# SCRIMED Release Continuity Brief

Status: release-continuity-checkpointed-aal2-boundary
Authorization status: public-release-evidence-only-protected-aal2-required
Clinical care authority: not-authorized-live-care
PHI authority: not-authorized-production-phi
Release authority: not-release-approval
Security certification: not-security-certified
Approval authority: external-review-required
Token handling: no-token-values-exposed-or-retained

## Boundary
SCRIMED Release Continuity ties live production, source-control checkpoints, no-secret smoke checks, and protected AAL2 operator gates into one operating view. It does not mint tokens, store secrets, bypass AAL2, approve buyer release, authorize PHI processing, certify security or compliance, grant legal approval, or authorize live clinical care.

This brief is not release approval, legal approval, security certification, HIPAA certification, FDA clearance, ONC certification, PHI processing approval, token authorization, or live clinical authorization.

## Source Checkpoint
- Production domain: https://app.scrimedsolutions.com
- Baseline deployment: dpl_EjfSCM5YKpWhHKDAa6FGmNDPnJ7K
- Baseline commit: 6219f3616e71d163edd047e4d55074cc5089e2b8
- Baseline tag: scrimed-code-pt2-approvals-readiness-20260623
- Runtime commit: 7bf596c25bed03d6148923e4ab939a2abbfb2fff
- Runtime branch: main
- Runtime deployment URL: https://scrimed-site-2jx6xfd2i-temitayo-dahunsis-projects.vercel.app

## Gates
- Source-control drift (resolved): The approvals readiness and buyer release-control release was committed, tagged, pushed, and verified against origin/main. Bottleneck: Production-only changes can become hard to audit if Vercel history moves ahead of GitHub. Workaround: Keep every production release checkpointed by commit, tag, production smoke, and briefed release boundary. Owner: Founder + Release Steward
- Public production smoke (resolved): Public smoke validates the custom domain, HTML routes, JSON APIs, Markdown briefs, fail-closed protected routes, and approval boundaries. Bottleneck: Public readiness can look healthy while protected writes still require explicit AAL2 proof. Workaround: Pair public smoke with protected fail-closed checks and a separate AAL2 operator run when a fresh session exists. Owner: Release Steward
- Protected AAL2 happy path (operator-required): TrustOps, Agent Workspace, and Buyer Release Control fail closed without a tenant-admin or pilot-lead AAL2 session. Bottleneck: A terminal cannot safely create or retain a fresh human AAL2 bearer token without crossing the no-secret boundary. Workaround: Use the protected browser workspace for no-secret verification, or run the CLI smoke only with a fresh external AAL2 token and dispose of it immediately after the run. Owner: Approved tenant-admin or pilot-lead operator
- AAL2 smoke readiness packet (operator-required): The no-secret AAL2 smoke readiness packet is exposed for release review while strict protected writes remain human-token and feature-flag gated. Bottleneck: A release checklist can prove readiness surfaces exist, but it cannot prove authenticated protected writes without a fresh human AAL2 session. Workaround: Inspect /api/qa-evidence/aal2-smoke-readiness, run npm run smoke:aal2:readiness, then use a short-lived authorized AAL2 token only for deliberate strict smoke. Owner: Release Steward + Approved AAL2 Operator
- Secret handling (blocked-by-design): Release scripts skip authenticated mutations unless a deliberate short-lived token is supplied outside the product and outside source control. Bottleneck: Automating protected happy-path evidence with stored long-lived tokens would weaken the trust boundary. Workaround: Prefer browser AAL2 operator panels; when CLI evidence is necessary, use explicit environment variables for one run and never write token values to docs, chat, CI logs, or code. Owner: Security + Operator
- Regulated approval claims (external-review-required): Approvals Readiness and Boundary Resolution keep legal, HIPAA, SOC 2, HITRUST, FDA, ONC, reimbursement, and public customer-permission claims externally gated. Bottleneck: SCRIMED can prepare approval evidence, but it cannot self-certify or self-authorize regulated claims. Workaround: Route public copy through Claim Guard, keep intended use narrow, retain external approval references, and require qualified reviewer sign-off before any claim expansion. Owner: Founder + Legal/Security/Regulatory reviewers

## Checks
- npm audit (passed): 0 vulnerabilities at moderate threshold. Next: Repeat before each production release.
- Generated integrity (passed): Generated workspace integrity check passed. Next: Keep generated cache cleanup in the build lifecycle.
- TypeScript and ESLint (passed): TypeScript noEmit and ESLint completed cleanly. Next: Keep static checks required before deploy.
- Production public smoke (passed): Custom-domain public smoke passed across release, approval, QA, and fail-closed protected surfaces. Next: Run after each deploy and tag.
- Protected happy path (requires-aal2-operator): Fail-closed checks pass; authenticated mutation proof requires fresh human AAL2. Next: Use browser protected workspace or one-time short-lived AAL2 token run.
- AAL2 smoke readiness preflight (requires-aal2-operator): No-secret readiness packet is present; strict durable-store and stored-vector smoke still require a fresh authorized human AAL2 token and target runtime enablement. Next: Run npm run smoke:aal2:readiness before any strict protected smoke and retain only no-secret evidence.
- External certifications and approvals (external-review-required): Approval tracks are organized but not certified or cleared. Next: Move through qualified legal, security, regulatory, buyer, and certification-body review.

## AAL2 Smoke Readiness
- Status: aal2-smoke-readiness-preflight-ready-no-secret
- Strict attempt ready: false
- Human run required: true
- API: /api/qa-evidence/aal2-smoke-readiness

## Deployment Release Checklist
- Generated integrity, typecheck, lint, and build (required-before-release): npm run test:nonsecret && npm run typecheck && npm run lint && npm run build via /api/release-continuity. Human review required: false
- Public production smoke (required-before-release): npm run smoke:public via /api/release-continuity. Human review required: false
- AAL2 smoke readiness preflight (aal2-smoke-readiness-preflight-ready-no-secret): npm run smoke:aal2:readiness via /api/qa-evidence/aal2-smoke-readiness. Human review required: true
- Strict AAL2 durable-store smoke (blocked-until-human-aal2): npm run smoke:aal2:durable-store:strict via /api/workflows/execution-attempts/durable-store. Human review required: true
- Strict stored-vector RPC smoke (blocked-until-human-aal2): npm run smoke:scrimed-stored-vector-rpc:strict via /api/scrimed-build-roadmap/stored-vector-rpc-smoke. Human review required: true

## Release Evidence Ledger
- Status: release-evidence-ledger-active-no-secret
- Entries: 10
- Passed no-secret: 6
- Operator required: 2
- API: /api/release-continuity/evidence-ledger

## Release Evidence Promotion Queue
- Status: release-evidence-promotion-queue-active-human-gated
- Queue entries: 10
- Shareable no-secret: 7
- Operator proof required: 2
- External review required: 1
- API: /api/release-continuity/evidence-promotion

## Release Evidence Freshness Guard
- Status: release-evidence-freshness-guard-active-no-secret
- Freshness hash: freshness-95ba01b3
- Freshness authority: fresh-rerun-required-before-external-use
- Cards: 10
- Internal fresh: 2
- Refresh required: 5
- Human AAL2 refresh: 2
- Qualified review refresh: 1
- API: /api/release-continuity/evidence-freshness-guard

## Diligence Release Gate
- Status: diligence-release-gate-active-no-production-approval
- Buyer diligence: go-no-secret-metadata-with-release-steward-review
- Protected AAL2: no-go-until-human-aal2-retained-packet
- Public distribution: no-go-until-qualified-review
- Production release: no-go-not-release-approval
- Clinical production: no-go-not-authorized-live-care
- API: /api/release-continuity/diligence-gate

## Diligence Packet Manifest
- Status: diligence-packet-manifest-active-no-secret
- Manifest hash: diligence-manifest-73403733
- Items: 12
- Include no-secret: 6
- Withhold human AAL2: 2
- Withhold qualified review: 1
- API: /api/release-continuity/diligence-packet-manifest

## Diligence Packet Share Guard
- Status: diligence-packet-share-guard-active-human-gated
- Guard hash: diligence-share-75b52bf1
- External share: protected-diligence-only-after-human-review
- Recipient authorization: recipient-specific-human-approval-required
- Public distribution: not-authorized
- Cards: 7
- Review required: 5
- API: /api/release-continuity/diligence-packet-share-guard

## Recipient Qualification Matrix
- Status: recipient-qualification-matrix-active-no-secret
- Qualification hash: recipient-qualification-e13fcd32
- External share: qualified-recipient-review-required
- Recipient identifier storage: not-stored-in-scrimed
- Recipient classes: 6
- Blocked recipients: 4
- Revocation policies: 6
- API: /api/release-continuity/recipient-qualification-matrix

## Release Authorization Chain
- Status: release-authorization-chain-active-no-release-approval
- Chain decision: blocked-by-design
- Weakest link: diligence-release-gate:blocked-by-design
- Authorization hash: release-authorization-831a9179
- Safe use: no-secret-metadata-chain-not-release-approval
- Controls: 8
- Passed no-secret: 2
- Human review required: 1
- Operator required: 2
- External review required: 0
- Blocked by design: 3
- API: /api/release-continuity/authorization-chain

## Next Operator Actions
- Use /release-continuity before and after each production deployment.
- Run /api/release-continuity/authorization-chain before any external packet reference so the weakest-link decision is visible across evidence, freshness, manifest, recipient, share, and AAL2 controls.
- Assemble buyer and investor packets from /api/release-continuity/diligence-packet-manifest so every included artifact carries allowed fields, withheld material, and reviewer ownership.
- Run /api/release-continuity/recipient-qualification-matrix before external packet references so recipient class, expiry, revocation, and no-identifier storage rules are explicit.
- Apply /api/release-continuity/diligence-packet-share-guard before any packet is referenced outside SCRIMED so recipient class, human review, public distribution, and customer-specific authority stay explicit.
- Run /api/release-continuity/evidence-freshness-guard before external packet reuse so stale, protected AAL2, and qualified-review evidence is refreshed or withheld.
- Attach no-secret release evidence ledger entries to every buyer-facing release review.
- Promote only metadata-safe ledger entries through the Release Evidence Promotion Queue before buyer distribution.
- Use the Diligence Release Gate to label no-secret buyer-diligence GO items separately from strict AAL2, public-distribution, production, and clinical NO-GO items.
- Run public production smoke on the custom domain after every deploy.
- Inspect /api/qa-evidence/aal2-smoke-readiness before strict protected smoke.
- Use /pilot-workspace/access for browser-session AAL2 protected verification when possible.
- Use SCRIMED_BEARER_TOKEN only for a deliberate one-time CLI smoke, then dispose of it outside the product.
- Keep approval, PHI, clinical, certification, and buyer-release claims gated until qualified external evidence exists.