This packet is the buyer-facing operational summary for controlled beta and concierge paid pilots. It packages the security, hosting, data-flow, backup, and incident-response facts that a small museum, archive, lab, or foundation will ask for before sharing source collection data.
\nIt is not a SOC 2 report, DPA, insurance certificate, or legal contract. Treat it as the current technical evidence packet that can support procurement conversations while the product is still in controlled beta and concierge pilot mode.
\nUse this packet for:
\nDo not use this packet to claim:
\nMeta Museum is a source-backed Linked Art web application for rights-aware collection data publication and review.
\nCurrent controls:
\nCurrent limits:
\nMeta Museum does not currently provide a production support-as-customer or impersonation feature. Operators must not use active-org cookies, pilot tenant headers, test role overrides, direct storage edits, or customer credentials to bypass customer membership, role, or org-admin gates.
\nBefore any support impersonation feature ships, it must satisfy all of these controls:
\nUntil those controls and tests exist, support is advisory: operators can inspect customer-supplied screenshots, exports, logs, or evidence packets, but they cannot act as the customer inside the application.
\n\nflowchart LR\n Customer["Customer source export or bounded API"] --> Intake["Operator intake and namespace assignment"]\n Intake --> Import["Provider/import adapter"]\n Import --> Normalize["Linked Art normalization"]\n Normalize --> Storage["Postgres managed storage or local managed document store"]\n Storage --> Review["Validation, rights, sensitivity, reconciliation, and agent review queues"]\n Review --> PublicRead["Public browse/API/docs surfaces after approval"]\n Review --> Evidence["Pilot evidence packet and launch review artifacts"]\nOperational boundaries:
\nCurrent deployment assumptions:
\n| Area | Current position |
\n|---|---|
\n| Application hosting | Hosted Next.js deployment target, selected during launch/staging setup. |
\n| Database | Neon-backed Postgres 16 for managed storage in launch mode. |
\n| Search | Solr 9 target for search indexing when the search stack is enabled. |
\n| Graph | GraphDB target for named graph publication when the graph stack is enabled. |
\n| Authentication | Auth.js v5 with GitHub OAuth credentials for sign-in where configured. |
\n| Observability | OpenTelemetry-compatible local/deployed evidence hooks; production sink is deployment-specific. |
\n| AI provider | OpenAI-compatible AI usage only where configured by deployment secrets. |
\nProcurement notes:
\nCurrent proof path:
\nBuyer-facing evidence to attach:
\nFor pilots, attach this evidence to the monthly packet before representing the workspace as procurement-ready.
\nSeverity levels:
\n| Severity | Examples | Response posture |
\n|---|---|---|
\n| `blocking` | Customer cannot access workspace; import is blocked; public page exposes incorrect sensitive data. | Next-business-day response for pilots; immediate containment for public exposure. |
\n| `high` | Incorrect rights/publication state; failed launch preflight; evidence artifact missing before review. | Triage within two business days; document owner and next action. |
\n| `normal` | Mapping question, metadata correction, non-blocking UI issue, evidence clarification. | Weekly pilot review cadence. |
\n| `question` | Buyer questionnaire item, scope clarification, roadmap request. | Respond during normal pilot support cadence. |
\nIncident handling steps:
\nBefore a pilot is described as procurement-ready, confirm:
\n