{"service":"scrimed-diligence-release-gate","status":"diligence-release-gate-active-no-production-approval","route":"/release-continuity#diligence-release-gate","apiRoute":"/api/release-continuity/diligence-gate","briefRoute":"/api/release-continuity/diligence-gate/brief","generatedAt":"static-no-secret-diligence-release-gate","noPhiConfirmed":true,"tokenMaterialCaptured":false,"productionApproval":false,"buyerDiligenceGate":"go-no-secret-metadata-with-release-steward-review","protectedAal2Gate":"no-go-until-human-aal2-retained-packet","publicDistributionGate":"no-go-until-qualified-review","productionReleaseGate":"no-go-not-release-approval","clinicalProductionGate":"no-go-not-authorized-live-care","gateCount":5,"goCount":2,"reviewRequiredCount":0,"noGoCount":3,"cards":[{"id":"no-secret-release-evidence","label":"No-secret release evidence","state":"go-no-secret-buyer-diligence","evidence":"6/10 release ledger entries are passed no-secret metadata.","route":"/api/release-continuity/evidence-ledger","nextAction":"Attach command names, statuses, routes, evidence hashes, safe-use labels, and blocked claims to buyer diligence packets only.","safetyBoundary":"SCRIMED Release Evidence Ledger records no-secret build, smoke, readiness, and protected-operator evidence metadata only. It does not store PHI, patient identifiers, bearer tokens, Supabase secrets, service-role keys, raw logs, production connector payloads, customer data, certification proof, release approval, or live clinical authority."},{"id":"promotion-queue-shareability","label":"Promotion queue shareability","state":"go-no-secret-buyer-diligence","evidence":"7/10 promotion entries are metadata-safe buyer-diligence candidates.","route":"/api/release-continuity/evidence-promotion","nextAction":"Use the promotion queue to separate shareable metadata from protected operator proof and qualified-review blockers.","safetyBoundary":"SCRIMED Release Evidence Promotion Queue converts no-secret release ledger entries into buyer-diligence candidates, protected operator proof blockers, and qualified-review requirements. It does not store PHI, tokens, raw logs, customer data, production connector payloads, certification evidence, public release approval, or live clinical authority."},{"id":"strict-aal2-proof","label":"Strict AAL2 proof","state":"no-go","evidence":"Strict protected smoke ready: false; human run required: true.","route":"/api/qa-evidence/aal2-smoke-readiness","nextAction":"Run strict protected smoke only after a fresh authorized human AAL2 token and target feature flag exist, then retain no-secret packet metadata.","safetyBoundary":"SCRIMED AAL2 Smoke Readiness is a no-secret operator preflight for synthetic AAL2 durable-store and stored-vector RPC smoke tests. It does not mint, expose, retain, validate, or bypass bearer tokens; protected APIs remain the source of truth for role, AAL2, feature flag, tenant, and RLS verification."},{"id":"external-approval-claims","label":"External approval claims","state":"no-go","evidence":"1 promotion entries require qualified external review before claim expansion.","route":"/api/release-continuity/evidence-promotion","nextAction":"Route legal, privacy, security, clinical, reimbursement, regional, certification, connector, and customer go-live claims through qualified review.","safetyBoundary":"External approval claims cannot be created by release evidence, smoke tests, internal summaries, or model output."},{"id":"production-and-clinical-authority","label":"Production and clinical authority","state":"no-go","evidence":"Release gate retains not-release-approval, not-authorized-production-phi, and not-authorized-live-care authority.","route":"/api/release-continuity","nextAction":"Keep live PHI, live clinical care, payer submission, patient outreach, EHR writeback, and production connector use blocked.","safetyBoundary":"SCRIMED Diligence Release Gate summarizes no-secret buyer diligence readiness while preserving NO-GO boundaries for protected AAL2 proof, public distribution, production release, PHI processing, certification, and live clinical care."}],"allowedClaims":["SCRIMED has no-secret synthetic buyer diligence evidence metadata available for review.","SCRIMED separates shareable release metadata from protected AAL2 proof blockers.","SCRIMED keeps public distribution, production approval, PHI authority, certification, and live clinical care externally gated."],"blockedClaims":["production release approved","public distribution approved","strict AAL2 proof retained","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved","clinical validation completed"],"requiredNextActions":["Attach only no-secret release ledger and promotion queue metadata to buyer diligence.","Retain strict AAL2 proof only after a human operator run creates protected no-secret packet metadata.","Run Claim Guard before any public language expands beyond current-state readiness.","Route legal, privacy, security, clinical, reimbursement, regional, certification, connector, and customer go-live claims to qualified review."],"boundary":"SCRIMED Diligence Release Gate summarizes no-secret buyer diligence readiness while preserving NO-GO boundaries for protected AAL2 proof, public distribution, production release, PHI processing, certification, and live clinical care."}