{"service":"scrimed-release-evidence-freshness-guard","status":"release-evidence-freshness-guard-active-no-secret","route":"/release-continuity#release-evidence-freshness-guard","apiRoute":"/api/release-continuity/evidence-freshness-guard","briefRoute":"/api/release-continuity/evidence-freshness-guard/brief","generatedAt":"static-no-secret-freshness-policy","noPhiConfirmed":true,"tokenMaterialCaptured":false,"productionApproval":false,"clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","releaseAuthority":"not-release-approval","securityCertification":"not-security-certified","freshnessAuthority":"fresh-rerun-required-before-external-use","publicDistributionAuthority":"not-authorized","customerSpecificAuthority":"not-authorized-without-customer-permission","sourceLedgerStatus":"release-evidence-ledger-active-no-secret","sourcePromotionStatus":"release-evidence-promotion-queue-active-human-gated","cardCount":10,"internalFreshCount":2,"refreshRequiredCount":5,"humanAal2RefreshCount":2,"qualifiedReviewRefreshCount":1,"freshnessHash":"freshness-95ba01b3","cards":[{"id":"freshness-generated-integrity","sourceEntryId":"generated-integrity","label":"Generated workspace integrity","command":"npm run integrity","artifactRoute":"/api/release-continuity","evidenceHash":"release-evidence-207fc4a3","evidenceType":"static-check","sourceStatus":"passed-no-secret","freshnessStatus":"fresh-for-internal-readiness","maxAgeHours":24,"internalUseAuthority":"allowed-no-secret-readiness-metadata","externalUseAuthority":"internal-no-secret-only-refresh-before-external-use","refreshTrigger":"Refresh after source, dependency, environment, generated output, build, or release packaging changes.","requiredReviewer":"release steward before external reuse","blockedClaims":["freshness guard is production release approval","freshness guard is public distribution approval","stale evidence approved for buyer use","strict AAL2 proof refreshed without human operator","customer-specific evidence approved","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved"],"safetyBoundary":"Integrity evidence contains source-shape metadata only and must not include secrets, PHI, raw logs, or customer data."},{"id":"freshness-nonsecret-regression-suite","sourceEntryId":"nonsecret-regression-suite","label":"Nonsecret regression suite","command":"npm run test:nonsecret","artifactRoute":"/api/investor-readiness/status","evidenceHash":"release-evidence-2d7a7b80","evidenceType":"contract-smoke","sourceStatus":"passed-no-secret","freshnessStatus":"refresh-required-before-external-sharing","maxAgeHours":24,"internalUseAuthority":"allowed-no-secret-readiness-metadata","externalUseAuthority":"refresh-required-before-external-use","refreshTrigger":"Refresh after source, schema, route, safety, evidence, model, durable-store, or contract changes.","requiredReviewer":"release steward + claim guard reviewer","blockedClaims":["freshness guard is production release approval","freshness guard is public distribution approval","stale evidence approved for buyer use","strict AAL2 proof refreshed without human operator","customer-specific evidence approved","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved"],"safetyBoundary":"Nonsecret regression evidence must run with bearer-token, sales QA token, and Supabase session environment cleared."},{"id":"freshness-typecheck-lint-build","sourceEntryId":"typecheck-lint-build","label":"Typecheck, lint, and production build","command":"npm run typecheck && npm run lint && npm run build","artifactRoute":"/api/release-continuity","evidenceHash":"release-evidence-22f9f705","evidenceType":"static-check","sourceStatus":"passed-no-secret","freshnessStatus":"fresh-for-internal-readiness","maxAgeHours":24,"internalUseAuthority":"allowed-no-secret-readiness-metadata","externalUseAuthority":"internal-no-secret-only-refresh-before-external-use","refreshTrigger":"Refresh after source, dependency, environment, generated output, build, or release packaging changes.","requiredReviewer":"release steward before external reuse","blockedClaims":["freshness guard is production release approval","freshness guard is public distribution approval","stale evidence approved for buyer use","strict AAL2 proof refreshed without human operator","customer-specific evidence approved","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved"],"safetyBoundary":"Build evidence can mention known local SWC fallback warnings, but must not include secrets, tokens, PHI, or customer payloads."},{"id":"freshness-clinical-robustness-lab-contract","sourceEntryId":"clinical-robustness-lab-contract","label":"Clinical Robustness Lab contract","command":"npm run smoke:clinical-robustness-lab","artifactRoute":"/api/clinical-robustness-lab","evidenceHash":"release-evidence-acbcab0e","evidenceType":"contract-smoke","sourceStatus":"passed-no-secret","freshnessStatus":"refresh-required-before-external-sharing","maxAgeHours":24,"internalUseAuthority":"allowed-no-secret-readiness-metadata","externalUseAuthority":"refresh-required-before-external-use","refreshTrigger":"Refresh after source, schema, route, safety, evidence, model, durable-store, or contract changes.","requiredReviewer":"release steward + claim guard reviewer","blockedClaims":["freshness guard is production release approval","freshness guard is public distribution approval","stale evidence approved for buyer use","strict AAL2 proof refreshed without human operator","customer-specific evidence approved","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved"],"safetyBoundary":"Clinical robustness evidence is synthetic/demo use only and is not clinical validation, diagnosis, treatment, prescribing, or live patient-care authority."},{"id":"freshness-execution-attempt-durable-store-contract","sourceEntryId":"execution-attempt-durable-store-contract","label":"Execution Attempt Durable Store contract","command":"npm run smoke:execution-attempt-durable-store","artifactRoute":"/api/workflows/execution-attempts/durable-store","evidenceHash":"release-evidence-a39ec62e","evidenceType":"contract-smoke","sourceStatus":"passed-no-secret","freshnessStatus":"refresh-required-before-external-sharing","maxAgeHours":24,"internalUseAuthority":"allowed-no-secret-readiness-metadata","externalUseAuthority":"refresh-required-before-external-use","refreshTrigger":"Refresh after source, schema, route, safety, evidence, model, durable-store, or contract changes.","requiredReviewer":"release steward + claim guard reviewer","blockedClaims":["freshness guard is production release approval","freshness guard is public distribution approval","stale evidence approved for buyer use","strict AAL2 proof refreshed without human operator","customer-specific evidence approved","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved"],"safetyBoundary":"Durable-store contract evidence proves source controls and fail-closed posture only; protected writes still require AAL2 and target enablement."},{"id":"freshness-compute-fabric-migration-preflight","sourceEntryId":"compute-fabric-migration-preflight","label":"Compute Fabric durable-store migration preflight","command":"npm run smoke:scrimed-compute-fabric:migration-preflight","artifactRoute":"/api/scrimed-compute-fabric/migration-preflight","evidenceHash":"release-evidence-e715f634","evidenceType":"contract-smoke","sourceStatus":"passed-no-secret","freshnessStatus":"refresh-required-before-external-sharing","maxAgeHours":24,"internalUseAuthority":"allowed-no-secret-readiness-metadata","externalUseAuthority":"refresh-required-before-external-use","refreshTrigger":"Refresh after source, schema, route, safety, evidence, model, durable-store, or contract changes.","requiredReviewer":"release steward + claim guard reviewer","blockedClaims":["freshness guard is production release approval","freshness guard is public distribution approval","stale evidence approved for buyer use","strict AAL2 proof refreshed without human operator","customer-specific evidence approved","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved"],"safetyBoundary":"Compute Fabric migration preflight evidence proves source controls, trigger guards, projection fields, rollback plan, and no-live-model-call posture only; it does not apply migrations or prove live Supabase state."},{"id":"freshness-aal2-smoke-readiness-preflight","sourceEntryId":"aal2-smoke-readiness-preflight","label":"AAL2 smoke readiness preflight","command":"npm run smoke:aal2:readiness","artifactRoute":"/api/qa-evidence/aal2-smoke-readiness","evidenceHash":"release-evidence-4ead6ebf","evidenceType":"aal2-preflight","sourceStatus":"aal2-smoke-readiness-preflight-ready-no-secret","freshnessStatus":"refresh-required-before-external-sharing","maxAgeHours":2,"internalUseAuthority":"allowed-no-secret-readiness-metadata","externalUseAuthority":"refresh-required-before-external-use","refreshTrigger":"Refresh after source, dependency, environment, generated output, build, or release packaging changes.","requiredReviewer":"release steward + claim guard reviewer","blockedClaims":["freshness guard is production release approval","freshness guard is public distribution approval","stale evidence approved for buyer use","strict AAL2 proof refreshed without human operator","customer-specific evidence approved","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved"],"safetyBoundary":"SCRIMED AAL2 Smoke Readiness is a no-secret operator preflight for synthetic AAL2 durable-store and stored-vector RPC smoke tests. It does not mint, expose, retain, validate, or bypass bearer tokens; protected APIs remain the source of truth for role, AAL2, feature flag, tenant, and RLS verification."},{"id":"freshness-strict-aal2-durable-store-smoke","sourceEntryId":"strict-aal2-durable-store-smoke","label":"Strict AAL2 durable-store smoke","command":"npm run smoke:aal2:durable-store:strict","artifactRoute":"/api/workflows/execution-attempts/durable-store","evidenceHash":"release-evidence-15bc543c","evidenceType":"strict-protected-smoke","sourceStatus":"blocked-until-human-aal2","freshnessStatus":"blocked-until-human-aal2-refresh","maxAgeHours":1,"internalUseAuthority":"allowed-no-secret-readiness-metadata","externalUseAuthority":"blocked-until-fresh-human-aal2-retained-packet","refreshTrigger":"Run only with a fresh short-lived human AAL2 session and retain no-secret protected packet metadata.","requiredReviewer":"authorized tenant-admin/pilot-lead/reviewer AAL2 operator + release steward","blockedClaims":["freshness guard is production release approval","freshness guard is public distribution approval","stale evidence approved for buyer use","strict AAL2 proof refreshed without human operator","customer-specific evidence approved","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved"],"safetyBoundary":"Strict durable-store evidence may retain only no-secret status, command name, workspace slug, role class, audit metadata, and packet hashes after a human AAL2 run."},{"id":"freshness-strict-stored-vector-rpc-smoke","sourceEntryId":"strict-stored-vector-rpc-smoke","label":"Strict stored-vector RPC smoke","command":"npm run smoke:scrimed-stored-vector-rpc:strict","artifactRoute":"/api/scrimed-build-roadmap/stored-vector-rpc-smoke","evidenceHash":"release-evidence-07b73b12","evidenceType":"strict-protected-smoke","sourceStatus":"blocked-until-human-aal2","freshnessStatus":"blocked-until-human-aal2-refresh","maxAgeHours":1,"internalUseAuthority":"allowed-no-secret-readiness-metadata","externalUseAuthority":"blocked-until-fresh-human-aal2-retained-packet","refreshTrigger":"Run only with a fresh short-lived human AAL2 session and retain no-secret protected packet metadata.","requiredReviewer":"authorized tenant-admin/pilot-lead/reviewer AAL2 operator + release steward","blockedClaims":["freshness guard is production release approval","freshness guard is public distribution approval","stale evidence approved for buyer use","strict AAL2 proof refreshed without human operator","customer-specific evidence approved","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved"],"safetyBoundary":"Stored-vector strict evidence must not expose raw embeddings, token material, PHI, production patient matching, or customer data."},{"id":"freshness-qualified-external-approval-review","sourceEntryId":"qualified-external-approval-review","label":"Qualified external approval review","command":"external qualified review","artifactRoute":"/approvals-readiness","evidenceHash":"release-evidence-c9d0e8a6","evidenceType":"external-review","sourceStatus":"external-review-required","freshnessStatus":"blocked-until-qualified-review-refresh","maxAgeHours":null,"internalUseAuthority":"allowed-no-secret-readiness-metadata","externalUseAuthority":"blocked-until-qualified-review-confirms-current","refreshTrigger":"Refresh when qualified external reviewer confirms evidence is current for the exact claim and recipient scope.","requiredReviewer":"qualified legal/privacy/security/clinical/buyer reviewer","blockedClaims":["freshness guard is production release approval","freshness guard is public distribution approval","stale evidence approved for buyer use","strict AAL2 proof refreshed without human operator","customer-specific evidence approved","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved"],"safetyBoundary":"External approval evidence must be retained outside public source until qualified legal, privacy, security, clinical, buyer, or certification-body review authorizes use."}],"freshnessRules":["Static no-secret evidence may support internal readiness tracking, but external packet language requires a fresh rerun or human reviewer confirmation.","Contract, lint, typecheck, build, and public-smoke evidence should be refreshed before buyer, investor, security, clinical, or customer-specific use.","Protected AAL2 evidence remains blocked until a fresh authorized tenant-admin, pilot-lead, or reviewer session produces retained no-secret packet metadata.","External-review evidence remains blocked until qualified legal, privacy/security, clinical/regulatory, buyer-authorization, or certification-body review exists.","Freshness records may include command names, status labels, routes, review owners, refresh triggers, and hashes only; never include raw logs, bearer tokens, JWTs, Supabase keys, PHI, or customer data."],"blockedClaims":["freshness guard is production release approval","freshness guard is public distribution approval","stale evidence approved for buyer use","strict AAL2 proof refreshed without human operator","customer-specific evidence approved","PHI processing authorized","live clinical care authorized","security or compliance certified","production connector approved","customer go-live approved"],"boundary":"SCRIMED Release Evidence Freshness Guard is a no-secret recency and revalidation policy for release evidence. It does not rerun commands, store logs, store PHI, capture tokens, certify evidence, approve public distribution, approve production release, approve customer go-live, or authorize live clinical care."}