{"ok":true,"data":{"service":"scrimed-work-production-hardening-gate","status":"operator_action_required","generatedAt":"2026-07-14T00:00:00.000Z","storageMode":"protected-supabase-rpc-aal2","canRunStrictNonProductionSmoke":false,"canaryEligible":false,"noProductionAuthorization":true,"noPhiAuthority":true,"noAutonomousClinicalAuthority":true,"summary":{"totalGates":14,"evidenceReady":11,"operatorRequired":3,"blocked":0,"automationSafeGates":5},"gates":[{"gateId":"scrimed-work-boundary-controls","domain":"safety","title":"Safety boundaries remain enforced","status":"evidence_ready","severity":"critical","requiredFor":"Any SCRIMED Work demo, buyer diligence, or protected non-production smoke.","evidence":["X-SCRIMED-Clinical-Care-Authority=not-authorized-live-care","X-SCRIMED-EHR-Writeback=not-authorized","X-SCRIMED-Payer-Submission=not-authorized","X-SCRIMED-Consequential-Actions=disabled-by-default"],"blocker":null,"operatorAction":"Keep boundary headers and fail-closed checks in every new SCRIMED Work route.","automationSafe":true,"retainedBoundary":"No live PHI, autonomous clinical action, payer submission, EHR writeback, certification claim, or customer go-live authority."},{"gateId":"scrimed-work-definition-of-done","domain":"verification","title":"Definition-of-Done and verification are mandatory","status":"evidence_ready","severity":"high","requiredFor":"Agentic session planning, artifact generation, and completion decisions.","evidence":["DefinitionOfDoneContract","verifyScrimedWorkResult","detectDoomLoop","human-approval-state check"],"blocker":null,"operatorAction":"Keep completion blocked unless schema, citation, policy, rollback, budget, loop, and approval checks pass.","automationSafe":true,"retainedBoundary":"An agent narrative alone is never sufficient proof of completion."},{"gateId":"scrimed-work-protected-writes-flag","domain":"operator-runtime","title":"Protected write feature flag","status":"evidence_ready","severity":"high","requiredFor":"Authenticated protected session, transition, and artifact write smokes.","evidence":["SCRIMED_WORK_PROTECTED_WRITES_ENABLED=true"],"blocker":null,"operatorAction":"Enable SCRIMED_WORK_PROTECTED_WRITES_ENABLED=true only in an approved non-production target.","automationSafe":false,"retainedBoundary":"Protected writes cannot enable consequential clinical, payer, EHR, outreach, or customer go-live actions."},{"gateId":"scrimed-work-lifecycle-integrity","domain":"verification","title":"Authoritative lifecycle and independent review","status":"evidence_ready","severity":"critical","requiredFor":"Every protected session transition and completion decision.","evidence":["evaluateWorkSessionTransition","authoritative durable read before mutation","database row lock and append-only status history","tenant-scoped transition idempotency ledger","independent reviewer separation of duties"],"blocker":null,"operatorAction":"Keep the TypeScript policy and database transition matrix aligned through the lifecycle behavior test and migration preflight.","automationSafe":true,"retainedBoundary":"High-risk clinical approval stays blocked until a separately verified clinician-reviewer identity can be bound."},{"gateId":"scrimed-work-artifact-review-binding","domain":"verification","title":"Durable independent artifact review binding","status":"evidence_ready","severity":"critical","requiredFor":"Verified internal completion of any protected SCRIMED Work artifact.","evidence":["reviewer-only AAL2 durable RPC","creator/reviewer separation of duties","database-verifiable reviewer and decision hashes","immutable artifact mutation scope","mandatory verification before internal-use approval","external distribution and payer submission fixed false"],"blocker":null,"operatorAction":"Keep review and completion behind separate AAL2 reviewer identity, idempotency, authoritative durable state, and mandatory verification.","automationSafe":true,"retainedBoundary":"Reviewed means verified for internal synthetic use only; it grants no payer, EHR, clinical, connector, external-distribution, certification, or go-live authority."},{"gateId":"scrimed-work-reviewer-queue","domain":"verification","title":"Reviewer-only artifact queue","status":"evidence_ready","severity":"critical","requiredFor":"Operationally usable separation of duties for protected SCRIMED Work artifacts.","evidence":["reviewer-only AAL2 and tenant-scoped queue RPC","bounded synthetic/no-PHI metadata response","creator/reviewer exclusion in application and database policy","audit event on every queue read","no raw artifact payload or free-text reviewer input","external distribution and payer submission fixed false"],"blocker":null,"operatorAction":"Retain reviewer-queue migration and advisor evidence, then validate the queue with a separately enrolled reviewer identity.","automationSafe":true,"retainedBoundary":"Queue visibility and internal review grant no live-PHI, clinical, payer, EHR, connector, external-distribution, certification, go-live, or production authority."},{"gateId":"scrimed-work-durable-store-flag","domain":"durable-store","title":"Durable store feature flag","status":"evidence_ready","severity":"high","requiredFor":"Supabase RPC-backed SCRIMED Work persistence.","evidence":["SCRIMED_WORK_DURABLE_STORE_ENABLED=true","storageMode=protected-supabase-rpc-aal2"],"blocker":null,"operatorAction":"Enable SCRIMED_WORK_DURABLE_STORE_ENABLED=true only after the non-production migration is applied.","automationSafe":false,"retainedBoundary":"Durable persistence stores metadata-only sessions, artifacts, audit events, and verification evidence."},{"gateId":"scrimed-work-supabase-runtime","domain":"auth","title":"Supabase runtime configuration","status":"evidence_ready","severity":"critical","requiredFor":"AAL2 RBAC/RLS protected durable-store smoke.","evidence":["NEXT_PUBLIC_SUPABASE_URL configured","NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY configured"],"blocker":null,"operatorAction":"Configure only the approved non-production Supabase URL and publishable key.","automationSafe":false,"retainedBoundary":"No Supabase service-role key or secret key may be exposed to browser code, logs, tests, or chat."},{"gateId":"scrimed-work-runtime-authorization-token","domain":"auth","title":"Server-held runtime authorization token","status":"evidence_ready","severity":"critical","requiredFor":"Protected Supabase RPC mutation routes.","evidence":["SCRIMED_PILOT_INTAKE_PERSISTENCE_TOKEN configured"],"blocker":null,"operatorAction":"Set the runtime token through secure local or Vercel environment handling; never commit it.","automationSafe":false,"retainedBoundary":"Token values are never printed, persisted in source, or included in telemetry."},{"gateId":"scrimed-work-aal2-operator-session","domain":"auth","title":"Fresh AAL2 operator bearer session","status":"operator_required","severity":"critical","requiredFor":"Strict authenticated durable-store smoke.","evidence":["SCRIMED_BEARER_TOKEN is missing or expired."],"blocker":"Fresh tenant-admin or pilot-lead AAL2 bearer token required.","operatorAction":"Generate a fresh short-lived tenant-admin or pilot-lead AAL2 bearer token immediately before strict smoke.","automationSafe":false,"retainedBoundary":"A bearer token alone does not grant production authority or bypass tenant role checks."},{"gateId":"scrimed-work-aal2-reviewer-session","domain":"auth","title":"Distinct AAL2 reviewer bearer session","status":"operator_required","severity":"critical","requiredFor":"Reviewer-only queue, independent approval, artifact review, and completion evidence.","evidence":["A distinct SCRIMED_REVIEWER_BEARER_TOKEN is missing or expired."],"blocker":"A separately enrolled human reviewer with fresh AAL2 is required.","operatorAction":"Enroll a genuinely separate reviewer, activate reviewer membership, then capture a fresh reviewer AAL2 token without printing it.","automationSafe":false,"retainedBoundary":"Aliases, duplicated sessions, and a second token for the same user do not satisfy independent review."},{"gateId":"scrimed-work-workspace-scope","domain":"auth","title":"Tenant workspace scope","status":"evidence_ready","severity":"high","requiredFor":"Tenant-isolated SCRIMED Work durable mutation routes.","evidence":["SCRIMED_WORKSPACE_SLUG or SCRIMED_WORK_DEFAULT_WORKSPACE_SLUG configured"],"blocker":null,"operatorAction":"Set the approved non-production workspace slug, usually atlas-synthetic-evaluation.","automationSafe":false,"retainedBoundary":"Cross-tenant context leakage remains prohibited."},{"gateId":"scrimed-work-migration-application","domain":"durable-store","title":"Non-production migration application","status":"evidence_ready","severity":"critical","requiredFor":"Real Supabase durable-store validation.","evidence":["supabase/migrations/20260709193000_scrimed_work_durable_store.sql exists","supabase/migrations/20260713160000_scrimed_work_lifecycle_hardening.sql exists","supabase/migrations/20260713163000_scrimed_work_advisor_index_hardening.sql exists","supabase/migrations/20260713210000_scrimed_work_artifact_review_binding.sql exists","supabase/migrations/20260714163930_scrimed_work_reviewer_queue.sql exists","supabase/migrations/20260715143000_scrimed_work_review_queue_approval_step.sql exists","scripts/scrimed-work-durable-store-preflight.mjs validates migration posture","migrationEvidenceId=supabase-yxacqdf-scrimed-work-20260713","reviewApprovalMigrationEvidenceId=scrimed-work-review-queue-approval-20260715-verified"],"blocker":null,"operatorAction":"Retain migration history, RLS/grant checks, and post-migration advisor evidence with this release.","automationSafe":false,"retainedBoundary":"This code path does not mutate live Supabase, apply migrations, or approve production deployment."},{"gateId":"scrimed-work-canary-release","domain":"release-control","title":"No-PHI canary workspace","status":"operator_required","severity":"high","requiredFor":"Buyer-facing protected workflow readiness.","evidence":["Canary requires strict preflight plus two-identity authenticated lifecycle success."],"blocker":"A protected two-identity lifecycle canary has not been bound to reviewed nonsecret evidence.","operatorAction":"Run one no-PHI protected workspace canary with distinct operator and reviewer identities, then bind reviewed evidence before buyer-facing mutations.","automationSafe":false,"retainedBoundary":"Canary success is not certification, clinical validation, production connector approval, or customer go-live."}],"nextOperatorActions":["Refresh short-lived AAL2 tokens for a tenant-admin or pilot-lead operator and a genuinely separate reviewer immediately before strict smoke.","Configure non-production Supabase URL, publishable key, runtime authorization token, workspace slug, protected writes flag, and durable-store flag.","Retain reviewed migration evidence supabase-yxacqdf-scrimed-work-20260713 with the release packet.","Run npm run smoke:scrimed-work:durable-store-preflight:strict.","Run npm run smoke:scrimed-work:strict.","Run npm run smoke:scrimed-work:two-identity:strict and retain its no-secret audit identifiers.","Bind successful two-identity evidence to SCRIMED_WORK_TWO_IDENTITY_CANARY_EVIDENCE_ID before release promotion."],"strictSmokeCommands":["npm run smoke:scrimed-work:durable-store-preflight:strict","npm run smoke:scrimed-work:strict","npm run smoke:scrimed-work:two-identity:strict"],"retainedBoundaries":["No live PHI.","No autonomous diagnosis, treatment, prescribing, patient outreach, payer submission, EHR writeback, or final imaging interpretation.","No production connector approval, certification claim, clinical validation claim, or customer go-live claim.","No secrets, bearer tokens, Supabase keys, raw connector payloads, or sensitive document text in logs, telemetry, tests, docs, or UI."]},"meta":{"requestId":"req_scrimed-intel-59e1","traceId":"trace_scrimed-intel-5a80","timestamp":"2026-07-09T00:00:00.000Z"}}