{
  "schema_version": 1,
  "kind": "change_consequence_paid_pilot_order_form",
  "product": "AI Change Consequence Certificate paid pilot",
  "commercial_terms": {
    "price_usd": 99,
    "billing_model": "Fixed-fee paid pilot",
    "duration_days": 30,
    "payment_timing": "Due at kickoff or before the first customer PR certificate unless a named budget owner gives written approval to start.",
    "accepted_approval_evidence": [
      "Completed Stripe Checkout payment for at least $99.",
      "Written approval from a named budget owner that references this paid pilot, price, and repository scope."
    ]
  },
  "scope": {
    "repositories": "One GitHub repository selected by the customer.",
    "pull_requests": "Up to ten real pull requests, prioritizing AI-assisted or high-review-risk changes.",
    "included_work": [
      "Install or assist with the GitHub Actions workflow for the selected repository.",
      "Generate AI Change Consequence Certificates with affected tests, owner routing, Semgrep evidence, OSV evidence, policy status, blockers, and explicit unknowns when inputs are available.",
      "Capture reviewer feedback after certified PRs.",
      "Deliver a final pilot summary with expand, extend, or stop recommendation."
    ],
    "out_of_scope": [
      "Unlimited repositories or pull requests.",
      "Replacing human review, CI ownership, legal compliance signoff, or security ownership.",
      "Guaranteeing 1000x total engineering throughput.",
      "Incident response, penetration testing, SOC 2 reporting, or managed security service coverage."
    ]
  },
  "customer_inputs_required": [
    "Repository URL and approval to add the workflow.",
    "Technical sponsor for install and workflow troubleshooting.",
    "Budget owner or written approval contact.",
    "Reviewer feedback owner.",
    "Confirmation of whether GitHub Actions, Semgrep, OSV, and CODEOWNERS are available."
  ],
  "acceptance_criteria": {
    "pilot_success": "At least three certified PRs produce a faster or safer review decision, or the final summary gives a clear stop recommendation with evidence.",
    "evidence": [
      "Certificate artifacts.",
      "Reviewer feedback submissions.",
      "PR links.",
      "Scanner and owner-routing evidence where configured."
    ],
    "final_decision": "Expand, extend, or stop based on the 10-PR summary."
  },
  "cancellation_and_reconciliation": {
    "setup_failure_rule": "If the workflow cannot be installed in the agreed repository and no real PR certificate can be produced, pause the pilot and reconcile before expanding scope.",
    "customer_stop_rule": "The customer can stop after the 10-PR summary or earlier if the certificate does not produce useful review evidence.",
    "refund_boundary": "Refunds, credits, or extensions require written agreement; this public artifact is not a payments policy by itself."
  },
  "security_and_data_boundary": {
    "security_review_artifact": "/security-review.json",
    "install_guide": "/install-guide.md",
    "install_workflow": "/install-workflow.yml",
    "default_data_position": "Customer source code should stay in the customer repository by default. Certificates may include paths, test identifiers, scanner summaries, owner routes, policy status, blockers, and explicit unknowns."
  },
  "buyer_approval_email": {
    "subject": "Approval request: $99 Busleyden Guard founding pilot",
    "body": "Approve a $99 / 30-day founding pilot for one GitHub repository. The pilot installs a GitHub App and workflow that generate reviewable PR safety checks with affected tests, owner routing, scanner evidence, blockers, and explicit unknowns. Success means faster or safer merge decisions, or a clear stop recommendation with evidence."
  },
  "claim_boundary": "This is a plain-language paid-pilot order form for buyer approval. It is not a master services agreement, legal advice, tax advice, compliance attestation, invoice, or proof that payment has been received."
}
