{"service":"scrimed-protected-pilot-workspaces","status":"protected-pilot-infrastructure-verified","route":"/pilot-workspace","boundary":"Protected pilot workspaces retain governed synthetic evaluation evidence only. They do not accept live PHI, execute clinical care, submit payer transactions, contact patients, or authorize autonomous diagnosis or treatment.","infrastructure":{"identity":{"provider":"Supabase Auth","configured":true,"control":"Server-side bearer-token verification uses the provider user record; user-editable metadata is never used for authorization."},"durableStore":{"provider":"Supabase Postgres","configured":true,"control":"Synthetic sessions and audit events persist in tenant-scoped tables; no service-role key is used by runtime APIs."},"tenantIsolation":{"provider":"Postgres row-level security","configured":true,"control":"Every workspace, session, and audit query is constrained by authenticated membership policies."},"rateLimit":{"provider":"Upstash Redis","configured":true,"fallback":"A bounded in-process limiter is retained for temporary distributed-provider outages."},"protectedMutationsEnabled":true},"roles":[{"role":"tenant-admin","permissions":["Review tenant identity configuration","View all tenant pilot workspaces","Create and transition persistent agent work orders","Record TrustOps incident evidence","Commit TrustOS decisions","Record governed reviewer dispositions","Record no-PHI clinical activation readiness attestations","Record no-PHI Public Market Readiness operator metrics","Download proof and governance packets"],"restrictions":["Cannot enable live clinical execution","Cannot alter append-only audit events","Cannot create legal, breach, or compliance certification determinations"]},{"role":"pilot-lead","permissions":["Run synthetic evaluations","Create and transition persistent agent work orders","Record TrustOps incident evidence","Commit TrustOS decisions","Record governed reviewer dispositions","Record no-PHI clinical activation readiness attestations","Record no-PHI Public Market Readiness operator metrics","View workspace sessions","Download proof and governance packets"],"restrictions":["Cannot manage tenant identity","Cannot alter append-only audit events","Cannot create legal, breach, or compliance certification determinations"]},{"role":"reviewer","permissions":["View workspace sessions","Review Trust Cards, work orders, and TrustOps incidents","Record governed reviewer dispositions and outcome signals","Record no-PHI clinical activation readiness attestations","Record no-PHI Public Market Readiness operator metrics","Download proof and governance packets"],"restrictions":["Cannot create sessions or new work orders","Cannot manage tenant identity","Cannot mutate TrustOps incident records"]},{"role":"observer","permissions":["View approved workspace evidence"],"restrictions":["Cannot create sessions","Cannot download restricted evidence","Cannot manage identity"]}],"apiContracts":[{"method":"GET","route":"/api/pilot-workspaces","access":"Bearer token + tenant membership","purpose":"List only the pilot workspaces visible to the authenticated tenant member."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/sessions","access":"Bearer token + workspace membership","purpose":"List durable synthetic demo sessions through tenant-isolated row-level security."},{"method":"POST","route":"/api/pilot-workspaces/{workspaceSlug}/sessions","access":"AAL2 bearer token + authorized role + server-held runtime authorization + rate limit","purpose":"Run and durably retain a governed synthetic AgentOS evaluation with an append-only audit event."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/audit","access":"Bearer token + workspace membership","purpose":"Inspect the tenant-isolated append-only audit trail for workspace evidence activity."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/demo-readiness","access":"GET: AAL2 bearer token + workspace membership. POST: AAL2 bearer token + tenant-admin or pilot-lead role + server-held runtime authorization + rate limit","purpose":"Inspect or persist buyer-demo readiness snapshots from durable synthetic sessions, audit events, proof-packet evidence, and tenant-session verification."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/demo-readiness/{snapshotId}/packet","access":"AAL2 bearer token + authorized tenant role + server-held runtime authorization + rate limit + append-only packet-download audit","purpose":"Download an audited Markdown Demo Readiness Packet for a retained synthetic buyer-demo readiness snapshot."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/buyer-room","access":"AAL2 bearer token + workspace membership","purpose":"Inspect a tenant-scoped Buyer Pilot Room that bundles synthetic evidence counts, readiness state, competitive edge, premium commercial path, known limitations, and workarounds."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/command-intelligence","access":"GET: AAL2 bearer token + workspace membership + rate limit. POST: AAL2 bearer token + tenant-admin or pilot-lead role + fixed human-review attestation + server-held runtime authorization + rate limit","purpose":"Inspect the protected SCRIMED Command Intelligence Hub or persist an AAL2 human-reviewed command snapshot that unifies Agent Commander posture, buyer-room readiness, Trust Engine outputs, continuous evaluation gates, MCP/tool-access plans, observability, safe-mode boundaries, limitations, and next actions."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/command-intelligence/{snapshotId}/packet","access":"AAL2 bearer token + authorized tenant role + server-held runtime authorization + rate limit + append-only packet-download audit","purpose":"Download an audited Markdown Command Intelligence Packet for a retained synthetic command-posture snapshot."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/buyer-room/packet","access":"AAL2 bearer token + authorized tenant role + server-held runtime authorization + rate limit + append-only packet-download audit","purpose":"Download an audited Markdown Buyer Diligence Export that bundles readiness, QA evidence, pricing posture, competitive edge, legal/privacy/security/safety boundaries, and production hard gates."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets","access":"GET: AAL2 bearer token + workspace membership. POST: AAL2 bearer token + tenant-admin or pilot-lead role + server-held runtime authorization + rate limit","purpose":"Inspect or persist no-secret manual Sales Demo Session QA evidence packets so human-run AAL2 proof appears in tenant-scoped Buyer Pilot Room diligence."},{"method":"GET / PATCH","route":"/api/pilot-workspaces/{workspaceSlug}/tenant-access","access":"AAL2 bearer token + tenant-admin role + server-held runtime authorization + rate limit","purpose":"Inspect memberships, record governed invitations, activate existing auth users, offboard/reactivate access, attest access reviews, maintain SSO-readiness metadata, and prepare audited manual delivery without email delivery or user creation."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/tenant-access/invitations/{invitationId}/onboarding-packet","access":"AAL2 bearer token + tenant-admin role + server-held runtime authorization + rate limit","purpose":"Download an audited protected-pilot onboarding packet for manual external delivery while SMTP send remains gated."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/tenant-access/activation-proof-packet","access":"AAL2 bearer token + tenant-admin role + server-held runtime authorization + rate limit","purpose":"Download an audited activation proof packet summarizing protected-pilot invitations, onboarding packets, delivery readiness, membership state, identity posture, and lifecycle evidence."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/activation-governance","access":"GET: bearer token + workspace membership. POST: AAL2 bearer token + authorized tenant role + server-held runtime authorization + rate limit","purpose":"Inspect or record the selected governance workflow pack as the first activation ledger seed for retention, legal-review, incident-export, and proof controls."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/sessions/{sessionId}/proof-packet","access":"AAL2 bearer token + authorized tenant role + server-held runtime authorization + rate limit","purpose":"Download a buyer-ready Markdown proof packet generated from tenant-isolated session evidence."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/enterprise-proof-packet","access":"AAL2 bearer token + tenant-admin or pilot-lead role + server-held runtime authorization + rate limit + append-only packet-download audit","purpose":"Download an aggregate Markdown enterprise proof packet spanning sessions, audit events, TrustOS decisions, Agent Workspace work orders, TrustOps incidents, tenant access posture, and governance ledger evidence."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/clinical-activation-approvals","access":"GET: AAL2 bearer token + workspace membership + rate limit. POST: AAL2 bearer token + tenant-admin, pilot-lead, or reviewer role + fixed no-PHI attestation + server-held runtime authorization + rate limit","purpose":"Inspect or append no-PHI clinical activation readiness attestations for regulatory, clinical governance, privacy/security, interoperability, legal/commercial, and go-live domains while live care remains blocked."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/operator-metrics","access":"GET: AAL2 bearer token + workspace membership + rate limit. POST: AAL2 bearer token + tenant-admin, pilot-lead, or reviewer role + fixed no-PHI finance-readiness attestation + rate limit","purpose":"Inspect or append tenant-scoped no-PHI Public Market Readiness operator metrics for model cost, review time, delivery hours, proof-packet count, workflow volume, and unit-economics discipline without storing audited financials, securities material, PHI, patient identifiers, payer member data, source contracts, secrets, or clinical validation."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/metric-rollups","access":"GET: AAL2 bearer token + workspace membership + rate limit. POST: AAL2 bearer token + tenant-admin, pilot-lead, or reviewer role + fixed finance-reviewed no-PHI rollup attestation + rate limit","purpose":"Inspect or create protected no-PHI metric rollup snapshots that aggregate operator metrics into internal board operating evidence without becoming audited financial reporting, securities offering material, valuation assurance, clinical validation, reimbursement assurance, or live care authority."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/metric-rollups/{snapshotId}/packet","access":"AAL2 bearer token + authorized tenant role + rate limit + append-only packet-download audit","purpose":"Download an audited internal board metric packet from a persisted no-PHI rollup snapshot after committing the packet release event."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/metric-trends","access":"GET: AAL2 bearer token + workspace membership + rate limit. POST: AAL2 bearer token + tenant-admin, pilot-lead, or reviewer role + fixed finance-reviewed no-PHI trend attestation + rate limit","purpose":"Inspect or create protected no-PHI metric trend reviews that compare rollup snapshots for monthly variance review, reach expansion planning, competitive advantage tracking, and agent improvement loops without becoming audited financial reporting, securities offering material, clinical validation, reimbursement assurance, or live care authority."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/metric-trends/{reviewId}/packet","access":"AAL2 bearer token + authorized tenant role + rate limit + append-only packet-download audit","purpose":"Download an audited internal board trend packet from a persisted no-PHI trend review after committing the packet release event."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/board-scorecards","access":"GET: AAL2 bearer token + workspace membership + rate limit. POST: AAL2 bearer token + tenant-admin, pilot-lead, or reviewer role + fixed finance-methodology-pending no-PHI scorecard attestation + rate limit","purpose":"Inspect or create protected no-PHI rolling-quarter board scorecards that convert trend reviews into finance-allocation readiness, buyer-segment cohort signals, competitive advantage tracking, and agent improvement priorities without becoming audited financial reporting, securities offering material, valuation assurance, clinical validation, reimbursement assurance, or live care authority."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/board-scorecards/{scorecardId}/packet","access":"AAL2 bearer token + authorized tenant role + rate limit + append-only packet-download audit","purpose":"Download an audited internal board scorecard packet from a persisted no-PHI scorecard after committing the packet release event."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/finance-methodology","access":"GET: AAL2 bearer token + workspace membership + rate limit. POST: AAL2 bearer token + tenant-admin, pilot-lead, or reviewer role + fixed no-PHI finance external-use attestation + rate limit","purpose":"Inspect or record protected no-PHI finance methodology and external-use gate attestations for cost allocation, counsel review, executive release, privacy/security, clinical-governance boundary, marketing claims, and buyer permission without becoming audited financial reporting, securities offering material, advertising substantiation, reimbursement assurance, clinical validation, or live care authority."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/finance-methodology/packet","access":"AAL2 bearer token + authorized tenant role + rate limit + append-only packet-download audit","purpose":"Download an audited protected finance methodology gate packet after committing the packet release event while retaining all external-use approval blockers."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/external-approval-evidence","access":"GET: AAL2 bearer token + workspace membership + rate limit. POST: AAL2 bearer token + tenant-admin, pilot-lead, or reviewer role + fixed no-PHI external approval evidence metadata attestation + rate limit","purpose":"Inspect or record bounded no-PHI metadata references to externally retained approval artifacts for finance, counsel, executive, privacy/security, clinical-governance, marketing-claims, and buyer-permission review without storing sensitive documents or creating legal, finance, security, clinical, customer, advertising, reimbursement, compliance, production, or release authority."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/external-approval-evidence/packet","access":"AAL2 bearer token + authorized tenant role + rate limit + append-only packet-download audit","purpose":"Download an audited protected external approval evidence linkage packet after committing the packet release event while retaining no-PHI metadata-only storage and all qualified external release blockers."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/release-decisions","access":"GET: AAL2 bearer token + workspace membership + rate limit. POST: AAL2 bearer token + tenant-admin, pilot-lead, or reviewer role + fixed no-PHI claim registry attestation + rate limit","purpose":"Inspect or record bounded no-PHI versioned claim registry release decisions that require external approval evidence references before a claim can become ready for qualified release review. This does not approve public distribution, legal claims, advertising substantiation, securities claims, customer references, clinical validation, production authorization, or live clinical execution."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/release-decisions/packet","access":"AAL2 bearer token + authorized tenant role + rate limit + append-only packet-download audit","purpose":"Download an audited protected release decision claim registry packet after committing the packet release event while retaining all public-release, legal, finance, advertising, customer, compliance, production, and clinical execution blockers."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/reviewer-signoffs","access":"GET: AAL2 bearer token + workspace membership + rate limit. POST: AAL2 bearer token + tenant-admin, pilot-lead, or reviewer role + fixed no-PHI named reviewer sign-off metadata attestation + rate limit","purpose":"Inspect or record bounded no-PHI metadata references to externally retained named reviewer sign-offs for finance, counsel, executive, privacy/security, clinical-governance, marketing-claims, and buyer-permission roles. This can prepare controlled distribution review, but does not create public-release, legal, finance, advertising, customer, compliance, production, or clinical execution authority."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/reviewer-signoffs/packet","access":"AAL2 bearer token + authorized tenant role + rate limit + append-only packet-download audit","purpose":"Download an audited protected named reviewer sign-off packet after committing the packet release event while retaining metadata-only storage and all public-release, external distribution, legal, finance, customer, compliance, production, and clinical execution blockers."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/distribution-lockbox","access":"GET: AAL2 bearer token + workspace membership + rate limit. POST: AAL2 bearer token + tenant-admin, pilot-lead, or reviewer role + fixed no-PHI disabled distribution lockbox attestation + rate limit","purpose":"Inspect or record bounded no-PHI disabled-by-default distribution lockbox metadata linked to externally retained named reviewer sign-offs, customer permission references, counsel review references, and artifact manifest locators. This does not enable public release, external distribution, legal claims, advertising substantiation, customer proof, compliance certification, production authorization, or clinical execution."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/distribution-lockbox/packet","access":"AAL2 bearer token + authorized tenant role + rate limit + append-only packet-download audit","purpose":"Download an audited protected distribution lockbox packet after committing the packet release event while preserving disabled distribution, metadata-only storage, and all public-release, external distribution, legal, finance, customer, compliance, production, and clinical execution blockers."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/release-authority-attestations","access":"GET: AAL2 bearer token + workspace membership + rate limit. POST: AAL2 bearer token + tenant-admin, pilot-lead, or reviewer role + fixed no-PHI release authority metadata attestation + rate limit","purpose":"Inspect or record bounded no-PHI metadata references to externally retained release authority across counsel, customer permission, executive, privacy/security, finance, clinical governance, and marketing claims owners. This does not enable public release, external distribution, legal approval, finance reporting, customer proof, advertising substantiation, compliance certification, production authorization, or clinical execution."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/release-authority-attestations/packet","access":"AAL2 bearer token + authorized tenant role + rate limit + append-only packet-download audit","purpose":"Download an audited protected release authority attestation packet after committing the packet release event while preserving release-disabled posture, metadata-only storage, and all public-release, external distribution, legal, finance, customer, compliance, production, reimbursement, and clinical execution blockers."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-recipient-attestations","access":"GET: AAL2 bearer token + workspace membership + rate limit. POST: AAL2 bearer token + tenant-admin, pilot-lead, or reviewer role + fixed no-PHI recipient attestation metadata + rate limit","purpose":"Inspect or record bounded no-PHI metadata for intended evidence-room recipient segments, access windows, packet references, and revocation posture linked to completed release authority attestations. This does not store exact recipient lists, emails, access grants, legal approvals, customer permission artifacts, public release approval, external distribution approval, compliance certification, production authorization, or clinical execution authority."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-recipient-attestations/packet","access":"AAL2 bearer token + authorized tenant role + rate limit + append-only packet-download audit","purpose":"Download an audited protected evidence-room recipient attestation packet after committing the packet release event while preserving export-disabled posture, recipient-metadata-only storage, and all public-release, external distribution, legal, finance, customer, compliance, production, reimbursement, and clinical execution blockers."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-access-log-reconciliation","access":"GET: AAL2 bearer token + workspace membership + rate limit. POST: AAL2 bearer token + tenant-admin, pilot-lead, or reviewer role + fixed no-PHI access-log reconciliation metadata + rate limit","purpose":"Inspect or record bounded no-PHI metadata for externally retained evidence-room access-log references, reconciliation windows, event-count summaries, anomaly posture, and revocation review linked to completed recipient attestations. This does not store raw logs, recipient identifiers, IP addresses, device identifiers, access grants, legal approvals, customer permission artifacts, public release approval, external distribution approval, compliance certification, production authorization, or clinical execution authority."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-access-log-reconciliation/packet","access":"AAL2 bearer token + authorized tenant role + rate limit + append-only packet-download audit","purpose":"Download an audited protected evidence-room access-log reconciliation packet after committing the packet release event while preserving export-disabled posture, access-log-metadata-only storage, and all public-release, external distribution, legal, finance, customer, compliance, production, reimbursement, and clinical execution blockers."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-provider-adapters","access":"GET: AAL2 bearer token + workspace membership + rate limit. POST: AAL2 bearer token + tenant-admin, pilot-lead, or reviewer role + fixed no-PHI provider adapter contract metadata + rate limit","purpose":"Inspect or record bounded no-PHI metadata for externally retained evidence-room provider contracts, adapter design references, and audit-log import stubs linked to completed access-log reconciliation. This does not store provider credentials, URLs, access tokens, raw logs, recipient identifiers, signed legal artifacts, customer permission artifacts, public release approval, external distribution approval, live integration approval, compliance certification, production authorization, or clinical execution authority."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/evidence-room-provider-adapters/packet","access":"AAL2 bearer token + authorized tenant role + rate limit + append-only packet-download audit","purpose":"Download an audited protected evidence-room provider adapter packet after committing the packet release event while preserving integration-disabled posture, provider-adapter-metadata-only storage, and all public-release, external distribution, legal, finance, customer, compliance, production, reimbursement, live integration, and clinical execution blockers."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/clinical-activation-approvals/packet","access":"AAL2 bearer token + authorized tenant role + server-held runtime authorization + rate limit + append-only packet-download audit","purpose":"Download an audited Markdown Clinical Activation Approval Workflow packet summarizing signed no-PHI readiness attestations, retained blockers, safe workarounds, and unavailable sections."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/clinical-authority-evidence-room","access":"AAL2 bearer token + workspace membership + rate limit","purpose":"Inspect a protected no-PHI Clinical Authority Evidence Room that unifies live-care, PHI, legal, regional, reimbursement, security, connector, and production authority gates from existing protected workspace evidence without granting approval."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/clinical-authority-evidence-room/packet","access":"AAL2 bearer token + authorized tenant role + rate limit + append-only packet-download audit","purpose":"Download an audited Markdown Clinical Authority Evidence Room packet with reviewer owners, evidence links, expiration posture, retained gates, audit history, and explicit no-PHI/no-live-care authority boundaries."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/clinical-authority-owner-matrix","access":"AAL2 bearer token + workspace membership + rate limit","purpose":"Inspect a protected no-PHI Clinical Authority Owner Matrix that maps every live-care, PHI, legal, regional, reimbursement, security, connector, and production hard gate to customer, SCRIMED, and qualified external approver roles without granting authority."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/clinical-authority-owner-matrix/packet","access":"AAL2 bearer token + authorized tenant role + rate limit + append-only packet-download audit","purpose":"Download an audited Markdown Clinical Authority Owner Matrix packet with required approver roles, metadata-only owner labels, retained gates, external artifact policies, and no-PHI/no-live-care authority boundaries."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/clinical-authority-artifact-intake","access":"AAL2 bearer token + workspace membership + rate limit","purpose":"Inspect a protected no-PHI Clinical Authority Artifact Intake Checklist that maps owner assignments to required external systems of record, qualified reviewer roles, validation timestamps, expiration cadences, prohibited content, and acceptance criteria without storing artifacts or granting authority."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/clinical-authority-artifact-intake/packet","access":"AAL2 bearer token + authorized tenant role + rate limit + append-only packet-download audit","purpose":"Download an audited Markdown Clinical Authority Artifact Intake Checklist packet with external artifact reference requirements, metadata-only system-of-record policies, prohibited-content rules, retained gates, and no-PHI/no-live-care authority boundaries."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/authority-artifact-references","access":"GET: AAL2 bearer token + workspace membership + rate limit. POST: AAL2 bearer token + authorized tenant role + guarded RPC + rate limit","purpose":"Inspect or record protected metadata-only external authority artifact references with reviewer labels, validation timestamps, expiration dates, renewal alerts, and status flags without storing artifacts, PHI, URLs, credentials, signed approvals, or granting authority."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/authority-artifact-references/packet","access":"AAL2 bearer token + authorized tenant role + rate limit + append-only packet-download audit","purpose":"Download an audited Markdown Authority Artifact Reference packet with no-PHI metadata status, renewal queue, retained blockers, storage restrictions, and explicit no-live-care/no-production authority boundaries."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/trust-safety-incidents","access":"GET: AAL2 bearer token + workspace membership. POST: AAL2 bearer token + tenant-admin or pilot-lead role + server-held runtime authorization + rate limit","purpose":"Inspect or create tenant-scoped TrustOps incident evidence for synthetic-pilot and enterprise-readiness review."},{"method":"GET / PATCH","route":"/api/pilot-workspaces/{workspaceSlug}/trust-safety-incidents/{incidentId}","access":"GET: AAL2 bearer token + workspace membership. PATCH: AAL2 bearer token + tenant-admin or pilot-lead role + server-held runtime authorization + rate limit","purpose":"Inspect or update TrustOps incident status, legal-hold posture, notification review posture, containment, remediation, and post-incident review evidence."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/trust-safety-incidents/{incidentId}/review-packet","access":"AAL2 bearer token + authorized tenant role + server-held runtime authorization + append-only packet-download audit","purpose":"Download an audited TrustOps review packet after recording the packet release event."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/trustos-decisions","access":"AAL2 bearer token + authorized tenant role + server-held runtime authorization for writes + rate limit","purpose":"Inspect or commit metadata-only TrustOS decisions to the tenant-isolated append-only governance ledger."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/trustos-decisions/{decisionId}/reviews","access":"AAL2 bearer token + authorized tenant role + server-held runtime authorization for writes + rate limit","purpose":"Inspect or commit human reviewer dispositions, overrides, and controlled workflow outcome signals."},{"method":"GET","route":"/api/pilot-workspaces/{workspaceSlug}/trustos-decisions/{decisionId}/governance-packet","access":"AAL2 bearer token + authorized tenant role + server-held runtime authorization + rate limit","purpose":"Download an audited governance packet containing decision, control, trace, evidence, and human-review proof."},{"method":"GET / POST","route":"/api/agent-workspaces/{workspaceSlug}/work-orders","access":"GET: bearer token + tenant membership. POST: AAL2 bearer token + authorized tenant role + rate limit","purpose":"List, filter, summarize, or create persistent Agent Workspace work orders backed by tenant-scoped RLS tables and append-only events."},{"method":"GET / PATCH","route":"/api/agent-workspaces/{workspaceSlug}/work-orders/{workOrderId}","access":"GET: bearer token + tenant membership. PATCH: AAL2 bearer token + authorized tenant role + rate limit","purpose":"Inspect, transition, retry, review, block, or close a persistent Agent Workspace work order."},{"method":"GET","route":"/api/agent-workspaces/{workspaceSlug}/work-orders/{workOrderId}/proof-packet","access":"AAL2 bearer token + authorized tenant role + rate limit + append-only download audit","purpose":"Download an audited Markdown proof packet for a tenant-isolated synthetic Agent Workspace work order."}],"activationGates":["Keep direct invitation send disabled until custom SMTP, legal copy, abuse controls, and delivery monitoring are approved.","Extend the active passkey or magic-link sign-in, TOTP MFA, and session-lifetime policy into enforced enterprise SSO and multi-tenant identity operations.","Complete legal, privacy, security, retention, incident response, and BAA review before any PHI-enabled scope.","Keep live clinical execution denied until separate production promotion approval."],"activationWorkflow":[{"step":"Record activation governance pack","owner":"Tenant-admin","proof":"Selected governance workflow pack is committed to the append-only Agent Workspace governance ledger with retention horizon, approvals, release gates, and blocked claims.","boundary":"Metadata-only activation seed; no PHI, no live connector execution, and no compliance certification claim."},{"step":"Create controlled invitation record","owner":"Tenant-admin","proof":"Metadata-only invitation with proposed role, expiration, and governance note.","boundary":"No user creation, no PHI, and no email send."},{"step":"Download audited onboarding packet","owner":"Tenant-admin","proof":"Markdown onboarding packet with recipient, role, workspace, access route, and delivery evidence.","boundary":"Packet supports manual enterprise delivery only."},{"step":"Prepare external delivery","owner":"Tenant-admin","proof":"Lifecycle event records delivery preparation, delivery note, attempt count, and direct-send status.","boundary":"SMTP direct send remains gated until custom sender controls are approved."},{"step":"Activate enrolled user","owner":"Tenant-admin + Identity provider","proof":"Activation succeeds only after the invited email has completed SCRIMED pilot authentication enrollment.","boundary":"No activation for unknown identities and no bypass of AAL2 governance."},{"step":"Download activation proof packet","owner":"Tenant-admin","proof":"Audited packet summarizes invitations, onboarding packets, delivery readiness, memberships, reviews, and lifecycle evidence.","boundary":"Diligence artifact only; no production clinical or payer authorization."}],"previewWorkspace":{"id":"preview-workspace-atlas","tenantId":"preview-tenant","tenantName":"Synthetic Enterprise Preview","slug":"atlas-synthetic-evaluation","name":"Atlas Governed Workflow Evaluation","status":"synthetic-pilot","boundary":"Protected pilot workspaces retain governed synthetic evaluation evidence only. They do not accept live PHI, execute clinical care, submit payer transactions, contact patients, or authorize autonomous diagnosis or treatment.","createdAt":"2026-06-10T12:00:00.000Z"},"capabilities":["Tenant-authenticated workspace discovery","Tenant-isolated durable synthetic evaluation sessions","Append-only audit events","Human-review and Trust Card evidence","Downloadable single-session enterprise proof packets","Tenant-admin aggregate enterprise proof packet spanning sessions, work orders, incidents, access controls, and audit evidence","AAL2-protected append-only TrustOS Decision Ledger","Governed reviewer dispositions, overrides, and outcome-learning signals","Downloadable audited TrustOS governance packets","AAL2-protected tenant membership visibility and audited role administration","Governed invitation records with existing-auth-user activation","Audited tenant-admin onboarding packet downloads for manual pilot delivery","AAL2-protected activation governance pack seed with retention, legal-review, incident-export, and blocked-claims metadata","Guided tenant-admin activation runbook with buyer-ready evidence status","Audited tenant activation proof packet for buyer and investor diligence","SMTP delivery readiness metadata with direct-send gate retained","Protected Buyer Pilot Room with one-click Buyer Diligence Export for competitive edge, readiness, QA evidence, pricing path, limitations, legal/privacy/security/safety boundaries, workarounds, and write-before-release audit","Protected SCRIMED Command Intelligence Hub for Agent Commander posture, Trust Engine outputs, continuous evaluation, MCP/tool access architecture, observability, buyer diligence readiness, safe-mode controls, limitations, workarounds, next actions, durable AAL2-reviewed snapshots, and audited command packets","AAL2-protected no-PHI operator metric capture for Public Market Readiness, workflow cost discipline, proof-packet coverage, and finance-review preparation","Browser-session manual QA evidence capture without copying bearer tokens into scripts","Tenant offboarding, reactivation, and final-admin protection","Periodic access review attestation","SSO-readiness metadata and identity lifecycle evidence","Rate-limited public intake and protected mutations","Authenticated Agent Workspace dashboard for work-order creation, governed transitions, outcome metrics, reviewer queues, retry queues, packet export, governance export, and event-trail review","Persistent Agent Workspace work-order creation, state transitions, retry tracking, reviewer assignment, closure, dashboard filters, proof-packet export, and append-only event trails"],"updated":"2026-06-18","verification":{"protectedStore":{"configured":true,"verified":true,"schemaVersion":"2026-06-20.10","detail":"Supabase Auth, Data API, and the protected pilot schema are reachable."},"distributedRateLimit":{"configured":true,"verified":true,"detail":"Upstash Redis distributed rate-limit storage is reachable through vercel-marketplace."},"productionActivationVerified":true}}