Deployment Drift Guard
Detect stale deployments before SCRIMED uses them as proof.
SCRIMED Deployment Drift Guard is a no-secret, synthetic-and-metadata-only release control. It compares source-known route expectations with a target deployment before buyer, investor, or operator promotion. It does not deploy code, commit source, apply migrations, expose PHI, authorize clinical care, approve payer submission, write to EHRs, certify compliance, or approve customer go-live.
This route can identify drift and block promotion, but it does not deploy code, commit source, apply migrations, rotate secrets, or authorize production customer use.
Operating Rule
Local pass plus production 404 means deployment drift, not product readiness.
SCRIMED should block buyer demos, investor proof references, public launch claims, and operator evidence promotion when the target deployment does not serve the same critical routes as the reviewed repository build.
Guarded Routes
Each guarded route has an owner, source evidence, expected status, and drift signal.
/scrimed-market-execution
Market Execution is a buyer and investor narrative surface that packages clean-room competitor intelligence, revenue levers, sales motions, and proof artifacts.
- Owner: Revenue Operations + Release Steward
- Drift signal: A 404 means the live target is behind the current repository build and should not be used as evidence for this capability.
- Boundary: Synthetic business metadata only; no PHI, no autonomous clinical authority, no payer submission, no EHR writeback, no certification claim.
- Evidence: app/scrimed-market-execution/page.tsx, app/api/scrimed-market-execution/route.ts, scripts/scrimed-market-execution-contract-check.mjs, scripts/public-production-smoke.mjs
/enterprise-healthcare-infrastructure
Enterprise Healthcare Infrastructure Readiness proves SCRIMED can discuss HL7/FHIR, DICOM/PACS/RIS/HIS, X12, VPN, firewall, database, VM, and integration-engine readiness without live connector claims.
- Owner: Interoperability + Security + Release Steward
- Drift signal: A 404 means the live target is behind the current hospital-infrastructure readiness build and should not be used for buyer, investor, or implementation proof.
- Boundary: Synthetic infrastructure metadata only; no PHI, no final imaging interpretation, no payer submission, no EHR writeback, no production connector approval, no customer go-live.
- Evidence: app/enterprise-healthcare-infrastructure/page.tsx, app/api/enterprise-healthcare-infrastructure/route.ts, scripts/enterprise-healthcare-infrastructure-contract-check.mjs, scripts/public-production-smoke.mjs
/scrimed-cyber-defense
Cyber Defense anchors security diligence, token redaction posture, protected-route monitoring, and residual-risk communication.
- Owner: Security Lead + Release Steward
- Drift signal: A missing or stale route weakens buyer security diligence and should block external security-readiness claims.
- Boundary: Security readiness only; not a security certification, breach guarantee, PHI authority, or customer go-live approval.
- Evidence: app/scrimed-cyber-defense/page.tsx, app/api/scrimed-cyber-defense/route.ts, scripts/scrimed-cyber-defense-contract-check.mjs
/scrimed-intelligence-platform
The Intelligence Platform route demonstrates the governed AI-native operating-system foundation without live PHI or model calls.
- Owner: Platform Product + Release Steward
- Drift signal: A missing route means the public deployment cannot support investor or buyer diligence for this architecture layer.
- Boundary: Synthetic metadata only; no live clinical authority, external model approval, payer submission, EHR writeback, or customer go-live.
- Evidence: app/scrimed-intelligence-platform/page.tsx, app/api/scrimed-intelligence-platform/route.ts, scripts/scrimed-intelligence-platform-contract-check.mjs
/release-continuity
Release Continuity is the operating lane that keeps public smoke, GitHub checks, AAL2 boundaries, and release evidence visible.
- Owner: Release Steward
- Drift signal: A missing route means operators lose the source-to-production checkpoint before promotion or buyer proof release.
- Boundary: Operational release evidence only; no deploy authority, no protected mutation authority, and no clinical production approval.
- Evidence: app/release-continuity/page.tsx, app/api/release-continuity/route.ts, scripts/public-production-smoke.mjs
/api/deployment-drift-guard
The API gives CI, operators, and buyer-diligence tooling a machine-readable view of deployment drift guardrails.
- Owner: Release Steward + Platform Engineering
- Drift signal: A 404 means the target deployment predates the drift guard and should be treated as stale until redeployed.
- Boundary: No-secret route metadata only; not a commit, deploy, migration, production connector, or go-live authority.
- Evidence: app/api/deployment-drift-guard/route.ts, app/lib/deploymentDriftGuard.ts, scripts/deployment-drift-guard-contract-check.mjs
Runbook
Promotion stays blocked until target smoke and source smoke agree.
Validate source contract
npm run contract:deployment-drift-guard
- Failure action: Fix source registration before build, deploy, or buyer proof references.
Validate local rebuilt app
SCRIMED_BASE_URL=http://127.0.0.1:3048 npm run smoke:deployment-drift-guard
- Failure action: Fix local route, API, or build break before any production deploy.
Validate production target
SCRIMED_BASE_URL=https://app.scrimedsolutions.com npm run smoke:deployment-drift-guard
- Failure action: Treat as deployment drift, deploy the reviewed release candidate, then rerun public and drift smoke.
Block external promotion on drift
npm run smoke:public
- Failure action: Do not use stale routes in buyer demos, investor packets, launch claims, or diligence packets.
Hard Stops
This guard improves release truth without expanding SCRIMED authority.
no live PHI
The guard can classify target drift and block promotion; it cannot relieve clinical, privacy, security, legal, payer, connector, deployment, or customer activation boundaries.
no autonomous clinical care, diagnosis, treatment, prescribing, or final imaging interpretation
The guard can classify target drift and block promotion; it cannot relieve clinical, privacy, security, legal, payer, connector, deployment, or customer activation boundaries.
no payer submission, claim submission, patient outreach, or EHR writeback
The guard can classify target drift and block promotion; it cannot relieve clinical, privacy, security, legal, payer, connector, deployment, or customer activation boundaries.
no production connector approval, customer go-live approval, or public certification claim
The guard can classify target drift and block promotion; it cannot relieve clinical, privacy, security, legal, payer, connector, deployment, or customer activation boundaries.
no raw secrets, bearer tokens, Supabase service keys, credentials, or connector payloads in logs
The guard can classify target drift and block promotion; it cannot relieve clinical, privacy, security, legal, payer, connector, deployment, or customer activation boundaries.
no deploy, commit, migration apply, rollback, or infrastructure mutation authority from this route
The guard can classify target drift and block promotion; it cannot relieve clinical, privacy, security, legal, payer, connector, deployment, or customer activation boundaries.