Operations readiness
Make every blocker visible, owned, and replaceable before it slows SCRIMED down.
SCRIMED operational readiness tracks deployment, sales, domain, and quality blockers for the synthetic pilot and enterprise evaluation product. It does not authorize live clinical execution.
Blocker register
Publishing, deployment, DNS, Wix routing, and security decisions get explicit owners.
GitHub push authentication is configured for the current workspace.
SCRIMED commits can now be pushed through the authenticated GitHub CLI path, allowing Vercel Git integration to deploy from `main`.
- GitHub CLI authenticated as `temitayodahunsi777`; `git push origin main` successfully publishes reviewed local commits to GitHub.
- Keep GitHub CLI authentication active for future local pushes.
- Prefer normal `git push origin main` after local commits are reviewed.
- Use GitHub connector publishing only as a fallback when local Git auth is unavailable.
- Fallback: Re-run GitHub device auth or use the connected GitHub app for a connector-backed branch after accepting the history reconciliation plan.
A controlled Node.js quality path is available even when npm is unavailable in the local shell.
Integrity, lint, TypeScript validation, and production builds can run before promotion without relying on the npm shell command.
- `npm` is unavailable in the current local shell, so SCRIMED uses direct Node entrypoints: `node scripts/check-generated-integrity.mjs`, `node node_modules/eslint/bin/eslint.js .`, `node node_modules/typescript/bin/tsc --noEmit`, and `node node_modules/next/dist/bin/next build --webpack`.
- Keep the committed lockfile synchronized with intentional dependency changes.
- Use direct Node entrypoints when npm is unavailable.
- Use Vercel production deploys and GitHub Actions as independent remote verification paths.
- Restore npm only as a convenience path, not as the single quality gate.
- Fallback: If local Node entrypoints fail, rely on Vercel deployment status, GitHub Actions, and route smoke checks while the local toolchain is repaired.
Vercel Git deployment path is working from GitHub `main`.
Production deploys can proceed through GitHub push even without a local Vercel CLI install.
- Vercel production deploys from pushed GitHub `main` commits and has returned READY for the latest pushed SCRIMED product builds.
- Use GitHub push as the primary deploy trigger.
- Monitor Vercel production deployments after each pushed commit.
- Install Vercel CLI only if manual deployment, env management, or domain operations require it.
- Fallback: Use the Vercel dashboard or connector inspection if the CLI is unavailable.
`app.scrimedsolutions.com` is connected to the Vercel product app.
Buyers can reach the SCRIMED product through a branded domain without needing Vercel accounts.
- The production deployment lists `app.scrimedsolutions.com` as an alias, and `https://app.scrimedsolutions.com/api/health` returns HTTP 200 with SCRIMED ready status.
- Keep `app.scrimedsolutions.com` attached to the Vercel `scrimed-site` production deployment.
- Monitor DNS, SSL, and health-route availability after domain or deployment changes.
- Keep Wix product CTAs pointed to the branded app domain.
- Fallback: Use `https://scrimed-site.vercel.app` if the branded product domain experiences an outage.
Sandbox DNS failures are now classified separately from production domain health.
Restricted Codex sandbox runs can return `getaddrinfo ENOTFOUND app.scrimedsolutions.com`; launch operators can now distinguish that false negative from a real branded-domain outage.
- `/launch-readiness`, `/api/launch-readiness`, and `npm run smoke:launch-domain-preflight` define the strict primary-domain gate and fallback continuity path.
- Run strict public smoke against `https://app.scrimedsolutions.com` from approved network access before launch.
- Run `npm run smoke:launch-domain-preflight` to classify sandbox DNS failures and fallback reachability.
- Keep fallback Vercel URL success as continuity evidence only, never launch approval.
- Fallback: Use `SCRIMED_ALLOW_DNS_FALLBACK=1 npm run smoke:launch-domain-preflight` for internal continuity proof when the sandbox cannot resolve the branded domain.
Competitor pressure, legal/privacy/cyber claims, and infiltration-risk language now require an explicit hardening lane before public expansion.
SCRIMED can respond to Abridge, Ambience, Nabla, Suki, Microsoft, Oracle Health, Hippocratic AI, Notable, Commure, Cohere, and similar buyer comparisons without copying, overclaiming, exposing PHI, or implying security certification.
- `/competitive-defense`, `/api/competitive-defense`, and `/api/competitive-defense/brief` expose threat profiles, weakness relief, legal/privacy/cyber controls, infiltration-deterrence layers, external review gates, and no-authority headers.
- Run competitor, legal, privacy, security, claims, and investor statements through Competitive Defense before public use.
- Keep security-certification, penetration-test, PHI, legal-advice, customer-release, competitor-partnership, and attack-guarantee claims blocked until qualified review.
- Treat public APIs, protected workspaces, agent tools, health-record paths, claims, and build/dependency pipeline as explicit infiltration-deterrence layers.
- Fallback: If a claim cannot be mapped to a defense profile, proof route, and external-review gate, keep it internal or route it to `/limitations-workarounds`.
Wix CTAs are connected to SCRIMED product routes.
Buyers can move from the official website into product, pricing, evaluation, and pilot-intake experiences.
- The website administrator confirmed the Wix CTAs are connected, and the branded product domain is active.
- Keep View Product Console, Review Pricing, Run Evaluation, and Request Pilot buttons mapped to the intended routes.
- Keep CTA targets on `https://app.scrimedsolutions.com/product`, `/pricing`, `/evaluation`, and `/pilot`.
- Re-run buyer-path smoke checks after any Wix or product-domain change.
- Fallback: Share direct Vercel links manually during buyer conversations.
Public vs protected route policy needs an explicit decision before broad buyer access.
If deployment protection is on, buyers may hit Vercel authentication. If off, public preview routes need careful no-PHI boundaries.
- Earlier protected Vercel URLs required connector-authenticated checks.
- Keep public preview routes no-PHI and synthetic-only.
- Decide which routes are public: `/`, `/product`, `/pricing`, `/evaluation`, `/pilot`, `/trust`.
- Keep future tenant dashboards protected behind auth.
- Fallback: Use Vercel share links or authenticated demos for early enterprise review.
Buyer route checklist
Official website traffic should land in the product without buyer Vercel accounts.
1. Website discovery
https://www.scrimedsolutions.com to https://app.scrimedsolutions.com/launch-readiness
- Launch Readiness exposes primary-domain, fallback-domain, service path, hard-stop, and no-authority launch boundaries.
2. Defense and trust review
https://www.scrimedsolutions.com to https://app.scrimedsolutions.com/competitive-defense
- Competitive Defense exposes no-copy, no-PHI, no-certification, no-penetration-test, no-partnership, and no-protection-guarantee boundaries.
3. Product discovery
https://www.scrimedsolutions.com to https://app.scrimedsolutions.com/product
- CTA opens Product Console without requiring buyer-owned Vercel access.
4. Commercial review
https://www.scrimedsolutions.com to https://app.scrimedsolutions.com/pricing
- Pricing page shows public preview, assessment, synthetic pilot, protected pilot, enterprise license, and strategic partnership tiers.
5. Product proof
https://app.scrimedsolutions.com/product to https://app.scrimedsolutions.com/evaluation
- Synthetic evaluation generates task plan, Trust Card, audit preview, and observability packet.
6. Sales conversion
https://app.scrimedsolutions.com/evaluation to https://app.scrimedsolutions.com/pilot
- Pilot intake rejects PHI and produces a CRM-ready handoff packet.
7. Opportunity operations
https://app.scrimedsolutions.com/pilot to https://app.scrimedsolutions.com/sales-operations
- Every accepted no-PHI buyer intake is durably retained and every opportunity mutation, proposal download, and CRM result is auditable.
Enterprise launch gates
Company readiness stays visible alongside deployment readiness.
This center is an operational readiness and claims-control register for SCRIMED's governed synthetic evaluation product. It is not legal advice, a compliance certification, a regulatory determination, or authorization for live clinical execution.
Legal Readiness
The product boundary and prohibited clinical claims are explicit. Final legal documents and regulatory determinations require qualified counsel.
5 controlled requirementsSecurity Readiness
The application maintains synthetic-only boundaries, deny-by-default execution routes, reproducible builds, and baseline browser security headers. A formal security program and independent testing remain required.
4 controlled requirementsPrivacy Readiness
Public product flows prohibit PHI and minimize captured data. Final notices, processing records, retention schedules, and regional assessments remain required.
4 controlled requirementsBrand Readiness
Company name, slogan, visual language, official Wix site, branded product domain, Atlas, and FaithCore boundaries are documented.
5 controlled requirementsAI & Enterprise Governance
Agent registry, TrustQA, Trust Cards, AI Asset Registry, audit surfaces, human approvals, deny-by-default routes, and quality gates are active for synthetic evaluation.
4 controlled requirementsMarketing Readiness
Product copy consistently presents governed synthetic evaluations, operational intelligence, human review, and explicit production exclusions.
4 controlled requirementsPublic Relations Readiness
The mission, product boundary, official website, founder, and approved claims are documented. Formal media and crisis processes remain to be approved.
4 controlled requirementsSales Readiness
Pricing, offers, demos, pilot programs, no-PHI intake, branded product routing, readiness brief, and proof stack are available.
4 controlled requirementsAdvertising Readiness
Approved and prohibited claims are centralized. Paid campaign controls, substantiation packets, targeting policy, and review workflow remain required.
4 controlled requirementsOperating principles
Zero known blockers means a system for finding and owning every blocker.
No silent blockers
Every blocked tool, auth issue, deployment gap, and manual action must appear in readiness output with owner and fallback.
No unbounded healthcare claims
Every buyer-facing route must preserve synthetic/evaluation boundaries until approved production controls exist.
No orphan surfaces
Every new page needs a route, API where useful, Hub entry, Product Console linkage, and documentation entry.
No buyer confusion
Wix is the official marketing site; Vercel is the product app; buyers do not need Vercel accounts.
No production promotion by vibes
Promotion requires build verification, deployment verification, route smoke tests, auth/DNS checks, and documented rollback path.
No unreviewed competitor or security claims
Every competitor comparison, cybersecurity claim, privacy claim, penetration-test claim, customer-proof claim, and infiltration-risk statement must map to Competitive Defense, a proof route, and qualified review before public use.
No fallback-only launch
Fallback Vercel URLs can preserve internal continuity, but branded-domain smoke must pass before public launch approval.