docs: sync current project status

AGENTS.md

@@ -1,31 +1,41 @@
 # Repository Guidelines
 
 ## Project Structure & Module Organization
-This repository is currently document-first. The primary deliverable is [`open_prior_auth_workbench_strategy_report.docx`](./open_prior_auth_workbench_strategy_report.docx) at the repo root. The `doctor/` directory is a local Python 3.14 virtual environment, not application source code. `.idea/` contains editor metadata and should be treated as local-only workspace state.
+This repository is now a TypeScript monorepo plus documentation set for Open Prior Auth Agent Workbench. The main product code lives in `apps/` and `packages/`; the strategy report PDF at the repo root remains a reference artifact, not the only deliverable. The `doctor/` directory is a local Python virtual environment, not application source code. `.idea/` contains editor metadata and should be treated as local-only workspace state.
 
-If code is added later, keep production modules out of `doctor/`; create a dedicated source folder such as `src/` or `app/`, and place tests in `tests/`.
+Keep production modules out of `doctor/`. Application code belongs under `apps/*`; reusable package code belongs under `packages/*`; contract tests belong in `tests/`.
 
 ## Build, Test, and Development Commands
-No build pipeline or automated test suite is checked in yet. Current useful local commands are:
+Use Node `>=22.18.0`. Current useful local commands are:
 
 ```bash
-python3.14 -m venv doctor
-source doctor/bin/activate
-python -m pip list
+npm ci
+npm run db:migrate
+npm test
+npm run typecheck
+npm run build
+npm run evals
 ```
 
-Use the first command only to recreate the local virtual environment. Activate it before running any Python-based document tooling you add. Avoid editing files under `doctor/lib/` directly; reinstall packages instead.
+Local demo commands:
+
+```bash
+npm run dev:api
+npm run dev:web
+```
+
+Use `python3.14 -m venv doctor` only to recreate the disposable local Python environment for document tooling. Avoid editing files under `doctor/lib/` directly; reinstall packages instead.
 
 ## Coding Style & Naming Conventions
 Use Markdown for repository documentation and keep sections short, task-oriented, and scannable. Follow the existing filename pattern of descriptive lowercase snake_case for generated artifacts, for example `prior_auth_summary.docx`.
 
-For future Python code, use 4-space indentation, `snake_case` for functions and modules, and `PascalCase` for classes. No formatter or linter is configured yet, so keep style conservative and consistent.
+For TypeScript, follow the existing workspace style: ESM modules, explicit exported types at package boundaries, and conservative dependency direction (`apps/*` may import `packages/*`; `packages/*` must not import `apps/*`). No formatter or linter is configured yet, so keep style conservative and consistent.
 
 ## Testing Guidelines
-If you introduce Python code, add `pytest` tests under `tests/` and name files `test_<module>.py`. For document changes, verify the `.docx` opens cleanly and that headings, tables, and pagination render as expected before submitting.
+Add or update Node contract tests under `tests/` when behavior changes. Run `npm test`, `npm run typecheck`, `npm run build`, and `npm run evals` before marking meaningful changes complete. For document-only changes, still run the relevant verification unless the change cannot affect code paths.
 
 ## Commit & Pull Request Guidelines
-If the project is initialized as a Git repo, use short imperative commit messages such as `docs: update prior auth report` or `test: add report validation checks`.
+Use short imperative commit messages such as `docs: update current status` or `test: add report validation checks`.
 
 Pull requests should include a brief summary, the files changed, and screenshots or exported previews when document layout changes materially.
 
@@ -136,4 +146,4 @@ If `semble` is not on `$PATH`, use `uvx --from "semble[mcp]" semble` in its plac
 3. Use `--content docs` for documentation, `--content config` for config files, or `--content all` for everything.
 4. Inspect full files only when the returned chunk does not give enough context.
 5. Optionally use `semble find-related` with a promising result's `file_path` and `line` to discover related implementations.
-6. Use grep only when you need exhaustive literal matches or quick confirmation of an exact string.
+6. Use grep only when you need exhaustive literal matches or quick confirmation of an exact string.

CODE_OF_CONDUCT.md

@@ -2,14 +2,15 @@
 
 ## Our Pledge
 
-Project participants are expected to be respectful, constructive, and clear. The goal is to make the project useful for healthcare builders without creating an intimidating or careless community space.
+Project participants are expected to be respectful, constructive, and clear. The goal is to make this synthetic Doctor Agent OS / prior authorization workbench useful for healthcare builders without creating an intimidating or careless community space.
 
 ## Expected Behavior
 
 - Be welcoming to new contributors.
 - Disagree about ideas without personal attacks.
 - Keep comments focused on the work.
 - Respect privacy and do not post sensitive healthcare, credential, or customer data.
+- Keep standards, safety, and production-readiness claims precise; correct overclaims without personal attacks.
 
 ## Unacceptable Behavior
 

CONTRIBUTING.md

@@ -1,6 +1,6 @@
 # Contributing
 
-Thanks for helping improve Open Prior Auth Workbench. This repo is a synthetic-data-only developer sandbox, so contributions should keep the product easy to run locally and safe for external builders to inspect.
+Thanks for helping improve Open Prior Auth Agent Workbench. This repo is a synthetic-data-only Doctor Agent OS reference system for provider-side prior authorization, so contributions should keep the product easy to run locally and safe for external builders to inspect.
 
 ## Local Setup
 
@@ -32,16 +32,18 @@ The API defaults to `http://localhost:4000`. The web app defaults to `http://loc
 - Do not add production payer credentials, EHR URLs, secrets, or customer-specific endpoints.
 - Update `README.md`, `demo/README.md`, `data/README.md`, or architecture notes when behavior or fixtures change.
 - Add or update contract tests when API behavior changes.
+- Update Doctor Evals scenarios, golden traces, or policy assertions when agent/tool behavior changes.
 - Keep generated build outputs out of the repo.
 
 ## Pull Request Checklist
 
 - `npm test` passes.
 - `npm run typecheck` passes.
 - `npm run build` passes.
-- Docs describe any new route, fixture, or demo step.
+- `npm run evals` passes when runtime, ToolNet, agent, evidence, packet, or safety-claim behavior changes.
+- Docs describe any new route, tool, fixture, eval scenario, or demo step.
 - Screenshots are updated when the visible demo workflow materially changes.
-- The PR summary calls out whether the change affects M1, M2, M3, M4, or M5.
+- The PR summary calls out affected surfaces: Prior Auth Core, ToolNet, Runtime, Agent Cockpit, standards gateway, Doctor Evals, docs, or production-path docs.
 
 ## Data Safety
 

README.md

@@ -1,8 +1,8 @@
 # Open Prior Auth Agent Workbench
 
-Open Prior Auth Agent Workbench is a synthetic-data-only, provider-side prior authorization application built on the planned Doctor Agent OS substrate. The current runnable baseline remains the M1-M7 Open Prior Auth Workbench: local MRI lumbar spine and DME power wheelchair flows for requirement discovery, documentation capture, supporting information, PAS-style packet assembly, operations queueing, payer status handling, and more-info loops.
+Open Prior Auth Agent Workbench is a synthetic-data-only, provider-side prior authorization application built on the Doctor Agent OS substrate. The current runnable baseline covers M1-M8 plus M9 production-path documentation: local MRI lumbar spine and DME power wheelchair flows for requirement discovery, documentation capture, supporting information, PAS-style packet assembly, operations queueing, payer status handling, more-info loops, deterministic agent runs, approval gates, standards-shaped local gateway routes, and formal deterministic evals.
 
-Doctor Agent OS is the implementation platform direction for reusable agent runtime, ToolNet tools, MCP exposure, approvals, traces, and evaluations. It is not a broader committed business domain. The first and only committed app/domain is provider-side prior authorization.
+Doctor Agent OS is the implementation platform direction for reusable agent runtime, ToolNet tools, approvals, traces, and evaluations. MCP remains the next unimplemented interoperability boundary. Doctor Agent OS is not a broader committed business domain. The first and only committed app/domain is provider-side prior authorization.
 
 ## Quickstart
 
@@ -47,14 +47,16 @@ npm run demo:seed
 - M5: Agent Cockpit where prior-auth case state is primary and deterministic agent trace is visible as a trust/debug layer.
 - M6: SQLite-backed local persistence, transaction boundaries, DB scripts, and local standards-shaped adapter boundaries.
 - M7: synthetic supporting information, DocumentReference/Binary-like packet entries, fixture DTR dependencies, standards-shaped non-conformant aliases, and SQLite evidence metadata.
+- M8: deterministic Doctor Evals for golden traces, ToolNet policy, ApprovalGate behavior, prompt-injection-as-data checks, and safety claim checks.
+- M9: production-path documentation for FHIR data plane, security/authz/audit, EHR/payer integration, deployment/observability, and conformance testing.
 
 ## Safety And Conformance Boundaries
 
 This repository is synthetic-only, standards-shaped, non-certified, not PHI-ready, and not connected to live EHRs or payers. Do not use real PHI, payer credentials, production EHR URLs, or production payer endpoints.
 
 It does not implement production SMART App Launch, CDS Hooks CRD, FHIR `$questionnaire-package`, Da Vinci DTR, Da Vinci PAS `$submit`, X12 278, payer endpoint discovery, production payer transport, payer adjudication, production-grade durable persistence, real FHIR persistence, or real EHR integration.
 
-The `/dtr/*` endpoints are local DTR-like product endpoints. The `/pas/*` endpoints are PAS-style local product endpoints. The M7 standards-shaped aliases return explicit non-conformance metadata and exist to mark replacement boundaries, not to claim SMART, CRD, DTR, or PAS compatibility.
+The `/dtr/*` endpoints are local DTR-like product endpoints. The `/pas/*` endpoints are PAS-style local product endpoints. The standards-shaped gateway routes and aliases return explicit non-conformance metadata and exist to mark replacement boundaries, not to claim SMART, CRD, DTR, or PAS compatibility.
 
 ## Repository Map
 
@@ -64,13 +66,14 @@ The `/dtr/*` endpoints are local DTR-like product endpoints. The `/pas/*` endpoi
 - `packages/prior-auth-core/`: provider-side prior-auth Use Cases and ports.
 - `packages/doctor-toolnet/`: agent/tool adapter over Prior Auth Core.
 - `packages/doctor-runtime/`: workflow-agnostic run/task/tool/approval/trace runtime with SQLite persistence.
-- `packages/doctor-mcp/`, `packages/doctor-evals/`: README-only placeholders for planned MCP and eval package boundaries.
+- `packages/doctor-mcp/`: README-only placeholder for the planned MCP boundary over ToolNet.
+- `packages/doctor-evals/`: deterministic regression and safety harness for local synthetic agent runs.
 - `data/`: Synthetic FHIR bundles, golden scenarios, payer rule packs, questionnaires, evidence fixtures, and standards-shaped payload fixtures.
 - `docs/`: Roadmap, glossary, architecture notes, conformance matrix, and demo story docs.
 - `demo/`: Step-by-step demo guide and deterministic screenshot artifacts.
 - `examples/automations/`: Docs-only automation recipes that call existing local APIs.
 - `infra/compose/`: Lightweight compose notes for local API/web services.
-- `tests/`: Contract tests for current M1-M7 behavior.
+- `tests/`: Contract tests for current M1-M8 behavior, standards-shaped gateway routes, package boundaries, runtime approvals, cockpit responses, and eval assertions.
 
 Package direction is intentional: `apps/*` may import `packages/*`; `packages/*` must not import `apps/*`.
 

SECURITY.md

@@ -1,6 +1,6 @@
 # Security
 
-Open Prior Auth Workbench is an early synthetic-data-only reference project. It does not yet have a formal security response program, paid bounty, or guaranteed response timeline.
+Open Prior Auth Agent Workbench is a synthetic-data-only reference project. It has local API, web, ToolNet, Runtime, Agent Cockpit, standards-shaped gateway, and Doctor Evals surfaces, but it does not have a formal security response program, paid bounty, or guaranteed response timeline.
 
 ## Reporting A Concern
 
@@ -19,4 +19,4 @@ Do not include PHI, real patient data, payer credentials, production EHR URLs, p
 
 ## Scope
 
-Security reports are most useful when they involve the checked-in local API, web app, fixtures, CI configuration, or documentation. Reports about production deployment hardening may still be helpful, but this repository does not currently claim production readiness.
+Security reports are most useful when they involve the checked-in local API, web app, ToolNet tools, Runtime approval/trace behavior, eval harness, fixtures, CI configuration, or documentation. Reports about production deployment hardening may still be helpful, but this repository does not currently claim production readiness, PHI readiness, certified conformance, or live EHR/payer connectivity.

demo/README.md

@@ -1,16 +1,16 @@
-# Demo Guide: M1 to M8 Open Prior Auth Workbench
+# Demo Guide: Open Prior Auth Agent Workbench
 
-This guide walks through every demo piece from M1 through M8 using only synthetic prior authorization data. The current app runs the full M4 workbench for MRI lumbar spine / Acme Health and DME power wheelchair / Blue Ridge Health, M5 adds OSS-facing documentation, CI, fixture indexing, automation recipes, and deterministic screenshots for external builders, M6 makes local case state survive API restarts through SQLite, M7 adds local evidence attachments and DTR dependency fixtures, and M8 adds formal deterministic evals. Each milestone remains visible as a separate part of the flow:
+This guide walks through the synthetic prior authorization demo path. The current app includes Prior Auth Core, Doctor ToolNet, Doctor Runtime with ApprovalGate, deterministic agent team, case-first Agent Cockpit, standards-shaped ToolNet tools, local standards gateway routes, and formal deterministic evals. Each milestone remains visible as a separate part of the flow:
 
 - M1: fixture-backed launch context, requirement discovery, and explicit work-item creation.
 - M2: local DTR-inspired questionnaire package, prefilled form workspace, validation, and review-ready handoff.
 - M3: PAS-style local packet builder, mock PAS submission, status timeline, and audit trail.
 - M4: reusable prior-auth proof, operations queue, filters, metrics, payer updates, more-info loop, structured denial, and terminal outcomes.
-- M5: builder-ready docs, fixture index, CI, environment example, sample automations, and reproducible screenshots.
-- M6: SQLite-backed local case state, explicit transaction boundaries, and local standards-shaped launch/CRD/DTR/PAS adapters.
-- M7: synthetic evidence attachments, DocumentReference/Binary-like packet entries, fixture Library/ValueSet dependencies, and standards gateway routes with explicit non-conformance metadata.
+- M5: case-first Agent Cockpit with scenario switching, agent trace, evidence board, packet preview, approvals, and status/audit panels.
+- M6: standards-shaped Doctor ToolNet tools for local CRD, DTR, and PAS boundary payloads.
+- M7: local standards gateway HTTP routes and aliases with explicit non-conformance metadata.
 - M8: deterministic doctor evals for golden traces, ToolNet policy, ApprovalGate, and safety claims.
-- Doctor Runtime M3: deterministic prior-auth agent team over Runtime + ToolNet, ending at guarded submit approval.
+- Supporting baseline: SQLite-backed local case state, synthetic evidence attachments, fixture DTR dependencies, OSS docs, CI, fixture indexing, automation recipes, and deterministic screenshots.
 
 No real PHI is required or expected.
 
@@ -86,9 +86,9 @@ http://localhost:3000
 
 The API defaults to `http://127.0.0.1:4000`. The API store is SQLite-backed at `.data/open-prior-auth.sqlite`; use `OPEN_PRIOR_AUTH_DB_PATH` to point at another local database file. M7 uploads write synthetic evidence bytes to `.data/evidence-uploads/`; use `OPEN_PRIOR_AUTH_EVIDENCE_UPLOAD_DIR` to point at another ignored local directory. Restarting `npm run dev:api` preserves work items, questionnaire sessions, packets, receipts, evidence metadata, status events, operations history, and audit events. Use `npm run db:reset` when you want a clean demo state.
 
-## M6: Restart Survival Check
+## Local SQLite Restart Survival Check
 
-M6 proves the local durable case core:
+The local durable case core proves:
 
 1. Run `npm run db:reset`.
 2. Run `npm run dev:api`.
@@ -99,7 +99,7 @@ M6 proves the local durable case core:
 
 JSON remains the fixture and demo snapshot format. SQLite is the runtime source of truth for local case state.
 
-## M7: Evidence Attachments And Standards Aliases
+## Evidence Attachments And Standards Gateway Aliases
 
 After creating a work item and opening the form workspace:
 
@@ -598,9 +598,9 @@ Expected checks:
 - Approved, denied, and cancelled cases are terminal.
 - Denied updates require structured `code`, `display`, and `detail` reason fields.
 
-## M5: OSS Polish Artifacts
+## OSS Polish Artifacts
 
-M5 proves that an external builder can understand, run, verify, and extend the project without private context. It does not change the runtime behavior from M4.
+These artifacts help external builders understand, run, verify, and extend the synthetic local project.
 
 ### M5 Docs To Review
 
@@ -647,9 +647,10 @@ npm run build
 
 Expected results:
 
-- `npm test`: M1 through M6 contract tests pass.
-- `npm run typecheck`: API, web, and shared-type packages typecheck.
-- `npm run build`: API, web, and shared-type packages build.
+- `npm test`: M1 through M8 contract tests pass, including runtime, ToolNet, standards gateway, cockpit, and eval coverage.
+- `npm run typecheck`: all configured workspaces typecheck.
+- `npm run build`: all configured workspaces build.
+- `npm run evals`: deterministic eval scenarios and assertions pass.
 - Queue rows derive `effectiveStatus` exactly from latest payer update plus internal work-item status.
 - Payer decisions include `submittedAt`, `decidedAt`, and `decisionTimeMs`.
 - Stale packets are rejected after QuestionnaireResponse revision changes.

demo/m1a-prior-auth-core.md

@@ -19,4 +19,4 @@ npm run build
 - `npm test` passes all contract tests, including core boundary and core use-case coverage.
 - `prior-auth-core` source has no `apps/api`, `../apps`, or `doctor-toolnet` imports.
 - API routes continue returning existing response shapes.
-- No database table rename or ToolNet package implementation is introduced.
+- M1a itself did not require database table renames; current ToolNet coverage lives in `@open-prior-auth/doctor-toolnet`.

demo/m3-deterministic-prior-auth-agent-team.md

@@ -1,6 +1,6 @@
 # M3 Deterministic Prior-Auth Agent Team
 
-M3 adds a scripted prior-auth agent team in `@open-prior-auth/doctor-runtime`. It uses Runtime + ToolNet only, requires no live LLM, and keeps guarded submit paused for human approval.
+M3 added a scripted prior-auth agent team in `@open-prior-auth/doctor-runtime`. It uses Runtime + ToolNet only, requires no live LLM, and keeps guarded submit paused for human approval.
 
 ## What It Proves
 

demo/m6-standards-shaped-toolnet-tools.md

@@ -1,6 +1,6 @@
 # M6 Standards-Shaped ToolNet Tools
 
-M6 adds standards-shaped sibling tools in Doctor ToolNet while preserving existing runtime and cockpit payloads.
+M6 added standards-shaped sibling tools in Doctor ToolNet while preserving existing runtime and cockpit payloads.
 
 ## What Changed
 

demo/m8-formal-doctor-evals.md

@@ -1,6 +1,6 @@
 # M8 Formal Doctor Evals
 
-M8 adds deterministic regression and safety evals for the synthetic Doctor Agent OS prior-auth flow.
+M8 added deterministic regression and safety evals for the synthetic Doctor Agent OS prior-auth flow.
 
 Run: