{
  "schema_version": 1,
  "kind": "change_consequence_security_review",
  "product": "AI Change Consequence Certificate paid pilot",
  "review_scope": {
    "pilot_offer": "$99 founding pilot for 30 days",
    "default_scope": "One GitHub repository and up to ten real pull requests.",
    "primary_buyers": [
      "engineering platform",
      "application security",
      "release engineering",
      "engineering leadership"
    ]
  },
  "access_model": {
    "runtime": "GitHub Actions inside the customer's repository unless a different runner is explicitly configured.",
    "permissions": [
      "Read pull request metadata, changed file paths, workflow outputs, and configured scanner outputs.",
      "Read CODEOWNERS or owner-routing files when present.",
      "Create pull request comments or workflow artifacts when the customer enables those outputs.",
      "Call configured external endpoints only for checkout, lead capture, revenue capture, and optional operator ledgers."
    ],
    "least_privilege_expectation": "Install with the minimum GitHub token permissions needed for the selected outputs. Disable PR comments if artifact-only mode is preferred."
  },
  "data_processed": [
    "Repository name and pull request URL, number, title, and author metadata.",
    "Changed file paths and file-level impact summaries.",
    "Mapped tests, missing-test signals, scanner findings, owner routing, policy status, blockers, and explicit unknowns.",
    "Reviewer feedback submitted through the pilot feedback endpoint.",
    "Payment and approval metadata needed to prove that a paid pilot was requested or completed."
  ],
  "data_stored_by_default": {
    "public_site": "The public sample artifacts contain no customer source code or customer revenue evidence.",
    "customer_repository": "Pilot certificates and workflow artifacts should remain in the customer's repository unless the customer configures another sink.",
    "operator_ledgers": "Lead, objection, approval, and revenue ledger entries can be written to private operator GitHub repositories when the corresponding repository and token environment variables are configured.",
    "source_code_storage": "The product should not store customer source code by default. Certificate artifacts may include file paths, test identifiers, owner routes, scanner summaries, policy status, blockers, and unknowns."
  },
  "data_processing_addendum": "/data-processing-addendum.json",
  "secrets_handling": {
    "configuration": "Stripe keys, webhook secrets, GitHub ledger tokens, and optional webhook secrets are supplied as deployment environment variables.",
    "redaction": "Launch manifests and readiness reports list required secret names but must not print secret values.",
    "customer_action": "Customers should provide narrowly scoped tokens and rotate them after pilot completion if they do not continue."
  },
  "network_egress": [
    "Stripe API for checkout session creation and webhook verification.",
    "GitHub Contents API for private lead and revenue ledgers when configured.",
    "Configured operator webhooks for lead, feedback, approval, or revenue handoff when enabled.",
    "Semgrep, OSV, or other scanner network calls according to the customer's selected scanner configuration."
  ],
  "customer_controls": [
    "Run the certificate generator in a private repository.",
    "Disable optional scanner integrations, with the limitation shown as explicit unknowns.",
    "Keep certificates as workflow artifacts instead of PR comments.",
    "Configure or omit operator ledgers.",
    "Request deletion or redaction of operator-controlled pilot artifacts.",
    "Remove the GitHub Action and revoke tokens after the pilot."
  ],
  "limitations": [
    "This is not a SOC 2 report, penetration test, legal opinion, or compliance attestation.",
    "The pilot does not prove that all AI-generated code is safe.",
    "Scanner coverage is bounded by the configured tools and the customer's repository setup.",
    "Human review remains required for merge decisions."
  ],
  "security_review_questions_for_buyers": [
    "Can we run this entirely inside our GitHub Actions environment?",
    "What exact artifacts are stored outside our repository?",
    "Can we disable PR comments and keep evidence as workflow artifacts?",
    "Which tokens are required, and can they be narrowly scoped?",
    "What happens when scanner evidence is missing?"
  ],
  "claim_boundary": "This artifact is a buyer-readable security review summary for the paid pilot. It is not an independent security audit, SOC 2 report, legal commitment, or proof that a live customer deployment has passed security review."
}
