| Auth/RBAC |
block |
production traffic
PHI
|
development auth is active |
Keep this environment synthetic until production auth and RBAC are implemented. |
| Tenant/site context |
warn |
production traffic
PHI
gateway readiness
|
local forced RLS proof is complete; Aurora runtime credentials and deployed evidence are not verified |
Provision separate Aurora runtime/test roles and secret injection, then capture deployed forced-RLS evidence. |
| PHI approval |
block |
production traffic
PHI
|
PHI activation remains blocked until durable-control evidence and approval are accepted |
Complete auth, persistence, audit, encryption, durable-control evidence, and accountable PHI approval. |
| Persistence |
block |
production traffic
PHI
|
local or non-PHI persistence is active |
Use synthetic fixtures until durable PHI storage is provisioned and verified. |
| Audit |
block |
production traffic
PHI
|
only local/non-PHI audit posture is active |
Keep local activity output synthetic until durable audit storage is verified. |
| Encryption/key ownership |
block |
production traffic
PHI
|
PHI key management is not configured |
Configure managed PHI keys before durable PHI storage or live provider payloads. |
| Live provider access |
block |
production traffic
PHI
live provider
|
live provider access remains blocked until durable-control evidence and site approval are accepted |
Keep Vapi and gateway integrations in development or dry-run mode until evidence and approval are complete. |
| Public webhook reachability |
deferred |
production traffic
live provider
public webhook
|
public ingress is not enabled in local development |
Add verified public callback routing, signature checks, replay protection, and observability. |
| Recording storage/playback |
block |
production traffic
PHI
live provider
recording storage
|
recording content storage and playback are blocked |
Define storage, redaction, access, retention, audit, and playback controls before handling recordings. |
| Gateway readiness |
block |
production traffic
PHI
gateway readiness
|
gateway management is local-only and has no live site transport contract |
Attach site contract, credential flow, connectivity checks, and read/write boundaries. |
| Retention policy |
block |
production traffic
PHI
|
no approved reference is configured |
Approve the retention and legal-hold policy, then attach fresh external evidence. |
| Immutable storage |
block |
production traffic
PHI
|
no approved reference is configured |
Approve Object Lock and lifecycle design, then attach fresh external evidence. |
| SIEM delivery |
block |
production traffic
PHI
|
no approved reference is configured |
Approve the destination, schema, receiver, and delivery evidence. |
| DLP provider coverage |
block |
production traffic
PHI
|
no approved reference is configured |
Approve the provider, scope, response policy, and coverage evidence. |
| Key management |
block |
production traffic
PHI
|
no approved reference is configured |
Approve the key owner, rotation, access review, and key-management evidence. |
| Alert routing |
block |
production traffic
PHI
|
no approved reference is configured |
Approve the alert receiver, escalation owner, and delivery evidence. |