{
  "contract_id": "FAMILYCASE-CRM-DEMO-ROUTING-001",
  "version": "2026-06-06",
  "owner": "FamilyCase.AI Platform, RevOps, Security, Growth, Product, and Engineering",
  "status": "pending_crm_cutover",
  "objective": "Define demo request routing, CRM ownership, attribution, privacy, retry, alerting, and production approval requirements for the FamilyCase.AI public website.",
  "required_endpoint_controls": [
    "Approved CRM or demo-request endpoint is configured before production.",
    "VITE_DEMO_FORM_MODE is set to production only after CRM approval.",
    "VITE_DEMO_FORM_ENDPOINT points to the approved destination.",
    "Endpoint accepts POST requests with JSON payloads.",
    "Endpoint returns a success status for valid demo requests.",
    "Endpoint rejects malformed or unauthorized requests.",
    "Endpoint records correlation ID for traceability.",
    "Endpoint honors idempotency key to prevent duplicate demo records during retries.",
    "Endpoint does not require browser-exposed secrets."
  ],
  "allowed_payload_fields": [
    "email",
    "role",
    "page",
    "source",
    "timestamp",
    "campaign_id",
    "session_id",
    "visitor_id",
    "correlation_id",
    "idempotency_key"
  ],
  "forbidden_payload_fields": [
    "client_name",
    "matter_number",
    "case_facts",
    "document_text",
    "court_record",
    "privileged_material",
    "social_security_number",
    "payment_card",
    "password",
    "api_key"
  ],
  "routing_requirements": [
    "Demo requests route to the approved CRM owner queue.",
    "Family law firm, attorney, managing partner, and operations personas are preserved.",
    "Campaign, source, medium, visitor, session, timestamp, and page attribution are preserved when available.",
    "Preview mode returns a local reference without sending external side effects.",
    "Production mode uses timeout and retry controls.",
    "Failed submissions produce actionable user feedback and structured logs without sensitive data.",
    "Every accepted request can be traced by correlation ID.",
    "Every retry uses an idempotency key so duplicate CRM records can be prevented."
  ],
  "public_surface_readiness": [
    "Homepage demo form exposes persistent labels and actionable status text.",
    "Preview submissions return a correlation ID without external CRM side effects.",
    "Public copy states that confidential case facts, privileged materials, court records, and client information must not be submitted.",
    "Demo routing requirements are linked from integration, launch readiness, and post-deploy smoke surfaces.",
    "Production cutover remains blocked until approved endpoint, owner queue, monitoring, and privacy review evidence are attached."
  ],
  "privacy_security_requirements": [
    "Do not collect confidential case facts through the marketing demo form.",
    "Do not collect privileged materials, court records, evidence, document text, or client information.",
    "Do not log secrets, tokens, privileged facts, client names, or matter numbers.",
    "Use HTTPS-only approved production endpoint.",
    "Do not expose CRM API keys in browser code.",
    "Retain only minimum necessary demo-request metadata.",
    "Route privacy exceptions to Security and Legal before production launch."
  ],
  "monitoring_requirements": [
    "Monitor demo submission success rate.",
    "Monitor demo endpoint failure rate.",
    "Monitor demo endpoint timeout rate.",
    "Monitor malformed payload rejection rate.",
    "Monitor duplicate submission prevention and idempotency-key conflicts.",
    "Monitor CRM routing queue health.",
    "Alert Platform, RevOps, Security, and Engineering on sustained submission failures.",
    "Confirm attribution events reconcile with CRM demo records."
  ],
  "production_launch_blockers": [
    "CRM endpoint evidence pending Platform, RevOps, Security, Product, and Engineering review",
    "VITE_DEMO_FORM_ENDPOINT evidence pending Platform, RevOps, Security, and Engineering review",
    "VITE_DEMO_FORM_MODE evidence pending Platform, RevOps, Security, and Engineering review",
    "CRM owner queue evidence pending Platform, RevOps, Growth, and Support review",
    "demo form collects confidential case facts",
    "payload includes forbidden fields",
    "correlation ID evidence pending RevOps, Security, and Engineering review",
    "idempotency key evidence pending RevOps, Platform, Security, and Engineering review",
    "demo smoke evidence pending Platform, RevOps, QA, and Engineering review",
    "CRM routing alert evidence pending Platform, RevOps, Security, and Engineering review",
    "privacy review evidence pending Security and Legal review"
  ],
  "required_evidence": [
    "crm-demo-routing-contract.json reviewed",
    "integration-readiness-contract.json reviewed",
    "data-processing-contract.json reviewed",
    "measurement-contract.json reviewed",
    "post-deploy smoke checklist includes CRM demo routing",
    "demo form smoke test completed",
    "idempotency and duplicate-prevention smoke test completed",
    "CRM routing owner approved",
    "privacy review approved",
    "npm run validate passes"
  ]
}