-control-crm-and-source-logging","domain":"client-onboarding","name":"CRM and source logging","status":"active-control","sourceSurface":"Client Onboarding and Communications","impact":"Capture contact source, stage, owner, and next action without storing sensitive content.","inefficiency":"contact source missing, owner missing, sensitive notes copied into CRM","currentControl":"Source captured, Stage assigned, Owner assigned, Follow-up SLA set","resolutionPath":"contact source missing, owner missing, sensitive notes copied into CRM","owner":"Sales Operations","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"hardStops":["contact source missing","owner missing","sensitive notes copied into CRM","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Source captured"},{"id":"client-onboarding-control-follow-up-sla","domain":"client-onboarding","name":"Follow-up SLA","status":"active-control","sourceSurface":"Client Onboarding and Communications","impact":"Ensure demos, workshops, diligence reviews, and kickoff meetings produce timely next actions.","inefficiency":"no owner for open item, follow-up without boundary review, unreviewed custom scope","currentControl":"Meeting outcome, Open items, Owner map, Due date","resolutionPath":"no owner for open item, follow-up without boundary review, unreviewed custom scope","owner":"Revenue Operations + Customer Operations","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"hardStops":["no owner for open item","follow-up without boundary review","unreviewed custom scope","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Meeting outcome"},{"id":"client-onboarding-control-handoff-before-commitment","domain":"client-onboarding","name":"Handoff before commitment","status":"operator-required","sourceSurface":"Client Onboarding and Communications","impact":"Move opportunities between sales, product, delivery, trust, legal, finance, and customer operations with artifacts instead of informal memory.","inefficiency":"commitment made before handoff, price or scope not reviewed, production gate omitted","currentControl":"Selected package, Proof routes, Open gates, Decision owner, Next action","resolutionPath":"commitment made before handoff, price or scope not reviewed, production gate omitted","owner":"Deal Desk + Product + TrustOS","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"hardStops":["commitment made before handoff","price or scope not reviewed","production gate omitted","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Selected package"},{"id":"client-onboarding-control-meeting-notes-boundary","domain":"client-onboarding","name":"Meeting notes boundary","status":"active-control","sourceSurface":"Client Onboarding and Communications","impact":"Keep notes useful for execution while excluding PHI, secrets, unsupported claims, and contract conclusions.","inefficiency":"PHI in notes, contract conclusion in notes, security-sensitive artifact copied","currentControl":"Notes owner, No-PHI scan, Open claims separated, Sensitive artifact references externalized","resolutionPath":"PHI in notes, contract conclusion in notes, security-sensitive artifact copied","owner":"Customer Operations","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"hardStops":["PHI in notes","contract conclusion in notes","security-sensitive artifact copied","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Notes owner"},{"id":"client-onboarding-handoff-inquiry-to-discovery","domain":"client-onboarding","name":"Inbound or referral source to Revenue Operations","status":"operator-required","sourceSurface":"Client Onboarding and Communications","impact":"Buyer fit and no-PHI acknowledgement are present.","inefficiency":"PHI in intake, no contact consent, no owner assigned","currentControl":"Qualified lead note, Source attribution, Initial workflow priority, Preferred scheduling windows","resolutionPath":"Approve response and send discovery calendar-ready copy.","owner":"Revenue Operations","proofRoutes":["/client-onboarding","/sales-attribution","/growth-engine"],"hardStops":["PHI in intake","no contact consent","no owner assigned","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Approve response and send discovery calendar-ready copy."},{"id":"client-onboarding-handoff-discovery-to-demo","domain":"client-onboarding","name":"Revenue Operations to Sales Engineering + Product Console","status":"operator-required","sourceSurface":"Client Onboarding and Communications","impact":"Discovery identifies a demo-worthy use case and decision question.","inefficiency":"demo requires live patient data, unsupported customer reference requested, no follow-up owner","currentControl":"Buyer problem, Selected demo, Decision question, Blocked claims, Proof route list","resolutionPath":"Prepare demo script and confirmation email.","owner":"Sales Engineering + Product Console","proofRoutes":["/demos","/offerings","/qa-claim-guard"],"hardStops":["demo requires live patient data","unsupported customer reference requested","no follow-up owner","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Prepare demo script and confirmation email."},{"id":"client-onboarding-handoff-demo-to-pilot-scoping","domain":"client-onboarding","name":"Sales Engineering to Deal Desk + Product + TrustOS","status":"operator-required","sourceSurface":"Client Onboarding and Communications","impact":"Buyer asks for pilot, assessment, diligence, or implementation path.","inefficiency":"price commitment without deal desk, PHI-dependent scope, unreviewed SOW language","currentControl":"Demo recap, Open questions, Recommended package, Decision criteria, Open gates","resolutionPath":"Schedule pilot scoping workshop and price-floor review.","owner":"Deal Desk + Product + TrustOS","proofRoutes":["/pilots","/enterprise-business-ops","/pilot-deal-room"],"hardStops":["price commitment without deal desk","PHI-dependent scope","unreviewed SOW language","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Schedule pilot scoping workshop and price-floor review."},{"id":"client-onboarding-handoff-pilot-to-security-procurement","domain":"client-onboarding","name":"Deal Desk to TrustOps + Legal Ops + Finance","status":"operator-required","sourceSurface":"Client Onboarding and Communications","impact":"Buyer diligence, security, privacy, procurement, legal, or finance review begins.","inefficiency":"certification self-claim, contract approval implied, BAA or PHI approval represented","currentControl":"Scope draft, Reviewer roles, Open-gate register, Blocked claims, Diligence packet route","resolutionPath":"Assign qualified reviewers and return no-authority packet.","owner":"TrustOps + Legal Ops + Finance","proofRoutes":["/approvals-readiness","/global-certification-readiness","/boundary-resolution"],"hardStops":["certification self-claim","contract approval implied","BAA or PHI approval represented","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Assign qualified reviewers and return no-authority packet."},{"id":"client-onboarding-handoff-approved-scope-to-kickoff","domain":"client-onboarding","name":"Deal Desk + Revenue Operations to Customer Operations + Delivery + TrustOS","status":"operator-required","sourceSurface":"Client Onboarding and Communications","impact":"Assessment, sprint, pilot, or retainer scope is approved for kickoff.","inefficiency":"scope not approved, access gate skipped, sensitive data requested before approval","currentControl":"Approved scope, Owner matrix, No-PHI rules, Meeting cadence, Evidence routes, Escalation path","resolutionPath":"Schedule kickoff and publish first-week action register.","owner":"Customer Operations + Delivery + TrustOS","proofRoutes":["/pilot-workspace/access","/continuous-review-audit","/operational-efficiency"],"hardStops":["scope not approved","access gate skipped","sensitive data requested before approval","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Schedule kickoff and publish first-week action register."},{"id":"client-onboarding-handoff-delivery-to-renewal","domain":"client-onboarding","name":"Customer Operations + Delivery to Revenue Operations + Finance + Product","status":"operator-required","sourceSurface":"Client Onboarding and Communications","impact":"Pilot, assessment, or retainer reaches review or renewal checkpoint.","inefficiency":"customer value claim without permission, ROI guarantee, production expansion without approvals","currentControl":"Approved evidence, Open gates, Buyer feedback, Support load, Next-package option","resolutionPath":"Prepare renewal or expansion review with claims and finance review.","owner":"Revenue Operations + Finance + Product","proofRoutes":["/public-market-readiness","/enterprise-business-ops","/qa-buyer-proof-release"],"hardStops":["customer value claim without permission","ROI guarantee","production expansion without approvals","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Prepare renewal or expansion review with claims and finance review."},{"id":"enterprise-scale-control-capacity-forecast-and-load-test-plan","domain":"enterprise-scalability","name":"Capacity forecast and load-test plan","status":"active-control","sourceSurface":"Enterprise Scalability Operations","impact":"Translate buyer volume, routes, concurrency, evidence jobs, and protected workspace use into measurable pre-release pressure.","inefficiency":"traffic volume unknown, route owner missing, fallback behavior missing, contractual uptime implied","currentControl":"traffic assumption, route class, load-test target, fallback behavior, owner","resolutionPath":"traffic volume unknown, route owner missing, fallback behavior missing, contractual uptime implied","owner":"Platform engineering + release steward","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["traffic volume unknown","route owner missing","fallback behavior missing","contractual uptime implied","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"traffic assumption"},{"id":"enterprise-scale-control-rate-limit-and-backpressure-review","domain":"enterprise-scalability","name":"Rate-limit and backpressure review","status":"operator-required","sourceSurface":"Enterprise Scalability Operations","impact":"Prevent scaled workflows, demos, API calls, and proof generation from overrunning operators or infrastructure.","inefficiency":"unbounded retry, duplicate evidence risk, autonomous remediation implied","currentControl":"rate ceiling, retry ceiling, queue threshold, operator escalation, blocked automation rule","resolutionPath":"unbounded retry, duplicate evidence risk, autonomous remediation implied","owner":"Runtime safety + platform","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["unbounded retry","duplicate evidence risk","autonomous remediation implied","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"rate ceiling"},{"id":"enterprise-scale-control-tenant-isolation-and-access-review","domain":"enterprise-scalability","name":"Tenant isolation and access review","status":"operator-required","sourceSurface":"Enterprise Scalability Operations","impact":"Keep buyer workspaces, access, role boundaries, and metadata-only evidence separated before any customer-specific expansion.","inefficiency":"PHI introduced, production credential shared, customer tenancy approved informally, AAL2 bypass attempted","currentControl":"tenant owner, role matrix, access review cadence, archive trigger, no-PHI attestation","resolutionPath":"PHI introduced, production credential shared, customer tenancy approved informally, AAL2 bypass attempted","owner":"Security + tenant governance","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["PHI introduced","production credential shared","customer tenancy approved informally","AAL2 bypass attempted","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"tenant owner"},{"id":"enterprise-scale-control-slo-and-sla-language-guard","domain":"enterprise-scalability","name":"SLO and SLA language guard","status":"operator-required","sourceSurface":"Enterprise Scalability Operations","impact":"Separate internal SLO candidates from external contractual commitments before sales or procurement materials use reliability language.","inefficiency":"SLA promised, uptime guaranteed, support response guaranteed, contract language unreviewed","currentControl":"metric owner, measurement source, internal-only label, contract-review requirement","resolutionPath":"SLA promised, uptime guaranteed, support response guaranteed, contract language unreviewed","owner":"Legal ops + service reliability","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["SLA promised","uptime guaranteed","support response guaranteed","contract language unreviewed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"metric owner"},{"id":"enterprise-scale-control-incident-severity-and-escalation-matrix","domain":"enterprise-scalability","name":"Incident severity and escalation matrix","status":"operator-required","sourceSurface":"Enterprise Scalability Operations","impact":"Route defects, security concerns, customer questions, and release regressions to accountable owners with communication boundaries.","inefficiency":"managed SOC claimed, MDR claimed, customer incident notice sent without review","currentControl":"severity class, owner, customer communication rule, postmortem requirement, claim update need","resolutionPath":"managed SOC claimed, MDR claimed, customer incident notice sent without review","owner":"TrustOps + customer operations","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["managed SOC claimed","MDR claimed","customer incident notice sent without review","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"severity class"},{"id":"enterprise-scale-control-change-freeze-and-rollback-readiness","domain":"enterprise-scalability","name":"Change freeze and rollback readiness","status":"active-control","sourceSurface":"Enterprise Scalability Operations","impact":"Avoid unplanned enterprise regressions by pairing change windows, rollback steps, smoke checks, and evidence capture.","inefficiency":"release gate skipped, rollback path missing, buyer-critical route untested","currentControl":"change window, rollback owner, smoke route, boundary header, release evidence","resolutionPath":"release gate skipped, rollback path missing, buyer-critical route untested","owner":"Release steward + platform","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["release gate skipped","rollback path missing","buyer-critical route untested","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"change window"},{"id":"enterprise-scale-control-usage-cost-and-margin-thresholds","domain":"enterprise-scalability","name":"Usage-cost and margin thresholds","status":"active-control","sourceSurface":"Enterprise Scalability Operations","impact":"Keep model, storage, support, diligence, and implementation costs visible before enterprise usage erodes margins.","inefficiency":"unpriced custom work, unbounded support, profit margin guaranteed, accounting advice implied","currentControl":"usage ceiling, cost owner, margin floor, support load assumption, change-order trigger","resolutionPath":"unpriced custom work, unbounded support, profit margin guaranteed, accounting advice implied","owner":"Finance + product operations","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["unpriced custom work","unbounded support","profit margin guaranteed","accounting advice implied","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"usage ceiling"},{"id":"enterprise-scale-control-regional-hosting-and-residency-gate","domain":"enterprise-scalability","name":"Regional hosting and residency gate","status":"external-review-required","sourceSurface":"Enterprise Scalability Operations","impact":"Keep global expansion, residency, backup, and hosting statements behind qualified review and deployment-profile evidence.","inefficiency":"data residency approved, sovereign hosting approved, regional legal approval claimed","currentControl":"deployment profile, regional counsel owner, privacy/security review, residency question list","resolutionPath":"data residency approved, sovereign hosting approved, regional legal approval claimed","owner":"Regional counsel + security + platform","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["data residency approved","sovereign hosting approved","regional legal approval claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"deployment profile"},{"id":"enterprise-scale-control-support-tier-and-response-target-approval","domain":"enterprise-scalability","name":"Support tier and response target approval","status":"operator-required","sourceSurface":"Enterprise Scalability Operations","impact":"Prepare enterprise support coverage, escalation, renewal cadence, and response targets without creating unreviewed obligations.","inefficiency":"24/7 support guaranteed, response SLA promised, managed service implied","currentControl":"support tier, coverage assumption, escalation path, response target label, contract review gate","resolutionPath":"24/7 support guaranteed, response SLA promised, managed service implied","owner":"Customer operations + legal ops","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["24/7 support guaranteed","response SLA promised","managed service implied","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"support tier"},{"id":"enterprise-scale-control-data-lifecycle-retention-and-archive-review","domain":"enterprise-scalability","name":"Data lifecycle, retention, and archive review","status":"external-review-required","sourceSurface":"Enterprise Scalability Operations","impact":"Keep retention, deletion, archive, backup, and external evidence references aligned before sensitive or customer-specific artifacts appear.","inefficiency":"PHI retained, confidential artifact stored, signed agreement stored without approval, data retention approved informally","currentControl":"retention class, archive trigger, external evidence reference, deletion owner, customer review gate","resolutionPath":"PHI retained, confidential artifact stored, signed agreement stored without approval, data retention approved informally","owner":"Privacy, security, customer authority owners, and platform","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["PHI retained","confidential artifact stored","signed agreement stored without approval","data retention approved informally","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"retention class"},{"id":"enterprise-scale-bottleneck-enterprise-demand-outruns-proof","domain":"enterprise-scalability","name":"Enterprise demand outruns scale proof","status":"operator-required","sourceSurface":"Enterprise Scalability Operations","impact":"Buyers may ask for high-volume, multi-site, or always-on workflows before SCRIMED has route-specific capacity evidence.","inefficiency":"Buyers may ask for high-volume, multi-site, or always-on workflows before SCRIMED has route-specific capacity evidence.","currentControl":"Use capped synthetic pilots, volume assumptions, route-class reviews, and scale preflight packs before any production wording.","resolutionPath":"Load-test evidence, capacity plan, support tier, rollback plan, and qualified contract review.","owner":"Product operations + platform + legal ops","proofRoutes":["/enterprise-scalability","/service-reliability","/release-continuity"],"hardStops":["contractual SLA implied","managed service implied","production support guaranteed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Load-test evidence, capacity plan, support tier, rollback plan, and qualified contract review."},{"id":"enterprise-scale-bottleneck-slo-language-becomes-sla","domain":"enterprise-scalability","name":"Internal SLO language becomes buyer SLA language","status":"operator-required","sourceSurface":"Enterprise Scalability Operations","impact":"Reliability goals can become accidental contractual commitments in decks, emails, procurement answers, or demos.","inefficiency":"Reliability goals can become accidental contractual commitments in decks, emails, procurement answers, or demos.","currentControl":"Keep SLO language internal, label external materials as readiness-only, and route SLA wording to counsel and finance.","resolutionPath":"Approved contract terms, support coverage, measurement method, and retained authority.","owner":"Service reliability + legal ops + customer operations","proofRoutes":["/enterprise-scalability","/client-onboarding","/enterprise-business-ops","/boundary-resolution"],"hardStops":["contractual SLA implied","managed service implied","production support guaranteed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Approved contract terms, support coverage, measurement method, and retained authority."},{"id":"enterprise-scale-bottleneck-tenant-scale-support-load","domain":"enterprise-scalability","name":"Tenant scale increases support load","status":"operator-required","sourceSurface":"Enterprise Scalability Operations","impact":"More workspaces, reviewers, demos, evidence packets, and renewal cadences can turn product execution into unpaid support labor.","inefficiency":"More workspaces, reviewers, demos, evidence packets, and renewal cadences can turn product execution into unpaid support labor.","currentControl":"Attach support assumptions, paid diligence packaging, escalation paths, and renewal health packets to enterprise accounts.","resolutionPath":"Support tier approval, price-floor review, response target review, and customer-specific cadence.","owner":"Customer operations + deal desk + finance","proofRoutes":["/enterprise-scalability","/client-onboarding","/enterprise-business-ops","/offerings"],"hardStops":["contractual SLA implied","managed service implied","production support guaranteed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Support tier approval, price-floor review, response target review, and customer-specific cadence."},{"id":"enterprise-scale-bottleneck-regional-scale-claims","domain":"enterprise-scalability","name":"Regional scale and residency claims arrive early","status":"external-review-required","sourceSurface":"Enterprise Scalability Operations","impact":"Global buyers and partners may require residency, sovereign hosting, public-sector procurement, or local clinical authority claims before external review exists.","inefficiency":"Global buyers and partners may require residency, sovereign hosting, public-sector procurement, or local clinical authority claims before external review exists.","currentControl":"Use deployment profiles, regional packs, qualified review owners, and no-approval wording until evidence is retained.","resolutionPath":"Regional counsel, privacy/security review, hosting decision, procurement authority, and customer approval.","owner":"Global partnerships + regional counsel + security","proofRoutes":["/enterprise-scalability","/global-reach","/global-certification-readiness","/deployment-profiles"],"hardStops":["contractual SLA implied","managed service implied","production support guaranteed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Regional counsel, privacy/security review, hosting decision, procurement authority, and customer approval."},{"id":"enterprise-scale-bottleneck-automation-retry-duplicates-evidence","domain":"enterprise-scalability","name":"Retry and automation duplicate evidence","status":"operator-required","sourceSurface":"Enterprise Scalability Operations","impact":"Repeated API calls, work orders, or proof packet generation can create conflicting artifacts if idempotency and completion checks are missing.","inefficiency":"Repeated API calls, work orders, or proof packet generation can create conflicting artifacts if idempotency and completion checks are missing.","currentControl":"Require idempotency keys, retry ceilings, quarantine owners, and QA completion bridge before scaling background work.","resolutionPath":"Execution attempt model, duplicate detection, dead-letter queue, and manual remediation approval.","owner":"Runtime safety + QA + platform","proofRoutes":["/enterprise-scalability","/workflows/execution-attempts","/qa-completion-bridge"],"hardStops":["contractual SLA implied","managed service implied","production support guaranteed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Execution attempt model, duplicate detection, dead-letter queue, and manual remediation approval."},{"id":"enterprise-scale-bottleneck-cost-spikes-erode-margin","domain":"enterprise-scalability","name":"Usage cost spikes erode margin","status":"active-control","sourceSurface":"Enterprise Scalability Operations","impact":"Model routing, storage, review labor, support work, and custom diligence can outgrow pilot pricing if not bounded.","inefficiency":"Model routing, storage, review labor, support work, and custom diligence can outgrow pilot pricing if not bounded.","currentControl":"Use usage ceilings, paid diligence, price floors, model-cost review, and change-order triggers before scope expands.","resolutionPath":"Finance-approved pricing, support assumptions, usage measurement, and contract review.","owner":"Finance + product operations + deal desk","proofRoutes":["/enterprise-scalability","/enterprise-business-ops","/capital-vitality","/public-market-readiness"],"hardStops":["contractual SLA implied","managed service implied","production support guaranteed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Finance-approved pricing, support assumptions, usage measurement, and contract review."},{"id":"platform-power-control-api-contract-register","domain":"platform-power","name":"API contract register","status":"active-control","sourceSurface":"Platform Power Operations","impact":"Track route owner, schema, examples, version, auth posture, data boundary, and blocked claims for buyer-critical APIs.","inefficiency":"route lacks owner, schema missing, boundary headers missing, public API SLA implied","currentControl":"route, owner, schema, version, auth posture, boundary headers","resolutionPath":"route lacks owner, schema missing, boundary headers missing, public API SLA implied","owner":"Platform engineering + product","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["route lacks owner","schema missing","boundary headers missing","public API SLA implied","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"route"},{"id":"platform-power-control-api-versioning-and-deprecation-discipline","domain":"platform-power","name":"API versioning and deprecation discipline","status":"operator-required","sourceSurface":"Platform Power Operations","impact":"Prevent enterprise integrations from breaking silently as contracts mature from readiness to customer-specific use.","inefficiency":"breaking change unannounced, migration path missing, customer-specific approval missing","currentControl":"version policy, change log, migration path, deprecation window, buyer communication owner","resolutionPath":"breaking change unannounced, migration path missing, customer-specific approval missing","owner":"Developer experience + release stewardship","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["breaking change unannounced","migration path missing","customer-specific approval missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"version policy"},{"id":"platform-power-control-tenant-auth-and-scope-review","domain":"platform-power","name":"Tenant auth and scope review","status":"operator-required","sourceSurface":"Platform Power Operations","impact":"Ensure protected APIs require the right identity, tenant, role, AAL2 path, revocation rule, and no-PHI payload scope.","inefficiency":"PHI requested, production credential requested, AAL2 bypass attempted, tenant owner missing","currentControl":"tenant owner, role map, AAL2 gate, token handling, revocation rule","resolutionPath":"PHI requested, production credential requested, AAL2 bypass attempted, tenant owner missing","owner":"Security + tenant governance","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["PHI requested","production credential requested","AAL2 bypass attempted","tenant owner missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"tenant owner"},{"id":"platform-power-control-idempotency-and-retry-contract","domain":"platform-power","name":"Idempotency and retry contract","status":"active-control","sourceSurface":"Platform Power Operations","impact":"Avoid duplicated work, duplicate proof packets, and uncontrolled retries when API or agent jobs are repeated.","inefficiency":"retry ceiling absent, duplicate evidence risk, dead-letter owner missing, autonomous remediation implied","currentControl":"idempotency key, retry ceiling, duplicate detection, dead-letter owner, manual remediation path","resolutionPath":"retry ceiling absent, duplicate evidence risk, dead-letter owner missing, autonomous remediation implied","owner":"Runtime safety + QA","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["retry ceiling absent","duplicate evidence risk","dead-letter owner missing","autonomous remediation implied","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"idempotency key"},{"id":"platform-power-control-rate-limit-and-abuse-control","domain":"platform-power","name":"Rate limit and abuse control","status":"operator-required","sourceSurface":"Platform Power Operations","impact":"Prepare quotas, throttles, and abuse-response behavior before enterprise pilots expand traffic or expose premium endpoints.","inefficiency":"unlimited usage promised, abuse path missing, contractual uptime implied, support coverage implied","currentControl":"route class, quota, burst limit, abuse signal, operator escalation path","resolutionPath":"unlimited usage promised, abuse path missing, contractual uptime implied, support coverage implied","owner":"Platform + service reliability + security","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["unlimited usage promised","abuse path missing","contractual uptime implied","support coverage implied","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"route class"},{"id":"platform-power-control-ui-role-journey-control","domain":"platform-power","name":"UI role journey control","status":"active-control","sourceSurface":"Platform Power Operations","impact":"Make API, UI, AI, reliability, scale, business, and approval tasks discoverable by audience without requiring tribal knowledge.","inefficiency":"route orphaned, buyer-critical task hidden, limitation path missing","currentControl":"primary nav link, hub view, product action, role journey, limitation link","resolutionPath":"route orphaned, buyer-critical task hidden, limitation path missing","owner":"Product Console + customer operations","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["route orphaned","buyer-critical task hidden","limitation path missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"primary nav link"},{"id":"platform-power-control-ui-quality-and-accessibility-review","domain":"platform-power","name":"UI quality and accessibility review","status":"operator-required","sourceSurface":"Platform Power Operations","impact":"Keep enterprise UI layouts readable, navigable, responsive, and keyboard-reviewable before external demos or buyer training.","inefficiency":"text overlap, mobile route unusable, accessibility certification claimed, unreviewed external demo","currentControl":"responsive route, copy review, keyboard path, contrast review, manual screenshot check","resolutionPath":"text overlap, mobile route unusable, accessibility certification claimed, unreviewed external demo","owner":"Frontend + QA + accessibility reviewer","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["text overlap","mobile route unusable","accessibility certification claimed","unreviewed external demo","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"responsive route"},{"id":"platform-power-control-ai-model-route-register","domain":"platform-power","name":"AI model-route register","status":"external-review-required","sourceSurface":"Platform Power Operations","impact":"Track provider, model, allowed data, blocked data, fallback, cost owner, eval pack, and approval status before model use expands.","inefficiency":"PHI routed to model, provider approval missing, production model approval implied, cost owner missing","currentControl":"provider, model class, allowed data, blocked data, fallback, cost tag, eval pack","resolutionPath":"PHI routed to model, provider approval missing, production model approval implied, cost owner missing","owner":"AI platform + TrustOS + security + finance","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["PHI routed to model","provider approval missing","production model approval implied","cost owner missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"provider"},{"id":"platform-power-control-agent-tool-approval-and-escalation","domain":"platform-power","name":"Agent tool approval and escalation","status":"operator-required","sourceSurface":"Platform Power Operations","impact":"Ensure agents recommend and route work without executing protected, clinical, financial, legal, customer, or production actions alone.","inefficiency":"tool execution without approval, clinical action requested, contract or payment action requested, production remediation requested","currentControl":"allowed tools, blocked tools, approval trigger, escalation owner, audit output","resolutionPath":"tool execution without approval, clinical action requested, contract or payment action requested, production remediation requested","owner":"AgentOS + TrustOS + QA","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["tool execution without approval","clinical action requested","contract or payment action requested","production remediation requested","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"allowed tools"},{"id":"platform-power-control-ai-evaluation-and-red-team-loop","domain":"platform-power","name":"AI evaluation and red-team loop","status":"active-control","sourceSurface":"Platform Power Operations","impact":"Convert repeated mistakes, hallucination risk, unsafe claims, and future AI research into eval sets, smoke checks, and controlled backlog.","inefficiency":"error-free AI claimed, clinical validation claimed, unsafe output untriaged, public quantum claim made","currentControl":"eval set, claims guard, red-team prompt, regression owner, promotion rule","resolutionPath":"error-free AI claimed, clinical validation claimed, unsafe output untriaged, public quantum claim made","owner":"Continuous review, QA, TrustOps, and internal research","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["error-free AI claimed","clinical validation claimed","unsafe output untriaged","public quantum claim made","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"eval set"},{"id":"platform-power-control-evidence-retrieval-and-source-attribution","domain":"platform-power","name":"Evidence retrieval and source attribution","status":"active-control","sourceSurface":"Platform Power Operations","impact":"Keep extracted data, summaries, and AI answers tied to source class, evidence route, freshness requirement, and reviewer boundary.","inefficiency":"source missing, PHI included, clinical validation implied, EHR writeback requested","currentControl":"source class, evidence route, freshness check, confidence boundary, reviewer need","resolutionPath":"source missing, PHI included, clinical validation implied, EHR writeback requested","owner":"Atlas + source intelligence + interoperability","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["source missing","PHI included","clinical validation implied","EHR writeback requested","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"source class"},{"id":"platform-power-control-platform-cost-latency-and-quality-observability","domain":"platform-power","name":"Platform cost, latency, and quality observability","status":"active-control","sourceSurface":"Platform Power Operations","impact":"Track API, UI, AI, evidence, review, support, and model-cost pressure before enterprise packages outgrow margins.","inefficiency":"profit guarantee claimed, cost owner missing, SLA implied, support commitment unfunded","currentControl":"cost owner, usage threshold, latency target, quality signal, margin floor","resolutionPath":"profit guarantee claimed, cost owner missing, SLA implied, support commitment unfunded","owner":"Service reliability + finance + platform operations","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["profit guarantee claimed","cost owner missing","SLA implied","support commitment unfunded","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"cost owner"},{"id":"platform-power-bottleneck-api-contracts-not-yet-openapi","domain":"platform-power","name":"API contracts are typed but not yet exported as OpenAPI or SDKs","status":"operator-required","sourceSurface":"Platform Power Operations","impact":"Enterprise technical buyers can inspect live JSON and brief endpoints, but developer adoption will remain slower until formal contracts, examples, and SDK packaging exist.","inefficiency":"Enterprise technical buyers can inspect live JSON and brief endpoints, but developer adoption will remain slower until formal contracts, examples, and SDK packaging exist.","currentControl":"Use route summaries, smoke-tested JSON, boundary headers, and markdown briefs as the interim contract packet.","resolutionPath":"OpenAPI spec, examples, auth model, rate limits, SDK backlog, version policy, and developer docs are reviewed.","owner":"Platform engineering + developer experience","proofRoutes":["/platform-power","/navigation","/api/product/console"],"hardStops":["public API SLA implied","live autonomous AI implied","production model routing implied","accessibility certification implied","trillion-dollar-scale equivalence claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"OpenAPI spec, examples, auth model, rate limits, SDK backlog, version policy, and developer docs are reviewed."},{"id":"platform-power-bottleneck-live-ai-not-enabled","domain":"platform-power","name":"Live AI model execution remains intentionally gated","status":"external-review-required","sourceSurface":"Platform Power Operations","impact":"The AI posture can be evaluated through architecture, agents, evals, and synthetic proof, but production model calls need provider, privacy, safety, cost, and legal review.","inefficiency":"The AI posture can be evaluated through architecture, agents, evals, and synthetic proof, but production model calls need provider, privacy, safety, cost, and legal review.","currentControl":"Use deterministic synthetic summaries, model-route registers, eval design, TrustOS checks, and human approval packets.","resolutionPath":"Approved model provider, allowed data class, eval pass criteria, monitoring, human approval flow, and customer-specific authority exist.","owner":"AI platform + TrustOS + security + finance","proofRoutes":["/trust-os","/agents","/continuous-review-audit","/platform-power"],"hardStops":["public API SLA implied","live autonomous AI implied","production model routing implied","accessibility certification implied","trillion-dollar-scale equivalence claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Approved model provider, allowed data class, eval pass criteria, monitoring, human approval flow, and customer-specific authority exist."},{"id":"platform-power-bottleneck-accessibility-certification-not-complete","domain":"platform-power","name":"Accessibility certification is not complete","status":"external-review-required","sourceSurface":"Platform Power Operations","impact":"The UI can be improved continuously, but enterprise procurement may require formal WCAG, VPAT, or Section 508 review before certain buyer claims.","inefficiency":"The UI can be improved continuously, but enterprise procurement may require formal WCAG, VPAT, or Section 508 review before certain buyer claims.","currentControl":"Run manual UI quality checks, keep layouts stable, avoid text overlap, expose role navigation, and retain accessibility review as a named gate.","resolutionPath":"Qualified accessibility review, remediation evidence, VPAT or equivalent artifact, and approved external claims.","owner":"Frontend + accessibility reviewer + legal ops","proofRoutes":["/platform-power","/navigation","/product"],"hardStops":["public API SLA implied","live autonomous AI implied","production model routing implied","accessibility certification implied","trillion-dollar-scale equivalence claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Qualified accessibility review, remediation evidence, VPAT or equivalent artifact, and approved external claims."},{"id":"platform-power-bottleneck-public-api-rate-limits-not-contracted","domain":"platform-power","name":"Public API rate limits are readiness targets, not contracted terms","status":"operator-required","sourceSurface":"Platform Power Operations","impact":"SCRIMED can scope route classes and quotas, but it cannot imply unlimited use, contractual uptime, or managed service coverage.","inefficiency":"SCRIMED can scope route classes and quotas, but it cannot imply unlimited use, contractual uptime, or managed service coverage.","currentControl":"State route class, draft quota, throttle behavior, support assumption, and no-SLA boundary on enterprise packets.","resolutionPath":"Contract, staffing, monitoring, incident response, support tier, and executive approval define the exact commitment.","owner":"Platform + legal ops + customer operations","proofRoutes":["/platform-power","/enterprise-scalability","/service-reliability"],"hardStops":["public API SLA implied","live autonomous AI implied","production model routing implied","accessibility certification implied","trillion-dollar-scale equivalence claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Contract, staffing, monitoring, incident response, support tier, and executive approval define the exact commitment."},{"id":"platform-power-bottleneck-agent-tool-approval-needs-production-runtime","domain":"platform-power","name":"Agent tool approval needs production runtime approval","status":"operator-required","sourceSurface":"Platform Power Operations","impact":"Agents can be described, evaluated, and routed, but protected actions need approval states, audit logging, and fail-closed runtime behavior.","inefficiency":"Agents can be described, evaluated, and routed, but protected actions need approval states, audit logging, and fail-closed runtime behavior.","currentControl":"Use agent registry, QA packets, claim guard, human approval rules, and protected workspace evidence before any execution claim.","resolutionPath":"Approved tool schemas, human approval UI, audit persistence, rollback behavior, and customer-specific authority.","owner":"AgentOS + QA + platform engineering","proofRoutes":["/agents","/qa-claim-guard","/qa-manual-execution-console","/platform-power"],"hardStops":["public API SLA implied","live autonomous AI implied","production model routing implied","accessibility certification implied","trillion-dollar-scale equivalence claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Approved tool schemas, human approval UI, audit persistence, rollback behavior, and customer-specific authority."},{"id":"platform-power-bottleneck-evidence-rag-still-synthetic","domain":"platform-power","name":"Evidence retrieval remains synthetic and metadata-only","status":"external-review-required","sourceSurface":"Platform Power Operations","impact":"SCRIMED can demonstrate source attribution, extraction planning, and Trust Cards without ingesting live PHI or protected medical records.","inefficiency":"SCRIMED can demonstrate source attribution, extraction planning, and Trust Cards without ingesting live PHI or protected medical records.","currentControl":"Use synthetic fixtures, no-PHI examples, source classes, external evidence references, and health-record safety gates.","resolutionPath":"PHI authority, customer environment, BAA/DPA if required, security review, connector approval, and clinical governance approval.","owner":"Atlas + interoperability + privacy + clinical governance","proofRoutes":["/atlas","/health-records","/interoperability","/boundary-resolution"],"hardStops":["public API SLA implied","live autonomous AI implied","production model routing implied","accessibility certification implied","trillion-dollar-scale equivalence claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"PHI authority, customer environment, BAA/DPA if required, security review, connector approval, and clinical governance approval."},{"id":"platform-power-bottleneck-trillion-scale-positioning-boundary","domain":"platform-power","name":"Trillion-dollar-scale positioning must stay evidence-based","status":"operator-required","sourceSurface":"Platform Power Operations","impact":"The platform can be designed with world-class discipline, but SCRIMED cannot claim equivalent scale, staffing, certifications, or infrastructure until evidence exists.","inefficiency":"The platform can be designed with world-class discipline, but SCRIMED cannot claim equivalent scale, staffing, certifications, or infrastructure until evidence exists.","currentControl":"Frame the product as enterprise-grade readiness with explicit proof routes, operating controls, and retained external gates.","resolutionPath":"Audited scale evidence, customer proof, security certifications, support operations, incident history, financial controls, and qualified release approval.","owner":"Founder + product + legal + finance + platform","proofRoutes":["/platform-power","/enterprise-scalability","/enterprise-business-ops","/public-market-readiness"],"hardStops":["public API SLA implied","live autonomous AI implied","production model routing implied","accessibility certification implied","trillion-dollar-scale equivalence claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Audited scale evidence, customer proof, security certifications, support operations, incident history, financial controls, and qualified release approval."},{"id":"limitations-workaround-track-phi-live-data-boundary","domain":"limitations-workarounds","name":"PHI and live patient-data boundary","status":"blocked-by-design","sourceSurface":"Limitations and Workaround Operations","impact":"A buyer demo or pilot could accidentally become regulated production data processing before privacy, security, BAA/DPA, customer environment, and clinical governance approvals exist.","inefficiency":"Current public and synthetic workflows cannot ingest PHI, patient identifiers, payer member data, live charts, production credentials, or source medical records.","currentControl":"No-PHI intake lint, route headers, source-class labels, blocked-input copy, and protected AAL2 evidence references.","resolutionPath":"Use synthetic fixtures, metadata-only references, external evidence-room pointers, no-PHI excerpts, and Health Records Safety Exchange source mapping.","owner":"Privacy, security, clinical governance, customer authority owner, and TrustOS","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/health-records","/clinical-authority-readiness","/boundary-resolution"],"hardStops":["PHI processing authorized","live patient data connected","patient matching approved","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Any PHI, identifier, live chart, production credential, patient matching, or data-residency request appears."},{"id":"limitations-workaround-track-clinical-care-authority-boundary","domain":"limitations-workarounds","name":"Live clinical care and CDS authority","status":"external-review-required","sourceSurface":"Limitations and Workaround Operations","impact":"Operational language could be interpreted as clinical authority, medical advice, or production CDS/SaMD readiness before qualified review.","inefficiency":"SCRIMED can prepare workflow intelligence, draft-only outputs, and governance evidence, but cannot diagnose, treat, route patients, sign notes, or provide live clinical decision support.","currentControl":"Clinical Authority Readiness, Clinical Care Activation gates, Claim Guard, and no-live-care headers.","resolutionPath":"Frame outputs as synthetic workflow planning, review queues, draft-only documentation, and clinical-governance preparation with explicit human review.","owner":"Clinical governance, qualified clinicians, legal, privacy, and release stewardship","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/clinical-authority-readiness","/clinical-care-activation","/qa-claim-guard"],"hardStops":["live clinical care authorized","clinical decision support cleared","autonomous diagnosis or treatment permitted","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"A claim implies diagnosis, treatment, live triage, autonomous care coordination, or production CDS."},{"id":"limitations-workaround-track-ehr-writeback-connector-boundary","domain":"limitations-workarounds","name":"Production EHR connector and writeback boundary","status":"blocked-by-design","sourceSurface":"Limitations and Workaround Operations","impact":"Integration demos can turn into unsafe production connector promises, mutation claims, or payer-submission commitments.","inefficiency":"FHIR, SMART, HL7, DICOM, X12, terminology, and connector planning are synthetic; production connectors, writeback, payer submission, and patient matching remain blocked.","currentControl":"Interoperability standards map, Health Records Safety Exchange, connector blocked-claim list, and synthetic extraction evaluator.","resolutionPath":"Use fixture validation, synthetic conformance kits, connector contract review, external artifact references, and no-mutation evidence.","owner":"Interoperability, platform engineering, privacy, security, clinical governance, and customer integration owner","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/interoperability","/health-records","/integrations/fixture-validation"],"hardStops":["production connector approved","EHR writeback approved","payer submission approved","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Production endpoint, credential, writeback, payer submission, patient match, or live HIE/EHR request appears."},{"id":"limitations-workaround-track-public-api-sla-boundary","domain":"limitations-workarounds","name":"Public API, SLA, and unlimited-scale boundary","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"Enterprise diligence could mistake technical maturity for contractual support, public availability, unlimited usage, or managed-service coverage.","inefficiency":"Route handlers, summaries, and briefs are inspectable contract-readiness surfaces, not public API marketplace launch, contractual SLA, unlimited rate limit, or uptime guarantee.","currentControl":"Platform Power API contract register, Enterprise Scalability SLO readiness, Service Reliability fault classes, and Navigation Audit route counts.","resolutionPath":"Use route summaries, boundary headers, version posture, draft quotas, rate-limit classes, support assumptions, and no-SLA language.","owner":"Platform engineering, legal ops, service reliability, customer operations, and finance","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/platform-power","/enterprise-scalability","/service-reliability"],"hardStops":["public API SLA approved","unlimited API scale approved","contractual uptime guaranteed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Public API, unlimited usage, uptime, SLA, support, or managed-service language appears."},{"id":"limitations-workaround-track-ai-agent-autonomy-boundary","domain":"limitations-workarounds","name":"Live AI, production model-routing, and agent autonomy boundary","status":"external-review-required","sourceSurface":"Limitations and Workaround Operations","impact":"Agent language can imply production model approval, autonomous remediation, clinical action, legal advice, or financial decision authority.","inefficiency":"Agents may plan, route, inspect, recommend, and produce synthetic evidence, but they cannot execute protected clinical, legal, financial, customer, or production actions autonomously.","currentControl":"AgentOS, TrustOS, Platform Power, QA Claim Guard, Runtime Safety, and Continuous Review loops.","resolutionPath":"Use model-route registers, allowed/blocked data classes, eval packs, red-team loops, human approval triggers, and protected AAL2 operator lanes.","owner":"AI platform, AgentOS, TrustOS, QA, security, finance, and clinical governance","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/agents","/trust-os","/platform-power","/continuous-review-audit"],"hardStops":["live autonomous AI approved","production model routing approved","agent actions fully autonomous","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"The system is asked to act without approval, route PHI to a model, self-remediate production, or make clinical/legal/financial decisions."},{"id":"limitations-workaround-track-security-certification-boundary","domain":"limitations-workarounds","name":"Security, privacy, SOC 2, HITRUST, and certification boundary","status":"external-review-required","sourceSurface":"Limitations and Workaround Operations","impact":"Procurement packets could overstate security posture, compliance status, or customer-specific readiness.","inefficiency":"SCRIMED can organize readiness evidence, controls, and protected review paths, but cannot claim SOC 2, HITRUST, ISO, HIPAA certification, penetration-test completion, or security approval without qualified evidence.","currentControl":"Evidence-room metadata, owner matrix, certification tracks, blocked claims, renewal queue, and protected access logs.","resolutionPath":"Use Trust Center, Provider Security Reviews, Procurement Evidence Registry, Global Certification Readiness, and no-sensitive-artifact references.","owner":"Security, privacy, legal, trust operations, customer authority owner, and qualified external reviewers","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/trust-center","/global-certification-readiness","/pilot-workspace/access"],"hardStops":["security certified","SOC 2 certified","HITRUST certified","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"A buyer asks for SOC 2, HITRUST, ISO, HIPAA certification, pentest, BAA/DPA, vendor-risk approval, or security signoff."},{"id":"limitations-workaround-track-global-legal-privacy-boundary","domain":"limitations-workarounds","name":"Global legal, privacy, AI Act, GDPR, NHS, MHRA, and regional boundary","status":"external-review-required","sourceSurface":"Limitations and Workaround Operations","impact":"Public-sector and global buyer conversations can become unsupported country-launch or conformity claims.","inefficiency":"Global expansion readiness can map evidence needs and regional packs, but cannot claim local legal approval, procurement approval, data-residency approval, EU AI Act conformity, GDPR compliance approval, NHS DTAC approval, MHRA approval, or government endorsement.","currentControl":"Global Certification Readiness, Global Reach, Deployment Profiles, Claim Guard, and Boundary Resolution.","resolutionPath":"Use regional buyer packs, deployment profiles, official-source evidence implications, partner authority registers, and qualified regional counsel review.","owner":"Regional counsel, privacy, security, clinical governance, global partnerships, and customer procurement owner","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/global-certification-readiness","/global-reach","/deployment-profiles"],"hardStops":["EU AI Act conformant","GDPR approved","government endorsed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"A claim names country launch, public-sector approval, local hosting approval, GDPR/EU AI Act conformity, NHS/MHRA/Australia approval, or government endorsement."},{"id":"limitations-workaround-track-legal-finance-revenue-boundary","domain":"limitations-workarounds","name":"Legal, finance, accounting, tax, revenue, and profit boundary","status":"external-review-required","sourceSurface":"Limitations and Workaround Operations","impact":"Sales, board, investor, and buyer materials could become unsupported professional advice, financial reporting, securities material, or commercial promises.","inefficiency":"Enterprise Business Ops can prepare deal desk, pricing, margin, billing, and review packets, but cannot provide legal/accounting/tax advice, audited financial reporting, contract approval, securities material, revenue guarantees, ROI guarantees, or profit-margin guarantees.","currentControl":"Enterprise Business Ops, Growth Engine, Capital Vitality, Public Market Readiness, Deal Room, and Claim Guard.","resolutionPath":"Use fixed-scope offers, price floors, buyer-approved measurement plans, counsel review slots, finance/accounting/tax triage, and qualified release authority.","owner":"Founder, deal desk, legal, finance, accounting, tax, revenue operations, and qualified reviewers","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/enterprise-business-ops","/growth-engine","/capital-vitality","/public-market-readiness"],"hardStops":["legal advice provided","revenue guaranteed","profit margin guaranteed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"A proposal includes contract approval, non-standard terms, revenue impact, ROI, reimbursement, valuation, fundraising, tax, accounting, or legal conclusions."},{"id":"limitations-workaround-track-autonomous-communications-boundary","domain":"limitations-workarounds","name":"Email, calendar, demo, meeting, and buyer communication boundary","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"A draft could become an unauthorized buyer commitment, meeting invite, sales promise, procurement statement, or customer-specific claim.","inefficiency":"SCRIMED can prepare email-ready copy, calendar-ready agendas, demo scripts, meeting notes, and follow-up packets, but cannot autonomously send emails, create calendar invites, approve procurement, or commit scope.","currentControl":"Client Onboarding and Communications stages, handoffs, templates, calendar packets, and blocked-content list.","resolutionPath":"Use human-reviewed templates, meeting packets, owner handoffs, no-PHI notes, and explicit send/invite approval fields.","owner":"Revenue operations, sales engineering, customer operations, legal ops, finance, and product owner","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/client-onboarding","/offerings","/pilot-deal-room"],"hardStops":["email sent autonomously","calendar invite created autonomously","buyer commitment approved","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"The communication contains PHI, security claims, contract language, pricing exceptions, procurement claims, or clinical promises."},{"id":"limitations-workaround-track-release-proof-boundary","domain":"limitations-workarounds","name":"Protected QA, buyer proof, and release authority boundary","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"Public checks could be mistaken for retained protected evidence, customer permission, or release authority.","inefficiency":"Public smoke can prove route availability and fail-closed protected behavior, but cannot prove protected happy-path execution, buyer-specific release, authenticated QA completion, or customer evidence-room distribution.","currentControl":"Release Continuity, QA Launch Kit, Manual QA Execution Console, Buyer Release Control Runbook, protected evidence packets, and no-token policy.","resolutionPath":"Use AAL2 protected workspaces, no-secret operator packets, QA Completion Bridge, Activation Seal, Proof Promotion, Buyer Proof Release, and release-control runbooks.","owner":"Release engineering, TrustOS, tenant governance, approved operator, and buyer diligence","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/release-continuity","/qa-manual-execution-console","/buyer-release-control-run","/pilot-workspace/access"],"hardStops":["protected happy path completed without AAL2","buyer release approved","bearer token retained as evidence","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"A claim references retained protected proof, customer release, authenticated QA, token handling, evidence-room access, or buyer distribution."},{"id":"limitations-workaround-track-ui-accessibility-boundary","domain":"limitations-workarounds","name":"UI quality, accessibility, and seamless navigation boundary","status":"contained","sourceSurface":"Limitations and Workaround Operations","impact":"Enterprise demos could overstate accessibility certification or leave high-value workflows hard to find.","inefficiency":"Navigation can be improved continuously, but current UI polish, responsive behavior, keyboard path, contrast, and accessibility posture are not formal WCAG, VPAT, Section 508, or external UX certification.","currentControl":"SiteNavigation, Navigation Audit inventory, Product Console proof stack, Platform Power UI role journey control, and smoke checks.","resolutionPath":"Use site navigation, role journeys, Navigation Audit, Product Console, Hub cards, smoke-covered routes, and manual UI review before demos.","owner":"Frontend, Product Console, QA, accessibility reviewer, customer operations, and sales engineering","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/navigation","/product","/hub","/platform-power"],"hardStops":["accessibility certified","WCAG conformance approved","VPAT completed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"A buyer-critical route is hidden, text overlaps, mobile route is unusable, keyboard path is unclear, or accessibility certification is implied."},{"id":"limitations-workaround-track-innovation-quantum-boundary","domain":"limitations-workarounds","name":"Internal innovation, quantum, and future infrastructure boundary","status":"blocked-by-design","sourceSurface":"Limitations and Workaround Operations","impact":"Future-looking research language could become unsupported buyer, investor, clinical, security, or public-market claims.","inefficiency":"Internal research may investigate quantum, advanced model routing, privacy-preserving computation, and future infrastructure, but public product claims remain blocked.","currentControl":"Continuous Review and Innovation control plane, internal research assignments, Claim Guard, Boundary Resolution, and no-public-quantum authority headers.","resolutionPath":"Keep research assigned to the internal research team with private hypotheses, no-public-claim labels, source logs, review owners, and claim-guard blocks.","owner":"Internal Research Team, TrustOS, AI platform, security, legal, finance, and founder","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/continuous-review-audit","/qa-claim-guard","/boundary-resolution"],"hardStops":["public quantum capability available","quantum clinical advantage","future infrastructure superiority proven","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Quantum, model advantage, cryptographic, clinical, security, financial, or infrastructure superiority language appears in external material."},{"id":"limitations-workaround-packet-synthetic-no-phi-packet","domain":"limitations-workarounds","name":"Synthetic no-PHI packet","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"A buyer asks for workflow proof, record extraction, AI output, or demo evidence without approved PHI authority.","inefficiency":"PHI introduced, patient identifier introduced, live chart requested, source artifact pasted","currentControl":"synthetic fixtures, metadata-only source labels, de-identified public examples, no-secret operator notes","resolutionPath":"Buyer-safe demo or assessment packet with explicit no-PHI and no-live-care boundary.","owner":"TrustOS + product owner","proofRoutes":["/health-records","/pilot-evidence","/boundary-resolution"],"hardStops":["PHI introduced","patient identifier introduced","live chart requested","source artifact pasted","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Refresh whenever source class, buyer scope, approval state, or claim language changes."},{"id":"limitations-workaround-packet-external-evidence-reference","domain":"limitations-workarounds","name":"External evidence reference","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"The artifact is sensitive, confidential, regulated, buyer-owned, or not safe to store in SCRIMED.","inefficiency":"artifact uploaded, secret included, contract pasted, medical record pasted","currentControl":"external system name, artifact type, reviewer label, status, expiry date","resolutionPath":"Metadata-only reference that points to the authority source without storing the underlying artifact.","owner":"Customer authority owner + trust operations","proofRoutes":["/pilot-workspace/access","/global-certification-readiness","/trust-center"],"hardStops":["artifact uploaded","secret included","contract pasted","medical record pasted","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Renew before expiration, owner change, buyer scope change, or regulation/certification scope change."},{"id":"limitations-workaround-packet-human-reviewed-communication","domain":"limitations-workarounds","name":"Human-reviewed communication packet","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"Email, calendar, demo, presentation, pilot workshop, proposal, or follow-up language is needed.","inefficiency":"autonomous send requested, calendar invite creation requested, contract promise included, PHI included","currentControl":"recipient role, meeting objective, no-PHI scope, offer, proof route, required reviewer","resolutionPath":"Draft-only communication with approval slot, send owner, follow-up owner, and blocked-content checklist.","owner":"Revenue operations + sales engineering","proofRoutes":["/client-onboarding","/offerings","/enterprise-business-ops"],"hardStops":["autonomous send requested","calendar invite creation requested","contract promise included","PHI included","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Re-review after 7 days, pricing change, scope change, reviewer change, or new buyer requirement."},{"id":"limitations-workaround-packet-aal2-protected-proof","domain":"limitations-workarounds","name":"AAL2 protected proof packet","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"A buyer, operator, or reviewer needs retained protected proof instead of public smoke evidence.","inefficiency":"token retained, AAL2 bypass attempted, protected route publicly exposed, buyer release claimed early","currentControl":"workspace slug, operator role, packet hash, reviewer label, no-secret summary","resolutionPath":"Protected no-secret proof packet with release decision and buyer-safe claim state.","owner":"Approved operator + release stewardship","proofRoutes":["/qa-manual-execution-console","/buyer-release-control-run","/pilot-workspace/access"],"hardStops":["token retained","AAL2 bypass attempted","protected route publicly exposed","buyer release claimed early","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Re-run when deployment, route, workspace, reviewer, claim language, or evidence packet changes."},{"id":"limitations-workaround-packet-api-contract-readiness","domain":"limitations-workarounds","name":"API contract readiness packet","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"A technical buyer needs API detail before public API SLA, SDK, or production connector approval exists.","inefficiency":"public API SLA implied, production connector promised, PHI payload accepted, unlimited usage promised","currentControl":"route, owner, schema, version posture, auth posture, boundary headers","resolutionPath":"Draft API contract packet with examples, rate-limit posture, no-SLA language, and blocked claims.","owner":"Platform engineering + developer experience","proofRoutes":["/platform-power","/navigation","/api/product/console"],"hardStops":["public API SLA implied","production connector promised","PHI payload accepted","unlimited usage promised","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Re-review on schema change, auth change, rate-limit change, version change, or buyer-specific scope."},{"id":"limitations-workaround-packet-model-route-register","domain":"limitations-workarounds","name":"Model-route register packet","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"A feature proposes AI model execution, provider routing, fallback, evals, or agent reasoning.","inefficiency":"PHI routed to model, provider approval missing, production model approval implied, clinical validation claimed","currentControl":"provider, model class, allowed data, blocked data, eval pack, fallback, cost owner","resolutionPath":"Readiness-only model-route record with human approval triggers and no-live-AI boundary.","owner":"AI platform + TrustOS + finance","proofRoutes":["/platform-power","/agents","/trust-os","/continuous-review-audit"],"hardStops":["PHI routed to model","provider approval missing","production model approval implied","clinical validation claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Re-review on provider, model, data class, cost threshold, eval failure, or customer scope change."},{"id":"limitations-workaround-packet-deal-desk-exception","domain":"limitations-workarounds","name":"Deal desk exception packet","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"Pricing, scope, payment terms, ROI, reimbursement, legal, tax, accounting, securities, or contract language is non-standard.","inefficiency":"legal advice implied, revenue guaranteed, profit guaranteed, contract approved without reviewer","currentControl":"offer, price floor, scope, payment terms, reviewer role, approval status","resolutionPath":"Qualified-review packet with blocked claims, margin notes, counsel/accounting/tax slots, and release gate.","owner":"Deal desk + legal + finance","proofRoutes":["/enterprise-business-ops","/growth-engine","/capital-vitality"],"hardStops":["legal advice implied","revenue guaranteed","profit guaranteed","contract approved without reviewer","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Re-review on price, scope, buyer, term, reviewer, or claim-language change."},{"id":"limitations-workaround-packet-global-regional-pack","domain":"limitations-workarounds","name":"Global regional workaround pack","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"A region, public-sector buyer, channel partner, or global certification question appears before local authority exists.","inefficiency":"country launch claimed, government endorsement implied, data residency approved early, regional clinical approval claimed","currentControl":"region, buyer type, deployment profile, regional counsel owner, blocked claims","resolutionPath":"Localization pack that frames readiness, evidence needs, hosting questions, and retained external gates.","owner":"Global partnerships + regional counsel","proofRoutes":["/global-reach","/global-certification-readiness","/deployment-profiles"],"hardStops":["country launch claimed","government endorsement implied","data residency approved early","regional clinical approval claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Re-review on region, regulation, hosting profile, partner, customer segment, or public-sector scope change."},{"id":"growth-founder-led-selling-is-still-the-fastest-path","domain":"commercial-throughput","name":"Founder-led selling is still the fastest path","status":"operator-required","sourceSurface":"Growth Engine","impact":"SCRIMED has proof depth, but early enterprise conversion still needs direct founder narrative and qualification.","inefficiency":"SCRIMED has proof depth, but early enterprise conversion still needs direct founder narrative and qualification.","currentControl":"Run weekly target-account review, use Pilot Intake for every qualified call, and keep proof routes attached to each follow-up.","resolutionPath":"Repeatable source-to-pilot conversion cohorts in Attribution Analytics.","owner":"Founder + sales operations","proofRoutes":["/growth-engine","/api/growth-engine","/api/growth-engine/brief"],"hardStops":["unsupported revenue claim","buyer proof without protected release","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Repeatable source-to-pilot conversion cohorts in Attribution Analytics."},{"id":"growth-buyer-proof-cannot-outrun-retained-approvals","domain":"commercial-throughput","name":"Buyer proof cannot outrun retained approvals","status":"protected-gated","sourceSurface":"Growth Engine","impact":"The strongest enterprise proof is protected and cannot be shared publicly without release controls.","inefficiency":"The strongest enterprise proof is protected and cannot be shared publicly without release controls.","currentControl":"Use metadata-only public summaries and route buyer-specific artifacts through protected release-control and distribution lockbox gates.","resolutionPath":"Release decisions, reviewer signoffs, recipient controls, and customer permission retained.","owner":"Release steward + buyer diligence","proofRoutes":["/growth-engine","/api/growth-engine","/api/growth-engine/brief"],"hardStops":["unsupported revenue claim","buyer proof without protected release","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Release decisions, reviewer signoffs, recipient controls, and customer permission retained."},{"id":"growth-revenue-impact-claims-require-buyer-baselines","domain":"commercial-throughput","name":"Revenue impact claims require buyer baselines","status":"contained","sourceSurface":"Growth Engine","impact":"Revenue-cycle value is compelling, but unsupported revenue claims can create legal, reimbursement, or investor risk.","inefficiency":"Revenue-cycle value is compelling, but unsupported revenue claims can create legal, reimbursement, or investor risk.","currentControl":"Frame revenue impact as buyer-reviewed operational signal until protected buyer methodology and finance review exist.","resolutionPath":"Buyer-approved baseline, finance methodology gate, and counsel-reviewed external-use language.","owner":"Founder + finance reviewers","proofRoutes":["/growth-engine","/api/growth-engine","/api/growth-engine/brief"],"hardStops":["unsupported revenue claim","buyer proof without protected release","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Buyer-approved baseline, finance methodology gate, and counsel-reviewed external-use language."},{"id":"growth-fundraising-and-investor-materials-need-counsel-review","domain":"commercial-throughput","name":"Fundraising and investor materials need counsel review","status":"external-review-required","sourceSurface":"Growth Engine","impact":"Capital readiness can be mistaken for offering material or investment advice.","inefficiency":"Capital readiness can be mistaken for offering material or investment advice.","currentControl":"Keep public routes readiness-only and route fundraising decks, valuation, securities language, tax, and legal questions through qualified counsel.","resolutionPath":"Approved investor materials, controlled data-room process, and qualified securities counsel review.","owner":"Founder + qualified counsel","proofRoutes":["/growth-engine","/api/growth-engine","/api/growth-engine/brief"],"hardStops":["unsupported revenue claim","buyer proof without protected release","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Approved investor materials, controlled data-room process, and qualified securities counsel review."},{"id":"enterprise-margin-price-floor-and-discount-approval","domain":"enterprise-operations","name":"Price floor and discount approval","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Enterprise urgency can create unmanaged discounts, free diligence work, and low-margin custom scope.","inefficiency":"Enterprise urgency can create unmanaged discounts, free diligence work, and low-margin custom scope.","currentControl":"Every proposal must show list price, discount, approval reason, gross-margin estimate, and expiration date.","resolutionPath":"discount below floor, free paid-diligence package, unapproved multi-year concession","owner":"Founder + CFO/FP&A + Deal Desk","proofRoutes":["/pricing","/sales-operations","/enterprise-business-ops"],"hardStops":["discount below floor","free paid-diligence package","unapproved multi-year concession"],"nextAction":"Every proposal must show list price, discount, approval reason, gross-margin estimate, and expiration date."},{"id":"enterprise-margin-revenue-recognition-review-gate","domain":"enterprise-operations","name":"Revenue-recognition review gate","status":"external-review-required","sourceSurface":"Enterprise Business Operations","impact":"Bundled services, cancellation rights, success fees, refunds, or variable pricing can create accounting and reporting risk.","inefficiency":"Bundled services, cancellation rights, success fees, refunds, or variable pricing can create accounting and reporting risk.","currentControl":"Contract terms that affect timing, deliverables, performance obligations, variable consideration, or refunds require accounting review.","resolutionPath":"audited revenue claim, recognized revenue guidance, financial statement treatment claim","owner":"Controller + Revenue Accounting Lead","proofRoutes":["/public-market-readiness","/enterprise-business-ops"],"hardStops":["audited revenue claim","recognized revenue guidance","financial statement treatment claim"],"nextAction":"Contract terms that affect timing, deliverables, performance obligations, variable consideration, or refunds require accounting review."},{"id":"enterprise-margin-implementation-labor-and-scope-control","domain":"enterprise-operations","name":"Implementation labor and scope control","status":"active-control","sourceSurface":"Enterprise Business Operations","impact":"Unbounded implementation work can turn high-value pilots into services-heavy margin drains.","inefficiency":"Unbounded implementation work can turn high-value pilots into services-heavy margin drains.","currentControl":"Each implementation package needs capped hours, change-order triggers, named deliverables, and staffing assumptions.","resolutionPath":"uncapped implementation promise, unpriced integration work, live connector timeline guarantee","owner":"Implementation Lead + Finance","proofRoutes":["/product","/growth-engine","/interoperability"],"hardStops":["uncapped implementation promise","unpriced integration work","live connector timeline guarantee"],"nextAction":"Each implementation package needs capped hours, change-order triggers, named deliverables, and staffing assumptions."},{"id":"enterprise-margin-ai-and-cloud-unit-cost-routing","domain":"enterprise-operations","name":"AI and cloud unit-cost routing","status":"active-control","sourceSurface":"Enterprise Business Operations","impact":"Model routing, retries, large-context workflows, and proof-packet generation can silently compress margins.","inefficiency":"Model routing, retries, large-context workflows, and proof-packet generation can silently compress margins.","currentControl":"High-volume workflows must include model-route assumptions, usage guardrails, cached evidence reuse, and cost-per-workflow review.","resolutionPath":"unbounded model usage, free high-volume pilot, cost target represented as guarantee","owner":"Product Engineering + FP&A","proofRoutes":["/public-market-readiness","/service-reliability","/continuous-review-audit"],"hardStops":["unbounded model usage","free high-volume pilot","cost target represented as guarantee"],"nextAction":"High-volume workflows must include model-route assumptions, usage guardrails, cached evidence reuse, and cost-per-workflow review."},{"id":"enterprise-margin-support-tier-and-success-coverage","domain":"enterprise-operations","name":"Support tier and success coverage","status":"active-control","sourceSurface":"Enterprise Business Operations","impact":"Premium customer expectations can create unfunded white-glove support obligations.","inefficiency":"Premium customer expectations can create unfunded white-glove support obligations.","currentControl":"Support coverage, response windows, executive reporting, and escalation channels must map to paid tier and staffing model.","resolutionPath":"24/7 managed support claim, unpriced executive reporting, unapproved SLA commitment","owner":"Customer Success + Finance","proofRoutes":["/sales-operations","/trust-safety-operations","/service-reliability"],"hardStops":["24/7 managed support claim","unpriced executive reporting","unapproved SLA commitment"],"nextAction":"Support coverage, response windows, executive reporting, and escalation channels must map to paid tier and staffing model."},{"id":"enterprise-margin-billing-collections-and-cash-conversion","domain":"enterprise-operations","name":"Billing, collections, and cash conversion","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Weak payment terms, delayed invoicing, or uncollected receivables can make profitable contracts cash-negative.","inefficiency":"Weak payment terms, delayed invoicing, or uncollected receivables can make profitable contracts cash-negative.","currentControl":"Contract packet must include invoice schedule, payment term, late-payment path, purchase-order requirements, and collections owner.","resolutionPath":"start work without billing trigger, non-standard payment term, customer procurement blocker ignored","owner":"Billing/AR Owner + CFO","proofRoutes":["/enterprise-business-ops","/sales-operations"],"hardStops":["start work without billing trigger","non-standard payment term","customer procurement blocker ignored"],"nextAction":"Contract packet must include invoice schedule, payment term, late-payment path, purchase-order requirements, and collections owner."},{"id":"enterprise-margin-vendor-and-subprocessor-spend-approval","domain":"enterprise-operations","name":"Vendor and subprocessor spend approval","status":"external-review-required","sourceSurface":"Enterprise Business Operations","impact":"Enterprise buyer requirements can create unmanaged vendor, audit, storage, security, or regional hosting costs.","inefficiency":"Enterprise buyer requirements can create unmanaged vendor, audit, storage, security, or regional hosting costs.","currentControl":"New vendors, subprocessors, hosting regions, and evidence-vault costs require security, privacy, finance, and legal review.","resolutionPath":"new subprocessor commitment, unpriced dedicated environment, unsupported data-residency claim","owner":"Procurement + Security + Finance","proofRoutes":["/deployment-profiles","/trust-center","/enterprise-business-ops"],"hardStops":["new subprocessor commitment","unpriced dedicated environment","unsupported data-residency claim"],"nextAction":"New vendors, subprocessors, hosting regions, and evidence-vault costs require security, privacy, finance, and legal review."},{"id":"enterprise-margin-legal-template-and-indemnity-guardrails","domain":"enterprise-operations","name":"Legal template and indemnity guardrails","status":"external-review-required","sourceSurface":"Enterprise Business Operations","impact":"Uncapped liability, unsupported warranties, IP terms, or data obligations can overwhelm contract value.","inefficiency":"Uncapped liability, unsupported warranties, IP terms, or data obligations can overwhelm contract value.","currentControl":"Non-standard liability, warranty, indemnity, IP, privacy, regulated-use, and publicity terms require qualified counsel review.","resolutionPath":"uncapped liability, unsupported compliance warranty, customer-publicity claim","owner":"General Counsel / Outside Counsel","proofRoutes":["/approvals-readiness","/global-certification-readiness","/enterprise-business-ops"],"hardStops":["uncapped liability","unsupported compliance warranty","customer-publicity claim"],"nextAction":"Non-standard liability, warranty, indemnity, IP, privacy, regulated-use, and publicity terms require qualified counsel review."},{"id":"enterprise-margin-tax-nexus-and-transfer-pricing-triage","domain":"enterprise-operations","name":"Tax nexus and transfer pricing triage","status":"external-review-required","sourceSurface":"Enterprise Business Operations","impact":"Cross-border enterprise, reseller, affiliate, and sovereign deals can create tax exposure and profit allocation complexity.","inefficiency":"Cross-border enterprise, reseller, affiliate, and sovereign deals can create tax exposure and profit allocation complexity.","currentControl":"Global revenue structures require qualified tax review for nexus, withholding, VAT/GST, transfer pricing, and local filing implications.","resolutionPath":"tax advice claim, cross-border reseller margin, intercompany pricing commitment","owner":"Tax Advisor + CFO","proofRoutes":["/global-reach","/global-certification-readiness","/enterprise-business-ops"],"hardStops":["tax advice claim","cross-border reseller margin","intercompany pricing commitment"],"nextAction":"Global revenue structures require qualified tax review for nexus, withholding, VAT/GST, transfer pricing, and local filing implications."},{"id":"enterprise-margin-board-investor-and-fundraising-material-review","domain":"enterprise-operations","name":"Board, investor, and fundraising material review","status":"external-review-required","sourceSurface":"Enterprise Business Operations","impact":"Revenue, margin, customer, market, and valuation language can create securities, investor, or audit risk.","inefficiency":"Revenue, margin, customer, market, and valuation language can create securities, investor, or audit risk.","currentControl":"Investor materials must stay counsel-reviewed, source-backed, and clearly separated from audited financial reporting or securities offering claims.","resolutionPath":"securities offering material, valuation assurance, audited financial statement claim","owner":"Founder + CFO + Securities Counsel","proofRoutes":["/capital-vitality","/public-market-readiness","/enterprise-business-ops"],"hardStops":["securities offering material","valuation assurance","audited financial statement claim"],"nextAction":"Investor materials must stay counsel-reviewed, source-backed, and clearly separated from audited financial reporting or securities offering claims."},{"id":"enterprise-control-quote-to-contract-approval-packet","domain":"enterprise-operations","name":"Quote-to-contract approval packet","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Tie package, price, discount, SOW, payment terms, data boundary, implementation scope, and approvals together.","inefficiency":"Tie package, price, discount, SOW, payment terms, data boundary, implementation scope, and approvals together.","currentControl":"approved quote, SOW, discount approval, data-boundary memo, billing schedule","resolutionPath":"missing counsel review, missing finance approval, unapproved non-standard term","owner":"Deal Desk + CFO + Counsel","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["missing counsel review","missing finance approval","unapproved non-standard term"],"nextAction":"approved quote"},{"id":"enterprise-control-revenue-recognition-intake","domain":"enterprise-operations","name":"Revenue-recognition intake","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Route contract features that affect recognition or reporting to qualified accounting review.","inefficiency":"Route contract features that affect recognition or reporting to qualified accounting review.","currentControl":"contract checklist, deliverable map, payment terms, acceptance criteria, review signoff","resolutionPath":"audited revenue claim, accounting treatment represented without review, unclear performance obligation","owner":"Controller + Revenue Accounting Lead","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["audited revenue claim","accounting treatment represented without review","unclear performance obligation"],"nextAction":"contract checklist"},{"id":"enterprise-control-discount-and-concession-approval","domain":"enterprise-operations","name":"Discount and concession approval","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Prevent uncontrolled discounting, extended trials, free diligence work, and unfunded success coverage.","inefficiency":"Prevent uncontrolled discounting, extended trials, free diligence work, and unfunded success coverage.","currentControl":"list price, discount rationale, margin estimate, expiration, approval record","resolutionPath":"below-floor discount, unpriced custom work, open-ended concession","owner":"CFO + Founder","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["below-floor discount","unpriced custom work","open-ended concession"],"nextAction":"list price"},{"id":"enterprise-control-payment-and-collections-control","domain":"enterprise-operations","name":"Payment and collections control","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Keep profitable contracts from becoming cash-negative because billing triggers or collections paths are missing.","inefficiency":"Keep profitable contracts from becoming cash-negative because billing triggers or collections paths are missing.","currentControl":"invoice schedule, PO requirement, payment term, collections owner, exception log","resolutionPath":"work begins before billing trigger, missing invoice owner, unapproved payment term","owner":"Billing/AR Owner + CFO","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["work begins before billing trigger","missing invoice owner","unapproved payment term"],"nextAction":"invoice schedule"},{"id":"enterprise-control-vendor-and-subprocessor-spend-approval","domain":"enterprise-operations","name":"Vendor and subprocessor spend approval","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Prevent enterprise-specific vendor, storage, audit, hosting, and security obligations from eroding margin.","inefficiency":"Prevent enterprise-specific vendor, storage, audit, hosting, and security obligations from eroding margin.","currentControl":"vendor review, subprocessor review, spend approval, security review, data-boundary impact","resolutionPath":"new subprocessor without review, dedicated environment without pricing, unsupported data-residency commitment","owner":"Procurement + Security + Finance","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["new subprocessor without review","dedicated environment without pricing","unsupported data-residency commitment"],"nextAction":"vendor review"},{"id":"enterprise-control-customer-diligence-and-legal-artifact-workflow","domain":"enterprise-operations","name":"Customer diligence and legal artifact workflow","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Route security, procurement, legal, and compliance artifacts through metadata-only protected evidence paths.","inefficiency":"Route security, procurement, legal, and compliance artifacts through metadata-only protected evidence paths.","currentControl":"artifact owner, review status, expiration, release decision, recipient controls","resolutionPath":"sensitive artifact stored publicly, expired artifact represented as current, external sharing without release decision","owner":"Buyer Diligence + Legal Ops","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["sensitive artifact stored publicly","expired artifact represented as current","external sharing without release decision"],"nextAction":"artifact owner"},{"id":"enterprise-control-board-and-investor-material-review","domain":"enterprise-operations","name":"Board and investor material review","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Separate operating metrics from securities material, valuation assurance, audited financial reporting, and investment advice.","inefficiency":"Separate operating metrics from securities material, valuation assurance, audited financial reporting, and investment advice.","currentControl":"source-backed metric, boundary language, counsel review, version log, recipient context","resolutionPath":"securities claim without counsel, audited metric claim without audit, valuation assurance claim","owner":"Founder + CFO + Securities Counsel","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["securities claim without counsel","audited metric claim without audit","valuation assurance claim"],"nextAction":"source-backed metric"},{"id":"enterprise-control-audit-evidence-retention-and-legal-hold-routing","domain":"enterprise-operations","name":"Audit evidence retention and legal hold routing","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Preserve business decisions, approvals, evidence packets, and exceptions for qualified audit, legal, or diligence review.","inefficiency":"Preserve business decisions, approvals, evidence packets, and exceptions for qualified audit, legal, or diligence review.","currentControl":"approval trail, packet hash, retention label, legal-hold flag, owner attestation","resolutionPath":"delete relevant evidence under hold, untracked approval exception, missing packet owner","owner":"Controller + Legal Ops + TrustOps","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["delete relevant evidence under hold","untracked approval exception","missing packet owner"],"nextAction":"approval trail"},{"id":"enterprise-control-tax-nexus-and-transfer-pricing-triage","domain":"enterprise-operations","name":"Tax nexus and transfer pricing triage","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Make global revenue, reseller, affiliate, and sovereign motions visible to qualified tax advisors before commitments expand.","inefficiency":"Make global revenue, reseller, affiliate, and sovereign motions visible to qualified tax advisors before commitments expand.","currentControl":"jurisdiction checklist, buyer location, partner economics, VAT/GST flag, transfer-pricing review","resolutionPath":"tax advice without advisor, cross-border reseller commitment, intercompany price represented externally","owner":"Tax Advisor + CFO","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["tax advice without advisor","cross-border reseller commitment","intercompany price represented externally"],"nextAction":"jurisdiction checklist"},{"id":"enterprise-control-enterprise-claims-and-authority-guard","domain":"enterprise-operations","name":"Enterprise claims and authority guard","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Keep sales, investor, legal, accounting, tax, revenue, margin, certification, and customer-proof claims inside retained evidence.","inefficiency":"Keep sales, investor, legal, accounting, tax, revenue, margin, certification, and customer-proof claims inside retained evidence.","currentControl":"claim classification, source, owner, review status, blocked claim list","resolutionPath":"guaranteed profit margin, legal approval without counsel, audited financial statements claim","owner":"Claim Guard + Legal + Finance","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["guaranteed profit margin","legal approval without counsel","audited financial statements claim"],"nextAction":"claim classification"},{"id":"continuous-control-no-autonomous-production-remediation","domain":"continuous-review","name":"No autonomous production remediation","status":"operator-required","sourceSurface":"Continuous Review and Audit","impact":"Prevent agents from silently changing production behavior or regulated workflows.","inefficiency":"production change without reviewer, clinical workflow mutation, credential rotation without owner","currentControl":"owner approval, diff, validation result, rollback note","resolutionPath":"production change without reviewer, clinical workflow mutation, credential rotation without owner","owner":"Release Steward + Security","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief"],"hardStops":["production change without reviewer","clinical workflow mutation","credential rotation without owner"],"nextAction":"owner approval"},{"id":"continuous-control-no-phi-review-queue","domain":"continuous-review","name":"No-PHI review queue","status":"active-control","sourceSurface":"Continuous Review and Audit","impact":"Keep review and audit evidence metadata-only until PHI authority exists.","inefficiency":"patient identifier, clinical record, payer member identifier, artifact URL","currentControl":"PHI hard-stop result, safe metadata template, protected route status","resolutionPath":"patient identifier, clinical record, payer member identifier, artifact URL","owner":"Privacy + TrustOps","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief"],"hardStops":["patient identifier","clinical record","payer member identifier","artifact URL"],"nextAction":"PHI hard-stop result"},{"id":"continuous-control-boundary-header-enforcement","domain":"continuous-review","name":"Boundary header enforcement","status":"active-control","sourceSurface":"Continuous Review and Audit","impact":"Ensure buyer-critical APIs carry no-authority, no-PHI, no-certification, and no-live-care headers.","inefficiency":"missing data boundary, missing PHI block, missing security certification block","currentControl":"smoke assertion, API route, header list","resolutionPath":"missing data boundary, missing PHI block, missing security certification block","owner":"QA Regression Agent","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief"],"hardStops":["missing data boundary","missing PHI block","missing security certification block"],"nextAction":"smoke assertion"},{"id":"continuous-control-evidence-source-aging","domain":"continuous-review","name":"Evidence source aging","status":"active-control","sourceSurface":"Continuous Review and Audit","impact":"Refresh official-source review dates and route stale source-sensitive claims for human review.","inefficiency":"stale legal/regulatory source, unsupported market claim, missing source owner","currentControl":"source URL, reviewedAt, owner, refresh decision","resolutionPath":"stale legal/regulatory source, unsupported market claim, missing source owner","owner":"Evidence Attribution Agent","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief"],"hardStops":["stale legal/regulatory source","unsupported market claim","missing source owner"],"nextAction":"source URL"},{"id":"continuous-control-post-incident-learning","domain":"continuous-review","name":"Post-incident learning","status":"operator-required","sourceSurface":"Continuous Review and Audit","impact":"Require every meaningful incident, near miss, or repeated defect to create a prevention action.","inefficiency":"incident closed without review, legal hold ignored, customer-impacting issue unowned","currentControl":"root cause, owner, prevention task, validation route","resolutionPath":"incident closed without review, legal hold ignored, customer-impacting issue unowned","owner":"Incident Learning Agent","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief"],"hardStops":["incident closed without review","legal hold ignored","customer-impacting issue unowned"],"nextAction":"root cause"},{"id":"continuous-control-internal-research-claim-guard","domain":"continuous-review","name":"Internal research claim guard","status":"blocked-by-design","sourceSurface":"Continuous Review and Audit","impact":"Keep quantum, frontier AI, privacy-preserving compute, and future infrastructure work internal until approved.","inefficiency":"public quantum advantage claim, future product guarantee, clinical superiority claim","currentControl":"research brief, visibility flag, blocked claims, promotion gate","resolutionPath":"public quantum advantage claim, future product guarantee, clinical superiority claim","owner":"Innovation Scout Agent + Claims reviewer","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief"],"hardStops":["public quantum advantage claim","future product guarantee","clinical superiority claim"],"nextAction":"research brief"},{"id":"health-records-live-phi-and-patient-identifiers","domain":"health-records-safety","name":"Live PHI and patient identifiers","status":"external-review-required","sourceSurface":"Health Records Safety Exchange","impact":"Privacy breach, contractual breach, regulatory exposure, and loss of buyer trust.","inefficiency":"Privacy breach, contractual breach, regulatory exposure, and loss of buyer trust.","currentControl":"Public and synthetic routes reject PHI and live records; extraction evaluator requires syntheticOnly=true.","resolutionPath":"Use synthetic fixtures, metadata-only references, and customer sandbox placeholders.","owner":"Privacy, security, legal, customer compliance, and data governance","proofRoutes":["/health-records","/clinical-care-activation","/approvals-readiness"],"hardStops":["Signed BAA/DPA or non-PHI determination, privacy/security review, retention policy, and customer approval.","live PHI ingestion requested","production connector requested","patient matching requested","EHR writeback or payer submission requested","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use synthetic fixtures, metadata-only references, and customer sandbox placeholders."},{"id":"health-records-production-ehr-hie-payer-imaging-and-device-connectors","domain":"health-records-safety","name":"Production EHR, HIE, payer, imaging, and device connectors","status":"external-review-required","sourceSurface":"Health Records Safety Exchange","impact":"Unsafe data exchange, silent record mutation, trading-partner breach, and patient-safety exposure.","inefficiency":"Unsafe data exchange, silent record mutation, trading-partner breach, and patient-safety exposure.","currentControl":"Connector work remains standards-aware and synthetic until partner acceptance testing exists.","resolutionPath":"Run conformance kits, fixture validation, CapabilityStatement review, and sandbox mapping packets.","owner":"Interoperability engineering, customer integration owner, security, and clinical governance","proofRoutes":["/interoperability","/interoperability/evaluations","/health-records"],"hardStops":["Customer sandbox approval, partner acceptance, security review, purpose-of-use, consent, audit, monitoring, and rollback.","live PHI ingestion requested","production connector requested","patient matching requested","EHR writeback or payer submission requested","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Run conformance kits, fixture validation, CapabilityStatement review, and sandbox mapping packets."},{"id":"health-records-patient-safety-and-clinical-action","domain":"health-records-safety","name":"Patient safety and clinical action","status":"external-review-required","sourceSurface":"Health Records Safety Exchange","impact":"Incorrect patient context, unsafe care recommendation, missed escalation, or unauthorized clinical decision support.","inefficiency":"Incorrect patient context, unsafe care recommendation, missed escalation, or unauthorized clinical decision support.","currentControl":"Outputs are draft-only, source-attributed, reviewer-gated, and blocked from clinical action.","resolutionPath":"Produce reviewer checklists, missing-data registers, and escalation queues instead of recommendations.","owner":"Clinical governance, TrustOS, product, and customer clinical owner","proofRoutes":["/clinical-authority-readiness","/clinical-care-activation","/health-records"],"hardStops":["Licensed clinical governance, intended-use review, validation protocol, safety case, and customer go-live approval.","live PHI ingestion requested","production connector requested","patient matching requested","EHR writeback or payer submission requested","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Produce reviewer checklists, missing-data registers, and escalation queues instead of recommendations."},{"id":"health-records-patient-matching-and-longitudinal-record-assembly","domain":"health-records-safety","name":"Patient matching and longitudinal record assembly","status":"external-review-required","sourceSurface":"Health Records Safety Exchange","impact":"Wrong-patient record merge, duplicate facts, incomplete histories, and unsafe downstream automation.","inefficiency":"Wrong-patient record merge, duplicate facts, incomplete histories, and unsafe downstream automation.","currentControl":"SCRIMED does not match live patients or merge production longitudinal records.","resolutionPath":"Use synthetic identity placeholders and route matching to customer MPI or identity-governance owners.","owner":"Customer identity governance, interoperability engineering, and clinical safety","proofRoutes":["/health-records","/interoperability","/workflows/runtime-safety"],"hardStops":["Customer MPI acceptance tests, identity policy, consent path, error reconciliation, audit, and clinical owner approval.","live PHI ingestion requested","production connector requested","patient matching requested","EHR writeback or payer submission requested","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use synthetic identity placeholders and route matching to customer MPI or identity-governance owners."},{"id":"health-records-payer-submission-and-reimbursement-outcomes","domain":"health-records-safety","name":"Payer submission and reimbursement outcomes","status":"external-review-required","sourceSurface":"Health Records Safety Exchange","impact":"Improper payer transaction, false reimbursement expectation, and regulatory or contract exposure.","inefficiency":"Improper payer transaction, false reimbursement expectation, and regulatory or contract exposure.","currentControl":"SCRIMED creates synthetic prior-auth support packets and missing-evidence lists only.","resolutionPath":"Route payer work to human RCM review and customer payer-policy owners.","owner":"RCM owner, legal, customer sponsor, and payer integration owner","proofRoutes":["/health-records","/growth-engine","/enterprise-business-ops"],"hardStops":["Payer/trading-partner approval, X12/FHIR API testing, coding review, legal review, and customer release authority.","live PHI ingestion requested","production connector requested","patient matching requested","EHR writeback or payer submission requested","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Route payer work to human RCM review and customer payer-policy owners."},{"id":"boundary-central-register","domain":"boundary-control","name":"Central limitation register coverage","status":"active-control","sourceSurface":"Boundary Resolution Register","impact":"Known limitations stay visible across clinical, certification, continuous review, enterprise, commercial, and release systems.","inefficiency":"High-value limits become slower to manage when they are scattered across docs, APIs, and route copy.","currentControl":"120 boundary records across 14 categories.","resolutionPath":"Require every new buyer, investor, operational, approval, certification, or clinical claim to land in a boundary record before external use.","owner":"Claims governance + domain owner","proofRoutes":["/boundary-resolution","/api/boundary-resolution","/api/boundary-resolution/brief"],"hardStops":["Do not enter PHI, payer member data, production credentials, source contracts, medical records, or patient identifiers into current public or synthetic pilot workflows.","Use Health Records Safety Exchange for no-PHI extraction planning, patient-safety lint, source attribution, and live-data workaround routing before any record workflow expands.","Use Product and Services Portfolio before pricing, pilots, diligence, implementation, or enterprise-license work expands so every opportunity has one package, one offer, one proof route, one margin control, and one retained boundary.","Use Client Onboarding and Communications before buyer meetings, demo follow-up, pilot workshops, decks, emails, and calendar-ready agendas leave SCRIMED; humans must approve sends and events.","Use Enterprise Scalability Operations before enterprise traffic, tenant scale, support tiers, SLO/SLA language, regional hosting, disaster recovery, or cost commitments expand.","Use Platform Power Operations before API, UI, AI, model-routing, agent-tool, evidence-retrieval, accessibility, or trillion-scale positioning claims expand.","Use Limitations and Workaround Operations when an issue is blocked so every safe alternative has a packet, owner, proof route, escalation trigger, expiration rule, and graduation gate.","Do not claim live clinical authority, legal approval, reimbursement certainty, security certification, regional regulatory approval, or production go-live before signed external evidence exists.","Do not claim HIPAA, SOC 2, HITRUST, ISO, FDA, ONC, EU AI Act, GDPR, NHS, MHRA, Essential Eight, or other certification/approval status before the qualified external authority exists.","Do not position 24/7 review agents as managed SOC/MDR coverage, autonomous remediation, error-free AI review, clinical validation, or public quantum capability.","Do not present revenue, ROI, profit margin, valuation, fundraising, legal, accounting, or tax conclusions without qualified review and retained release authority.","Use protected AAL2 workspaces and no-secret evidence packets for operator proof.","Use synthetic fixtures, metadata-only references, and external evidence-room references while sensitive artifacts remain outside SCRIMED.","Escalate high-risk clinical, legal, privacy, security, payer, public-claims, or production connector requests to the retained owner instead of improvising."],"nextAction":"Turn the register into a release preflight: require every buyer, investor, regional, certification, 24/7 review, innovation, API, UI, AI, model-route, agent-tool, legal/finance, workaround, and clinical claim to resolve to an approved route, explicit boundary, owner, prohibited-claim list, safe packet, and retained evidence gate before external use."}],"discrepancyFaultTriageQueue":[{"id":"route-api-smoke-drift","severity":"critical","signal":"A public page, API route, Product Console count, docs entry, or smoke assertion no longer agrees with the source route inventory.","discrepancy":"Navigation, Product Console, API response, README, docs, and smoke can drift when a new route or control is added in only one surface.","immediateContainment":"Freeze external release language for the affected surface and run route inventory, typecheck, build, and public smoke before promotion.","rootCauseProbe":"Compare Navigation Audit page/API counts, Product Console proof stack, route handlers, docs, and smoke expectations for the missing route or count.","permanentControl":"Every buyer-critical route must update navigation, Product Console, route/API brief, docs, and smoke in the same release.","owner":"Release Steward + Product Console + Navigation Audit","proofRoutes":["/navigation","/product","/release-continuity","/operational-efficiency"],"promotionTrigger":"Any page/API count mismatch, missing smoke coverage, or Product Console count regression.","retainedBoundary":"Route alignment is release evidence only; it does not approve protected execution, PHI, connectors, or clinical use."},{"id":"protected-auth-status-mismatch","severity":"critical","signal":"Protected API returns an unexpected status, exposes data without AAL2, or fails differently between local and branded production.","discrepancy":"Local sandbox, production auth, and protected workspace behavior can differ, especially around 401 versus 503 fail-closed responses.","immediateContainment":"Treat the protected path as unavailable for external proof until fail-closed behavior, AAL2 requirement, and no-secret boundaries are verified.","rootCauseProbe":"Check auth guard, workspace slug, token path, environment variables, protected route handler, and smoke fail-closed expectation.","permanentControl":"Keep protected route smoke tolerant only of approved fail-closed statuses while requiring authenticated happy-path evidence from a human AAL2 session.","owner":"TrustOS + Security + Release Steward","proofRoutes":["/pilot-workspace/access","/qa-buyer-proof-release","/release-continuity","/service-reliability"],"promotionTrigger":"Any protected route returns 200 without approved auth or changes fail-closed status without documented reason.","retainedBoundary":"Fail-closed verification does not bypass AAL2, create customer permission, or authorize buyer proof release."},{"id":"claims-boundary-drift","severity":"critical","signal":"Public, buyer, investor, demo, or API copy implies certification, PHI authority, ROI, live clinical use, uptime, or autonomous remediation.","discrepancy":"Growth copy can outpace retained evidence when marketing, sales, investor, and product surfaces are edited independently.","immediateContainment":"Route the claim through Claim Guard and Boundary Resolution, replace the language with current-state proof, and block release until reviewed.","rootCauseProbe":"Search changed copy for prohibited claims and compare against hard stops in Company Assessment, Clinical Production Readiness, and Boundary Resolution.","permanentControl":"Every strategic copy change must include approved no-authority language and a proof route before it is exposed to buyers or investors.","owner":"Claim Guard + Legal Ops + Product Marketing","proofRoutes":["/qa-claim-guard","/boundary-resolution","/company-assessment","/clinical-production-readiness"],"promotionTrigger":"Any unsupported legal, financial, clinical, security, PHI, connector, SLA, revenue, or certification claim.","retainedBoundary":"Claim triage is not legal advice, certification, security assurance, audited financial reporting, or clinical validation."},{"id":"buyer-handoff-stall","severity":"high","signal":"A demo, pilot, assessment, diligence request, meeting follow-up, or proposal lacks owner, next action, package, or response SLA.","discrepancy":"Client onboarding, service delivery, pricing, sales operations, and enterprise deal desk can diverge if buyer motion is not forced into one package path.","immediateContainment":"Assign the buyer stage, package, owner, follow-up SLA, no-PHI intake route, and deal-desk review before any new commitment is made.","rootCauseProbe":"Check Client Onboarding stage, Service Delivery work order, Offering package, Pricing path, and Enterprise Business Ops review status.","permanentControl":"Every buyer handoff must resolve to one of: no-PHI assessment, synthetic pilot, protected enterprise pilot, diligence package, license, or retainer.","owner":"Revenue Operations + Customer Operations + Deal Desk","proofRoutes":["/client-onboarding","/service-delivery","/offerings","/enterprise-business-ops"],"promotionTrigger":"Any buyer record stays ownerless, unpriced, unscoped, or without next action after the review window.","retainedBoundary":"Buyer handoff control does not send email, create invites, approve contracts, or guarantee revenue."},{"id":"scale-support-overcommit","severity":"high","signal":"Buyer or investor language implies production SLA, managed service, uptime, global region support, tenant capacity, or incident response readiness.","discrepancy":"Enterprise scalability, service reliability, platform power, finance, and legal review can move at different speeds during expansion conversations.","immediateContainment":"Replace commitment language with readiness language and route the request through scale, support, cost, legal, and deal-desk owners.","rootCauseProbe":"Review capacity assumption, support tier, SLO/SLA boundary, incident/change path, regional gate, cost guardrail, and contract authority.","permanentControl":"No scale or support promise leaves SCRIMED without tenant owner, queue/backpressure model, incident path, support tier, cost guardrail, and no-SLA boundary.","owner":"Enterprise Scalability + Service Reliability + Finance + Legal Ops","proofRoutes":["/enterprise-scalability","/service-reliability","/platform-power","/enterprise-business-ops"],"promotionTrigger":"Any unsupported SLA, uptime, managed service, region, production support, or capacity claim appears in external language.","retainedBoundary":"Scale triage is not contractual SLA approval, uptime guarantee, managed-service commitment, hosting approval, or profit assurance."},{"id":"interoperability-live-data-slip","severity":"critical","signal":"Health-record, EHR, HIE, payer, imaging, device, patient matching, or writeback requests move beyond no-PHI sandbox planning.","discrepancy":"Interoperability readiness can be mistaken for production connector authority if live data, credentials, or patient-impacting steps are requested.","immediateContainment":"Reject live PHI, credentials, endpoints, patient matching, payer submission, and writeback until customer authority and qualified review exist.","rootCauseProbe":"Classify the data type, standard, source system, patient-safety impact, connector authority, PHI scope, and customer approval evidence.","permanentControl":"Every integration conversation must start with no-PHI fixtures, standards map, source attribution, patient-safety lint, and live-data gate list.","owner":"Interoperability + Health Records Safety + Privacy + Clinical Governance","proofRoutes":["/health-records","/interoperability","/clinical-authority-readiness","/clinical-production-readiness"],"promotionTrigger":"Any live data, credential, writeback, payer submission, patient matching, or production connector request.","retainedBoundary":"Interoperability triage is not PHI authority, connector approval, payer submission approval, EHR mutation approval, or live care."},{"id":"agent-autonomy-overreach","severity":"high","signal":"Agent, model-route, review-loop, or innovation language implies autonomous production action, live clinical judgment, public quantum capability, or unmanaged remediation.","discrepancy":"Internal innovation and continuous review can be misread as public autonomous capability when controls are not explicit.","immediateContainment":"Keep the pathway internal or human-gated, block public quantum/autonomous claims, and require evaluation plus owner approval before promotion.","rootCauseProbe":"Inspect model route, tool access, allowed data, blocked data, eval pack, human approval trigger, cost owner, and public language.","permanentControl":"Every agent or model path must carry allowed data, blocked data, evaluation evidence, human approval trigger, and no-autonomous-authority boundary.","owner":"AI Platform + TrustOS + Internal Research Team","proofRoutes":["/platform-power","/continuous-review-audit","/agents","/evaluation"],"promotionTrigger":"Any agent or model path requests protected action, production remediation, live clinical judgment, or public quantum claim.","retainedBoundary":"Agent triage is not live autonomous AI approval, production model routing, clinical authorization, or public quantum capability."},{"id":"finance-margin-leak","severity":"high","signal":"Custom scope, free diligence labor, discounting, payment terms, investor language, tax language, or revenue-recognition questions bypass deal desk.","discrepancy":"Sales urgency can create margin leakage when finance, legal, accounting, tax, and delivery controls are not pulled into the same decision.","immediateContainment":"Pause proposal release, assign package and scope, run price-floor and margin review, and route finance/legal/tax/accounting exceptions.","rootCauseProbe":"Review package, price floor, discount, work order, acceptance criteria, billing trigger, payment terms, tax implications, and blocked claims.","permanentControl":"Every enterprise proposal must include margin model, billing readiness, contract authority, tax/accounting triage, and blocked-claim review.","owner":"Finance + Deal Desk + Legal Ops + Revenue Operations","proofRoutes":["/enterprise-business-ops","/capital-vitality","/service-delivery","/growth-engine"],"promotionTrigger":"Any unpriced custom work, margin exception, financial claim, investor claim, or unreviewed payment term.","retainedBoundary":"Finance triage is not accounting advice, tax advice, audited financial reporting, securities material, valuation assurance, or revenue guarantee."}],"sprints":[{"lane":"Release and route preflight","owner":"Release Steward + Product Console","objective":"Prevent route drift, missing smoke coverage, stale boundary headers, and untracked protected gates before deployment.","sequence":["Update route inventory and smoke-covered HTML routes","Run typecheck, lint, build, and public smoke","Verify boundary headers on buyer-critical APIs","Retain Vercel deploy and custom-domain smoke evidence"],"proofRoutes":["/navigation","/release-continuity","/service-reliability","/operational-efficiency"],"expectedGain":"Fewer release regressions and faster go/no-go decisions.","boundary":"Preflight evidence does not approve protected happy-path execution or bypass AAL2."},{"lane":"Commercial throughput","owner":"Founder + Revenue Operations","objective":"Shorten the path from qualified buyer interest to scoped, priced, and governed next action.","sequence":["Attach each buyer to one package, one offer, one proof route, one margin control, and one disqualifier check","Route non-standard terms through deal desk","Price diligence and implementation work explicitly","Keep ROI, reimbursement, and revenue claims behind reviewed evidence"],"proofRoutes":["/offerings","/growth-engine","/enterprise-business-ops","/pilot-deal-room","/operational-efficiency"],"expectedGain":"Less custom-sales drag, clearer price floors, and fewer margin leaks.","boundary":"Commercial acceleration is not a revenue guarantee, ROI guarantee, or customer permission."},{"lane":"Client onboarding and communication cadence","owner":"Revenue Operations + Sales Engineering + Customer Operations","objective":"Turn buyer interest into governed discovery, demo, pilot, diligence, kickoff, and renewal communication without losing owners or crossing authority boundaries.","sequence":["Classify the buyer stage and selected package","Use a human-reviewed email or calendar-ready packet","Assign meeting owner, follow-up SLA, and handoff owner","Route PHI, security, contract, procurement, legal, finance, or clinical requests to the proper boundary owner"],"proofRoutes":["/client-onboarding","/offerings","/sales-operations","/operational-efficiency"],"expectedGain":"Faster first response, tighter demo follow-up, cleaner pilot scoping, and fewer informal commitments.","boundary":"Onboarding acceleration does not send messages, create invites, approve contracts, process PHI, or authorize clinical use."},{"lane":"Enterprise scalability and support readiness","owner":"Platform + service reliability + customer operations","objective":"Prevent enterprise traffic, tenant growth, support expectations, SLO/SLA language, regional hosting, incident response, and usage costs from outpacing evidence.","sequence":["Attach capacity forecast, route class, queue/backpressure controls, and rollback path","Review tenant owner, access cadence, AAL2 path, support tier, and escalation matrix","Keep SLO language internal until contract and staffing review approve exact commitments","Route regional hosting, residency, DR, and cost thresholds to qualified owners"],"proofRoutes":["/enterprise-scalability","/service-reliability","/client-onboarding","/enterprise-business-ops","/operational-efficiency"],"expectedGain":"Fewer unsupported scale promises, cleaner support economics, and faster enterprise readiness review.","boundary":"Scale readiness is not a contractual SLA, managed service commitment, production hosting approval, PHI authority, or profit guarantee."},{"lane":"API, UI, and AI platform power","owner":"Platform engineering + Product Console + AI platform + TrustOS","objective":"Raise SCRIMED's platform power through contract-backed APIs, operator-grade UI, model-route readiness, agent approval workflows, eval loops, evidence retrieval, and cost telemetry.","sequence":["Promote buyer-critical APIs into an owner, schema, version, auth, boundary, and smoke contract register","Make platform-power routes visible in primary nav, hub, product console, role journeys, and limitation controls","Attach every model or agent path to allowed data, blocked data, eval pack, human approval trigger, and cost owner","Route public API SLA, live AI, PHI, accessibility, security, and trillion-scale claims through Boundary Resolution"],"proofRoutes":["/platform-power","/navigation","/product","/agents","/trust-os","/operational-efficiency"],"expectedGain":"Sharper enterprise technical diligence, less UI friction, clearer AI authority, and stronger cost discipline.","boundary":"Platform power is not public API SLA approval, live autonomous AI authority, production model routing, PHI processing, accessibility certification, security certification, or trillion-scale equivalence."},{"lane":"Limitations workaround containment","owner":"Boundary owner + Operational Efficiency + Product Console","objective":"Turn blocked requests, boundaries, issues, and repeated bottlenecks into safe packets, escalation owners, proof routes, expiration rules, and graduation gates.","sequence":["Classify issue by category, severity, state, owner, and proof route","Select the reusable workaround packet or create a new one with hard stops","Attach escalation trigger, expiry rule, and graduation gate","Promote repeated workarounds into smoke, navigation, boundary, platform, reliability, or service controls"],"proofRoutes":["/limitations-workarounds","/boundary-resolution","/operational-efficiency","/platform-power"],"expectedGain":"Less stalled work, fewer informal exceptions, and clearer safe paths when authority is missing.","boundary":"Workaround containment does not authorize PHI, live care, legal/finance advice, certification, public SLA, autonomous remediation, live AI, or buyer release."},{"lane":"Continuous defect-to-control loop","owner":"QA Regression Agent + TrustOps","objective":"Turn repeated mistakes, buyer questions, incidents, and source drift into deterministic controls.","sequence":["Classify the defect or near miss","Attach owner, route, and hard stop","Add or update smoke coverage where deterministic","Promote recurring patterns into the boundary or reliability register"],"proofRoutes":["/continuous-review-audit","/qa-evidence","/trust-safety-operations","/operational-efficiency"],"expectedGain":"Fewer repeated defects and clearer accountability for each new risk.","boundary":"Agent-assisted review may route and recommend; humans retain remediation and approval authority."},{"lane":"Health-record extraction and safety","owner":"Interoperability + TrustOS + clinical governance","objective":"Turn buyer health-record, EHR, HIE, payer, imaging, and document requests into no-PHI extraction plans with safety checks and retained live-data gates.","sequence":["Classify source format and standard bindings","Reject PHI, identifiers, production credentials, live endpoints, and record mutation requests","Run synthetic extraction planning and patient-safety lint","Route sandbox, PHI, connector, clinical, payer, and writeback gates to named owners"],"proofRoutes":["/health-records","/interoperability","/clinical-care-activation","/operational-efficiency"],"expectedGain":"Faster integration scoping with fewer unsafe data asks and clearer customer sandbox workarounds.","boundary":"Health-record extraction planning does not authorize PHI, live connectors, patient matching, payer submission, EHR writeback, or clinical action."},{"lane":"Enterprise margin and control discipline","owner":"Finance + Legal Ops + Deal Desk","objective":"Stop margin leakage, unfunded diligence labor, weak payment terms, and unsupported business claims before proposals leave SCRIMED.","sequence":["Run price-floor and margin review","Confirm scope, SOW, billing trigger, and payment terms","Route accounting, tax, securities, and counsel exceptions","Retain approval evidence and blocked-claim language"],"proofRoutes":["/enterprise-business-ops","/capital-vitality","/public-market-readiness","/operational-efficiency"],"expectedGain":"Better cash discipline and fewer unpriced enterprise commitments.","boundary":"Business controls are not legal, accounting, tax, audit, or securities advice."}],"metrics":[{"metric":"Open bottleneck pressure","currentSignal":"106 open or retained-gate records in the efficiency register.","targetSignal":"Open records have owner, proof route, next action, and hard stop before external use.","evidenceRoute":"/api/operational-efficiency","boundary":"A lower count is operational posture, not approval or certification."},{"metric":"Proof-route density","currentSignal":"87 unique proof routes are attached to gap records.","targetSignal":"Every high-impact gap resolves to a live route, API, or protected evidence path.","evidenceRoute":"/navigation","boundary":"Proof routes organize evidence; they do not create protected execution proof by themselves."},{"metric":"Hard-stop visibility","currentSignal":"316 unique hard stops are surfaced from source systems.","targetSignal":"Each hard stop has a named owner and escalation path before release or buyer use.","evidenceRoute":"/boundary-resolution","boundary":"Hard-stop visibility does not waive external review."},{"metric":"Sprint execution readiness","currentSignal":"9 cross-functional efficiency sprints are ready for operator sequencing.","targetSignal":"Each sprint produces retained evidence, not informal process memory.","evidenceRoute":"/operational-efficiency","boundary":"Sprint plans do not authorize autonomous production changes."}],"proofRoutes":["/product","/api/product/console","/api/release-continuity","/qa-evidence","/pilot-workspace/access","/buyer-release-control-run","/api/pilot-workspaces/{workspaceSlug}/buyer-release-control-run","/qa-aal2-run-evidence","/api/qa-evidence/aal2-smoke-readiness","/api/qa-evidence/aal2-smoke-readiness/brief","/qa-run-control","/qa-launch-kit","/qa-human-run-packet","/approvals-readiness","/boundary-resolution","/qa-claim-guard","/navigation","/api/navigation-audit","/api/navigation-audit/brief","/hub","/release-continuity","/api/release-continuity/brief","/clinical-authority-readiness","/qa-manual-execution-console","/pilot-workspace/access#buyer-release-control-verifier","/pilot-deal-room","/pricing","/demos","/pilots","/sales-operations","/agents","/workflows","/workflows/contracts","/workflows/runtime-safety","/workflows/execution-audit","/evaluation","/interoperability","/interoperability/evaluations","/integrations","/synthetic/validation","/trust-safety-operations","/trust-center","/claims","/public-market-readiness","/global-reach","/deployment-profiles","/market-activation","/operations","/clinical-care-activation","/pilot","/offerings","/enterprise-business-ops","/growth-engine","/health-records","/service-reliability","/operational-efficiency","/global-certification-readiness","/continuous-review-audit","/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief","/sales-attribution","/qa-buyer-proof-release","/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief","/workflows/execution-attempts","/qa-completion-bridge","/capital-vitality","/platform-power","/api/platform-power","/api/platform-power/brief","/trust-os","/atlas","/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/integrations/fixture-validation","/pilot-evidence","/api/growth-engine","/api/growth-engine/brief","/api/enterprise-business-ops","/api/enterprise-business-ops/brief","/api/continuous-review-audit","/api/continuous-review-audit/brief","/api/boundary-resolution","/api/boundary-resolution/brief"],"hardStops":["PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied","route missing from inventory","buyer-critical route absent from smoke","missing owner","missing proof route","claim expanded before retained boundary","fault repeated without control","fail-closed behavior missing","custom SOW before package selected","unpriced implementation work","unsupported success fee","PHI requested","production connector requested","BAA/security scope missing","custom packet work without paid scope","external sharing before release decision","recipient controls missing","services bundled into license","support tier undefined","implementation acceptance criteria missing","ROI guarantee","reimbursement guarantee","customer claim without permission","certification claim without authority","uncapped high-volume usage","model-cost spike","usage threshold missing","cross-border margin-sharing commitment","regional tax review missing","partner delivery owner missing","autonomous remediation promised","managed SOC/MDR claim","implementation work hidden in retainer","automatic send attempted","unsupported claim present","recipient list unknown","PHI in message","production credentials in invite","live record attached","sensitive artifacts in event body","attendees not approved","approval claim in title","certification claim","ROI or revenue guarantee","contact source missing","owner missing","sensitive notes copied into CRM","no owner for open item","follow-up without boundary review","unreviewed custom scope","commitment made before handoff","price or scope not reviewed","production gate omitted","PHI in notes","contract conclusion in notes","security-sensitive artifact copied","PHI in intake","no contact consent","no owner assigned","demo requires live patient data","unsupported customer reference requested","no follow-up owner","price commitment without deal desk","PHI-dependent scope","unreviewed SOW language","certification self-claim","contract approval implied","BAA or PHI approval represented","scope not approved","access gate skipped","sensitive data requested before approval","customer value claim without permission","production expansion without approvals","traffic volume unknown","route owner missing","fallback behavior missing","contractual uptime implied","unbounded retry","duplicate evidence risk","autonomous remediation implied","PHI introduced","production credential shared","customer tenancy approved informally","SLA promised","uptime guaranteed","support response guaranteed","contract language unreviewed","managed SOC claimed","MDR claimed","customer incident notice sent without review","release gate skipped","rollback path missing","buyer-critical route untested","unpriced custom work","unbounded support","profit margin guaranteed","accounting advice implied","data residency approved","sovereign hosting approved","regional legal approval claimed","24/7 support guaranteed","response SLA promised","managed service implied","PHI retained","confidential artifact stored","signed agreement stored without approval","data retention approved informally","contractual SLA implied","production support guaranteed","route lacks owner","schema missing","boundary headers missing","breaking change unannounced","migration path missing","customer-specific approval missing","production credential requested","tenant owner missing","retry ceiling absent","dead-letter owner missing","unlimited usage promised","abuse path missing","support coverage implied","route orphaned","buyer-critical task hidden","limitation path missing","text overlap","mobile route unusable","accessibility certification claimed","unreviewed external demo","PHI routed to model","provider approval missing","production model approval implied","cost owner missing","tool execution without approval","clinical action requested","contract or payment action requested","production remediation requested","error-free AI claimed","clinical validation claimed","unsafe output untriaged","public quantum claim made","source missing","PHI included","clinical validation implied","EHR writeback requested","profit guarantee claimed","SLA implied","support commitment unfunded","live autonomous AI implied","production model routing implied","accessibility certification implied","trillion-dollar-scale equivalence claimed","PHI processing authorized","live patient data connected","patient matching approved","live clinical care authorized","clinical decision support cleared","autonomous diagnosis or treatment permitted","production connector approved","EHR writeback approved","payer submission approved","public API SLA approved","unlimited API scale approved","contractual uptime guaranteed","live autonomous AI approved","production model routing approved","agent actions fully autonomous","security certified","SOC 2 certified","HITRUST certified","EU AI Act conformant","GDPR approved","government endorsed","legal advice provided","revenue guaranteed","email sent autonomously","calendar invite created autonomously","buyer commitment approved","protected happy path completed without AAL2","buyer release approved","bearer token retained as evidence","accessibility certified","WCAG conformance approved","VPAT completed","public quantum capability available","quantum clinical advantage","future infrastructure superiority proven","patient identifier introduced","live chart requested","source artifact pasted","artifact uploaded","secret included","contract pasted","medical record pasted","autonomous send requested","calendar invite creation requested","contract promise included","token retained","protected route publicly exposed","buyer release claimed early","production connector promised","PHI payload accepted","legal advice implied","profit guaranteed","contract approved without reviewer","country launch claimed","government endorsement implied","data residency approved early","regional clinical approval claimed","unsupported revenue claim","buyer proof without protected release","discount below floor","free paid-diligence package","unapproved multi-year concession","audited revenue claim","recognized revenue guidance","financial statement treatment claim","uncapped implementation promise","unpriced integration work","live connector timeline guarantee","unbounded model usage","free high-volume pilot","cost target represented as guarantee","24/7 managed support claim","unpriced executive reporting","unapproved SLA commitment","start work without billing trigger","non-standard payment term","customer procurement blocker ignored","new subprocessor commitment","unpriced dedicated environment","unsupported data-residency claim","uncapped liability","unsupported compliance warranty","customer-publicity claim","tax advice claim","cross-border reseller margin","intercompany pricing commitment","securities offering material","valuation assurance","audited financial statement claim","missing counsel review","missing finance approval","unapproved non-standard term","accounting treatment represented without review","unclear performance obligation","below-floor discount","open-ended concession","work begins before billing trigger","missing invoice owner","unapproved payment term","new subprocessor without review","dedicated environment without pricing","unsupported data-residency commitment","sensitive artifact stored publicly","expired artifact represented as current","external sharing without release decision","securities claim without counsel","audited metric claim without audit","valuation assurance claim","delete relevant evidence under hold","untracked approval exception","missing packet owner","tax advice without advisor","cross-border reseller commitment","intercompany price represented externally","guaranteed profit margin","legal approval without counsel","audited financial statements claim","production change without reviewer","clinical workflow mutation","credential rotation without owner","patient identifier","clinical record","payer member identifier","artifact URL","missing data boundary","missing PHI block","missing security certification block","stale legal/regulatory source","unsupported market claim","missing source owner","incident closed without review","legal hold ignored","customer-impacting issue unowned","public quantum advantage claim","future product guarantee","clinical superiority claim","Signed BAA/DPA or non-PHI determination, privacy/security review, retention policy, and customer approval.","live PHI ingestion requested","patient matching requested","EHR writeback or payer submission requested","Customer sandbox approval, partner acceptance, security review, purpose-of-use, consent, audit, monitoring, and rollback.","Licensed clinical governance, intended-use review, validation protocol, safety case, and customer go-live approval.","Customer MPI acceptance tests, identity policy, consent path, error reconciliation, audit, and clinical owner approval.","Payer/trading-partner approval, X12/FHIR API testing, coding review, legal review, and customer release authority.","Do not enter PHI, payer member data, production credentials, source contracts, medical records, or patient identifiers into current public or synthetic pilot workflows.","Use Health Records Safety Exchange for no-PHI extraction planning, patient-safety lint, source attribution, and live-data workaround routing before any record workflow expands.","Use Product and Services Portfolio before pricing, pilots, diligence, implementation, or enterprise-license work expands so every opportunity has one package, one offer, one proof route, one margin control, and one retained boundary.","Use Client Onboarding and Communications before buyer meetings, demo follow-up, pilot workshops, decks, emails, and calendar-ready agendas leave SCRIMED; humans must approve sends and events.","Use Enterprise Scalability Operations before enterprise traffic, tenant scale, support tiers, SLO/SLA language, regional hosting, disaster recovery, or cost commitments expand.","Use Platform Power Operations before API, UI, AI, model-routing, agent-tool, evidence-retrieval, accessibility, or trillion-scale positioning claims expand.","Use Limitations and Workaround Operations when an issue is blocked so every safe alternative has a packet, owner, proof route, escalation trigger, expiration rule, and graduation gate.","Do not claim live clinical authority, legal approval, reimbursement certainty, security certification, regional regulatory approval, or production go-live before signed external evidence exists.","Do not claim HIPAA, SOC 2, HITRUST, ISO, FDA, ONC, EU AI Act, GDPR, NHS, MHRA, Essential Eight, or other certification/approval status before the qualified external authority exists.","Do not position 24/7 review agents as managed SOC/MDR coverage, autonomous remediation, error-free AI review, clinical validation, or public quantum capability.","Do not present revenue, ROI, profit margin, valuation, fundraising, legal, accounting, or tax conclusions without qualified review and retained release authority.","Use protected AAL2 workspaces and no-secret evidence packets for operator proof.","Use synthetic fixtures, metadata-only references, and external evidence-room references while sensitive artifacts remain outside SCRIMED.","Escalate high-risk clinical, legal, privacy, security, payer, public-claims, or production connector requests to the retained owner instead of improvising."],"owners":["Founder + Release Steward","Release Steward","Approved tenant-admin or pilot-lead operator","Release Steward + Approved AAL2 Operator","Security + Operator","Founder + Legal/Security/Regulatory reviewers","Executive Operating Council + Product Console + TrustOS","Clinical production readiness owner + qualified external reviewers","Revenue Operations + Product Console + Deal Desk","Delivery Lead + Product Console + Revenue Operations","Product Console + Release Steward","Release Steward + Platform Engineering","Founder + qualified external reviewers","Founder + qualified counsel + finance reviewers","Founder + Product Console + Sales Operations","Founder + qualified counsel + finance/accounting/tax reviewers","Platform + service reliability + customer operations + legal ops","Platform engineering + Product Console + TrustOS + security + finance","Boundary owner + Operational Efficiency + Product Console","TrustOS + Platform Engineering + Release Steward","Release Steward + Domain/DNS administrator","Buyer Diligence + Release Steward + qualified reviewers","Sales operations + Buyer Diligence","AgentOS + Workflow Runtime","Interoperability Control Plane + Validation Trust Lab","Trust Safety Ops + Legal + Security + Claims Governance","Founder + Finance + Global Partnerships + qualified regional reviewers","Release Steward + domain owner","Revenue operations + Product Console","Finance + Legal Ops + Privacy","Buyer Diligence + Sales Operations","Finance + Product + Implementation","Claims governance + Counsel + Finance","Product Engineering + Finance","Strategic Partnerships + Finance + Tax + Regional Counsel","TrustOps + Product + Revenue Operations","Revenue Operations","Privacy + TrustOS","Revenue Operations + Security","Claims Governance + Legal Ops","Sales Operations","Revenue Operations + Customer Operations","Deal Desk + Product + TrustOS","Customer Operations","Sales Engineering + Product Console","TrustOps + Legal Ops + Finance","Customer Operations + Delivery + TrustOS","Revenue Operations + Finance + Product","Platform engineering + release steward","Runtime safety + platform","Security + tenant governance","Legal ops + service reliability","TrustOps + customer operations","Release steward + platform","Finance + product operations","Regional counsel + security + platform","Customer operations + legal ops","Privacy, security, customer authority owners, and platform","Product operations + platform + legal ops","Service reliability + legal ops + customer operations","Customer operations + deal desk + finance","Global partnerships + regional counsel + security","Runtime safety + QA + platform","Finance + product operations + deal desk","Platform engineering + product","Developer experience + release stewardship","Runtime safety + QA","Platform + service reliability + security","Product Console + customer operations","Frontend + QA + accessibility reviewer","AI platform + TrustOS + security + finance","AgentOS + TrustOS + QA","Continuous review, QA, TrustOps, and internal research","Atlas + source intelligence + interoperability","Service reliability + finance + platform operations","Platform engineering + developer experience","Frontend + accessibility reviewer + legal ops","Platform + legal ops + customer operations","AgentOS + QA + platform engineering","Atlas + interoperability + privacy + clinical governance","Founder + product + legal + finance + platform","Privacy, security, clinical governance, customer authority owner, and TrustOS","Clinical governance, qualified clinicians, legal, privacy, and release stewardship","Interoperability, platform engineering, privacy, security, clinical governance, and customer integration owner","Platform engineering, legal ops, service reliability, customer operations, and finance","AI platform, AgentOS, TrustOS, QA, security, finance, and clinical governance","Security, privacy, legal, trust operations, customer authority owner, and qualified external reviewers","Regional counsel, privacy, security, clinical governance, global partnerships, and customer procurement owner","Founder, deal desk, legal, finance, accounting, tax, revenue operations, and qualified reviewers","Revenue operations, sales engineering, customer operations, legal ops, finance, and product owner","Release engineering, TrustOS, tenant governance, approved operator, and buyer diligence","Frontend, Product Console, QA, accessibility reviewer, customer operations, and sales engineering","Internal Research Team, TrustOS, AI platform, security, legal, finance, and founder","TrustOS + product owner","Customer authority owner + trust operations","Revenue operations + sales engineering","Approved operator + release stewardship","AI platform + TrustOS + finance","Deal desk + legal + finance","Global partnerships + regional counsel","Founder + sales operations","Release steward + buyer diligence","Founder + finance reviewers","Founder + qualified counsel","Founder + CFO/FP&A + Deal Desk","Controller + Revenue Accounting Lead","Implementation Lead + Finance","Product Engineering + FP&A","Customer Success + Finance","Billing/AR Owner + CFO","Procurement + Security + Finance","General Counsel / Outside Counsel","Tax Advisor + CFO","Founder + CFO + Securities Counsel","Deal Desk + CFO + Counsel","CFO + Founder","Buyer Diligence + Legal Ops","Controller + Legal Ops + TrustOps","Claim Guard + Legal + Finance","Release Steward + Security","Privacy + TrustOps","QA Regression Agent","Evidence Attribution Agent","Incident Learning Agent","Innovation Scout Agent + Claims reviewer","Privacy, security, legal, customer compliance, and data governance","Interoperability engineering, customer integration owner, security, and clinical governance","Clinical governance, TrustOS, product, and customer clinical owner","Customer identity governance, interoperability engineering, and clinical safety","RCM owner, legal, customer sponsor, and payer integration owner","Claims governance + domain owner"],"nextBuildStep":"Run discrepancy and fault triage first for any conflicting signal, then run the efficiency sprints in sequence: release and route preflight, commercial throughput, client onboarding and communication cadence, enterprise scalability and support readiness, API/UI/AI platform power, limitations workaround containment, continuous defect-to-control, health-record extraction and safety, and enterprise margin discipline; promote any repeated gap into smoke, boundary, portfolio, onboarding, workaround, platform-power, scale, or reliability controls before claims expand.","updated":"2026-06-27"},"platformPower":{"service":"scrimed-api-ui-ai-platform-power","route":"/platform-power","apiRoute":"/api/platform-power","briefRoute":"/api/platform-power/brief","status":"api-ui-ai-platform-power-control-plane-active","briefStatus":"api-ui-ai-platform-power-brief-ready-no-live-ai-authority","updated":"2026-06-26","boundary":"SCRIMED Platform Power Operations organizes API contract governance, developer experience, versioning, authentication posture, tenant isolation, rate limits, idempotency, observability, operator-grade UI navigation, accessibility readiness, design-system discipline, AI model-routing readiness, agent orchestration, evaluation loops, retrieval/evidence intelligence, tool approval, cost controls, and safety boundaries for synthetic, business-contact, workflow, and metadata-only evaluation. It is an enterprise platform readiness layer only. It is not a public API SLA, production API marketplace launch, live autonomous AI authority, production model-routing approval, external LLM provider approval, PHI processing authority, EHR access approval, production connector approval, model-safety certification, security certification, accessibility certification, clinical validation, legal advice, financial advice, contractual uptime guarantee, managed service commitment, and it is not proof that SCRIMED has trillion-dollar-company-equivalent capacity.","authority":{"apiAuthority":"contract-readiness-not-public-api-sla","uiAuthority":"operator-interface-readiness-not-accessibility-certification","aiAuthority":"no-live-autonomous-ai-authority","modelAuthority":"not-production-model-routing-approved","agentAuthority":"human-approval-required-for-protected-actions","dataBoundary":"synthetic-business-and-metadata-only","phiAuthority":"not-authorized-production-phi","clinicalCareAuthority":"not-authorized-live-care","connectorAuthority":"not-production-connector-approved","securityCertification":"not-security-certified","slaAuthority":"not-contractual-sla","trillionScaleAuthority":"aspirational-design-not-scale-equivalence"},"pillarCount":9,"controlCount":12,"workstreamCount":7,"cadenceCount":6,"bottleneckCount":7,"openBottleneckCount":7,"humanReviewCount":12,"externalReviewCount":4,"proofRouteCount":31,"hardStopCount":53,"ownerCount":36,"blockedClaimCount":25,"pillars":[{"slug":"api-contract-productization","name":"API contract productization","status":"active-control-plane","owner":"Platform engineering, product, and developer experience","ambition":"Make every public or buyer-facing capability inspectable as a stable, versioned contract before enterprise buyers ask for integrations.","operatingControl":"Route handlers, status headers, typed summaries, markdown briefs, route inventory, smoke tests, and future OpenAPI/SDK handoff stay aligned.","evidence":["Route inventory","API pattern count","public smoke","typed summaries","brief endpoints"],"proofRoutes":["/navigation","/product","/api/product/console"],"retainedBoundary":"Contract readiness is not a public API SLA, external API marketplace launch, or production integration approval.","nextAction":"Promote buyer-critical APIs into a contract register with version, owner, auth posture, rate limit, schema, examples, and blocked claims."},{"slug":"secure-tenant-api-plane","name":"Secure tenant API plane","status":"human-review-required","owner":"Security, tenant governance, platform engineering, and customer authority owners","ambition":"Prepare tenant-scoped API access, role boundaries, AAL2 gates, audit trails, and metadata-only payload rules before production data appears.","operatingControl":"Every tenant-facing path retains fail-closed checks, no-PHI rules, owner assignment, access review cadence, and protected workspace routing.","evidence":["AAL2 gates","protected workspace fail-closed checks","tenant lifecycle packets","no-PHI headers"],"proofRoutes":["/pilot-workspace/access","/clinical-authority-readiness","/boundary-resolution"],"retainedBoundary":"Tenant API planning does not approve PHI processing, customer-specific tenancy, production credentials, or live connector use.","nextAction":"Attach tenant owner, scope, auth mode, token handling, access review, and revocation path to every protected API before expansion."},{"slug":"rate-limit-idempotency-resilience","name":"Rate limit, idempotency, and resilience","status":"active-control-plane","owner":"Runtime safety, service reliability, and QA","ambition":"Keep repeated requests, retries, queue pressure, and long-running work from creating duplicate evidence or unsafe operator load.","operatingControl":"Idempotency keys, retry ceilings, throttling posture, duplicate-proof checks, dead-letter ownership, and fail-closed responses are required before scale claims.","evidence":["Execution attempts","runtime safety","service reliability","manual QA console"],"proofRoutes":["/workflows/execution-attempts","/workflows/runtime-safety","/service-reliability","/qa-manual-execution-console"],"retainedBoundary":"Resilience design does not create contractual uptime, unlimited throughput, or autonomous production remediation.","nextAction":"Add rate-limit class, idempotency key, retry ceiling, quarantine path, and smoke assertion to every high-value platform API."},{"slug":"operator-grade-ui-command","name":"Operator-grade UI command surfaces","status":"active-control-plane","owner":"Product Console, design systems, sales engineering, and release operators","ambition":"Make the UI feel like an enterprise operating console: dense, navigable, role-based, and grounded in proof instead of marketing fog.","operatingControl":"Homepage actions, hub console views, product summary cards, role journeys, limitation controls, and proof-stack sections stay cross-linked.","evidence":["Product Console","OS Hub","site navigation shell","navigation audit"],"proofRoutes":["/","/hub","/product","/navigation"],"retainedBoundary":"UI command readiness is not accessibility certification, buyer training completion, or customer approval.","nextAction":"Add role-specific platform-power entry points for API owners, UI operators, AI governance reviewers, and enterprise buyers."},{"slug":"design-system-accessibility-performance","name":"Design system, accessibility, and performance readiness","status":"human-review-required","owner":"Frontend, design systems, QA, and accessibility reviewers","ambition":"Reduce UI friction with consistent components, scanning-friendly hierarchy, mobile-safe layouts, keyboard-safe controls, and readable enterprise copy.","operatingControl":"Route pages use stable sections, table rows, summary metrics, constrained copy, and smoke-visible navigation while accessibility review remains explicit.","evidence":["Page build","public smoke","manual UI review","navigation groups"],"proofRoutes":["/navigation","/product","/hub"],"retainedBoundary":"Accessibility and performance readiness is not a WCAG audit, VPAT, Section 508 conformance claim, or external UX certification.","nextAction":"Turn high-traffic workflows into a UI quality checklist with keyboard path, responsive scan, copy length, contrast, and empty-state checks."},{"slug":"ai-model-gateway-routing","name":"AI model gateway and routing readiness","status":"external-review-required","owner":"AI platform, TrustOS, security, finance, and model governance","ambition":"Prepare model routing, fallback, cost attribution, provider review, and output boundaries before any live model path is exposed to buyers.","operatingControl":"Model choices, provider approvals, cost tags, failover design, prompt boundaries, output schemas, and human review rules stay in evidence-first planning.","evidence":["TrustOS","AgentOS","continuous review","model efficiency controls"],"proofRoutes":["/trust-os","/agents","/continuous-review-audit","/public-market-readiness"],"retainedBoundary":"Model gateway readiness does not approve production model calls, external provider processing, PHI use, or clinical validation.","nextAction":"Create a model-route register with provider, model class, allowed data, blocked data, eval set, cost owner, fallback, and approval status."},{"slug":"agent-orchestration-human-approval","name":"Agent orchestration with human approval","status":"human-review-required","owner":"AgentOS, TrustOS, QA, clinical governance, and release stewardship","ambition":"Build agents that plan, route, inspect, and recommend while humans retain clinical, legal, financial, customer, and production decisions.","operatingControl":"Agents stay tied to scoped tools, approval states, QA packets, claim guards, runtime safety, audit trails, and blocked-action lists.","evidence":["Agent registry","QA claim guard","QA activation seal","runtime safety"],"proofRoutes":["/agents","/qa-claim-guard","/qa-activation-seal","/workflows/runtime-safety"],"retainedBoundary":"Agent orchestration readiness is not autonomous tool execution, live care authority, production remediation, or legal/financial advice.","nextAction":"Attach each agent to allowed tools, blocked tools, approval triggers, eval pack, escalation owner, and rollback or quarantine behavior."},{"slug":"evidence-retrieval-intelligence","name":"Evidence retrieval and knowledge intelligence","status":"active-control-plane","owner":"Atlas, interoperability, TrustOS, source intelligence, and product","ambition":"Make every AI or operator answer trace back to evidence, source attribution, standards mapping, and safe no-PHI extraction rules.","operatingControl":"Trust Cards, source intelligence, health-record safety checks, interoperability conformance, and boundary routes keep retrieval inspectable.","evidence":["Atlas Trust Cards","source intelligence","health records safety","interoperability evaluations"],"proofRoutes":["/atlas","/source-intelligence","/health-records","/interoperability/evaluations"],"retainedBoundary":"Retrieval readiness is not clinical validation, payer submission approval, patient matching approval, or EHR writeback authority.","nextAction":"Link each generated or extracted claim to source class, evidence route, freshness need, confidence boundary, and reviewer requirement."},{"slug":"platform-cost-margin-observability","name":"Platform cost, margin, and observability","status":"active-control-plane","owner":"Finance, platform operations, service reliability, and deal desk","ambition":"Protect margins while AI, API, storage, review, support, and evaluation workloads increase with enterprise pilots.","operatingControl":"Usage thresholds, model cost controls, route-level telemetry, support load review, price floors, and change-order triggers stay connected.","evidence":["Enterprise Business Ops","Enterprise Scalability","Public Market Readiness","Service Reliability"],"proofRoutes":["/enterprise-business-ops","/enterprise-scalability","/public-market-readiness","/service-reliability"],"retainedBoundary":"Cost observability improves margin discipline only; it is not a profit guarantee, audited financial report, or accounting advice.","nextAction":"Tie every premium API, UI workflow, and AI loop to usage ceiling, cost owner, margin floor, support assumption, and billing trigger."}],"controls":[{"slug":"api-contract-register","control":"API contract register","status":"active-control-plane","owner":"Platform engineering + product","purpose":"Track route owner, schema, examples, version, auth posture, data boundary, and blocked claims for buyer-critical APIs.","requiredEvidence":["route","owner","schema","version","auth posture","boundary headers"],"hardStops":["route lacks owner","schema missing","boundary headers missing","public API SLA implied"]},{"slug":"api-versioning-deprecation","control":"API versioning and deprecation discipline","status":"human-review-required","owner":"Developer experience + release stewardship","purpose":"Prevent enterprise integrations from breaking silently as contracts mature from readiness to customer-specific use.","requiredEvidence":["version policy","change log","migration path","deprecation window","buyer communication owner"],"hardStops":["breaking change unannounced","migration path missing","customer-specific approval missing"]},{"slug":"tenant-auth-scope-review","control":"Tenant auth and scope review","status":"human-review-required","owner":"Security + tenant governance","purpose":"Ensure protected APIs require the right identity, tenant, role, AAL2 path, revocation rule, and no-PHI payload scope.","requiredEvidence":["tenant owner","role map","AAL2 gate","token handling","revocation rule"],"hardStops":["PHI requested","production credential requested","AAL2 bypass attempted","tenant owner missing"]},{"slug":"idempotency-retry-contract","control":"Idempotency and retry contract","status":"active-control-plane","owner":"Runtime safety + QA","purpose":"Avoid duplicated work, duplicate proof packets, and uncontrolled retries when API or agent jobs are repeated.","requiredEvidence":["idempotency key","retry ceiling","duplicate detection","dead-letter owner","manual remediation path"],"hardStops":["retry ceiling absent","duplicate evidence risk","dead-letter owner missing","autonomous remediation implied"]},{"slug":"rate-limit-abuse-control","control":"Rate limit and abuse control","status":"human-review-required","owner":"Platform + service reliability + security","purpose":"Prepare quotas, throttles, and abuse-response behavior before enterprise pilots expand traffic or expose premium endpoints.","requiredEvidence":["route class","quota","burst limit","abuse signal","operator escalation path"],"hardStops":["unlimited usage promised","abuse path missing","contractual uptime implied","support coverage implied"]},{"slug":"ui-role-journey-control","control":"UI role journey control","status":"active-control-plane","owner":"Product Console + customer operations","purpose":"Make API, UI, AI, reliability, scale, business, and approval tasks discoverable by audience without requiring tribal knowledge.","requiredEvidence":["primary nav link","hub view","product action","role journey","limitation link"],"hardStops":["route orphaned","buyer-critical task hidden","limitation path missing"]},{"slug":"ui-quality-accessibility-review","control":"UI quality and accessibility review","status":"human-review-required","owner":"Frontend + QA + accessibility reviewer","purpose":"Keep enterprise UI layouts readable, navigable, responsive, and keyboard-reviewable before external demos or buyer training.","requiredEvidence":["responsive route","copy review","keyboard path","contrast review","manual screenshot check"],"hardStops":["text overlap","mobile route unusable","accessibility certification claimed","unreviewed external demo"]},{"slug":"ai-model-route-register","control":"AI model-route register","status":"external-review-required","owner":"AI platform + TrustOS + security + finance","purpose":"Track provider, model, allowed data, blocked data, fallback, cost owner, eval pack, and approval status before model use expands.","requiredEvidence":["provider","model class","allowed data","blocked data","fallback","cost tag","eval pack"],"hardStops":["PHI routed to model","provider approval missing","production model approval implied","cost owner missing"]},{"slug":"agent-tool-approval","control":"Agent tool approval and escalation","status":"human-review-required","owner":"AgentOS + TrustOS + QA","purpose":"Ensure agents recommend and route work without executing protected, clinical, financial, legal, customer, or production actions alone.","requiredEvidence":["allowed tools","blocked tools","approval trigger","escalation owner","audit output"],"hardStops":["tool execution without approval","clinical action requested","contract or payment action requested","production remediation requested"]},{"slug":"ai-evaluation-red-team","control":"AI evaluation and red-team loop","status":"active-control-plane","owner":"Continuous review, QA, TrustOps, and internal research","purpose":"Convert repeated mistakes, hallucination risk, unsafe claims, and future AI research into eval sets, smoke checks, and controlled backlog.","requiredEvidence":["eval set","claims guard","red-team prompt","regression owner","promotion rule"],"hardStops":["error-free AI claimed","clinical validation claimed","unsafe output untriaged","public quantum claim made"]},{"slug":"evidence-rag-source-attribution","control":"Evidence retrieval and source attribution","status":"active-control-plane","owner":"Atlas + source intelligence + interoperability","purpose":"Keep extracted data, summaries, and AI answers tied to source class, evidence route, freshness requirement, and reviewer boundary.","requiredEvidence":["source class","evidence route","freshness check","confidence boundary","reviewer need"],"hardStops":["source missing","PHI included","clinical validation implied","EHR writeback requested"]},{"slug":"platform-cost-latency-observability","control":"Platform cost, latency, and quality observability","status":"active-control-plane","owner":"Service reliability + finance + platform operations","purpose":"Track API, UI, AI, evidence, review, support, and model-cost pressure before enterprise packages outgrow margins.","requiredEvidence":["cost owner","usage threshold","latency target","quality signal","margin floor"],"hardStops":["profit guarantee claimed","cost owner missing","SLA implied","support commitment unfunded"]}],"workstreams":[{"slug":"api-productization","name":"API productization and developer experience","owner":"Platform engineering + developer experience","objective":"Turn internal route handlers into an enterprise-ready contract catalog with owners, examples, version posture, boundaries, and future SDK handoff.","sequence":["Classify buyer-critical APIs","Attach owner, auth, schema, examples, version, and boundary headers","Add contract smoke checks","Prepare OpenAPI and SDK backlog"],"proofRoutes":["/navigation","/api/product/console","/api/platform-power"],"retainedBoundary":"API productization does not launch a public API marketplace or create contractual SLA authority."},{"slug":"ui-command-upgrade","name":"UI command and operator experience","owner":"Product Console + frontend + sales engineering","objective":"Make API, UI, AI, scale, reliability, business, and approval controls one click away for buyers, operators, and reviewers.","sequence":["Add platform-power route to primary navigation","Add hub and product console cards","Add role journey and limitation-control entry","Smoke-test route visibility"],"proofRoutes":["/","/hub","/product","/navigation"],"retainedBoundary":"UI command upgrades do not certify accessibility, complete buyer training, or approve external release language."},{"slug":"ai-orchestration-readiness","name":"AI orchestration and model-routing readiness","owner":"AI platform + TrustOS + security + finance","objective":"Prepare model routing, fallback, cost attribution, provider review, agent approval, and eval controls before live AI paths expand.","sequence":["Define model-route register","Attach allowed data and blocked data","Map approval and fallback paths","Attach eval and cost owner"],"proofRoutes":["/trust-os","/agents","/continuous-review-audit","/platform-power"],"retainedBoundary":"AI orchestration readiness is not live autonomous AI, PHI model processing, production model approval, or model-safety certification."},{"slug":"evidence-intelligence","name":"Evidence intelligence and retrieval discipline","owner":"Atlas + interoperability + health-records safety","objective":"Ensure AI and operator outputs can cite source class, proof route, standards mapping, freshness, and reviewer boundaries.","sequence":["Classify source","Attach evidence route","Run no-PHI safety check","Assign reviewer or retained gate"],"proofRoutes":["/atlas","/source-intelligence","/health-records","/interoperability"],"retainedBoundary":"Evidence intelligence does not approve patient matching, payer submission, clinical decisions, or EHR writeback."},{"slug":"agent-eval-red-team","name":"Agent evaluation, red-team, and approval workflow","owner":"QA + TrustOps + internal research team","objective":"Turn agent failures, hallucination pressure, unsafe claims, and future research into deterministic tests and human escalation.","sequence":["Capture failure pattern","Add eval or smoke assertion","Route high-risk cases to human owner","Update claim guard and blocked-action list"],"proofRoutes":["/continuous-review-audit","/qa-claim-guard","/qa-activation-seal","/qa-buyer-proof-release"],"retainedBoundary":"Agent evaluation does not claim error-free AI, clinical validation, autonomous remediation, or public quantum capability."},{"slug":"platform-margin-telemetry","name":"Platform margin, telemetry, and scale economics","owner":"Finance + platform operations + service reliability","objective":"Tie API, UI, AI, support, review, and storage costs to pricing, package scope, and enterprise scale readiness.","sequence":["Assign cost owner","Define usage ceiling","Attach latency and quality signal","Route price-floor and change-order triggers"],"proofRoutes":["/enterprise-business-ops","/enterprise-scalability","/public-market-readiness","/service-reliability"],"retainedBoundary":"Telemetry and margin discipline are not audited financial reporting, accounting advice, or profit guarantees."},{"slug":"external-review-readiness","name":"External review and certification readiness","owner":"Legal, security, privacy, accessibility, clinical governance, and regional counsel","objective":"Prepare the API, UI, and AI evidence needed for future security, accessibility, privacy, AI governance, clinical, and regional reviews.","sequence":["Identify required review authority","Map evidence pack","Retain blocked claims","Escalate before external commitments"],"proofRoutes":["/approvals-readiness","/global-certification-readiness","/boundary-resolution","/platform-power"],"retainedBoundary":"Review readiness is not certification, conformity, legal approval, clinical authority, or public-sector approval."}],"cadences":[{"cadence":"Daily API contract and boundary review","owner":"Platform engineering + release steward","reviewedSignals":["new route","schema drift","boundary header","auth posture","public smoke"],"decisionOutput":"Promote, hold, or route the API to owner review before public or buyer-facing language expands.","hardStops":["owner missing","schema missing","PHI allowed","public API SLA implied"]},{"cadence":"Daily UI command-path scan","owner":"Product Console + customer operations","reviewedSignals":["role journey","primary nav","hub view","product action","limitation path"],"decisionOutput":"Keep high-value workflows discoverable and remove navigation dead ends before demos.","hardStops":["route orphaned","text overlap","buyer-critical path hidden","limitation path missing"]},{"cadence":"Daily AI safety and eval queue","owner":"Continuous review + TrustOS + QA","reviewedSignals":["unsafe output","hallucination pressure","claim drift","tool request","eval failure"],"decisionOutput":"Route to eval, claim guard, owner review, or blocked-action update.","hardStops":["error-free AI claimed","clinical validation implied","tool execution without approval"]},{"cadence":"Weekly model-route and provider review","owner":"AI platform + security + finance","reviewedSignals":["provider","model","allowed data","fallback","cost tag","approval status"],"decisionOutput":"Approve for sandbox planning, hold for external review, or block for PHI/production use.","hardStops":["PHI route","provider approval missing","production model approval implied","cost owner missing"]},{"cadence":"Weekly design and accessibility readiness","owner":"Frontend + QA + accessibility reviewer","reviewedSignals":["responsive route","keyboard path","contrast","copy length","demo readiness"],"decisionOutput":"Mark UI route ready for demo, route to cleanup, or hold external use.","hardStops":["accessibility certified claimed","mobile route unusable","keyboard path missing"]},{"cadence":"Monthly platform margin and scale council","owner":"Finance + platform operations + deal desk","reviewedSignals":["model cost","support load","latency","usage ceiling","margin floor","change order"],"decisionOutput":"Update packaging, pricing, limits, support assumptions, and enterprise scale workstreams.","hardStops":["profit guarantee claimed","unfunded support promise","SLA implied","usage ceiling missing"]}],"bottlenecks":[{"slug":"api-contracts-not-yet-openapi","name":"API contracts are typed but not yet exported as OpenAPI or SDKs","status":"human-review-required","impact":"Enterprise technical buyers can inspect live JSON and brief endpoints, but developer adoption will remain slower until formal contracts, examples, and SDK packaging exist.","workaround":"Use route summaries, smoke-tested JSON, boundary headers, and markdown briefs as the interim contract packet.","graduationGate":"OpenAPI spec, examples, auth model, rate limits, SDK backlog, version policy, and developer docs are reviewed.","owner":"Platform engineering + developer experience","proofRoutes":["/platform-power","/navigation","/api/product/console"]},{"slug":"live-ai-not-enabled","name":"Live AI model execution remains intentionally gated","status":"external-review-required","impact":"The AI posture can be evaluated through architecture, agents, evals, and synthetic proof, but production model calls need provider, privacy, safety, cost, and legal review.","workaround":"Use deterministic synthetic summaries, model-route registers, eval design, TrustOS checks, and human approval packets.","graduationGate":"Approved model provider, allowed data class, eval pass criteria, monitoring, human approval flow, and customer-specific authority exist.","owner":"AI platform + TrustOS + security + finance","proofRoutes":["/trust-os","/agents","/continuous-review-audit","/platform-power"]},{"slug":"accessibility-certification-not-complete","name":"Accessibility certification is not complete","status":"external-review-required","impact":"The UI can be improved continuously, but enterprise procurement may require formal WCAG, VPAT, or Section 508 review before certain buyer claims.","workaround":"Run manual UI quality checks, keep layouts stable, avoid text overlap, expose role navigation, and retain accessibility review as a named gate.","graduationGate":"Qualified accessibility review, remediation evidence, VPAT or equivalent artifact, and approved external claims.","owner":"Frontend + accessibility reviewer + legal ops","proofRoutes":["/platform-power","/navigation","/product"]},{"slug":"public-api-rate-limits-not-contracted","name":"Public API rate limits are readiness targets, not contracted terms","status":"human-review-required","impact":"SCRIMED can scope route classes and quotas, but it cannot imply unlimited use, contractual uptime, or managed service coverage.","workaround":"State route class, draft quota, throttle behavior, support assumption, and no-SLA boundary on enterprise packets.","graduationGate":"Contract, staffing, monitoring, incident response, support tier, and executive approval define the exact commitment.","owner":"Platform + legal ops + customer operations","proofRoutes":["/platform-power","/enterprise-scalability","/service-reliability"]},{"slug":"agent-tool-approval-needs-production-runtime","name":"Agent tool approval needs production runtime approval","status":"human-review-required","impact":"Agents can be described, evaluated, and routed, but protected actions need approval states, audit logging, and fail-closed runtime behavior.","workaround":"Use agent registry, QA packets, claim guard, human approval rules, and protected workspace evidence before any execution claim.","graduationGate":"Approved tool schemas, human approval UI, audit persistence, rollback behavior, and customer-specific authority.","owner":"AgentOS + QA + platform engineering","proofRoutes":["/agents","/qa-claim-guard","/qa-manual-execution-console","/platform-power"]},{"slug":"evidence-rag-still-synthetic","name":"Evidence retrieval remains synthetic and metadata-only","status":"blocked-before-approval","impact":"SCRIMED can demonstrate source attribution, extraction planning, and Trust Cards without ingesting live PHI or protected medical records.","workaround":"Use synthetic fixtures, no-PHI examples, source classes, external evidence references, and health-record safety gates.","graduationGate":"PHI authority, customer environment, BAA/DPA if required, security review, connector approval, and clinical governance approval.","owner":"Atlas + interoperability + privacy + clinical governance","proofRoutes":["/atlas","/health-records","/interoperability","/boundary-resolution"]},{"slug":"trillion-scale-positioning-boundary","name":"Trillion-dollar-scale positioning must stay evidence-based","status":"human-review-required","impact":"The platform can be designed with world-class discipline, but SCRIMED cannot claim equivalent scale, staffing, certifications, or infrastructure until evidence exists.","workaround":"Frame the product as enterprise-grade readiness with explicit proof routes, operating controls, and retained external gates.","graduationGate":"Audited scale evidence, customer proof, security certifications, support operations, incident history, financial controls, and qualified release approval.","owner":"Founder + product + legal + finance + platform","proofRoutes":["/platform-power","/enterprise-scalability","/enterprise-business-ops","/public-market-readiness"]}],"blockedClaims":["trillion-dollar company parity guaranteed","public API SLA approved","production API marketplace launched","unlimited API scale approved","production API uptime guaranteed","live autonomous AI approved","production model routing approved","external LLM provider approved for production PHI","agent actions fully autonomous","tool execution approved without human review","RAG answers clinically validated","model safety certified","AI governance certification granted","accessibility certified","security certification granted","SOC 2 certified","HITRUST certified","PHI processing authorized","EHR access approved","FHIR writeback approved","payer submission approved","clinical decision support authorized","contractual uptime guaranteed","managed service commitment active","error-free AI guaranteed"],"proofRoutes":["/navigation","/product","/api/product/console","/pilot-workspace/access","/clinical-authority-readiness","/boundary-resolution","/workflows/execution-attempts","/workflows/runtime-safety","/service-reliability","/qa-manual-execution-console","/","/hub","/trust-os","/agents","/continuous-review-audit","/public-market-readiness","/qa-claim-guard","/qa-activation-seal","/atlas","/source-intelligence","/health-records","/interoperability/evaluations","/enterprise-business-ops","/enterprise-scalability","/api/platform-power","/platform-power","/interoperability","/qa-buyer-proof-release","/approvals-readiness","/global-certification-readiness","/api/platform-power/brief"],"hardStops":["route lacks owner","schema missing","boundary headers missing","public API SLA implied","breaking change unannounced","migration path missing","customer-specific approval missing","PHI requested","production credential requested","AAL2 bypass attempted","tenant owner missing","retry ceiling absent","duplicate evidence risk","dead-letter owner missing","autonomous remediation implied","unlimited usage promised","abuse path missing","contractual uptime implied","support coverage implied","route orphaned","buyer-critical task hidden","limitation path missing","text overlap","mobile route unusable","accessibility certification claimed","unreviewed external demo","PHI routed to model","provider approval missing","production model approval implied","cost owner missing","tool execution without approval","clinical action requested","contract or payment action requested","production remediation requested","error-free AI claimed","clinical validation claimed","unsafe output untriaged","public quantum claim made","source missing","PHI included","clinical validation implied","EHR writeback requested","profit guarantee claimed","SLA implied","support commitment unfunded","owner missing","PHI allowed","buyer-critical path hidden","PHI route","accessibility certified claimed","keyboard path missing","unfunded support promise","usage ceiling missing"],"owners":["Platform engineering, product, and developer experience","Security, tenant governance, platform engineering, and customer authority owners","Runtime safety, service reliability, and QA","Product Console, design systems, sales engineering, and release operators","Frontend, design systems, QA, and accessibility reviewers","AI platform, TrustOS, security, finance, and model governance","AgentOS, TrustOS, QA, clinical governance, and release stewardship","Atlas, interoperability, TrustOS, source intelligence, and product","Finance, platform operations, service reliability, and deal desk","Platform engineering + product","Developer experience + release stewardship","Security + tenant governance","Runtime safety + QA","Platform + service reliability + security","Product Console + customer operations","Frontend + QA + accessibility reviewer","AI platform + TrustOS + security + finance","AgentOS + TrustOS + QA","Continuous review, QA, TrustOps, and internal research","Atlas + source intelligence + interoperability","Service reliability + finance + platform operations","Platform engineering + developer experience","Product Console + frontend + sales engineering","Atlas + interoperability + health-records safety","QA + TrustOps + internal research team","Finance + platform operations + service reliability","Legal, security, privacy, accessibility, clinical governance, and regional counsel","Platform engineering + release steward","Continuous review + TrustOS + QA","AI platform + security + finance","Finance + platform operations + deal desk","Frontend + accessibility reviewer + legal ops","Platform + legal ops + customer operations","AgentOS + QA + platform engineering","Atlas + interoperability + privacy + clinical governance","Founder + product + legal + finance + platform"],"recommendedOperatingPath":["Classify every API, UI, and AI improvement by buyer value, authority boundary, owner, and proof route.","Promote buyer-critical APIs into a contract register with versioning, schema, boundary headers, auth posture, examples, and smoke checks.","Keep UI upgrades role-based and operator-grade: primary nav, hub view, product action, journey, limitation route, and proof stack.","Keep AI paths in readiness mode until model provider, allowed data, evals, cost owner, monitoring, and human approval are approved.","Route PHI, EHR, clinical, legal, finance, security certification, accessibility certification, SLA, and trillion-scale claims to Boundary Resolution before external use.","Attach cost, latency, quality, support, and margin controls to every premium platform capability before enterprise packages expand."],"nextBuildStep":"Convert Platform Power into a contract-backed operating system: API contract register, role-based UI command paths, model-route register, agent approval workflow, evidence retrieval map, eval/red-team queue, accessibility review checklist, and cost/margin telemetry before external claims expand."},"productServicePortfolio":{"service":"scrimed-product-service-portfolio","route":"/offerings","apiRoute":"/api/offerings","briefRoute":"/api/offerings/brief","status":"product-service-portfolio-upgrade-active","briefStatus":"product-service-portfolio-brief-ready-no-advice","boundary":"SCRIMED Product and Services Portfolio organizes sellable offers, service packages, delivery paths, proof routes, margin controls, qualification gates, and retained approval boundaries for governed synthetic evaluations, readiness work, protected pilots, and enterprise operating-layer expansion. It is product, service, and commercial operating readiness only. It is not legal advice, accounting advice, tax advice, audited financial reporting, securities offering material, investment advice, valuation assurance, customer permission, revenue guarantee, profit-margin guarantee, reimbursement assurance, clinical validation, compliance certification, security certification, PHI processing authority, production connector approval, EHR writeback approval, payer submission approval, or live clinical care authorization.","authority":{"dataBoundary":"synthetic-business-and-metadata-only","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","legalAuthority":"qualified-review-required","accountingAuthority":"qualified-accounting-review-required","taxAuthority":"qualified-tax-review-required","financialAuthority":"not-audited-financial-report","revenueAuthority":"not-revenue-guarantee","profitAuthority":"not-profit-margin-guarantee","reimbursementAuthority":"no-reimbursement-guarantee","securitiesAuthority":"not-securities-offering-material","securityCertification":"not-security-certified","connectorAuthority":"not-production-connector-approved"},"offerCount":10,"sellableNowOfferCount":3,"packageReadyOfferCount":3,"packageCount":5,"deliveryPlaybookCount":5,"deliverableCount":50,"qualificationGateCount":41,"marginLeverCount":41,"marginControlCount":8,"externalReviewMarginControlCount":2,"boundaryResolutionCount":6,"blockedClaimCount":62,"proofRouteCount":34,"hardStopCount":25,"offerStatusCounts":{"sellable-now":3,"package-ready":3,"protected-gated":1,"pilot-ready":1,"external-review-required":2},"packageStatusCounts":{"entry":1,"growth":1,"enterprise":1,"strategic":1,"retained":1},"controlStatusCounts":{"active-control":4,"human-review-required":2,"external-review-required":2},"primaryRevenuePath":["Assessment Package","Readiness Sprint Package","Synthetic Pilot Package","Enterprise Activation Package","Enterprise Operating Layer License","Continuous Review Retainer"],"recommendedPosition":"Use /offerings as the canonical packaging layer: every buyer conversation should resolve to one package, one offer, one proof route, one margin control, and one retained boundary before pricing or implementation expands.","productServiceOfferings":[{"slug":"workflow-intelligence-assessment","name":"Workflow Intelligence Assessment","type":"assessment","status":"sellable-now","buyer":"Health system operations, access, revenue-cycle, documentation, and transformation leaders","trigger":"Buyer has a high-friction workflow but is not ready for live data, production connectors, or an enterprise pilot.","outcome":"A fixed-scope workflow map, automation candidate scorecard, governance gap register, value-measurement plan, and next-package recommendation.","deliverables":["Workflow friction map for one to three workflows","Automation candidate scorecard","No-PHI evidence inventory and missing-data register","Interoperability target map","Executive findings call and next-scope decision packet"],"activationPath":["Qualify sponsor, workflow owner, and buyer problem","Confirm no-PHI scope and current-state baseline questions","Run synthetic workflow and governance review","Return fixed deliverables and pilot recommendation"],"proofRoutes":["/product","/pricing","/pilot","/growth-engine","/interoperability"],"qualificationGates":["Named sponsor","One to three workflow targets","No PHI or production credentials","Buyer-approved measurement questions"],"marginLevers":["Fixed fee and capped scope","Template-driven discovery","No custom connector build","Clear upgrade path to synthetic pilot"],"blockedClaims":["medical advice","guaranteed savings","live workflow approval"],"boundary":"Operational intelligence for human leaders only; no clinical advice, PHI processing, live care, or production automation approval."},{"slug":"health-records-safety-assessment","name":"Health Records Safety Assessment","type":"assessment","status":"package-ready","buyer":"CMIO, clinical informatics, health information management, interoperability, privacy, and safety teams","trigger":"Buyer wants extraction, summarization, reconciliation, or source attribution across clinical records without exposing live patient data yet.","outcome":"A no-PHI extraction map, source-attribution plan, patient-safety lint checklist, standards crosswalk, and live-data approval path.","deliverables":["Document and record-source inventory","FHIR, HL7, DICOM, X12, terminology, and document-type crosswalk","Synthetic extraction test plan","Patient-safety lint checklist","Live-data gate and workaround map"],"activationPath":["Classify source systems and file types","Reject PHI, identifiers, production credentials, and live endpoints","Run synthetic extraction planner","Route live-data gates to named owners"],"proofRoutes":["/health-records","/interoperability","/clinical-authority-readiness","/boundary-resolution"],"qualificationGates":["No live PHI in discovery","Named privacy or security owner","Source system class identified","Clinical reviewer owner for safety questions"],"marginLevers":["Reusable extraction checklists","Synthetic fixtures first","Separate connector approval from assessment work","Paid upgrade for sandbox or protected-pilot planning"],"blockedClaims":["live PHI ingestion authorized","patient matching approved","EHR writeback approved","payer submission approved"],"boundary":"No-PHI extraction planning only; no patient matching, production connector use, EHR writeback, payer submission, or clinical action."},{"slug":"interoperability-readiness-sprint","name":"Interoperability Readiness Sprint","type":"sprint","status":"package-ready","buyer":"Integration, platform, IT, EHR, payer, data, and architecture teams","trigger":"Buyer needs a standards-aware implementation path before committing to a protected pilot or production connector work.","outcome":"A connector readiness map, standard bindings, data-boundary decisions, synthetic conformance checks, and implementation sequence.","deliverables":["Integration contract review","FHIR, SMART, HL7, DICOM, X12, terminology, and fixture mapping","Synthetic conformance evidence","Connector risk and approval register","Implementation sequence with data-boundary assumptions"],"activationPath":["Select target integration pattern","Map standards and conformance evidence","Run fixture validation","Prepare connector gate packet"],"proofRoutes":["/interoperability","/interoperability/evaluations","/integrations/fixture-validation","/health-records"],"qualificationGates":["Target standards named","Integration owner assigned","No production endpoint access required","Security and privacy review path known"],"marginLevers":["Standards templates","No custom live connector build in sprint","Separate production connector SOW","Reuse conformance evidence"],"blockedClaims":["production connector approved","certified interoperability","live PHI exchange approved"],"boundary":"Readiness and synthetic conformance only; production connector, PHI, security, and customer environment approval remain external gates."},{"slug":"trustos-ai-governance-audit","name":"TrustOS AI Governance Audit","type":"assessment","status":"sellable-now","buyer":"Compliance, privacy, legal, security, clinical governance, innovation, and executive AI oversight teams","trigger":"Buyer needs to govern AI adoption, vendor claims, model-risk decisions, and workflow promotion before clinical or operational expansion.","outcome":"A governance gap report, claims register, model/workflow oversight map, audit evidence plan, and approval-gate ladder.","deliverables":["AI governance gap register","Claims and prohibited-language review","Runtime safety and auditability map","Human-review responsibility model","Approval and certification readiness path"],"activationPath":["Collect no-sensitive-policy and workflow context","Run TrustOS and claims boundary review","Classify retained gates","Return governance action plan"],"proofRoutes":["/trust-os","/approvals-readiness","/global-certification-readiness","/qa-claim-guard","/boundary-resolution"],"qualificationGates":["Governance sponsor","Intended-use language","No confidential policy upload required","Qualified review owner for legal or regulatory conclusions"],"marginLevers":["Repeatable TrustOS framework","Reusable claims-control templates","Paid retainer path for continuous review","External-review work explicitly excluded unless scoped"],"blockedClaims":["legal approval","regulatory approval","security certification","clinical validation"],"boundary":"Governance readiness only; legal, regulatory, security, certification, and clinical authority require qualified external review."},{"slug":"synthetic-pilot-evaluation","name":"Synthetic Pilot Evaluation","type":"pilot","status":"sellable-now","buyer":"Enterprise buyers ready to test governed workflow intelligence before live integration","trigger":"Buyer has sponsor, review team, workflow scope, decision criteria, and enough budget authority for a 45 to 90 day synthetic pilot.","outcome":"A governed synthetic pilot with workflow packets, Trust Cards, QA evidence, operating metrics, proof routes, and protected-pilot recommendation.","deliverables":["Synthetic workflow packet","AgentOS task plan and Atlas evidence mapping","TrustOS decision and QA evidence packet","Operational metric baseline plan","Protected-pilot or enterprise-license decision register"],"activationPath":["Confirm sponsor, review team, and target workflow","Approve synthetic scenario and decision metrics","Run governed workflow evaluation","Package evidence and next commitment"],"proofRoutes":["/pilots","/evaluation","/workflows/results","/qa-evidence","/pilot-deal-room"],"qualificationGates":["Named sponsor","Review team","Approved synthetic packet","No production connector required","Buyer-approved success metrics"],"marginLevers":["Pilot playbook reuse","Synthetic data first","Capped workflow count","Paid diligence and protected workspace add-ons"],"blockedClaims":["clinical validation","guaranteed ROI","production readiness approved","customer value claim without permission"],"boundary":"Synthetic evaluation only; no diagnosis, treatment, payer submission, patient outreach, live PHI, or production connector execution."},{"slug":"clinical-operations-automation-blueprint","name":"Clinical Operations Automation Blueprint","type":"sprint","status":"protected-gated","buyer":"Clinical operations, transformation, care navigation, documentation, revenue-cycle, and public-sector program teams","trigger":"Buyer wants a safe automation roadmap before approving protected pilot, staffing, connector, or implementation commitments.","outcome":"A phased operating blueprint with workflow ownership, agent responsibilities, review queues, staffing assumptions, connector plan, and change-order triggers.","deliverables":["Prioritized automation roadmap","Agent responsibility map","Human-review operating design","Implementation labor and support assumptions","Connector and protected-pilot approval path"],"activationPath":["Select workflow family and operating owner","Map current-state handoffs","Define review queues and safety boundaries","Prepare implementation blueprint"],"proofRoutes":["/healthcare-intelligence-os","/product","/clinical-care-activation","/enterprise-business-ops"],"qualificationGates":["Clinical governance owner","Operations owner","Implementation budget discussion","No live-care authority assumed"],"marginLevers":["Blueprint as paid capped-scope service","Implementation labor separated from license","Change-order triggers","Support tier mapped before pilot expansion"],"blockedClaims":["live care authorized","autonomous clinical workflow","implementation approved without SOW"],"boundary":"Blueprint planning only; protected pilot, live clinical authority, connectors, staffing, and production procedures require approved scope and controls."},{"slug":"enterprise-proof-deal-room-activation","name":"Enterprise Proof and Deal Room Activation","type":"retainer","status":"pilot-ready","buyer":"Procurement, security, legal, executive sponsors, investor diligence, and enterprise buying committees","trigger":"Buyer due diligence requires custom proof packets, evidence rooms, release decisions, security review, and quote-to-contract packaging.","outcome":"A paid diligence and deal-room package that routes proof, access, recipient controls, release decisions, quote, SOW, data boundary, and next action.","deliverables":["Buyer proof route map","Diligence packet inventory","Release decision checklist","Quote-to-contract packet inputs","Evidence-room access and recipient-control assumptions"],"activationPath":["Qualify buying committee and diligence scope","Attach proof routes and protected workspace path","Route external release decisions","Produce quote-to-contract handoff"],"proofRoutes":["/pilot-deal-room","/pilot-workspace/access","/buyer-release-control-run","/enterprise-business-ops","/sales-operations"],"qualificationGates":["Buyer-specific diligence request","Customer permission path","AAL2 protected workspace owner","Legal and security review owner"],"marginLevers":["Paid diligence line item","Custom packet labor priced separately","Release decisions before external sharing","Scope cap and expiration date"],"blockedClaims":["customer permission granted","external sharing approved","security certification complete"],"boundary":"Diligence activation only; buyer-specific external sharing, customer permission, security certification, signed contracts, and production activation remain gated."},{"slug":"global-certification-readiness-pack","name":"Global Certification Readiness Pack","type":"sprint","status":"external-review-required","buyer":"Global health systems, sovereign programs, public-sector buyers, regional partners, and compliance teams","trigger":"Buyer asks how SCRIMED prepares for HIPAA, SOC 2, HITRUST, ISO, FDA, GDPR, EU AI Act, NHS, MHRA, Australia, or regional procurement gates.","outcome":"A region-aware readiness packet that maps evidence, blocked claims, local review owners, deployment profile, procurement questions, and certification sequence.","deliverables":["Global approval and certification track map","Regional buyer pack","Deployment profile and data-boundary assumptions","Blocked claims and evidence gap register","Qualified external-review routing plan"],"activationPath":["Identify region and buyer type","Map requested approval or certification language","Route external review owner","Package readiness-only evidence"],"proofRoutes":["/global-certification-readiness","/global-reach","/deployment-profiles","/approvals-readiness","/boundary-resolution"],"qualificationGates":["Region or procurement path named","No approval claim requested","Legal, privacy, security, or regional owner assigned","Deployment profile selected"],"marginLevers":["Readiness pack priced separately from certification work","Regional variation controlled","Partner economics reviewed","External review scoped explicitly"],"blockedClaims":["certified compliance","regional legal approval","government endorsement","public-sector procurement approved"],"boundary":"Readiness-only global planning; local legal, privacy, security, certification, procurement, hosting, and clinical approvals remain external gates."},{"slug":"continuous-review-innovation-retainer","name":"Continuous Review and Innovation Retainer","type":"retainer","status":"package-ready","buyer":"Enterprise sponsors, trust operations, governance teams, product leadership, and internal research stakeholders","trigger":"Buyer or internal leadership needs ongoing review loops for accuracy, evidence attribution, claims, defects, security drift, and future capability research.","outcome":"A retained operating cadence for agent-assisted review, issue routing, evidence updates, claims guard, incident learning, and internal innovation research assignments.","deliverables":["Review loop cadence and ownership map","Accuracy and evidence-attribution issue queue","Claims and public-language drift review","Security and dependency drift triage","Internal research backlog with quantum kept internal until approved"],"activationPath":["Select review loops and owners","Define escalation rules","Attach evidence routes","Run human-approved innovation backlog"],"proofRoutes":["/continuous-review-audit","/service-reliability","/operational-efficiency","/qa-evidence","/boundary-resolution"],"qualificationGates":["Accountable owner","No autonomous remediation promise","No public quantum claim","Human approval path for changes"],"marginLevers":["Recurring retainer","Automation-assisted review with human gates","Innovation research separated from production commitments","Escalations priced when they create implementation work"],"blockedClaims":["error-free AI","managed SOC/MDR","autonomous remediation","public quantum capability"],"boundary":"Agent-assisted and internal-research cadence only; humans approve remediation, public claims, production changes, and innovation disclosures."},{"slug":"enterprise-operating-layer-license","name":"Enterprise Operating Layer License","type":"enterprise-layer","status":"external-review-required","buyer":"Large health systems, payers, government health agencies, and multi-site healthcare organizations","trigger":"Buyer has completed protected validation and wants a governed annual or multi-year operating layer across workflows, agents, connectors, support, and governance.","outcome":"A proposed annual operating license with workflow packages, implementation services, support tier, governance cadence, connector plan, and expansion gates.","deliverables":["Annual license scope","Workflow and agent package plan","Implementation and connector SOW assumptions","Support and review cadence","Expansion and renewal evidence path"],"activationPath":["Validate pilot and protected workspace evidence","Confirm security, privacy, legal, and implementation controls","Approve license scope and payment terms","Run quote-to-contract and production-readiness review"],"proofRoutes":["/pricing","/enterprise-business-ops","/pilot-workspace/access","/public-market-readiness","/sales-operations"],"qualificationGates":["Protected pilot validated","Security and privacy review path","Legal and finance review","Implementation owner and budget","Customer approval path"],"marginLevers":["Annual prepay or multi-year options","Implementation services separated from license","Support tier priced","Usage and model-cost thresholds","Change-order controls"],"blockedClaims":["contract approved","production authorized","profit margin guaranteed","customer value claim without permission"],"boundary":"License proposal only until contracts, security, privacy, legal, finance, connector, support, and production authority are approved."}],"productServicePackages":[{"slug":"assessment-package","name":"Assessment Package","status":"entry","bestFor":"Buyers validating workflow pain, governance pressure, record extraction, or AI readiness before a pilot.","commercialModel":"Fixed-fee package with capped workflows and no-PHI discovery.","deliveryWindow":"2 to 4 weeks","includedOffers":["Workflow Intelligence Assessment","Health Records Safety Assessment","TrustOS AI Governance Audit"],"entryCriteria":["Named sponsor","No PHI","One to three workflow questions","Decision owner"],"proofRoutes":["/offerings","/pricing","/pilot","/health-records","/approvals-readiness"],"retainedBoundaries":["No live clinical care","No PHI","No legal, accounting, tax, security, or regulatory approval","No guaranteed savings"],"expansionPath":"Synthetic Pilot Evaluation or Interoperability Readiness Sprint"},{"slug":"sprint-package","name":"Readiness Sprint Package","status":"growth","bestFor":"Teams preparing standards, health-record safety, implementation blueprint, governance, or global readiness before protected work.","commercialModel":"Scoped sprint with clear deliverables, owner map, and upgrade gates.","deliveryWindow":"30 to 45 days","includedOffers":["Interoperability Readiness Sprint","Clinical Operations Automation Blueprint","Global Certification Readiness Pack"],"entryCriteria":["Owner assigned","Target domain selected","No production endpoint dependency","External-review lane known"],"proofRoutes":["/interoperability","/clinical-care-activation","/global-certification-readiness","/enterprise-business-ops"],"retainedBoundaries":["No certified compliance claim","No production connector approval","No regional approval claim","No implementation work without SOW"],"expansionPath":"Synthetic Pilot Evaluation or Enterprise Proof and Deal Room Activation"},{"slug":"synthetic-pilot-package","name":"Synthetic Pilot Package","status":"enterprise","bestFor":"Qualified enterprise buyers ready to evaluate governed workflow intelligence with synthetic evidence.","commercialModel":"Paid synthetic pilot with workflow count, evidence cadence, and decision criteria.","deliveryWindow":"45 to 90 days","includedOffers":["Synthetic Pilot Evaluation","TrustOS AI Governance Audit","Enterprise Proof and Deal Room Activation"],"entryCriteria":["Named sponsor","Review team","Synthetic packet approved","Buyer-approved success metrics"],"proofRoutes":["/pilots","/evaluation","/pilot-deal-room","/qa-evidence","/sales-operations"],"retainedBoundaries":["Synthetic only","No autonomous clinical action","No customer-value claim without permission","No protected evidence release without AAL2 gate"],"expansionPath":"Protected Enterprise Pilot or Enterprise Operating Layer License"},{"slug":"enterprise-activation-package","name":"Enterprise Activation Package","status":"strategic","bestFor":"Buying committees moving from pilot proof into protected diligence, contract review, implementation, and annual license planning.","commercialModel":"Enterprise proposal with license, implementation, diligence, support, and usage assumptions separated.","deliveryWindow":"90 to 180 days depending on buyer controls","includedOffers":["Enterprise Proof and Deal Room Activation","Clinical Operations Automation Blueprint","Enterprise Operating Layer License"],"entryCriteria":["Protected workspace path","Legal and finance review","Security review","Implementation owner","Payment path"],"proofRoutes":["/enterprise-business-ops","/pilot-workspace/access","/buyer-release-control-run","/public-market-readiness"],"retainedBoundaries":["No contract approval without executive and counsel review","No production activation without customer authority","No PHI without approved BAA/security controls","No margin or revenue guarantee"],"expansionPath":"Multi-year enterprise operating license or strategic platform partnership"},{"slug":"continuous-review-retainer","name":"Continuous Review Retainer","status":"retained","bestFor":"Customers or internal teams that need ongoing accuracy, evidence, claims, safety, and innovation review loops.","commercialModel":"Monthly or quarterly retainer with human-approved review loops and separately scoped implementation work.","deliveryWindow":"Ongoing cadence","includedOffers":["Continuous Review and Innovation Retainer","TrustOS AI Governance Audit","Enterprise Proof and Deal Room Activation"],"entryCriteria":["Accountable owner","Escalation rules","Review scope","No autonomous remediation promise"],"proofRoutes":["/continuous-review-audit","/service-reliability","/operational-efficiency","/qa-evidence"],"retainedBoundaries":["No managed SOC/MDR claim","No error-free AI claim","No autonomous production change","Quantum and frontier research stay internal until approved"],"expansionPath":"Enterprise operating cadence, renewal health packet, or internal research roadmap"}],"productServiceMarginControls":[{"slug":"package-before-custom-sow","control":"Package before custom SOW","status":"active-control","owner":"Revenue operations + Product Console","marginRisk":"Custom buyer requests can sprawl into unpaid discovery or unpriced implementation work.","operatingPolicy":"Map each opportunity to an approved package, included offers, excluded work, price floor, and expansion path before custom language leaves SCRIMED.","evidenceRoutes":["/offerings","/enterprise-business-ops","/growth-engine"],"hardStops":["custom SOW before package selected","unpriced implementation work","unsupported success fee"]},{"slug":"data-boundary-price-floor","control":"Data-boundary price floor","status":"human-review-required","owner":"Finance + Legal Ops + Privacy","marginRisk":"PHI, sandbox, connector, or production requests create security, review, support, and liability costs.","operatingPolicy":"Keep no-PHI work in standard packages; move sandbox, PHI, connector, or production work into separately reviewed paid scope.","evidenceRoutes":["/health-records","/clinical-authority-readiness","/enterprise-business-ops"],"hardStops":["PHI requested","production connector requested","BAA/security scope missing"]},{"slug":"diligence-work-monetization","control":"Diligence work monetization","status":"active-control","owner":"Buyer Diligence + Sales Operations","marginRisk":"Security, legal, procurement, and investor packets can become unpaid enterprise sales labor.","operatingPolicy":"Price custom proof packets, evidence-room work, buyer-specific release review, and security questionnaire effort as paid diligence or activation scope.","evidenceRoutes":["/pilot-deal-room","/pilot-workspace/access","/buyer-release-control-run"],"hardStops":["custom packet work without paid scope","external sharing before release decision","recipient controls missing"]},{"slug":"license-services-separation","control":"License and services separation","status":"active-control","owner":"Finance + Product + Implementation","marginRisk":"High-touch services can erode platform license margin if bundled into the annual fee.","operatingPolicy":"Separate annual operating license, implementation services, connector work, training, support tier, and continuous review retainer on every enterprise proposal.","evidenceRoutes":["/pricing","/enterprise-business-ops","/public-market-readiness"],"hardStops":["services bundled into license","support tier undefined","implementation acceptance criteria missing"]},{"slug":"claims-review-before-proof","control":"Claims review before proof expansion","status":"external-review-required","owner":"Claims governance + Counsel + Finance","marginRisk":"Unsupported ROI, reimbursement, customer value, certification, or investor claims can create legal and trust risk.","operatingPolicy":"Keep external claims in readiness mode until buyer-approved baselines, customer permission, counsel review, finance review, and release decisions exist.","evidenceRoutes":["/qa-claim-guard","/boundary-resolution","/public-market-readiness"],"hardStops":["ROI guarantee","reimbursement guarantee","customer claim without permission","certification claim without authority"]},{"slug":"model-cost-usage-review","control":"Model cost and usage review","status":"active-control","owner":"Product Engineering + Finance","marginRisk":"Large-context extraction, repeated evaluations, and proof-packet generation can silently compress margins.","operatingPolicy":"Attach usage assumptions, model routing, caching, volume thresholds, and overage review to pilots, retainers, and enterprise licenses.","evidenceRoutes":["/service-reliability","/operational-efficiency","/public-market-readiness"],"hardStops":["uncapped high-volume usage","model-cost spike","usage threshold missing"]},{"slug":"global-partner-economics-review","control":"Global partner economics review","status":"external-review-required","owner":"Strategic Partnerships + Finance + Tax + Regional Counsel","marginRisk":"Partner discounts, reseller terms, regional hosting, tax exposure, and delivery obligations can erode margin.","operatingPolicy":"Route reseller, referral, sovereign, affiliate, regional hosting, and implementation partner economics through finance, tax, counsel, and delivery review.","evidenceRoutes":["/global-reach","/global-certification-readiness","/enterprise-business-ops"],"hardStops":["cross-border margin-sharing commitment","regional tax review missing","partner delivery owner missing"]},{"slug":"retainer-escalation-scope","control":"Retainer escalation scope","status":"human-review-required","owner":"TrustOps + Product + Revenue Operations","marginRisk":"Continuous review can turn into unbounded remediation, support, or innovation work.","operatingPolicy":"Keep review loops, escalation routing, remediation, implementation, incident response, and innovation research as separate scope classes with approval gates.","evidenceRoutes":["/continuous-review-audit","/service-reliability","/operational-efficiency"],"hardStops":["autonomous remediation promised","managed SOC/MDR claim","implementation work hidden in retainer"]}],"productServiceBoundaryResolutions":[{"slug":"package-confusion","boundary":"Offer sprawl and buyer confusion","status":"active-control","riskIfIgnored":"Buyers, sales, delivery, and reviewers may discuss different scopes, causing slower deals and higher delivery risk.","currentControl":"One portfolio registry maps offers, packages, delivery windows, proof routes, and retained boundaries.","safeWorkaround":"Route every buyer conversation to /offerings before pricing, pilot, diligence, or implementation scope expands.","remainingGate":"Buyer-specific SOW, price, payment terms, and approval trail before commitment.","owner":"Product Console + Revenue Operations","proofRoutes":["/offerings","/api/offerings","/pricing","/growth-engine"],"prohibitedClaims":["custom scope approved without review","implementation included by default"]},{"slug":"custom-scope-margin-leak","boundary":"Custom scope margin leakage","status":"human-review-required","riskIfIgnored":"Enterprise urgency can move SCRIMED into unpaid diligence, weak payment terms, or unpriced implementation labor.","currentControl":"Margin controls require package selection, price-floor review, scope cap, diligence pricing, and services/license separation.","safeWorkaround":"Offer a capped assessment, readiness sprint, synthetic pilot, or paid diligence package before custom SOW work.","remainingGate":"Finance, legal, executive, and customer approval for custom scope and payment terms.","owner":"Finance + Legal Ops + Deal Desk","proofRoutes":["/offerings","/enterprise-business-ops","/pilot-deal-room"],"prohibitedClaims":["discount approved","profit margin guaranteed","contract approved"]},{"slug":"clinical-data-ask","boundary":"Buyer asks for PHI, live records, connectors, EHR writeback, or payer submission","status":"blocked-before-approval","riskIfIgnored":"Unsafe data exposure or unauthorized healthcare action could cross privacy, security, clinical, reimbursement, and connector boundaries.","currentControl":"Health Records Safety Assessment and Interoperability Readiness Sprint keep work no-PHI and synthetic until live-data owners approve.","safeWorkaround":"Use synthetic fixtures, metadata-only system descriptions, sandbox planning, source attribution, and live-data gate mapping.","remainingGate":"BAA/privacy/security approval, customer environment approval, clinical authority, connector acceptance, payer or EHR authorization as applicable.","owner":"Privacy + Security + Interoperability + Clinical Governance","proofRoutes":["/health-records","/interoperability","/clinical-authority-readiness","/boundary-resolution"],"prohibitedClaims":["PHI processing approved","production connector approved","EHR writeback approved","payer submission approved"]},{"slug":"roi-reimbursement-overclaim","boundary":"ROI, reimbursement, customer value, and revenue overclaim","status":"external-review-required","riskIfIgnored":"Sales, investor, or buyer language could outrun evidence and create legal, trust, reimbursement, or securities risk.","currentControl":"Claims review, buyer-approved baseline questions, finance methodology gates, and no-guarantee headers keep claims qualified.","safeWorkaround":"Use measured pilot signals, directional workflow metrics, and readiness-only language until customer permission and qualified review exist.","remainingGate":"Buyer-approved baseline, retained measurement evidence, customer permission, counsel review, finance review, and release decision.","owner":"Claims Governance + Finance + Counsel + Customer Sponsor","proofRoutes":["/qa-claim-guard","/public-market-readiness","/enterprise-business-ops","/boundary-resolution"],"prohibitedClaims":["ROI guaranteed","reimbursement guaranteed","revenue guaranteed","customer value claim approved"]},{"slug":"certification-approval-overclaim","boundary":"Certification, approval, and regional authority overclaim","status":"external-review-required","riskIfIgnored":"SCRIMED could appear to claim HIPAA, SOC 2, HITRUST, FDA, ONC, GDPR, EU AI Act, NHS, MHRA, Australia, or regional approval before qualified evidence exists.","currentControl":"Global Certification Readiness Pack keeps requests in evidence-building and external-review mode.","safeWorkaround":"Package readiness tracks, blocked claims, evidence gaps, and external-review owners without saying approval exists.","remainingGate":"Qualified external authority, applicable audit or certification process, regional counsel, security/privacy review, and buyer-specific acceptance.","owner":"Legal + Security + Privacy + Regional Counsel + Qualified Reviewers","proofRoutes":["/global-certification-readiness","/approvals-readiness","/global-reach","/boundary-resolution"],"prohibitedClaims":["HIPAA certified","SOC 2 certified","FDA cleared","regional approval granted"]},{"slug":"continuous-review-autonomy-overclaim","boundary":"Continuous review and innovation overclaim","status":"human-review-required","riskIfIgnored":"24/7 review loops or internal research could be mistaken for error-free AI, managed SOC/MDR coverage, autonomous remediation, or public quantum capability.","currentControl":"Continuous Review and Innovation Retainer separates agent-assisted review, human approval, remediation scope, and internal research.","safeWorkaround":"Use agents to flag, route, recommend, and preserve evidence; keep humans in charge of changes and keep quantum research internal.","remainingGate":"Human approval, security review, customer permission, evidence retention, and claims review before public or production use.","owner":"TrustOps + QA + Security + Internal Research Team","proofRoutes":["/continuous-review-audit","/service-reliability","/operational-efficiency","/boundary-resolution"],"prohibitedClaims":["error-free AI","managed SOC/MDR","autonomous remediation","public quantum capability"]}],"productServiceDeliveryPlaybooks":[{"phase":"Qualify","owner":"Founder + Revenue Operations","purpose":"Classify buyer problem, urgency, sponsor, disqualifiers, data boundary, and best-fit package.","buyerCommitment":"Sponsor, workflow, and no-PHI acknowledgement.","internalOutput":"Selected package, price floor, proof routes, and blocked claims.","proofRoutes":["/offerings","/pilot","/growth-engine"],"retainedBoundary":"Qualification is not contract approval or clinical approval."},{"phase":"Scope","owner":"Product Console + Deal Desk","purpose":"Translate buyer need into offer, deliverables, assumptions, exclusions, owner map, and upgrade path.","buyerCommitment":"Scope review and decision criteria.","internalOutput":"Scope packet, deliverable list, excluded work, and approval gates.","proofRoutes":["/offerings","/enterprise-business-ops","/pilot-deal-room"],"retainedBoundary":"Scope packet is not a signed SOW."},{"phase":"Prove","owner":"Sales Engineering + TrustOS + QA","purpose":"Attach proof routes, synthetic evidence, QA controls, claims guard, and release boundaries.","buyerCommitment":"Review team and approved metrics.","internalOutput":"Synthetic proof packet and claims-safe summary.","proofRoutes":["/evaluation","/qa-evidence","/qa-claim-guard"],"retainedBoundary":"Proof is synthetic or readiness-only until protected evidence and customer permission exist."},{"phase":"Convert","owner":"Deal Desk + Finance + Legal Ops","purpose":"Move qualified buyer into quote-to-contract, paid diligence, pilot, or enterprise activation.","buyerCommitment":"Budget owner, procurement route, billing assumptions, and review owners.","internalOutput":"Quote, SOW inputs, price floor, margin estimate, and approval trail.","proofRoutes":["/enterprise-business-ops","/sales-operations","/public-market-readiness"],"retainedBoundary":"Conversion materials are not legal, accounting, tax, or audited financial advice."},{"phase":"Expand","owner":"Customer Operations + Product + TrustOps","purpose":"Use retained evidence, adoption signals, support load, safety review, and governance cadence to expand safely.","buyerCommitment":"Expansion owner, renewal evidence, and approved next workflow.","internalOutput":"Expansion packet, renewal health signal, and next-package recommendation.","proofRoutes":["/continuous-review-audit","/service-reliability","/pilot-workspace/access"],"retainedBoundary":"Expansion does not authorize production clinical use, customer public claims, or connector changes without approvals."}],"proofRoutes":["/offerings","/api/offerings","/api/offerings/brief","/product","/pricing","/pilot","/growth-engine","/interoperability","/health-records","/clinical-authority-readiness","/boundary-resolution","/interoperability/evaluations","/integrations/fixture-validation","/trust-os","/approvals-readiness","/global-certification-readiness","/qa-claim-guard","/pilots","/evaluation","/workflows/results","/qa-evidence","/pilot-deal-room","/healthcare-intelligence-os","/clinical-care-activation","/enterprise-business-ops","/pilot-workspace/access","/buyer-release-control-run","/sales-operations","/global-reach","/deployment-profiles","/continuous-review-audit","/service-reliability","/operational-efficiency","/public-market-readiness"],"deliverables":["Workflow friction map for one to three workflows","Automation candidate scorecard","No-PHI evidence inventory and missing-data register","Interoperability target map","Executive findings call and next-scope decision packet","Document and record-source inventory","FHIR, HL7, DICOM, X12, terminology, and document-type crosswalk","Synthetic extraction test plan","Patient-safety lint checklist","Live-data gate and workaround map","Integration contract review","FHIR, SMART, HL7, DICOM, X12, terminology, and fixture mapping","Synthetic conformance evidence","Connector risk and approval register","Implementation sequence with data-boundary assumptions","AI governance gap register","Claims and prohibited-language review","Runtime safety and auditability map","Human-review responsibility model","Approval and certification readiness path","Synthetic workflow packet","AgentOS task plan and Atlas evidence mapping","TrustOS decision and QA evidence packet","Operational metric baseline plan","Protected-pilot or enterprise-license decision register","Prioritized automation roadmap","Agent responsibility map","Human-review operating design","Implementation labor and support assumptions","Connector and protected-pilot approval path","Buyer proof route map","Diligence packet inventory","Release decision checklist","Quote-to-contract packet inputs","Evidence-room access and recipient-control assumptions","Global approval and certification track map","Regional buyer pack","Deployment profile and data-boundary assumptions","Blocked claims and evidence gap register","Qualified external-review routing plan","Review loop cadence and ownership map","Accuracy and evidence-attribution issue queue","Claims and public-language drift review","Security and dependency drift triage","Internal research backlog with quantum kept internal until approved","Annual license scope","Workflow and agent package plan","Implementation and connector SOW assumptions","Support and review cadence","Expansion and renewal evidence path"],"qualificationGates":["Named sponsor","One to three workflow targets","No PHI or production credentials","Buyer-approved measurement questions","No live PHI in discovery","Named privacy or security owner","Source system class identified","Clinical reviewer owner for safety questions","Target standards named","Integration owner assigned","No production endpoint access required","Security and privacy review path known","Governance sponsor","Intended-use language","No confidential policy upload required","Qualified review owner for legal or regulatory conclusions","Review team","Approved synthetic packet","No production connector required","Buyer-approved success metrics","Clinical governance owner","Operations owner","Implementation budget discussion","No live-care authority assumed","Buyer-specific diligence request","Customer permission path","AAL2 protected workspace owner","Legal and security review owner","Region or procurement path named","No approval claim requested","Legal, privacy, security, or regional owner assigned","Deployment profile selected","Accountable owner","No autonomous remediation promise","No public quantum claim","Human approval path for changes","Protected pilot validated","Security and privacy review path","Legal and finance review","Implementation owner and budget","Customer approval path"],"marginLevers":["Fixed fee and capped scope","Template-driven discovery","No custom connector build","Clear upgrade path to synthetic pilot","Reusable extraction checklists","Synthetic fixtures first","Separate connector approval from assessment work","Paid upgrade for sandbox or protected-pilot planning","Standards templates","No custom live connector build in sprint","Separate production connector SOW","Reuse conformance evidence","Repeatable TrustOS framework","Reusable claims-control templates","Paid retainer path for continuous review","External-review work explicitly excluded unless scoped","Pilot playbook reuse","Synthetic data first","Capped workflow count","Paid diligence and protected workspace add-ons","Blueprint as paid capped-scope service","Implementation labor separated from license","Change-order triggers","Support tier mapped before pilot expansion","Paid diligence line item","Custom packet labor priced separately","Release decisions before external sharing","Scope cap and expiration date","Readiness pack priced separately from certification work","Regional variation controlled","Partner economics reviewed","External review scoped explicitly","Recurring retainer","Automation-assisted review with human gates","Innovation research separated from production commitments","Escalations priced when they create implementation work","Annual prepay or multi-year options","Implementation services separated from license","Support tier priced","Usage and model-cost thresholds","Change-order controls"],"blockedClaims":["guaranteed revenue","guaranteed ROI","guaranteed profit margin","audited financial reporting","legal advice","accounting advice","tax advice","securities offering material","investment advice","valuation assurance","HIPAA certified","SOC 2 certified","HITRUST certified","FDA cleared","ONC certified","GDPR compliant as a certified claim","PHI processing approved","production EHR connector approved","EHR writeback approved","payer submission approved","autonomous diagnosis","autonomous treatment","live clinical care authorized","public quantum capability","medical advice","guaranteed savings","live workflow approval","live PHI ingestion authorized","patient matching approved","production connector approved","certified interoperability","live PHI exchange approved","legal approval","regulatory approval","security certification","clinical validation","production readiness approved","customer value claim without permission","live care authorized","autonomous clinical workflow","implementation approved without SOW","customer permission granted","external sharing approved","security certification complete","certified compliance","regional legal approval","government endorsement","public-sector procurement approved","error-free AI","managed SOC/MDR","autonomous remediation","contract approved","production authorized","profit margin guaranteed","custom scope approved without review","implementation included by default","discount approved","ROI guaranteed","reimbursement guaranteed","revenue guaranteed","customer value claim approved","regional approval granted"],"hardStops":["custom SOW before package selected","unpriced implementation work","unsupported success fee","PHI requested","production connector requested","BAA/security scope missing","custom packet work without paid scope","external sharing before release decision","recipient controls missing","services bundled into license","support tier undefined","implementation acceptance criteria missing","ROI guarantee","reimbursement guarantee","customer claim without permission","certification claim without authority","uncapped high-volume usage","model-cost spike","usage threshold missing","cross-border margin-sharing commitment","regional tax review missing","partner delivery owner missing","autonomous remediation promised","managed SOC/MDR claim","implementation work hidden in retainer"],"updated":"2026-06-26"},"publicMarketReadiness":{"service":"scrimed-public-market-readiness","route":"/public-market-readiness","apiRoute":"/api/public-market-readiness","briefRoute":"/api/public-market-readiness/brief","protectedOperatorMetricRoute":"/pilot-workspace/access","protectedOperatorMetricApiRoute":"/api/pilot-workspaces/{workspaceSlug}/operator-metrics","protectedMetricRollupRoute":"/pilot-workspace/access","protectedMetricRollupApiRoute":"/api/pilot-workspaces/{workspaceSlug}/metric-rollups","protectedMetricRollupPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/metric-rollups/{snapshotId}/packet","protectedMetricTrendRoute":"/pilot-workspace/access","protectedMetricTrendApiRoute":"/api/pilot-workspaces/{workspaceSlug}/metric-trends","protectedMetricTrendPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/metric-trends/{reviewId}/packet","protectedBoardScorecardRoute":"/pilot-workspace/access","protectedBoardScorecardApiRoute":"/api/pilot-workspaces/{workspaceSlug}/board-scorecards","protectedBoardScorecardPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/board-scorecards/{scorecardId}/packet","protectedFinanceMethodologyRoute":"/pilot-workspace/access","protectedFinanceMethodologyApiRoute":"/api/pilot-workspaces/{workspaceSlug}/finance-methodology","protectedFinanceMethodologyPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/finance-methodology/packet","protectedExternalApprovalEvidenceRoute":"/pilot-workspace/access","protectedExternalApprovalEvidenceApiRoute":"/api/pilot-workspaces/{workspaceSlug}/external-approval-evidence","protectedExternalApprovalEvidencePacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/external-approval-evidence/packet","protectedReleaseDecisionRoute":"/pilot-workspace/access","protectedReleaseDecisionApiRoute":"/api/pilot-workspaces/{workspaceSlug}/release-decisions","protectedReleaseDecisionPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/release-decisions/packet","protectedNamedReviewerSignoffRoute":"/pilot-workspace/access","protectedNamedReviewerSignoffApiRoute":"/api/pilot-workspaces/{workspaceSlug}/reviewer-signoffs","protectedNamedReviewerSignoffPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/reviewer-signoffs/packet","protectedDistributionLockboxRoute":"/pilot-workspace/access","protectedDistributionLockboxApiRoute":"/api/pilot-workspaces/{workspaceSlug}/distribution-lockbox","protectedDistributionLockboxPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/distribution-lockbox/packet","protectedReleaseAuthorityAttestationRoute":"/pilot-workspace/access","protectedReleaseAuthorityAttestationApiRoute":"/api/pilot-workspaces/{workspaceSlug}/release-authority-attestations","protectedReleaseAuthorityAttestationPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/release-authority-attestations/packet","protectedEvidenceRoomRecipientAttestationRoute":"/pilot-workspace/access","protectedEvidenceRoomRecipientAttestationApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-recipient-attestations","protectedEvidenceRoomRecipientAttestationPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-recipient-attestations/packet","protectedEvidenceRoomAccessLogReconciliationRoute":"/pilot-workspace/access","protectedEvidenceRoomAccessLogReconciliationApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-access-log-reconciliation","protectedEvidenceRoomAccessLogReconciliationPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-access-log-reconciliation/packet","protectedEvidenceRoomProviderAdapterRoute":"/pilot-workspace/access","protectedEvidenceRoomProviderAdapterApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-provider-adapters","protectedEvidenceRoomProviderAdapterPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-provider-adapters/packet","protectedProviderSecurityReviewRoute":"/pilot-workspace/access","protectedProviderSecurityReviewApiRoute":"/api/pilot-workspaces/{workspaceSlug}/provider-security-reviews","protectedProviderSecurityReviewPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/provider-security-reviews/packet","protectedProcurementEvidenceRegistryRoute":"/pilot-workspace/access","protectedProcurementEvidenceRegistryApiRoute":"/api/pilot-workspaces/{workspaceSlug}/procurement-evidence","protectedProcurementEvidenceRegistryPacketApiRoute":"/api/pilot-workspaces/{workspaceSlug}/procurement-evidence/packet","status":"capital-efficiency-kpi-stack-ready","proofStackStatus":"public-market-readiness-capital-efficiency-kpi-stack","briefProofStackStatus":"public-market-readiness-board-brief-no-financial-advice","protectedOperatorMetricStatus":"aal2-protected-operator-metric-capture-no-phi","protectedMetricRollupStatus":"aal2-finance-reviewed-metric-rollups-no-phi","protectedMetricRollupPacketStatus":"aal2-audited-board-metric-packets-no-phi","protectedMetricTrendStatus":"aal2-board-trend-review-no-phi","protectedMetricTrendPacketStatus":"aal2-audited-board-trend-packets-no-phi","protectedBoardScorecardStatus":"aal2-rolling-quarter-board-scorecards-no-phi","protectedBoardScorecardPacketStatus":"aal2-audited-board-scorecard-packets-no-phi","protectedFinanceMethodologyStatus":"aal2-finance-methodology-gates-no-phi","protectedFinanceMethodologyPacketStatus":"aal2-audited-finance-methodology-gate-packets-no-phi","protectedExternalApprovalEvidenceStatus":"aal2-qualified-external-approval-evidence-links-no-phi","protectedExternalApprovalEvidencePacketStatus":"aal2-audited-external-approval-evidence-link-packets-no-phi","protectedReleaseDecisionStatus":"aal2-qualified-release-decision-workflow-no-phi","protectedReleaseDecisionPacketStatus":"aal2-audited-release-decision-claim-registry-packets-no-phi","protectedNamedReviewerSignoffStatus":"aal2-named-reviewer-signoff-metadata-no-phi","protectedNamedReviewerSignoffPacketStatus":"aal2-audited-named-reviewer-signoff-packets-no-phi","protectedDistributionLockboxStatus":"aal2-external-distribution-lockbox-disabled-no-phi","protectedDistributionLockboxPacketStatus":"aal2-audited-distribution-lockbox-packets-no-phi","protectedReleaseAuthorityAttestationStatus":"aal2-external-release-authority-attestations-disabled-no-phi","protectedReleaseAuthorityAttestationPacketStatus":"aal2-audited-release-authority-attestation-packets-no-phi","protectedEvidenceRoomRecipientAttestationStatus":"aal2-evidence-room-recipient-attestations-disabled-no-phi","protectedEvidenceRoomRecipientAttestationPacketStatus":"aal2-audited-evidence-room-recipient-attestation-packets-no-phi","protectedEvidenceRoomAccessLogReconciliationStatus":"aal2-evidence-room-access-log-reconciliation-disabled-no-phi","protectedEvidenceRoomAccessLogReconciliationPacketStatus":"aal2-audited-evidence-room-access-log-reconciliation-packets-no-phi","protectedEvidenceRoomProviderAdapterStatus":"aal2-evidence-room-provider-adapter-contracts-disabled-no-phi","protectedEvidenceRoomProviderAdapterPacketStatus":"aal2-audited-evidence-room-provider-adapter-packets-no-phi","protectedProviderSecurityReviewStatus":"aal2-provider-security-review-workbench-no-phi","protectedProviderSecurityReviewPacketStatus":"aal2-audited-provider-security-review-packets-no-phi","protectedProcurementEvidenceRegistryStatus":"aal2-procurement-evidence-registry-no-sensitive-artifacts","protectedProcurementEvidenceRegistryPacketStatus":"aal2-audited-procurement-evidence-registry-packets-no-sensitive-artifacts","thesis":"SCRIMED is healthcare intelligence infrastructure, not another AI model company.","investorNarrative":"While frontier labs burn billions to build general intelligence, SCRIMED captures healthcare-specific value by owning the workflow, trust layer, data loops, governance evidence, interoperability path, and measurable outcomes around healthcare operations.","efficientHealthcareIntelligence":"SCRIMED should own healthcare workflows, trust evidence, and outcomes while using model routing, task-specific agents, open/closed model optionality, and token-cost controls to avoid frontier-model dependency.","boundary":"SCRIMED Public Market Readiness organizes KPI definitions, unit-economics discipline, compliance logs, customer proof, governance documentation, model-efficiency controls, and investor narrative for enterprise operating maturity. It is not audited financial reporting, securities offering material, investment advice, accounting advice, tax advice, a valuation guarantee, clinical validation, reimbursement assurance, compliance certification, or live clinical execution authorization.","metricCount":10,"unitEconomicsPackageCount":4,"modelEfficiencyControlCount":4,"complianceLogCount":6,"customerProofStageCount":5,"boardCadenceCount":4,"limitationCount":5,"operatorMetricCatalogCount":5,"operatingMetrics":[{"id":"cost-per-workflow","name":"Cost per governed workflow","category":"unit-economics","unit":"USD per completed workflow packet","formula":"(model cost + infrastructure cost + review labor + support allocation) / completed governed workflow packets","targetDirection":"lower-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"AgentOS task trace, QA evidence ledger, proof-packet release audit, and workflow result validation.","proofRoute":"/workflows/results","boundary":"Synthetic and protected-pilot workflows only until buyer-approved production baselines exist."},{"id":"cost-per-patient-interaction","name":"Cost per patient interaction equivalent","category":"unit-economics","unit":"USD per synthetic or approved pilot interaction","formula":"(agent execution cost + routing cost + human-review cost) / synthetic or approved pilot interaction count","targetDirection":"lower-is-better","currentMaturity":"protected-pilot-measurement-required","auditSource":"Protected pilot sessions, buyer demo sessions, and approved customer baselines.","proofRoute":"/pilot-workspace/access","boundary":"No live patient interaction is authorized. Current use is a pilot-equivalent metric definition."},{"id":"cost-per-chart","name":"Cost per chart review","category":"unit-economics","unit":"USD per synthetic or approved chart-review work order","formula":"(document intelligence cost + model extraction cost + TrustQA review cost + reviewer time) / chart-review work orders","targetDirection":"lower-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"DocuTwin work orders, Trust Cards, and manual QA evidence packets.","proofRoute":"/modules/docutwin","boundary":"No PHI, record mutation, diagnosis insertion, or final note filing is authorized."},{"id":"cost-per-prior-auth","name":"Cost per prior authorization support packet","category":"unit-economics","unit":"USD per packet draft","formula":"(policy retrieval cost + document parsing cost + model drafting cost + reviewer time) / prior-auth packet drafts","targetDirection":"lower-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"Agent Workspace work orders, Atlas evidence layer, and proof packet audit.","proofRoute":"/agent-workspace","boundary":"No payer submission, coverage determination, or medical-necessity decision is authorized."},{"id":"cost-per-denial-appeal","name":"Cost per denial appeal support draft","category":"unit-economics","unit":"USD per reviewable appeal draft","formula":"(claim-context parsing + policy evidence retrieval + draft generation + qualified review allocation) / appeal-support drafts","targetDirection":"lower-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"RCM Agent work orders, TrustOS reviewer checkpoints, and governance packets.","proofRoute":"/workflows/results","boundary":"No final coding, billing, appeal submission, or reimbursement guarantee is authorized."},{"id":"time-saved-per-clinician","name":"Time saved per clinician","category":"workflow-value","unit":"minutes saved per reviewed workflow","formula":"buyer-approved baseline minutes - SCRIMED-assisted minutes for the same governed workflow","targetDirection":"higher-is-better","currentMaturity":"protected-pilot-measurement-required","auditSource":"Buyer baseline, protected pilot result packet, reviewer sign-off, and QA evidence.","proofRoute":"/pilot-evidence","boundary":"This is an operational-efficiency metric, not a clinical outcome claim."},{"id":"revenue-protected","name":"Revenue protected per payer or provider workflow","category":"workflow-value","unit":"USD at-risk revenue surfaced for qualified review","formula":"reviewed denial risk, missing-evidence exposure, or leakage opportunity identified under buyer-approved methodology","targetDirection":"higher-is-better","currentMaturity":"protected-pilot-measurement-required","auditSource":"Revenue workflow result packets, buyer finance review, and approved value methodology.","proofRoute":"/pricing","boundary":"Revenue protected is a reviewed operational signal, not a reimbursement promise or audited financial result."},{"id":"compliance-log-completeness","name":"Compliance log completeness","category":"compliance-governance","unit":"percentage of governed events with required metadata","formula":"governed events with required audit metadata / total governed events","targetDirection":"higher-is-better","currentMaturity":"synthetic-measurement-ready","auditSource":"Protected pilot audit events, TrustOS decisions, QA packets, and activation attestations.","proofRoute":"/audit","boundary":"Log completeness does not equal compliance certification or regulator acceptance."},{"id":"gross-margin-by-offer","name":"Gross margin by offer","category":"margin-discipline","unit":"percentage margin by package","formula":"(contracted package revenue - model cost - infrastructure cost - implementation labor - support allocation - reviewer allocation) / contracted package revenue","targetDirection":"within-approved-band","currentMaturity":"external-finance-review-required","auditSource":"Pricing model, sales deal room, finance review, usage logs, and delivery time tracking.","proofRoute":"/pricing","boundary":"Requires finance-reviewed cost accounting before external reporting or investor diligence use."},{"id":"model-cost-per-trust-card","name":"Model cost per Trust Card","category":"cost-control","unit":"USD per evidence-backed recommendation card","formula":"(retrieval cost + model route cost + validation cost + reviewer allocation) / Trust Cards generated","targetDirection":"lower-is-better","currentMaturity":"definition-ready","auditSource":"Atlas Trust Cards, model-router logs, validation records, and reviewer status.","proofRoute":"/atlas","boundary":"Trust Cards remain review support, not autonomous clinical decisions."}],"operatorMetricCatalog":[{"metricKey":"model-cost-usd","label":"Model cost","unit":"usd","publicMarketKpiId":"model-cost-per-trust-card","description":"Model, routing, retrieval, validation, and retry cost for a governed workflow window.","proofRoute":"/public-market-readiness","costDiscipline":"Use model routing, smaller task-specific models, retrieval-first execution, and retry budgets."},{"metricKey":"review-time-minutes","label":"Human review time","unit":"minutes","publicMarketKpiId":"time-saved-per-clinician","description":"Operator, reviewer, clinician-adjacent, or sales-engineering review minutes for a governed workflow window.","proofRoute":"/pilot-workspace/access","costDiscipline":"Track review load so SCRIMED can price human-in-the-loop safety without hiding labor cost."},{"metricKey":"delivery-hours","label":"Delivery hours","unit":"hours","publicMarketKpiId":"gross-margin-by-offer","description":"Implementation, QA, sales engineering, governance, or delivery hours spent on a scoped no-PHI workflow window.","proofRoute":"/pricing","costDiscipline":"Separate implementation services from platform license and protect enterprise gross margin."},{"metricKey":"proof-packet-count","label":"Proof packet count","unit":"count","publicMarketKpiId":"compliance-log-completeness","description":"Audited or generated proof packets released for a governed workflow window.","proofRoute":"/qa-evidence","costDiscipline":"Treat proof production as a repeatable evidence factory, not one-off consulting labor."},{"metricKey":"workflow-volume","label":"Workflow volume","unit":"count","publicMarketKpiId":"cost-per-workflow","description":"Completed synthetic, protected-pilot, or buyer-demo workflow packets in a measurement window.","proofRoute":"/workflows/results","costDiscipline":"Normalize operating cost by workflow output so SCRIMED can price against value and throughput."}],"unitEconomicsPackages":[{"packageName":"Workflow Intelligence Assessment","commercialStage":"paid assessment","priceSignal":"Starts at $50k; typical range $75k-$150k fixed fee","measurableValue":["workflow friction map","automation candidate scorecard","governance gap register","pilot success criteria"],"costDrivers":["discovery hours","workflow analysis","buyer workshops","executive findings"],"marginDiscipline":"Keep scope fixed, cap workshop hours, reuse SCRIMED assessment templates, and convert qualified accounts into higher-value pilots.","proofRoutes":["/pricing","/pilot-deal-room","/pilot"],"boundary":"Assessment output is operational intelligence, not legal, clinical, or regulatory advice."},{"packageName":"Synthetic Pilot Evaluation","commercialStage":"sellable pilot","priceSignal":"Starts at $150k; typical range $200k-$500k for 45-90 days","measurableValue":["cost per governed workflow","time saved estimate","workflow friction reduced","Trust Card completeness","production-readiness gates"],"costDrivers":["agent runs","synthetic workflow design","proof packets","review meetings","QA evidence"],"marginDiscipline":"Use task-specific agents, deterministic synthetic fixtures, bounded model routes, and reusable governance packets.","proofRoutes":["/product","/evaluation","/qa-evidence","/demos"],"boundary":"Synthetic data only; no PHI, diagnosis, payer submission, patient outreach, or live execution."},{"packageName":"Protected Enterprise Pilot","commercialStage":"protected pilot","priceSignal":"Starts at $750k; typical range $1M-$2.5M for 90-180 days","measurableValue":["buyer-approved workflow baseline","reviewer acceptance rate","override and escalation rates","cost per work order","readiness gates closed"],"costDrivers":["tenant setup","identity controls","human review","security diligence","governance operations"],"marginDiscipline":"Charge separately for connectors, implementation, evidence vault controls, custom support, and regional compliance work.","proofRoutes":["/pilot-workspace/access","/clinical-care-activation","/trust-safety-operations"],"boundary":"Protected pilot does not authorize live clinical execution until external approvals and customer-specific controls pass."},{"packageName":"Enterprise Operating License","commercialStage":"annual platform license","priceSignal":"Annual platform license starts at $2.5M; enterprise range $3M-$12M+","measurableValue":["workflows under governance","departments served","model cost per workflow","audit completeness","expansion revenue"],"costDrivers":["platform support","workflow count","connectors","monitoring","customer success"],"marginDiscipline":"Separate platform license from implementation services and charge add-ons for workflow, connector, region, and support expansion.","proofRoutes":["/pricing","/observability","/deployment-profiles"],"boundary":"Production terms require signed scope, security review, privacy controls, and human-review operating procedures."}],"modelEfficiencyControls":[{"control":"Task-specific agent routing","operatingPolicy":"Route narrow workflow tasks to specialized agents instead of a single large general-purpose agent.","costControl":"Use deterministic preprocessing, small-model classification, and retrieval-before-generation before escalating to premium models.","safetyControl":"Escalate uncertainty and high-risk clinical-adjacent content to human review.","proofRoute":"/agents"},{"control":"Open and closed model optionality","operatingPolicy":"Keep model-provider abstraction so SCRIMED can route between frontier APIs, healthcare-specific models, open-weight models, and future sovereign deployments.","costControl":"Choose the least expensive route that satisfies safety, latency, context, and evidence requirements.","safetyControl":"Do not route PHI-sensitive or regulated tasks without approved deployment controls.","proofRoute":"/healthcare-intelligence-os"},{"control":"Token and evidence budgets","operatingPolicy":"Attach workflow-level budgets for context size, evidence retrieval depth, model calls, retries, and reviewer effort.","costControl":"Track cost per workflow, Trust Card, chart, prior-auth packet, and denial draft.","safetyControl":"Block budget-driven shortcuts that remove citations, confidence, or review gates.","proofRoute":"/observability"},{"control":"Workflow-owned data loops","operatingPolicy":"Optimize around customer workflow outcomes rather than generic benchmark scores.","costControl":"Invest in reusable workflow traces, corrections, and governance packets that improve future runs without retraining foundation models.","safetyControl":"Use deidentified or synthetic feedback until privacy and customer data rights are approved.","proofRoute":"/pilot-evidence"}],"complianceLogs":[{"log":"Protected pilot audit events","owner":"TrustOS, engineering, and tenant admins","currentSource":"Tenant-scoped Supabase audit events and proof-packet release logs.","proofRoute":"/pilot-workspace/access","metricUse":"Compliance log completeness, customer proof, and buyer diligence.","boundary":"No PHI, secrets, or live medical records are stored in current protected packets."},{"log":"QA evidence ledger","owner":"Engineering and trust operations","currentSource":"Dated smoke, build, manual-run, and no-secret QA evidence.","proofRoute":"/qa-evidence","metricUse":"Release discipline, defect visibility, and investor diligence.","boundary":"QA evidence is product reliability evidence, not certification."},{"log":"Clinical activation dossier and approvals","owner":"Clinical governance, legal, security, privacy, and operations","currentSource":"No-PHI AAL2 clinical activation readiness attestations and packets.","proofRoute":"/clinical-care-activation","metricUse":"Hard-gate closure, readiness posture, and regulated deployment planning.","boundary":"Readiness attestations do not authorize live clinical care."},{"log":"Buyer diligence and secure evidence vault readiness","owner":"Sales operations, legal, privacy, and security","currentSource":"Buyer room, diligence packets, and disabled-by-default vault readiness controls.","proofRoute":"/pilot-deal-room","metricUse":"Customer proof, revenue-stage maturity, and enterprise procurement readiness.","boundary":"Sensitive buyer document storage remains disabled until approved controls exist."},{"log":"Protected operator metric ledger","owner":"Founder, finance advisor, product, and trust operations","currentSource":"AAL2 tenant-scoped no-PHI captures for model cost, review time, delivery hours, proof-packet count, and workflow volume.","proofRoute":"/pilot-workspace/access","metricUse":"Unit-economics discipline, board review, pricing posture, and finance-readiness coverage.","boundary":"Operator metrics are aggregate operating metadata, not audited financial reporting, securities offering material, valuation assurance, reimbursement assurance, or clinical validation."},{"log":"Trust Safety Operations","owner":"Trust, safety, legal, security, communications, and executive leadership","currentSource":"Incident, copyright, public-claims, safety, escalation, and continuous-improvement registers.","proofRoute":"/trust-safety-operations","metricUse":"Public-company operating discipline and brand-risk control.","boundary":"Current registers do not replace managed 24/7 SOC, counsel review, or insurance decisions."}],"customerProofStages":[{"stage":"Public product proof","buyerCommitment":"Self-guided inspection","scrimedProof":"Product console, demos, pricing, Trust Center, and public market readiness.","revenueSignal":"Qualified buyer enters pilot intake or sales conversation.","nextGate":"Paid assessment scope and no-PHI acknowledgement."},{"stage":"Paid assessment","buyerCommitment":"Fixed-fee workflow intelligence engagement","scrimedProof":"Workflow maps, governance gap register, KPI baseline plan, and pilot recommendation.","revenueSignal":"Assessment revenue plus qualified pilot conversion.","nextGate":"Synthetic pilot success criteria and sponsor approval."},{"stage":"Synthetic pilot","buyerCommitment":"45-90 day governed evaluation","scrimedProof":"Synthetic workflow packets, Trust Cards, QA evidence, observability, and buyer diligence export.","revenueSignal":"Pilot revenue and expansion case.","nextGate":"Protected pilot data boundary, security, legal, privacy, and identity approvals."},{"stage":"Protected enterprise pilot","buyerCommitment":"Tenant-isolated governed pilot","scrimedProof":"AAL2 access, audit events, approval workflow, command intelligence, and proof packets.","revenueSignal":"Protected pilot revenue and enterprise license proposal.","nextGate":"Signed production controls, human-review SOP, connector validation, and go-live approval."},{"stage":"Enterprise operating license","buyerCommitment":"Annual or multi-year platform agreement","scrimedProof":"Measured workflow value, margin discipline, governance reporting, and expansion roadmap.","revenueSignal":"Recurring platform revenue, modules, connectors, regions, and support expansion.","nextGate":"Board-level value review and multi-workflow expansion."}],"boardCadence":[{"cadence":"Weekly operating review","owner":"Founder, product, engineering, sales, and trust operations","reviewedSignals":["build and smoke status","protected route failures","sales intake quality","buyer proof packet readiness","known blockers"],"decisionOutput":"fix list, release gate, buyer follow-up, and next build step"},{"cadence":"Monthly metric review","owner":"Founder, finance advisor, sales, product, and delivery","reviewedSignals":["cost per workflow","pilot conversion","time saved signal","model cost trend","delivery effort by package"],"decisionOutput":"pricing adjustments, margin guardrails, and pilot scope standards"},{"cadence":"Quarterly governance review","owner":"Executive leadership, counsel, security, privacy, clinical advisors, and board advisors","reviewedSignals":["claims register","clinical activation gates","security/privacy blockers","incident trends","enterprise-readiness gaps"],"decisionOutput":"approved claims, prohibited claims, risk acceptances, and production readiness decisions"},{"cadence":"Investor diligence review","owner":"Founder, finance, legal, product, and investor relations","reviewedSignals":["customer proof ladder","unit economics maturity","gross margin assumptions","recurring revenue path","competitive edge"],"decisionOutput":"board memo, investor packet, and external-review queue"}],"limitations":[{"limitation":"No audited financial statements inside SCRIMED yet","impact":"External investors cannot treat current KPI stack as audited financial reporting.","workaround":"Use the KPI definitions, pricing tiers, sales audit evidence, and proof packets as operating-readiness material while finance and accounting review is completed.","graduationGate":"Finance-reviewed chart of accounts, revenue recognition policy, cost allocation, and audit-ready reporting."},{"limitation":"No live clinical outcomes","impact":"SCRIMED cannot claim patient-outcome improvement from production deployment.","workaround":"Report synthetic and protected-pilot operational metrics only, then graduate to customer-approved outcome studies after legal, clinical, privacy, and data rights approval.","graduationGate":"Customer-approved clinical governance protocol, IRB or ethics review when required, and signed data-processing path."},{"limitation":"No PHI-enabled cost telemetry","impact":"Patient-level cost per interaction remains a pilot-equivalent definition.","workaround":"Use synthetic interactions and buyer-approved aggregate workflow baselines until PHI authorization, BAA/DPA, consent, and production controls exist.","graduationGate":"Approved production data boundary, minimum-necessary design, audit controls, and customer authorization."},{"limitation":"No securities offering or valuation guarantee","impact":"Investor narrative must stay as strategic positioning, not investment solicitation.","workaround":"Keep public-market readiness language framed as internal operating discipline and diligence preparation, with counsel-reviewed materials before fundraising use.","graduationGate":"Qualified securities counsel, approved investor materials, and controlled data-room process."},{"limitation":"Secure evidence vault storage remains disabled by default","impact":"Sensitive buyer diligence artifacts cannot be uploaded into SCRIMED yet.","workaround":"Use metadata-only vault readiness and buyer-approved external secure channels until DLP, malware scanning, encryption, retention, legal hold, and access reviews are approved.","graduationGate":"Approved storage provider, security controls, legal terms, incident response, and access-review workflow."}],"nextBuildStep":"Add customer-ready security questionnaire response registry and procurement evidence routing without storing confidential questionnaires, SOC reports, penetration-test reports, credentials, PHI, signed legal artifacts, or sensitive customer documents in SCRIMED.","updated":"2026-06-20"},"releaseContinuity":{"service":"scrimed-release-continuity","route":"/release-continuity","apiRoute":"/api/release-continuity","briefRoute":"/api/release-continuity/brief","status":"release-continuity-checkpointed-aal2-boundary","briefStatus":"release-continuity-brief-operator-ready","authorizationStatus":"public-release-evidence-only-protected-aal2-required","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","releaseAuthority":"not-release-approval","securityCertification":"not-security-certified","approvalAuthority":"external-review-required","tokenHandling":"no-token-values-exposed-or-retained","boundary":"SCRIMED Release Continuity ties live production, source-control checkpoints, no-secret smoke checks, and protected AAL2 operator gates into one operating view. It does not mint tokens, store secrets, bypass AAL2, approve buyer release, authorize PHI processing, certify security or compliance, grant legal approval, or authorize live clinical care.","source":{"productionDomain":"https://app.scrimedsolutions.com","baselineDeploymentId":"dpl_EjfSCM5YKpWhHKDAa6FGmNDPnJ7K","baselineCommit":"6219f3616e71d163edd047e4d55074cc5089e2b8","baselineShortCommit":"6219f36","baselineTag":"scrimed-code-pt2-approvals-readiness-20260623","runtimeCommit":"7bf596c25bed03d6148923e4ab939a2abbfb2fff","runtimeBranch":"main","runtimeDeploymentUrl":"https://scrimed-site-2jx6xfd2i-temitayo-dahunsis-projects.vercel.app"},"gateCount":6,"resolvedGateCount":2,"operatorRequiredGateCount":2,"blockedByDesignGateCount":1,"externalReviewGateCount":1,"checkCount":7,"passedCheckCount":4,"gates":[{"key":"source-control-drift","name":"Source-control drift","status":"resolved","proof":"The approvals readiness and buyer release-control release was committed, tagged, pushed, and verified against origin/main.","bottleneck":"Production-only changes can become hard to audit if Vercel history moves ahead of GitHub.","workaround":"Keep every production release checkpointed by commit, tag, production smoke, and briefed release boundary.","owner":"Founder + Release Steward","proofRoutes":["/product","/api/product/console","/api/release-continuity"]},{"key":"public-production-smoke","name":"Public production smoke","status":"resolved","proof":"Public smoke validates the custom domain, HTML routes, JSON APIs, Markdown briefs, fail-closed protected routes, and approval boundaries.","bottleneck":"Public readiness can look healthy while protected writes still require explicit AAL2 proof.","workaround":"Pair public smoke with protected fail-closed checks and a separate AAL2 operator run when a fresh session exists.","owner":"Release Steward","proofRoutes":["/api/release-continuity","/api/product/console","/qa-evidence"]},{"key":"protected-aal2-happy-path","name":"Protected AAL2 happy path","status":"operator-required","proof":"TrustOps, Agent Workspace, and Buyer Release Control fail closed without a tenant-admin or pilot-lead AAL2 session.","bottleneck":"A terminal cannot safely create or retain a fresh human AAL2 bearer token without crossing the no-secret boundary.","workaround":"Use the protected browser workspace for no-secret verification, or run the CLI smoke only with a fresh external AAL2 token and dispose of it immediately after the run.","owner":"Approved tenant-admin or pilot-lead operator","proofRoutes":["/pilot-workspace/access","/buyer-release-control-run","/api/pilot-workspaces/{workspaceSlug}/buyer-release-control-run"]},{"key":"aal2-smoke-readiness-packet","name":"AAL2 smoke readiness packet","status":"operator-required","proof":"The no-secret AAL2 smoke readiness packet is exposed for release review while strict protected writes remain human-token and feature-flag gated.","bottleneck":"A release checklist can prove readiness surfaces exist, but it cannot prove authenticated protected writes without a fresh human AAL2 session.","workaround":"Inspect /api/qa-evidence/aal2-smoke-readiness, run npm run smoke:aal2:readiness, then use a short-lived authorized AAL2 token only for deliberate strict smoke.","owner":"Release Steward + Approved AAL2 Operator","proofRoutes":["/qa-aal2-run-evidence","/api/qa-evidence/aal2-smoke-readiness","/api/qa-evidence/aal2-smoke-readiness/brief"]},{"key":"secret-handling","name":"Secret handling","status":"blocked-by-design","proof":"Release scripts skip authenticated mutations unless a deliberate short-lived token is supplied outside the product and outside source control.","bottleneck":"Automating protected happy-path evidence with stored long-lived tokens would weaken the trust boundary.","workaround":"Prefer browser AAL2 operator panels; when CLI evidence is necessary, use explicit environment variables for one run and never write token values to docs, chat, CI logs, or code.","owner":"Security + Operator","proofRoutes":["/qa-run-control","/qa-launch-kit","/qa-human-run-packet"]},{"key":"regulated-approval-claims","name":"Regulated approval claims","status":"external-review-required","proof":"Approvals Readiness and Boundary Resolution keep legal, HIPAA, SOC 2, HITRUST, FDA, ONC, reimbursement, and public customer-permission claims externally gated.","bottleneck":"SCRIMED can prepare approval evidence, but it cannot self-certify or self-authorize regulated claims.","workaround":"Route public copy through Claim Guard, keep intended use narrow, retain external approval references, and require qualified reviewer sign-off before any claim expansion.","owner":"Founder + Legal/Security/Regulatory reviewers","proofRoutes":["/approvals-readiness","/boundary-resolution","/qa-claim-guard"]}],"checks":[{"name":"npm audit","status":"passed","evidence":"0 vulnerabilities at moderate threshold.","nextAction":"Repeat before each production release."},{"name":"Generated integrity","status":"passed","evidence":"Generated workspace integrity check passed.","nextAction":"Keep generated cache cleanup in the build lifecycle."},{"name":"TypeScript and ESLint","status":"passed","evidence":"TypeScript noEmit and ESLint completed cleanly.","nextAction":"Keep static checks required before deploy."},{"name":"Production public smoke","status":"passed","evidence":"Custom-domain public smoke passed across release, approval, QA, and fail-closed protected surfaces.","nextAction":"Run after each deploy and tag."},{"name":"Protected happy path","status":"requires-aal2-operator","evidence":"Fail-closed checks pass; authenticated mutation proof requires fresh human AAL2.","nextAction":"Use browser protected workspace or one-time short-lived AAL2 token run."},{"name":"AAL2 smoke readiness preflight","status":"requires-aal2-operator","evidence":"No-secret readiness packet is present; strict durable-store and stored-vector smoke still require a fresh authorized human AAL2 token and target runtime enablement.","nextAction":"Run npm run smoke:aal2:readiness before any strict protected smoke and retain only no-secret evidence."},{"name":"External certifications and approvals","status":"external-review-required","evidence":"Approval tracks are organized but not certified or cleared.","nextAction":"Move through qualified legal, security, regulatory, buyer, and certification-body review."}],"aal2SmokeReadiness":{"status":"aal2-smoke-readiness-preflight-ready-no-secret","apiRoute":"/api/qa-evidence/aal2-smoke-readiness","briefRoute":"/api/qa-evidence/aal2-smoke-readiness/brief","strictAttemptReady":false,"protectedHumanRunRequired":true,"operatorTokenRequired":true,"gateCount":8,"commandCount":4},"deploymentReleaseChecklist":[{"id":"generated-integrity-static-checks","label":"Generated integrity, typecheck, lint, and build","status":"required-before-release","command":"npm run test:nonsecret && npm run typecheck && npm run lint && npm run build","route":"/api/release-continuity","evidence":"Local static and contract checks must pass before any production deploy or buyer diligence expansion.","humanReviewRequired":false,"noSecretBoundary":"Static checks must run without PHI, credentials, bearer tokens, service-role keys, or production connector payloads."},{"id":"public-production-smoke","label":"Public production smoke","status":"required-before-release","command":"npm run smoke:public","route":"/api/release-continuity","evidence":"Public smoke verifies the deployed domain, public APIs, brief routes, safety headers, and fail-closed protected route posture.","humanReviewRequired":false,"noSecretBoundary":"Public smoke must never require or emit bearer tokens, Supabase service-role keys, PHI, or customer data."},{"id":"aal2-smoke-readiness-preflight","label":"AAL2 smoke readiness preflight","status":"aal2-smoke-readiness-preflight-ready-no-secret","command":"npm run smoke:aal2:readiness","route":"/api/qa-evidence/aal2-smoke-readiness","evidence":"No-secret readiness packet confirms operator gates, strict-smoke commands, and fail-closed modes while keeping strict attempt ready false until human AAL2 is present.","humanReviewRequired":true,"noSecretBoundary":"SCRIMED AAL2 Smoke Readiness is a no-secret operator preflight for synthetic AAL2 durable-store and stored-vector RPC smoke tests. It does not mint, expose, retain, validate, or bypass bearer tokens; protected APIs remain the source of truth for role, AAL2, feature flag, tenant, and RLS verification."},{"id":"strict-aal2-durable-store-smoke","label":"Strict AAL2 durable-store smoke","status":"blocked-until-human-aal2","command":"npm run smoke:aal2:durable-store:strict","route":"/api/workflows/execution-attempts/durable-store","evidence":"Authenticated record, replay, and review-disposition proof requires an authorized tenant-admin, pilot-lead, or reviewer session plus protected writes enabled on the target.","humanReviewRequired":true,"noSecretBoundary":"Strict durable-store smoke must use only short-lived local token material and retain no PHI, credentials, or token values."},{"id":"strict-stored-vector-rpc-smoke","label":"Strict stored-vector RPC smoke","status":"blocked-until-human-aal2","command":"npm run smoke:scrimed-stored-vector-rpc:strict","route":"/api/scrimed-build-roadmap/stored-vector-rpc-smoke","evidence":"Stored-vector lookup proof remains protected by the same AAL2 and tenant-role boundary as durable-store strict smoke.","humanReviewRequired":true,"noSecretBoundary":"Stored-vector smoke must not expose raw embeddings, token values, PHI, or production patient matching."}],"releaseEvidenceLedger":{"status":"release-evidence-ledger-active-no-secret","route":"/release-continuity#release-evidence-ledger","apiRoute":"/api/release-continuity/evidence-ledger","briefRoute":"/api/release-continuity/evidence-ledger/brief","entryCount":10,"passedNoSecretCount":6,"operatorRequiredCount":2,"externalReviewRequiredCount":1,"tokenMaterialCaptured":false,"productionApproval":false,"boundary":"SCRIMED Release Evidence Ledger records no-secret build, smoke, readiness, and protected-operator evidence metadata only. It does not store PHI, patient identifiers, bearer tokens, Supabase secrets, service-role keys, raw logs, production connector payloads, customer data, certification proof, release approval, or live clinical authority."},"releaseEvidencePromotion":{"status":"release-evidence-promotion-queue-active-human-gated","route":"/release-continuity#release-evidence-promotion","apiRoute":"/api/release-continuity/evidence-promotion","briefRoute":"/api/release-continuity/evidence-promotion/brief","queueCount":10,"shareableNoSecretCount":7,"operatorProofRequiredCount":2,"externalReviewRequiredCount":1,"tokenMaterialCaptured":false,"productionApproval":false,"buyerDistributionAuthority":"protected-buyer-diligence-only-after-review","externalDistributionAuthority":"not-authorized","publicClaimAuthority":"not-authorized-public-claim","boundary":"SCRIMED Release Evidence Promotion Queue converts no-secret release ledger entries into buyer-diligence candidates, protected operator proof blockers, and qualified-review requirements. It does not store PHI, tokens, raw logs, customer data, production connector payloads, certification evidence, public release approval, or live clinical authority."},"releaseEvidenceFreshnessGuard":{"status":"release-evidence-freshness-guard-active-no-secret","route":"/release-continuity#release-evidence-freshness-guard","apiRoute":"/api/release-continuity/evidence-freshness-guard","briefRoute":"/api/release-continuity/evidence-freshness-guard/brief","freshnessHash":"freshness-95ba01b3","freshnessAuthority":"fresh-rerun-required-before-external-use","publicDistributionAuthority":"not-authorized","customerSpecificAuthority":"not-authorized-without-customer-permission","cardCount":10,"internalFreshCount":2,"refreshRequiredCount":5,"humanAal2RefreshCount":2,"qualifiedReviewRefreshCount":1,"tokenMaterialCaptured":false,"productionApproval":false,"clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","securityCertification":"not-security-certified","boundary":"SCRIMED Release Evidence Freshness Guard is a no-secret recency and revalidation policy for release evidence. It does not rerun commands, store logs, store PHI, capture tokens, certify evidence, approve public distribution, approve production release, approve customer go-live, or authorize live clinical care."},"diligenceReleaseGate":{"status":"diligence-release-gate-active-no-production-approval","route":"/release-continuity#diligence-release-gate","apiRoute":"/api/release-continuity/diligence-gate","briefRoute":"/api/release-continuity/diligence-gate/brief","buyerDiligenceGate":"go-no-secret-metadata-with-release-steward-review","protectedAal2Gate":"no-go-until-human-aal2-retained-packet","publicDistributionGate":"no-go-until-qualified-review","productionReleaseGate":"no-go-not-release-approval","clinicalProductionGate":"no-go-not-authorized-live-care","gateCount":5,"goCount":2,"reviewRequiredCount":0,"noGoCount":3,"tokenMaterialCaptured":false,"productionApproval":false,"boundary":"SCRIMED Diligence Release Gate summarizes no-secret buyer diligence readiness while preserving NO-GO boundaries for protected AAL2 proof, public distribution, production release, PHI processing, certification, and live clinical care."},"diligencePacketManifest":{"status":"diligence-packet-manifest-active-no-secret","route":"/release-continuity#diligence-packet-manifest","apiRoute":"/api/release-continuity/diligence-packet-manifest","briefRoute":"/api/release-continuity/diligence-packet-manifest/brief","manifestHash":"diligence-manifest-73403733","packetUseAuthority":"no-secret-buyer-investor-diligence-only","publicDistributionAuthority":"not-authorized","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","securityCertification":"not-security-certified","itemCount":12,"includeNoSecretCount":6,"summaryOnlyCount":3,"withholdUntilHumanAal2Count":2,"withholdUntilQualifiedReviewCount":1,"noGoCount":3,"tokenMaterialCaptured":false,"productionApproval":false,"boundary":"SCRIMED Diligence Packet Manifest assembles no-secret buyer and investor diligence metadata only. It does not store PHI, bearer tokens, Supabase secrets, service-role keys, raw logs, customer data, production connector payloads, certification proof, release approval, public distribution approval, or live clinical authority."},"diligencePacketShareGuard":{"status":"diligence-packet-share-guard-active-human-gated","route":"/release-continuity#diligence-packet-share-guard","apiRoute":"/api/release-continuity/diligence-packet-share-guard","briefRoute":"/api/release-continuity/diligence-packet-share-guard/brief","guardHash":"diligence-share-75b52bf1","externalShareAuthority":"protected-diligence-only-after-human-review","recipientAuthorizationAuthority":"recipient-specific-human-approval-required","publicDistributionAuthority":"not-authorized","customerSpecificAuthority":"not-authorized-without-customer-permission","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","securityCertification":"not-security-certified","cardCount":7,"noGoCount":1,"reviewRequiredCount":5,"internalAllowCount":1,"tokenMaterialCaptured":false,"productionApproval":false,"boundary":"SCRIMED Diligence Packet Share Guard is a no-secret recipient and distribution control. It does not share packets, send emails, create calendar invites, approve public distribution, authorize PHI, certify security or compliance, approve production release, approve customer go-live, or authorize live clinical care."},"recipientQualificationMatrix":{"status":"recipient-qualification-matrix-active-no-secret","route":"/release-continuity#recipient-qualification-matrix","apiRoute":"/api/release-continuity/recipient-qualification-matrix","briefRoute":"/api/release-continuity/recipient-qualification-matrix/brief","qualificationHash":"recipient-qualification-e13fcd32","externalShareAuthority":"qualified-recipient-review-required","publicDistributionAuthority":"not-authorized","recipientIdentifierStorage":"not-stored-in-scrimed","customerSpecificAuthority":"not-authorized-without-customer-permission","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","securityCertification":"not-security-certified","recipientClassCount":6,"qualifiedReviewRequiredCount":4,"blockedRecipientCount":4,"revocationRequiredCount":6,"tokenMaterialCaptured":false,"productionApproval":false,"boundary":"SCRIMED Recipient Qualification Matrix is a no-secret recipient policy preflight for diligence packet sharing. It does not store recipient names, recipient emails, access grants, raw access logs, bearer tokens, PHI, customer data, signed approvals, legal opinions, certification evidence, production connector payloads, public distribution approval, customer go-live approval, or live clinical care authorization."},"releaseAuthorizationChain":{"status":"release-authorization-chain-active-no-release-approval","route":"/release-continuity#release-authorization-chain","apiRoute":"/api/release-continuity/authorization-chain","briefRoute":"/api/release-continuity/authorization-chain/brief","authorizationHash":"release-authorization-831a9179","safeUseLabel":"no-secret-metadata-chain-not-release-approval","chainDecision":"blocked-by-design","weakestLink":"diligence-release-gate:blocked-by-design","buyerDiligenceMetadataLane":"available-after-release-steward-review","protectedProofLane":"blocked-until-human-aal2","publicDistributionAuthority":"not-authorized","customerSpecificAuthority":"not-authorized-without-customer-permission","releaseAuthority":"not-release-approval","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","securityCertification":"not-security-certified","controlCount":8,"passedNoSecretCount":2,"humanReviewRequiredCount":1,"operatorRequiredCount":2,"externalReviewRequiredCount":0,"blockedByDesignCount":3,"tokenMaterialCaptured":false,"productionApproval":false,"boundary":"SCRIMED Release Authorization Chain composes the no-secret release ledger, evidence freshness guard, diligence gate, packet manifest, recipient qualification matrix, share guard, and AAL2 readiness into one weakest-link control view. It does not approve release, share packets, store recipient identifiers, retain token material, authorize PHI, certify security or compliance, approve customer go-live, or authorize live clinical care."},"nextOperatorActions":["Use /release-continuity before and after each production deployment.","Run /api/release-continuity/authorization-chain before any external packet reference so the weakest-link decision is visible across evidence, freshness, manifest, recipient, share, and AAL2 controls.","Assemble buyer and investor packets from /api/release-continuity/diligence-packet-manifest so every included artifact carries allowed fields, withheld material, and reviewer ownership.","Run /api/release-continuity/recipient-qualification-matrix before external packet references so recipient class, expiry, revocation, and no-identifier storage rules are explicit.","Apply /api/release-continuity/diligence-packet-share-guard before any packet is referenced outside SCRIMED so recipient class, human review, public distribution, and customer-specific authority stay explicit.","Run /api/release-continuity/evidence-freshness-guard before external packet reuse so stale, protected AAL2, and qualified-review evidence is refreshed or withheld.","Attach no-secret release evidence ledger entries to every buyer-facing release review.","Promote only metadata-safe ledger entries through the Release Evidence Promotion Queue before buyer distribution.","Use the Diligence Release Gate to label no-secret buyer-diligence GO items separately from strict AAL2, public-distribution, production, and clinical NO-GO items.","Run public production smoke on the custom domain after every deploy.","Inspect /api/qa-evidence/aal2-smoke-readiness before strict protected smoke.","Use /pilot-workspace/access for browser-session AAL2 protected verification when possible.","Use SCRIMED_BEARER_TOKEN only for a deliberate one-time CLI smoke, then dispose of it outside the product.","Keep approval, PHI, clinical, certification, and buyer-release claims gated until qualified external evidence exists."],"updated":"2026-06-23"},"serviceDelivery":{"service":"scrimed-service-delivery-workbench","route":"/service-delivery","apiRoute":"/api/service-delivery","briefRoute":"/api/service-delivery/brief","status":"service-delivery-workbench-active","briefStatus":"service-delivery-brief-ready-no-sla-authority","boundary":"SCRIMED Service Delivery Workbench converts packaged offers into scoped work orders, delivery phases, acceptance criteria, buyer handoffs, proof routes, margin protections, and retained healthcare authority gates. It is a product and services execution control surface only. It is not a statement of work, contract approval, legal advice, accounting advice, tax advice, audited financial reporting, contractual SLA, uptime guarantee, managed-service commitment, customer permission, revenue guarantee, profit-margin guarantee, clinical validation, compliance certification, security certification, PHI processing authority, production connector approval, EHR writeback approval, payer submission approval, or live clinical care authorization.","authority":{"dataBoundary":"synthetic-business-and-metadata-only","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","legalAuthority":"qualified-review-required","accountingAuthority":"qualified-accounting-review-required","taxAuthority":"qualified-tax-review-required","financialAuthority":"not-audited-financial-report","contractAuthority":"not-contract-approval","slaAuthority":"not-contractual-sla","customerPermission":"not-customer-permission","revenueAuthority":"not-revenue-guarantee","profitAuthority":"not-profit-margin-guarantee","reimbursementAuthority":"no-reimbursement-guarantee","securityCertification":"not-security-certified","connectorAuthority":"not-production-connector-approved"},"deliveryOfferCount":7,"readyToScopeOfferCount":2,"activeTemplateOfferCount":3,"protectedGatedOfferCount":2,"phaseCount":7,"workOrderTemplateCount":8,"artifactCount":7,"activationGateCount":8,"blockedBeforeApprovalGateCount":2,"packageBindingCount":5,"liveActivationPlanCount":7,"noPhiServiceReadyCount":3,"protectedPilotCandidateCount":2,"blockedBeforeLiveProductionCount":0,"evidenceRouteCount":34,"acceptanceCriteriaCount":21,"escalationTriggerCount":21,"marginProtectionCount":20,"hardStopCount":39,"offerStatusCounts":{"ready-to-scope":2,"active-delivery-template":3,"protected-gated":2},"phaseStatusCounts":{"ready-to-scope":1,"active-delivery-template":3,"protected-gated":2,"external-review-required":1},"workOrderStatusCounts":{"active-delivery-template":5,"protected-gated":2,"external-review-required":1},"gateStatusCounts":{"active-delivery-template":2,"ready-to-scope":1,"external-review-required":2,"protected-gated":1,"blocked-before-approval":2},"recommendedOperatingRule":"No SCRIMED service should move from buyer interest to delivery without a selected package, no-PHI intake, scope matrix, acceptance criteria, work-order template, proof route, margin control, and retained boundary.","nextServiceBuildMove":"Turn the highest-demand offers into repeatable delivery boards, then attach protected buyer evidence release only after AAL2, claim guard, and qualified review gates pass.","serviceDeliveryOffers":[{"slug":"workflow-intelligence-assessment-delivery","name":"Workflow Intelligence Assessment Delivery","portfolioOfferSlug":"workflow-intelligence-assessment","status":"ready-to-scope","serviceOwner":"Product Console and Revenue Operations","deliveryWindow":"2 to 4 weeks","buyerPromise":"Turn one to three operational pain points into a no-PHI workflow map, automation scorecard, evidence inventory, and next-package decision.","kickoffInputs":["Named sponsor and workflow owner","Target workflow list","Current-state questions and pain points","No-PHI discovery boundary acknowledgement"],"deliverables":["Workflow friction map","Automation candidate scorecard","Evidence inventory and missing-data register","Pilot or readiness-sprint recommendation"],"acceptanceCriteria":["All scoped workflows have owner, friction, evidence, and next action recorded","Buyer confirms no PHI or production credentials were provided","Recommendation is tied to a proof route and retained boundary"],"evidenceRoutes":["/offerings","/product","/growth-engine","/operational-efficiency"],"escalationTriggers":["Buyer requests PHI review","Buyer asks for guaranteed savings or ROI","Scope expands beyond three workflows"],"marginProtection":["Fixed fee","Capped workflow count","Change order for expanded mapping"],"retainedBoundary":"Operational intelligence only; no clinical advice, production automation, PHI processing, or guaranteed savings."},{"slug":"health-records-safety-assessment-delivery","name":"Health Records Safety Assessment Delivery","portfolioOfferSlug":"health-records-safety-assessment","status":"active-delivery-template","serviceOwner":"Health Records Safety Exchange, Interoperability, Privacy, and Clinical Governance","deliveryWindow":"2 to 5 weeks","buyerPromise":"Map safe record extraction, source attribution, patient-safety linting, interoperability standards, and live-data approval gates without accepting PHI.","kickoffInputs":["Source system class","Document or record-type inventory","Privacy/security owner","Clinical reviewer owner for safety questions"],"deliverables":["No-PHI extraction map","FHIR/HL7/DICOM/X12/terminology crosswalk","Source-attribution test plan","Live-data gate and workaround map"],"acceptanceCriteria":["Every source type has a safety check and retained approval gate","Synthetic extraction path is separated from live-data path","Blocked actions are visible in the handoff"],"evidenceRoutes":["/health-records","/interoperability","/clinical-authority-readiness","/boundary-resolution"],"escalationTriggers":["Buyer submits PHI","Buyer requests patient matching","Buyer requests writeback, payer submission, or live clinical action"],"marginProtection":["Assessment excludes live connector build","Separate protected-pilot or connector SOW","Reusable extraction checklist"],"retainedBoundary":"No-PHI extraction planning only; patient matching, production connectors, writeback, payer submission, and clinical action remain blocked."},{"slug":"interoperability-readiness-sprint-delivery","name":"Interoperability Readiness Sprint Delivery","portfolioOfferSlug":"interoperability-readiness-sprint","status":"active-delivery-template","serviceOwner":"Interoperability Control Plane and Platform Engineering","deliveryWindow":"30 to 45 days","buyerPromise":"Prepare a standards-aware connector path, synthetic conformance evidence, and implementation sequence before production access is requested.","kickoffInputs":["Target integration pattern","Standards named by buyer","Integration owner","Security and privacy review path"],"deliverables":["Connector readiness map","Standards binding register","Synthetic conformance evidence","Implementation sequence and open gates"],"acceptanceCriteria":["Every target standard has evidence route, owner, and gate","No live endpoint dependency exists inside sprint scope","Production connector approval is separated from readiness work"],"evidenceRoutes":["/interoperability","/interoperability/evaluations","/integrations/fixture-validation","/platform-power"],"escalationTriggers":["Buyer asks for live endpoint credentials","Buyer requests public API SLA","Security or privacy reviewer flags unresolved control"],"marginProtection":["Conformance templates reused","No custom live connector in sprint","Connector SOW priced separately"],"retainedBoundary":"Readiness and synthetic conformance only; production connector, PHI, security, privacy, and customer environment approval remain external gates."},{"slug":"trustos-ai-governance-audit-delivery","name":"TrustOS AI Governance Audit Delivery","portfolioOfferSlug":"trustos-ai-governance-audit","status":"ready-to-scope","serviceOwner":"TrustOS, Claim Guard, Legal Ops, Security, and Clinical Governance","deliveryWindow":"2 to 4 weeks","buyerPromise":"Create a governed AI adoption review with claims controls, oversight map, audit evidence plan, and approval-gate ladder.","kickoffInputs":["Intended-use language","AI workflow or vendor context","Governance sponsor","Qualified reviewer owner"],"deliverables":["AI governance gap register","Claims and prohibited-language review","Human-review responsibility model","Approval and certification readiness path"],"acceptanceCriteria":["Claims are classified as approved, evidence-required, or prohibited","Human review ownership is explicit","Legal, security, clinical, and regulatory conclusions are routed to qualified reviewers"],"evidenceRoutes":["/trust-os","/qa-claim-guard","/approvals-readiness","/global-certification-readiness"],"escalationTriggers":["Buyer requests legal approval","Buyer requests certification language","Clinical authority or medical-device language appears"],"marginProtection":["Repeatable TrustOS review pack","External review excluded unless scoped","Retainer path for continuous review"],"retainedBoundary":"Governance readiness only; legal, regulatory, security, certification, and clinical authority require qualified external review."},{"slug":"synthetic-pilot-evaluation-delivery","name":"Synthetic Pilot Evaluation Delivery","portfolioOfferSlug":"synthetic-pilot-evaluation","status":"protected-gated","serviceOwner":"Product Console, AgentOS, Atlas, TrustOS, QA, and Buyer Diligence","deliveryWindow":"45 to 90 days","buyerPromise":"Run governed synthetic workflow evaluation with workflow packets, Trust Cards, QA evidence, metrics, and protected-pilot recommendation.","kickoffInputs":["Sponsor and review team","Synthetic packet approval","Workflow count and success metrics","Protected evidence and release owners"],"deliverables":["Synthetic workflow packet","AgentOS task plan","Atlas evidence mapping","TrustOS decision and QA evidence packet","Protected-pilot or license recommendation"],"acceptanceCriteria":["Synthetic scenarios are approved before execution","QA evidence and claim guard are complete before buyer proof language","Protected evidence release remains AAL2 gated"],"evidenceRoutes":["/pilots","/evaluation","/qa-evidence","/qa-buyer-proof-release","/pilot-workspace/access"],"escalationTriggers":["Buyer requests live data","Buyer requests customer-specific external release","Buyer changes success metrics mid-run"],"marginProtection":["Paid pilot","Capped workflow count","Evidence-room and custom diligence priced separately"],"retainedBoundary":"Synthetic evaluation only; no diagnosis, treatment, payer submission, patient outreach, live PHI, or production connector execution."},{"slug":"enterprise-proof-deal-room-delivery","name":"Enterprise Proof and Deal Room Delivery","portfolioOfferSlug":"enterprise-proof-deal-room-activation","status":"protected-gated","serviceOwner":"Buyer Diligence, Sales Operations, Release Steward, Legal Ops, and Security","deliveryWindow":"2 to 8 weeks depending on buyer diligence","buyerPromise":"Package buyer-specific diligence, proof packets, release decisions, protected evidence-room boundaries, quote-to-contract inputs, and next action.","kickoffInputs":["Buying committee","Diligence request list","Release decision owner","Protected workspace access path"],"deliverables":["Buyer proof route map","Diligence packet inventory","Release decision checklist","Quote-to-contract handoff inputs"],"acceptanceCriteria":["Every external packet has release authority, recipient control, and access-log route","Custom claims are routed to Claim Guard","Contract and pricing commitments are separated from proof work"],"evidenceRoutes":["/pilot-deal-room","/buyer-release-control-run","/pilot-workspace/access","/enterprise-business-ops"],"escalationTriggers":["Buyer asks for customer names or protected evidence","Buyer requests security certification or penetration-test claim","Buyer asks for signed terms or pricing commitment"],"marginProtection":["Paid diligence line item","Expiration date on custom packet labor","Legal/security review scoped separately"],"retainedBoundary":"Diligence activation only; external sharing, customer permission, certification, signed contracts, and production activation remain gated."},{"slug":"continuous-review-innovation-retainer-delivery","name":"Continuous Review and Innovation Retainer Delivery","portfolioOfferSlug":"continuous-review-innovation-retainer","status":"active-delivery-template","serviceOwner":"TrustOps, QA, Security, Claim Guard, and Internal Research Team","deliveryWindow":"Monthly retained cadence","buyerPromise":"Operate agent-assisted accuracy review, evidence attribution, claims drift, security drift, incident learning, and internal innovation backlog with human approval gates.","kickoffInputs":["Accountable owner","Review loop selection","Escalation rule","Innovation research disclosure boundary"],"deliverables":["Review loop cadence","Accuracy and attribution issue queue","Claims drift review","Security and dependency drift triage","Internal innovation backlog"],"acceptanceCriteria":["Human owner approves every remediation or public claim","Quantum or future research stays internal unless approved","Escalations become separately scoped work when implementation labor is required"],"evidenceRoutes":["/continuous-review-audit","/service-reliability","/operational-efficiency","/qa-evidence"],"escalationTriggers":["Production remediation requested","Security incident suspected","Public future-tech claim requested"],"marginProtection":["Recurring retainer","Escalation labor priced separately","Research backlog separated from production commitments"],"retainedBoundary":"Agent-assisted and internal-research cadence only; humans approve remediation, public claims, production changes, and innovation disclosures."}],"serviceDeliveryPhases":[{"phase":"Qualify","status":"ready-to-scope","owner":"Revenue Operations","purpose":"Confirm buyer, sponsor, package, budget posture, no-PHI boundary, and decision owner before work is promised.","entryCriteria":["Inbound request","Buyer segment","Target offer"],"exitCriteria":["Sponsor named","Scope lane selected","Boundary accepted"],"proofRoutes":["/client-onboarding","/offerings","/sales-operations"],"hardStop":"Stop when sponsor, package, or no-PHI boundary is missing."},{"phase":"Scope","status":"active-delivery-template","owner":"Product Console and Delivery Lead","purpose":"Translate buyer interest into capped workflow count, deliverables, acceptance criteria, proof routes, and excluded work.","entryCriteria":["Qualified sponsor","Offer selected","Discovery notes"],"exitCriteria":["Scope matrix approved","Acceptance criteria recorded","Excluded claims listed"],"proofRoutes":["/service-delivery","/offerings","/enterprise-business-ops"],"hardStop":"Stop when requested work requires contract, legal, finance, PHI, connector, or clinical authority approval."},{"phase":"Kickoff","status":"active-delivery-template","owner":"Delivery Lead and Customer Operations","purpose":"Set owner map, cadence, artifacts, review checkpoints, communication path, and escalation rules.","entryCriteria":["Scope matrix","Buyer owners","Review cadence"],"exitCriteria":["Kickoff brief","Work-order board","Human-review owners"],"proofRoutes":["/client-onboarding","/service-delivery","/continuous-review-audit"],"hardStop":"Stop when buyer requests autonomous communication, calendar send, or unsupported SLA commitments."},{"phase":"Configure","status":"protected-gated","owner":"Platform, AgentOS, Atlas, TrustOS, and QA","purpose":"Prepare synthetic fixtures, task plans, evidence routes, TrustOS gates, and QA checks for scoped work orders.","entryCriteria":["Approved work order","Synthetic scenario","Evidence route"],"exitCriteria":["Fixture plan","Agent task map","QA checklist","Blocked action list"],"proofRoutes":["/evaluation","/qa-evidence","/platform-power"],"hardStop":"Stop when live endpoints, production credentials, PHI, or patient identifiers are requested."},{"phase":"Execute","status":"protected-gated","owner":"Delivery Lead, AgentOS, TrustOS, and named human reviewers","purpose":"Run scoped no-PHI work orders, collect evidence, route issues, and prevent claim expansion.","entryCriteria":["Configured work order","Reviewer owner","QA checklist"],"exitCriteria":["Evidence packet","Issue queue","Acceptance memo candidate"],"proofRoutes":["/qa-run-control","/qa-completion-bridge","/qa-claim-guard"],"hardStop":"Stop when a result would imply diagnosis, treatment, reimbursement, certification, security approval, or production authorization."},{"phase":"Review","status":"external-review-required","owner":"Claim Guard, Legal Ops, Security, Finance, and Clinical Governance as needed","purpose":"Approve or block buyer-facing language, external packet release, business terms, security claims, and clinical implications.","entryCriteria":["Evidence packet","Draft claims","Release audience"],"exitCriteria":["Release decision","Blocked claims","Qualified-review notes"],"proofRoutes":["/qa-buyer-proof-release","/buyer-release-control-run","/enterprise-business-ops"],"hardStop":"Stop when qualified review is missing for legal, security, finance, tax, clinical, regulatory, or certification language."},{"phase":"Handoff","status":"active-delivery-template","owner":"Delivery Lead, Revenue Operations, and Customer Operations","purpose":"Deliver artifacts, confirm acceptance, route unresolved gates, and recommend next paid package or retainer.","entryCriteria":["Release decision","Acceptance evidence","Open gates"],"exitCriteria":["Buyer handoff packet","Expansion recommendation","Retained boundary register"],"proofRoutes":["/growth-engine","/pilot-deal-room","/service-delivery"],"hardStop":"Stop when buyer asks for implementation expansion without change order, SOW, protected pilot, or license approval."}],"serviceDeliveryWorkOrderTemplates":[{"slug":"buyer-discovery-no-phi-intake","title":"Buyer Discovery and No-PHI Intake","status":"active-delivery-template","owner":"Revenue Operations","appliesToOfferSlugs":["workflow-intelligence-assessment","health-records-safety-assessment","interoperability-readiness-sprint","trustos-ai-governance-audit","synthetic-pilot-evaluation","enterprise-proof-deal-room-activation","continuous-review-innovation-retainer"],"tasks":["Capture buyer problem, sponsor, owner, offer, and desired decision","Reject PHI, patient identifiers, production credentials, and live endpoints","Map requested claims to approved, evidence-required, or prohibited language"],"acceptanceCriteria":["Sponsor and owner are recorded","No-PHI boundary is acknowledged","Offer and package are selected"],"outputArtifact":"Scoped intake sheet","proofRoutes":["/client-onboarding","/offerings","/claims"],"hardStops":["PHI in intake","No sponsor","Unsupported claim requested"]},{"slug":"scope-matrix-and-acceptance-plan","title":"Scope Matrix and Acceptance Plan","status":"active-delivery-template","owner":"Product Console","appliesToOfferSlugs":["workflow-intelligence-assessment","health-records-safety-assessment","interoperability-readiness-sprint","trustos-ai-governance-audit","synthetic-pilot-evaluation","enterprise-proof-deal-room-activation","continuous-review-innovation-retainer"],"tasks":["Convert offer into capped workflow count, deliverables, review owners, and evidence routes","Define acceptance criteria and excluded work","Attach margin protections and escalation triggers"],"acceptanceCriteria":["Deliverables and acceptance criteria are paired","Excluded work is explicit","Escalation triggers are mapped"],"outputArtifact":"Scope matrix","proofRoutes":["/service-delivery","/enterprise-business-ops","/operational-efficiency"],"hardStops":["Uncapped scope","No acceptance criteria","Contract-like commitment without review"]},{"slug":"workflow-and-system-boundary-map","title":"Workflow and System Boundary Map","status":"active-delivery-template","owner":"Delivery Lead and Interoperability","appliesToOfferSlugs":["workflow-intelligence-assessment","health-records-safety-assessment","interoperability-readiness-sprint","clinical-operations-automation-blueprint"],"tasks":["Map current-state workflow, source systems, handoffs, and blocked actions","Separate synthetic, protected, and production paths","Identify standards or record-safety dependencies"],"acceptanceCriteria":["Every handoff has owner and evidence route","Every live-data dependency has retained approval gate","Every blocked action has workaround"],"outputArtifact":"Workflow boundary map","proofRoutes":["/interoperability","/health-records","/limitations-workarounds"],"hardStops":["Live endpoint dependency","No owner for clinical or data gate","No workaround for blocked action"]},{"slug":"synthetic-fixture-and-evidence-plan","title":"Synthetic Fixture and Evidence Plan","status":"protected-gated","owner":"AgentOS, Atlas, and QA","appliesToOfferSlugs":["synthetic-pilot-evaluation","interoperability-readiness-sprint","health-records-safety-assessment"],"tasks":["Select synthetic scenarios and expected outputs","Map evidence references and TrustOS checkpoints","Define QA pass/fail and retained packet requirements"],"acceptanceCriteria":["Synthetic scenarios are no-PHI","Expected outputs have evidence references","QA and claim guard are attached before buyer proof"],"outputArtifact":"Synthetic evidence plan","proofRoutes":["/evaluation","/qa-evidence","/qa-completion-bridge"],"hardStops":["PHI scenario","No evidence reference","No QA checkpoint"]},{"slug":"standards-and-record-safety-crosswalk","title":"Standards and Record Safety Crosswalk","status":"active-delivery-template","owner":"Interoperability, Health Records Safety, and Clinical Governance","appliesToOfferSlugs":["health-records-safety-assessment","interoperability-readiness-sprint","global-certification-readiness-pack"],"tasks":["Map record types and standards","Attach source-attribution and patient-safety lint checks","Route live-data, connector, and writeback gates"],"acceptanceCriteria":["Standards are named","Source attribution is planned","Writeback, payer submission, and live clinical actions are blocked"],"outputArtifact":"Standards and safety crosswalk","proofRoutes":["/health-records","/interoperability","/clinical-authority-readiness"],"hardStops":["Patient matching requested","EHR writeback requested","Payer submission requested"]},{"slug":"trustos-claim-and-authority-review","title":"TrustOS Claim and Authority Review","status":"external-review-required","owner":"TrustOS, Claim Guard, Legal Ops, Security, and Clinical Governance","appliesToOfferSlugs":["trustos-ai-governance-audit","synthetic-pilot-evaluation","enterprise-proof-deal-room-activation","enterprise-operating-layer-license"],"tasks":["Classify claims and authority language","Route legal, security, certification, clinical, and regulatory claims to qualified review","Block unsupported buyer-facing proof statements"],"acceptanceCriteria":["Every public or buyer-facing claim has status","Qualified-review needs are explicit","Blocked claims are present in handoff"],"outputArtifact":"Claim and authority review memo","proofRoutes":["/qa-claim-guard","/approvals-readiness","/global-certification-readiness"],"hardStops":["Legal advice requested","Certification claim requested","Clinical authority claim requested"]},{"slug":"buyer-proof-packet-release","title":"Buyer Proof Packet and Release Control","status":"protected-gated","owner":"Buyer Diligence and Release Steward","appliesToOfferSlugs":["synthetic-pilot-evaluation","enterprise-proof-deal-room-activation","enterprise-operating-layer-license"],"tasks":["Assemble evidence inventory and buyer-facing summary","Attach release decision, reviewer signoff, recipient rules, and access-log path","Prevent customer-specific external sharing until AAL2 release chain is complete"],"acceptanceCriteria":["Release decision exists","Recipient control exists","Access-log route exists","Claim guard is complete"],"outputArtifact":"Buyer proof packet","proofRoutes":["/qa-buyer-proof-release","/buyer-release-control-run","/pilot-workspace/access"],"hardStops":["No release decision","No recipient control","No AAL2 protected route"]},{"slug":"delivery-retro-expansion-recommendation","title":"Delivery Retro and Expansion Recommendation","status":"active-delivery-template","owner":"Delivery Lead and Growth Engine","appliesToOfferSlugs":["workflow-intelligence-assessment","health-records-safety-assessment","interoperability-readiness-sprint","trustos-ai-governance-audit","synthetic-pilot-evaluation","enterprise-proof-deal-room-activation","continuous-review-innovation-retainer"],"tasks":["Compare acceptance criteria to delivered artifacts","Record unresolved gates, risks, margin lessons, and buyer next action","Recommend next package, protected pilot, retainer, or stop"],"acceptanceCriteria":["Acceptance result is recorded","Unresolved gates remain visible","Expansion recommendation does not create a contract or revenue guarantee"],"outputArtifact":"Delivery handoff and expansion memo","proofRoutes":["/growth-engine","/offerings","/service-delivery"],"hardStops":["Implementation expansion without SOW","Revenue guarantee requested","Unreviewed public claim"]}],"serviceDeliveryArtifacts":[{"slug":"scoped-intake-sheet","artifact":"Scoped Intake Sheet","owner":"Revenue Operations","purpose":"Capture buyer, sponsor, target offer, workflow questions, and no-PHI boundary.","requiredFields":["Sponsor","Workflow target","Offer","No-PHI acknowledgement","Decision owner"],"releaseRule":"Internal and buyer-facing after no-PHI check.","retainedBoundary":"Does not create contract, SOW, or production authorization."},{"slug":"scope-matrix","artifact":"Scope Matrix","owner":"Product Console and Delivery Lead","purpose":"Tie deliverables to acceptance criteria, proof routes, excluded work, margin protections, and escalation triggers.","requiredFields":["Deliverables","Acceptance criteria","Excluded work","Proof routes","Margin controls"],"releaseRule":"Buyer-facing only after delivery lead and business owner review.","retainedBoundary":"Does not approve price, legal terms, accounting, tax, or revenue recognition."},{"slug":"work-order-board","artifact":"Work Order Board","owner":"Delivery Lead","purpose":"Track tasks, owners, status, evidence links, hard stops, and human-review checkpoints.","requiredFields":["Task","Owner","Status","Evidence","Hard stop","Review owner"],"releaseRule":"Internal by default; buyer snapshot allowed when sensitive content is absent.","retainedBoundary":"Does not contain PHI, secrets, production credentials, or customer confidential artifacts."},{"slug":"evidence-packet","artifact":"Evidence Packet","owner":"AgentOS, Atlas, TrustOS, and QA","purpose":"Package synthetic fixtures, outputs, source attribution, TrustOS decisions, QA checks, and blocked actions.","requiredFields":["Scenario","Output","Evidence reference","TrustOS decision","QA status","Blocked action"],"releaseRule":"Protected route or public-safe summary depending on buyer release decision.","retainedBoundary":"Does not authorize customer-specific release, clinical validation, security certification, or live workflow use."},{"slug":"claim-and-authority-memo","artifact":"Claim and Authority Memo","owner":"Claim Guard, Legal Ops, Security, Finance, and Clinical Governance","purpose":"Classify sales, buyer, investor, legal, financial, clinical, security, and regulatory language before external use.","requiredFields":["Claim","Status","Evidence","Reviewer","Blocked language","External review need"],"releaseRule":"External use requires authorized claim status or qualified-review completion.","retainedBoundary":"Does not replace legal, accounting, tax, security, clinical, regulatory, or certification review."},{"slug":"acceptance-and-handoff-memo","artifact":"Acceptance and Handoff Memo","owner":"Delivery Lead and Customer Operations","purpose":"Close scoped work, record acceptance result, unresolved gates, buyer next action, and recommended expansion package.","requiredFields":["Delivered artifacts","Acceptance result","Open gates","Buyer next action","Recommended package"],"releaseRule":"Buyer-facing after delivery and claim review.","retainedBoundary":"Does not create implementation approval, contract commitment, customer permission, revenue guarantee, or profit guarantee."},{"slug":"retainer-research-backlog","artifact":"Retainer and Internal Research Backlog","owner":"TrustOps and Internal Research Team","purpose":"Route recurring review loops, innovation work, and future research assignments without public commitments.","requiredFields":["Research topic","Owner","Risk","Disclosure status","Approval gate"],"releaseRule":"Internal-only unless founder and qualified reviewers approve disclosure.","retainedBoundary":"Does not create public quantum capability, production roadmap commitment, or autonomous remediation promise."}],"serviceDeliveryActivationGates":[{"gate":"No-PHI Intake Gate","status":"active-delivery-template","owner":"Revenue Operations and Privacy","trigger":"Every discovery, upload, intake, or buyer workshop.","passCondition":"Only synthetic, business-contact, workflow-scope, or metadata inputs are present.","failClosedAction":"Reject input, remove sensitive content from scope, and route to protected/privacy review.","retainedBoundary":"Does not authorize PHI processing or production data access."},{"gate":"Sponsor and Owner Gate","status":"ready-to-scope","owner":"Revenue Operations","trigger":"Before scoping, kickoff, or delivery scheduling.","passCondition":"Sponsor, workflow owner, review owner, and decision owner are named.","failClosedAction":"Keep request in nurture/onboarding until ownership exists.","retainedBoundary":"Does not imply procurement approval or customer permission."},{"gate":"Scope and Acceptance Gate","status":"active-delivery-template","owner":"Product Console and Delivery Lead","trigger":"Before a work order starts.","passCondition":"Deliverables, acceptance criteria, excluded work, proof routes, and hard stops are recorded.","failClosedAction":"Block delivery and return to scope matrix.","retainedBoundary":"Does not create a contract, SOW, or implementation authorization."},{"gate":"Legal Finance Contract Gate","status":"external-review-required","owner":"Legal Ops, Finance, Accounting, Tax, and qualified reviewers","trigger":"Pricing, SOW, payment, revenue-recognition, tax, contract, investor, or board language appears.","passCondition":"Qualified owners approve or route the language.","failClosedAction":"Use readiness-only language and remove contract-like commitments.","retainedBoundary":"Does not provide legal, accounting, tax, investment, securities, valuation, or audited financial advice."},{"gate":"Claim Guard and Authority Gate","status":"external-review-required","owner":"Claim Guard, TrustOS, Legal Ops, Security, and Clinical Governance","trigger":"External claim, buyer proof, investor packet, clinical implication, security statement, or certification language.","passCondition":"Claim is approved, evidence-required with controls, or blocked before release.","failClosedAction":"Block language and route to qualified review.","retainedBoundary":"Does not certify security/compliance or grant clinical, regulatory, reimbursement, or live-care authority."},{"gate":"Protected Buyer Evidence Release Gate","status":"protected-gated","owner":"Release Steward and Buyer Diligence","trigger":"Buyer-specific packet, protected proof, customer-specific evidence, or external sharing request.","passCondition":"AAL2 workspace, release decision, reviewer signoff, recipient attestation, lockbox, and access-log path exist.","failClosedAction":"Share public-safe summary only or keep evidence internal.","retainedBoundary":"Does not grant customer permission, external distribution approval, or protected evidence access."},{"gate":"Connector and Live Data Gate","status":"blocked-before-approval","owner":"Platform, Interoperability, Privacy, Security, and Customer Environment Owners","trigger":"Production connector, live endpoint, EHR writeback, payer submission, patient matching, or data exchange request.","passCondition":"Approved protected or production connector scope exists with qualified privacy/security/customer approvals.","failClosedAction":"Use synthetic fixtures, standards mapping, and readiness-only workaround.","retainedBoundary":"Does not authorize PHI, production connectors, writeback, payer submission, or patient matching."},{"gate":"Clinical Action Gate","status":"blocked-before-approval","owner":"Clinical Governance and qualified clinical/legal reviewers","trigger":"Diagnosis, treatment, patient outreach, triage, prescribing, clinician substitution, or live-care language.","passCondition":"Formal clinical authority, intended-use, safety, regulatory, and customer approvals exist.","failClosedAction":"Block clinical action and convert to synthetic planning or governance review.","retainedBoundary":"Does not authorize live clinical care or autonomous medical decision-making."}],"serviceDeliveryPackageBindings":[{"packageSlug":"assessment-package","packageName":"Assessment Package","deliveryLane":"entry","workOrderTemplates":["buyer-discovery-no-phi-intake","scope-matrix-and-acceptance-plan","workflow-and-system-boundary-map","synthetic-fixture-and-evidence-plan","standards-and-record-safety-crosswalk","trustos-claim-and-authority-review","delivery-retro-expansion-recommendation"],"buyerHandoff":"Synthetic Pilot Evaluation or Interoperability Readiness Sprint","marginRule":"Fixed-fee package with capped workflows and no-PHI discovery.","retainedBoundary":"No live clinical care; No PHI; No legal, accounting, tax, security, or regulatory approval; No guaranteed savings"},{"packageSlug":"sprint-package","packageName":"Readiness Sprint Package","deliveryLane":"growth","workOrderTemplates":["buyer-discovery-no-phi-intake","scope-matrix-and-acceptance-plan","workflow-and-system-boundary-map","synthetic-fixture-and-evidence-plan","standards-and-record-safety-crosswalk","delivery-retro-expansion-recommendation"],"buyerHandoff":"Synthetic Pilot Evaluation or Enterprise Proof and Deal Room Activation","marginRule":"Scoped sprint with clear deliverables, owner map, and upgrade gates.","retainedBoundary":"No certified compliance claim; No production connector approval; No regional approval claim; No implementation work without SOW"},{"packageSlug":"synthetic-pilot-package","packageName":"Synthetic Pilot Package","deliveryLane":"enterprise","workOrderTemplates":["buyer-discovery-no-phi-intake","scope-matrix-and-acceptance-plan","synthetic-fixture-and-evidence-plan","trustos-claim-and-authority-review","buyer-proof-packet-release","delivery-retro-expansion-recommendation"],"buyerHandoff":"Protected Enterprise Pilot or Enterprise Operating Layer License","marginRule":"Paid synthetic pilot with workflow count, evidence cadence, and decision criteria.","retainedBoundary":"Synthetic only; No autonomous clinical action; No customer-value claim without permission; No protected evidence release without AAL2 gate"},{"packageSlug":"enterprise-activation-package","packageName":"Enterprise Activation Package","deliveryLane":"strategic","workOrderTemplates":["buyer-discovery-no-phi-intake","scope-matrix-and-acceptance-plan","workflow-and-system-boundary-map","trustos-claim-and-authority-review","buyer-proof-packet-release","delivery-retro-expansion-recommendation"],"buyerHandoff":"Multi-year enterprise operating license or strategic platform partnership","marginRule":"Enterprise proposal with license, implementation, diligence, support, and usage assumptions separated.","retainedBoundary":"No contract approval without executive and counsel review; No production activation without customer authority; No PHI without approved BAA/security controls; No margin or revenue guarantee"},{"packageSlug":"continuous-review-retainer","packageName":"Continuous Review Retainer","deliveryLane":"retained","workOrderTemplates":["buyer-discovery-no-phi-intake","scope-matrix-and-acceptance-plan","trustos-claim-and-authority-review","buyer-proof-packet-release","delivery-retro-expansion-recommendation"],"buyerHandoff":"Enterprise operating cadence, renewal health packet, or internal research roadmap","marginRule":"Monthly or quarterly retainer with human-approved review loops and separately scoped implementation work.","retainedBoundary":"No managed SOC/MDR claim; No error-free AI claim; No autonomous production change; Quantum and frontier research stay internal until approved"}],"serviceDeliveryLiveActivationMatrix":[{"slug":"workflow-intelligence-assessment-delivery-live-activation-plan","offerSlug":"workflow-intelligence-assessment-delivery","offerName":"Workflow Intelligence Assessment Delivery","activationStatus":"public-demo-ready","deploymentPosture":"public_route_ready","salesReadinessScore":82,"deliveryReadinessScore":78,"revenueReadinessScore":80,"supportReadinessScore":74,"requiredBeforeLive":["Named buyer sponsor, workflow owner, delivery owner, and review owner","No-PHI intake and scope matrix accepted","Acceptance criteria and proof routes recorded","Claim Guard review for buyer-facing language","Enterprise Business Ops review for pricing, contract, margin, billing, tax, and accounting language","Protected workspace, AAL2 release chain, and customer permission before buyer-specific protected evidence"],"nextSafeGoLiveStep":"Keep this offer in public demo and qualification mode until scope, owner, review, and acceptance evidence are stronger.","safeLaunchMotion":"Launch as no-PHI service delivery, buyer demo, readiness assessment, or protected-pilot candidate only.","revenueMotion":"Use fixed scope, capped deliverables, paid readiness/pilot packaging, and separate change-order paths for expansion.","supportMotion":"Offer launch-window coordination and review cadence; do not promise contractual SLA, 24/7 production support, or managed-service coverage.","blockedBeforeGoLive":["PHI processing authority","Production connector approval","EHR writeback, payer submission, patient outreach, diagnosis, treatment, prescribing, or live clinical workflow","Customer go-live approval","Contractual SLA, uptime guarantee, managed-service commitment, security certification, compliance certification, clinical validation, revenue guarantee, or profit guarantee"],"proofRoutes":["/service-delivery","/offerings","/product","/growth-engine","/operational-efficiency"],"humanReviewRequired":true,"productionAuthority":false},{"slug":"health-records-safety-assessment-delivery-live-activation-plan","offerSlug":"health-records-safety-assessment-delivery","offerName":"Health Records Safety Assessment Delivery","activationStatus":"no-phi-service-ready","deploymentPosture":"no_phi_delivery_ready","salesReadinessScore":90,"deliveryReadinessScore":92,"revenueReadinessScore":86,"supportReadinessScore":84,"requiredBeforeLive":["Named buyer sponsor, workflow owner, delivery owner, and review owner","No-PHI intake and scope matrix accepted","Acceptance criteria and proof routes recorded","Claim Guard review for buyer-facing language","Enterprise Business Ops review for pricing, contract, margin, billing, tax, and accounting language","Protected workspace, AAL2 release chain, and customer permission before buyer-specific protected evidence"],"nextSafeGoLiveStep":"Package a no-PHI delivery kickoff with owner map, work-order template, acceptance criteria, and claims-safe follow-up.","safeLaunchMotion":"Launch as no-PHI service delivery, buyer demo, readiness assessment, or protected-pilot candidate only.","revenueMotion":"Use fixed scope, capped deliverables, paid readiness/pilot packaging, and separate change-order paths for expansion.","supportMotion":"Offer launch-window coordination and review cadence; do not promise contractual SLA, 24/7 production support, or managed-service coverage.","blockedBeforeGoLive":["PHI processing authority","Production connector approval","EHR writeback, payer submission, patient outreach, diagnosis, treatment, prescribing, or live clinical workflow","Customer go-live approval","Contractual SLA, uptime guarantee, managed-service commitment, security certification, compliance certification, clinical validation, revenue guarantee, or profit guarantee"],"proofRoutes":["/service-delivery","/offerings","/health-records","/interoperability","/clinical-authority-readiness","/boundary-resolution"],"humanReviewRequired":true,"productionAuthority":false},{"slug":"interoperability-readiness-sprint-delivery-live-activation-plan","offerSlug":"interoperability-readiness-sprint-delivery","offerName":"Interoperability Readiness Sprint Delivery","activationStatus":"no-phi-service-ready","deploymentPosture":"no_phi_delivery_ready","salesReadinessScore":90,"deliveryReadinessScore":92,"revenueReadinessScore":86,"supportReadinessScore":84,"requiredBeforeLive":["Named buyer sponsor, workflow owner, delivery owner, and review owner","No-PHI intake and scope matrix accepted","Acceptance criteria and proof routes recorded","Claim Guard review for buyer-facing language","Enterprise Business Ops review for pricing, contract, margin, billing, tax, and accounting language","Protected workspace, AAL2 release chain, and customer permission before buyer-specific protected evidence"],"nextSafeGoLiveStep":"Package a no-PHI delivery kickoff with owner map, work-order template, acceptance criteria, and claims-safe follow-up.","safeLaunchMotion":"Launch as no-PHI service delivery, buyer demo, readiness assessment, or protected-pilot candidate only.","revenueMotion":"Use fixed scope, capped deliverables, paid readiness/pilot packaging, and separate change-order paths for expansion.","supportMotion":"Offer launch-window coordination and review cadence; do not promise contractual SLA, 24/7 production support, or managed-service coverage.","blockedBeforeGoLive":["PHI processing authority","Production connector approval","EHR writeback, payer submission, patient outreach, diagnosis, treatment, prescribing, or live clinical workflow","Customer go-live approval","Contractual SLA, uptime guarantee, managed-service commitment, security certification, compliance certification, clinical validation, revenue guarantee, or profit guarantee"],"proofRoutes":["/service-delivery","/offerings","/interoperability","/interoperability/evaluations","/integrations/fixture-validation","/platform-power"],"humanReviewRequired":true,"productionAuthority":false},{"slug":"trustos-ai-governance-audit-delivery-live-activation-plan","offerSlug":"trustos-ai-governance-audit-delivery","offerName":"TrustOS AI Governance Audit Delivery","activationStatus":"public-demo-ready","deploymentPosture":"public_route_ready","salesReadinessScore":82,"deliveryReadinessScore":78,"revenueReadinessScore":80,"supportReadinessScore":74,"requiredBeforeLive":["Named buyer sponsor, workflow owner, delivery owner, and review owner","No-PHI intake and scope matrix accepted","Acceptance criteria and proof routes recorded","Claim Guard review for buyer-facing language","Enterprise Business Ops review for pricing, contract, margin, billing, tax, and accounting language","Protected workspace, AAL2 release chain, and customer permission before buyer-specific protected evidence"],"nextSafeGoLiveStep":"Keep this offer in public demo and qualification mode until scope, owner, review, and acceptance evidence are stronger.","safeLaunchMotion":"Launch as no-PHI service delivery, buyer demo, readiness assessment, or protected-pilot candidate only.","revenueMotion":"Use fixed scope, capped deliverables, paid readiness/pilot packaging, and separate change-order paths for expansion.","supportMotion":"Offer launch-window coordination and review cadence; do not promise contractual SLA, 24/7 production support, or managed-service coverage.","blockedBeforeGoLive":["PHI processing authority","Production connector approval","EHR writeback, payer submission, patient outreach, diagnosis, treatment, prescribing, or live clinical workflow","Customer go-live approval","Contractual SLA, uptime guarantee, managed-service commitment, security certification, compliance certification, clinical validation, revenue guarantee, or profit guarantee"],"proofRoutes":["/service-delivery","/offerings","/trust-os","/qa-claim-guard","/approvals-readiness","/global-certification-readiness"],"humanReviewRequired":true,"productionAuthority":false},{"slug":"synthetic-pilot-evaluation-delivery-live-activation-plan","offerSlug":"synthetic-pilot-evaluation-delivery","offerName":"Synthetic Pilot Evaluation Delivery","activationStatus":"protected-pilot-candidate","deploymentPosture":"protected_workspace_required","salesReadinessScore":86,"deliveryReadinessScore":84,"revenueReadinessScore":88,"supportReadinessScore":80,"requiredBeforeLive":["Named buyer sponsor, workflow owner, delivery owner, and review owner","No-PHI intake and scope matrix accepted","Acceptance criteria and proof routes recorded","Claim Guard review for buyer-facing language","Enterprise Business Ops review for pricing, contract, margin, billing, tax, and accounting language","Protected workspace, AAL2 release chain, and customer permission before buyer-specific protected evidence"],"nextSafeGoLiveStep":"Prepare protected-pilot workspace plan and AAL2 release chain before any customer-specific evidence or execution.","safeLaunchMotion":"Launch as no-PHI service delivery, buyer demo, readiness assessment, or protected-pilot candidate only.","revenueMotion":"Use fixed scope, capped deliverables, paid readiness/pilot packaging, and separate change-order paths for expansion.","supportMotion":"Offer launch-window coordination and review cadence; do not promise contractual SLA, 24/7 production support, or managed-service coverage.","blockedBeforeGoLive":["PHI processing authority","Production connector approval","EHR writeback, payer submission, patient outreach, diagnosis, treatment, prescribing, or live clinical workflow","Customer go-live approval","Contractual SLA, uptime guarantee, managed-service commitment, security certification, compliance certification, clinical validation, revenue guarantee, or profit guarantee"],"proofRoutes":["/service-delivery","/offerings","/pilots","/evaluation","/qa-evidence","/qa-buyer-proof-release","/pilot-workspace/access"],"humanReviewRequired":true,"productionAuthority":false},{"slug":"enterprise-proof-deal-room-delivery-live-activation-plan","offerSlug":"enterprise-proof-deal-room-delivery","offerName":"Enterprise Proof and Deal Room Delivery","activationStatus":"protected-pilot-candidate","deploymentPosture":"protected_workspace_required","salesReadinessScore":86,"deliveryReadinessScore":84,"revenueReadinessScore":88,"supportReadinessScore":80,"requiredBeforeLive":["Named buyer sponsor, workflow owner, delivery owner, and review owner","No-PHI intake and scope matrix accepted","Acceptance criteria and proof routes recorded","Claim Guard review for buyer-facing language","Enterprise Business Ops review for pricing, contract, margin, billing, tax, and accounting language","Protected workspace, AAL2 release chain, and customer permission before buyer-specific protected evidence"],"nextSafeGoLiveStep":"Prepare protected-pilot workspace plan and AAL2 release chain before any customer-specific evidence or execution.","safeLaunchMotion":"Launch as no-PHI service delivery, buyer demo, readiness assessment, or protected-pilot candidate only.","revenueMotion":"Use fixed scope, capped deliverables, paid readiness/pilot packaging, and separate change-order paths for expansion.","supportMotion":"Offer launch-window coordination and review cadence; do not promise contractual SLA, 24/7 production support, or managed-service coverage.","blockedBeforeGoLive":["PHI processing authority","Production connector approval","EHR writeback, payer submission, patient outreach, diagnosis, treatment, prescribing, or live clinical workflow","Customer go-live approval","Contractual SLA, uptime guarantee, managed-service commitment, security certification, compliance certification, clinical validation, revenue guarantee, or profit guarantee"],"proofRoutes":["/service-delivery","/offerings","/pilot-deal-room","/buyer-release-control-run","/pilot-workspace/access","/enterprise-business-ops"],"humanReviewRequired":true,"productionAuthority":false},{"slug":"continuous-review-innovation-retainer-delivery-live-activation-plan","offerSlug":"continuous-review-innovation-retainer-delivery","offerName":"Continuous Review and Innovation Retainer Delivery","activationStatus":"no-phi-service-ready","deploymentPosture":"no_phi_delivery_ready","salesReadinessScore":90,"deliveryReadinessScore":92,"revenueReadinessScore":86,"supportReadinessScore":84,"requiredBeforeLive":["Named buyer sponsor, workflow owner, delivery owner, and review owner","No-PHI intake and scope matrix accepted","Acceptance criteria and proof routes recorded","Claim Guard review for buyer-facing language","Enterprise Business Ops review for pricing, contract, margin, billing, tax, and accounting language","Protected workspace, AAL2 release chain, and customer permission before buyer-specific protected evidence"],"nextSafeGoLiveStep":"Package a no-PHI delivery kickoff with owner map, work-order template, acceptance criteria, and claims-safe follow-up.","safeLaunchMotion":"Launch as no-PHI service delivery, buyer demo, readiness assessment, or protected-pilot candidate only.","revenueMotion":"Use fixed scope, capped deliverables, paid readiness/pilot packaging, and separate change-order paths for expansion.","supportMotion":"Offer launch-window coordination and review cadence; do not promise contractual SLA, 24/7 production support, or managed-service coverage.","blockedBeforeGoLive":["PHI processing authority","Production connector approval","EHR writeback, payer submission, patient outreach, diagnosis, treatment, prescribing, or live clinical workflow","Customer go-live approval","Contractual SLA, uptime guarantee, managed-service commitment, security certification, compliance certification, clinical validation, revenue guarantee, or profit guarantee"],"proofRoutes":["/service-delivery","/offerings","/continuous-review-audit","/service-reliability","/operational-efficiency","/qa-evidence"],"humanReviewRequired":true,"productionAuthority":false}],"evidenceRoutes":["/service-delivery","/api/service-delivery","/api/service-delivery/brief","/offerings","/product","/growth-engine","/operational-efficiency","/health-records","/interoperability","/clinical-authority-readiness","/boundary-resolution","/interoperability/evaluations","/integrations/fixture-validation","/platform-power","/trust-os","/qa-claim-guard","/approvals-readiness","/global-certification-readiness","/pilots","/evaluation","/qa-evidence","/qa-buyer-proof-release","/pilot-workspace/access","/pilot-deal-room","/buyer-release-control-run","/enterprise-business-ops","/continuous-review-audit","/service-reliability","/client-onboarding","/sales-operations","/qa-run-control","/qa-completion-bridge","/claims","/limitations-workarounds"],"acceptanceCriteria":["All scoped workflows have owner, friction, evidence, and next action recorded","Buyer confirms no PHI or production credentials were provided","Recommendation is tied to a proof route and retained boundary","Every source type has a safety check and retained approval gate","Synthetic extraction path is separated from live-data path","Blocked actions are visible in the handoff","Every target standard has evidence route, owner, and gate","No live endpoint dependency exists inside sprint scope","Production connector approval is separated from readiness work","Claims are classified as approved, evidence-required, or prohibited","Human review ownership is explicit","Legal, security, clinical, and regulatory conclusions are routed to qualified reviewers","Synthetic scenarios are approved before execution","QA evidence and claim guard are complete before buyer proof language","Protected evidence release remains AAL2 gated","Every external packet has release authority, recipient control, and access-log route","Custom claims are routed to Claim Guard","Contract and pricing commitments are separated from proof work","Human owner approves every remediation or public claim","Quantum or future research stays internal unless approved","Escalations become separately scoped work when implementation labor is required"],"escalationTriggers":["Buyer requests PHI review","Buyer asks for guaranteed savings or ROI","Scope expands beyond three workflows","Buyer submits PHI","Buyer requests patient matching","Buyer requests writeback, payer submission, or live clinical action","Buyer asks for live endpoint credentials","Buyer requests public API SLA","Security or privacy reviewer flags unresolved control","Buyer requests legal approval","Buyer requests certification language","Clinical authority or medical-device language appears","Buyer requests live data","Buyer requests customer-specific external release","Buyer changes success metrics mid-run","Buyer asks for customer names or protected evidence","Buyer requests security certification or penetration-test claim","Buyer asks for signed terms or pricing commitment","Production remediation requested","Security incident suspected","Public future-tech claim requested"],"marginProtections":["Fixed fee","Capped workflow count","Change order for expanded mapping","Assessment excludes live connector build","Separate protected-pilot or connector SOW","Reusable extraction checklist","Conformance templates reused","No custom live connector in sprint","Connector SOW priced separately","Repeatable TrustOS review pack","External review excluded unless scoped","Retainer path for continuous review","Paid pilot","Evidence-room and custom diligence priced separately","Paid diligence line item","Expiration date on custom packet labor","Legal/security review scoped separately","Recurring retainer","Escalation labor priced separately","Research backlog separated from production commitments"],"hardStops":["No PHI, patient identifiers, production credentials, or live endpoints in public intake.","No delivery starts without named sponsor, owner, scope, package, and acceptance criteria.","No buyer-facing value, ROI, clinical, reimbursement, certification, or security claim without qualified review.","No contract, SOW, pricing, revenue-recognition, accounting, tax, or payment promise without qualified business review.","No protected evidence release without AAL2 workspace, reviewer signoff, release decision, recipient control, and access-log path.","No production connector, EHR writeback, payer submission, patient outreach, diagnosis, treatment, or live clinical workflow.","No public quantum, autonomous-remediation, managed SOC/MDR, attack-proof, or error-free AI claim.","No custom implementation expansion unless a change order or separately scoped work order exists.","Stop when sponsor, package, or no-PHI boundary is missing.","Stop when requested work requires contract, legal, finance, PHI, connector, or clinical authority approval.","Stop when buyer requests autonomous communication, calendar send, or unsupported SLA commitments.","Stop when live endpoints, production credentials, PHI, or patient identifiers are requested.","Stop when a result would imply diagnosis, treatment, reimbursement, certification, security approval, or production authorization.","Stop when qualified review is missing for legal, security, finance, tax, clinical, regulatory, or certification language.","Stop when buyer asks for implementation expansion without change order, SOW, protected pilot, or license approval.","PHI in intake","No sponsor","Unsupported claim requested","Uncapped scope","No acceptance criteria","Contract-like commitment without review","Live endpoint dependency","No owner for clinical or data gate","No workaround for blocked action","PHI scenario","No evidence reference","No QA checkpoint","Patient matching requested","EHR writeback requested","Payer submission requested","Legal advice requested","Certification claim requested","Clinical authority claim requested","No release decision","No recipient control","No AAL2 protected route","Implementation expansion without SOW","Revenue guarantee requested","Unreviewed public claim"],"updated":"2026-06-26"},"serviceReliability":{"service":"scrimed-service-reliability","route":"/service-reliability","apiRoute":"/api/service-reliability","briefRoute":"/api/service-reliability/brief","status":"service-reliability-hardening-active","briefStatus":"service-reliability-brief-ready","boundary":"SCRIMED Service Reliability maps products, services, agents, barriers, fault classes, mitigations, owners, proof routes, and retained approval boundaries into one operating lane. It strengthens execution discipline, but it does not certify security or compliance, grant legal approval, approve buyer release, bypass AAL2, authorize PHI processing, approve production connectors, guarantee reimbursement, authorize public customer claims, or authorize live clinical care.","authority":{"dataBoundary":"synthetic-only","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","releaseAuthority":"not-release-approval","approvalAuthority":"external-review-required","securityCertification":"not-security-certified","financialAuthority":"not-audited-financial-report"},"sourceAlignment":{"pageRouteCount":164,"apiRoutePatternCount":439,"smokeCoveredHtmlRouteCount":76,"navigationGroupCount":8,"missingInventoryLinkCount":0,"releaseContinuityGateCount":6,"releaseContinuityPassedCheckCount":4,"boundaryResolutionRecordCount":120,"boundaryResolutionSafeWorkaroundCount":9,"manualQaExecutionStageCount":6,"trustSafetyControlCount":5},"controlCount":10,"activeControlCount":2,"resolvedControlCount":1,"containedControlCount":3,"operatorRequiredControlCount":1,"externalReviewControlCount":2,"protectedGateControlCount":1,"openGateCount":4,"faultClassCount":8,"highSeverityFaultClassCount":4,"efficiencyImprovementCount":6,"productServiceControls":[{"name":"Product Console and OS Hub discoverability","owner":"Product Console + Release Steward","productSurface":"Product, Hub, Homepage, Navigation Audit","status":"resolved","barrier":"Route sprawl made it easy for high-value proof surfaces to become hard to find.","mitigation":"Navigation Audit, Product Console, Hub, and homepage now cross-link the command surfaces and route inventory.","proofRoutes":["/product","/hub","/navigation","/api/navigation-audit"],"retainedBoundary":"Route discoverability is operating evidence, not protected execution proof or release approval.","nextAction":"Keep new buyer-critical pages inside the navigation audit, hub view, and smoke scope."},{"name":"Release continuity and source-control alignment","owner":"Release Steward","productSurface":"Release Continuity","status":"contained","barrier":"Production can drift from source control if deployments, tags, smoke proof, and no-secret boundaries are not checkpointed together.","mitigation":"Release Continuity ties deployment proof, GitHub baselines, public smoke, protected fail-closed checks, and AAL2 operator limits into one lane.","proofRoutes":["/release-continuity","/api/release-continuity","/api/release-continuity/brief"],"retainedBoundary":"Continuity proof does not mint tokens, store secrets, bypass AAL2, or approve buyer release.","nextAction":"Run public smoke and update the checkpoint after each production deployment."},{"name":"Clinical, legal, security, and approval authority","owner":"Founder + qualified external reviewers","productSurface":"Approvals Readiness, Clinical Authority, Boundary Resolution","status":"external-review-required","barrier":"SCRIMED can prepare approval evidence but cannot self-certify HIPAA, SOC 2, HITRUST, FDA, ONC, legal, reimbursement, or clinical authority.","mitigation":"Approvals Readiness and Boundary Resolution keep external evidence requirements, owners, workarounds, and prohibited claims visible.","proofRoutes":["/approvals-readiness","/clinical-authority-readiness","/boundary-resolution","/qa-claim-guard"],"retainedBoundary":"Qualified counsel, security assessors, regulatory experts, customer approvers, and applicable certification bodies retain authority.","nextAction":"Route claims and buyer-specific evidence through external review before expanding public language."},{"name":"Manual AAL2 protected proof","owner":"Approved tenant-admin or pilot-lead operator","productSurface":"Protected Pilot Workspace, QA Evidence, Buyer Release Control","status":"operator-required","barrier":"Public checks prove fail-closed behavior, but authenticated protected mutations require a fresh human AAL2 session.","mitigation":"Manual QA Execution Console, QA Run Control, Human Run Packet, and protected workspace panels preserve no-secret human-run proof.","proofRoutes":["/pilot-workspace/access","/qa-manual-execution-console","/qa-run-control","/qa-human-run-packet","/buyer-release-control-run"],"retainedBoundary":"No code path may retain, print, store, or reuse bearer tokens; protected happy path proof stays human-operated.","nextAction":"Use the browser AAL2 workspace for protected proof or a deliberate one-time token run with no retention."},{"name":"Buyer release and external sharing","owner":"Buyer Diligence + Release Steward + qualified reviewers","productSurface":"Buyer Release Control, protected release verifier, distribution lockbox","status":"protected-gated","barrier":"Buyer-specific external sharing requires retained release decisions, named reviewer signoffs, recipient controls, authority attestations, and access-log reconciliation.","mitigation":"Buyer Release Control Runbook sequences protected verifier records, packets, timeline, reconciliation, remediation, and disabled lockbox controls.","proofRoutes":["/buyer-release-control-run","/pilot-workspace/access#buyer-release-control-verifier","/api/pilot-workspaces/{workspaceSlug}/buyer-release-control-run"],"retainedBoundary":"Internal protected diligence can prepare evidence; external buyer sharing remains blocked until qualified release authority is retained.","nextAction":"Complete the release-control chain before any buyer-specific external distribution."},{"name":"Commercial buyer path","owner":"Sales operations + Buyer Diligence","productSurface":"Pilot Deal Room, Pricing, Demos, Pilots, Sales Operations","status":"active","barrier":"Buyer value, proof routes, pricing, demos, protected evidence, and pilot intake can fragment across separate surfaces.","mitigation":"Pilot Deal Room, Product Console, pricing, demos, pilot programs, and sales operations now present a continuous buyer path.","proofRoutes":["/pilot-deal-room","/pricing","/demos","/pilots","/sales-operations"],"retainedBoundary":"Commercial readiness does not authorize customer production activation, PHI, live clinical execution, or public customer claims.","nextAction":"Keep offers focused on governed synthetic pilots until customer-specific production controls are approved."},{"name":"Agent and workflow operating system","owner":"AgentOS + Workflow Runtime","productSurface":"Agents, Workflows, Evaluation, Runtime Safety, Audit","status":"contained","barrier":"Agent execution can become unsafe if runtime, identity, audit, connector, and human-review gates are not explicit.","mitigation":"Workflow contracts, deny-by-default implementation readiness, runtime safety, execution audit, and AgentOS evaluation keep execution synthetic and review-gated.","proofRoutes":["/agents","/workflows","/workflows/contracts","/workflows/runtime-safety","/workflows/execution-audit","/evaluation"],"retainedBoundary":"Agents cannot mutate medical records, contact patients, submit payer actions, or execute production connectors without approved gates.","nextAction":"Add blocked actions, human checkpoints, audit events, and packet evidence before new agent capabilities move forward."},{"name":"Interoperability and synthetic validation","owner":"Interoperability Control Plane + Validation Trust Lab","productSurface":"Interoperability, Integrations, Synthetic Validation","status":"contained","barrier":"Connector confidence can be overstated if synthetic conformance and live production authorization are not separated.","mitigation":"Standards registry, fixture validation, conformance evaluations, and synthetic validation keep connector readiness inspectable before live use.","proofRoutes":["/interoperability","/interoperability/evaluations","/integrations","/synthetic/validation"],"retainedBoundary":"Synthetic conformance does not approve live connectors, PHI ingestion, payer submission, EHR writeback, or partner acceptance.","nextAction":"Keep live connector claims blocked until buyer, legal, security, privacy, and interoperability approvals exist."},{"name":"Trust, claims, and incident operations","owner":"Trust Safety Ops + Legal + Security + Claims Governance","productSurface":"Trust Safety Operations, Trust Center, Claims","status":"active","barrier":"Public language, trust operations, incident posture, and enterprise diligence can diverge from retained evidence.","mitigation":"Trust Safety Operations, Claims Register, Enterprise Readiness, and QA Claim Guard keep evidence and claim posture aligned.","proofRoutes":["/trust-safety-operations","/trust-center","/claims","/qa-claim-guard"],"retainedBoundary":"Trust operations define controls and escalation posture; managed 24/7 production coverage and certifications require approved staffing and review.","nextAction":"Review buyer, investor, PR, advertising, and operator language before publication."},{"name":"Public market and global expansion","owner":"Founder + Finance + Global Partnerships + qualified regional reviewers","productSurface":"Public Market Readiness, Global Reach, Deployment Profiles","status":"external-review-required","barrier":"Financial, regional, procurement, reimbursement, and legal claims can outpace current evidence without external review.","mitigation":"Public Market Readiness, Global Reach, and Deployment Profiles separate operating discipline from audited financial or regional approval claims.","proofRoutes":["/public-market-readiness","/global-reach","/deployment-profiles","/market-activation"],"retainedBoundary":"These routes are readiness and operating discipline, not audited financial statements, securities material, legal advice, or regional approval.","nextAction":"Keep public-market, procurement, and regional expansion claims qualified until external evidence is retained."}],"faultClasses":[{"name":"Route inventory drift","severity":"watch","likelySource":"New App Router pages or APIs added without Navigation Audit and smoke updates.","control":"Navigation Audit source totals, hub route inventory, and public smoke source-count checks.","detectionRoutes":["/navigation","/api/navigation-audit"],"failClosedBehavior":"Release steward updates inventory or keeps the route out of buyer-critical claims."},{"name":"Protected token handling","severity":"high","likelySource":"Attempting to automate AAL2 protected proof with retained bearer tokens.","control":"Manual QA runbooks, no-secret smoke, protected fail-closed APIs, and browser-session verification.","detectionRoutes":["/qa-run-control","/qa-launch-kit","/qa-manual-execution-console"],"failClosedBehavior":"Reject token storage and require a fresh human AAL2 session or one-time external token disposal."},{"name":"External approval overclaim","severity":"high","likelySource":"Copy, buyer materials, or operator notes implying certification, legal approval, PHI authority, or live-care authority.","control":"Approvals Readiness, Boundary Resolution, Claim Guard, no-authority headers, and prohibited-claim lists.","detectionRoutes":["/approvals-readiness","/boundary-resolution","/qa-claim-guard"],"failClosedBehavior":"Downgrade to readiness language and route to qualified external review."},{"name":"Dynamic route smoke gap","severity":"watch","likelySource":"Dynamic pages compile but are not all crawled by public smoke.","control":"TypeScript, build, dynamic page inventory, and targeted smoke for buyer-critical slug routes.","detectionRoutes":["/navigation","/demos","/pilots","/workflows"],"failClosedBehavior":"Keep canonical entry points smoked and add slug-specific smoke when needed."},{"name":"Generated cache conflict","severity":"watch","likelySource":"Local `.next` or quarantine output interfering with checks.","control":"Generated cache cleanup before build/typecheck and generated-integrity check.","detectionRoutes":["/release-continuity","/operations"],"failClosedBehavior":"Clean generated output and rebuild from source."},{"name":"Protected environment missing locally","severity":"watch","likelySource":"Local shells without Supabase/Vercel protected environment or active AAL2 session.","control":"Fail-closed protected smoke, route-level no-authority headers, and operator workaround instructions.","detectionRoutes":["/pilot-workspace/access","/release-continuity"],"failClosedBehavior":"Treat public checks as fail-closed proof and require an approved operator for protected proof."},{"name":"PHI or live-care boundary breach","severity":"high","likelySource":"Inputs, artifacts, or routes attempting to store patient identifiers, clinical records, diagnosis details, or live-care actions.","control":"Synthetic-only boundaries, prohibited data lists, no-PHI protected panels, intake rejection, and live-care authority headers.","detectionRoutes":["/clinical-authority-readiness","/clinical-care-activation","/pilot"],"failClosedBehavior":"Reject or strip prohibited data and keep live-care actions blocked."},{"name":"Public distribution lockbox gap","severity":"high","likelySource":"Buyer proof referenced outside protected diligence before release-control chain completion.","control":"Buyer Release Control Runbook, protected verifier, disabled distribution lockbox, recipient attestations, and access-log reconciliation.","detectionRoutes":["/buyer-release-control-run","/pilot-workspace/access#buyer-release-control-verifier"],"failClosedBehavior":"Keep distribution internal-only until retained release decisions and recipient controls exist."}],"efficiencyImprovements":[{"name":"One route map for every operating surface","impact":"Reduces release uncertainty and navigation search time for operators and buyers.","proof":"/navigation reports page routes, API patterns, smoke pages, groups, and bottlenecks.","owner":"Product Console + Release Steward"},{"name":"Reliability counters inside Product Console","impact":"Lets executives see controls, fault classes, open gates, and efficiency work without reading every page.","proof":"/product and /api/product/console include Service Reliability posture.","owner":"Founder + Product Console"},{"name":"No-authority headers on reliability APIs","impact":"Prevents a reliability route from being mistaken for approval, certification, PHI, release, or live-care authority.","proof":"/api/service-reliability and /api/service-reliability/brief expose explicit no-authority headers.","owner":"TrustOS + Release Steward"},{"name":"Source-count smoke checks","impact":"Catches route-count drift when pages or API handlers are added.","proof":"Public production smoke checks navigation counts and service reliability route/API/brief.","owner":"Release Steward"},{"name":"Fail-closed protected posture","impact":"Keeps protected proof blocked publicly while still allowing browser-session operator verification.","proof":"Protected routes fail closed in public smoke and remain AAL2 gated.","owner":"Security + Operator"},{"name":"Downloadable executive brief","impact":"Turns the reliability map into a reviewable artifact for founders, operators, reviewers, and buyers.","proof":"/api/service-reliability/brief","owner":"Founder + Release Steward"}],"nextOperatorActions":["Use /service-reliability before each release to confirm every product/service barrier has an owner, proof route, and retained boundary.","Keep Navigation Audit and public smoke source-count checks updated whenever routes or API handlers are added.","Keep protected happy-path proof human-operated through AAL2 and never retain token values.","Route approval, PHI, live-care, customer-proof, public-market, reimbursement, legal, and security-certification claims through qualified external review.","Add any newly discovered fault class to this lane before expanding product claims or buyer materials."],"updated":"2026-06-23"}}}