{"service":"scrimed-operational-efficiency","route":"/operational-efficiency","apiRoute":"/api/operational-efficiency","briefRoute":"/api/operational-efficiency/brief","status":"operational-efficiency-bottleneck-resolution-control-plane-active","briefStatus":"operational-efficiency-brief-ready-no-autonomous-authority","boundary":"SCRIMED Operational Efficiency organizes known gaps, inefficiencies, bottlenecks, fault classes, release gates, onboarding and communication handoffs, scalability constraints, API contract gaps, UI command friction, AI model-route limits, agent approval gates, evidence retrieval constraints, SLO/SLA and support boundaries, growth constraints, enterprise controls, and continuous-review hard stops into one operating resolution lane. It improves execution discipline only. It does not authorize autonomous production remediation, bypass AAL2, process PHI, approve live clinical care, certify security, certify accessibility, send email, create calendar invites, approve contracts, create public API SLAs, create contractual SLAs, guarantee uptime, approve live autonomous AI, approve production model routing, commit managed-service coverage, approve production hosting or residency, provide legal/accounting/tax advice, approve production connectors, guarantee revenue, guarantee profit margin, approve buyer release, claim trillion-dollar-scale equivalence, or replace qualified human review.","authority":{"autonomyAuthority":"no-autonomous-production-remediation","dataBoundary":"synthetic-and-metadata-only","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","approvalAuthority":"external-review-required","securityCertification":"not-security-certified","revenueAuthority":"not-revenue-guarantee","profitAuthority":"not-profit-margin-guarantee","financialAuthority":"not-audited-financial-report","legalAuthority":"qualified-review-required"},"recordCount":155,"openBottleneckCount":106,"resolvedCount":49,"countsByStatus":{"resolved":4,"active-control":27,"contained":18,"operator-required":63,"protected-gated":2,"external-review-required":35,"blocked-by-design":6},"countsByDomain":{"release-quality":6,"route-coverage":18,"service-reliability":18,"offering-packaging":8,"client-onboarding":14,"enterprise-scalability":16,"platform-power":19,"limitations-workarounds":20,"commercial-throughput":4,"enterprise-operations":20,"continuous-review":6,"health-records-safety":5,"boundary-control":1},"proofRouteCount":87,"hardStopCount":316,"ownerCount":131,"sprintCount":9,"metricCount":4,"discrepancyFaultTriageCount":8,"criticalDiscrepancyFaultTriageCount":4,"highDiscrepancyFaultTriageCount":4,"sourceAlignment":{"navigationRouteCount":164,"smokeCoveredHtmlRouteCount":76,"serviceOpenGateCount":4,"serviceFaultClassCount":8,"releaseGateCount":6,"productServiceOfferCount":10,"productServicePackageCount":5,"productServiceMarginControlCount":8,"clientOnboardingStageCount":8,"clientOnboardingTemplateCount":9,"clientOnboardingHandoffCount":6,"enterpriseScalabilityDomainCount":9,"enterpriseScalabilityControlCount":10,"enterpriseScalabilityBottleneckCount":6,"platformPowerPillarCount":9,"platformPowerControlCount":12,"platformPowerBottleneckCount":7,"limitationsWorkaroundTrackCount":12,"limitationsWorkaroundPacketCount":8,"limitationsWorkaroundOpenRiskCount":11,"growthBottleneckCount":4,"enterpriseControlCount":10,"continuousAuditControlCount":6,"boundaryRecordCount":120},"records":[{"id":"release-source-control-drift","domain":"release-quality","name":"Source-control drift","status":"resolved","sourceSurface":"Release Continuity","impact":"The approvals readiness and buyer release-control release was committed, tagged, pushed, and verified against origin/main.","inefficiency":"Production-only changes can become hard to audit if Vercel history moves ahead of GitHub.","currentControl":"Keep every production release checkpointed by commit, tag, production smoke, and briefed release boundary.","resolutionPath":"Keep every production release checkpointed by commit, tag, production smoke, and briefed release boundary.","owner":"Founder + Release Steward","proofRoutes":["/product","/api/product/console","/api/release-continuity"],"hardStops":["PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Keep every production release checkpointed by commit, tag, production smoke, and briefed release boundary."},{"id":"release-public-production-smoke","domain":"release-quality","name":"Public production smoke","status":"resolved","sourceSurface":"Release Continuity","impact":"Public smoke validates the custom domain, HTML routes, JSON APIs, Markdown briefs, fail-closed protected routes, and approval boundaries.","inefficiency":"Public readiness can look healthy while protected writes still require explicit AAL2 proof.","currentControl":"Pair public smoke with protected fail-closed checks and a separate AAL2 operator run when a fresh session exists.","resolutionPath":"Pair public smoke with protected fail-closed checks and a separate AAL2 operator run when a fresh session exists.","owner":"Release Steward","proofRoutes":["/api/release-continuity","/api/product/console","/qa-evidence"],"hardStops":["PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Pair public smoke with protected fail-closed checks and a separate AAL2 operator run when a fresh session exists."},{"id":"release-protected-aal2-happy-path","domain":"release-quality","name":"Protected AAL2 happy path","status":"operator-required","sourceSurface":"Release Continuity","impact":"TrustOps, Agent Workspace, and Buyer Release Control fail closed without a tenant-admin or pilot-lead AAL2 session.","inefficiency":"A terminal cannot safely create or retain a fresh human AAL2 bearer token without crossing the no-secret boundary.","currentControl":"Use the protected browser workspace for no-secret verification, or run the CLI smoke only with a fresh external AAL2 token and dispose of it immediately after the run.","resolutionPath":"Use the protected browser workspace for no-secret verification, or run the CLI smoke only with a fresh external AAL2 token and dispose of it immediately after the run.","owner":"Approved tenant-admin or pilot-lead operator","proofRoutes":["/pilot-workspace/access","/buyer-release-control-run","/api/pilot-workspaces/{workspaceSlug}/buyer-release-control-run"],"hardStops":["PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use the protected browser workspace for no-secret verification, or run the CLI smoke only with a fresh external AAL2 token and dispose of it immediately after the run."},{"id":"release-aal2-smoke-readiness-packet","domain":"release-quality","name":"AAL2 smoke readiness packet","status":"operator-required","sourceSurface":"Release Continuity","impact":"The no-secret AAL2 smoke readiness packet is exposed for release review while strict protected writes remain human-token and feature-flag gated.","inefficiency":"A release checklist can prove readiness surfaces exist, but it cannot prove authenticated protected writes without a fresh human AAL2 session.","currentControl":"Inspect /api/qa-evidence/aal2-smoke-readiness, run npm run smoke:aal2:readiness, then use a short-lived authorized AAL2 token only for deliberate strict smoke.","resolutionPath":"Inspect /api/qa-evidence/aal2-smoke-readiness, run npm run smoke:aal2:readiness, then use a short-lived authorized AAL2 token only for deliberate strict smoke.","owner":"Release Steward + Approved AAL2 Operator","proofRoutes":["/qa-aal2-run-evidence","/api/qa-evidence/aal2-smoke-readiness","/api/qa-evidence/aal2-smoke-readiness/brief"],"hardStops":["PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Inspect /api/qa-evidence/aal2-smoke-readiness, run npm run smoke:aal2:readiness, then use a short-lived authorized AAL2 token only for deliberate strict smoke."},{"id":"release-secret-handling","domain":"release-quality","name":"Secret handling","status":"blocked-by-design","sourceSurface":"Release Continuity","impact":"Release scripts skip authenticated mutations unless a deliberate short-lived token is supplied outside the product and outside source control.","inefficiency":"Automating protected happy-path evidence with stored long-lived tokens would weaken the trust boundary.","currentControl":"Prefer browser AAL2 operator panels; when CLI evidence is necessary, use explicit environment variables for one run and never write token values to docs, chat, CI logs, or code.","resolutionPath":"Prefer browser AAL2 operator panels; when CLI evidence is necessary, use explicit environment variables for one run and never write token values to docs, chat, CI logs, or code.","owner":"Security + Operator","proofRoutes":["/qa-run-control","/qa-launch-kit","/qa-human-run-packet"],"hardStops":["PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Prefer browser AAL2 operator panels; when CLI evidence is necessary, use explicit environment variables for one run and never write token values to docs, chat, CI logs, or code."},{"id":"release-regulated-approval-claims","domain":"release-quality","name":"Regulated approval claims","status":"external-review-required","sourceSurface":"Release Continuity","impact":"Approvals Readiness and Boundary Resolution keep legal, HIPAA, SOC 2, HITRUST, FDA, ONC, reimbursement, and public customer-permission claims externally gated.","inefficiency":"SCRIMED can prepare approval evidence, but it cannot self-certify or self-authorize regulated claims.","currentControl":"Route public copy through Claim Guard, keep intended use narrow, retain external approval references, and require qualified reviewer sign-off before any claim expansion.","resolutionPath":"Route public copy through Claim Guard, keep intended use narrow, retain external approval references, and require qualified reviewer sign-off before any claim expansion.","owner":"Founder + Legal/Security/Regulatory reviewers","proofRoutes":["/approvals-readiness","/boundary-resolution","/qa-claim-guard"],"hardStops":["PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Route public copy through Claim Guard, keep intended use narrow, retain external approval references, and require qualified reviewer sign-off before any claim expansion."},{"id":"navigation-whole-company-operating-fragmentation","domain":"route-coverage","name":"Whole-company operating fragmentation","status":"contained","sourceSurface":"Navigation Audit","impact":"Product, service, launch, revenue, legal, certification, cybersecurity, AI, health-record, investor, and scale decisions can fragment when teams inspect only one lane at a time.","inefficiency":"Product, service, launch, revenue, legal, certification, cybersecurity, AI, health-record, investor, and scale decisions can fragment when teams inspect only one lane at a time.","currentControl":"Use /company-assessment as the top-level operating cockpit before routing into Product Console, Offerings, Service Delivery, Enterprise Business Ops, Platform Power, Health Records, Launch Readiness, Approvals, Global Certification, Continuous Review, Workarounds, or protected proof release.","resolutionPath":"Use /company-assessment as the top-level operating cockpit before routing into Product Console, Offerings, Service Delivery, Enterprise Business Ops, Platform Power, Health Records, Launch Readiness, Approvals, Global Certification, Continuous Review, Workarounds, or protected proof release.","owner":"Executive Operating Council + Product Console + TrustOS","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /company-assessment as the top-level operating cockpit before routing into Product Console, Offerings, Service Delivery, Enterprise Business Ops, Platform Power, Health Records, Launch Readiness, Approvals, Global Certification, Continuous Review, Workarounds, or protected proof release."},{"id":"navigation-clinical-production-readiness-incompleteness","domain":"route-coverage","name":"Clinical production readiness incompleteness","status":"external-review-required","sourceSurface":"Navigation Audit","impact":"Current no-PHI pilots, demos, diligence packets, and readiness services are usable now, but clinical production requires a separate task ledger, qualified external review, customer authority, and live-data controls.","inefficiency":"Current no-PHI pilots, demos, diligence packets, and readiness services are usable now, but clinical production requires a separate task ledger, qualified external review, customer authority, and live-data controls.","currentControl":"Use /clinical-production-readiness before PHI, live-care, connector, clinical AI, certification, customer go-live, or global production language expands; use current capability motions for safe revenue while the task ledger remains incomplete.","resolutionPath":"Use /clinical-production-readiness before PHI, live-care, connector, clinical AI, certification, customer go-live, or global production language expands; use current capability motions for safe revenue while the task ledger remains incomplete.","owner":"Clinical production readiness owner + qualified external reviewers","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /clinical-production-readiness before PHI, live-care, connector, clinical AI, certification, customer go-live, or global production language expands; use current capability motions for safe revenue while the task ledger remains incomplete."},{"id":"navigation-demo-to-pilot-pricing-friction","domain":"route-coverage","name":"Demo-to-pilot pricing friction","status":"contained","sourceSurface":"Navigation Audit","impact":"Buyers can stall when public demos, pilot programs, price bands, proof assets, intake steps, and custom diligence boundaries are not tied together before a call.","inefficiency":"Buyers can stall when public demos, pilot programs, price bands, proof assets, intake steps, and custom diligence boundaries are not tied together before a call.","currentControl":"Use /pilot-demo-commercial-readiness before demo, pilot, or pricing conversations so each buyer path has one demo, one recommended pilot, one price band, one proof list, one no-PHI intake route, and one hard-stop boundary.","resolutionPath":"Use /pilot-demo-commercial-readiness before demo, pilot, or pricing conversations so each buyer path has one demo, one recommended pilot, one price band, one proof list, one no-PHI intake route, and one hard-stop boundary.","owner":"Revenue Operations + Product Console + Deal Desk","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /pilot-demo-commercial-readiness before demo, pilot, or pricing conversations so each buyer path has one demo, one recommended pilot, one price band, one proof list, one no-PHI intake route, and one hard-stop boundary."},{"id":"navigation-service-delivery-scope-drift","domain":"route-coverage","name":"Service delivery scope drift","status":"contained","sourceSurface":"Navigation Audit","impact":"Sellable offers can become low-margin custom work or unsupported commitments if scope, acceptance criteria, artifacts, and authority gates are not attached before kickoff.","inefficiency":"Sellable offers can become low-margin custom work or unsupported commitments if scope, acceptance criteria, artifacts, and authority gates are not attached before kickoff.","currentControl":"Use /service-delivery to bind every package to no-PHI intake, scope matrix, work-order templates, buyer handoff, margin controls, release gates, and no-SLA/no-contract/no-live-care boundaries.","resolutionPath":"Use /service-delivery to bind every package to no-PHI intake, scope matrix, work-order templates, buyer handoff, margin controls, release gates, and no-SLA/no-contract/no-live-care boundaries.","owner":"Delivery Lead + Product Console + Revenue Operations","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /service-delivery to bind every package to no-PHI intake, scope matrix, work-order templates, buyer handoff, margin controls, release gates, and no-SLA/no-contract/no-live-care boundaries."},{"id":"navigation-route-sprawl","domain":"route-coverage","name":"Route sprawl","status":"resolved","sourceSurface":"Navigation Audit","impact":"High-value pages and proof routes were harder to discover as the App Router surface grew.","inefficiency":"High-value pages and proof routes were harder to discover as the App Router surface grew.","currentControl":"Use /navigation as the source-indexed route map and wire it through Homepage, Hub, Product Console, API, brief, README, systems map, and smoke coverage.","resolutionPath":"Use /navigation as the source-indexed route map and wire it through Homepage, Hub, Product Console, API, brief, README, systems map, and smoke coverage.","owner":"Product Console + Release Steward","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /navigation as the source-indexed route map and wire it through Homepage, Hub, Product Console, API, brief, README, systems map, and smoke coverage."},{"id":"navigation-deployment-drift","domain":"route-coverage","name":"Deployment drift","status":"contained","sourceSurface":"Navigation Audit","impact":"A reviewed local build can pass while the live production target still serves an older deployment or returns 404 for new buyer-critical routes.","inefficiency":"A reviewed local build can pass while the live production target still serves an older deployment or returns 404 for new buyer-critical routes.","currentControl":"Use /deployment-drift-guard, /api/deployment-drift-guard, and npm run smoke:deployment-drift-guard against local and production targets before buyer, investor, launch, or proof-packet promotion.","resolutionPath":"Use /deployment-drift-guard, /api/deployment-drift-guard, and npm run smoke:deployment-drift-guard against local and production targets before buyer, investor, launch, or proof-packet promotion.","owner":"Release Steward + Platform Engineering","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /deployment-drift-guard, /api/deployment-drift-guard, and npm run smoke:deployment-drift-guard against local and production targets before buyer, investor, launch, or proof-packet promotion."},{"id":"navigation-protected-happy-path-proof","domain":"route-coverage","name":"Protected happy-path proof","status":"operator-required","sourceSurface":"Navigation Audit","impact":"Unauthenticated checks can prove fail-closed behavior, but not successful tenant-scoped protected mutations.","inefficiency":"Unauthenticated checks can prove fail-closed behavior, but not successful tenant-scoped protected mutations.","currentControl":"Use /pilot-workspace/access with an active human AAL2 browser session or a deliberate one-time short-lived token run without retaining token values.","resolutionPath":"Use /pilot-workspace/access with an active human AAL2 browser session or a deliberate one-time short-lived token run without retaining token values.","owner":"Approved tenant-admin or pilot-lead operator","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /pilot-workspace/access with an active human AAL2 browser session or a deliberate one-time short-lived token run without retaining token values."},{"id":"navigation-dynamic-detail-route-coverage","domain":"route-coverage","name":"Dynamic detail route coverage","status":"contained","sourceSurface":"Navigation Audit","impact":"Dynamic pages compile, but public smoke focuses on canonical entry points instead of crawling every slug variant.","inefficiency":"Dynamic pages compile, but public smoke focuses on canonical entry points instead of crawling every slug variant.","currentControl":"Keep route inventory visible here, use typecheck/build for every dynamic segment, and add targeted slug smoke when a dynamic route becomes buyer-critical.","resolutionPath":"Keep route inventory visible here, use typecheck/build for every dynamic segment, and add targeted slug smoke when a dynamic route becomes buyer-critical.","owner":"Release Steward","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Keep route inventory visible here, use typecheck/build for every dynamic segment, and add targeted slug smoke when a dynamic route becomes buyer-critical."},{"id":"navigation-external-approvals-and-certifications","domain":"route-coverage","name":"External approvals and certifications","status":"external-review-required","sourceSurface":"Navigation Audit","impact":"Navigation can show approval and certification tracks, but SCRIMED cannot self-certify legal, security, HIPAA, FDA, ONC, EU AI Act, GDPR, NHS, MHRA, Australia, reimbursement, procurement, or clinical-use authority.","inefficiency":"Navigation can show approval and certification tracks, but SCRIMED cannot self-certify legal, security, HIPAA, FDA, ONC, EU AI Act, GDPR, NHS, MHRA, Australia, reimbursement, procurement, or clinical-use authority.","currentControl":"Keep approval and certification routes claims-controlled, attach only qualified external evidence, and preserve no-authority headers until formal approval exists.","resolutionPath":"Keep approval and certification routes claims-controlled, attach only qualified external evidence, and preserve no-authority headers until formal approval exists.","owner":"Founder + qualified external reviewers","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Keep approval and certification routes claims-controlled, attach only qualified external evidence, and preserve no-authority headers until formal approval exists."},{"id":"navigation-capital-and-securities-boundaries","domain":"route-coverage","name":"Capital and securities boundaries","status":"external-review-required","sourceSurface":"Navigation Audit","impact":"Revenue, moat, investor, and funding readiness can be mistaken for securities offering material, audited financial reporting, valuation assurance, or investment advice.","inefficiency":"Revenue, moat, investor, and funding readiness can be mistaken for securities offering material, audited financial reporting, valuation assurance, or investment advice.","currentControl":"Use /capital-vitality for readiness-only proof, keep no-securities/no-advice headers visible, and route fundraising, valuation, legal, tax, and investor-solicitation materials through qualified counsel.","resolutionPath":"Use /capital-vitality for readiness-only proof, keep no-securities/no-advice headers visible, and route fundraising, valuation, legal, tax, and investor-solicitation materials through qualified counsel.","owner":"Founder + qualified counsel + finance reviewers","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /capital-vitality for readiness-only proof, keep no-securities/no-advice headers visible, and route fundraising, valuation, legal, tax, and investor-solicitation materials through qualified counsel."},{"id":"navigation-growth-execution-concentration","domain":"route-coverage","name":"Growth execution concentration","status":"operator-required","sourceSurface":"Navigation Audit","impact":"Proof depth can diffuse commercial focus unless buyer segments, sellable offers, conversion lanes, and next actions stay prioritized.","inefficiency":"Proof depth can diffuse commercial focus unless buyer segments, sellable offers, conversion lanes, and next actions stay prioritized.","currentControl":"Use /growth-engine to keep founder-led assessment outreach, synthetic pilot pipeline, governance audit packaging, and protected diligence upgrades in one operating lane.","resolutionPath":"Use /growth-engine to keep founder-led assessment outreach, synthetic pilot pipeline, governance audit packaging, and protected diligence upgrades in one operating lane.","owner":"Founder + Product Console + Sales Operations","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /growth-engine to keep founder-led assessment outreach, synthetic pilot pipeline, governance audit packaging, and protected diligence upgrades in one operating lane."},{"id":"navigation-enterprise-legal-and-finance-operating-depth","domain":"route-coverage","name":"Enterprise legal and finance operating depth","status":"external-review-required","sourceSurface":"Navigation Audit","impact":"Enterprise revenue, margins, contracts, accounting, tax, investor, and board materials can create risk if authority is informal or claims outrun qualified review.","inefficiency":"Enterprise revenue, margins, contracts, accounting, tax, investor, and board materials can create risk if authority is informal or claims outrun qualified review.","currentControl":"Use /enterprise-business-ops to route deal desk, price floors, margin controls, legal/accounting/tax roles, billing readiness, and blocked business claims through named owners before commitments expand.","resolutionPath":"Use /enterprise-business-ops to route deal desk, price floors, margin controls, legal/accounting/tax roles, billing readiness, and blocked business claims through named owners before commitments expand.","owner":"Founder + qualified counsel + finance/accounting/tax reviewers","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /enterprise-business-ops to route deal desk, price floors, margin controls, legal/accounting/tax roles, billing readiness, and blocked business claims through named owners before commitments expand."},{"id":"navigation-enterprise-scalability-commitment-boundaries","domain":"route-coverage","name":"Enterprise scalability commitment boundaries","status":"external-review-required","sourceSurface":"Navigation Audit","impact":"Capacity, SLO, support, region, residency, disaster recovery, and managed-service language can become accidental commitments if not routed before buyer use.","inefficiency":"Capacity, SLO, support, region, residency, disaster recovery, and managed-service language can become accidental commitments if not routed before buyer use.","currentControl":"Use /enterprise-scalability to attach capacity assumptions, tenant owners, support-tier review, no-SLA language, regional gates, cost thresholds, and qualified contract review before commitments expand.","resolutionPath":"Use /enterprise-scalability to attach capacity assumptions, tenant owners, support-tier review, no-SLA language, regional gates, cost thresholds, and qualified contract review before commitments expand.","owner":"Platform + service reliability + customer operations + legal ops","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /enterprise-scalability to attach capacity assumptions, tenant owners, support-tier review, no-SLA language, regional gates, cost thresholds, and qualified contract review before commitments expand."},{"id":"navigation-api-ui-ai-platform-power-authority-boundaries","domain":"route-coverage","name":"API UI AI platform power authority boundaries","status":"external-review-required","sourceSurface":"Navigation Audit","impact":"API contracts, UI improvements, live AI, model routing, agent tool use, accessibility, and scale-positioning language can become unsupported enterprise claims if they are not routed through proof and authority controls.","inefficiency":"API contracts, UI improvements, live AI, model routing, agent tool use, accessibility, and scale-positioning language can become unsupported enterprise claims if they are not routed through proof and authority controls.","currentControl":"Use /platform-power to attach API owners, UI role journeys, model-route registers, agent approval triggers, eval evidence, cost owners, and no-live-AI/no-PHI/no-SLA boundaries before claims expand.","resolutionPath":"Use /platform-power to attach API owners, UI role journeys, model-route registers, agent approval triggers, eval evidence, cost owners, and no-live-AI/no-PHI/no-SLA boundaries before claims expand.","owner":"Platform engineering + Product Console + TrustOS + security + finance","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /platform-power to attach API owners, UI role journeys, model-route registers, agent approval triggers, eval evidence, cost owners, and no-live-AI/no-PHI/no-SLA boundaries before claims expand."},{"id":"navigation-limitations-workaround-drift","domain":"route-coverage","name":"Limitations workaround drift","status":"contained","sourceSurface":"Navigation Audit","impact":"Safe alternatives can turn into informal permission when workaround packets do not have expiration rules, escalation triggers, and graduation gates.","inefficiency":"Safe alternatives can turn into informal permission when workaround packets do not have expiration rules, escalation triggers, and graduation gates.","currentControl":"Use /limitations-workarounds to attach every repeated issue to a packet, owner, proof route, cadence, hard stop, and promotion path before buyer or release language expands.","resolutionPath":"Use /limitations-workarounds to attach every repeated issue to a packet, owner, proof route, cadence, hard stop, and promotion path before buyer or release language expands.","owner":"Boundary owner + Operational Efficiency + Product Console","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /limitations-workarounds to attach every repeated issue to a packet, owner, proof route, cadence, hard stop, and promotion path before buyer or release language expands."},{"id":"navigation-autonomy-expansion-pressure","domain":"route-coverage","name":"Autonomy expansion pressure","status":"contained","sourceSurface":"Navigation Audit","impact":"Automation can accelerate SCRIMED, but unsafely expanding it could imply production remediation, patient outreach, payer submission, EHR writeback, credential mutation, clinical authority, or customer go-live.","inefficiency":"Automation can accelerate SCRIMED, but unsafely expanding it could imply production remediation, patient outreach, payer submission, EHR writeback, credential mutation, clinical authority, or customer go-live.","currentControl":"Use /scrimed-automation-autopilot to classify every automation lane as manual-only, recommendation-only, review-gated automation, or synthetic autopilot before action authority expands.","resolutionPath":"Use /scrimed-automation-autopilot to classify every automation lane as manual-only, recommendation-only, review-gated automation, or synthetic autopilot before action authority expands.","owner":"TrustOS + Platform Engineering + Release Steward","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /scrimed-automation-autopilot to classify every automation lane as manual-only, recommendation-only, review-gated automation, or synthetic autopilot before action authority expands."},{"id":"navigation-local-shell-runtime-path","domain":"route-coverage","name":"Local shell runtime path","status":"contained","sourceSurface":"Navigation Audit","impact":"The managed local shell may omit node/npm from PATH even though the bundled runtime works.","inefficiency":"The managed local shell may omit node/npm from PATH even though the bundled runtime works.","currentControl":"Use the bundled Node path for local checks and keep npm lifecycle scripts documented through Release Continuity and Operations readiness.","resolutionPath":"Use the bundled Node path for local checks and keep npm lifecycle scripts documented through Release Continuity and Operations readiness.","owner":"Release Steward","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use the bundled Node path for local checks and keep npm lifecycle scripts documented through Release Continuity and Operations readiness."},{"id":"navigation-sandbox-dns-resolution","domain":"route-coverage","name":"Sandbox DNS resolution","status":"contained","sourceSurface":"Navigation Audit","impact":"Restricted local sandbox execution can return ENOTFOUND for app.scrimedsolutions.com even when the branded production domain passes from approved network access.","inefficiency":"Restricted local sandbox execution can return ENOTFOUND for app.scrimedsolutions.com even when the branded production domain passes from approved network access.","currentControl":"Use /launch-readiness and the launch-domain preflight to classify sandbox DNS separately, require strict branded-domain smoke from approved network access before launch, and treat fallback Vercel URL success as continuity-only evidence.","resolutionPath":"Use /launch-readiness and the launch-domain preflight to classify sandbox DNS separately, require strict branded-domain smoke from approved network access before launch, and treat fallback Vercel URL success as continuity-only evidence.","owner":"Release Steward + Domain/DNS administrator","proofRoutes":["/navigation","/api/navigation-audit","/api/navigation-audit/brief"],"hardStops":["route missing from inventory","buyer-critical route absent from smoke","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use /launch-readiness and the launch-domain preflight to classify sandbox DNS separately, require strict branded-domain smoke from approved network access before launch, and treat fallback Vercel URL success as continuity-only evidence."},{"id":"service-control-product-console-and-os-hub-discoverability","domain":"service-reliability","name":"Product Console and OS Hub discoverability","status":"resolved","sourceSurface":"Product, Hub, Homepage, Navigation Audit","impact":"Route sprawl made it easy for high-value proof surfaces to become hard to find.","inefficiency":"Route sprawl made it easy for high-value proof surfaces to become hard to find.","currentControl":"Navigation Audit, Product Console, Hub, and homepage now cross-link the command surfaces and route inventory.","resolutionPath":"Keep new buyer-critical pages inside the navigation audit, hub view, and smoke scope.","owner":"Product Console + Release Steward","proofRoutes":["/product","/hub","/navigation","/api/navigation-audit"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Keep new buyer-critical pages inside the navigation audit, hub view, and smoke scope."},{"id":"service-control-release-continuity-and-source-control-alignment","domain":"service-reliability","name":"Release continuity and source-control alignment","status":"contained","sourceSurface":"Release Continuity","impact":"Production can drift from source control if deployments, tags, smoke proof, and no-secret boundaries are not checkpointed together.","inefficiency":"Production can drift from source control if deployments, tags, smoke proof, and no-secret boundaries are not checkpointed together.","currentControl":"Release Continuity ties deployment proof, GitHub baselines, public smoke, protected fail-closed checks, and AAL2 operator limits into one lane.","resolutionPath":"Run public smoke and update the checkpoint after each production deployment.","owner":"Release Steward","proofRoutes":["/release-continuity","/api/release-continuity","/api/release-continuity/brief"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Run public smoke and update the checkpoint after each production deployment."},{"id":"service-control-clinical-legal-security-and-approval-authority","domain":"service-reliability","name":"Clinical, legal, security, and approval authority","status":"external-review-required","sourceSurface":"Approvals Readiness, Clinical Authority, Boundary Resolution","impact":"SCRIMED can prepare approval evidence but cannot self-certify HIPAA, SOC 2, HITRUST, FDA, ONC, legal, reimbursement, or clinical authority.","inefficiency":"SCRIMED can prepare approval evidence but cannot self-certify HIPAA, SOC 2, HITRUST, FDA, ONC, legal, reimbursement, or clinical authority.","currentControl":"Approvals Readiness and Boundary Resolution keep external evidence requirements, owners, workarounds, and prohibited claims visible.","resolutionPath":"Route claims and buyer-specific evidence through external review before expanding public language.","owner":"Founder + qualified external reviewers","proofRoutes":["/approvals-readiness","/clinical-authority-readiness","/boundary-resolution","/qa-claim-guard"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Route claims and buyer-specific evidence through external review before expanding public language."},{"id":"service-control-manual-aal2-protected-proof","domain":"service-reliability","name":"Manual AAL2 protected proof","status":"operator-required","sourceSurface":"Protected Pilot Workspace, QA Evidence, Buyer Release Control","impact":"Public checks prove fail-closed behavior, but authenticated protected mutations require a fresh human AAL2 session.","inefficiency":"Public checks prove fail-closed behavior, but authenticated protected mutations require a fresh human AAL2 session.","currentControl":"Manual QA Execution Console, QA Run Control, Human Run Packet, and protected workspace panels preserve no-secret human-run proof.","resolutionPath":"Use the browser AAL2 workspace for protected proof or a deliberate one-time token run with no retention.","owner":"Approved tenant-admin or pilot-lead operator","proofRoutes":["/pilot-workspace/access","/qa-manual-execution-console","/qa-run-control","/qa-human-run-packet","/buyer-release-control-run"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use the browser AAL2 workspace for protected proof or a deliberate one-time token run with no retention."},{"id":"service-control-buyer-release-and-external-sharing","domain":"service-reliability","name":"Buyer release and external sharing","status":"protected-gated","sourceSurface":"Buyer Release Control, protected release verifier, distribution lockbox","impact":"Buyer-specific external sharing requires retained release decisions, named reviewer signoffs, recipient controls, authority attestations, and access-log reconciliation.","inefficiency":"Buyer-specific external sharing requires retained release decisions, named reviewer signoffs, recipient controls, authority attestations, and access-log reconciliation.","currentControl":"Buyer Release Control Runbook sequences protected verifier records, packets, timeline, reconciliation, remediation, and disabled lockbox controls.","resolutionPath":"Complete the release-control chain before any buyer-specific external distribution.","owner":"Buyer Diligence + Release Steward + qualified reviewers","proofRoutes":["/buyer-release-control-run","/pilot-workspace/access#buyer-release-control-verifier","/api/pilot-workspaces/{workspaceSlug}/buyer-release-control-run"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Complete the release-control chain before any buyer-specific external distribution."},{"id":"service-control-commercial-buyer-path","domain":"service-reliability","name":"Commercial buyer path","status":"active-control","sourceSurface":"Pilot Deal Room, Pricing, Demos, Pilots, Sales Operations","impact":"Buyer value, proof routes, pricing, demos, protected evidence, and pilot intake can fragment across separate surfaces.","inefficiency":"Buyer value, proof routes, pricing, demos, protected evidence, and pilot intake can fragment across separate surfaces.","currentControl":"Pilot Deal Room, Product Console, pricing, demos, pilot programs, and sales operations now present a continuous buyer path.","resolutionPath":"Keep offers focused on governed synthetic pilots until customer-specific production controls are approved.","owner":"Sales operations + Buyer Diligence","proofRoutes":["/pilot-deal-room","/pricing","/demos","/pilots","/sales-operations"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Keep offers focused on governed synthetic pilots until customer-specific production controls are approved."},{"id":"service-control-agent-and-workflow-operating-system","domain":"service-reliability","name":"Agent and workflow operating system","status":"contained","sourceSurface":"Agents, Workflows, Evaluation, Runtime Safety, Audit","impact":"Agent execution can become unsafe if runtime, identity, audit, connector, and human-review gates are not explicit.","inefficiency":"Agent execution can become unsafe if runtime, identity, audit, connector, and human-review gates are not explicit.","currentControl":"Workflow contracts, deny-by-default implementation readiness, runtime safety, execution audit, and AgentOS evaluation keep execution synthetic and review-gated.","resolutionPath":"Add blocked actions, human checkpoints, audit events, and packet evidence before new agent capabilities move forward.","owner":"AgentOS + Workflow Runtime","proofRoutes":["/agents","/workflows","/workflows/contracts","/workflows/runtime-safety","/workflows/execution-audit","/evaluation"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Add blocked actions, human checkpoints, audit events, and packet evidence before new agent capabilities move forward."},{"id":"service-control-interoperability-and-synthetic-validation","domain":"service-reliability","name":"Interoperability and synthetic validation","status":"contained","sourceSurface":"Interoperability, Integrations, Synthetic Validation","impact":"Connector confidence can be overstated if synthetic conformance and live production authorization are not separated.","inefficiency":"Connector confidence can be overstated if synthetic conformance and live production authorization are not separated.","currentControl":"Standards registry, fixture validation, conformance evaluations, and synthetic validation keep connector readiness inspectable before live use.","resolutionPath":"Keep live connector claims blocked until buyer, legal, security, privacy, and interoperability approvals exist.","owner":"Interoperability Control Plane + Validation Trust Lab","proofRoutes":["/interoperability","/interoperability/evaluations","/integrations","/synthetic/validation"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Keep live connector claims blocked until buyer, legal, security, privacy, and interoperability approvals exist."},{"id":"service-control-trust-claims-and-incident-operations","domain":"service-reliability","name":"Trust, claims, and incident operations","status":"active-control","sourceSurface":"Trust Safety Operations, Trust Center, Claims","impact":"Public language, trust operations, incident posture, and enterprise diligence can diverge from retained evidence.","inefficiency":"Public language, trust operations, incident posture, and enterprise diligence can diverge from retained evidence.","currentControl":"Trust Safety Operations, Claims Register, Enterprise Readiness, and QA Claim Guard keep evidence and claim posture aligned.","resolutionPath":"Review buyer, investor, PR, advertising, and operator language before publication.","owner":"Trust Safety Ops + Legal + Security + Claims Governance","proofRoutes":["/trust-safety-operations","/trust-center","/claims","/qa-claim-guard"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Review buyer, investor, PR, advertising, and operator language before publication."},{"id":"service-control-public-market-and-global-expansion","domain":"service-reliability","name":"Public market and global expansion","status":"external-review-required","sourceSurface":"Public Market Readiness, Global Reach, Deployment Profiles","impact":"Financial, regional, procurement, reimbursement, and legal claims can outpace current evidence without external review.","inefficiency":"Financial, regional, procurement, reimbursement, and legal claims can outpace current evidence without external review.","currentControl":"Public Market Readiness, Global Reach, and Deployment Profiles separate operating discipline from audited financial or regional approval claims.","resolutionPath":"Keep public-market, procurement, and regional expansion claims qualified until external evidence is retained.","owner":"Founder + Finance + Global Partnerships + qualified regional reviewers","proofRoutes":["/public-market-readiness","/global-reach","/deployment-profiles","/market-activation"],"hardStops":["missing owner","missing proof route","claim expanded before retained boundary","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Keep public-market, procurement, and regional expansion claims qualified until external evidence is retained."},{"id":"fault-route-inventory-drift","domain":"service-reliability","name":"Route inventory drift","status":"contained","sourceSurface":"Service Reliability","impact":"New App Router pages or APIs added without Navigation Audit and smoke updates.","inefficiency":"New App Router pages or APIs added without Navigation Audit and smoke updates.","currentControl":"Navigation Audit source totals, hub route inventory, and public smoke source-count checks.","resolutionPath":"Release steward updates inventory or keeps the route out of buyer-critical claims.","owner":"Release Steward + domain owner","proofRoutes":["/navigation","/api/navigation-audit"],"hardStops":["fault repeated without control","fail-closed behavior missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Release steward updates inventory or keeps the route out of buyer-critical claims."},{"id":"fault-protected-token-handling","domain":"service-reliability","name":"Protected token handling","status":"operator-required","sourceSurface":"Service Reliability","impact":"Attempting to automate AAL2 protected proof with retained bearer tokens.","inefficiency":"Attempting to automate AAL2 protected proof with retained bearer tokens.","currentControl":"Manual QA runbooks, no-secret smoke, protected fail-closed APIs, and browser-session verification.","resolutionPath":"Reject token storage and require a fresh human AAL2 session or one-time external token disposal.","owner":"Release Steward + domain owner","proofRoutes":["/qa-run-control","/qa-launch-kit","/qa-manual-execution-console"],"hardStops":["fault repeated without control","fail-closed behavior missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Reject token storage and require a fresh human AAL2 session or one-time external token disposal."},{"id":"fault-external-approval-overclaim","domain":"service-reliability","name":"External approval overclaim","status":"operator-required","sourceSurface":"Service Reliability","impact":"Copy, buyer materials, or operator notes implying certification, legal approval, PHI authority, or live-care authority.","inefficiency":"Copy, buyer materials, or operator notes implying certification, legal approval, PHI authority, or live-care authority.","currentControl":"Approvals Readiness, Boundary Resolution, Claim Guard, no-authority headers, and prohibited-claim lists.","resolutionPath":"Downgrade to readiness language and route to qualified external review.","owner":"Release Steward + domain owner","proofRoutes":["/approvals-readiness","/boundary-resolution","/qa-claim-guard"],"hardStops":["fault repeated without control","fail-closed behavior missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Downgrade to readiness language and route to qualified external review."},{"id":"fault-dynamic-route-smoke-gap","domain":"service-reliability","name":"Dynamic route smoke gap","status":"contained","sourceSurface":"Service Reliability","impact":"Dynamic pages compile but are not all crawled by public smoke.","inefficiency":"Dynamic pages compile but are not all crawled by public smoke.","currentControl":"TypeScript, build, dynamic page inventory, and targeted smoke for buyer-critical slug routes.","resolutionPath":"Keep canonical entry points smoked and add slug-specific smoke when needed.","owner":"Release Steward + domain owner","proofRoutes":["/navigation","/demos","/pilots","/workflows"],"hardStops":["fault repeated without control","fail-closed behavior missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Keep canonical entry points smoked and add slug-specific smoke when needed."},{"id":"fault-generated-cache-conflict","domain":"service-reliability","name":"Generated cache conflict","status":"contained","sourceSurface":"Service Reliability","impact":"Local `.next` or quarantine output interfering with checks.","inefficiency":"Local `.next` or quarantine output interfering with checks.","currentControl":"Generated cache cleanup before build/typecheck and generated-integrity check.","resolutionPath":"Clean generated output and rebuild from source.","owner":"Release Steward + domain owner","proofRoutes":["/release-continuity","/operations"],"hardStops":["fault repeated without control","fail-closed behavior missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Clean generated output and rebuild from source."},{"id":"fault-protected-environment-missing-locally","domain":"service-reliability","name":"Protected environment missing locally","status":"contained","sourceSurface":"Service Reliability","impact":"Local shells without Supabase/Vercel protected environment or active AAL2 session.","inefficiency":"Local shells without Supabase/Vercel protected environment or active AAL2 session.","currentControl":"Fail-closed protected smoke, route-level no-authority headers, and operator workaround instructions.","resolutionPath":"Treat public checks as fail-closed proof and require an approved operator for protected proof.","owner":"Release Steward + domain owner","proofRoutes":["/pilot-workspace/access","/release-continuity"],"hardStops":["fault repeated without control","fail-closed behavior missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Treat public checks as fail-closed proof and require an approved operator for protected proof."},{"id":"fault-phi-or-live-care-boundary-breach","domain":"service-reliability","name":"PHI or live-care boundary breach","status":"operator-required","sourceSurface":"Service Reliability","impact":"Inputs, artifacts, or routes attempting to store patient identifiers, clinical records, diagnosis details, or live-care actions.","inefficiency":"Inputs, artifacts, or routes attempting to store patient identifiers, clinical records, diagnosis details, or live-care actions.","currentControl":"Synthetic-only boundaries, prohibited data lists, no-PHI protected panels, intake rejection, and live-care authority headers.","resolutionPath":"Reject or strip prohibited data and keep live-care actions blocked.","owner":"Release Steward + domain owner","proofRoutes":["/clinical-authority-readiness","/clinical-care-activation","/pilot"],"hardStops":["fault repeated without control","fail-closed behavior missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Reject or strip prohibited data and keep live-care actions blocked."},{"id":"fault-public-distribution-lockbox-gap","domain":"service-reliability","name":"Public distribution lockbox gap","status":"operator-required","sourceSurface":"Service Reliability","impact":"Buyer proof referenced outside protected diligence before release-control chain completion.","inefficiency":"Buyer proof referenced outside protected diligence before release-control chain completion.","currentControl":"Buyer Release Control Runbook, protected verifier, disabled distribution lockbox, recipient attestations, and access-log reconciliation.","resolutionPath":"Keep distribution internal-only until retained release decisions and recipient controls exist.","owner":"Release Steward + domain owner","proofRoutes":["/buyer-release-control-run","/pilot-workspace/access#buyer-release-control-verifier"],"hardStops":["fault repeated without control","fail-closed behavior missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Keep distribution internal-only until retained release decisions and recipient controls exist."},{"id":"offering-package-before-custom-sow","domain":"offering-packaging","name":"Package before custom SOW","status":"active-control","sourceSurface":"Product and Services Portfolio","impact":"Custom buyer requests can sprawl into unpaid discovery or unpriced implementation work.","inefficiency":"Custom buyer requests can sprawl into unpaid discovery or unpriced implementation work.","currentControl":"Map each opportunity to an approved package, included offers, excluded work, price floor, and expansion path before custom language leaves SCRIMED.","resolutionPath":"custom SOW before package selected, unpriced implementation work, unsupported success fee","owner":"Revenue operations + Product Console","proofRoutes":["/offerings","/enterprise-business-ops","/growth-engine"],"hardStops":["custom SOW before package selected","unpriced implementation work","unsupported success fee"],"nextAction":"Map each opportunity to an approved package, included offers, excluded work, price floor, and expansion path before custom language leaves SCRIMED."},{"id":"offering-data-boundary-price-floor","domain":"offering-packaging","name":"Data-boundary price floor","status":"operator-required","sourceSurface":"Product and Services Portfolio","impact":"PHI, sandbox, connector, or production requests create security, review, support, and liability costs.","inefficiency":"PHI, sandbox, connector, or production requests create security, review, support, and liability costs.","currentControl":"Keep no-PHI work in standard packages; move sandbox, PHI, connector, or production work into separately reviewed paid scope.","resolutionPath":"PHI requested, production connector requested, BAA/security scope missing","owner":"Finance + Legal Ops + Privacy","proofRoutes":["/health-records","/clinical-authority-readiness","/enterprise-business-ops"],"hardStops":["PHI requested","production connector requested","BAA/security scope missing"],"nextAction":"Keep no-PHI work in standard packages; move sandbox, PHI, connector, or production work into separately reviewed paid scope."},{"id":"offering-diligence-work-monetization","domain":"offering-packaging","name":"Diligence work monetization","status":"active-control","sourceSurface":"Product and Services Portfolio","impact":"Security, legal, procurement, and investor packets can become unpaid enterprise sales labor.","inefficiency":"Security, legal, procurement, and investor packets can become unpaid enterprise sales labor.","currentControl":"Price custom proof packets, evidence-room work, buyer-specific release review, and security questionnaire effort as paid diligence or activation scope.","resolutionPath":"custom packet work without paid scope, external sharing before release decision, recipient controls missing","owner":"Buyer Diligence + Sales Operations","proofRoutes":["/pilot-deal-room","/pilot-workspace/access","/buyer-release-control-run"],"hardStops":["custom packet work without paid scope","external sharing before release decision","recipient controls missing"],"nextAction":"Price custom proof packets, evidence-room work, buyer-specific release review, and security questionnaire effort as paid diligence or activation scope."},{"id":"offering-license-services-separation","domain":"offering-packaging","name":"License and services separation","status":"active-control","sourceSurface":"Product and Services Portfolio","impact":"High-touch services can erode platform license margin if bundled into the annual fee.","inefficiency":"High-touch services can erode platform license margin if bundled into the annual fee.","currentControl":"Separate annual operating license, implementation services, connector work, training, support tier, and continuous review retainer on every enterprise proposal.","resolutionPath":"services bundled into license, support tier undefined, implementation acceptance criteria missing","owner":"Finance + Product + Implementation","proofRoutes":["/pricing","/enterprise-business-ops","/public-market-readiness"],"hardStops":["services bundled into license","support tier undefined","implementation acceptance criteria missing"],"nextAction":"Separate annual operating license, implementation services, connector work, training, support tier, and continuous review retainer on every enterprise proposal."},{"id":"offering-claims-review-before-proof","domain":"offering-packaging","name":"Claims review before proof expansion","status":"external-review-required","sourceSurface":"Product and Services Portfolio","impact":"Unsupported ROI, reimbursement, customer value, certification, or investor claims can create legal and trust risk.","inefficiency":"Unsupported ROI, reimbursement, customer value, certification, or investor claims can create legal and trust risk.","currentControl":"Keep external claims in readiness mode until buyer-approved baselines, customer permission, counsel review, finance review, and release decisions exist.","resolutionPath":"ROI guarantee, reimbursement guarantee, customer claim without permission, certification claim without authority","owner":"Claims governance + Counsel + Finance","proofRoutes":["/qa-claim-guard","/boundary-resolution","/public-market-readiness"],"hardStops":["ROI guarantee","reimbursement guarantee","customer claim without permission","certification claim without authority"],"nextAction":"Keep external claims in readiness mode until buyer-approved baselines, customer permission, counsel review, finance review, and release decisions exist."},{"id":"offering-model-cost-usage-review","domain":"offering-packaging","name":"Model cost and usage review","status":"active-control","sourceSurface":"Product and Services Portfolio","impact":"Large-context extraction, repeated evaluations, and proof-packet generation can silently compress margins.","inefficiency":"Large-context extraction, repeated evaluations, and proof-packet generation can silently compress margins.","currentControl":"Attach usage assumptions, model routing, caching, volume thresholds, and overage review to pilots, retainers, and enterprise licenses.","resolutionPath":"uncapped high-volume usage, model-cost spike, usage threshold missing","owner":"Product Engineering + Finance","proofRoutes":["/service-reliability","/operational-efficiency","/public-market-readiness"],"hardStops":["uncapped high-volume usage","model-cost spike","usage threshold missing"],"nextAction":"Attach usage assumptions, model routing, caching, volume thresholds, and overage review to pilots, retainers, and enterprise licenses."},{"id":"offering-global-partner-economics-review","domain":"offering-packaging","name":"Global partner economics review","status":"external-review-required","sourceSurface":"Product and Services Portfolio","impact":"Partner discounts, reseller terms, regional hosting, tax exposure, and delivery obligations can erode margin.","inefficiency":"Partner discounts, reseller terms, regional hosting, tax exposure, and delivery obligations can erode margin.","currentControl":"Route reseller, referral, sovereign, affiliate, regional hosting, and implementation partner economics through finance, tax, counsel, and delivery review.","resolutionPath":"cross-border margin-sharing commitment, regional tax review missing, partner delivery owner missing","owner":"Strategic Partnerships + Finance + Tax + Regional Counsel","proofRoutes":["/global-reach","/global-certification-readiness","/enterprise-business-ops"],"hardStops":["cross-border margin-sharing commitment","regional tax review missing","partner delivery owner missing"],"nextAction":"Route reseller, referral, sovereign, affiliate, regional hosting, and implementation partner economics through finance, tax, counsel, and delivery review."},{"id":"offering-retainer-escalation-scope","domain":"offering-packaging","name":"Retainer escalation scope","status":"operator-required","sourceSurface":"Product and Services Portfolio","impact":"Continuous review can turn into unbounded remediation, support, or innovation work.","inefficiency":"Continuous review can turn into unbounded remediation, support, or innovation work.","currentControl":"Keep review loops, escalation routing, remediation, implementation, incident response, and innovation research as separate scope classes with approval gates.","resolutionPath":"autonomous remediation promised, managed SOC/MDR claim, implementation work hidden in retainer","owner":"TrustOps + Product + Revenue Operations","proofRoutes":["/continuous-review-audit","/service-reliability","/operational-efficiency"],"hardStops":["autonomous remediation promised","managed SOC/MDR claim","implementation work hidden in retainer"],"nextAction":"Keep review loops, escalation routing, remediation, implementation, incident response, and innovation research as separate scope classes with approval gates."},{"id":"client-onboarding-control-human-send-approval","domain":"client-onboarding","name":"Human send approval","status":"operator-required","sourceSurface":"Client Onboarding and Communications","impact":"Prevent drafts from becoming external communications without accountable review.","inefficiency":"automatic send attempted, unsupported claim present, recipient list unknown","currentControl":"Template selected, Recipient context checked, No-PHI scan, Claim guard reviewed","resolutionPath":"automatic send attempted, unsupported claim present, recipient list unknown","owner":"Revenue Operations","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"hardStops":["automatic send attempted","unsupported claim present","recipient list unknown","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Template selected"},{"id":"client-onboarding-control-no-phi-communication-boundary","domain":"client-onboarding","name":"No-PHI communication boundary","status":"blocked-by-design","sourceSurface":"Client Onboarding and Communications","impact":"Keep email, invite bodies, agendas, and presentation notes free of PHI, identifiers, credentials, and live records.","inefficiency":"PHI in message, production credentials in invite, live record attached","currentControl":"No-PHI reminder in calendar-ready content, Sensitive artifact route separated, Owner assigned for exceptions","resolutionPath":"PHI in message, production credentials in invite, live record attached","owner":"Privacy + TrustOS","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"hardStops":["PHI in message","production credentials in invite","live record attached","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"No-PHI reminder in calendar-ready content"},{"id":"client-onboarding-control-calendar-safe-field-policy","domain":"client-onboarding","name":"Calendar-safe field policy","status":"active-control","sourceSurface":"Client Onboarding and Communications","impact":"Make events schedulable without leaking sensitive data or implying approvals.","inefficiency":"sensitive artifacts in event body, attendees not approved, approval claim in title","currentControl":"Meeting type, duration, approved attendees, no-PHI description, follow-up SLA","resolutionPath":"sensitive artifacts in event body, attendees not approved, approval claim in title","owner":"Revenue Operations + Security","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"hardStops":["sensitive artifacts in event body","attendees not approved","approval claim in title","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Meeting type"},{"id":"client-onboarding-control-presentation-claim-guard","domain":"client-onboarding","name":"Presentation claim guard","status":"external-review-required","sourceSurface":"Client Onboarding and Communications","impact":"Keep demos, decks, and meeting language aligned to retained evidence and blocked claims.","inefficiency":"customer claim without permission, certification claim, ROI or revenue guarantee","currentControl":"Proof route list, Blocked claims reviewed, Buyer-specific claims approved before use","resolutionPath":"customer claim without permission, certification claim, ROI or revenue guarantee","owner":"Claims Governance + Legal Ops","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"hardStops":["customer claim without permission","certification claim","ROI or revenue guarantee","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Proof route list"},{"id":"client-onboarding-control-crm-and-source-logging","domain":"client-onboarding","name":"CRM and source logging","status":"active-control","sourceSurface":"Client Onboarding and Communications","impact":"Capture contact source, stage, owner, and next action without storing sensitive content.","inefficiency":"contact source missing, owner missing, sensitive notes copied into CRM","currentControl":"Source captured, Stage assigned, Owner assigned, Follow-up SLA set","resolutionPath":"contact source missing, owner missing, sensitive notes copied into CRM","owner":"Sales Operations","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"hardStops":["contact source missing","owner missing","sensitive notes copied into CRM","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Source captured"},{"id":"client-onboarding-control-follow-up-sla","domain":"client-onboarding","name":"Follow-up SLA","status":"active-control","sourceSurface":"Client Onboarding and Communications","impact":"Ensure demos, workshops, diligence reviews, and kickoff meetings produce timely next actions.","inefficiency":"no owner for open item, follow-up without boundary review, unreviewed custom scope","currentControl":"Meeting outcome, Open items, Owner map, Due date","resolutionPath":"no owner for open item, follow-up without boundary review, unreviewed custom scope","owner":"Revenue Operations + Customer Operations","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"hardStops":["no owner for open item","follow-up without boundary review","unreviewed custom scope","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Meeting outcome"},{"id":"client-onboarding-control-handoff-before-commitment","domain":"client-onboarding","name":"Handoff before commitment","status":"operator-required","sourceSurface":"Client Onboarding and Communications","impact":"Move opportunities between sales, product, delivery, trust, legal, finance, and customer operations with artifacts instead of informal memory.","inefficiency":"commitment made before handoff, price or scope not reviewed, production gate omitted","currentControl":"Selected package, Proof routes, Open gates, Decision owner, Next action","resolutionPath":"commitment made before handoff, price or scope not reviewed, production gate omitted","owner":"Deal Desk + Product + TrustOS","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"hardStops":["commitment made before handoff","price or scope not reviewed","production gate omitted","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Selected package"},{"id":"client-onboarding-control-meeting-notes-boundary","domain":"client-onboarding","name":"Meeting notes boundary","status":"active-control","sourceSurface":"Client Onboarding and Communications","impact":"Keep notes useful for execution while excluding PHI, secrets, unsupported claims, and contract conclusions.","inefficiency":"PHI in notes, contract conclusion in notes, security-sensitive artifact copied","currentControl":"Notes owner, No-PHI scan, Open claims separated, Sensitive artifact references externalized","resolutionPath":"PHI in notes, contract conclusion in notes, security-sensitive artifact copied","owner":"Customer Operations","proofRoutes":["/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief"],"hardStops":["PHI in notes","contract conclusion in notes","security-sensitive artifact copied","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Notes owner"},{"id":"client-onboarding-handoff-inquiry-to-discovery","domain":"client-onboarding","name":"Inbound or referral source to Revenue Operations","status":"operator-required","sourceSurface":"Client Onboarding and Communications","impact":"Buyer fit and no-PHI acknowledgement are present.","inefficiency":"PHI in intake, no contact consent, no owner assigned","currentControl":"Qualified lead note, Source attribution, Initial workflow priority, Preferred scheduling windows","resolutionPath":"Approve response and send discovery calendar-ready copy.","owner":"Revenue Operations","proofRoutes":["/client-onboarding","/sales-attribution","/growth-engine"],"hardStops":["PHI in intake","no contact consent","no owner assigned","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Approve response and send discovery calendar-ready copy."},{"id":"client-onboarding-handoff-discovery-to-demo","domain":"client-onboarding","name":"Revenue Operations to Sales Engineering + Product Console","status":"operator-required","sourceSurface":"Client Onboarding and Communications","impact":"Discovery identifies a demo-worthy use case and decision question.","inefficiency":"demo requires live patient data, unsupported customer reference requested, no follow-up owner","currentControl":"Buyer problem, Selected demo, Decision question, Blocked claims, Proof route list","resolutionPath":"Prepare demo script and confirmation email.","owner":"Sales Engineering + Product Console","proofRoutes":["/demos","/offerings","/qa-claim-guard"],"hardStops":["demo requires live patient data","unsupported customer reference requested","no follow-up owner","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Prepare demo script and confirmation email."},{"id":"client-onboarding-handoff-demo-to-pilot-scoping","domain":"client-onboarding","name":"Sales Engineering to Deal Desk + Product + TrustOS","status":"operator-required","sourceSurface":"Client Onboarding and Communications","impact":"Buyer asks for pilot, assessment, diligence, or implementation path.","inefficiency":"price commitment without deal desk, PHI-dependent scope, unreviewed SOW language","currentControl":"Demo recap, Open questions, Recommended package, Decision criteria, Open gates","resolutionPath":"Schedule pilot scoping workshop and price-floor review.","owner":"Deal Desk + Product + TrustOS","proofRoutes":["/pilots","/enterprise-business-ops","/pilot-deal-room"],"hardStops":["price commitment without deal desk","PHI-dependent scope","unreviewed SOW language","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Schedule pilot scoping workshop and price-floor review."},{"id":"client-onboarding-handoff-pilot-to-security-procurement","domain":"client-onboarding","name":"Deal Desk to TrustOps + Legal Ops + Finance","status":"operator-required","sourceSurface":"Client Onboarding and Communications","impact":"Buyer diligence, security, privacy, procurement, legal, or finance review begins.","inefficiency":"certification self-claim, contract approval implied, BAA or PHI approval represented","currentControl":"Scope draft, Reviewer roles, Open-gate register, Blocked claims, Diligence packet route","resolutionPath":"Assign qualified reviewers and return no-authority packet.","owner":"TrustOps + Legal Ops + Finance","proofRoutes":["/approvals-readiness","/global-certification-readiness","/boundary-resolution"],"hardStops":["certification self-claim","contract approval implied","BAA or PHI approval represented","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Assign qualified reviewers and return no-authority packet."},{"id":"client-onboarding-handoff-approved-scope-to-kickoff","domain":"client-onboarding","name":"Deal Desk + Revenue Operations to Customer Operations + Delivery + TrustOS","status":"operator-required","sourceSurface":"Client Onboarding and Communications","impact":"Assessment, sprint, pilot, or retainer scope is approved for kickoff.","inefficiency":"scope not approved, access gate skipped, sensitive data requested before approval","currentControl":"Approved scope, Owner matrix, No-PHI rules, Meeting cadence, Evidence routes, Escalation path","resolutionPath":"Schedule kickoff and publish first-week action register.","owner":"Customer Operations + Delivery + TrustOS","proofRoutes":["/pilot-workspace/access","/continuous-review-audit","/operational-efficiency"],"hardStops":["scope not approved","access gate skipped","sensitive data requested before approval","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Schedule kickoff and publish first-week action register."},{"id":"client-onboarding-handoff-delivery-to-renewal","domain":"client-onboarding","name":"Customer Operations + Delivery to Revenue Operations + Finance + Product","status":"operator-required","sourceSurface":"Client Onboarding and Communications","impact":"Pilot, assessment, or retainer reaches review or renewal checkpoint.","inefficiency":"customer value claim without permission, ROI guarantee, production expansion without approvals","currentControl":"Approved evidence, Open gates, Buyer feedback, Support load, Next-package option","resolutionPath":"Prepare renewal or expansion review with claims and finance review.","owner":"Revenue Operations + Finance + Product","proofRoutes":["/public-market-readiness","/enterprise-business-ops","/qa-buyer-proof-release"],"hardStops":["customer value claim without permission","ROI guarantee","production expansion without approvals","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Prepare renewal or expansion review with claims and finance review."},{"id":"enterprise-scale-control-capacity-forecast-and-load-test-plan","domain":"enterprise-scalability","name":"Capacity forecast and load-test plan","status":"active-control","sourceSurface":"Enterprise Scalability Operations","impact":"Translate buyer volume, routes, concurrency, evidence jobs, and protected workspace use into measurable pre-release pressure.","inefficiency":"traffic volume unknown, route owner missing, fallback behavior missing, contractual uptime implied","currentControl":"traffic assumption, route class, load-test target, fallback behavior, owner","resolutionPath":"traffic volume unknown, route owner missing, fallback behavior missing, contractual uptime implied","owner":"Platform engineering + release steward","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["traffic volume unknown","route owner missing","fallback behavior missing","contractual uptime implied","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"traffic assumption"},{"id":"enterprise-scale-control-rate-limit-and-backpressure-review","domain":"enterprise-scalability","name":"Rate-limit and backpressure review","status":"operator-required","sourceSurface":"Enterprise Scalability Operations","impact":"Prevent scaled workflows, demos, API calls, and proof generation from overrunning operators or infrastructure.","inefficiency":"unbounded retry, duplicate evidence risk, autonomous remediation implied","currentControl":"rate ceiling, retry ceiling, queue threshold, operator escalation, blocked automation rule","resolutionPath":"unbounded retry, duplicate evidence risk, autonomous remediation implied","owner":"Runtime safety + platform","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["unbounded retry","duplicate evidence risk","autonomous remediation implied","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"rate ceiling"},{"id":"enterprise-scale-control-tenant-isolation-and-access-review","domain":"enterprise-scalability","name":"Tenant isolation and access review","status":"operator-required","sourceSurface":"Enterprise Scalability Operations","impact":"Keep buyer workspaces, access, role boundaries, and metadata-only evidence separated before any customer-specific expansion.","inefficiency":"PHI introduced, production credential shared, customer tenancy approved informally, AAL2 bypass attempted","currentControl":"tenant owner, role matrix, access review cadence, archive trigger, no-PHI attestation","resolutionPath":"PHI introduced, production credential shared, customer tenancy approved informally, AAL2 bypass attempted","owner":"Security + tenant governance","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["PHI introduced","production credential shared","customer tenancy approved informally","AAL2 bypass attempted","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"tenant owner"},{"id":"enterprise-scale-control-slo-and-sla-language-guard","domain":"enterprise-scalability","name":"SLO and SLA language guard","status":"operator-required","sourceSurface":"Enterprise Scalability Operations","impact":"Separate internal SLO candidates from external contractual commitments before sales or procurement materials use reliability language.","inefficiency":"SLA promised, uptime guaranteed, support response guaranteed, contract language unreviewed","currentControl":"metric owner, measurement source, internal-only label, contract-review requirement","resolutionPath":"SLA promised, uptime guaranteed, support response guaranteed, contract language unreviewed","owner":"Legal ops + service reliability","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["SLA promised","uptime guaranteed","support response guaranteed","contract language unreviewed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"metric owner"},{"id":"enterprise-scale-control-incident-severity-and-escalation-matrix","domain":"enterprise-scalability","name":"Incident severity and escalation matrix","status":"operator-required","sourceSurface":"Enterprise Scalability Operations","impact":"Route defects, security concerns, customer questions, and release regressions to accountable owners with communication boundaries.","inefficiency":"managed SOC claimed, MDR claimed, customer incident notice sent without review","currentControl":"severity class, owner, customer communication rule, postmortem requirement, claim update need","resolutionPath":"managed SOC claimed, MDR claimed, customer incident notice sent without review","owner":"TrustOps + customer operations","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["managed SOC claimed","MDR claimed","customer incident notice sent without review","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"severity class"},{"id":"enterprise-scale-control-change-freeze-and-rollback-readiness","domain":"enterprise-scalability","name":"Change freeze and rollback readiness","status":"active-control","sourceSurface":"Enterprise Scalability Operations","impact":"Avoid unplanned enterprise regressions by pairing change windows, rollback steps, smoke checks, and evidence capture.","inefficiency":"release gate skipped, rollback path missing, buyer-critical route untested","currentControl":"change window, rollback owner, smoke route, boundary header, release evidence","resolutionPath":"release gate skipped, rollback path missing, buyer-critical route untested","owner":"Release steward + platform","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["release gate skipped","rollback path missing","buyer-critical route untested","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"change window"},{"id":"enterprise-scale-control-usage-cost-and-margin-thresholds","domain":"enterprise-scalability","name":"Usage-cost and margin thresholds","status":"active-control","sourceSurface":"Enterprise Scalability Operations","impact":"Keep model, storage, support, diligence, and implementation costs visible before enterprise usage erodes margins.","inefficiency":"unpriced custom work, unbounded support, profit margin guaranteed, accounting advice implied","currentControl":"usage ceiling, cost owner, margin floor, support load assumption, change-order trigger","resolutionPath":"unpriced custom work, unbounded support, profit margin guaranteed, accounting advice implied","owner":"Finance + product operations","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["unpriced custom work","unbounded support","profit margin guaranteed","accounting advice implied","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"usage ceiling"},{"id":"enterprise-scale-control-regional-hosting-and-residency-gate","domain":"enterprise-scalability","name":"Regional hosting and residency gate","status":"external-review-required","sourceSurface":"Enterprise Scalability Operations","impact":"Keep global expansion, residency, backup, and hosting statements behind qualified review and deployment-profile evidence.","inefficiency":"data residency approved, sovereign hosting approved, regional legal approval claimed","currentControl":"deployment profile, regional counsel owner, privacy/security review, residency question list","resolutionPath":"data residency approved, sovereign hosting approved, regional legal approval claimed","owner":"Regional counsel + security + platform","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["data residency approved","sovereign hosting approved","regional legal approval claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"deployment profile"},{"id":"enterprise-scale-control-support-tier-and-response-target-approval","domain":"enterprise-scalability","name":"Support tier and response target approval","status":"operator-required","sourceSurface":"Enterprise Scalability Operations","impact":"Prepare enterprise support coverage, escalation, renewal cadence, and response targets without creating unreviewed obligations.","inefficiency":"24/7 support guaranteed, response SLA promised, managed service implied","currentControl":"support tier, coverage assumption, escalation path, response target label, contract review gate","resolutionPath":"24/7 support guaranteed, response SLA promised, managed service implied","owner":"Customer operations + legal ops","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["24/7 support guaranteed","response SLA promised","managed service implied","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"support tier"},{"id":"enterprise-scale-control-data-lifecycle-retention-and-archive-review","domain":"enterprise-scalability","name":"Data lifecycle, retention, and archive review","status":"external-review-required","sourceSurface":"Enterprise Scalability Operations","impact":"Keep retention, deletion, archive, backup, and external evidence references aligned before sensitive or customer-specific artifacts appear.","inefficiency":"PHI retained, confidential artifact stored, signed agreement stored without approval, data retention approved informally","currentControl":"retention class, archive trigger, external evidence reference, deletion owner, customer review gate","resolutionPath":"PHI retained, confidential artifact stored, signed agreement stored without approval, data retention approved informally","owner":"Privacy, security, customer authority owners, and platform","proofRoutes":["/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief"],"hardStops":["PHI retained","confidential artifact stored","signed agreement stored without approval","data retention approved informally","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"retention class"},{"id":"enterprise-scale-bottleneck-enterprise-demand-outruns-proof","domain":"enterprise-scalability","name":"Enterprise demand outruns scale proof","status":"operator-required","sourceSurface":"Enterprise Scalability Operations","impact":"Buyers may ask for high-volume, multi-site, or always-on workflows before SCRIMED has route-specific capacity evidence.","inefficiency":"Buyers may ask for high-volume, multi-site, or always-on workflows before SCRIMED has route-specific capacity evidence.","currentControl":"Use capped synthetic pilots, volume assumptions, route-class reviews, and scale preflight packs before any production wording.","resolutionPath":"Load-test evidence, capacity plan, support tier, rollback plan, and qualified contract review.","owner":"Product operations + platform + legal ops","proofRoutes":["/enterprise-scalability","/service-reliability","/release-continuity"],"hardStops":["contractual SLA implied","managed service implied","production support guaranteed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Load-test evidence, capacity plan, support tier, rollback plan, and qualified contract review."},{"id":"enterprise-scale-bottleneck-slo-language-becomes-sla","domain":"enterprise-scalability","name":"Internal SLO language becomes buyer SLA language","status":"operator-required","sourceSurface":"Enterprise Scalability Operations","impact":"Reliability goals can become accidental contractual commitments in decks, emails, procurement answers, or demos.","inefficiency":"Reliability goals can become accidental contractual commitments in decks, emails, procurement answers, or demos.","currentControl":"Keep SLO language internal, label external materials as readiness-only, and route SLA wording to counsel and finance.","resolutionPath":"Approved contract terms, support coverage, measurement method, and retained authority.","owner":"Service reliability + legal ops + customer operations","proofRoutes":["/enterprise-scalability","/client-onboarding","/enterprise-business-ops","/boundary-resolution"],"hardStops":["contractual SLA implied","managed service implied","production support guaranteed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Approved contract terms, support coverage, measurement method, and retained authority."},{"id":"enterprise-scale-bottleneck-tenant-scale-support-load","domain":"enterprise-scalability","name":"Tenant scale increases support load","status":"operator-required","sourceSurface":"Enterprise Scalability Operations","impact":"More workspaces, reviewers, demos, evidence packets, and renewal cadences can turn product execution into unpaid support labor.","inefficiency":"More workspaces, reviewers, demos, evidence packets, and renewal cadences can turn product execution into unpaid support labor.","currentControl":"Attach support assumptions, paid diligence packaging, escalation paths, and renewal health packets to enterprise accounts.","resolutionPath":"Support tier approval, price-floor review, response target review, and customer-specific cadence.","owner":"Customer operations + deal desk + finance","proofRoutes":["/enterprise-scalability","/client-onboarding","/enterprise-business-ops","/offerings"],"hardStops":["contractual SLA implied","managed service implied","production support guaranteed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Support tier approval, price-floor review, response target review, and customer-specific cadence."},{"id":"enterprise-scale-bottleneck-regional-scale-claims","domain":"enterprise-scalability","name":"Regional scale and residency claims arrive early","status":"external-review-required","sourceSurface":"Enterprise Scalability Operations","impact":"Global buyers and partners may require residency, sovereign hosting, public-sector procurement, or local clinical authority claims before external review exists.","inefficiency":"Global buyers and partners may require residency, sovereign hosting, public-sector procurement, or local clinical authority claims before external review exists.","currentControl":"Use deployment profiles, regional packs, qualified review owners, and no-approval wording until evidence is retained.","resolutionPath":"Regional counsel, privacy/security review, hosting decision, procurement authority, and customer approval.","owner":"Global partnerships + regional counsel + security","proofRoutes":["/enterprise-scalability","/global-reach","/global-certification-readiness","/deployment-profiles"],"hardStops":["contractual SLA implied","managed service implied","production support guaranteed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Regional counsel, privacy/security review, hosting decision, procurement authority, and customer approval."},{"id":"enterprise-scale-bottleneck-automation-retry-duplicates-evidence","domain":"enterprise-scalability","name":"Retry and automation duplicate evidence","status":"operator-required","sourceSurface":"Enterprise Scalability Operations","impact":"Repeated API calls, work orders, or proof packet generation can create conflicting artifacts if idempotency and completion checks are missing.","inefficiency":"Repeated API calls, work orders, or proof packet generation can create conflicting artifacts if idempotency and completion checks are missing.","currentControl":"Require idempotency keys, retry ceilings, quarantine owners, and QA completion bridge before scaling background work.","resolutionPath":"Execution attempt model, duplicate detection, dead-letter queue, and manual remediation approval.","owner":"Runtime safety + QA + platform","proofRoutes":["/enterprise-scalability","/workflows/execution-attempts","/qa-completion-bridge"],"hardStops":["contractual SLA implied","managed service implied","production support guaranteed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Execution attempt model, duplicate detection, dead-letter queue, and manual remediation approval."},{"id":"enterprise-scale-bottleneck-cost-spikes-erode-margin","domain":"enterprise-scalability","name":"Usage cost spikes erode margin","status":"active-control","sourceSurface":"Enterprise Scalability Operations","impact":"Model routing, storage, review labor, support work, and custom diligence can outgrow pilot pricing if not bounded.","inefficiency":"Model routing, storage, review labor, support work, and custom diligence can outgrow pilot pricing if not bounded.","currentControl":"Use usage ceilings, paid diligence, price floors, model-cost review, and change-order triggers before scope expands.","resolutionPath":"Finance-approved pricing, support assumptions, usage measurement, and contract review.","owner":"Finance + product operations + deal desk","proofRoutes":["/enterprise-scalability","/enterprise-business-ops","/capital-vitality","/public-market-readiness"],"hardStops":["contractual SLA implied","managed service implied","production support guaranteed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Finance-approved pricing, support assumptions, usage measurement, and contract review."},{"id":"platform-power-control-api-contract-register","domain":"platform-power","name":"API contract register","status":"active-control","sourceSurface":"Platform Power Operations","impact":"Track route owner, schema, examples, version, auth posture, data boundary, and blocked claims for buyer-critical APIs.","inefficiency":"route lacks owner, schema missing, boundary headers missing, public API SLA implied","currentControl":"route, owner, schema, version, auth posture, boundary headers","resolutionPath":"route lacks owner, schema missing, boundary headers missing, public API SLA implied","owner":"Platform engineering + product","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["route lacks owner","schema missing","boundary headers missing","public API SLA implied","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"route"},{"id":"platform-power-control-api-versioning-and-deprecation-discipline","domain":"platform-power","name":"API versioning and deprecation discipline","status":"operator-required","sourceSurface":"Platform Power Operations","impact":"Prevent enterprise integrations from breaking silently as contracts mature from readiness to customer-specific use.","inefficiency":"breaking change unannounced, migration path missing, customer-specific approval missing","currentControl":"version policy, change log, migration path, deprecation window, buyer communication owner","resolutionPath":"breaking change unannounced, migration path missing, customer-specific approval missing","owner":"Developer experience + release stewardship","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["breaking change unannounced","migration path missing","customer-specific approval missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"version policy"},{"id":"platform-power-control-tenant-auth-and-scope-review","domain":"platform-power","name":"Tenant auth and scope review","status":"operator-required","sourceSurface":"Platform Power Operations","impact":"Ensure protected APIs require the right identity, tenant, role, AAL2 path, revocation rule, and no-PHI payload scope.","inefficiency":"PHI requested, production credential requested, AAL2 bypass attempted, tenant owner missing","currentControl":"tenant owner, role map, AAL2 gate, token handling, revocation rule","resolutionPath":"PHI requested, production credential requested, AAL2 bypass attempted, tenant owner missing","owner":"Security + tenant governance","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["PHI requested","production credential requested","AAL2 bypass attempted","tenant owner missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"tenant owner"},{"id":"platform-power-control-idempotency-and-retry-contract","domain":"platform-power","name":"Idempotency and retry contract","status":"active-control","sourceSurface":"Platform Power Operations","impact":"Avoid duplicated work, duplicate proof packets, and uncontrolled retries when API or agent jobs are repeated.","inefficiency":"retry ceiling absent, duplicate evidence risk, dead-letter owner missing, autonomous remediation implied","currentControl":"idempotency key, retry ceiling, duplicate detection, dead-letter owner, manual remediation path","resolutionPath":"retry ceiling absent, duplicate evidence risk, dead-letter owner missing, autonomous remediation implied","owner":"Runtime safety + QA","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["retry ceiling absent","duplicate evidence risk","dead-letter owner missing","autonomous remediation implied","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"idempotency key"},{"id":"platform-power-control-rate-limit-and-abuse-control","domain":"platform-power","name":"Rate limit and abuse control","status":"operator-required","sourceSurface":"Platform Power Operations","impact":"Prepare quotas, throttles, and abuse-response behavior before enterprise pilots expand traffic or expose premium endpoints.","inefficiency":"unlimited usage promised, abuse path missing, contractual uptime implied, support coverage implied","currentControl":"route class, quota, burst limit, abuse signal, operator escalation path","resolutionPath":"unlimited usage promised, abuse path missing, contractual uptime implied, support coverage implied","owner":"Platform + service reliability + security","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["unlimited usage promised","abuse path missing","contractual uptime implied","support coverage implied","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"route class"},{"id":"platform-power-control-ui-role-journey-control","domain":"platform-power","name":"UI role journey control","status":"active-control","sourceSurface":"Platform Power Operations","impact":"Make API, UI, AI, reliability, scale, business, and approval tasks discoverable by audience without requiring tribal knowledge.","inefficiency":"route orphaned, buyer-critical task hidden, limitation path missing","currentControl":"primary nav link, hub view, product action, role journey, limitation link","resolutionPath":"route orphaned, buyer-critical task hidden, limitation path missing","owner":"Product Console + customer operations","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["route orphaned","buyer-critical task hidden","limitation path missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"primary nav link"},{"id":"platform-power-control-ui-quality-and-accessibility-review","domain":"platform-power","name":"UI quality and accessibility review","status":"operator-required","sourceSurface":"Platform Power Operations","impact":"Keep enterprise UI layouts readable, navigable, responsive, and keyboard-reviewable before external demos or buyer training.","inefficiency":"text overlap, mobile route unusable, accessibility certification claimed, unreviewed external demo","currentControl":"responsive route, copy review, keyboard path, contrast review, manual screenshot check","resolutionPath":"text overlap, mobile route unusable, accessibility certification claimed, unreviewed external demo","owner":"Frontend + QA + accessibility reviewer","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["text overlap","mobile route unusable","accessibility certification claimed","unreviewed external demo","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"responsive route"},{"id":"platform-power-control-ai-model-route-register","domain":"platform-power","name":"AI model-route register","status":"external-review-required","sourceSurface":"Platform Power Operations","impact":"Track provider, model, allowed data, blocked data, fallback, cost owner, eval pack, and approval status before model use expands.","inefficiency":"PHI routed to model, provider approval missing, production model approval implied, cost owner missing","currentControl":"provider, model class, allowed data, blocked data, fallback, cost tag, eval pack","resolutionPath":"PHI routed to model, provider approval missing, production model approval implied, cost owner missing","owner":"AI platform + TrustOS + security + finance","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["PHI routed to model","provider approval missing","production model approval implied","cost owner missing","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"provider"},{"id":"platform-power-control-agent-tool-approval-and-escalation","domain":"platform-power","name":"Agent tool approval and escalation","status":"operator-required","sourceSurface":"Platform Power Operations","impact":"Ensure agents recommend and route work without executing protected, clinical, financial, legal, customer, or production actions alone.","inefficiency":"tool execution without approval, clinical action requested, contract or payment action requested, production remediation requested","currentControl":"allowed tools, blocked tools, approval trigger, escalation owner, audit output","resolutionPath":"tool execution without approval, clinical action requested, contract or payment action requested, production remediation requested","owner":"AgentOS + TrustOS + QA","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["tool execution without approval","clinical action requested","contract or payment action requested","production remediation requested","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"allowed tools"},{"id":"platform-power-control-ai-evaluation-and-red-team-loop","domain":"platform-power","name":"AI evaluation and red-team loop","status":"active-control","sourceSurface":"Platform Power Operations","impact":"Convert repeated mistakes, hallucination risk, unsafe claims, and future AI research into eval sets, smoke checks, and controlled backlog.","inefficiency":"error-free AI claimed, clinical validation claimed, unsafe output untriaged, public quantum claim made","currentControl":"eval set, claims guard, red-team prompt, regression owner, promotion rule","resolutionPath":"error-free AI claimed, clinical validation claimed, unsafe output untriaged, public quantum claim made","owner":"Continuous review, QA, TrustOps, and internal research","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["error-free AI claimed","clinical validation claimed","unsafe output untriaged","public quantum claim made","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"eval set"},{"id":"platform-power-control-evidence-retrieval-and-source-attribution","domain":"platform-power","name":"Evidence retrieval and source attribution","status":"active-control","sourceSurface":"Platform Power Operations","impact":"Keep extracted data, summaries, and AI answers tied to source class, evidence route, freshness requirement, and reviewer boundary.","inefficiency":"source missing, PHI included, clinical validation implied, EHR writeback requested","currentControl":"source class, evidence route, freshness check, confidence boundary, reviewer need","resolutionPath":"source missing, PHI included, clinical validation implied, EHR writeback requested","owner":"Atlas + source intelligence + interoperability","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["source missing","PHI included","clinical validation implied","EHR writeback requested","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"source class"},{"id":"platform-power-control-platform-cost-latency-and-quality-observability","domain":"platform-power","name":"Platform cost, latency, and quality observability","status":"active-control","sourceSurface":"Platform Power Operations","impact":"Track API, UI, AI, evidence, review, support, and model-cost pressure before enterprise packages outgrow margins.","inefficiency":"profit guarantee claimed, cost owner missing, SLA implied, support commitment unfunded","currentControl":"cost owner, usage threshold, latency target, quality signal, margin floor","resolutionPath":"profit guarantee claimed, cost owner missing, SLA implied, support commitment unfunded","owner":"Service reliability + finance + platform operations","proofRoutes":["/platform-power","/api/platform-power","/api/platform-power/brief"],"hardStops":["profit guarantee claimed","cost owner missing","SLA implied","support commitment unfunded","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"cost owner"},{"id":"platform-power-bottleneck-api-contracts-not-yet-openapi","domain":"platform-power","name":"API contracts are typed but not yet exported as OpenAPI or SDKs","status":"operator-required","sourceSurface":"Platform Power Operations","impact":"Enterprise technical buyers can inspect live JSON and brief endpoints, but developer adoption will remain slower until formal contracts, examples, and SDK packaging exist.","inefficiency":"Enterprise technical buyers can inspect live JSON and brief endpoints, but developer adoption will remain slower until formal contracts, examples, and SDK packaging exist.","currentControl":"Use route summaries, smoke-tested JSON, boundary headers, and markdown briefs as the interim contract packet.","resolutionPath":"OpenAPI spec, examples, auth model, rate limits, SDK backlog, version policy, and developer docs are reviewed.","owner":"Platform engineering + developer experience","proofRoutes":["/platform-power","/navigation","/api/product/console"],"hardStops":["public API SLA implied","live autonomous AI implied","production model routing implied","accessibility certification implied","trillion-dollar-scale equivalence claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"OpenAPI spec, examples, auth model, rate limits, SDK backlog, version policy, and developer docs are reviewed."},{"id":"platform-power-bottleneck-live-ai-not-enabled","domain":"platform-power","name":"Live AI model execution remains intentionally gated","status":"external-review-required","sourceSurface":"Platform Power Operations","impact":"The AI posture can be evaluated through architecture, agents, evals, and synthetic proof, but production model calls need provider, privacy, safety, cost, and legal review.","inefficiency":"The AI posture can be evaluated through architecture, agents, evals, and synthetic proof, but production model calls need provider, privacy, safety, cost, and legal review.","currentControl":"Use deterministic synthetic summaries, model-route registers, eval design, TrustOS checks, and human approval packets.","resolutionPath":"Approved model provider, allowed data class, eval pass criteria, monitoring, human approval flow, and customer-specific authority exist.","owner":"AI platform + TrustOS + security + finance","proofRoutes":["/trust-os","/agents","/continuous-review-audit","/platform-power"],"hardStops":["public API SLA implied","live autonomous AI implied","production model routing implied","accessibility certification implied","trillion-dollar-scale equivalence claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Approved model provider, allowed data class, eval pass criteria, monitoring, human approval flow, and customer-specific authority exist."},{"id":"platform-power-bottleneck-accessibility-certification-not-complete","domain":"platform-power","name":"Accessibility certification is not complete","status":"external-review-required","sourceSurface":"Platform Power Operations","impact":"The UI can be improved continuously, but enterprise procurement may require formal WCAG, VPAT, or Section 508 review before certain buyer claims.","inefficiency":"The UI can be improved continuously, but enterprise procurement may require formal WCAG, VPAT, or Section 508 review before certain buyer claims.","currentControl":"Run manual UI quality checks, keep layouts stable, avoid text overlap, expose role navigation, and retain accessibility review as a named gate.","resolutionPath":"Qualified accessibility review, remediation evidence, VPAT or equivalent artifact, and approved external claims.","owner":"Frontend + accessibility reviewer + legal ops","proofRoutes":["/platform-power","/navigation","/product"],"hardStops":["public API SLA implied","live autonomous AI implied","production model routing implied","accessibility certification implied","trillion-dollar-scale equivalence claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Qualified accessibility review, remediation evidence, VPAT or equivalent artifact, and approved external claims."},{"id":"platform-power-bottleneck-public-api-rate-limits-not-contracted","domain":"platform-power","name":"Public API rate limits are readiness targets, not contracted terms","status":"operator-required","sourceSurface":"Platform Power Operations","impact":"SCRIMED can scope route classes and quotas, but it cannot imply unlimited use, contractual uptime, or managed service coverage.","inefficiency":"SCRIMED can scope route classes and quotas, but it cannot imply unlimited use, contractual uptime, or managed service coverage.","currentControl":"State route class, draft quota, throttle behavior, support assumption, and no-SLA boundary on enterprise packets.","resolutionPath":"Contract, staffing, monitoring, incident response, support tier, and executive approval define the exact commitment.","owner":"Platform + legal ops + customer operations","proofRoutes":["/platform-power","/enterprise-scalability","/service-reliability"],"hardStops":["public API SLA implied","live autonomous AI implied","production model routing implied","accessibility certification implied","trillion-dollar-scale equivalence claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Contract, staffing, monitoring, incident response, support tier, and executive approval define the exact commitment."},{"id":"platform-power-bottleneck-agent-tool-approval-needs-production-runtime","domain":"platform-power","name":"Agent tool approval needs production runtime approval","status":"operator-required","sourceSurface":"Platform Power Operations","impact":"Agents can be described, evaluated, and routed, but protected actions need approval states, audit logging, and fail-closed runtime behavior.","inefficiency":"Agents can be described, evaluated, and routed, but protected actions need approval states, audit logging, and fail-closed runtime behavior.","currentControl":"Use agent registry, QA packets, claim guard, human approval rules, and protected workspace evidence before any execution claim.","resolutionPath":"Approved tool schemas, human approval UI, audit persistence, rollback behavior, and customer-specific authority.","owner":"AgentOS + QA + platform engineering","proofRoutes":["/agents","/qa-claim-guard","/qa-manual-execution-console","/platform-power"],"hardStops":["public API SLA implied","live autonomous AI implied","production model routing implied","accessibility certification implied","trillion-dollar-scale equivalence claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Approved tool schemas, human approval UI, audit persistence, rollback behavior, and customer-specific authority."},{"id":"platform-power-bottleneck-evidence-rag-still-synthetic","domain":"platform-power","name":"Evidence retrieval remains synthetic and metadata-only","status":"external-review-required","sourceSurface":"Platform Power Operations","impact":"SCRIMED can demonstrate source attribution, extraction planning, and Trust Cards without ingesting live PHI or protected medical records.","inefficiency":"SCRIMED can demonstrate source attribution, extraction planning, and Trust Cards without ingesting live PHI or protected medical records.","currentControl":"Use synthetic fixtures, no-PHI examples, source classes, external evidence references, and health-record safety gates.","resolutionPath":"PHI authority, customer environment, BAA/DPA if required, security review, connector approval, and clinical governance approval.","owner":"Atlas + interoperability + privacy + clinical governance","proofRoutes":["/atlas","/health-records","/interoperability","/boundary-resolution"],"hardStops":["public API SLA implied","live autonomous AI implied","production model routing implied","accessibility certification implied","trillion-dollar-scale equivalence claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"PHI authority, customer environment, BAA/DPA if required, security review, connector approval, and clinical governance approval."},{"id":"platform-power-bottleneck-trillion-scale-positioning-boundary","domain":"platform-power","name":"Trillion-dollar-scale positioning must stay evidence-based","status":"operator-required","sourceSurface":"Platform Power Operations","impact":"The platform can be designed with world-class discipline, but SCRIMED cannot claim equivalent scale, staffing, certifications, or infrastructure until evidence exists.","inefficiency":"The platform can be designed with world-class discipline, but SCRIMED cannot claim equivalent scale, staffing, certifications, or infrastructure until evidence exists.","currentControl":"Frame the product as enterprise-grade readiness with explicit proof routes, operating controls, and retained external gates.","resolutionPath":"Audited scale evidence, customer proof, security certifications, support operations, incident history, financial controls, and qualified release approval.","owner":"Founder + product + legal + finance + platform","proofRoutes":["/platform-power","/enterprise-scalability","/enterprise-business-ops","/public-market-readiness"],"hardStops":["public API SLA implied","live autonomous AI implied","production model routing implied","accessibility certification implied","trillion-dollar-scale equivalence claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Audited scale evidence, customer proof, security certifications, support operations, incident history, financial controls, and qualified release approval."},{"id":"limitations-workaround-track-phi-live-data-boundary","domain":"limitations-workarounds","name":"PHI and live patient-data boundary","status":"blocked-by-design","sourceSurface":"Limitations and Workaround Operations","impact":"A buyer demo or pilot could accidentally become regulated production data processing before privacy, security, BAA/DPA, customer environment, and clinical governance approvals exist.","inefficiency":"Current public and synthetic workflows cannot ingest PHI, patient identifiers, payer member data, live charts, production credentials, or source medical records.","currentControl":"No-PHI intake lint, route headers, source-class labels, blocked-input copy, and protected AAL2 evidence references.","resolutionPath":"Use synthetic fixtures, metadata-only references, external evidence-room pointers, no-PHI excerpts, and Health Records Safety Exchange source mapping.","owner":"Privacy, security, clinical governance, customer authority owner, and TrustOS","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/health-records","/clinical-authority-readiness","/boundary-resolution"],"hardStops":["PHI processing authorized","live patient data connected","patient matching approved","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Any PHI, identifier, live chart, production credential, patient matching, or data-residency request appears."},{"id":"limitations-workaround-track-clinical-care-authority-boundary","domain":"limitations-workarounds","name":"Live clinical care and CDS authority","status":"external-review-required","sourceSurface":"Limitations and Workaround Operations","impact":"Operational language could be interpreted as clinical authority, medical advice, or production CDS/SaMD readiness before qualified review.","inefficiency":"SCRIMED can prepare workflow intelligence, draft-only outputs, and governance evidence, but cannot diagnose, treat, route patients, sign notes, or provide live clinical decision support.","currentControl":"Clinical Authority Readiness, Clinical Care Activation gates, Claim Guard, and no-live-care headers.","resolutionPath":"Frame outputs as synthetic workflow planning, review queues, draft-only documentation, and clinical-governance preparation with explicit human review.","owner":"Clinical governance, qualified clinicians, legal, privacy, and release stewardship","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/clinical-authority-readiness","/clinical-care-activation","/qa-claim-guard"],"hardStops":["live clinical care authorized","clinical decision support cleared","autonomous diagnosis or treatment permitted","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"A claim implies diagnosis, treatment, live triage, autonomous care coordination, or production CDS."},{"id":"limitations-workaround-track-ehr-writeback-connector-boundary","domain":"limitations-workarounds","name":"Production EHR connector and writeback boundary","status":"blocked-by-design","sourceSurface":"Limitations and Workaround Operations","impact":"Integration demos can turn into unsafe production connector promises, mutation claims, or payer-submission commitments.","inefficiency":"FHIR, SMART, HL7, DICOM, X12, terminology, and connector planning are synthetic; production connectors, writeback, payer submission, and patient matching remain blocked.","currentControl":"Interoperability standards map, Health Records Safety Exchange, connector blocked-claim list, and synthetic extraction evaluator.","resolutionPath":"Use fixture validation, synthetic conformance kits, connector contract review, external artifact references, and no-mutation evidence.","owner":"Interoperability, platform engineering, privacy, security, clinical governance, and customer integration owner","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/interoperability","/health-records","/integrations/fixture-validation"],"hardStops":["production connector approved","EHR writeback approved","payer submission approved","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Production endpoint, credential, writeback, payer submission, patient match, or live HIE/EHR request appears."},{"id":"limitations-workaround-track-public-api-sla-boundary","domain":"limitations-workarounds","name":"Public API, SLA, and unlimited-scale boundary","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"Enterprise diligence could mistake technical maturity for contractual support, public availability, unlimited usage, or managed-service coverage.","inefficiency":"Route handlers, summaries, and briefs are inspectable contract-readiness surfaces, not public API marketplace launch, contractual SLA, unlimited rate limit, or uptime guarantee.","currentControl":"Platform Power API contract register, Enterprise Scalability SLO readiness, Service Reliability fault classes, and Navigation Audit route counts.","resolutionPath":"Use route summaries, boundary headers, version posture, draft quotas, rate-limit classes, support assumptions, and no-SLA language.","owner":"Platform engineering, legal ops, service reliability, customer operations, and finance","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/platform-power","/enterprise-scalability","/service-reliability"],"hardStops":["public API SLA approved","unlimited API scale approved","contractual uptime guaranteed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Public API, unlimited usage, uptime, SLA, support, or managed-service language appears."},{"id":"limitations-workaround-track-ai-agent-autonomy-boundary","domain":"limitations-workarounds","name":"Live AI, production model-routing, and agent autonomy boundary","status":"external-review-required","sourceSurface":"Limitations and Workaround Operations","impact":"Agent language can imply production model approval, autonomous remediation, clinical action, legal advice, or financial decision authority.","inefficiency":"Agents may plan, route, inspect, recommend, and produce synthetic evidence, but they cannot execute protected clinical, legal, financial, customer, or production actions autonomously.","currentControl":"AgentOS, TrustOS, Platform Power, QA Claim Guard, Runtime Safety, and Continuous Review loops.","resolutionPath":"Use model-route registers, allowed/blocked data classes, eval packs, red-team loops, human approval triggers, and protected AAL2 operator lanes.","owner":"AI platform, AgentOS, TrustOS, QA, security, finance, and clinical governance","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/agents","/trust-os","/platform-power","/continuous-review-audit"],"hardStops":["live autonomous AI approved","production model routing approved","agent actions fully autonomous","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"The system is asked to act without approval, route PHI to a model, self-remediate production, or make clinical/legal/financial decisions."},{"id":"limitations-workaround-track-security-certification-boundary","domain":"limitations-workarounds","name":"Security, privacy, SOC 2, HITRUST, and certification boundary","status":"external-review-required","sourceSurface":"Limitations and Workaround Operations","impact":"Procurement packets could overstate security posture, compliance status, or customer-specific readiness.","inefficiency":"SCRIMED can organize readiness evidence, controls, and protected review paths, but cannot claim SOC 2, HITRUST, ISO, HIPAA certification, penetration-test completion, or security approval without qualified evidence.","currentControl":"Evidence-room metadata, owner matrix, certification tracks, blocked claims, renewal queue, and protected access logs.","resolutionPath":"Use Trust Center, Provider Security Reviews, Procurement Evidence Registry, Global Certification Readiness, and no-sensitive-artifact references.","owner":"Security, privacy, legal, trust operations, customer authority owner, and qualified external reviewers","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/trust-center","/global-certification-readiness","/pilot-workspace/access"],"hardStops":["security certified","SOC 2 certified","HITRUST certified","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"A buyer asks for SOC 2, HITRUST, ISO, HIPAA certification, pentest, BAA/DPA, vendor-risk approval, or security signoff."},{"id":"limitations-workaround-track-global-legal-privacy-boundary","domain":"limitations-workarounds","name":"Global legal, privacy, AI Act, GDPR, NHS, MHRA, and regional boundary","status":"external-review-required","sourceSurface":"Limitations and Workaround Operations","impact":"Public-sector and global buyer conversations can become unsupported country-launch or conformity claims.","inefficiency":"Global expansion readiness can map evidence needs and regional packs, but cannot claim local legal approval, procurement approval, data-residency approval, EU AI Act conformity, GDPR compliance approval, NHS DTAC approval, MHRA approval, or government endorsement.","currentControl":"Global Certification Readiness, Global Reach, Deployment Profiles, Claim Guard, and Boundary Resolution.","resolutionPath":"Use regional buyer packs, deployment profiles, official-source evidence implications, partner authority registers, and qualified regional counsel review.","owner":"Regional counsel, privacy, security, clinical governance, global partnerships, and customer procurement owner","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/global-certification-readiness","/global-reach","/deployment-profiles"],"hardStops":["EU AI Act conformant","GDPR approved","government endorsed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"A claim names country launch, public-sector approval, local hosting approval, GDPR/EU AI Act conformity, NHS/MHRA/Australia approval, or government endorsement."},{"id":"limitations-workaround-track-legal-finance-revenue-boundary","domain":"limitations-workarounds","name":"Legal, finance, accounting, tax, revenue, and profit boundary","status":"external-review-required","sourceSurface":"Limitations and Workaround Operations","impact":"Sales, board, investor, and buyer materials could become unsupported professional advice, financial reporting, securities material, or commercial promises.","inefficiency":"Enterprise Business Ops can prepare deal desk, pricing, margin, billing, and review packets, but cannot provide legal/accounting/tax advice, audited financial reporting, contract approval, securities material, revenue guarantees, ROI guarantees, or profit-margin guarantees.","currentControl":"Enterprise Business Ops, Growth Engine, Capital Vitality, Public Market Readiness, Deal Room, and Claim Guard.","resolutionPath":"Use fixed-scope offers, price floors, buyer-approved measurement plans, counsel review slots, finance/accounting/tax triage, and qualified release authority.","owner":"Founder, deal desk, legal, finance, accounting, tax, revenue operations, and qualified reviewers","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/enterprise-business-ops","/growth-engine","/capital-vitality","/public-market-readiness"],"hardStops":["legal advice provided","revenue guaranteed","profit margin guaranteed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"A proposal includes contract approval, non-standard terms, revenue impact, ROI, reimbursement, valuation, fundraising, tax, accounting, or legal conclusions."},{"id":"limitations-workaround-track-autonomous-communications-boundary","domain":"limitations-workarounds","name":"Email, calendar, demo, meeting, and buyer communication boundary","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"A draft could become an unauthorized buyer commitment, meeting invite, sales promise, procurement statement, or customer-specific claim.","inefficiency":"SCRIMED can prepare email-ready copy, calendar-ready agendas, demo scripts, meeting notes, and follow-up packets, but cannot autonomously send emails, create calendar invites, approve procurement, or commit scope.","currentControl":"Client Onboarding and Communications stages, handoffs, templates, calendar packets, and blocked-content list.","resolutionPath":"Use human-reviewed templates, meeting packets, owner handoffs, no-PHI notes, and explicit send/invite approval fields.","owner":"Revenue operations, sales engineering, customer operations, legal ops, finance, and product owner","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/client-onboarding","/offerings","/pilot-deal-room"],"hardStops":["email sent autonomously","calendar invite created autonomously","buyer commitment approved","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"The communication contains PHI, security claims, contract language, pricing exceptions, procurement claims, or clinical promises."},{"id":"limitations-workaround-track-release-proof-boundary","domain":"limitations-workarounds","name":"Protected QA, buyer proof, and release authority boundary","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"Public checks could be mistaken for retained protected evidence, customer permission, or release authority.","inefficiency":"Public smoke can prove route availability and fail-closed protected behavior, but cannot prove protected happy-path execution, buyer-specific release, authenticated QA completion, or customer evidence-room distribution.","currentControl":"Release Continuity, QA Launch Kit, Manual QA Execution Console, Buyer Release Control Runbook, protected evidence packets, and no-token policy.","resolutionPath":"Use AAL2 protected workspaces, no-secret operator packets, QA Completion Bridge, Activation Seal, Proof Promotion, Buyer Proof Release, and release-control runbooks.","owner":"Release engineering, TrustOS, tenant governance, approved operator, and buyer diligence","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/release-continuity","/qa-manual-execution-console","/buyer-release-control-run","/pilot-workspace/access"],"hardStops":["protected happy path completed without AAL2","buyer release approved","bearer token retained as evidence","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"A claim references retained protected proof, customer release, authenticated QA, token handling, evidence-room access, or buyer distribution."},{"id":"limitations-workaround-track-ui-accessibility-boundary","domain":"limitations-workarounds","name":"UI quality, accessibility, and seamless navigation boundary","status":"contained","sourceSurface":"Limitations and Workaround Operations","impact":"Enterprise demos could overstate accessibility certification or leave high-value workflows hard to find.","inefficiency":"Navigation can be improved continuously, but current UI polish, responsive behavior, keyboard path, contrast, and accessibility posture are not formal WCAG, VPAT, Section 508, or external UX certification.","currentControl":"SiteNavigation, Navigation Audit inventory, Product Console proof stack, Platform Power UI role journey control, and smoke checks.","resolutionPath":"Use site navigation, role journeys, Navigation Audit, Product Console, Hub cards, smoke-covered routes, and manual UI review before demos.","owner":"Frontend, Product Console, QA, accessibility reviewer, customer operations, and sales engineering","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/navigation","/product","/hub","/platform-power"],"hardStops":["accessibility certified","WCAG conformance approved","VPAT completed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"A buyer-critical route is hidden, text overlaps, mobile route is unusable, keyboard path is unclear, or accessibility certification is implied."},{"id":"limitations-workaround-track-innovation-quantum-boundary","domain":"limitations-workarounds","name":"Internal innovation, quantum, and future infrastructure boundary","status":"blocked-by-design","sourceSurface":"Limitations and Workaround Operations","impact":"Future-looking research language could become unsupported buyer, investor, clinical, security, or public-market claims.","inefficiency":"Internal research may investigate quantum, advanced model routing, privacy-preserving computation, and future infrastructure, but public product claims remain blocked.","currentControl":"Continuous Review and Innovation control plane, internal research assignments, Claim Guard, Boundary Resolution, and no-public-quantum authority headers.","resolutionPath":"Keep research assigned to the internal research team with private hypotheses, no-public-claim labels, source logs, review owners, and claim-guard blocks.","owner":"Internal Research Team, TrustOS, AI platform, security, legal, finance, and founder","proofRoutes":["/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/continuous-review-audit","/qa-claim-guard","/boundary-resolution"],"hardStops":["public quantum capability available","quantum clinical advantage","future infrastructure superiority proven","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Quantum, model advantage, cryptographic, clinical, security, financial, or infrastructure superiority language appears in external material."},{"id":"limitations-workaround-packet-synthetic-no-phi-packet","domain":"limitations-workarounds","name":"Synthetic no-PHI packet","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"A buyer asks for workflow proof, record extraction, AI output, or demo evidence without approved PHI authority.","inefficiency":"PHI introduced, patient identifier introduced, live chart requested, source artifact pasted","currentControl":"synthetic fixtures, metadata-only source labels, de-identified public examples, no-secret operator notes","resolutionPath":"Buyer-safe demo or assessment packet with explicit no-PHI and no-live-care boundary.","owner":"TrustOS + product owner","proofRoutes":["/health-records","/pilot-evidence","/boundary-resolution"],"hardStops":["PHI introduced","patient identifier introduced","live chart requested","source artifact pasted","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Refresh whenever source class, buyer scope, approval state, or claim language changes."},{"id":"limitations-workaround-packet-external-evidence-reference","domain":"limitations-workarounds","name":"External evidence reference","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"The artifact is sensitive, confidential, regulated, buyer-owned, or not safe to store in SCRIMED.","inefficiency":"artifact uploaded, secret included, contract pasted, medical record pasted","currentControl":"external system name, artifact type, reviewer label, status, expiry date","resolutionPath":"Metadata-only reference that points to the authority source without storing the underlying artifact.","owner":"Customer authority owner + trust operations","proofRoutes":["/pilot-workspace/access","/global-certification-readiness","/trust-center"],"hardStops":["artifact uploaded","secret included","contract pasted","medical record pasted","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Renew before expiration, owner change, buyer scope change, or regulation/certification scope change."},{"id":"limitations-workaround-packet-human-reviewed-communication","domain":"limitations-workarounds","name":"Human-reviewed communication packet","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"Email, calendar, demo, presentation, pilot workshop, proposal, or follow-up language is needed.","inefficiency":"autonomous send requested, calendar invite creation requested, contract promise included, PHI included","currentControl":"recipient role, meeting objective, no-PHI scope, offer, proof route, required reviewer","resolutionPath":"Draft-only communication with approval slot, send owner, follow-up owner, and blocked-content checklist.","owner":"Revenue operations + sales engineering","proofRoutes":["/client-onboarding","/offerings","/enterprise-business-ops"],"hardStops":["autonomous send requested","calendar invite creation requested","contract promise included","PHI included","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Re-review after 7 days, pricing change, scope change, reviewer change, or new buyer requirement."},{"id":"limitations-workaround-packet-aal2-protected-proof","domain":"limitations-workarounds","name":"AAL2 protected proof packet","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"A buyer, operator, or reviewer needs retained protected proof instead of public smoke evidence.","inefficiency":"token retained, AAL2 bypass attempted, protected route publicly exposed, buyer release claimed early","currentControl":"workspace slug, operator role, packet hash, reviewer label, no-secret summary","resolutionPath":"Protected no-secret proof packet with release decision and buyer-safe claim state.","owner":"Approved operator + release stewardship","proofRoutes":["/qa-manual-execution-console","/buyer-release-control-run","/pilot-workspace/access"],"hardStops":["token retained","AAL2 bypass attempted","protected route publicly exposed","buyer release claimed early","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Re-run when deployment, route, workspace, reviewer, claim language, or evidence packet changes."},{"id":"limitations-workaround-packet-api-contract-readiness","domain":"limitations-workarounds","name":"API contract readiness packet","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"A technical buyer needs API detail before public API SLA, SDK, or production connector approval exists.","inefficiency":"public API SLA implied, production connector promised, PHI payload accepted, unlimited usage promised","currentControl":"route, owner, schema, version posture, auth posture, boundary headers","resolutionPath":"Draft API contract packet with examples, rate-limit posture, no-SLA language, and blocked claims.","owner":"Platform engineering + developer experience","proofRoutes":["/platform-power","/navigation","/api/product/console"],"hardStops":["public API SLA implied","production connector promised","PHI payload accepted","unlimited usage promised","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Re-review on schema change, auth change, rate-limit change, version change, or buyer-specific scope."},{"id":"limitations-workaround-packet-model-route-register","domain":"limitations-workarounds","name":"Model-route register packet","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"A feature proposes AI model execution, provider routing, fallback, evals, or agent reasoning.","inefficiency":"PHI routed to model, provider approval missing, production model approval implied, clinical validation claimed","currentControl":"provider, model class, allowed data, blocked data, eval pack, fallback, cost owner","resolutionPath":"Readiness-only model-route record with human approval triggers and no-live-AI boundary.","owner":"AI platform + TrustOS + finance","proofRoutes":["/platform-power","/agents","/trust-os","/continuous-review-audit"],"hardStops":["PHI routed to model","provider approval missing","production model approval implied","clinical validation claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Re-review on provider, model, data class, cost threshold, eval failure, or customer scope change."},{"id":"limitations-workaround-packet-deal-desk-exception","domain":"limitations-workarounds","name":"Deal desk exception packet","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"Pricing, scope, payment terms, ROI, reimbursement, legal, tax, accounting, securities, or contract language is non-standard.","inefficiency":"legal advice implied, revenue guaranteed, profit guaranteed, contract approved without reviewer","currentControl":"offer, price floor, scope, payment terms, reviewer role, approval status","resolutionPath":"Qualified-review packet with blocked claims, margin notes, counsel/accounting/tax slots, and release gate.","owner":"Deal desk + legal + finance","proofRoutes":["/enterprise-business-ops","/growth-engine","/capital-vitality"],"hardStops":["legal advice implied","revenue guaranteed","profit guaranteed","contract approved without reviewer","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Re-review on price, scope, buyer, term, reviewer, or claim-language change."},{"id":"limitations-workaround-packet-global-regional-pack","domain":"limitations-workarounds","name":"Global regional workaround pack","status":"operator-required","sourceSurface":"Limitations and Workaround Operations","impact":"A region, public-sector buyer, channel partner, or global certification question appears before local authority exists.","inefficiency":"country launch claimed, government endorsement implied, data residency approved early, regional clinical approval claimed","currentControl":"region, buyer type, deployment profile, regional counsel owner, blocked claims","resolutionPath":"Localization pack that frames readiness, evidence needs, hosting questions, and retained external gates.","owner":"Global partnerships + regional counsel","proofRoutes":["/global-reach","/global-certification-readiness","/deployment-profiles"],"hardStops":["country launch claimed","government endorsement implied","data residency approved early","regional clinical approval claimed","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Re-review on region, regulation, hosting profile, partner, customer segment, or public-sector scope change."},{"id":"growth-founder-led-selling-is-still-the-fastest-path","domain":"commercial-throughput","name":"Founder-led selling is still the fastest path","status":"operator-required","sourceSurface":"Growth Engine","impact":"SCRIMED has proof depth, but early enterprise conversion still needs direct founder narrative and qualification.","inefficiency":"SCRIMED has proof depth, but early enterprise conversion still needs direct founder narrative and qualification.","currentControl":"Run weekly target-account review, use Pilot Intake for every qualified call, and keep proof routes attached to each follow-up.","resolutionPath":"Repeatable source-to-pilot conversion cohorts in Attribution Analytics.","owner":"Founder + sales operations","proofRoutes":["/growth-engine","/api/growth-engine","/api/growth-engine/brief"],"hardStops":["unsupported revenue claim","buyer proof without protected release","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Repeatable source-to-pilot conversion cohorts in Attribution Analytics."},{"id":"growth-buyer-proof-cannot-outrun-retained-approvals","domain":"commercial-throughput","name":"Buyer proof cannot outrun retained approvals","status":"protected-gated","sourceSurface":"Growth Engine","impact":"The strongest enterprise proof is protected and cannot be shared publicly without release controls.","inefficiency":"The strongest enterprise proof is protected and cannot be shared publicly without release controls.","currentControl":"Use metadata-only public summaries and route buyer-specific artifacts through protected release-control and distribution lockbox gates.","resolutionPath":"Release decisions, reviewer signoffs, recipient controls, and customer permission retained.","owner":"Release steward + buyer diligence","proofRoutes":["/growth-engine","/api/growth-engine","/api/growth-engine/brief"],"hardStops":["unsupported revenue claim","buyer proof without protected release","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Release decisions, reviewer signoffs, recipient controls, and customer permission retained."},{"id":"growth-revenue-impact-claims-require-buyer-baselines","domain":"commercial-throughput","name":"Revenue impact claims require buyer baselines","status":"contained","sourceSurface":"Growth Engine","impact":"Revenue-cycle value is compelling, but unsupported revenue claims can create legal, reimbursement, or investor risk.","inefficiency":"Revenue-cycle value is compelling, but unsupported revenue claims can create legal, reimbursement, or investor risk.","currentControl":"Frame revenue impact as buyer-reviewed operational signal until protected buyer methodology and finance review exist.","resolutionPath":"Buyer-approved baseline, finance methodology gate, and counsel-reviewed external-use language.","owner":"Founder + finance reviewers","proofRoutes":["/growth-engine","/api/growth-engine","/api/growth-engine/brief"],"hardStops":["unsupported revenue claim","buyer proof without protected release","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Buyer-approved baseline, finance methodology gate, and counsel-reviewed external-use language."},{"id":"growth-fundraising-and-investor-materials-need-counsel-review","domain":"commercial-throughput","name":"Fundraising and investor materials need counsel review","status":"external-review-required","sourceSurface":"Growth Engine","impact":"Capital readiness can be mistaken for offering material or investment advice.","inefficiency":"Capital readiness can be mistaken for offering material or investment advice.","currentControl":"Keep public routes readiness-only and route fundraising decks, valuation, securities language, tax, and legal questions through qualified counsel.","resolutionPath":"Approved investor materials, controlled data-room process, and qualified securities counsel review.","owner":"Founder + qualified counsel","proofRoutes":["/growth-engine","/api/growth-engine","/api/growth-engine/brief"],"hardStops":["unsupported revenue claim","buyer proof without protected release","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Approved investor materials, controlled data-room process, and qualified securities counsel review."},{"id":"enterprise-margin-price-floor-and-discount-approval","domain":"enterprise-operations","name":"Price floor and discount approval","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Enterprise urgency can create unmanaged discounts, free diligence work, and low-margin custom scope.","inefficiency":"Enterprise urgency can create unmanaged discounts, free diligence work, and low-margin custom scope.","currentControl":"Every proposal must show list price, discount, approval reason, gross-margin estimate, and expiration date.","resolutionPath":"discount below floor, free paid-diligence package, unapproved multi-year concession","owner":"Founder + CFO/FP&A + Deal Desk","proofRoutes":["/pricing","/sales-operations","/enterprise-business-ops"],"hardStops":["discount below floor","free paid-diligence package","unapproved multi-year concession"],"nextAction":"Every proposal must show list price, discount, approval reason, gross-margin estimate, and expiration date."},{"id":"enterprise-margin-revenue-recognition-review-gate","domain":"enterprise-operations","name":"Revenue-recognition review gate","status":"external-review-required","sourceSurface":"Enterprise Business Operations","impact":"Bundled services, cancellation rights, success fees, refunds, or variable pricing can create accounting and reporting risk.","inefficiency":"Bundled services, cancellation rights, success fees, refunds, or variable pricing can create accounting and reporting risk.","currentControl":"Contract terms that affect timing, deliverables, performance obligations, variable consideration, or refunds require accounting review.","resolutionPath":"audited revenue claim, recognized revenue guidance, financial statement treatment claim","owner":"Controller + Revenue Accounting Lead","proofRoutes":["/public-market-readiness","/enterprise-business-ops"],"hardStops":["audited revenue claim","recognized revenue guidance","financial statement treatment claim"],"nextAction":"Contract terms that affect timing, deliverables, performance obligations, variable consideration, or refunds require accounting review."},{"id":"enterprise-margin-implementation-labor-and-scope-control","domain":"enterprise-operations","name":"Implementation labor and scope control","status":"active-control","sourceSurface":"Enterprise Business Operations","impact":"Unbounded implementation work can turn high-value pilots into services-heavy margin drains.","inefficiency":"Unbounded implementation work can turn high-value pilots into services-heavy margin drains.","currentControl":"Each implementation package needs capped hours, change-order triggers, named deliverables, and staffing assumptions.","resolutionPath":"uncapped implementation promise, unpriced integration work, live connector timeline guarantee","owner":"Implementation Lead + Finance","proofRoutes":["/product","/growth-engine","/interoperability"],"hardStops":["uncapped implementation promise","unpriced integration work","live connector timeline guarantee"],"nextAction":"Each implementation package needs capped hours, change-order triggers, named deliverables, and staffing assumptions."},{"id":"enterprise-margin-ai-and-cloud-unit-cost-routing","domain":"enterprise-operations","name":"AI and cloud unit-cost routing","status":"active-control","sourceSurface":"Enterprise Business Operations","impact":"Model routing, retries, large-context workflows, and proof-packet generation can silently compress margins.","inefficiency":"Model routing, retries, large-context workflows, and proof-packet generation can silently compress margins.","currentControl":"High-volume workflows must include model-route assumptions, usage guardrails, cached evidence reuse, and cost-per-workflow review.","resolutionPath":"unbounded model usage, free high-volume pilot, cost target represented as guarantee","owner":"Product Engineering + FP&A","proofRoutes":["/public-market-readiness","/service-reliability","/continuous-review-audit"],"hardStops":["unbounded model usage","free high-volume pilot","cost target represented as guarantee"],"nextAction":"High-volume workflows must include model-route assumptions, usage guardrails, cached evidence reuse, and cost-per-workflow review."},{"id":"enterprise-margin-support-tier-and-success-coverage","domain":"enterprise-operations","name":"Support tier and success coverage","status":"active-control","sourceSurface":"Enterprise Business Operations","impact":"Premium customer expectations can create unfunded white-glove support obligations.","inefficiency":"Premium customer expectations can create unfunded white-glove support obligations.","currentControl":"Support coverage, response windows, executive reporting, and escalation channels must map to paid tier and staffing model.","resolutionPath":"24/7 managed support claim, unpriced executive reporting, unapproved SLA commitment","owner":"Customer Success + Finance","proofRoutes":["/sales-operations","/trust-safety-operations","/service-reliability"],"hardStops":["24/7 managed support claim","unpriced executive reporting","unapproved SLA commitment"],"nextAction":"Support coverage, response windows, executive reporting, and escalation channels must map to paid tier and staffing model."},{"id":"enterprise-margin-billing-collections-and-cash-conversion","domain":"enterprise-operations","name":"Billing, collections, and cash conversion","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Weak payment terms, delayed invoicing, or uncollected receivables can make profitable contracts cash-negative.","inefficiency":"Weak payment terms, delayed invoicing, or uncollected receivables can make profitable contracts cash-negative.","currentControl":"Contract packet must include invoice schedule, payment term, late-payment path, purchase-order requirements, and collections owner.","resolutionPath":"start work without billing trigger, non-standard payment term, customer procurement blocker ignored","owner":"Billing/AR Owner + CFO","proofRoutes":["/enterprise-business-ops","/sales-operations"],"hardStops":["start work without billing trigger","non-standard payment term","customer procurement blocker ignored"],"nextAction":"Contract packet must include invoice schedule, payment term, late-payment path, purchase-order requirements, and collections owner."},{"id":"enterprise-margin-vendor-and-subprocessor-spend-approval","domain":"enterprise-operations","name":"Vendor and subprocessor spend approval","status":"external-review-required","sourceSurface":"Enterprise Business Operations","impact":"Enterprise buyer requirements can create unmanaged vendor, audit, storage, security, or regional hosting costs.","inefficiency":"Enterprise buyer requirements can create unmanaged vendor, audit, storage, security, or regional hosting costs.","currentControl":"New vendors, subprocessors, hosting regions, and evidence-vault costs require security, privacy, finance, and legal review.","resolutionPath":"new subprocessor commitment, unpriced dedicated environment, unsupported data-residency claim","owner":"Procurement + Security + Finance","proofRoutes":["/deployment-profiles","/trust-center","/enterprise-business-ops"],"hardStops":["new subprocessor commitment","unpriced dedicated environment","unsupported data-residency claim"],"nextAction":"New vendors, subprocessors, hosting regions, and evidence-vault costs require security, privacy, finance, and legal review."},{"id":"enterprise-margin-legal-template-and-indemnity-guardrails","domain":"enterprise-operations","name":"Legal template and indemnity guardrails","status":"external-review-required","sourceSurface":"Enterprise Business Operations","impact":"Uncapped liability, unsupported warranties, IP terms, or data obligations can overwhelm contract value.","inefficiency":"Uncapped liability, unsupported warranties, IP terms, or data obligations can overwhelm contract value.","currentControl":"Non-standard liability, warranty, indemnity, IP, privacy, regulated-use, and publicity terms require qualified counsel review.","resolutionPath":"uncapped liability, unsupported compliance warranty, customer-publicity claim","owner":"General Counsel / Outside Counsel","proofRoutes":["/approvals-readiness","/global-certification-readiness","/enterprise-business-ops"],"hardStops":["uncapped liability","unsupported compliance warranty","customer-publicity claim"],"nextAction":"Non-standard liability, warranty, indemnity, IP, privacy, regulated-use, and publicity terms require qualified counsel review."},{"id":"enterprise-margin-tax-nexus-and-transfer-pricing-triage","domain":"enterprise-operations","name":"Tax nexus and transfer pricing triage","status":"external-review-required","sourceSurface":"Enterprise Business Operations","impact":"Cross-border enterprise, reseller, affiliate, and sovereign deals can create tax exposure and profit allocation complexity.","inefficiency":"Cross-border enterprise, reseller, affiliate, and sovereign deals can create tax exposure and profit allocation complexity.","currentControl":"Global revenue structures require qualified tax review for nexus, withholding, VAT/GST, transfer pricing, and local filing implications.","resolutionPath":"tax advice claim, cross-border reseller margin, intercompany pricing commitment","owner":"Tax Advisor + CFO","proofRoutes":["/global-reach","/global-certification-readiness","/enterprise-business-ops"],"hardStops":["tax advice claim","cross-border reseller margin","intercompany pricing commitment"],"nextAction":"Global revenue structures require qualified tax review for nexus, withholding, VAT/GST, transfer pricing, and local filing implications."},{"id":"enterprise-margin-board-investor-and-fundraising-material-review","domain":"enterprise-operations","name":"Board, investor, and fundraising material review","status":"external-review-required","sourceSurface":"Enterprise Business Operations","impact":"Revenue, margin, customer, market, and valuation language can create securities, investor, or audit risk.","inefficiency":"Revenue, margin, customer, market, and valuation language can create securities, investor, or audit risk.","currentControl":"Investor materials must stay counsel-reviewed, source-backed, and clearly separated from audited financial reporting or securities offering claims.","resolutionPath":"securities offering material, valuation assurance, audited financial statement claim","owner":"Founder + CFO + Securities Counsel","proofRoutes":["/capital-vitality","/public-market-readiness","/enterprise-business-ops"],"hardStops":["securities offering material","valuation assurance","audited financial statement claim"],"nextAction":"Investor materials must stay counsel-reviewed, source-backed, and clearly separated from audited financial reporting or securities offering claims."},{"id":"enterprise-control-quote-to-contract-approval-packet","domain":"enterprise-operations","name":"Quote-to-contract approval packet","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Tie package, price, discount, SOW, payment terms, data boundary, implementation scope, and approvals together.","inefficiency":"Tie package, price, discount, SOW, payment terms, data boundary, implementation scope, and approvals together.","currentControl":"approved quote, SOW, discount approval, data-boundary memo, billing schedule","resolutionPath":"missing counsel review, missing finance approval, unapproved non-standard term","owner":"Deal Desk + CFO + Counsel","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["missing counsel review","missing finance approval","unapproved non-standard term"],"nextAction":"approved quote"},{"id":"enterprise-control-revenue-recognition-intake","domain":"enterprise-operations","name":"Revenue-recognition intake","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Route contract features that affect recognition or reporting to qualified accounting review.","inefficiency":"Route contract features that affect recognition or reporting to qualified accounting review.","currentControl":"contract checklist, deliverable map, payment terms, acceptance criteria, review signoff","resolutionPath":"audited revenue claim, accounting treatment represented without review, unclear performance obligation","owner":"Controller + Revenue Accounting Lead","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["audited revenue claim","accounting treatment represented without review","unclear performance obligation"],"nextAction":"contract checklist"},{"id":"enterprise-control-discount-and-concession-approval","domain":"enterprise-operations","name":"Discount and concession approval","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Prevent uncontrolled discounting, extended trials, free diligence work, and unfunded success coverage.","inefficiency":"Prevent uncontrolled discounting, extended trials, free diligence work, and unfunded success coverage.","currentControl":"list price, discount rationale, margin estimate, expiration, approval record","resolutionPath":"below-floor discount, unpriced custom work, open-ended concession","owner":"CFO + Founder","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["below-floor discount","unpriced custom work","open-ended concession"],"nextAction":"list price"},{"id":"enterprise-control-payment-and-collections-control","domain":"enterprise-operations","name":"Payment and collections control","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Keep profitable contracts from becoming cash-negative because billing triggers or collections paths are missing.","inefficiency":"Keep profitable contracts from becoming cash-negative because billing triggers or collections paths are missing.","currentControl":"invoice schedule, PO requirement, payment term, collections owner, exception log","resolutionPath":"work begins before billing trigger, missing invoice owner, unapproved payment term","owner":"Billing/AR Owner + CFO","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["work begins before billing trigger","missing invoice owner","unapproved payment term"],"nextAction":"invoice schedule"},{"id":"enterprise-control-vendor-and-subprocessor-spend-approval","domain":"enterprise-operations","name":"Vendor and subprocessor spend approval","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Prevent enterprise-specific vendor, storage, audit, hosting, and security obligations from eroding margin.","inefficiency":"Prevent enterprise-specific vendor, storage, audit, hosting, and security obligations from eroding margin.","currentControl":"vendor review, subprocessor review, spend approval, security review, data-boundary impact","resolutionPath":"new subprocessor without review, dedicated environment without pricing, unsupported data-residency commitment","owner":"Procurement + Security + Finance","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["new subprocessor without review","dedicated environment without pricing","unsupported data-residency commitment"],"nextAction":"vendor review"},{"id":"enterprise-control-customer-diligence-and-legal-artifact-workflow","domain":"enterprise-operations","name":"Customer diligence and legal artifact workflow","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Route security, procurement, legal, and compliance artifacts through metadata-only protected evidence paths.","inefficiency":"Route security, procurement, legal, and compliance artifacts through metadata-only protected evidence paths.","currentControl":"artifact owner, review status, expiration, release decision, recipient controls","resolutionPath":"sensitive artifact stored publicly, expired artifact represented as current, external sharing without release decision","owner":"Buyer Diligence + Legal Ops","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["sensitive artifact stored publicly","expired artifact represented as current","external sharing without release decision"],"nextAction":"artifact owner"},{"id":"enterprise-control-board-and-investor-material-review","domain":"enterprise-operations","name":"Board and investor material review","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Separate operating metrics from securities material, valuation assurance, audited financial reporting, and investment advice.","inefficiency":"Separate operating metrics from securities material, valuation assurance, audited financial reporting, and investment advice.","currentControl":"source-backed metric, boundary language, counsel review, version log, recipient context","resolutionPath":"securities claim without counsel, audited metric claim without audit, valuation assurance claim","owner":"Founder + CFO + Securities Counsel","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["securities claim without counsel","audited metric claim without audit","valuation assurance claim"],"nextAction":"source-backed metric"},{"id":"enterprise-control-audit-evidence-retention-and-legal-hold-routing","domain":"enterprise-operations","name":"Audit evidence retention and legal hold routing","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Preserve business decisions, approvals, evidence packets, and exceptions for qualified audit, legal, or diligence review.","inefficiency":"Preserve business decisions, approvals, evidence packets, and exceptions for qualified audit, legal, or diligence review.","currentControl":"approval trail, packet hash, retention label, legal-hold flag, owner attestation","resolutionPath":"delete relevant evidence under hold, untracked approval exception, missing packet owner","owner":"Controller + Legal Ops + TrustOps","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["delete relevant evidence under hold","untracked approval exception","missing packet owner"],"nextAction":"approval trail"},{"id":"enterprise-control-tax-nexus-and-transfer-pricing-triage","domain":"enterprise-operations","name":"Tax nexus and transfer pricing triage","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Make global revenue, reseller, affiliate, and sovereign motions visible to qualified tax advisors before commitments expand.","inefficiency":"Make global revenue, reseller, affiliate, and sovereign motions visible to qualified tax advisors before commitments expand.","currentControl":"jurisdiction checklist, buyer location, partner economics, VAT/GST flag, transfer-pricing review","resolutionPath":"tax advice without advisor, cross-border reseller commitment, intercompany price represented externally","owner":"Tax Advisor + CFO","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["tax advice without advisor","cross-border reseller commitment","intercompany price represented externally"],"nextAction":"jurisdiction checklist"},{"id":"enterprise-control-enterprise-claims-and-authority-guard","domain":"enterprise-operations","name":"Enterprise claims and authority guard","status":"operator-required","sourceSurface":"Enterprise Business Operations","impact":"Keep sales, investor, legal, accounting, tax, revenue, margin, certification, and customer-proof claims inside retained evidence.","inefficiency":"Keep sales, investor, legal, accounting, tax, revenue, margin, certification, and customer-proof claims inside retained evidence.","currentControl":"claim classification, source, owner, review status, blocked claim list","resolutionPath":"guaranteed profit margin, legal approval without counsel, audited financial statements claim","owner":"Claim Guard + Legal + Finance","proofRoutes":["/enterprise-business-ops","/api/enterprise-business-ops","/api/enterprise-business-ops/brief"],"hardStops":["guaranteed profit margin","legal approval without counsel","audited financial statements claim"],"nextAction":"claim classification"},{"id":"continuous-control-no-autonomous-production-remediation","domain":"continuous-review","name":"No autonomous production remediation","status":"operator-required","sourceSurface":"Continuous Review and Audit","impact":"Prevent agents from silently changing production behavior or regulated workflows.","inefficiency":"production change without reviewer, clinical workflow mutation, credential rotation without owner","currentControl":"owner approval, diff, validation result, rollback note","resolutionPath":"production change without reviewer, clinical workflow mutation, credential rotation without owner","owner":"Release Steward + Security","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief"],"hardStops":["production change without reviewer","clinical workflow mutation","credential rotation without owner"],"nextAction":"owner approval"},{"id":"continuous-control-no-phi-review-queue","domain":"continuous-review","name":"No-PHI review queue","status":"active-control","sourceSurface":"Continuous Review and Audit","impact":"Keep review and audit evidence metadata-only until PHI authority exists.","inefficiency":"patient identifier, clinical record, payer member identifier, artifact URL","currentControl":"PHI hard-stop result, safe metadata template, protected route status","resolutionPath":"patient identifier, clinical record, payer member identifier, artifact URL","owner":"Privacy + TrustOps","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief"],"hardStops":["patient identifier","clinical record","payer member identifier","artifact URL"],"nextAction":"PHI hard-stop result"},{"id":"continuous-control-boundary-header-enforcement","domain":"continuous-review","name":"Boundary header enforcement","status":"active-control","sourceSurface":"Continuous Review and Audit","impact":"Ensure buyer-critical APIs carry no-authority, no-PHI, no-certification, and no-live-care headers.","inefficiency":"missing data boundary, missing PHI block, missing security certification block","currentControl":"smoke assertion, API route, header list","resolutionPath":"missing data boundary, missing PHI block, missing security certification block","owner":"QA Regression Agent","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief"],"hardStops":["missing data boundary","missing PHI block","missing security certification block"],"nextAction":"smoke assertion"},{"id":"continuous-control-evidence-source-aging","domain":"continuous-review","name":"Evidence source aging","status":"active-control","sourceSurface":"Continuous Review and Audit","impact":"Refresh official-source review dates and route stale source-sensitive claims for human review.","inefficiency":"stale legal/regulatory source, unsupported market claim, missing source owner","currentControl":"source URL, reviewedAt, owner, refresh decision","resolutionPath":"stale legal/regulatory source, unsupported market claim, missing source owner","owner":"Evidence Attribution Agent","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief"],"hardStops":["stale legal/regulatory source","unsupported market claim","missing source owner"],"nextAction":"source URL"},{"id":"continuous-control-post-incident-learning","domain":"continuous-review","name":"Post-incident learning","status":"operator-required","sourceSurface":"Continuous Review and Audit","impact":"Require every meaningful incident, near miss, or repeated defect to create a prevention action.","inefficiency":"incident closed without review, legal hold ignored, customer-impacting issue unowned","currentControl":"root cause, owner, prevention task, validation route","resolutionPath":"incident closed without review, legal hold ignored, customer-impacting issue unowned","owner":"Incident Learning Agent","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief"],"hardStops":["incident closed without review","legal hold ignored","customer-impacting issue unowned"],"nextAction":"root cause"},{"id":"continuous-control-internal-research-claim-guard","domain":"continuous-review","name":"Internal research claim guard","status":"blocked-by-design","sourceSurface":"Continuous Review and Audit","impact":"Keep quantum, frontier AI, privacy-preserving compute, and future infrastructure work internal until approved.","inefficiency":"public quantum advantage claim, future product guarantee, clinical superiority claim","currentControl":"research brief, visibility flag, blocked claims, promotion gate","resolutionPath":"public quantum advantage claim, future product guarantee, clinical superiority claim","owner":"Innovation Scout Agent + Claims reviewer","proofRoutes":["/continuous-review-audit","/api/continuous-review-audit","/api/continuous-review-audit/brief"],"hardStops":["public quantum advantage claim","future product guarantee","clinical superiority claim"],"nextAction":"research brief"},{"id":"health-records-live-phi-and-patient-identifiers","domain":"health-records-safety","name":"Live PHI and patient identifiers","status":"external-review-required","sourceSurface":"Health Records Safety Exchange","impact":"Privacy breach, contractual breach, regulatory exposure, and loss of buyer trust.","inefficiency":"Privacy breach, contractual breach, regulatory exposure, and loss of buyer trust.","currentControl":"Public and synthetic routes reject PHI and live records; extraction evaluator requires syntheticOnly=true.","resolutionPath":"Use synthetic fixtures, metadata-only references, and customer sandbox placeholders.","owner":"Privacy, security, legal, customer compliance, and data governance","proofRoutes":["/health-records","/clinical-care-activation","/approvals-readiness"],"hardStops":["Signed BAA/DPA or non-PHI determination, privacy/security review, retention policy, and customer approval.","live PHI ingestion requested","production connector requested","patient matching requested","EHR writeback or payer submission requested","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use synthetic fixtures, metadata-only references, and customer sandbox placeholders."},{"id":"health-records-production-ehr-hie-payer-imaging-and-device-connectors","domain":"health-records-safety","name":"Production EHR, HIE, payer, imaging, and device connectors","status":"external-review-required","sourceSurface":"Health Records Safety Exchange","impact":"Unsafe data exchange, silent record mutation, trading-partner breach, and patient-safety exposure.","inefficiency":"Unsafe data exchange, silent record mutation, trading-partner breach, and patient-safety exposure.","currentControl":"Connector work remains standards-aware and synthetic until partner acceptance testing exists.","resolutionPath":"Run conformance kits, fixture validation, CapabilityStatement review, and sandbox mapping packets.","owner":"Interoperability engineering, customer integration owner, security, and clinical governance","proofRoutes":["/interoperability","/interoperability/evaluations","/health-records"],"hardStops":["Customer sandbox approval, partner acceptance, security review, purpose-of-use, consent, audit, monitoring, and rollback.","live PHI ingestion requested","production connector requested","patient matching requested","EHR writeback or payer submission requested","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Run conformance kits, fixture validation, CapabilityStatement review, and sandbox mapping packets."},{"id":"health-records-patient-safety-and-clinical-action","domain":"health-records-safety","name":"Patient safety and clinical action","status":"external-review-required","sourceSurface":"Health Records Safety Exchange","impact":"Incorrect patient context, unsafe care recommendation, missed escalation, or unauthorized clinical decision support.","inefficiency":"Incorrect patient context, unsafe care recommendation, missed escalation, or unauthorized clinical decision support.","currentControl":"Outputs are draft-only, source-attributed, reviewer-gated, and blocked from clinical action.","resolutionPath":"Produce reviewer checklists, missing-data registers, and escalation queues instead of recommendations.","owner":"Clinical governance, TrustOS, product, and customer clinical owner","proofRoutes":["/clinical-authority-readiness","/clinical-care-activation","/health-records"],"hardStops":["Licensed clinical governance, intended-use review, validation protocol, safety case, and customer go-live approval.","live PHI ingestion requested","production connector requested","patient matching requested","EHR writeback or payer submission requested","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Produce reviewer checklists, missing-data registers, and escalation queues instead of recommendations."},{"id":"health-records-patient-matching-and-longitudinal-record-assembly","domain":"health-records-safety","name":"Patient matching and longitudinal record assembly","status":"external-review-required","sourceSurface":"Health Records Safety Exchange","impact":"Wrong-patient record merge, duplicate facts, incomplete histories, and unsafe downstream automation.","inefficiency":"Wrong-patient record merge, duplicate facts, incomplete histories, and unsafe downstream automation.","currentControl":"SCRIMED does not match live patients or merge production longitudinal records.","resolutionPath":"Use synthetic identity placeholders and route matching to customer MPI or identity-governance owners.","owner":"Customer identity governance, interoperability engineering, and clinical safety","proofRoutes":["/health-records","/interoperability","/workflows/runtime-safety"],"hardStops":["Customer MPI acceptance tests, identity policy, consent path, error reconciliation, audit, and clinical owner approval.","live PHI ingestion requested","production connector requested","patient matching requested","EHR writeback or payer submission requested","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Use synthetic identity placeholders and route matching to customer MPI or identity-governance owners."},{"id":"health-records-payer-submission-and-reimbursement-outcomes","domain":"health-records-safety","name":"Payer submission and reimbursement outcomes","status":"external-review-required","sourceSurface":"Health Records Safety Exchange","impact":"Improper payer transaction, false reimbursement expectation, and regulatory or contract exposure.","inefficiency":"Improper payer transaction, false reimbursement expectation, and regulatory or contract exposure.","currentControl":"SCRIMED creates synthetic prior-auth support packets and missing-evidence lists only.","resolutionPath":"Route payer work to human RCM review and customer payer-policy owners.","owner":"RCM owner, legal, customer sponsor, and payer integration owner","proofRoutes":["/health-records","/growth-engine","/enterprise-business-ops"],"hardStops":["Payer/trading-partner approval, X12/FHIR API testing, coding review, legal review, and customer release authority.","live PHI ingestion requested","production connector requested","patient matching requested","EHR writeback or payer submission requested","PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied"],"nextAction":"Route payer work to human RCM review and customer payer-policy owners."},{"id":"boundary-central-register","domain":"boundary-control","name":"Central limitation register coverage","status":"active-control","sourceSurface":"Boundary Resolution Register","impact":"Known limitations stay visible across clinical, certification, continuous review, enterprise, commercial, and release systems.","inefficiency":"High-value limits become slower to manage when they are scattered across docs, APIs, and route copy.","currentControl":"120 boundary records across 14 categories.","resolutionPath":"Require every new buyer, investor, operational, approval, certification, or clinical claim to land in a boundary record before external use.","owner":"Claims governance + domain owner","proofRoutes":["/boundary-resolution","/api/boundary-resolution","/api/boundary-resolution/brief"],"hardStops":["Do not enter PHI, payer member data, production credentials, source contracts, medical records, or patient identifiers into current public or synthetic pilot workflows.","Use Health Records Safety Exchange for no-PHI extraction planning, patient-safety lint, source attribution, and live-data workaround routing before any record workflow expands.","Use Product and Services Portfolio before pricing, pilots, diligence, implementation, or enterprise-license work expands so every opportunity has one package, one offer, one proof route, one margin control, and one retained boundary.","Use Client Onboarding and Communications before buyer meetings, demo follow-up, pilot workshops, decks, emails, and calendar-ready agendas leave SCRIMED; humans must approve sends and events.","Use Enterprise Scalability Operations before enterprise traffic, tenant scale, support tiers, SLO/SLA language, regional hosting, disaster recovery, or cost commitments expand.","Use Platform Power Operations before API, UI, AI, model-routing, agent-tool, evidence-retrieval, accessibility, or trillion-scale positioning claims expand.","Use Limitations and Workaround Operations when an issue is blocked so every safe alternative has a packet, owner, proof route, escalation trigger, expiration rule, and graduation gate.","Do not claim live clinical authority, legal approval, reimbursement certainty, security certification, regional regulatory approval, or production go-live before signed external evidence exists.","Do not claim HIPAA, SOC 2, HITRUST, ISO, FDA, ONC, EU AI Act, GDPR, NHS, MHRA, Essential Eight, or other certification/approval status before the qualified external authority exists.","Do not position 24/7 review agents as managed SOC/MDR coverage, autonomous remediation, error-free AI review, clinical validation, or public quantum capability.","Do not present revenue, ROI, profit margin, valuation, fundraising, legal, accounting, or tax conclusions without qualified review and retained release authority.","Use protected AAL2 workspaces and no-secret evidence packets for operator proof.","Use synthetic fixtures, metadata-only references, and external evidence-room references while sensitive artifacts remain outside SCRIMED.","Escalate high-risk clinical, legal, privacy, security, payer, public-claims, or production connector requests to the retained owner instead of improvising."],"nextAction":"Turn the register into a release preflight: require every buyer, investor, regional, certification, 24/7 review, innovation, API, UI, AI, model-route, agent-tool, legal/finance, workaround, and clinical claim to resolve to an approved route, explicit boundary, owner, prohibited-claim list, safe packet, and retained evidence gate before external use."}],"discrepancyFaultTriageQueue":[{"id":"route-api-smoke-drift","severity":"critical","signal":"A public page, API route, Product Console count, docs entry, or smoke assertion no longer agrees with the source route inventory.","discrepancy":"Navigation, Product Console, API response, README, docs, and smoke can drift when a new route or control is added in only one surface.","immediateContainment":"Freeze external release language for the affected surface and run route inventory, typecheck, build, and public smoke before promotion.","rootCauseProbe":"Compare Navigation Audit page/API counts, Product Console proof stack, route handlers, docs, and smoke expectations for the missing route or count.","permanentControl":"Every buyer-critical route must update navigation, Product Console, route/API brief, docs, and smoke in the same release.","owner":"Release Steward + Product Console + Navigation Audit","proofRoutes":["/navigation","/product","/release-continuity","/operational-efficiency"],"promotionTrigger":"Any page/API count mismatch, missing smoke coverage, or Product Console count regression.","retainedBoundary":"Route alignment is release evidence only; it does not approve protected execution, PHI, connectors, or clinical use."},{"id":"protected-auth-status-mismatch","severity":"critical","signal":"Protected API returns an unexpected status, exposes data without AAL2, or fails differently between local and branded production.","discrepancy":"Local sandbox, production auth, and protected workspace behavior can differ, especially around 401 versus 503 fail-closed responses.","immediateContainment":"Treat the protected path as unavailable for external proof until fail-closed behavior, AAL2 requirement, and no-secret boundaries are verified.","rootCauseProbe":"Check auth guard, workspace slug, token path, environment variables, protected route handler, and smoke fail-closed expectation.","permanentControl":"Keep protected route smoke tolerant only of approved fail-closed statuses while requiring authenticated happy-path evidence from a human AAL2 session.","owner":"TrustOS + Security + Release Steward","proofRoutes":["/pilot-workspace/access","/qa-buyer-proof-release","/release-continuity","/service-reliability"],"promotionTrigger":"Any protected route returns 200 without approved auth or changes fail-closed status without documented reason.","retainedBoundary":"Fail-closed verification does not bypass AAL2, create customer permission, or authorize buyer proof release."},{"id":"claims-boundary-drift","severity":"critical","signal":"Public, buyer, investor, demo, or API copy implies certification, PHI authority, ROI, live clinical use, uptime, or autonomous remediation.","discrepancy":"Growth copy can outpace retained evidence when marketing, sales, investor, and product surfaces are edited independently.","immediateContainment":"Route the claim through Claim Guard and Boundary Resolution, replace the language with current-state proof, and block release until reviewed.","rootCauseProbe":"Search changed copy for prohibited claims and compare against hard stops in Company Assessment, Clinical Production Readiness, and Boundary Resolution.","permanentControl":"Every strategic copy change must include approved no-authority language and a proof route before it is exposed to buyers or investors.","owner":"Claim Guard + Legal Ops + Product Marketing","proofRoutes":["/qa-claim-guard","/boundary-resolution","/company-assessment","/clinical-production-readiness"],"promotionTrigger":"Any unsupported legal, financial, clinical, security, PHI, connector, SLA, revenue, or certification claim.","retainedBoundary":"Claim triage is not legal advice, certification, security assurance, audited financial reporting, or clinical validation."},{"id":"buyer-handoff-stall","severity":"high","signal":"A demo, pilot, assessment, diligence request, meeting follow-up, or proposal lacks owner, next action, package, or response SLA.","discrepancy":"Client onboarding, service delivery, pricing, sales operations, and enterprise deal desk can diverge if buyer motion is not forced into one package path.","immediateContainment":"Assign the buyer stage, package, owner, follow-up SLA, no-PHI intake route, and deal-desk review before any new commitment is made.","rootCauseProbe":"Check Client Onboarding stage, Service Delivery work order, Offering package, Pricing path, and Enterprise Business Ops review status.","permanentControl":"Every buyer handoff must resolve to one of: no-PHI assessment, synthetic pilot, protected enterprise pilot, diligence package, license, or retainer.","owner":"Revenue Operations + Customer Operations + Deal Desk","proofRoutes":["/client-onboarding","/service-delivery","/offerings","/enterprise-business-ops"],"promotionTrigger":"Any buyer record stays ownerless, unpriced, unscoped, or without next action after the review window.","retainedBoundary":"Buyer handoff control does not send email, create invites, approve contracts, or guarantee revenue."},{"id":"scale-support-overcommit","severity":"high","signal":"Buyer or investor language implies production SLA, managed service, uptime, global region support, tenant capacity, or incident response readiness.","discrepancy":"Enterprise scalability, service reliability, platform power, finance, and legal review can move at different speeds during expansion conversations.","immediateContainment":"Replace commitment language with readiness language and route the request through scale, support, cost, legal, and deal-desk owners.","rootCauseProbe":"Review capacity assumption, support tier, SLO/SLA boundary, incident/change path, regional gate, cost guardrail, and contract authority.","permanentControl":"No scale or support promise leaves SCRIMED without tenant owner, queue/backpressure model, incident path, support tier, cost guardrail, and no-SLA boundary.","owner":"Enterprise Scalability + Service Reliability + Finance + Legal Ops","proofRoutes":["/enterprise-scalability","/service-reliability","/platform-power","/enterprise-business-ops"],"promotionTrigger":"Any unsupported SLA, uptime, managed service, region, production support, or capacity claim appears in external language.","retainedBoundary":"Scale triage is not contractual SLA approval, uptime guarantee, managed-service commitment, hosting approval, or profit assurance."},{"id":"interoperability-live-data-slip","severity":"critical","signal":"Health-record, EHR, HIE, payer, imaging, device, patient matching, or writeback requests move beyond no-PHI sandbox planning.","discrepancy":"Interoperability readiness can be mistaken for production connector authority if live data, credentials, or patient-impacting steps are requested.","immediateContainment":"Reject live PHI, credentials, endpoints, patient matching, payer submission, and writeback until customer authority and qualified review exist.","rootCauseProbe":"Classify the data type, standard, source system, patient-safety impact, connector authority, PHI scope, and customer approval evidence.","permanentControl":"Every integration conversation must start with no-PHI fixtures, standards map, source attribution, patient-safety lint, and live-data gate list.","owner":"Interoperability + Health Records Safety + Privacy + Clinical Governance","proofRoutes":["/health-records","/interoperability","/clinical-authority-readiness","/clinical-production-readiness"],"promotionTrigger":"Any live data, credential, writeback, payer submission, patient matching, or production connector request.","retainedBoundary":"Interoperability triage is not PHI authority, connector approval, payer submission approval, EHR mutation approval, or live care."},{"id":"agent-autonomy-overreach","severity":"high","signal":"Agent, model-route, review-loop, or innovation language implies autonomous production action, live clinical judgment, public quantum capability, or unmanaged remediation.","discrepancy":"Internal innovation and continuous review can be misread as public autonomous capability when controls are not explicit.","immediateContainment":"Keep the pathway internal or human-gated, block public quantum/autonomous claims, and require evaluation plus owner approval before promotion.","rootCauseProbe":"Inspect model route, tool access, allowed data, blocked data, eval pack, human approval trigger, cost owner, and public language.","permanentControl":"Every agent or model path must carry allowed data, blocked data, evaluation evidence, human approval trigger, and no-autonomous-authority boundary.","owner":"AI Platform + TrustOS + Internal Research Team","proofRoutes":["/platform-power","/continuous-review-audit","/agents","/evaluation"],"promotionTrigger":"Any agent or model path requests protected action, production remediation, live clinical judgment, or public quantum claim.","retainedBoundary":"Agent triage is not live autonomous AI approval, production model routing, clinical authorization, or public quantum capability."},{"id":"finance-margin-leak","severity":"high","signal":"Custom scope, free diligence labor, discounting, payment terms, investor language, tax language, or revenue-recognition questions bypass deal desk.","discrepancy":"Sales urgency can create margin leakage when finance, legal, accounting, tax, and delivery controls are not pulled into the same decision.","immediateContainment":"Pause proposal release, assign package and scope, run price-floor and margin review, and route finance/legal/tax/accounting exceptions.","rootCauseProbe":"Review package, price floor, discount, work order, acceptance criteria, billing trigger, payment terms, tax implications, and blocked claims.","permanentControl":"Every enterprise proposal must include margin model, billing readiness, contract authority, tax/accounting triage, and blocked-claim review.","owner":"Finance + Deal Desk + Legal Ops + Revenue Operations","proofRoutes":["/enterprise-business-ops","/capital-vitality","/service-delivery","/growth-engine"],"promotionTrigger":"Any unpriced custom work, margin exception, financial claim, investor claim, or unreviewed payment term.","retainedBoundary":"Finance triage is not accounting advice, tax advice, audited financial reporting, securities material, valuation assurance, or revenue guarantee."}],"sprints":[{"lane":"Release and route preflight","owner":"Release Steward + Product Console","objective":"Prevent route drift, missing smoke coverage, stale boundary headers, and untracked protected gates before deployment.","sequence":["Update route inventory and smoke-covered HTML routes","Run typecheck, lint, build, and public smoke","Verify boundary headers on buyer-critical APIs","Retain Vercel deploy and custom-domain smoke evidence"],"proofRoutes":["/navigation","/release-continuity","/service-reliability","/operational-efficiency"],"expectedGain":"Fewer release regressions and faster go/no-go decisions.","boundary":"Preflight evidence does not approve protected happy-path execution or bypass AAL2."},{"lane":"Commercial throughput","owner":"Founder + Revenue Operations","objective":"Shorten the path from qualified buyer interest to scoped, priced, and governed next action.","sequence":["Attach each buyer to one package, one offer, one proof route, one margin control, and one disqualifier check","Route non-standard terms through deal desk","Price diligence and implementation work explicitly","Keep ROI, reimbursement, and revenue claims behind reviewed evidence"],"proofRoutes":["/offerings","/growth-engine","/enterprise-business-ops","/pilot-deal-room","/operational-efficiency"],"expectedGain":"Less custom-sales drag, clearer price floors, and fewer margin leaks.","boundary":"Commercial acceleration is not a revenue guarantee, ROI guarantee, or customer permission."},{"lane":"Client onboarding and communication cadence","owner":"Revenue Operations + Sales Engineering + Customer Operations","objective":"Turn buyer interest into governed discovery, demo, pilot, diligence, kickoff, and renewal communication without losing owners or crossing authority boundaries.","sequence":["Classify the buyer stage and selected package","Use a human-reviewed email or calendar-ready packet","Assign meeting owner, follow-up SLA, and handoff owner","Route PHI, security, contract, procurement, legal, finance, or clinical requests to the proper boundary owner"],"proofRoutes":["/client-onboarding","/offerings","/sales-operations","/operational-efficiency"],"expectedGain":"Faster first response, tighter demo follow-up, cleaner pilot scoping, and fewer informal commitments.","boundary":"Onboarding acceleration does not send messages, create invites, approve contracts, process PHI, or authorize clinical use."},{"lane":"Enterprise scalability and support readiness","owner":"Platform + service reliability + customer operations","objective":"Prevent enterprise traffic, tenant growth, support expectations, SLO/SLA language, regional hosting, incident response, and usage costs from outpacing evidence.","sequence":["Attach capacity forecast, route class, queue/backpressure controls, and rollback path","Review tenant owner, access cadence, AAL2 path, support tier, and escalation matrix","Keep SLO language internal until contract and staffing review approve exact commitments","Route regional hosting, residency, DR, and cost thresholds to qualified owners"],"proofRoutes":["/enterprise-scalability","/service-reliability","/client-onboarding","/enterprise-business-ops","/operational-efficiency"],"expectedGain":"Fewer unsupported scale promises, cleaner support economics, and faster enterprise readiness review.","boundary":"Scale readiness is not a contractual SLA, managed service commitment, production hosting approval, PHI authority, or profit guarantee."},{"lane":"API, UI, and AI platform power","owner":"Platform engineering + Product Console + AI platform + TrustOS","objective":"Raise SCRIMED's platform power through contract-backed APIs, operator-grade UI, model-route readiness, agent approval workflows, eval loops, evidence retrieval, and cost telemetry.","sequence":["Promote buyer-critical APIs into an owner, schema, version, auth, boundary, and smoke contract register","Make platform-power routes visible in primary nav, hub, product console, role journeys, and limitation controls","Attach every model or agent path to allowed data, blocked data, eval pack, human approval trigger, and cost owner","Route public API SLA, live AI, PHI, accessibility, security, and trillion-scale claims through Boundary Resolution"],"proofRoutes":["/platform-power","/navigation","/product","/agents","/trust-os","/operational-efficiency"],"expectedGain":"Sharper enterprise technical diligence, less UI friction, clearer AI authority, and stronger cost discipline.","boundary":"Platform power is not public API SLA approval, live autonomous AI authority, production model routing, PHI processing, accessibility certification, security certification, or trillion-scale equivalence."},{"lane":"Limitations workaround containment","owner":"Boundary owner + Operational Efficiency + Product Console","objective":"Turn blocked requests, boundaries, issues, and repeated bottlenecks into safe packets, escalation owners, proof routes, expiration rules, and graduation gates.","sequence":["Classify issue by category, severity, state, owner, and proof route","Select the reusable workaround packet or create a new one with hard stops","Attach escalation trigger, expiry rule, and graduation gate","Promote repeated workarounds into smoke, navigation, boundary, platform, reliability, or service controls"],"proofRoutes":["/limitations-workarounds","/boundary-resolution","/operational-efficiency","/platform-power"],"expectedGain":"Less stalled work, fewer informal exceptions, and clearer safe paths when authority is missing.","boundary":"Workaround containment does not authorize PHI, live care, legal/finance advice, certification, public SLA, autonomous remediation, live AI, or buyer release."},{"lane":"Continuous defect-to-control loop","owner":"QA Regression Agent + TrustOps","objective":"Turn repeated mistakes, buyer questions, incidents, and source drift into deterministic controls.","sequence":["Classify the defect or near miss","Attach owner, route, and hard stop","Add or update smoke coverage where deterministic","Promote recurring patterns into the boundary or reliability register"],"proofRoutes":["/continuous-review-audit","/qa-evidence","/trust-safety-operations","/operational-efficiency"],"expectedGain":"Fewer repeated defects and clearer accountability for each new risk.","boundary":"Agent-assisted review may route and recommend; humans retain remediation and approval authority."},{"lane":"Health-record extraction and safety","owner":"Interoperability + TrustOS + clinical governance","objective":"Turn buyer health-record, EHR, HIE, payer, imaging, and document requests into no-PHI extraction plans with safety checks and retained live-data gates.","sequence":["Classify source format and standard bindings","Reject PHI, identifiers, production credentials, live endpoints, and record mutation requests","Run synthetic extraction planning and patient-safety lint","Route sandbox, PHI, connector, clinical, payer, and writeback gates to named owners"],"proofRoutes":["/health-records","/interoperability","/clinical-care-activation","/operational-efficiency"],"expectedGain":"Faster integration scoping with fewer unsafe data asks and clearer customer sandbox workarounds.","boundary":"Health-record extraction planning does not authorize PHI, live connectors, patient matching, payer submission, EHR writeback, or clinical action."},{"lane":"Enterprise margin and control discipline","owner":"Finance + Legal Ops + Deal Desk","objective":"Stop margin leakage, unfunded diligence labor, weak payment terms, and unsupported business claims before proposals leave SCRIMED.","sequence":["Run price-floor and margin review","Confirm scope, SOW, billing trigger, and payment terms","Route accounting, tax, securities, and counsel exceptions","Retain approval evidence and blocked-claim language"],"proofRoutes":["/enterprise-business-ops","/capital-vitality","/public-market-readiness","/operational-efficiency"],"expectedGain":"Better cash discipline and fewer unpriced enterprise commitments.","boundary":"Business controls are not legal, accounting, tax, audit, or securities advice."}],"metrics":[{"metric":"Open bottleneck pressure","currentSignal":"106 open or retained-gate records in the efficiency register.","targetSignal":"Open records have owner, proof route, next action, and hard stop before external use.","evidenceRoute":"/api/operational-efficiency","boundary":"A lower count is operational posture, not approval or certification."},{"metric":"Proof-route density","currentSignal":"87 unique proof routes are attached to gap records.","targetSignal":"Every high-impact gap resolves to a live route, API, or protected evidence path.","evidenceRoute":"/navigation","boundary":"Proof routes organize evidence; they do not create protected execution proof by themselves."},{"metric":"Hard-stop visibility","currentSignal":"316 unique hard stops are surfaced from source systems.","targetSignal":"Each hard stop has a named owner and escalation path before release or buyer use.","evidenceRoute":"/boundary-resolution","boundary":"Hard-stop visibility does not waive external review."},{"metric":"Sprint execution readiness","currentSignal":"9 cross-functional efficiency sprints are ready for operator sequencing.","targetSignal":"Each sprint produces retained evidence, not informal process memory.","evidenceRoute":"/operational-efficiency","boundary":"Sprint plans do not authorize autonomous production changes."}],"proofRoutes":["/product","/api/product/console","/api/release-continuity","/qa-evidence","/pilot-workspace/access","/buyer-release-control-run","/api/pilot-workspaces/{workspaceSlug}/buyer-release-control-run","/qa-aal2-run-evidence","/api/qa-evidence/aal2-smoke-readiness","/api/qa-evidence/aal2-smoke-readiness/brief","/qa-run-control","/qa-launch-kit","/qa-human-run-packet","/approvals-readiness","/boundary-resolution","/qa-claim-guard","/navigation","/api/navigation-audit","/api/navigation-audit/brief","/hub","/release-continuity","/api/release-continuity/brief","/clinical-authority-readiness","/qa-manual-execution-console","/pilot-workspace/access#buyer-release-control-verifier","/pilot-deal-room","/pricing","/demos","/pilots","/sales-operations","/agents","/workflows","/workflows/contracts","/workflows/runtime-safety","/workflows/execution-audit","/evaluation","/interoperability","/interoperability/evaluations","/integrations","/synthetic/validation","/trust-safety-operations","/trust-center","/claims","/public-market-readiness","/global-reach","/deployment-profiles","/market-activation","/operations","/clinical-care-activation","/pilot","/offerings","/enterprise-business-ops","/growth-engine","/health-records","/service-reliability","/operational-efficiency","/global-certification-readiness","/continuous-review-audit","/client-onboarding","/api/client-onboarding","/api/client-onboarding/brief","/sales-attribution","/qa-buyer-proof-release","/enterprise-scalability","/api/enterprise-scalability","/api/enterprise-scalability/brief","/workflows/execution-attempts","/qa-completion-bridge","/capital-vitality","/platform-power","/api/platform-power","/api/platform-power/brief","/trust-os","/atlas","/limitations-workarounds","/api/limitations-workarounds","/api/limitations-workarounds/brief","/integrations/fixture-validation","/pilot-evidence","/api/growth-engine","/api/growth-engine/brief","/api/enterprise-business-ops","/api/enterprise-business-ops/brief","/api/continuous-review-audit","/api/continuous-review-audit/brief","/api/boundary-resolution","/api/boundary-resolution/brief"],"hardStops":["PHI or patient identifier introduced","live clinical care authority implied","AAL2 bypass attempted","certification or approval claimed without external evidence","revenue, ROI, or profit guarantee represented","live autonomous AI authority implied","public API SLA implied","route missing from inventory","buyer-critical route absent from smoke","missing owner","missing proof route","claim expanded before retained boundary","fault repeated without control","fail-closed behavior missing","custom SOW before package selected","unpriced implementation work","unsupported success fee","PHI requested","production connector requested","BAA/security scope missing","custom packet work without paid scope","external sharing before release decision","recipient controls missing","services bundled into license","support tier undefined","implementation acceptance criteria missing","ROI guarantee","reimbursement guarantee","customer claim without permission","certification claim without authority","uncapped high-volume usage","model-cost spike","usage threshold missing","cross-border margin-sharing commitment","regional tax review missing","partner delivery owner missing","autonomous remediation promised","managed SOC/MDR claim","implementation work hidden in retainer","automatic send attempted","unsupported claim present","recipient list unknown","PHI in message","production credentials in invite","live record attached","sensitive artifacts in event body","attendees not approved","approval claim in title","certification claim","ROI or revenue guarantee","contact source missing","owner missing","sensitive notes copied into CRM","no owner for open item","follow-up without boundary review","unreviewed custom scope","commitment made before handoff","price or scope not reviewed","production gate omitted","PHI in notes","contract conclusion in notes","security-sensitive artifact copied","PHI in intake","no contact consent","no owner assigned","demo requires live patient data","unsupported customer reference requested","no follow-up owner","price commitment without deal desk","PHI-dependent scope","unreviewed SOW language","certification self-claim","contract approval implied","BAA or PHI approval represented","scope not approved","access gate skipped","sensitive data requested before approval","customer value claim without permission","production expansion without approvals","traffic volume unknown","route owner missing","fallback behavior missing","contractual uptime implied","unbounded retry","duplicate evidence risk","autonomous remediation implied","PHI introduced","production credential shared","customer tenancy approved informally","SLA promised","uptime guaranteed","support response guaranteed","contract language unreviewed","managed SOC claimed","MDR claimed","customer incident notice sent without review","release gate skipped","rollback path missing","buyer-critical route untested","unpriced custom work","unbounded support","profit margin guaranteed","accounting advice implied","data residency approved","sovereign hosting approved","regional legal approval claimed","24/7 support guaranteed","response SLA promised","managed service implied","PHI retained","confidential artifact stored","signed agreement stored without approval","data retention approved informally","contractual SLA implied","production support guaranteed","route lacks owner","schema missing","boundary headers missing","breaking change unannounced","migration path missing","customer-specific approval missing","production credential requested","tenant owner missing","retry ceiling absent","dead-letter owner missing","unlimited usage promised","abuse path missing","support coverage implied","route orphaned","buyer-critical task hidden","limitation path missing","text overlap","mobile route unusable","accessibility certification claimed","unreviewed external demo","PHI routed to model","provider approval missing","production model approval implied","cost owner missing","tool execution without approval","clinical action requested","contract or payment action requested","production remediation requested","error-free AI claimed","clinical validation claimed","unsafe output untriaged","public quantum claim made","source missing","PHI included","clinical validation implied","EHR writeback requested","profit guarantee claimed","SLA implied","support commitment unfunded","live autonomous AI implied","production model routing implied","accessibility certification implied","trillion-dollar-scale equivalence claimed","PHI processing authorized","live patient data connected","patient matching approved","live clinical care authorized","clinical decision support cleared","autonomous diagnosis or treatment permitted","production connector approved","EHR writeback approved","payer submission approved","public API SLA approved","unlimited API scale approved","contractual uptime guaranteed","live autonomous AI approved","production model routing approved","agent actions fully autonomous","security certified","SOC 2 certified","HITRUST certified","EU AI Act conformant","GDPR approved","government endorsed","legal advice provided","revenue guaranteed","email sent autonomously","calendar invite created autonomously","buyer commitment approved","protected happy path completed without AAL2","buyer release approved","bearer token retained as evidence","accessibility certified","WCAG conformance approved","VPAT completed","public quantum capability available","quantum clinical advantage","future infrastructure superiority proven","patient identifier introduced","live chart requested","source artifact pasted","artifact uploaded","secret included","contract pasted","medical record pasted","autonomous send requested","calendar invite creation requested","contract promise included","token retained","protected route publicly exposed","buyer release claimed early","production connector promised","PHI payload accepted","legal advice implied","profit guaranteed","contract approved without reviewer","country launch claimed","government endorsement implied","data residency approved early","regional clinical approval claimed","unsupported revenue claim","buyer proof without protected release","discount below floor","free paid-diligence package","unapproved multi-year concession","audited revenue claim","recognized revenue guidance","financial statement treatment claim","uncapped implementation promise","unpriced integration work","live connector timeline guarantee","unbounded model usage","free high-volume pilot","cost target represented as guarantee","24/7 managed support claim","unpriced executive reporting","unapproved SLA commitment","start work without billing trigger","non-standard payment term","customer procurement blocker ignored","new subprocessor commitment","unpriced dedicated environment","unsupported data-residency claim","uncapped liability","unsupported compliance warranty","customer-publicity claim","tax advice claim","cross-border reseller margin","intercompany pricing commitment","securities offering material","valuation assurance","audited financial statement claim","missing counsel review","missing finance approval","unapproved non-standard term","accounting treatment represented without review","unclear performance obligation","below-floor discount","open-ended concession","work begins before billing trigger","missing invoice owner","unapproved payment term","new subprocessor without review","dedicated environment without pricing","unsupported data-residency commitment","sensitive artifact stored publicly","expired artifact represented as current","external sharing without release decision","securities claim without counsel","audited metric claim without audit","valuation assurance claim","delete relevant evidence under hold","untracked approval exception","missing packet owner","tax advice without advisor","cross-border reseller commitment","intercompany price represented externally","guaranteed profit margin","legal approval without counsel","audited financial statements claim","production change without reviewer","clinical workflow mutation","credential rotation without owner","patient identifier","clinical record","payer member identifier","artifact URL","missing data boundary","missing PHI block","missing security certification block","stale legal/regulatory source","unsupported market claim","missing source owner","incident closed without review","legal hold ignored","customer-impacting issue unowned","public quantum advantage claim","future product guarantee","clinical superiority claim","Signed BAA/DPA or non-PHI determination, privacy/security review, retention policy, and customer approval.","live PHI ingestion requested","patient matching requested","EHR writeback or payer submission requested","Customer sandbox approval, partner acceptance, security review, purpose-of-use, consent, audit, monitoring, and rollback.","Licensed clinical governance, intended-use review, validation protocol, safety case, and customer go-live approval.","Customer MPI acceptance tests, identity policy, consent path, error reconciliation, audit, and clinical owner approval.","Payer/trading-partner approval, X12/FHIR API testing, coding review, legal review, and customer release authority.","Do not enter PHI, payer member data, production credentials, source contracts, medical records, or patient identifiers into current public or synthetic pilot workflows.","Use Health Records Safety Exchange for no-PHI extraction planning, patient-safety lint, source attribution, and live-data workaround routing before any record workflow expands.","Use Product and Services Portfolio before pricing, pilots, diligence, implementation, or enterprise-license work expands so every opportunity has one package, one offer, one proof route, one margin control, and one retained boundary.","Use Client Onboarding and Communications before buyer meetings, demo follow-up, pilot workshops, decks, emails, and calendar-ready agendas leave SCRIMED; humans must approve sends and events.","Use Enterprise Scalability Operations before enterprise traffic, tenant scale, support tiers, SLO/SLA language, regional hosting, disaster recovery, or cost commitments expand.","Use Platform Power Operations before API, UI, AI, model-routing, agent-tool, evidence-retrieval, accessibility, or trillion-scale positioning claims expand.","Use Limitations and Workaround Operations when an issue is blocked so every safe alternative has a packet, owner, proof route, escalation trigger, expiration rule, and graduation gate.","Do not claim live clinical authority, legal approval, reimbursement certainty, security certification, regional regulatory approval, or production go-live before signed external evidence exists.","Do not claim HIPAA, SOC 2, HITRUST, ISO, FDA, ONC, EU AI Act, GDPR, NHS, MHRA, Essential Eight, or other certification/approval status before the qualified external authority exists.","Do not position 24/7 review agents as managed SOC/MDR coverage, autonomous remediation, error-free AI review, clinical validation, or public quantum capability.","Do not present revenue, ROI, profit margin, valuation, fundraising, legal, accounting, or tax conclusions without qualified review and retained release authority.","Use protected AAL2 workspaces and no-secret evidence packets for operator proof.","Use synthetic fixtures, metadata-only references, and external evidence-room references while sensitive artifacts remain outside SCRIMED.","Escalate high-risk clinical, legal, privacy, security, payer, public-claims, or production connector requests to the retained owner instead of improvising."],"owners":["Founder + Release Steward","Release Steward","Approved tenant-admin or pilot-lead operator","Release Steward + Approved AAL2 Operator","Security + Operator","Founder + Legal/Security/Regulatory reviewers","Executive Operating Council + Product Console + TrustOS","Clinical production readiness owner + qualified external reviewers","Revenue Operations + Product Console + Deal Desk","Delivery Lead + Product Console + Revenue Operations","Product Console + Release Steward","Release Steward + Platform Engineering","Founder + qualified external reviewers","Founder + qualified counsel + finance reviewers","Founder + Product Console + Sales Operations","Founder + qualified counsel + finance/accounting/tax reviewers","Platform + service reliability + customer operations + legal ops","Platform engineering + Product Console + TrustOS + security + finance","Boundary owner + Operational Efficiency + Product Console","TrustOS + Platform Engineering + Release Steward","Release Steward + Domain/DNS administrator","Buyer Diligence + Release Steward + qualified reviewers","Sales operations + Buyer Diligence","AgentOS + Workflow Runtime","Interoperability Control Plane + Validation Trust Lab","Trust Safety Ops + Legal + Security + Claims Governance","Founder + Finance + Global Partnerships + qualified regional reviewers","Release Steward + domain owner","Revenue operations + Product Console","Finance + Legal Ops + Privacy","Buyer Diligence + Sales Operations","Finance + Product + Implementation","Claims governance + Counsel + Finance","Product Engineering + Finance","Strategic Partnerships + Finance + Tax + Regional Counsel","TrustOps + Product + Revenue Operations","Revenue Operations","Privacy + TrustOS","Revenue Operations + Security","Claims Governance + Legal Ops","Sales Operations","Revenue Operations + Customer Operations","Deal Desk + Product + TrustOS","Customer Operations","Sales Engineering + Product Console","TrustOps + Legal Ops + Finance","Customer Operations + Delivery + TrustOS","Revenue Operations + Finance + Product","Platform engineering + release steward","Runtime safety + platform","Security + tenant governance","Legal ops + service reliability","TrustOps + customer operations","Release steward + platform","Finance + product operations","Regional counsel + security + platform","Customer operations + legal ops","Privacy, security, customer authority owners, and platform","Product operations + platform + legal ops","Service reliability + legal ops + customer operations","Customer operations + deal desk + finance","Global partnerships + regional counsel + security","Runtime safety + QA + platform","Finance + product operations + deal desk","Platform engineering + product","Developer experience + release stewardship","Runtime safety + QA","Platform + service reliability + security","Product Console + customer operations","Frontend + QA + accessibility reviewer","AI platform + TrustOS + security + finance","AgentOS + TrustOS + QA","Continuous review, QA, TrustOps, and internal research","Atlas + source intelligence + interoperability","Service reliability + finance + platform operations","Platform engineering + developer experience","Frontend + accessibility reviewer + legal ops","Platform + legal ops + customer operations","AgentOS + QA + platform engineering","Atlas + interoperability + privacy + clinical governance","Founder + product + legal + finance + platform","Privacy, security, clinical governance, customer authority owner, and TrustOS","Clinical governance, qualified clinicians, legal, privacy, and release stewardship","Interoperability, platform engineering, privacy, security, clinical governance, and customer integration owner","Platform engineering, legal ops, service reliability, customer operations, and finance","AI platform, AgentOS, TrustOS, QA, security, finance, and clinical governance","Security, privacy, legal, trust operations, customer authority owner, and qualified external reviewers","Regional counsel, privacy, security, clinical governance, global partnerships, and customer procurement owner","Founder, deal desk, legal, finance, accounting, tax, revenue operations, and qualified reviewers","Revenue operations, sales engineering, customer operations, legal ops, finance, and product owner","Release engineering, TrustOS, tenant governance, approved operator, and buyer diligence","Frontend, Product Console, QA, accessibility reviewer, customer operations, and sales engineering","Internal Research Team, TrustOS, AI platform, security, legal, finance, and founder","TrustOS + product owner","Customer authority owner + trust operations","Revenue operations + sales engineering","Approved operator + release stewardship","AI platform + TrustOS + finance","Deal desk + legal + finance","Global partnerships + regional counsel","Founder + sales operations","Release steward + buyer diligence","Founder + finance reviewers","Founder + qualified counsel","Founder + CFO/FP&A + Deal Desk","Controller + Revenue Accounting Lead","Implementation Lead + Finance","Product Engineering + FP&A","Customer Success + Finance","Billing/AR Owner + CFO","Procurement + Security + Finance","General Counsel / Outside Counsel","Tax Advisor + CFO","Founder + CFO + Securities Counsel","Deal Desk + CFO + Counsel","CFO + Founder","Buyer Diligence + Legal Ops","Controller + Legal Ops + TrustOps","Claim Guard + Legal + Finance","Release Steward + Security","Privacy + TrustOps","QA Regression Agent","Evidence Attribution Agent","Incident Learning Agent","Innovation Scout Agent + Claims reviewer","Privacy, security, legal, customer compliance, and data governance","Interoperability engineering, customer integration owner, security, and clinical governance","Clinical governance, TrustOS, product, and customer clinical owner","Customer identity governance, interoperability engineering, and clinical safety","RCM owner, legal, customer sponsor, and payer integration owner","Claims governance + domain owner"],"nextBuildStep":"Run discrepancy and fault triage first for any conflicting signal, then run the efficiency sprints in sequence: release and route preflight, commercial throughput, client onboarding and communication cadence, enterprise scalability and support readiness, API/UI/AI platform power, limitations workaround containment, continuous defect-to-control, health-record extraction and safety, and enterprise margin discipline; promote any repeated gap into smoke, boundary, portfolio, onboarding, workaround, platform-power, scale, or reliability controls before claims expand.","updated":"2026-06-27"}