Release Continuity
SCRIMED keeps live production, source checkpoints, and protected AAL2 proof in one release lane.
This page closes the gap between public smoke, GitHub checkpoints, production deployment proof, and the human AAL2 boundary required for protected happy-path evidence.
Boundary
Continuity proof is operational evidence, not release or clinical authority.
SCRIMED Release Continuity ties live production, source-control checkpoints, no-secret smoke checks, and protected AAL2 operator gates into one operating view. It does not mint tokens, store secrets, bypass AAL2, approve buyer release, authorize PHI processing, certify security or compliance, grant legal approval, or authorize live clinical care.
Release authorization chain
SCRIMED now shows the weakest-link decision before any external packet reference.
SCRIMED Release Authorization Chain composes the no-secret release ledger, evidence freshness guard, diligence gate, packet manifest, recipient qualification matrix, share guard, and AAL2 readiness into one weakest-link control view. It does not approve release, share packets, store recipient identifiers, retain token material, authorize PHI, certify security or compliance, approve customer go-live, or authorize live clinical care.
blocked-by-design
no-secret-metadata-chain-not-release-approval
diligence-release-gate:blocked-by-design
Buyer metadata is still separated from protected proof, public distribution, and clinical authority.
release-authorization-831a9179
Deterministic metadata hash; no token material, PHI, recipient identifiers, or raw logs are captured.
blocked-until-human-aal2
Strict proof remains human AAL2-gated and never authorizes release by itself.
Source checkpoint
Production proof stays tied to commit, tag, deployment, and runtime metadata.
https://app.scrimedsolutions.com
Custom-domain smoke remains the release truth for public availability.
dpl_EjfSCM5YKpWhHKDAa6FGmNDPnJ7K
Last checkpointed production deployment before this continuity layer.
6219f36
scrimed-code-pt2-approvals-readiness-20260623
7bf596c25bed03d6148923e4ab939a2abbfb2fff
main
Gates
Every remaining limitation has an explicit owner and workaround.
Source-control drift
The approvals readiness and buyer release-control release was committed, tagged, pushed, and verified against origin/main.
- Bottleneck: Production-only changes can become hard to audit if Vercel history moves ahead of GitHub.
- Owner: Founder + Release Steward
- Proof: /product, /api/product/console, /api/release-continuity
Public production smoke
Public smoke validates the custom domain, HTML routes, JSON APIs, Markdown briefs, fail-closed protected routes, and approval boundaries.
- Bottleneck: Public readiness can look healthy while protected writes still require explicit AAL2 proof.
- Owner: Release Steward
- Proof: /api/release-continuity, /api/product/console, /qa-evidence
Protected AAL2 happy path
TrustOps, Agent Workspace, and Buyer Release Control fail closed without a tenant-admin or pilot-lead AAL2 session.
- Bottleneck: A terminal cannot safely create or retain a fresh human AAL2 bearer token without crossing the no-secret boundary.
- Owner: Approved tenant-admin or pilot-lead operator
- Proof: /pilot-workspace/access, /buyer-release-control-run, /api/pilot-workspaces/{workspaceSlug}/buyer-release-control-run
AAL2 smoke readiness packet
The no-secret AAL2 smoke readiness packet is exposed for release review while strict protected writes remain human-token and feature-flag gated.
- Bottleneck: A release checklist can prove readiness surfaces exist, but it cannot prove authenticated protected writes without a fresh human AAL2 session.
- Owner: Release Steward + Approved AAL2 Operator
- Proof: /qa-aal2-run-evidence, /api/qa-evidence/aal2-smoke-readiness, /api/qa-evidence/aal2-smoke-readiness/brief
Secret handling
Release scripts skip authenticated mutations unless a deliberate short-lived token is supplied outside the product and outside source control.
- Bottleneck: Automating protected happy-path evidence with stored long-lived tokens would weaken the trust boundary.
- Owner: Security + Operator
- Proof: /qa-run-control, /qa-launch-kit, /qa-human-run-packet
Regulated approval claims
Approvals Readiness and Boundary Resolution keep legal, HIPAA, SOC 2, HITRUST, FDA, ONC, reimbursement, and public customer-permission claims externally gated.
- Bottleneck: SCRIMED can prepare approval evidence, but it cannot self-certify or self-authorize regulated claims.
- Owner: Founder + Legal/Security/Regulatory reviewers
- Proof: /approvals-readiness, /boundary-resolution, /qa-claim-guard
Checks
Release evidence separates automated confidence from human-gated proof.
npm audit
0 vulnerabilities at moderate threshold.
Generated integrity
Generated workspace integrity check passed.
TypeScript and ESLint
TypeScript noEmit and ESLint completed cleanly.
Production public smoke
Custom-domain public smoke passed across release, approval, QA, and fail-closed protected surfaces.
Protected happy path
Fail-closed checks pass; authenticated mutation proof requires fresh human AAL2.
AAL2 smoke readiness preflight
No-secret readiness packet is present; strict durable-store and stored-vector smoke still require a fresh authorized human AAL2 token and target runtime enablement.
External certifications and approvals
Approval tracks are organized but not certified or cleared.
Deployment release checklist
Release readiness keeps no-secret public checks separate from human-gated protected proof.
Generated integrity, typecheck, lint, and build
Local static and contract checks must pass before any production deploy or buyer diligence expansion.
- Route: /api/release-continuity
- Human review required: no
- Boundary: Static checks must run without PHI, credentials, bearer tokens, service-role keys, or production connector payloads.
Public production smoke
Public smoke verifies the deployed domain, public APIs, brief routes, safety headers, and fail-closed protected route posture.
- Route: /api/release-continuity
- Human review required: no
- Boundary: Public smoke must never require or emit bearer tokens, Supabase service-role keys, PHI, or customer data.
AAL2 smoke readiness preflight
No-secret readiness packet confirms operator gates, strict-smoke commands, and fail-closed modes while keeping strict attempt ready false until human AAL2 is present.
- Route: /api/qa-evidence/aal2-smoke-readiness
- Human review required: yes
- Boundary: SCRIMED AAL2 Smoke Readiness is a no-secret operator preflight for synthetic AAL2 durable-store and stored-vector RPC smoke tests. It does not mint, expose, retain, validate, or bypass bearer tokens; protected APIs remain the source of truth for role, AAL2, feature flag, tenant, and RLS verification.
Strict AAL2 durable-store smoke
Authenticated record, replay, and review-disposition proof requires an authorized tenant-admin, pilot-lead, or reviewer session plus protected writes enabled on the target.
- Route: /api/workflows/execution-attempts/durable-store
- Human review required: yes
- Boundary: Strict durable-store smoke must use only short-lived local token material and retain no PHI, credentials, or token values.
Strict stored-vector RPC smoke
Stored-vector lookup proof remains protected by the same AAL2 and tenant-role boundary as durable-store strict smoke.
- Route: /api/scrimed-build-roadmap/stored-vector-rpc-smoke
- Human review required: yes
- Boundary: Stored-vector smoke must not expose raw embeddings, token values, PHI, or production patient matching.
AAL2 smoke readiness
Strict smoke remains blocked until an approved human AAL2 operator supplies a fresh short-lived token.
The readiness packet is public, no-secret release evidence. It does not mint, store, print, or verify token material.
Release evidence ledger
No-secret proof is tracked as metadata; approvals remain externally gated.
SCRIMED Release Evidence Ledger records no-secret build, smoke, readiness, and protected-operator evidence metadata only. It does not store PHI, patient identifiers, bearer tokens, Supabase secrets, service-role keys, raw logs, production connector payloads, customer data, certification proof, release approval, or live clinical authority.
Release evidence promotion
Ledger evidence is promoted through human-gated lanes before buyer distribution.
SCRIMED Release Evidence Promotion Queue converts no-secret release ledger entries into buyer-diligence candidates, protected operator proof blockers, and qualified-review requirements. It does not store PHI, tokens, raw logs, customer data, production connector payloads, certification evidence, public release approval, or live clinical authority.
Release evidence freshness
Evidence reuse requires freshness checks before buyer, investor, clinical, security, or customer-specific language expands.
SCRIMED Release Evidence Freshness Guard is a no-secret recency and revalidation policy for release evidence. It does not rerun commands, store logs, store PHI, capture tokens, certify evidence, approve public distribution, approve production release, approve customer go-live, or authorize live clinical care.
Diligence release gate
No-secret buyer diligence is separated from protected AAL2, public distribution, production, and clinical NO-GO gates.
SCRIMED Diligence Release Gate summarizes no-secret buyer diligence readiness while preserving NO-GO boundaries for protected AAL2 proof, public distribution, production release, PHI processing, certification, and live clinical care.
Diligence packet manifest
Buyer and investor packets are assembled from no-secret artifacts with explicit withheld material and reviewer ownership.
SCRIMED Diligence Packet Manifest assembles no-secret buyer and investor diligence metadata only. It does not store PHI, bearer tokens, Supabase secrets, service-role keys, raw logs, customer data, production connector payloads, certification proof, release approval, public distribution approval, or live clinical authority.
Protected Boundary Release Evidence Intake Packet remains human AAL2 required at /api/pilot-workspaces/{workspaceSlug}/boundary-release-evidence-intake/packet and does not approve boundary release.
Recipient qualification matrix
Every external packet reference now has a recipient-class, expiry, revocation, and no-identifier storage preflight.
SCRIMED Recipient Qualification Matrix is a no-secret recipient policy preflight for diligence packet sharing. It does not store recipient names, recipient emails, access grants, raw access logs, bearer tokens, PHI, customer data, signed approvals, legal opinions, certification evidence, production connector payloads, public distribution approval, customer go-live approval, or live clinical care authorization.
The matrix keeps named recipients, access grants, raw logs, signed approvals, and protected packet bodies outside SCRIMED while preserving metadata-only diligence readiness.