{"service":"scrimed-release-evidence-ledger","status":"release-evidence-ledger-active-no-secret","route":"/release-continuity#release-evidence-ledger","apiRoute":"/api/release-continuity/evidence-ledger","briefRoute":"/api/release-continuity/evidence-ledger/brief","generatedAt":"static-no-secret-release-evidence","noPhiConfirmed":true,"tokenMaterialCaptured":false,"productionApproval":false,"clinicalCareAuthority":"not-authorized-live-care","phiAuthority":"not-authorized-production-phi","releaseAuthority":"not-release-approval","entryCount":10,"passedNoSecretCount":6,"operatorRequiredCount":2,"externalReviewRequiredCount":1,"entries":[{"id":"generated-integrity","label":"Generated workspace integrity","command":"npm run integrity","status":"passed-no-secret","evidenceType":"static-check","sourceSurface":"Generated Integrity","artifactRoute":"/api/release-continuity","safeFor":["engineering readiness","buyer diligence","investor diligence"],"blockedClaims":["PHI processing authorized","live clinical care authorized","production connector approved","security or compliance certified","buyer proof release approved","strict AAL2 protected writes proven without human operator","customer go-live approved"],"humanReviewRequired":false,"noSecretBoundary":"Integrity evidence contains source-shape metadata only and must not include secrets, PHI, raw logs, or customer data.","replayInstruction":"Run npm run integrity before build or release packaging.","nextAction":"Keep generated cache cleanup in prebuild and pretypecheck.","evidenceHash":"release-evidence-207fc4a3"},{"id":"nonsecret-regression-suite","label":"Nonsecret regression suite","command":"npm run test:nonsecret","status":"passed-no-secret","evidenceType":"contract-smoke","sourceSurface":"SCRIMED Nonsecret Test Suite","artifactRoute":"/api/investor-readiness/status","safeFor":["engineering readiness","platform audit readiness","investor diligence"],"blockedClaims":["PHI processing authorized","live clinical care authorized","production connector approved","security or compliance certified","buyer proof release approved","strict AAL2 protected writes proven without human operator","customer go-live approved"],"humanReviewRequired":false,"noSecretBoundary":"Nonsecret regression evidence must run with bearer-token, sales QA token, and Supabase session environment cleared.","replayInstruction":"Run npm run test:nonsecret before release and after modifying safety, AAL2, release, or investor surfaces.","nextAction":"Promote failures to release blockers until the source contract is restored.","evidenceHash":"release-evidence-2d7a7b80"},{"id":"typecheck-lint-build","label":"Typecheck, lint, and production build","command":"npm run typecheck && npm run lint && npm run build","status":"passed-no-secret","evidenceType":"static-check","sourceSurface":"Next.js Build Pipeline","artifactRoute":"/api/release-continuity","safeFor":["engineering readiness","deployment readiness","buyer diligence"],"blockedClaims":["PHI processing authorized","live clinical care authorized","production connector approved","security or compliance certified","buyer proof release approved","strict AAL2 protected writes proven without human operator","customer go-live approved"],"humanReviewRequired":false,"noSecretBoundary":"Build evidence can mention known local SWC fallback warnings, but must not include secrets, tokens, PHI, or customer payloads.","replayInstruction":"Run static checks and build with the bundled Node path before deploy.","nextAction":"Keep nonzero build, typecheck, or lint results as hard release blockers.","evidenceHash":"release-evidence-22f9f705"},{"id":"clinical-robustness-lab-contract","label":"Clinical Robustness Lab contract","command":"npm run smoke:clinical-robustness-lab","status":"passed-no-secret","evidenceType":"contract-smoke","sourceSurface":"Clinical Robustness Lab","artifactRoute":"/api/clinical-robustness-lab","safeFor":["synthetic clinical readiness","platform audit readiness","investor diligence"],"blockedClaims":["PHI processing authorized","live clinical care authorized","production connector approved","security or compliance certified","buyer proof release approved","strict AAL2 protected writes proven without human operator","customer go-live approved"],"humanReviewRequired":false,"noSecretBoundary":"Clinical robustness evidence is synthetic/demo use only and is not clinical validation, diagnosis, treatment, prescribing, or live patient-care authority.","replayInstruction":"Run npm run smoke:clinical-robustness-lab after modifying clinical robustness scenarios, notices, or scoring.","nextAction":"Escalate clinical score changes to human review before external claims expand.","evidenceHash":"release-evidence-acbcab0e"},{"id":"execution-attempt-durable-store-contract","label":"Execution Attempt Durable Store contract","command":"npm run smoke:execution-attempt-durable-store","status":"passed-no-secret","evidenceType":"contract-smoke","sourceSurface":"Execution Attempt Durable Store","artifactRoute":"/api/workflows/execution-attempts/durable-store","safeFor":["audit readiness","execution evidence binding","buyer diligence"],"blockedClaims":["PHI processing authorized","live clinical care authorized","production connector approved","security or compliance certified","buyer proof release approved","strict AAL2 protected writes proven without human operator","customer go-live approved"],"humanReviewRequired":false,"noSecretBoundary":"Durable-store contract evidence proves source controls and fail-closed posture only; protected writes still require AAL2 and target enablement.","replayInstruction":"Run npm run smoke:execution-attempt-durable-store after touching durable-store APIs, migrations, token policy, or AAL2 readiness.","nextAction":"Run strict AAL2 smoke only with a fresh authorized human token.","evidenceHash":"release-evidence-a39ec62e"},{"id":"compute-fabric-migration-preflight","label":"Compute Fabric durable-store migration preflight","command":"npm run smoke:scrimed-compute-fabric:migration-preflight","status":"passed-no-secret","evidenceType":"contract-smoke","sourceSurface":"SCRIMED Compute Fabric Migration Preflight","artifactRoute":"/api/scrimed-compute-fabric/migration-preflight","safeFor":["database migration readiness","audit readiness","buyer diligence"],"blockedClaims":["PHI processing authorized","live clinical care authorized","production connector approved","security or compliance certified","buyer proof release approved","strict AAL2 protected writes proven without human operator","customer go-live approved"],"humanReviewRequired":false,"noSecretBoundary":"Compute Fabric migration preflight evidence proves source controls, trigger guards, projection fields, rollback plan, and no-live-model-call posture only; it does not apply migrations or prove live Supabase state.","replayInstruction":"Run npm run smoke:scrimed-compute-fabric:migration-preflight after changing Compute Fabric migrations, durable-store projection fields, or migration docs.","nextAction":"Keep status compute-fabric-migration-preflight-ready-no-secret until target migration history and strict AAL2 smoke are verified.","evidenceHash":"release-evidence-e715f634"},{"id":"aal2-smoke-readiness-preflight","label":"AAL2 smoke readiness preflight","command":"npm run smoke:aal2:readiness","status":"aal2-smoke-readiness-preflight-ready-no-secret","evidenceType":"aal2-preflight","sourceSurface":"AAL2 Smoke Readiness","artifactRoute":"/api/qa-evidence/aal2-smoke-readiness","safeFor":["operator readiness","release checklist","investor diligence"],"blockedClaims":["PHI processing authorized","live clinical care authorized","production connector approved","security or compliance certified","buyer proof release approved","strict AAL2 protected writes proven without human operator","customer go-live approved"],"humanReviewRequired":true,"noSecretBoundary":"SCRIMED AAL2 Smoke Readiness is a no-secret operator preflight for synthetic AAL2 durable-store and stored-vector RPC smoke tests. It does not mint, expose, retain, validate, or bypass bearer tokens; protected APIs remain the source of truth for role, AAL2, feature flag, tenant, and RLS verification.","replayInstruction":"Run npm run smoke:aal2:readiness before strict protected smoke.","nextAction":"Supply a fresh authorized tenant-admin, pilot-lead, or reviewer AAL2 token only for strict smoke.","evidenceHash":"release-evidence-4ead6ebf"},{"id":"strict-aal2-durable-store-smoke","label":"Strict AAL2 durable-store smoke","command":"npm run smoke:aal2:durable-store:strict","status":"blocked-until-human-aal2","evidenceType":"strict-protected-smoke","sourceSurface":"Protected Durable Store","artifactRoute":"/api/workflows/execution-attempts/durable-store","safeFor":["operator readiness only until retained strict proof exists"],"blockedClaims":["PHI processing authorized","live clinical care authorized","production connector approved","security or compliance certified","buyer proof release approved","strict AAL2 protected writes proven without human operator","customer go-live approved"],"humanReviewRequired":true,"noSecretBoundary":"Strict durable-store evidence may retain only no-secret status, command name, workspace slug, role class, audit metadata, and packet hashes after a human AAL2 run.","replayInstruction":"Run only after a fresh AAL2 operator token is available and protected writes are enabled on the target.","nextAction":"Retain no-secret outcome metadata and immediately rotate or clear temporary token material.","evidenceHash":"release-evidence-15bc543c"},{"id":"strict-stored-vector-rpc-smoke","label":"Strict stored-vector RPC smoke","command":"npm run smoke:scrimed-stored-vector-rpc:strict","status":"blocked-until-human-aal2","evidenceType":"strict-protected-smoke","sourceSurface":"Stored Vector RPC","artifactRoute":"/api/scrimed-build-roadmap/stored-vector-rpc-smoke","safeFor":["operator readiness only until retained strict proof exists"],"blockedClaims":["PHI processing authorized","live clinical care authorized","production connector approved","security or compliance certified","buyer proof release approved","strict AAL2 protected writes proven without human operator","customer go-live approved"],"humanReviewRequired":true,"noSecretBoundary":"Stored-vector strict evidence must not expose raw embeddings, token material, PHI, production patient matching, or customer data.","replayInstruction":"Run only under the same authorized short-lived human AAL2 boundary as strict durable-store smoke.","nextAction":"Retain only no-secret success/failure metadata and protected route references.","evidenceHash":"release-evidence-07b73b12"},{"id":"qualified-external-approval-review","label":"Qualified external approval review","command":"external qualified review","status":"external-review-required","evidenceType":"external-review","sourceSurface":"Approvals Readiness","artifactRoute":"/approvals-readiness","safeFor":["planning","readiness tracking"],"blockedClaims":["PHI processing authorized","live clinical care authorized","production connector approved","security or compliance certified","buyer proof release approved","strict AAL2 protected writes proven without human operator","customer go-live approved"],"humanReviewRequired":true,"noSecretBoundary":"External approval evidence must be retained outside public source until qualified legal, privacy, security, clinical, buyer, or certification-body review authorizes use.","replayInstruction":"Route expanded claims through Approvals Readiness, Claim Guard, and qualified reviewer signoff.","nextAction":"Do not promote PHI, live-care, certification, connector, or customer go-live claims from this ledger.","evidenceHash":"release-evidence-c9d0e8a6"}],"blockedClaims":["PHI processing authorized","live clinical care authorized","production connector approved","security or compliance certified","buyer proof release approved","strict AAL2 protected writes proven without human operator","customer go-live approved"],"releaseUseRules":["Use ledger entries as no-secret diligence metadata only.","Attach command, status, route, and evidence hash without raw logs or credentials.","Treat operator-required entries as blockers until a fresh authorized human AAL2 run retains safe evidence.","Route all PHI, clinical, security, legal, regulatory, reimbursement, and buyer-release claims to qualified review.","Never paste bearer tokens, JWTs, Supabase keys, service-role credentials, patient data, or customer data into the ledger."],"boundary":"SCRIMED Release Evidence Ledger records no-secret build, smoke, readiness, and protected-operator evidence metadata only. It does not store PHI, patient identifiers, bearer tokens, Supabase secrets, service-role keys, raw logs, production connector payloads, customer data, certification proof, release approval, or live clinical authority."}