# SCRIMED Navigation Audit Brief

Status: route-navigation-audit-active
Page route count: 164
API route pattern count: 439
Dynamic page route count: 15
Navigation groups: 8
Site navigation sections: 5
Role journeys: 14
Limitation controls: 22
Audited navigation routes: 142
Smoke-covered HTML routes: 76
Protected coverage: fail-closed-publicly-aal2-required-for-happy-path
Release authority: not-release-approval
PHI authority: not-authorized-production-phi
Clinical care authority: not-authorized-live-care
Security certification: not-security-certified
Approval authority: external-review-required

## Boundary
SCRIMED Navigation Audit organizes page routes, API route patterns, smoke coverage, protected fail-closed checks, and retained approval boundaries into one operating map. It is an audit and navigation control surface only. It does not certify that every protected workflow has been executed, bypass AAL2, approve public release, authorize PHI processing, grant legal or clinical authority, certify security/compliance, or approve production connectors.

This brief is not release approval, legal approval, security certification, HIPAA certification, FDA clearance, ONC certification, production connector approval, PHI processing approval, token authorization, or live clinical authorization.

## Navigation Groups
- Executive command (linked): Give founders, buyers, operators, and reviewers a short path into the active operating surfaces. Routes: /, /hub, /company-assessment, /clinical-production-readiness, /pilot-demo-commercial-readiness, /product, /offerings, /service-delivery, /client-onboarding, /competitive-defense, /competitive-intelligence, /global-enterprise-command, /global-certification-readiness, /continuous-review-audit, /enterprise-business-ops, /enterprise-healthcare-infrastructure, /enterprise-scalability, /platform-power, /limitations-workarounds, /launch-readiness, /navigation, /deployment-drift-guard, /service-reliability, /operational-efficiency, /capital-vitality, /growth-engine, /investor-audience-readiness, /scrimed-intelligence-platform, /scrimed-intelligence-safety-stack, /scrimed-operating-command, /scrimed-work, /scrimed-control-plane, /scrimed-automation-autopilot, /strategic-problem-resolution, /healthcare-optimization-command, /healthcare-value-realization, /pilot-activation-planner, /pilot-handoff-command, /pilot-success-review-command, /pilot-value-evidence, /scrimed-upgrade-implementation-plan, /scrimed-agent-governance, /scrimed-reasoning-stability, /scrimed-clinical-benchmark-suite, /scrimed-enterprise-acceleration, /scrimed-governance-learning-loop, /scrimed-guided-execution, /scrimed-proof-packet-studio, /scrimed-cyber-defense, /scrimed-hybrid-retrieval, /scrimed-llmops-observability, /scrimed-ai-infrastructure-watchtower, /scrimed-patient-context-gateway, /pilot-evidence Boundary: Navigation links are operating guidance, not proof of protected execution.
- Commercial buyer motion (smoke-covered): Move qualified buyers from public product proof into demos, pricing, deal-room context, and pilot intake. Routes: /pilot-deal-room, /offerings, /service-delivery, /client-onboarding, /launch-readiness, /competitive-defense, /pricing, /pilot-demo-commercial-readiness, /demos, /demos/[slug], /documentation-before-authorization, /pilots, /pilots/[slug], /pilot, /competitive-intelligence, /capital-vitality, /growth-engine, /company-assessment, /clinical-production-readiness, /pilot-demo-commercial-readiness, /enterprise-business-ops, /enterprise-healthcare-infrastructure, /enterprise-scalability, /platform-power, /limitations-workarounds, /scrimed-automation-autopilot, /operational-efficiency, /sales-operations, /scrimed-proof-packet-studio, /scrimed-cyber-defense, /healthcare-value-realization, /pilot-activation-planner, /pilot-handoff-command, /pilot-success-review-command, /pilot-value-evidence Boundary: Commercial routes cannot claim customer permission, production activation, autonomous email send, calendar invite creation, or external distribution approval.
- Approval and authority readiness (smoke-covered): Keep legal, regulatory, clinical, security, reimbursement, and buyer-release boundaries visible before claims expand. Routes: /approvals-readiness, /company-assessment, /clinical-production-readiness, /competitive-defense, /global-certification-readiness, /continuous-review-audit, /boundary-release-approvals, /boundary-resolution, /limitations-workarounds, /launch-readiness, /clinical-authority-readiness, /clinical-care-activation, /health-records, /public-market-readiness, /capital-vitality, /growth-engine, /enterprise-business-ops, /enterprise-scalability, /platform-power, /limitations-workarounds, /client-onboarding, /service-delivery, /release-continuity, /deployment-drift-guard, /launch-readiness, /service-reliability, /operational-efficiency, /strategic-problem-resolution, /healthcare-value-realization, /pilot-activation-planner, /pilot-handoff-command, /pilot-success-review-command, /pilot-value-evidence Boundary: These routes prepare approvals; they do not grant legal approval, clinical authority, certification, or live-care authorization.
- Protected workspace and AAL2 proof (operator-required): Separate public visibility from tenant-scoped protected evidence, packets, release decisions, and operator-only workflows. Routes: /pilot-workspace, /pilot-workspace/access, /buyer-release-control-run, /qa-manual-execution-console, /qa-aal2-run-evidence Boundary: No code path may mint, retain, print, or reuse operator bearer tokens to bypass AAL2.
- QA and release proof (smoke-covered): Keep manual QA execution, claim guard, activation seal, proof promotion, and buyer proof release staged before any claim expansion. Routes: /qa-evidence, /qa-execution-readiness, /qa-run-control, /continuous-review-audit, /qa-launch-kit, /qa-human-run-packet, /qa-completion-bridge, /qa-claim-guard, /qa-activation-seal, /qa-proof-promotion, /qa-buyer-proof-release Boundary: QA routes can prove readiness and no-secret handling; retained authenticated proof remains protected and AAL2 gated.
- Agent and workflow OS (compile-covered): Expose AgentOS, Agent Workspace, memory, audit, observability, workflow contracts, execution readiness, results, and runtime safety. Routes: /agents, /competitive-defense, /platform-power, /production-architecture, /scrimed-intelligence-platform, /scrimed-operating-command, /scrimed-work, /scrimed-control-plane, /scrimed-automation-autopilot, /limitations-workarounds, /launch-readiness, /agents/[slug], /agent-workspace, /evaluation, /documentation-before-authorization, /memory, /audit, /observability, /workflows, /workflows/[slug], /workflows/contracts, /workflows/identity-access, /workflows/execution-attempts, /workflows/execution-audit, /workflows/audit-persistence, /workflows/results, /workflows/results/validation, /workflows/promotion-review, /workflows/runtime-safety Boundary: Workflow execution stays synthetic and deny-by-default until identity, runtime safety, audit, connector, and review gates are approved.
- Interoperability, integrations, and synthetic validation (compile-covered): Keep standards, connector contracts, fixture validation, and synthetic clinical workflows inspectable before production data connections. Routes: /interoperability, /enterprise-healthcare-infrastructure, /health-records, /interoperability/[slug], /interoperability/evaluations, /interoperability/evaluations/[slug], /integrations, /integrations/fixture-validation, /integrations/fixtures, /integrations/fixtures/[slug], /synthetic, /synthetic/[slug], /synthetic/fixtures, /synthetic/fixtures/[slug], /synthetic/validation Boundary: Synthetic validation does not authorize production connectors, PHI ingestion, payer submission, or live clinical workflow execution.
- Trust, market, operations, and platform context (linked): Maintain public trust posture, market activation, source intelligence, deployment profiles, operations blockers, and platform modules. Routes: /trust-center, /trust-center/[slug], /trust, /company-assessment, /clinical-production-readiness, /pilot-demo-commercial-readiness, /trust-os, /trust-safety-operations, /claims, /limitations-workarounds, /launch-readiness, /competitive-defense, /competitive-intelligence, /continuous-review-audit, /enterprise-business-ops, /enterprise-scalability, /platform-power, /production-architecture, /workflows/execution-attempts, /limitations-workarounds, /offerings, /client-onboarding, /service-delivery, /service-reliability, /operational-efficiency, /scrimed-automation-autopilot, /market-activation, /global-certification-readiness, /global-reach, /sales-attribution, /attribution-analytics, /source-intelligence, /deployment-profiles, /operations, /quality, /operating-context, /health-records, /healthcare-optimization-command, /healthcare-intelligence-os, /production-architecture, /scrimed-intelligence-platform, /scrimed-operating-command, /platform, /governance-packs, /faithcore, /modules/clinical-copilot, /modules/docutwin, /modules/carepath-ai, /modules/trialcore, /modules/watchtower Boundary: Public trust and market pages remain claims-controlled and cannot self-certify legal, security, or regulatory approvals.

## Role Journeys
- Clinical production readiness owner: start at /clinical-production-readiness; sequence /clinical-production-readiness -> /clinical-robustness-lab -> /company-assessment -> /clinical-authority-readiness -> /global-certification-readiness -> /health-records -> /platform-power -> /continuous-review-audit -> /service-reliability -> /enterprise-business-ops -> /service-delivery -> /qa-buyer-proof-release -> /pilot-workspace/access. Outcome: Keep PHI, live care, connector, AI, regulatory, support, customer go-live, and commercial-legal tasks tracked while current no-PHI capabilities continue to generate value. Boundary: Clinical production readiness tracking is not legal advice, medical advice, regulatory approval, PHI authority, connector approval, certification, customer permission, launch approval, or live clinical authority.
- Founder, executive sponsor, or company operator: start at /company-assessment; sequence /company-assessment -> /product -> /offerings -> /service-delivery -> /enterprise-business-ops -> /platform-power -> /health-records -> /launch-readiness -> /approvals-readiness -> /global-certification-readiness -> /continuous-review-audit -> /limitations-workarounds -> /qa-buyer-proof-release. Outcome: Move from whole-company posture to product, revenue, delivery, platform, safety, launch, approval, review, limitation, and protected proof decisions without losing boundaries. Boundary: Company assessment is operating readiness only and does not create legal, financial, certification, PHI, launch, revenue, profit, or clinical authority.
- Healthcare buyer: start at /product; sequence /product -> /pilot-demo-commercial-readiness -> /platform-power -> /limitations-workarounds -> /offerings -> /service-delivery -> /client-onboarding -> /demos -> /pilots -> /pricing -> /pilot-deal-room -> /pilot. Outcome: Move from product understanding to governed onboarding, demo, pilot, diligence, and intake without needing to know SCRIMED's internal route map. Boundary: Buyer navigation remains synthetic-evaluation only and does not authorize production clinical use.
- Demo, pilot, or pricing owner: start at /pilot-demo-commercial-readiness; sequence /pilot-demo-commercial-readiness -> /demos -> /pilots -> /pricing -> /offerings -> /client-onboarding -> /pilot-deal-room -> /service-delivery -> /pilot. Outcome: Map each buyer conversation to one demo, one recommended pilot, one price band, one proof list, one no-PHI intake route, and one retained boundary before custom work expands. Boundary: Demo and pricing navigation is commercial readiness only and does not create quotes, contracts, procurement approval, revenue or ROI guarantees, PHI authority, connector approval, or clinical authority.
- Security or compliance reviewer: start at /trust-center; sequence /trust-center -> /competitive-defense -> /claims -> /approvals-readiness -> /global-certification-readiness -> /boundary-resolution -> /limitations-workarounds -> /pilot-workspace/access. Outcome: Review evidence, prohibited claims, future approval tracks, and protected no-PHI diligence controls in one path. Boundary: Readiness pages do not create legal advice, certification, PHI authority, or approval.
- Release or operator owner: start at /launch-readiness; sequence /launch-readiness -> /navigation -> /release-continuity -> /service-reliability -> /scrimed-automation-autopilot -> /enterprise-scalability -> /platform-power -> /limitations-workarounds -> /operational-efficiency -> /continuous-review-audit -> /qa-evidence. Outcome: Move from launch go/no-go checks to route inventory, release proof, DNS workaround evidence, reliability controls, scale operations, efficiency bottlenecks, review loops, and QA evidence. Boundary: Operational navigation is not release approval and cannot bypass AAL2 or qualified human review.
- Launch owner or executive sponsor: start at /launch-readiness; sequence /launch-readiness -> /product -> /offerings -> /service-delivery -> /client-onboarding -> /release-continuity -> /navigation -> /operations -> /service-reliability -> /enterprise-business-ops -> /global-certification-readiness -> /pilot-workspace/access. Outcome: Review product packaging, service readiness, branded-domain smoke, sandbox DNS workaround, operations blockers, enterprise controls, external-review gates, and protected proof boundaries before launch promotion. Boundary: Launch readiness is human-reviewed operating evidence only; it is not branded-domain launch approval, sandbox bypass, contractual SLA, certification, PHI authority, customer release, or live clinical authority.
- Founder, sales, or board reviewer: start at /enterprise-business-ops; sequence /enterprise-business-ops -> /enterprise-scalability -> /platform-power -> /competitive-defense -> /limitations-workarounds -> /offerings -> /service-delivery -> /client-onboarding -> /growth-engine -> /capital-vitality -> /investor-audience-readiness -> /public-market-readiness -> /competitive-intelligence -> /pilot-deal-room. Outcome: Connect revenue capability, scale readiness, onboarding discipline, price floors, proof ladders, capital readiness, audience-specific packets, market position, and buyer diligence. Boundary: Business navigation is not legal, accounting, tax, audited financial, securities, revenue, or profit advice.
- Legal, privacy, cyber, or competitor-defense owner: start at /competitive-defense; sequence /competitive-defense -> /competitive-intelligence -> /claims -> /trust-center -> /global-certification-readiness -> /health-records -> /platform-power -> /trust-os -> /service-reliability -> /release-continuity -> /pilot-workspace/access. Outcome: Move from competitor pressure and weakness relief to claims control, privacy gates, cyber controls, LLM threat modeling, incident response, supply-chain checks, and protected evidence release. Boundary: Competitive defense is readiness only; it is not legal advice, privacy approval, security certification, penetration-test authorization, PHI authority, competitor partnership, or protection guarantee.
- Investor, strategic partner, or faith-based clinic sponsor: start at /investor-audience-readiness; sequence /investor-audience-readiness -> /capital-vitality -> /growth-engine -> /enterprise-business-ops -> /public-market-readiness -> /client-onboarding -> /pilot-deal-room -> /qa-claim-guard. Outcome: Match angel, corporate strategic, private, faith-based clinic, public-sector, payer, health-system, clinician, global-partner, or transformation-sponsor questions to proof, next moves, and retained review gates. Boundary: Investor and audience navigation is readiness only; it is not securities offering material, solicitation, investment advice, valuation assurance, legal advice, tax advice, donor advice, customer permission, or approval.
- Service delivery owner: start at /service-delivery; sequence /service-delivery -> /offerings -> /client-onboarding -> /enterprise-business-ops -> /qa-claim-guard -> /qa-buyer-proof-release -> /pilot-workspace/access -> /growth-engine. Outcome: Move from packaged offer to scoped work order, kickoff inputs, artifacts, acceptance criteria, release gates, handoff, and next paid package. Boundary: Service delivery navigation is execution control only and does not create SOW, contract, SLA, PHI, production connector, customer release, revenue, profit, or live-care authority.
- Global partner or regional buyer: start at /global-enterprise-command; sequence /global-enterprise-command -> /global-reach -> /global-certification-readiness -> /deployment-profiles -> /trust-center -> /approvals-readiness -> /pilot. Outcome: Find region commands, buyer localization, deployment options, certification tracks, communication lanes, interoperability assumptions, and retained approval gates. Boundary: Global navigation is preparation only and does not claim local legal, procurement, regulatory, or clinical approval.
- Integration, data, or records owner: start at /health-records; sequence /health-records -> /enterprise-healthcare-infrastructure -> /interoperability -> /platform-power -> /limitations-workarounds -> /interoperability/evaluations -> /integrations/fixture-validation -> /clinical-care-activation -> /boundary-resolution. Outcome: Move from no-PHI record extraction planning to standards mapping, synthetic conformance, safety gates, and retained live-data approvals. Boundary: Health-record navigation supports synthetic and sandbox planning only; it does not authorize live PHI, patient matching, writeback, payer submission, or clinical action.
- Boundary or workaround owner: start at /limitations-workarounds; sequence /limitations-workarounds -> /boundary-resolution -> /boundary-release-approvals -> /operational-efficiency -> /scrimed-automation-autopilot -> /platform-power -> /service-reliability -> /continuous-review-audit. Outcome: Convert limitations, issues, and bottlenecks into safe workaround packets, escalation owners, approval paths, proof routes, and graduation gates. Boundary: Workaround navigation is containment only and does not create authority, certification, PHI access, live AI, or release approval.

## Limitation Controls
- Pilot Demo Commercial Readiness: /pilot-demo-commercial-readiness. Seamless demo-to-pilot package routing, market-aligned price bands, proof assets, margin rules, and hard stops. Boundary: Does not create signed quotes, contracts, procurement approval, customer permission, revenue guarantees, ROI guarantees, PHI authority, production connector approval, security certification, or live clinical care.
- Clinical Production Readiness: /clinical-production-readiness. Required clinical-production task ledger, go-live gates, current capability motions, source references, and hard stops. Boundary: Does not provide legal advice, medical advice, regulatory approval, HIPAA compliance, security certification, FDA clearance, ONC certification, EU AI Act conformity, GDPR assurance, PHI authority, connector approval, customer permission, launch approval, reimbursement assurance, revenue guarantee, profit guarantee, or live clinical care.
- Clinical Robustness Lab: /clinical-robustness-lab. Adversarial no-PHI clinical readiness scorecards for missing data, conflicting data, abbreviations, noisy notes, wrong units, multilingual notes, incomplete records, temporal inconsistencies, and hallucination risk. Boundary: Does not provide clinical validation, medical advice, PHI authority, diagnosis, treatment, triage, patient outreach, signed documentation, payer submission, EHR writeback, certification, or live clinical authority.
- Company Assessment: /company-assessment. Whole-company readiness score, strengths, weakness relief, upgrade workstreams, team lanes, hard stops, and authority boundaries. Boundary: Does not provide legal advice, accounting advice, tax advice, audited financial reporting, investment advice, securities material, certification, security assurance, PHI authority, launch approval, customer permission, revenue guarantees, profit guarantees, or live clinical care.
- Competitive Defense: /competitive-defense. Competitor threats, weakness relief, legal/privacy/cyber controls, infiltration-deterrence layers, and external review gates. Boundary: Does not provide legal advice, privacy approval, security certification, penetration-test authorization, PHI authority, competitor partnership, protection guarantee, customer release, or clinical authority.
- Launch Readiness: /launch-readiness. Launch structure, DNS sandbox classification, strict branded-domain gate, service paths, risks, workarounds, and hard stops. Boundary: Does not bypass sandbox DNS, override domain records, approve launch, create SLAs, authorize PHI, certify compliance, approve connectors, or approve customer release.
- Investor Audience Readiness: /investor-audience-readiness. Weakness relief, competitive edge, sellable value, and audience packets for investors, clinics, buyers, and partners. Boundary: Does not create investment advice, securities material, solicitation, valuation assurance, legal/tax/accounting advice, donor advice, customer permission, approval, PHI authority, or clinical authority.
- Limitations Workarounds: /limitations-workarounds. Safe workaround packets, escalation triggers, owners, proof routes, and graduation gates for blocked work. Boundary: Does not grant approval, certification, PHI authority, live clinical authority, legal/finance advice, SLA, live AI, or release authority.
- Boundary Resolution: /boundary-resolution. Central limitation register, hard stops, safe workarounds, and prohibited claims. Boundary: Does not grant approval, certification, production authorization, PHI authority, or live clinical authority.
- Boundary Release Approval Matrix: /boundary-release-approvals. Approval paths, required evidence, owner signoffs, safe workarounds, release hashes, and fail-closed boundary decisions. Boundary: Does not relieve preserved boundaries or grant PHI, clinical, payer, EHR, connector, certification, or customer go-live authority.
- Operational Efficiency: /operational-efficiency. Known gaps, inefficiencies, bottlenecks, proof-route gaps, hard stops, and resolution sprints. Boundary: Does not authorize autonomous remediation, AAL2 bypass, buyer release, or qualified-review replacement.
- Automation Autopilot: /scrimed-automation-autopilot. Safe autonomy readiness, approval routing, bottleneck workarounds, proof-route selection, and production-action blocking. Boundary: Does not authorize live PHI, autonomous clinical care, production remediation, patient outreach, payer submission, EHR writeback, credential mutation, production deploy, SLA, certification, revenue guarantee, or customer go-live.
- Offerings: /offerings. Packaged product/service offers, proof routes, margin controls, and retained approval boundaries. Boundary: Does not approve contracts, PHI processing, production connectors, customer claims, revenue, profit, legal, accounting, tax, or clinical authority.
- Service Delivery: /service-delivery. Scoped work orders, acceptance criteria, artifacts, buyer handoffs, margin protections, and authority gates. Boundary: Does not create SOWs, contract approval, SLAs, managed-service commitments, PHI authority, production connector approval, customer permission, revenue guarantees, profit guarantees, or live clinical authority.
- Client Onboarding: /client-onboarding. Human-reviewed onboarding, demo, pilot, meeting, presentation, email, calendar-ready, and handoff controls. Boundary: Does not send email, create calendar invites, approve contracts, approve procurement, process PHI, approve security posture, or authorize live clinical care.
- Enterprise Scalability: /enterprise-scalability. Capacity, tenancy, queueing, observability, SLO readiness, support, region, incident, and cost controls. Boundary: Does not create contractual SLAs, managed service coverage, security certification, production hosting approval, PHI authority, connector approval, revenue guarantees, or profit guarantees.
- API UI AI Platform Power: /platform-power. API contracts, UI command paths, AI model routing, agent approval, evidence retrieval, evals, and cost controls. Boundary: Does not create public API SLA authority, live autonomous AI authority, production model approval, PHI authority, accessibility certification, security certification, connector approval, or trillion-scale equivalence claims.
- Approvals Readiness: /approvals-readiness. Approval ladder for public claims, HIPAA/BAA, SOC 2/HITRUST, FDA/CDS/SaMD, ONC, and buyer release. Boundary: Does not create legal approval, certification, FDA clearance, ONC certification, PHI authority, or live-care authority.
- Clinical Authority: /clinical-authority-readiness. Live-care, PHI, legal, regional, reimbursement, security, connector, and production clinical gates. Boundary: Does not authorize PHI processing, live clinical care, reimbursement, connectors, or production clinical use.
- Health Records: /health-records. No-PHI health-record extraction, interoperability, safety checks, and live-data workarounds. Boundary: Does not authorize live PHI, patient matching, production connectors, EHR writeback, payer submission, or clinical action.
- Global Enterprise Command: /global-enterprise-command. International enterprise readiness, global sales, localization, interoperability, communication, and partner-readiness command surface. Boundary: Does not claim regional legal approval, procurement approval, certification, production deployment, PHI authority, clinical authority, reseller authority, or customer go-live.
- Global Certification: /global-certification-readiness. Domestic and global certification/approval preparation across key jurisdictions and frameworks. Boundary: Does not claim HIPAA, SOC 2, HITRUST, ISO, FDA, GDPR, EU AI Act, NHS, MHRA, or Australian approval.

## Bottlenecks
- Whole-company operating fragmentation (contained): Product, service, launch, revenue, legal, certification, cybersecurity, AI, health-record, investor, and scale decisions can fragment when teams inspect only one lane at a time. Workaround: Use /company-assessment as the top-level operating cockpit before routing into Product Console, Offerings, Service Delivery, Enterprise Business Ops, Platform Power, Health Records, Launch Readiness, Approvals, Global Certification, Continuous Review, Workarounds, or protected proof release. Owner: Executive Operating Council + Product Console + TrustOS
- Clinical production readiness incompleteness (external-review-required): Current no-PHI pilots, demos, diligence packets, and readiness services are usable now, but clinical production requires a separate task ledger, qualified external review, customer authority, and live-data controls. Workaround: Use /clinical-production-readiness before PHI, live-care, connector, clinical AI, certification, customer go-live, or global production language expands; use current capability motions for safe revenue while the task ledger remains incomplete. Owner: Clinical production readiness owner + qualified external reviewers
- Demo-to-pilot pricing friction (contained): Buyers can stall when public demos, pilot programs, price bands, proof assets, intake steps, and custom diligence boundaries are not tied together before a call. Workaround: Use /pilot-demo-commercial-readiness before demo, pilot, or pricing conversations so each buyer path has one demo, one recommended pilot, one price band, one proof list, one no-PHI intake route, and one hard-stop boundary. Owner: Revenue Operations + Product Console + Deal Desk
- Service delivery scope drift (contained): Sellable offers can become low-margin custom work or unsupported commitments if scope, acceptance criteria, artifacts, and authority gates are not attached before kickoff. Workaround: Use /service-delivery to bind every package to no-PHI intake, scope matrix, work-order templates, buyer handoff, margin controls, release gates, and no-SLA/no-contract/no-live-care boundaries. Owner: Delivery Lead + Product Console + Revenue Operations
- Route sprawl (resolved): High-value pages and proof routes were harder to discover as the App Router surface grew. Workaround: Use /navigation as the source-indexed route map and wire it through Homepage, Hub, Product Console, API, brief, README, systems map, and smoke coverage. Owner: Product Console + Release Steward
- Deployment drift (contained): A reviewed local build can pass while the live production target still serves an older deployment or returns 404 for new buyer-critical routes. Workaround: Use /deployment-drift-guard, /api/deployment-drift-guard, and npm run smoke:deployment-drift-guard against local and production targets before buyer, investor, launch, or proof-packet promotion. Owner: Release Steward + Platform Engineering
- Protected happy-path proof (operator-required): Unauthenticated checks can prove fail-closed behavior, but not successful tenant-scoped protected mutations. Workaround: Use /pilot-workspace/access with an active human AAL2 browser session or a deliberate one-time short-lived token run without retaining token values. Owner: Approved tenant-admin or pilot-lead operator
- Dynamic detail route coverage (contained): Dynamic pages compile, but public smoke focuses on canonical entry points instead of crawling every slug variant. Workaround: Keep route inventory visible here, use typecheck/build for every dynamic segment, and add targeted slug smoke when a dynamic route becomes buyer-critical. Owner: Release Steward
- External approvals and certifications (external-review-required): Navigation can show approval and certification tracks, but SCRIMED cannot self-certify legal, security, HIPAA, FDA, ONC, EU AI Act, GDPR, NHS, MHRA, Australia, reimbursement, procurement, or clinical-use authority. Workaround: Keep approval and certification routes claims-controlled, attach only qualified external evidence, and preserve no-authority headers until formal approval exists. Owner: Founder + qualified external reviewers
- Capital and securities boundaries (external-review-required): Revenue, moat, investor, and funding readiness can be mistaken for securities offering material, audited financial reporting, valuation assurance, or investment advice. Workaround: Use /capital-vitality for readiness-only proof, keep no-securities/no-advice headers visible, and route fundraising, valuation, legal, tax, and investor-solicitation materials through qualified counsel. Owner: Founder + qualified counsel + finance reviewers
- Growth execution concentration (operator-required): Proof depth can diffuse commercial focus unless buyer segments, sellable offers, conversion lanes, and next actions stay prioritized. Workaround: Use /growth-engine to keep founder-led assessment outreach, synthetic pilot pipeline, governance audit packaging, and protected diligence upgrades in one operating lane. Owner: Founder + Product Console + Sales Operations
- Enterprise legal and finance operating depth (external-review-required): Enterprise revenue, margins, contracts, accounting, tax, investor, and board materials can create risk if authority is informal or claims outrun qualified review. Workaround: Use /enterprise-business-ops to route deal desk, price floors, margin controls, legal/accounting/tax roles, billing readiness, and blocked business claims through named owners before commitments expand. Owner: Founder + qualified counsel + finance/accounting/tax reviewers
- Enterprise scalability commitment boundaries (external-review-required): Capacity, SLO, support, region, residency, disaster recovery, and managed-service language can become accidental commitments if not routed before buyer use. Workaround: Use /enterprise-scalability to attach capacity assumptions, tenant owners, support-tier review, no-SLA language, regional gates, cost thresholds, and qualified contract review before commitments expand. Owner: Platform + service reliability + customer operations + legal ops
- API UI AI platform power authority boundaries (external-review-required): API contracts, UI improvements, live AI, model routing, agent tool use, accessibility, and scale-positioning language can become unsupported enterprise claims if they are not routed through proof and authority controls. Workaround: Use /platform-power to attach API owners, UI role journeys, model-route registers, agent approval triggers, eval evidence, cost owners, and no-live-AI/no-PHI/no-SLA boundaries before claims expand. Owner: Platform engineering + Product Console + TrustOS + security + finance
- Limitations workaround drift (contained): Safe alternatives can turn into informal permission when workaround packets do not have expiration rules, escalation triggers, and graduation gates. Workaround: Use /limitations-workarounds to attach every repeated issue to a packet, owner, proof route, cadence, hard stop, and promotion path before buyer or release language expands. Owner: Boundary owner + Operational Efficiency + Product Console
- Autonomy expansion pressure (contained): Automation can accelerate SCRIMED, but unsafely expanding it could imply production remediation, patient outreach, payer submission, EHR writeback, credential mutation, clinical authority, or customer go-live. Workaround: Use /scrimed-automation-autopilot to classify every automation lane as manual-only, recommendation-only, review-gated automation, or synthetic autopilot before action authority expands. Owner: TrustOS + Platform Engineering + Release Steward
- Local shell runtime path (contained): The managed local shell may omit node/npm from PATH even though the bundled runtime works. Workaround: Use the bundled Node path for local checks and keep npm lifecycle scripts documented through Release Continuity and Operations readiness. Owner: Release Steward
- Sandbox DNS resolution (contained): Restricted local sandbox execution can return ENOTFOUND for app.scrimedsolutions.com even when the branded production domain passes from approved network access. Workaround: Use /launch-readiness and the launch-domain preflight to classify sandbox DNS separately, require strict branded-domain smoke from approved network access before launch, and treat fallback Vercel URL success as continuity-only evidence. Owner: Release Steward + Domain/DNS administrator

## Page Route Inventory
- /
- /agent-workspace
- /agents
- /agents/[slug]
- /approvals-readiness
- /atlas
- /attribution-analytics
- /audit
- /boundary-release-approvals
- /boundary-resolution
- /buyer-release-control-run
- /capital-vitality
- /claims
- /client-onboarding
- /clinical-authority-readiness
- /clinical-care-activation
- /clinical-production-readiness
- /clinical-robustness-lab
- /company-assessment
- /competitive-edge
- /competitive-defense
- /competitive-intelligence
- /scrimed-market-execution
- /scrimed-execution-focus
- /continuous-review-audit
- /contracts/[slug]
- /demos
- /demos/[slug]
- /deployment-profiles
- /documentation-before-authorization
- /enterprise-business-ops
- /enterprise-healthcare-infrastructure
- /enterprise-scalability
- /evaluation
- /faithcore
- /fixtures/change-review
- /global-certification-readiness
- /global-enterprise-command
- /global-reach
- /governance-packs
- /health-records
- /healthcare-optimization-command
- /healthcare-value-realization
- /pilot-activation-planner
- /pilot-handoff-command
- /pilot-success-review-command
- /pilot-value-evidence
- /growth-engine
- /healthcare-intelligence-os
- /hub
- /hub/events
- /hub/readiness
- /integrations
- /integrations/fixture-validation
- /integrations/fixtures
- /integrations/fixtures/[slug]
- /interoperability
- /interoperability/[slug]
- /interoperability/evaluations
- /interoperability/evaluations/[slug]
- /investor-audience-readiness
- /investor-readiness
- /launch-readiness
- /limitations-workarounds
- /market-activation
- /memory
- /modules/carepath-ai
- /modules/clinical-copilot
- /modules/docutwin
- /modules/trialcore
- /modules/watchtower
- /navigation
- /observability
- /omega-audit
- /operating-context
- /operational-efficiency
- /operations
- /offerings
- /pilot
- /pilot-demo-commercial-readiness
- /pilot-deal-room
- /pilot-evidence
- /pilot-workspace
- /pilot-workspace/access
- /pilots
- /pilots/[slug]
- /platform
- /platform-power
- /pricing
- /production-architecture
- /product
- /public-market-readiness
- /qa-aal2-run-evidence
- /qa-activation-seal
- /qa-buyer-proof-release
- /qa-claim-guard
- /qa-completion-bridge
- /qa-evidence
- /qa-execution-readiness
- /qa-human-run-packet
- /qa-launch-kit
- /qa-manual-execution-console
- /qa-proof-promotion
- /qa-run-control
- /quality
- /release-continuity
- /deployment-drift-guard
- /risk-register
- /sales-attribution
- /sales-operations
- /scrimed-agent-governance
- /scrimed-ai-infrastructure-watchtower
- /scrimed-automation-autopilot
- /scrimed-build-roadmap
- /scrimed-clinical-benchmark-suite
- /scrimed-cyber-defense
- /scrimed-enterprise-acceleration
- /scrimed-governance-learning-loop
- /scrimed-guided-execution
- /scrimed-hybrid-retrieval
- /scrimed-intelligence-platform
- /scrimed-intelligence-safety-stack
- /scrimed-llmops-observability
- /scrimed-modules
- /scrimed-operating-command
- /scrimed-work
- /scrimed-control-plane
- /scrimed-os
- /scrimed-patient-context-gateway
- /scrimed-proof-packet-studio
- /scrimed-reasoning-stability
- /scrimed-trustops
- /scrimed-upgrade-implementation-plan
- /service-delivery
- /service-reliability
- /source-intelligence
- /strategic-problem-resolution
- /strategic-intelligence
- /synthetic
- /synthetic/[slug]
- /synthetic/fixtures
- /synthetic/fixtures/[slug]
- /synthetic/validation
- /trust
- /trust-center
- /trust-center/[slug]
- /trust-os
- /trust-safety-operations
- /workflows
- /workflows/[slug]
- /workflows/audit-persistence
- /workflows/contracts
- /workflows/contracts/[slug]
- /workflows/execution-attempts
- /workflows/execution-audit
- /workflows/execution-audit/[slug]
- /workflows/identity-access
- /workflows/implementation-readiness
- /workflows/implementation-readiness/[slug]
- /workflows/promotion-review
- /workflows/results
- /workflows/results/[slug]
- /workflows/results/validation
- /workflows/runtime-safety

## Next Operator Actions
- Use /navigation before each release to check route inventory, source counts, smoke scope, and retained limitations.
- Use /launch-readiness before public launch, buyer campaigns, investor packet release, or board review to separate sandbox DNS false negatives from real production-domain launch gates.
- Use /competitive-defense before public competitor comparisons, security claims, privacy claims, investor packets, sales decks, or launch expansion to keep no-copy, no-PHI, no-certification, no-partnership, and qualified-review gates explicit.
- Use the persistent site navigation to move buyers, operators, reviewers, and global partners into their role-specific paths from every page.
- Add new high-value routes to the right navigation group and public smoke when they become buyer-critical.
- Use /platform-power before API, UI, AI, model-route, agent-tool, accessibility, or scale-equivalence claims expand.
- Use /limitations-workarounds when a request is blocked so the safe path, escalation owner, proof route, and graduation gate are explicit.
- Use /investor-audience-readiness when preparing angel, corporate strategic, private investor, faith-based clinic, public-sector, payer, health-system, clinician, global partner, or transformation-sponsor conversations.
- Keep protected routes fail-closed publicly and run happy-path proof only through an active human AAL2 session.
- Keep approval, PHI, clinical-care, connector, release, and security-certification claims gated until qualified external evidence exists.