{
  "contract_id": "FAMILYCASE-TRIAL-SIGNUP-PROVISIONING-001",
  "version": "2026-06-06",
  "owner": "FamilyCase.AI Product, Engineering, Security, Platform, Support, and Legal",
  "status": "pending_trial_provisioning_approval",
  "objective": "Define trial signup, tenant provisioning, account activation, abuse prevention, CRM routing, onboarding, privacy, and production approval requirements for FamilyCase.AI public website launch.",
  "allowed_signup_fields": [
    "business_email",
    "name",
    "firm_name",
    "role",
    "firm_size",
    "jurisdiction",
    "utm_campaign",
    "utm_source",
    "utm_medium",
    "consent_state"
  ],
  "forbidden_signup_fields": [
    "client_name",
    "child_name",
    "matter_number",
    "case_fact",
    "document_text",
    "message_body",
    "privileged_communication",
    "uploaded_file_name",
    "court_record_text",
    "legal_strategy"
  ],
  "provisioning_requirements": [
    "Trial signup routes to an approved auth provider or provisioning service before production launch.",
    "Tenant creation is idempotent and records tenant ID, requester, timestamp, source, and correlation ID.",
    "Trial tenants start with least-privilege roles and no access to unrelated customers or matters.",
    "MFA, SSO or passwordless, session controls, RBAC, and tenant isolation follow /auth-provider-routing-contract.json.",
    "Trial provisioning does not activate real case uploads until upload scanning, sandboxing, and legal approval are complete.",
    "Provisioning failures show approved retry or support paths without exposing stack traces or secrets."
  ],
  "abuse_prevention_requirements": [
    "Rate limits are applied to signup attempts.",
    "Disposable, suspicious, or blocked domains follow approved review or denial workflow.",
    "Bot and spam controls are approved before production launch.",
    "Duplicate signup attempts are handled without creating duplicate tenants.",
    "High-risk signup activity is logged and routed to Security or Support.",
    "Abuse prevention does not collect confidential case facts."
  ],
  "platform_and_support_requirements": [
    "Trial Started event follows /platform-api-contracts.json and /analytics-attribution-contract.json.",
    "Signup attribution includes only approved campaign, source, medium, persona, and page metadata.",
    "CRM routing sends only approved signup fields and excludes confidential case information.",
    "Support receives an approved escalation path for failed provisioning or account activation.",
    "Trial onboarding email uses approved customer communications templates.",
    "Trial conversion and handoff metrics are reviewed by Platform, Product, Security, and Legal before launch."
  ],
  "public_surface_readiness": [
    "Start Free Trial CTA is present in the primary navigation and hero path.",
    "Static sign-up page explains that production provisioning must route through approved Platform, CRM, auth, and billing workflows.",
    "Signup surfaces prohibit confidential case facts, client names, matter numbers, privileged communications, uploaded file names, and document text.",
    "Trial Started events use approved taxonomy fields only and exclude credentials or case facts.",
    "Production trial activation remains blocked until provisioning, abuse prevention, CRM routing, support escalation, and privacy review evidence are attached."
  ],
  "production_launch_blockers": [
    "trial provisioning service evidence pending Product, Engineering, Security, Platform, Support, and Legal approval",
    "auth provider routing evidence pending Security, Engineering, Product, and QA approval",
    "tenant creation not idempotent",
    "RBAC or tenant isolation not verified",
    "MFA and session control evidence pending Security, Engineering, Product, and QA verification",
    "signup form collects confidential case facts",
    "rate limit evidence pending Security, Engineering, Product, and QA verification",
    "bot and spam control evidence pending Security, Engineering, Product, and QA verification",
    "CRM routing evidence pending Platform, RevOps, Engineering, Security, and Product approval",
    "support escalation path evidence pending Support, Product, Security, Legal, and Platform approval"
  ],
  "required_evidence": [
    "trial-signup-provisioning-contract.json reviewed",
    "auth-provider-routing-contract.json reviewed",
    "crm-demo-routing-contract.json reviewed",
    "platform-api-contracts.json reviewed",
    "analytics-attribution-contract.json reviewed",
    "data-processing-contract.json reviewed",
    "customer-communications-contract.json reviewed",
    "signup route smoke tested",
    "tenant provisioning workflow approved",
    "abuse prevention approved",
    "npm run validate passes"
  ]
}