provisioning

Synthetic Enterprise Canvas Demo

Evidence-to-canvas review runs stored source-traceable

blocked-before-live-provisioning

Provisioning

Read-only live OpenAI provisioning checklist. It does not provision secrets, expose secret values, record approvals, or call OpenAI.

Environment

blocked-before-live-provisioning

DIGIBEAT_LLM_MODEL

configured

Configured model is gpt-4.1-mini; confirm this is approved before live validation.

Owner
Prompt/model owner
/cases/CASE-DEMO-001/prompts

DIGIBEAT_DATABASE_PATH

configured

Runtime SQLite path is /root/code/clmbs-workspace/var/digibeat-demo/pipeline.sqlite; persist or archive it if live evidence must survive restarts.

Owner
System administrator
/cases/CASE-DEMO-001/audit

Prompt registry path

configured

Filesystem prompt registry path: /root/code/clmbs-workspace/src/clmbs_digibeat_demo/prompts.

Owner
Prompt owner
/cases/CASE-DEMO-001/prompts

Operator steps

Approval preconditions

Data handling policy

blocked

Record and accept this gate before provisioning live credentials for the smoke run: Data handling policy.

/cases/CASE-DEMO-001/approvals

Access and role model

blocked

Record and accept this gate before provisioning live credentials for the smoke run: Access and role model.

/cases/CASE-DEMO-001/approvals

Live OpenAI validation

blocked

Record and accept this gate before provisioning live credentials for the smoke run: Live OpenAI validation.

/cases/CASE-DEMO-001/approvals

Output and archive boundary

blocked

Record and accept this gate before provisioning live credentials for the smoke run: Output and archive boundary.

/cases/CASE-DEMO-001/approvals

Anonymized learning

blocked

Record and accept this gate before provisioning live credentials for the smoke run: Anonymized learning.

/cases/CASE-DEMO-001/approvals

Evidence after provisioning

No-go rules

Missing source boundary

abort

Do not run real customer material until source scope, retention, and access decisions are accepted.

/cases/CASE-DEMO-001/sources

Unsourced live output

abort

Do not use model output externally if claims lack source ids or assumption labels.

/cases/CASE-DEMO-001/canvas

Secret handling rules

Do not commit OPENAI_API_KEY or paste it into Markdown, JSON, screenshots, approval notes, or prompt overrides.
Provision the key only after data-handling, access/role, live OpenAI, output/archive, and learning gates are accepted for the rehearsal scope.
Restart the app process after provisioning; do not expect an already-running process to see new environment variables.
Use the readiness page only to confirm presence/absence; never add a route that displays the secret value.
Rotate or remove the key after rehearsal if the environment is not a controlled persistent runtime.