ProSe Legal Operations Platform
Justice For All
Final paid-seat launch release candidate

Well-Oiled Seat-Launch proof is locked for owner go-live review.

The final release-candidate gate preserves all completed seat-launch controls, adds support/admin/customer-success operations, records go-live decision points, and keeps production configuration plus launch-owner approval as the controlling release step.

owner go-live approval required
Go-live locks
8
Prior pass contracts preserved through final release-candidate proof.
Support ops
7
Support, admin, customer-success, recovery, billing, connector, and filing workflows covered.
Go-live decisions
6
Scope, blockers, configuration, human review, data operations, rollback, and support decisions recorded.
Proof commands
8
Final RC proof path includes launch, MRR, e-filing, support, and build gates.
Go-live locks
Cold build and runtime proof
release owner
locked
Fresh extraction must install, build, start, and answer health without hidden bypasses or unexpected route-config warnings.
npm run verify:launch:build-proof
Paid seat entitlement and billing
account operations
locked
Pro Se, Attorney/Firm, and Family Communications seats require active entitlement, trial, or documented support state before workspace access.
npm run verify:launch:billing-entitlements
Durable persistence and audit readiness
platform operations
locked
Material records must use durable adapters in pilot/production, with audit, support packet, backup, restore, retention, and legal-hold posture preserved.
npm run verify:launch:durable-persistence && npm run verify:launch:observability-support
Ingest quarantine and e-filing transaction safety
filing operations
locked
Raw files enter quarantine, parser output stays staged, human promotion is required, filing retries are idempotent, and no court action is automated outside approved provider boundaries.
npm run verify:launch:ingest-quarantine && npm run verify:efiling:security-all
Paid-seat workflow completeness
product operations
locked
The active paid seats complete their customer-value paths without dead ends, while deferred institutional lanes remain preserved and out of active paid-seat navigation.
npm run verify:launch:browser-output-qa && npm run verify:launch:pro-se-parent-workflows && npm run verify:launch:attorney-firm-paid-seat && npm run verify:launch:fcs-paid-seat
Connector, packet, and court-output readiness
customer success operations
locked
ChatGPT/MCP access remains user-scoped and review-safe; packet, PDF, template, and court-output exports stay branded, status-labeled, audited, and customer-safe.
npm run verify:launch:chatgpt-mcp-production && npm run verify:launch:packet-output-qa
Accessibility, performance, security, and privacy gate
security and compliance operations
locked
Real-device usability, privacy lifecycle controls, abuse-case review, retention/legal hold, terms/policy review, and penetration-test prep remain launch blockers until reviewed.
npm run verify:launch:mobile-accessibility-performance && npm run verify:launch:security-privacy-compliance
Support, admin, and customer-success operations
support lead
locked
Support can diagnose accounts, billing, exports, connectors, ingestion, and filing issues without developer intervention, support impersonation, private-data leakage, or destructive account changes.
npm run verify:mrr:support-operations
Final launch gates
All prior seat-launch passes locked
locked
8 go-live locks preserve Passes 255 through 267 plus support/admin/customer-success operations.
Support/admin/customer-success operations
locked
7 support operations cover queue intake, diagnostics, recovery, billing, connector, filing, and knowledge-base posture without private-data leakage.
Go-live decision register
locked
6 decisions define scope, blockers, configuration, human review, customer data operations, rollback, and support readiness.
Release-candidate proof commands
locked
Final proof path includes seat-launch pass 18, launch all, MRR support operations, e-filing security, and build commands.
Paid-seat scope preserved
locked
Active launch scope remains Pro Se, Attorney/Firm, and Family Communications; deferred institutional surfaces stay preserved and gated.
Human review preserved
locked
Parser, AI, connector, filing, packet, FCS, and import-promotion actions remain review-controlled.
Secret-carrier boundary
locked
Secret-bearing carriers remain out of source-safe templates and launch proof outputs.
Support, admin, and customer-success operations
Support queue intake
support operations
covered

Receive paid-seat support issues with seat, account, matter, billing, connector, export, filing, and urgency classification.

No full legal text, raw messages, tokens, cookies, signed URLs, or payment data are stored in the support ticket body.

Impersonation-safe diagnostics
admin and support operations
covered

Show account, plan, route, adapter, export, packet, connector, and ingestion posture without opening private matter content as the user.

Support reads metadata and redacted support packets only; private case content requires customer-controlled export or explicit escalated authorization policy.

Account recovery workflow
account operations
covered

Recover access, rotate sessions, handle lost SSO, and resolve locked accounts without bypassing entitlement or private-data boundaries.

Recovery never grants cross-seat access and never exposes protected data before identity and entitlement are confirmed.

Refund and cancellation workflow
billing operations
covered

Handle plan cancellation, failed payment, refund request, invoice issue, downgrade, and trial conversion with entitlement reconciliation.

Payment events are separated from legal records; refund or cancellation does not delete legal data without a separate retention and export workflow.

Connector and import recovery
customer success operations
covered

Repair failed Google/Microsoft/ChatGPT connector states, expired consent, import queue blockage, duplicate imports, and reviewed-promotion conflicts.

Connector recovery can reset tokens and queues, but cannot silently merge records or promote imported content without human review.

Filing support and fallback
filing support operations
covered

Help users understand rejection repair, relation-back posture, service/proof blockers, fallback packets, and provider-pending states.

Support explains workflow state and packet manifests; it does not submit filings, alter court records, or bypass human review gates.

Knowledge base and response macros
support and customer success operations
covered

Provide product-safe help language for onboarding, uploads, evidence, timelines, packets, billing, FCS, connectors, exports, and filing repair.

Articles use product guidance only, avoid legal advice, avoid overclaims, and preserve human-review language.

Go-live decision register
Launch scope
owner review

Public paid-seat launch remains limited to Pro Se, Attorney/Firm, and Family Communications.

Disposition: deferred institutional surfaces preserved and hidden from active paid-seat navigation

Launch blockers
owner review

Critical and high-risk blockers must be closed or explicitly accepted by the launch owner with a mitigation and support procedure.

Disposition: no unresolved critical/high risks in the launch risk register

Production configuration
owner review

Production launch requires approved auth, billing, persistence, audit, storage, queue, ingest, email, connector, and provider configuration.

Disposition: provider-pending surfaces are labeled and cannot imply live production integration

Human review
owner review

Parser, AI, ChatGPT/MCP, filing, packet, FCS protective, and import-promotion actions remain review-controlled.

Disposition: no silent canonical writes, no silent filing staging, no silent protective transition

Customer data operations
owner review

Data export, delete, retention, legal hold, backup, restore, audit, support packet, and account recovery operations are controlled workflows.

Disposition: support can operate without private-data leakage or destructive shortcuts

Rollback and support readiness
owner review

Go-live requires rollback notes, support escalation, incident triage, billing reconciliation, and provider-failure fallback posture.

Disposition: support/admin/customer-success playbooks are attached to release candidate proof

Release-candidate proof commands
npm run verify:seat-launch:pass18
npm run verify:launch:final-release-candidate
npm run verify:launch:static-contracts
npm run verify:launch:all
npm run verify:mrr:seat-launch
npm run verify:mrr:support-operations
npm run verify:efiling:security-all
npm run build
Final readiness

Final launch package readiness

Owner-facing record for the paid-seat release package, controlled configuration notes, responsive review, and final verification path.

Package ready for final local build and deployment smoke
Release contents

Package manifest

Source package
Included

Application source, public assets, route families, shared utilities, package manifest, lockfile, verifier scripts, and configuration examples remain in the release package.

Active paid seats
Included

Pro Se, Attorney, and Family Communications stay active for paid onboarding with settings, connections, recovery, reports, and export surfaces preserved.

Deferred institutional surfaces
Preserved

Judicial Edition, Justice, Clerk, Judge, Prosecutor, Defender, and Law Court surfaces remain compatible and separated from active MRR navigation.

Configuration and review posture

Controlled launch notes

Environment values
Controlled configuration required

Production service URLs, allowed accounts, session secret, OAuth redirect values, and provider keys must be supplied through the deployment environment before release.

Deployment preflight verifies required values and reports optional provider configuration separately.

OAuth provider status
Provider configuration required

Google and Microsoft entries remain safe when provider configuration is unavailable, and Google local-origin handling avoids invalid 0.0.0.0 redirects during local review.

Login and Google SSO origin verifiers protect the post-login portal chooser contract.

Connector imports
Review required

Imported material stays staged until a person confirms destination, scope, and merge intent before promotion into a matter.

Paid-seat connections and recovery verification protects staged import review and recovery controls.

Enterprise readiness

Enterprise launch hardening

Operational control record for secure access, paid-seat continuity, reviewed imports, output safeguards, incident recovery, and full platform owner access.

Platform owner access opens all portals through the post-login chooser.

Enterprise hardening in place for active paid-seat onboarding
Required launch controls

Enterprise control gates

Secure access and portal selection
Owner: Account access
Hardened

Login lands on the portal chooser, workspace access issues a platform-scoped session for approved owner accounts, and direct login loops are rejected.

Post-login portal chooserApproved-account session scopeSafe next-path normalizationSign-out clears local session state
Seat isolation and workspace boundaries
Owner: Seat access
Hardened

Active MRR seats remain Pro Se, Attorney, and Family Communications while institutional portals remain separated from paid-seat navigation.

Active seat route matrixDeferred institutional route preservationPrivate/client/court output labelsPortal-group filtering by access scope
Reviewed import and merge discipline
Owner: Connections and imports
Hardened

Connector material stays staged until a person reviews destination, scope, and merge intent before promotion.

Staged import queueDestination controlsRecovery panelNo sensitive token display
Court-neutral packet and report posture
Owner: Reports and exports
Hardened

Paid-value outputs carry review posture, scope labels, and neutral wording before use outside the workspace.

Court-facing scope labelClient-safe scope labelPrivate-note exclusionReviewed digest requirement
Family Communications privacy posture
Owner: Family Communications
Hardened

Family Communications stays private by default; protective posture requires sustained harmful patterns and reviewed output controls.

Private Family ModeBefore You Send reviewSustained-pattern thresholdProtective packet review gate
Owner operations and recovery readiness
Owner: Platform operations
Hardened

The account workspace now exposes launch proof, enterprise readiness, connections, recovery, and route inventory from the portal chooser.

Launch readiness pageEnterprise readiness pageFeature preservation recordKnown limitation register
Active MRR seats

Paid-seat feature and safeguard matrix

Pro Se
Enterprise-grade paid seat
Features
  • Guided intake
  • Evidence registry
  • Timeline intelligence
  • Service/proof posture
  • Court-day packet
  • Settings and recovery
Safeguards
  • Review-required extracted facts
  • Private notes excluded from court packets
  • Court-neutral language
  • Folder upload and connector recovery
/pro-se/dashboard/pro-se/uploads/pro-se/evidence/pro-se/timeline
Attorney
Enterprise-grade paid seat
Features
  • Matter workspace
  • Task and deadline posture
  • Evidence review
  • Discovery summary
  • Client-safe report
  • Professional packet output
Safeguards
  • Privileged notes stay private
  • Client-safe preview boundary
  • Reviewed connector imports
  • Court/client/private scope labeling
/attorney/attorney/matters/attorney/documents/attorney/timeline
Family Communications
Enterprise-grade paid seat
Features
  • Private Family Mode
  • Structured threads
  • Saved drafts
  • Calm message templates
  • Before You Send review
  • Parent-safe digest
Safeguards
  • Private by default
  • No evidence-first framing
  • No single-message protective trigger
  • Reviewed digest before export
/pro-se/family-communications/family-communications/family-communications/conversations/family-communications/coaching