{
  "launch_checklist": {
    "items": [
      {
        "area": "Infrastructure",
        "id": "infra-waf-cdn",
        "required": true,
        "task": "Place public site/API behind WAF/CDN with DDoS protection and bot filtering."
      },
      {
        "area": "Admin access",
        "id": "admin-vpn-allowlist",
        "required": true,
        "task": "Restrict /admin, /api/admin and /api/auth to localhost/VPN/static IP allowlist at both app and reverse-proxy layers."
      },
      {
        "area": "Transport security",
        "id": "tls-hsts",
        "required": true,
        "task": "Use HTTPS/TLS, enable HSTS in production, redirect HTTP to HTTPS at reverse proxy."
      },
      {
        "area": "Resilience",
        "id": "backup-restore-drill",
        "required": true,
        "task": "Run backup and restore drill before launch; verify database, public exports and history snapshots."
      },
      {
        "area": "Legal",
        "id": "legal-review-high-risk",
        "required": true,
        "task": "Review high-risk modules before broad publication: hostile countries, sponsors/abuse, terrorism-support indicators, child/survivor protection, impeachment/high-treason."
      },
      {
        "area": "Editorial governance",
        "id": "reviewer-assignments",
        "required": true,
        "task": "Assign named internal reviewer roles without exposing protected contributor identities publicly."
      },
      {
        "area": "Source protection",
        "id": "source-handler-sop",
        "required": true,
        "task": "Operationalize secure source-handler workflow for sealed/offline evidence and metadata stripping."
      },
      {
        "area": "Incident response",
        "id": "incident-contact",
        "required": true,
        "task": "Publish public correction/contact channel and define private emergency escalation route."
      },
      {
        "area": "Static export",
        "id": "sftp-dry-run",
        "required": true,
        "task": "Run SFTP dry-run, verify only data/public files are uploaded."
      },
      {
        "area": "Integrity",
        "id": "snapshot-signing",
        "required": true,
        "task": "Verify latest.json SHA256 and public snapshot history before release."
      }
    ],
    "schema": "paso-production-launch-checklist-v1",
    "status": "launch_candidate_requires_operator_confirmation",
    "title": "Production launch checklist"
  },
  "legal_review_queue_template": {
    "minimum_publication_conditions": [
      "source-linked evidence",
      "evidence classification",
      "uncertainty statement",
      "public-interest justification",
      "redaction/source-protection check",
      "right-of-response/correction path",
      "reviewer approval",
      "legal-risk note"
    ],
    "risk_categories": [
      "terrorism-support or sponsorship claims",
      "child/survivor abuse patterns",
      "military-base immunity and impunity",
      "named hostile-country adverse finding",
      "named non-state adverse finding",
      "impeachment/high-treason/capability-compromise case",
      "biobank/genomic sovereignty or health-risk claim",
      "private military/security contractor allegation",
      "foreign-intelligence-adjacent or NED/Fran\u00e7afrique/Mossad-adjacent classification"
    ],
    "schema": "paso-legal-review-queue-v1"
  },
  "operational_safety_policy": {
    "public_boundary": "The static public site and Hostinger export must never include raw evidence, protected identities, sealed files, exact sensitive locations, admin workflows or private reviewer notes.",
    "public_upload_rule": "Public uploads remain disabled for sensitive material. High-risk evidence requires approved secure channels, risk warnings and source-protection workflow.",
    "schema": "paso-operational-safety-policy-v1",
    "warnings": [
      "Do not upload from a state, employer or monitored device.",
      "Strip metadata or use the guided secure intake process.",
      "Do not expose witness names in public forms.",
      "Life-threatening material should use sealed/offline source-handler workflow.",
      "Do not send raw child/survivor abuse material through normal public channels."
    ]
  },
  "reviewer_workflow_standard": {
    "decision_states": [
      "draft",
      "needs_sources",
      "review_pending",
      "legal_hold",
      "source_protection_hold",
      "approved_public",
      "sealed_internal",
      "rejected",
      "archived"
    ],
    "roles": [
      {
        "duty": "classifies signals, rejects unsafe public uploads, requests safer channel where needed",
        "public": false,
        "role": "intake analyst"
      },
      {
        "duty": "checks scoring logic, proportionality and evidence-state labels",
        "public": false,
        "role": "method reviewer"
      },
      {
        "duty": "checks defamation, safety, right-of-response and high-risk publication exposure",
        "public": false,
        "role": "legal reviewer"
      },
      {
        "duty": "checks witness/source exposure, metadata, locations and sealed evidence needs",
        "public": false,
        "role": "source-protection reviewer"
      },
      {
        "duty": "approves sanitized public export and changelog entry",
        "public": false,
        "role": "publisher"
      }
    ],
    "rule": "The public may see review status and evidence-state labels, but not protected reviewer identities, witnesses, sealed evidence chains or sensitive locations.",
    "schema": "paso-reviewer-workflow-standard-v1"
  },
  "schema": "paso-production-ops-bundle-v1"
}