{"case_id":"CASE-DEMO-001","data_boundaries":[{"name":"Customer data separation","state_label":"demo boundary","tone":"review","scope":"SQLite case id and source ids separate demo records.","llm_policy":"Live calls require explicit OPENAI_API_KEY; no silent fallback.","audit":"Runs, errors, feedback, prompt overrides, and validation cases are persisted locally."},{"name":"Anonymized learning","state_label":"not enabled","tone":"blocked","scope":"No cross-customer learning pipeline is implemented.","llm_policy":"Do not use client data for model improvement without approved anonymization.","audit":"Production needs approval records for any learning dataset."},{"name":"Archival and retention","state_label":"handoff needed","tone":"review","scope":"Review packs and manifests are generated on demand.","llm_policy":"Generated output status must distinguish deterministic demo and live OpenAI runs.","audit":"Production needs retention, deletion, and export naming rules."}],"implemented_controls":["Synthetic demo data is labeled as internal demo material.","Live OpenAI calls fail loudly when OPENAI_API_KEY is absent.","Prompt overrides, validation cases, source intake, feedback, and runs are case-scoped in SQLite.","Export manifest separates implemented handoff artifacts from planned binary rendering."],"production_gaps":["Authentication and role-based access control are not implemented.","Tenant isolation beyond local case scoping is not implemented.","Client-data retention, deletion, and archival policy are not implemented.","Approved anonymization workflow for reusable learning data is not implemented."],"human_actions":["Confirm CLMBS tenant and role model for consultant, reviewer, admin, and client-facing access.","Define retention/deletion rules for uploaded source documents, generated runs, and exports.","Approve or reject any anonymized-learning path before production use.","Provision OPENAI_API_KEY only after data-processing and client-data handling rules are accepted."]}