{"case_id":"CASE-DEMO-001","status":"human-approval-required","scope":"Access and tenant-readiness checklist for the internal DigiBeat demo before real CLMBS data use.","current_demo_posture":["No login, identity provider, role-based access control, or tenant claim is implemented.","Case separation is local SQLite scoping by case_id, not production tenant isolation.","The demo is safe for synthetic/internal material only until access and data-processing decisions are approved."],"role_matrix":[{"role":"PitchAI consultant","intended_access":"Create cases, ingest sources, run retrieval, draft canvas blocks, and prepare workshop output.","current_demo_control":"Unrestricted local demo access.","production_decision":"Map to named users/groups and restrict case access by tenant/customer.","status":"decision needed"},{"role":"Reviewer / engagement lead","intended_access":"Approve, edit, or reject canvas claims, prompt overrides, exports, and archive readiness.","current_demo_control":"Reviewer actions are stored as local feedback and prompt override records.","production_decision":"Define approval authority and whether approvals are required before live generation/export.","status":"decision needed"},{"role":"System administrator","intended_access":"Configure model, OpenAI key, prompt registry releases, retention, and tenant settings.","current_demo_control":"Environment variables and git-tracked prompt files are edited outside the app.","production_decision":"Separate operator privileges from reviewer/consultant workflow privileges.","status":"decision needed"},{"role":"Client-facing observer","intended_access":"View selected workshop/advisory output after PitchAI review.","current_demo_control":"No client-facing role or sanitized-share mode is implemented.","production_decision":"Decide whether CLMBS needs client login, read-only share packs, or consultant-led screenshare only.","status":"decision needed"}],"tenant_boundary_checks":[{"check":"Tenant identity","demo_state":"Absent; only case_id is available.","required_before_real_data":"Attach every case, source, run, prompt override, validation row, feedback item, and export to a tenant id."},{"check":"Per-tenant authorization","demo_state":"Absent; local app trusts the operator.","required_before_real_data":"Enforce user/group membership before source intake, live runs, exports, and archives."},{"check":"Cross-tenant learning","demo_state":"Not implemented.","required_before_real_data":"Record explicit approval or default to no reusable learning data."},{"check":"Secret handling","demo_state":"OPENAI_API_KEY is read from process environment only.","required_before_real_data":"Provision secrets outside git and define who may rotate or inspect them."}],"data_action_gates":[{"action":"Upload or paste customer source material","gate":"Approved tenant, retention, deletion, and access policy.","current_status":"blocked for real client data"},{"action":"Run live OpenAI generation","gate":"OPENAI_API_KEY provisioned after data-processing and access rules are accepted.","current_status":"blocked until human approval"},{"action":"Export review pack or archive package","gate":"Reviewer approval plus client-data handoff/retention decision.","current_status":"internal review only"},{"action":"Expose output to a client-facing observer","gate":"Approved share mode and sanitized output boundary.","current_status":"not implemented"}],"human_actions":["Name the production identity provider and group/role model.","Decide whether CLMBS users, PitchAI users, and client observers share one tenant model or separate trust boundaries.","Approve the data action gates before provisioning OPENAI_API_KEY for real customer material.","Define how access decisions are audited, retained, and exported for review."]}