{"service":"scrimed-release-authorization-chain","status":"release-authorization-chain-active-no-release-approval","route":"/release-continuity#release-authorization-chain","apiRoute":"/api/release-continuity/authorization-chain","briefRoute":"/api/release-continuity/authorization-chain/brief","generatedAt":"static-no-secret-release-authorization-chain","noPhiConfirmed":true,"tokenMaterialCaptured":false,"productionApproval":false,"safeUseLabel":"no-secret-metadata-chain-not-release-approval","chainDecision":"blocked-by-design","weakestLink":"diligence-release-gate:blocked-by-design","buyerDiligenceMetadataLane":"available-after-release-steward-review","protectedProofLane":"blocked-until-human-aal2","publicDistributionAuthority":"not-authorized","customerSpecificAuthority":"not-authorized-without-customer-permission","releaseAuthority":"not-release-approval","clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","securityCertification":"not-security-certified","authorizationHash":"release-authorization-831a9179","controlCount":8,"passedNoSecretCount":2,"humanReviewRequiredCount":1,"operatorRequiredCount":2,"externalReviewRequiredCount":0,"blockedByDesignCount":3,"controls":[{"id":"release-evidence-ledger","label":"Release evidence ledger","state":"passed-no-secret","sourceRoute":"/release-continuity#release-evidence-ledger","sourceApiRoute":"/api/release-continuity/evidence-ledger","sourceHash":"release-authorization-80c79763","evidence":"6/10 ledger entries are passed no-secret metadata.","requiredControl":"Use command names, statuses, routes, no-secret evidence hashes, and blocked claims only.","nextAction":"Attach no-secret ledger metadata to release review; withhold raw logs, token values, PHI, customer data, and protected payloads.","blockedClaims":["release authorization chain is release approval","public distribution approved","recipient approved without human review","customer-specific sharing approved","strict AAL2 proof retained","boundary release approved","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved"],"authorityBoundary":"SCRIMED Release Evidence Ledger records no-secret build, smoke, readiness, and protected-operator evidence metadata only. It does not store PHI, patient identifiers, bearer tokens, Supabase secrets, service-role keys, raw logs, production connector payloads, customer data, certification proof, release approval, or live clinical authority."},{"id":"evidence-promotion-queue","label":"Evidence promotion queue","state":"passed-no-secret","sourceRoute":"/release-continuity#release-evidence-promotion","sourceApiRoute":"/api/release-continuity/evidence-promotion","sourceHash":"release-authorization-16949019","evidence":"7/10 promotion entries are shareable no-secret candidates.","requiredControl":"Promote only metadata-safe evidence; keep operator proof and external-review evidence in withheld lanes.","nextAction":"Use the promotion queue before any buyer or investor packet assembly.","blockedClaims":["release authorization chain is release approval","public distribution approved","recipient approved without human review","customer-specific sharing approved","strict AAL2 proof retained","boundary release approved","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved"],"authorityBoundary":"SCRIMED Release Evidence Promotion Queue converts no-secret release ledger entries into buyer-diligence candidates, protected operator proof blockers, and qualified-review requirements. It does not store PHI, tokens, raw logs, customer data, production connector payloads, certification evidence, public release approval, or live clinical authority."},{"id":"evidence-freshness-guard","label":"Evidence freshness guard","state":"operator-required","sourceRoute":"/release-continuity#release-evidence-freshness-guard","sourceApiRoute":"/api/release-continuity/evidence-freshness-guard","sourceHash":"freshness-95ba01b3","evidence":"5/10 freshness cards require refresh before external sharing; 2 require human AAL2.","requiredControl":"Refresh stale public, contract, protected AAL2, and qualified-review evidence before external reuse.","nextAction":"Run the freshness guard immediately before external packet reference and withhold stale or protected evidence.","blockedClaims":["release authorization chain is release approval","public distribution approved","recipient approved without human review","customer-specific sharing approved","strict AAL2 proof retained","boundary release approved","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved"],"authorityBoundary":"SCRIMED Release Evidence Freshness Guard is a no-secret recency and revalidation policy for release evidence. It does not rerun commands, store logs, store PHI, capture tokens, certify evidence, approve public distribution, approve production release, approve customer go-live, or authorize live clinical care."},{"id":"diligence-release-gate","label":"Diligence release gate","state":"blocked-by-design","sourceRoute":"/release-continuity#diligence-release-gate","sourceApiRoute":"/api/release-continuity/diligence-gate","sourceHash":"release-authorization-4a5fd9f5","evidence":"2 buyer-diligence GO cards, 0 review-required cards, and 3 NO-GO cards.","requiredControl":"Preserve protected AAL2, public distribution, production release, PHI, and clinical production gates as separate NO-GO lanes.","nextAction":"Use the gate label in every release packet so readiness language cannot drift into approval claims.","blockedClaims":["production release approved","public distribution approved","strict AAL2 proof retained","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved","clinical validation completed"],"authorityBoundary":"SCRIMED Diligence Release Gate summarizes no-secret buyer diligence readiness while preserving NO-GO boundaries for protected AAL2 proof, public distribution, production release, PHI processing, certification, and live clinical care."},{"id":"diligence-packet-manifest","label":"Diligence packet manifest","state":"blocked-by-design","sourceRoute":"/release-continuity#diligence-packet-manifest","sourceApiRoute":"/api/release-continuity/diligence-packet-manifest","sourceHash":"diligence-manifest-73403733","evidence":"6/12 packet items are include-no-secret; 2 need human AAL2 and 1 need qualified review.","requiredControl":"Assemble packets from allowed fields only and keep withheld material out of buyer-facing artifacts.","nextAction":"Use the manifest to build metadata-only diligence packets with reviewer ownership and blocked claims.","blockedClaims":["diligence packet is production approval","public distribution approved","PHI processing authorized","live clinical care authorized","strict AAL2 protected proof retained","HIPAA, SOC 2, HITRUST, FDA, ONC, security, or clinical validation completed","boundary release approved","production connector approved","payer submission or reimbursement certainty approved","customer go-live approved"],"authorityBoundary":"SCRIMED Diligence Packet Manifest assembles no-secret buyer and investor diligence metadata only. It does not store PHI, bearer tokens, Supabase secrets, service-role keys, raw logs, customer data, production connector payloads, certification proof, release approval, public distribution approval, or live clinical authority."},{"id":"recipient-qualification-matrix","label":"Recipient qualification matrix","state":"human-review-required","sourceRoute":"/release-continuity#recipient-qualification-matrix","sourceApiRoute":"/api/release-continuity/recipient-qualification-matrix","sourceHash":"recipient-qualification-e13fcd32","evidence":"6 recipient classes; 4 require qualified review and 4 are blocked by default.","requiredControl":"Classify recipient class, purpose, expiry, revocation path, and no-identifier storage before external packet reference.","nextAction":"Keep recipient names, emails, access grants, raw logs, and signed approvals outside SCRIMED.","blockedClaims":["recipient qualification matrix is distribution approval","recipient is authorized without human review","public sharing approved","customer-specific sharing approved","boundary release approved","protected packet can be shared publicly","strict AAL2 proof retained","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved"],"authorityBoundary":"SCRIMED Recipient Qualification Matrix is a no-secret recipient policy preflight for diligence packet sharing. It does not store recipient names, recipient emails, access grants, raw access logs, bearer tokens, PHI, customer data, signed approvals, legal opinions, certification evidence, production connector payloads, public distribution approval, customer go-live approval, or live clinical care authorization."},{"id":"diligence-packet-share-guard","label":"Diligence packet share guard","state":"blocked-by-design","sourceRoute":"/release-continuity#diligence-packet-share-guard","sourceApiRoute":"/api/release-continuity/diligence-packet-share-guard","sourceHash":"diligence-share-75b52bf1","evidence":"1 internal cards, 5 review-required cards, and 1 NO-GO cards.","requiredControl":"Run share guard before any packet leaves SCRIMED; public, customer-specific, and protected packet lanes stay blocked until qualified approvals exist.","nextAction":"Reference only reviewed no-secret metadata in protected diligence lanes.","blockedClaims":["packet share guard is public distribution approval","packet share guard is production approval","recipient is authorized without human review","customer-specific distribution approved","PHI processing authorized","live clinical care authorized","security or compliance certified","strict AAL2 proof retained","protected boundary-release packet is public-shareable","boundary release approved","production connector approved","customer go-live approved"],"authorityBoundary":"SCRIMED Diligence Packet Share Guard is a no-secret recipient and distribution control. It does not share packets, send emails, create calendar invites, approve public distribution, authorize PHI, certify security or compliance, approve production release, approve customer go-live, or authorize live clinical care."},{"id":"protected-aal2-proof","label":"Protected AAL2 proof","state":"operator-required","sourceRoute":"/qa-aal2-run-evidence","sourceApiRoute":"/api/qa-evidence/aal2-smoke-readiness","sourceHash":"release-authorization-1ce56546","evidence":"Strict protected smoke ready: false; human run required: true.","requiredControl":"Use only a fresh authorized human AAL2 session for strict protected proof and never retain token values.","nextAction":"Run strict protected smoke only when the target feature flag and authorized tenant role are present.","blockedClaims":["release authorization chain is release approval","public distribution approved","recipient approved without human review","customer-specific sharing approved","strict AAL2 proof retained","boundary release approved","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved"],"authorityBoundary":"SCRIMED AAL2 Smoke Readiness is a no-secret operator preflight for synthetic AAL2 durable-store and stored-vector RPC smoke tests. It does not mint, expose, retain, validate, or bypass bearer tokens; protected APIs remain the source of truth for role, AAL2, feature flag, tenant, and RLS verification."}],"requiredBeforeExternalReference":["Run the release evidence ledger and promotion queue to identify no-secret metadata candidates.","Run the evidence freshness guard and refresh any stale, protected, or qualified-review evidence before external reuse.","Run the diligence release gate to separate buyer-diligence metadata from protected AAL2, public, production, and clinical NO-GO boundaries.","Run the diligence packet manifest to confirm allowed fields, withheld material, reviewer owners, and blocked claims.","Run the recipient qualification matrix before naming or referencing any external recipient class.","Run the diligence packet share guard before any packet or artifact is referenced outside SCRIMED.","Use a fresh human AAL2 operator session only for strict protected proof, then retain no token values.","Route public, customer-specific, PHI, clinical, certification, connector, reimbursement, and go-live language through qualified review."],"blockedClaims":["release authorization chain is release approval","public distribution approved","recipient approved without human review","customer-specific sharing approved","strict AAL2 proof retained","boundary release approved","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved"],"boundary":"SCRIMED Release Authorization Chain composes the no-secret release ledger, evidence freshness guard, diligence gate, packet manifest, recipient qualification matrix, share guard, and AAL2 readiness into one weakest-link control view. It does not approve release, share packets, store recipient identifiers, retain token material, authorize PHI, certify security or compliance, approve customer go-live, or authorize live clinical care."}