{"service":"scrimed-release-continuity","route":"/release-continuity","apiRoute":"/api/release-continuity","briefRoute":"/api/release-continuity/brief","status":"release-continuity-checkpointed-aal2-boundary","briefStatus":"release-continuity-brief-operator-ready","authorizationStatus":"public-release-evidence-only-protected-aal2-required","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","releaseAuthority":"not-release-approval","securityCertification":"not-security-certified","approvalAuthority":"external-review-required","tokenHandling":"no-token-values-exposed-or-retained","boundary":"SCRIMED Release Continuity ties live production, source-control checkpoints, no-secret smoke checks, and protected AAL2 operator gates into one operating view. It does not mint tokens, store secrets, bypass AAL2, approve buyer release, authorize PHI processing, certify security or compliance, grant legal approval, or authorize live clinical care.","source":{"productionDomain":"https://app.scrimedsolutions.com","baselineDeploymentId":"dpl_EjfSCM5YKpWhHKDAa6FGmNDPnJ7K","baselineCommit":"6219f3616e71d163edd047e4d55074cc5089e2b8","baselineShortCommit":"6219f36","baselineTag":"scrimed-code-pt2-approvals-readiness-20260623","runtimeCommit":"7bf596c25bed03d6148923e4ab939a2abbfb2fff","runtimeBranch":"main","runtimeDeploymentUrl":"https://scrimed-site-2jx6xfd2i-temitayo-dahunsis-projects.vercel.app"},"gateCount":6,"resolvedGateCount":2,"operatorRequiredGateCount":2,"blockedByDesignGateCount":1,"externalReviewGateCount":1,"checkCount":7,"passedCheckCount":4,"gates":[{"key":"source-control-drift","name":"Source-control drift","status":"resolved","proof":"The approvals readiness and buyer release-control release was committed, tagged, pushed, and verified against origin/main.","bottleneck":"Production-only changes can become hard to audit if Vercel history moves ahead of GitHub.","workaround":"Keep every production release checkpointed by commit, tag, production smoke, and briefed release boundary.","owner":"Founder + Release Steward","proofRoutes":["/product","/api/product/console","/api/release-continuity"]},{"key":"public-production-smoke","name":"Public production smoke","status":"resolved","proof":"Public smoke validates the custom domain, HTML routes, JSON APIs, Markdown briefs, fail-closed protected routes, and approval boundaries.","bottleneck":"Public readiness can look healthy while protected writes still require explicit AAL2 proof.","workaround":"Pair public smoke with protected fail-closed checks and a separate AAL2 operator run when a fresh session exists.","owner":"Release Steward","proofRoutes":["/api/release-continuity","/api/product/console","/qa-evidence"]},{"key":"protected-aal2-happy-path","name":"Protected AAL2 happy path","status":"operator-required","proof":"TrustOps, Agent Workspace, and Buyer Release Control fail closed without a tenant-admin or pilot-lead AAL2 session.","bottleneck":"A terminal cannot safely create or retain a fresh human AAL2 bearer token without crossing the no-secret boundary.","workaround":"Use the protected browser workspace for no-secret verification, or run the CLI smoke only with a fresh external AAL2 token and dispose of it immediately after the run.","owner":"Approved tenant-admin or pilot-lead operator","proofRoutes":["/pilot-workspace/access","/buyer-release-control-run","/api/pilot-workspaces/{workspaceSlug}/buyer-release-control-run"]},{"key":"aal2-smoke-readiness-packet","name":"AAL2 smoke readiness packet","status":"operator-required","proof":"The no-secret AAL2 smoke readiness packet is exposed for release review while strict protected writes remain human-token and feature-flag gated.","bottleneck":"A release checklist can prove readiness surfaces exist, but it cannot prove authenticated protected writes without a fresh human AAL2 session.","workaround":"Inspect /api/qa-evidence/aal2-smoke-readiness, run npm run smoke:aal2:readiness, then use a short-lived authorized AAL2 token only for deliberate strict smoke.","owner":"Release Steward + Approved AAL2 Operator","proofRoutes":["/qa-aal2-run-evidence","/api/qa-evidence/aal2-smoke-readiness","/api/qa-evidence/aal2-smoke-readiness/brief"]},{"key":"secret-handling","name":"Secret handling","status":"blocked-by-design","proof":"Release scripts skip authenticated mutations unless a deliberate short-lived token is supplied outside the product and outside source control.","bottleneck":"Automating protected happy-path evidence with stored long-lived tokens would weaken the trust boundary.","workaround":"Prefer browser AAL2 operator panels; when CLI evidence is necessary, use explicit environment variables for one run and never write token values to docs, chat, CI logs, or code.","owner":"Security + Operator","proofRoutes":["/qa-run-control","/qa-launch-kit","/qa-human-run-packet"]},{"key":"regulated-approval-claims","name":"Regulated approval claims","status":"external-review-required","proof":"Approvals Readiness and Boundary Resolution keep legal, HIPAA, SOC 2, HITRUST, FDA, ONC, reimbursement, and public customer-permission claims externally gated.","bottleneck":"SCRIMED can prepare approval evidence, but it cannot self-certify or self-authorize regulated claims.","workaround":"Route public copy through Claim Guard, keep intended use narrow, retain external approval references, and require qualified reviewer sign-off before any claim expansion.","owner":"Founder + Legal/Security/Regulatory reviewers","proofRoutes":["/approvals-readiness","/boundary-resolution","/qa-claim-guard"]}],"checks":[{"name":"npm audit","status":"passed","evidence":"0 vulnerabilities at moderate threshold.","nextAction":"Repeat before each production release."},{"name":"Generated integrity","status":"passed","evidence":"Generated workspace integrity check passed.","nextAction":"Keep generated cache cleanup in the build lifecycle."},{"name":"TypeScript and ESLint","status":"passed","evidence":"TypeScript noEmit and ESLint completed cleanly.","nextAction":"Keep static checks required before deploy."},{"name":"Production public smoke","status":"passed","evidence":"Custom-domain public smoke passed across release, approval, QA, and fail-closed protected surfaces.","nextAction":"Run after each deploy and tag."},{"name":"Protected happy path","status":"requires-aal2-operator","evidence":"Fail-closed checks pass; authenticated mutation proof requires fresh human AAL2.","nextAction":"Use browser protected workspace or one-time short-lived AAL2 token run."},{"name":"AAL2 smoke readiness preflight","status":"requires-aal2-operator","evidence":"No-secret readiness packet is present; strict durable-store and stored-vector smoke still require a fresh authorized human AAL2 token and target runtime enablement.","nextAction":"Run npm run smoke:aal2:readiness before any strict protected smoke and retain only no-secret evidence."},{"name":"External certifications and approvals","status":"external-review-required","evidence":"Approval tracks are organized but not certified or cleared.","nextAction":"Move through qualified legal, security, regulatory, buyer, and certification-body review."}],"aal2SmokeReadiness":{"status":"aal2-smoke-readiness-preflight-ready-no-secret","apiRoute":"/api/qa-evidence/aal2-smoke-readiness","briefRoute":"/api/qa-evidence/aal2-smoke-readiness/brief","strictAttemptReady":false,"protectedHumanRunRequired":true,"operatorTokenRequired":true,"gateCount":8,"commandCount":4},"deploymentReleaseChecklist":[{"id":"generated-integrity-static-checks","label":"Generated integrity, typecheck, lint, and build","status":"required-before-release","command":"npm run test:nonsecret && npm run typecheck && npm run lint && npm run build","route":"/api/release-continuity","evidence":"Local static and contract checks must pass before any production deploy or buyer diligence expansion.","humanReviewRequired":false,"noSecretBoundary":"Static checks must run without PHI, credentials, bearer tokens, service-role keys, or production connector payloads."},{"id":"public-production-smoke","label":"Public production smoke","status":"required-before-release","command":"npm run smoke:public","route":"/api/release-continuity","evidence":"Public smoke verifies the deployed domain, public APIs, brief routes, safety headers, and fail-closed protected route posture.","humanReviewRequired":false,"noSecretBoundary":"Public smoke must never require or emit bearer tokens, Supabase service-role keys, PHI, or customer data."},{"id":"aal2-smoke-readiness-preflight","label":"AAL2 smoke readiness preflight","status":"aal2-smoke-readiness-preflight-ready-no-secret","command":"npm run smoke:aal2:readiness","route":"/api/qa-evidence/aal2-smoke-readiness","evidence":"No-secret readiness packet confirms operator gates, strict-smoke commands, and fail-closed modes while keeping strict attempt ready false until human AAL2 is present.","humanReviewRequired":true,"noSecretBoundary":"SCRIMED AAL2 Smoke Readiness is a no-secret operator preflight for synthetic AAL2 durable-store and stored-vector RPC smoke tests. It does not mint, expose, retain, validate, or bypass bearer tokens; protected APIs remain the source of truth for role, AAL2, feature flag, tenant, and RLS verification."},{"id":"strict-aal2-durable-store-smoke","label":"Strict AAL2 durable-store smoke","status":"blocked-until-human-aal2","command":"npm run smoke:aal2:durable-store:strict","route":"/api/workflows/execution-attempts/durable-store","evidence":"Authenticated record, replay, and review-disposition proof requires an authorized tenant-admin, pilot-lead, or reviewer session plus protected writes enabled on the target.","humanReviewRequired":true,"noSecretBoundary":"Strict durable-store smoke must use only short-lived local token material and retain no PHI, credentials, or token values."},{"id":"strict-stored-vector-rpc-smoke","label":"Strict stored-vector RPC smoke","status":"blocked-until-human-aal2","command":"npm run smoke:scrimed-stored-vector-rpc:strict","route":"/api/scrimed-build-roadmap/stored-vector-rpc-smoke","evidence":"Stored-vector lookup proof remains protected by the same AAL2 and tenant-role boundary as durable-store strict smoke.","humanReviewRequired":true,"noSecretBoundary":"Stored-vector smoke must not expose raw embeddings, token values, PHI, or production patient matching."}],"releaseEvidenceLedger":{"status":"release-evidence-ledger-active-no-secret","route":"/release-continuity#release-evidence-ledger","apiRoute":"/api/release-continuity/evidence-ledger","briefRoute":"/api/release-continuity/evidence-ledger/brief","entryCount":10,"passedNoSecretCount":6,"operatorRequiredCount":2,"externalReviewRequiredCount":1,"tokenMaterialCaptured":false,"productionApproval":false,"boundary":"SCRIMED Release Evidence Ledger records no-secret build, smoke, readiness, and protected-operator evidence metadata only. It does not store PHI, patient identifiers, bearer tokens, Supabase secrets, service-role keys, raw logs, production connector payloads, customer data, certification proof, release approval, or live clinical authority."},"releaseEvidencePromotion":{"status":"release-evidence-promotion-queue-active-human-gated","route":"/release-continuity#release-evidence-promotion","apiRoute":"/api/release-continuity/evidence-promotion","briefRoute":"/api/release-continuity/evidence-promotion/brief","queueCount":10,"shareableNoSecretCount":7,"operatorProofRequiredCount":2,"externalReviewRequiredCount":1,"tokenMaterialCaptured":false,"productionApproval":false,"buyerDistributionAuthority":"protected-buyer-diligence-only-after-review","externalDistributionAuthority":"not-authorized","publicClaimAuthority":"not-authorized-public-claim","boundary":"SCRIMED Release Evidence Promotion Queue converts no-secret release ledger entries into buyer-diligence candidates, protected operator proof blockers, and qualified-review requirements. It does not store PHI, tokens, raw logs, customer data, production connector payloads, certification evidence, public release approval, or live clinical authority."},"releaseEvidenceFreshnessGuard":{"status":"release-evidence-freshness-guard-active-no-secret","route":"/release-continuity#release-evidence-freshness-guard","apiRoute":"/api/release-continuity/evidence-freshness-guard","briefRoute":"/api/release-continuity/evidence-freshness-guard/brief","freshnessHash":"freshness-95ba01b3","freshnessAuthority":"fresh-rerun-required-before-external-use","publicDistributionAuthority":"not-authorized","customerSpecificAuthority":"not-authorized-without-customer-permission","cardCount":10,"internalFreshCount":2,"refreshRequiredCount":5,"humanAal2RefreshCount":2,"qualifiedReviewRefreshCount":1,"tokenMaterialCaptured":false,"productionApproval":false,"clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","securityCertification":"not-security-certified","boundary":"SCRIMED Release Evidence Freshness Guard is a no-secret recency and revalidation policy for release evidence. It does not rerun commands, store logs, store PHI, capture tokens, certify evidence, approve public distribution, approve production release, approve customer go-live, or authorize live clinical care."},"diligenceReleaseGate":{"status":"diligence-release-gate-active-no-production-approval","route":"/release-continuity#diligence-release-gate","apiRoute":"/api/release-continuity/diligence-gate","briefRoute":"/api/release-continuity/diligence-gate/brief","buyerDiligenceGate":"go-no-secret-metadata-with-release-steward-review","protectedAal2Gate":"no-go-until-human-aal2-retained-packet","publicDistributionGate":"no-go-until-qualified-review","productionReleaseGate":"no-go-not-release-approval","clinicalProductionGate":"no-go-not-authorized-live-care","gateCount":5,"goCount":2,"reviewRequiredCount":0,"noGoCount":3,"tokenMaterialCaptured":false,"productionApproval":false,"boundary":"SCRIMED Diligence Release Gate summarizes no-secret buyer diligence readiness while preserving NO-GO boundaries for protected AAL2 proof, public distribution, production release, PHI processing, certification, and live clinical care."},"diligencePacketManifest":{"status":"diligence-packet-manifest-active-no-secret","route":"/release-continuity#diligence-packet-manifest","apiRoute":"/api/release-continuity/diligence-packet-manifest","briefRoute":"/api/release-continuity/diligence-packet-manifest/brief","manifestHash":"diligence-manifest-73403733","packetUseAuthority":"no-secret-buyer-investor-diligence-only","publicDistributionAuthority":"not-authorized","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","securityCertification":"not-security-certified","itemCount":12,"includeNoSecretCount":6,"summaryOnlyCount":3,"withholdUntilHumanAal2Count":2,"withholdUntilQualifiedReviewCount":1,"noGoCount":3,"tokenMaterialCaptured":false,"productionApproval":false,"boundary":"SCRIMED Diligence Packet Manifest assembles no-secret buyer and investor diligence metadata only. It does not store PHI, bearer tokens, Supabase secrets, service-role keys, raw logs, customer data, production connector payloads, certification proof, release approval, public distribution approval, or live clinical authority."},"diligencePacketShareGuard":{"status":"diligence-packet-share-guard-active-human-gated","route":"/release-continuity#diligence-packet-share-guard","apiRoute":"/api/release-continuity/diligence-packet-share-guard","briefRoute":"/api/release-continuity/diligence-packet-share-guard/brief","guardHash":"diligence-share-75b52bf1","externalShareAuthority":"protected-diligence-only-after-human-review","recipientAuthorizationAuthority":"recipient-specific-human-approval-required","publicDistributionAuthority":"not-authorized","customerSpecificAuthority":"not-authorized-without-customer-permission","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","securityCertification":"not-security-certified","cardCount":7,"noGoCount":1,"reviewRequiredCount":5,"internalAllowCount":1,"tokenMaterialCaptured":false,"productionApproval":false,"boundary":"SCRIMED Diligence Packet Share Guard is a no-secret recipient and distribution control. It does not share packets, send emails, create calendar invites, approve public distribution, authorize PHI, certify security or compliance, approve production release, approve customer go-live, or authorize live clinical care."},"recipientQualificationMatrix":{"status":"recipient-qualification-matrix-active-no-secret","route":"/release-continuity#recipient-qualification-matrix","apiRoute":"/api/release-continuity/recipient-qualification-matrix","briefRoute":"/api/release-continuity/recipient-qualification-matrix/brief","qualificationHash":"recipient-qualification-e13fcd32","externalShareAuthority":"qualified-recipient-review-required","publicDistributionAuthority":"not-authorized","recipientIdentifierStorage":"not-stored-in-scrimed","customerSpecificAuthority":"not-authorized-without-customer-permission","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","securityCertification":"not-security-certified","recipientClassCount":6,"qualifiedReviewRequiredCount":4,"blockedRecipientCount":4,"revocationRequiredCount":6,"tokenMaterialCaptured":false,"productionApproval":false,"boundary":"SCRIMED Recipient Qualification Matrix is a no-secret recipient policy preflight for diligence packet sharing. It does not store recipient names, recipient emails, access grants, raw access logs, bearer tokens, PHI, customer data, signed approvals, legal opinions, certification evidence, production connector payloads, public distribution approval, customer go-live approval, or live clinical care authorization."},"releaseAuthorizationChain":{"status":"release-authorization-chain-active-no-release-approval","route":"/release-continuity#release-authorization-chain","apiRoute":"/api/release-continuity/authorization-chain","briefRoute":"/api/release-continuity/authorization-chain/brief","authorizationHash":"release-authorization-831a9179","safeUseLabel":"no-secret-metadata-chain-not-release-approval","chainDecision":"blocked-by-design","weakestLink":"diligence-release-gate:blocked-by-design","buyerDiligenceMetadataLane":"available-after-release-steward-review","protectedProofLane":"blocked-until-human-aal2","publicDistributionAuthority":"not-authorized","customerSpecificAuthority":"not-authorized-without-customer-permission","releaseAuthority":"not-release-approval","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","securityCertification":"not-security-certified","controlCount":8,"passedNoSecretCount":2,"humanReviewRequiredCount":1,"operatorRequiredCount":2,"externalReviewRequiredCount":0,"blockedByDesignCount":3,"tokenMaterialCaptured":false,"productionApproval":false,"boundary":"SCRIMED Release Authorization Chain composes the no-secret release ledger, evidence freshness guard, diligence gate, packet manifest, recipient qualification matrix, share guard, and AAL2 readiness into one weakest-link control view. It does not approve release, share packets, store recipient identifiers, retain token material, authorize PHI, certify security or compliance, approve customer go-live, or authorize live clinical care."},"nextOperatorActions":["Use /release-continuity before and after each production deployment.","Run /api/release-continuity/authorization-chain before any external packet reference so the weakest-link decision is visible across evidence, freshness, manifest, recipient, share, and AAL2 controls.","Assemble buyer and investor packets from /api/release-continuity/diligence-packet-manifest so every included artifact carries allowed fields, withheld material, and reviewer ownership.","Run /api/release-continuity/recipient-qualification-matrix before external packet references so recipient class, expiry, revocation, and no-identifier storage rules are explicit.","Apply /api/release-continuity/diligence-packet-share-guard before any packet is referenced outside SCRIMED so recipient class, human review, public distribution, and customer-specific authority stay explicit.","Run /api/release-continuity/evidence-freshness-guard before external packet reuse so stale, protected AAL2, and qualified-review evidence is refreshed or withheld.","Attach no-secret release evidence ledger entries to every buyer-facing release review.","Promote only metadata-safe ledger entries through the Release Evidence Promotion Queue before buyer distribution.","Use the Diligence Release Gate to label no-secret buyer-diligence GO items separately from strict AAL2, public-distribution, production, and clinical NO-GO items.","Run public production smoke on the custom domain after every deploy.","Inspect /api/qa-evidence/aal2-smoke-readiness before strict protected smoke.","Use /pilot-workspace/access for browser-session AAL2 protected verification when possible.","Use SCRIMED_BEARER_TOKEN only for a deliberate one-time CLI smoke, then dispose of it outside the product.","Keep approval, PHI, clinical, certification, and buyer-release claims gated until qualified external evidence exists."],"updated":"2026-06-23"}