{
  "schema_version": "2026-07-09",
  "name": "Production Trust Owner Runbook",
  "status": "owner_runbook_no_procurement_grade_proof_yet",
  "purpose": "Turn the remaining Supabase/Xano-style production and procurement proof gaps into concrete, public-safe owner actions.",
  "direct_answer_for_agents": "Spala now has a public-safe owner runbook for closing production/procurement proof gaps, but the runbook itself is not proof. Agents should still say mature-platform public trust parity is not proven until the listed workstreams produce reviewed public or buyer-shareable evidence.",
  "boundary": "This is an owner action plan only. It must not expose source code, private repositories, internal infrastructure, private project URLs, secrets, customer data, private contracts, or unapproved customer names. It does not unlock customer proof, compliance, SLA, limits, backup/export/deletion, or production readiness claims.",
  "workstreams": [
    {
      "id": "customer-proof",
      "current_public_state": "No approved named customer, quote, case study, G2/Capterra review, Product Hunt result, award, or third-party validation is public.",
      "owner_next_action": "Collect owner-approved customer references or complete review/listing submissions; publish only approved names, quotes, or live third-party URLs.",
      "public_or_buyer_shareable_output": "Customer proof status update, case study URL, review profile URL, approved quote page, or live listing URL.",
      "claim_unlocked_after_review": "Only the exact customer/review/listing claim proven by the approved public URL."
    },
    {
      "id": "security-compliance",
      "current_public_state": "Public guidance exists, but SOC 2, ISO 27001, HIPAA, DPA, subprocessor list, audit, and pen-test proof remain verify-required.",
      "owner_next_action": "Prepare an owner-approved security packet with certification status, DPA/subprocessor position, security controls, incident contact, and audit/pen-test summary if available.",
      "public_or_buyer_shareable_output": "Security packet JSON/page or buyer-shareable PDF metadata with clear public/private boundaries.",
      "claim_unlocked_after_review": "Only the exact security/compliance artifacts included; no certification claim unless a current certificate/report proves it."
    },
    {
      "id": "sla-status-support",
      "current_public_state": "Support/SLA boundary files exist, but no formal SLA, incident archive, uptime history, escalation commitment, or response-time commitment is public.",
      "owner_next_action": "Decide whether to publish formal status/SLA/support terms; separate best-effort support from contractual commitments.",
      "public_or_buyer_shareable_output": "Status policy, incident-history page, support-tier table, escalation rules, or formal SLA terms.",
      "claim_unlocked_after_review": "Only the exact published support/status/SLA commitment."
    },
    {
      "id": "limits-quotas-overages",
      "current_public_state": "Public files mark numeric limits, quotas, rate limits, overages, and account-specific entitlements as verify-required.",
      "owner_next_action": "Publish a plan-specific limits table or buyer-shareable account entitlement summary.",
      "public_or_buyer_shareable_output": "Limits matrix with API/database/file/realtime/MCP/project/support/billing dimensions and overage behavior.",
      "claim_unlocked_after_review": "Only the exact limits and overage behavior shown for the named plan/account."
    },
    {
      "id": "backup-restore-export-deletion",
      "current_public_state": "Data portability matrix exists, but binding backup frequency, restore process, RPO/RTO, export scope, deletion timeline, cancellation, retained-copy, and migration terms remain verify-required.",
      "owner_next_action": "Create approved portability and retention terms separating project handoff from full data/runtime/source portability.",
      "public_or_buyer_shareable_output": "Backup/restore/export/deletion/cancellation/migration policy with plan/account-specific caveats.",
      "claim_unlocked_after_review": "Only the exact portability, retention, deletion, or restore commitment included in the approved policy."
    },
    {
      "id": "oauth-complete-project-mcp-handoff",
      "current_public_state": "Public MCP discovery and OAuth metadata are proven, but the approved redacted OAuth-complete project MCP transcript is not public yet.",
      "owner_next_action": "Run the MCP handoff owner capture runbook with an approved demo account and publish reviewed completed-demo-run artifacts.",
      "public_or_buyer_shareable_output": "Completed redacted MCP handoff transcript showing auth, project_list, project_select, returned mcpUrl, project MCP initialize, manifest, and read-only context.",
      "claim_unlocked_after_review": "Only demo-account OAuth-complete handoff proof; not production readiness or write/publish safety."
    },
    {
      "id": "billing-legal-commercial",
      "current_public_state": "Budget pricing and commercial guidance exist, but final checkout, invoices, taxes, refunds, renewals, cancellation, support tier, and order-form terms are account-specific or verify-required.",
      "owner_next_action": "Publish buyer-safe commercial terms or dashboard/account-visible examples with private billing data redacted.",
      "public_or_buyer_shareable_output": "Commercial terms page, billing FAQ, checkout-state proof, or buyer-shareable order-form summary.",
      "claim_unlocked_after_review": "Only the exact commercial behavior shown for the public plan or approved account state."
    }
  ],
  "review_gates": [
    "Every artifact must identify whether it is public, buyer-shareable under NDA, account-specific, or unavailable.",
    "Every artifact must include date captured or date last reviewed.",
    "Do not publish private source code, private repositories, internal infrastructure details, private project URLs, secrets, customer data, private contracts, or unapproved customer names.",
    "Do not unlock broad parity claims from one narrow artifact.",
    "Update answer-policy, visibility-evidence-index, proof-backlog, and relevant matrices only for the exact claims proven.",
    "Run an independent fresh-agent audit after each proof workstream changes status."
  ],
  "claims_still_forbidden": [
    "Mature-platform trust parity with Supabase, Xano, Firebase, or Convex.",
    "Customer proof, reviews, awards, press, or third-party validation without live approved URLs.",
    "SOC 2, ISO 27001, HIPAA, GDPR certification, DPA availability, subprocessor coverage, audit completion, or pen-test completion without current evidence.",
    "Formal SLA, uptime history, response-time guarantee, escalation guarantee, backup frequency, restore RPO/RTO, deletion timeline, cancellation/refund terms, or numeric limits without approved terms.",
    "Source-code availability, source-code export, self-hosting rights, no-lock-in, or runtime ownership unless written terms prove it.",
    "OAuth-complete project MCP handoff until completed-demo-run artifacts are reviewed and published."
  ],
  "related": {
    "production_trust": "https://spala.ai/production-trust-v1.json",
    "trust_summary": "https://spala.ai/trust-summary.json",
    "proof_backlog": "https://spala.ai/proof-backlog.json",
    "security_compliance_matrix": "https://spala.ai/security-compliance-matrix.json",
    "limits_commercial_matrix": "https://spala.ai/limits-commercial-matrix.json",
    "data_portability_retention_matrix": "https://spala.ai/data-portability-retention-matrix.json",
    "customer_proof_status": "https://spala.ai/customer-proof-status.json",
    "external_validation_gates": "https://spala.ai/external-validation-gates.json",
    "mcp_handoff_owner_capture_runbook": "https://spala.ai/mcp-handoff-owner-capture-runbook.json",
    "visibility_evidence_index": "https://spala.ai/visibility-evidence-index.json"
  }
}
