Hosted Pilot

Deployment Readiness

A go/no-go view for taking BrainKit from local demo to a hosted ChatGPT Business pilot.

Local Demo

Ready

Hosted Pilot

Not Ready

Production

Not Ready

Checks Passing

7/15

Database

Not Ready

Employee Identity

Mapped

Gateway

Not Ready

Demo OnlyDo Not Invite7 Open Steps

Pilot Activation Packet

Acme Home Services activation is demo only: 3 launch workflows, 3 employees, 1 artifact, 0 launch evidence records, and 25 employee-invite blockers.

Do not invite employees into Business Brain-powered ChatGPT workflows until hosted identity, storage, referral, purchase, and launch proof are ready.

Activation Run Of Show

1. Confirm what is sellable today

Sell the guided setup/demo, and be explicit that employee invites wait for hosted proof.

Pilot Activation Packet decision and invite gate.

Belden Studio

2. Clear the next launch blocker

Add the Belden Studio LLC ChatGPT Business referral URL before using the purchase handoff in sales.

ChatGPT Business launch plan reports the Belden Studio LLC referral URL as configured.

Belden Studio

3. Run proof commands in order

Run readiness, live verification, launch drill, launch certification, identity preflight, and storage cutover proof commands.

Proof bundle commands pass against the hosted Business Brain origin.

Belden Studio

4. Invite only after the gate clears

Do not invite real employees yet; keep testing with Belden demo/operator identities.

Invite gate is ready_for_limited_pilot or production_ready.

Client owner

Employee invite gate

Do not invite real employees yet

Belden Studio LLC operator demo and owner/admin setup review only.

Next activation step

BlockedBelden Studio

Belden Studio LLC ChatGPT Business referral handoff

Add the Belden Studio LLC ChatGPT Business referral URL before using the purchase handoff in sales.

Blocked by

- Belden Studio LLC ChatGPT Business referral handoff: Add the Belden Studio LLC ChatGPT Business referral URL before using the purchase handoff in sales.
- Employee identity gateway: Enable trusted identity headers, require gateway signatures, and configure bearer JWT verification.
- Belden Studio LLC operator access: Set the Belden Studio LLC operator email allowlist before hosting real client data.
- Managed client data storage: Provision managed Postgres and complete the database preflight confirmations.
- Production launch package: Fill 9 missing required environment values.

Proof bundle

- Pilot Activation Packet
- Launch Evidence Ledger
- ChatGPT Connection Probe
- Employee Launch Pack
- Hosted Pilot Setup Packet

Launch Evidence Ledger

0 Verified0 Records

Public hosted Business Brain runtimeOpen
Belden Studio LLC ChatGPT Business referralOpen
ChatGPT Business purchase proofOpen
Employee identity gatewayOpen

Hosted Pilot BlockedLocal Demo ReadyDo Not Invite

ChatGPT Connection Handoff

Local connection proof is ready; hosted ChatGPT Business pilot still needs setup.

Acme Home Services has 3 mapped employees, 4 Business Brain skills, and 3 recommended ChatGPT Business seats. Employee invite rows are for planning only until hosted identity, storage, restore proof, ChatGPT Business verification, seats, live workflows, and the launch drill pass.

Connection Steps

Validate the MCP tool contract locally

Confirm the app manifest, protected resource metadata, tools/list, launch room, setup trial, and first workflow return clean results.

Use the verification commands for app manifest, tools/list, get_launch_room, get_setup_agent_trial, and run_skill.

Belden Studio LLCReady

Host the Business Brain runtime

A real ChatGPT Business pilot needs public HTTPS, production auth posture, required environment variables, and managed storage.

Deployment readiness must report hosted pilot ready.

Hosting providerBlocked

Verify employee identity and role mapping

Map ChatGPT users to Business Brain employees with bearer-token verification and signed gateway headers before exposing tenant context.

Identity preflight must pass for the launch employees.

Belden Studio LLCBlocked

Send the ChatGPT Business purchase handoff

The owner buys through the Belden Studio LLC referral handoff, while OpenAI owns checkout, billing, and native seat administration.

Referral package is configured and record_chatgpt_business_verification never collects payment credentials.

Belden Studio LLCBlocked

Complete OpenAI checkout

The client owner confirms workspace name, admin email, and purchased seats after OpenAI checkout.

ChatGPT Business verification package records purchased, connected, or verified status.

OpenAI checkoutManual

Record workspace and seat proof

Record the ChatGPT Business workspace name, owner/admin email, and purchased seat count against the Business Brain roster.

Purchased seats cover the Business Brain invite list.

Client ownerBlocked

Connect the hosted Business Brain in ChatGPT

Install or connect the hosted MCP runtime only after the hosted runtime, identity, purchase, and workspace proof are ready.

ChatGPT connection probe and record_chatgpt_business_verification report connected.

Belden Studio LLCBlocked

Run the first role-scoped employee workflow

Run one real but low-risk workflow in ChatGPT, confirm role-scoped context, capture the artifact, and log feedback.

Business Brain artifact, approval status, feedback note, and employee workflow check are recorded.

Belden Studio LLCBlocked

Next operator action

Set BELDEN_CHATGPT_BUSINESS_REFERRAL_URL before sending a buyer to ChatGPT Business checkout.

First ChatGPT proof run

Avery Brooks

avery@acme.example - Owner

Use the Acme Home Services Business Brain Review response workflow workflow for my Owner role with this real task: [paste task facts]. Show approval needs and save the artifact.

The first workflow run should create a Business Brain artifact, show approval status, and accept one feedback note.

Connection targets

appManifest

https://setup.belden.studio/api/brainkit/app

mcp

https://setup.belden.studio/api/brainkit/mcp

oauthProtectedResource

https://setup.belden.studio/.well-known/oauth-protected-resource

connectionProbe

https://setup.belden.studio/api/brainkit/chatgpt-connection-probe

Do not automate

- Do not process payment, collect card details, or administer OpenAI billing inside the Business Brain.
- Do not invite real employees until hosted identity, managed storage, ChatGPT Business proof, seats, and first workflow checks pass.
- Do not claim access to raw ChatGPT memory, native ChatGPT conversation logs, native connector data, or first-party admin actions unless OpenAI exposes that permissioned surface.

Demo ReadyPaid Pilot Needs Setup7 Open Commitments

Hosted Pilot Setup Packet

Acme Home Services can be demonstrated now, with 7 hosted pilot commitments still open before real employees should use BrainKit through ChatGPT Business.

Sell the guided setup demo now, but do not invite real employees until the hosted pilot commitments are complete.

1. Belden Studio LLC ChatGPT Business referral handoff

Add the Belden Studio LLC ChatGPT Business referral URL before using the purchase handoff in sales.

Belden StudioOpen

2. Public hosted Business Brain runtime

Keep the hosted URL stable through the pilot.

Hosting providerReady

3. Managed client data storage

Provision managed Postgres and complete the database preflight confirmations.

Database providerOpen

4. Belden Studio LLC operator access

Set the Belden Studio LLC operator email allowlist before hosting real client data.

Belden StudioOpen

5. Employee identity gateway

Enable trusted identity headers, require gateway signatures, and configure bearer JWT verification.

Hosting providerOpen

6. ChatGPT Business purchase proof

Have the owner complete OpenAI checkout, then record workspace name, admin email, purchased seats, and proof source.

Client ownerOpen

7. Controlled launch drill

Run the launch drill once after the pilot environment is configured.

Belden StudioOpen

8. Production launch package

Fill 9 missing required environment values.

Belden StudioOpen

Client-safe explanation

- ChatGPT Business is where employees work.
- The Business Brain is the Belden Studio LLC setup and control layer that gives employees approved context, workflows, and permissions.
- OpenAI handles checkout, billing, seats, and the native ChatGPT workspace.
- Belden Studio LLC handles company context, workflow setup, safe tool access, approvals, artifacts, and monthly improvement.

Do not invite employees until

- Belden Studio LLC ChatGPT Business referral handoff: Add the Belden Studio LLC ChatGPT Business referral URL before using the purchase handoff in sales.
- Employee identity gateway: Enable trusted identity headers, require gateway signatures, and configure bearer JWT verification.
- Belden Studio LLC operator access: Set the Belden Studio LLC operator email allowlist before hosting real client data.
- Managed client data storage: Provision managed Postgres and complete the database preflight confirmations.
- Production launch package: Fill 9 missing required environment values.

Demo Ready2 6 Gates PassHosted Pilot Blocked

Launch Certification

Acme Home Services is demo ready: 2/6 launch gates pass, 1 warn, and 3 block. Use this for SMB demos and setup rehearsal, but do not invite real ChatGPT Business users until hosted identity, persistence, and purchase proof pass.

SMB Value

The client must leave setup with useful workflows, saved artifacts, approved company context, and clear proof of value.

3 published workflows.

Belden StudioPass

ChatGPT Business Proof

The Business Brain should not claim a live ChatGPT Business launch until purchase, connection, seats, admin, and first employee checks are recorded.

Status: Not started.

OpenAIBlock

Identity Gateway

Employee access must be verified through OAuth bearer tokens and gateway-signed Business Brain identity headers before real client data.

3/3 employee identity probes pass locally.

Hosting providerBlock

Data And Rollback

Belden needs a tenant backup, audit/export path, and rollback story before inviting real employees.

Backup export ready: yes.

Belden StudioPass

Approval Guardrails

A real launch should prove at least one approval path, because risky client-facing work is a central BrainKit promise.

1 approval request recorded.

Belden StudioWarn

Hosted Deployment

The hosted app must be public, HTTPS, production-authenticated, and backed by managed persistence before real client data.

Deployment local demo ready: yes.

Hosting providerBlock

Certificate endpoint

https://setup.belden.studio/api/brainkit/launch-certification

Next blocking actions

- Add the Belden Studio LLC ChatGPT Business referral URL.
- Configure production OAuth, bearer-token verification, trusted headers, signing secret, and required gateway signatures.
- Run POST /api/brainkit/launch-drill with action=run.
- Production auth mode: Development auth mode allows fallback identities and is not suitable for real client data.

Workflows

Employee Checks

0/3

Backup

Ready

Launch Drill

Pending

Local Demo ReadyHosted Pilot Needs SetupProduction Needs Setup

Launch Control Packet

Acme Home Services hosted pilot is not hosted-pilot-ready yet: 0 blockers, 13 warnings, 3 employees, and 3 live workflows. Use this before a real SMB starts using ChatGPT Business: it names what Belden owns, what the client owner must confirm, what OpenAI still owns, and what proof commands must pass.

Launch Owners

1. Deploy BrainKit on a public HTTPS origin

The app origin is HTTPS-ready for hosted ChatGPT app callbacks. The origin is not localhost.

Hosting providerPass

2. Configure Belden Studio LLC referral and operator access

Set BRAINKIT_OPERATOR_EMAILS so only approved Belden Studio LLC operators can access hosted operator routes. BELDEN_CHATGPT_BUSINESS_REFERRAL_URL is not configured.

Belden StudioWarn

3. Provision managed Postgres storage

BrainKit database preflight is using postgres; managed Postgres is configured, SSL is required, backups are not confirmed, and restore testing is not recorded.

Database providerWarn

4. Enable OAuth bearer JWT and signed identity headers

Set BRAINKIT_REQUIRE_BEARER_JWT=true with OAuth issuer, audience, and JWKS/public-key or trusted gateway signing material. Set BRAINKIT_REQUIRE_GATEWAY_SIGNATURE=true before production so the Business Brain rejects unsigned identity-header requests.

Hosting providerWarn

5. Run hosted pilot proof commands

Run the validation commands after the production environment variables are configured.

Belden StudioWarn

Go-Live Criteria

Public HTTPS Business Brain origin is deployed and stable.
BRAINKIT_AUTH_MODE=production with verified bearer JWTs, trusted identity gateway headers, a signing secret, and required gateway signatures.
BRAINKIT_OPERATOR_EMAILS includes the Belden Studio LLC operators running the pilot.
Database preflight passes for Postgres, SSL, backups, restore drill, and restricted network access.
Storage cutover package has been reviewed, tenant backups are exported, restored counts are compared, and rollback is understood.
Postgres storage is configured, health is clean, and managed database backup/restore is tested.

Manual Boundaries

- The Business Brain tracks and guides the purchase handoff; OpenAI handles checkout, payment, billing, and native seat administration.
- OpenAI still owns checkout, billing, native ChatGPT Business workspace administration, and model execution.
- The Business Brain owns company definitions, employee/role mapping, skill registry, approvals, artifacts, feedback, backups, and improvement loops.
- Do not put real client data into a hosted pilot until the readiness gate and backup/rollback steps pass.

ChatGPT Identity Gate

Acme Home Services

Acme Home Services has 3 employee identity probes; local identity is ready, hosted identity is not ready, and production identity is not ready.

Local Ready

Avery Brooks

avery@acme.example

Pass

Owner - 4 workflows

Maya Patel

maya@acme.example

Pass

Sales - 3 workflows

Omar Reed

omar@acme.example

Pass

Operations - 1 workflow

Gateway Headers

3/3 launch employee identities are mapped locally.

authorization

x-brainkit-gateway-timestamp

x-brainkit-gateway-signature

x-brainkit-tenant-id

x-brainkit-user-email

x-brainkit-actor-email

x-brainkit-actor-role

x-brainkit-allowed-tenants

Identity Gateway Bootstrap Package

Identity Setup Open5 Open Steps

Acme Home Services identity gateway bootstrap has 5 open setup steps before real ChatGPT Business employee identity can be trusted.

Next identity step

Enable bearer JWT verification

Require bearer JWT verification and configure JWKS, a pinned public key, or a trusted gateway HS256 secret.

# BrainKit identity gateway bootstrap # Store secrets in the hosting provider's encrypted environment store. BRAINKIT_AUTH_MODE=production BRAINKIT_MCP_RESOURCE=https://setup.belden.studio/api/brainkit/mcp BRAINKIT_OAUTH_ISSUER=https://setup.belden.studio BRAINKIT_OAUTH_AUDIENCE=https://setup.belden.studio/api/brainkit/mcp BRAINKIT_REQUIRE_BEARER_JWT=true

Gateway Signing Kit

Placeholder SignaturesSignature Fallback Allowed

Acme Home Services identity gateway signing kit has placeholder probe commands for the client admin and a launch employee. It proves the BrainKit header signature shape, while OAuth bearer-token issuance stays with the hosted identity provider or gateway.

Signing kit endpoint

https://setup.belden.studio/api/brainkit/identity-gateway-signing-kit

brainkit-gateway-v1 GET /api/brainkit/identity-preflight 2026-06-28T03:37:39.982Z avery@acme.example client_admin

Identity Checks

HTTPS hosted originPass
Public hosted originPass
Production auth modeWarn
Trusted identity gatewayWarn
Signed gateway requestsWarn
Bearer JWT verificationWarn
Token and signed-header identity bindingWarn
OAuth resource contractPass
Belden Studio LLC operator allowlistWarn
Tenant email domainsPass
Employee identity mappingPass
Tool scope contractPass

Readiness Checks

HTTPS origin

The app origin is HTTPS-ready for hosted ChatGPT app callbacks.

Hosting provider

Pass

Public hosted origin

The origin is not localhost.

Hosting provider

Pass

Production auth mode

Development auth mode allows fallback identities and is not suitable for real client data.

Belden Studio

Warn

Required production environment

No required production env blockers detected.

Belden Studio

Pass

Trusted identity gateway

Configure BRAINKIT_TRUSTED_IDENTITY_HEADERS=true and BRAINKIT_IDENTITY_GATEWAY_SECRET behind the OAuth/header gateway before client traffic.

Belden Studio

Warn

Signed gateway requests

Set BRAINKIT_REQUIRE_GATEWAY_SIGNATURE=true before production so the Business Brain rejects unsigned identity-header requests.

Belden Studio

Warn

Bearer JWT verification

Set BRAINKIT_REQUIRE_BEARER_JWT=true with OAuth issuer, audience, and JWKS/public-key or trusted gateway signing material.

Hosting provider

Warn

Belden Studio LLC operator allowlist

Set BRAINKIT_OPERATOR_EMAILS so only approved Belden Studio LLC operators can access hosted operator routes.

Belden Studio

Warn

Storage write policy

Storage writes are permitted for the current mode.

Belden Studio

Pass

Managed persistence

BrainKit database preflight is using postgres; managed Postgres is configured, SSL is required, backups are not confirmed, and restore testing is not recorded.

Hosting provider

Warn

Database preflight

Run /api/brainkit/database-preflight and complete every managed database confirmation before client launch.

Hosting provider

Warn

MCP resource URL

BRAINKIT_MCP_RESOURCE is a public HTTPS Business Brain MCP endpoint.

Belden Studio

Pass

OAuth issuer

BRAINKIT_OAUTH_ISSUER is a public HTTPS issuer URL.

Belden Studio

Pass

Hosted URL consistency

Hosted public origin, MCP resource, and OAuth audience are aligned.

Hosting provider

Pass

ChatGPT Business referral handoff

BELDEN_CHATGPT_BUSINESS_REFERRAL_URL is not configured.

OpenAI

Warn

ChatGPT Business Referral Package

Referral Url Missing3 Recommended Seats

Acme Home Services ChatGPT Business referral package is waiting on Belden Studio LLC referral configuration with 3 recommended seats and 3 launch invite rows.

Next referral step

Configure Belden Studio LLC referral URL

Set BELDEN_CHATGPT_BUSINESS_REFERRAL_URL before sending the owner purchase handoff.

Hi Acme Home Services team, Here is the ChatGPT Business handoff for your Acme Home Services Business Brain launch. Belden Studio LLC referral link is not configured yet. Add BELDEN_CHATGPT_BUSINESS_REFERRAL_URL before sending this handoff. Recommended starting seats: 3 Workspace name: Acme Home Services ChatGPT Business

Database Preflight

BrainKit database preflight is using postgres; managed Postgres is configured, SSL is required, backups are not confirmed, and restore testing is not recorded.

Postgres storage selectedPass
Database URLPass
Database host posturePass
SSL requiredPass
Managed backups confirmedWarn
Restore drill recordedWarn
Network access restrictedWarn

Database Bootstrap Package

Storage Setup Open2 Tables

BrainKit managed database bootstrap is not hosted-pilot ready yet: 0 blockers, 3 warnings, storage engine postgres.

Next database step

Confirm SSL and network posture

Require TLS and restrict database access to the hosted Business Brain runtime plus approved operator paths.

Storage Cutover Package

Cutover OpenDo Not Invite1 Tenant Exports

BrainKit storage cutover is not ready for hosted cutover yet: 1 tenant record, source engine postgres, database posture open, and restore proof still open.

Next storage step

Provision managed Postgres

BrainKit is configured to use the managed Postgres storage adapter. Database URL is configured and redacts to postgresql://<credentials>@ep-soft-shadow-atzyh3eh-pooler.c-9.us-east-1.aws.neon.tech/neondb?sslmode=require. Database SSL/TLS is explicitly required by env or sslmode.

Do not invite real employees into a hosted BrainKit + ChatGPT Business pilot until managed storage, backups, restore proof, and validation commands pass.

Production Launch Package

9 Missing RequiredNeeds Setup

Acme Home Services production launch package has 9 missing required environment values and 0 current deployment blockers.

Next setup step

Configure Belden Studio LLC referral and operator access

Set BRAINKIT_OPERATOR_EMAILS so only approved Belden Studio LLC operators can access hosted operator routes. BELDEN_CHATGPT_BUSINESS_REFERRAL_URL is not configured.

# BrainKit hosted production launch environment # Replace placeholders, keep secrets in the hosting provider's encrypted environment store. # Hosting provider: Public HTTPS MCP resource URL for hosted ChatGPT app deployments. BRAINKIT_MCP_RESOURCE=https://setup.belden.studio/api/brainkit/mcp # Hosting provider: OAuth issuer URL for production ChatGPT app identity. BRAINKIT_OAUTH_ISSUER=https://auth.example.com

Required Endpoints

app

https://setup.belden.studio/api/brainkit/app

mcp

https://setup.belden.studio/api/brainkit/mcp

protectedResource

https://setup.belden.studio/.well-known/oauth-protected-resource

health

https://setup.belden.studio/api/brainkit/health

backup

https://setup.belden.studio/api/brainkit/backup

dataLifecycle

https://setup.belden.studio/api/brainkit/data-lifecycle

chatgptBusinessReferral

https://setup.belden.studio/api/brainkit/chatgpt-business-referral

chatgptConnectionProbe

https://setup.belden.studio/api/brainkit/chatgpt-connection-probe

setupAgent

https://setup.belden.studio/api/brainkit/setup-agent

launchRoom

https://setup.belden.studio/api/brainkit/launch-room

employeeLaunchPack

https://setup.belden.studio/api/brainkit/employee-launch-pack

databasePreflight

https://setup.belden.studio/api/brainkit/database-preflight

databaseBootstrap

https://setup.belden.studio/api/brainkit/database-bootstrap

storageCutover

https://setup.belden.studio/api/brainkit/storage-cutover

identityTokenPreflight

https://setup.belden.studio/api/brainkit/identity-token-preflight

identityGatewayBootstrap

https://setup.belden.studio/api/brainkit/identity-gateway-bootstrap

identityGatewaySigningKit

https://setup.belden.studio/api/brainkit/identity-gateway-signing-kit

launchCertification

https://setup.belden.studio/api/brainkit/launch-certification

launchDrill

https://setup.belden.studio/api/brainkit/launch-drill

hostedPilotSetup

https://setup.belden.studio/api/brainkit/hosted-pilot-setup

pilotActivation

https://setup.belden.studio/api/brainkit/pilot-activation

launchEvidence

https://setup.belden.studio/api/brainkit/launch-evidence

productionLaunch

https://setup.belden.studio/api/brainkit/production-launch

Next Actions

- Production auth mode: Development auth mode allows fallback identities and is not suitable for real client data.
- Trusted identity gateway: Configure BRAINKIT_TRUSTED_IDENTITY_HEADERS=true and BRAINKIT_IDENTITY_GATEWAY_SECRET behind the OAuth/header gateway before client traffic.
- Signed gateway requests: Set BRAINKIT_REQUIRE_GATEWAY_SIGNATURE=true before production so the Business Brain rejects unsigned identity-header requests.
- Bearer JWT verification: Set BRAINKIT_REQUIRE_BEARER_JWT=true with OAuth issuer, audience, and JWKS/public-key or trusted gateway signing material.
- Belden Studio LLC operator allowlist: Set BRAINKIT_OPERATOR_EMAILS so only approved Belden Studio LLC operators can access hosted operator routes.
- Managed persistence: BrainKit database preflight is using postgres; managed Postgres is configured, SSL is required, backups are not confirmed, and restore testing is not recorded.
- Database preflight: Run /api/brainkit/database-preflight and complete every managed database confirmation before client launch.
- ChatGPT Business referral handoff: BELDEN_CHATGPT_BUSINESS_REFERRAL_URL is not configured.

Warnings

- Production auth mode: Development auth mode allows fallback identities and is not suitable for real client data.
- Trusted identity gateway: Configure BRAINKIT_TRUSTED_IDENTITY_HEADERS=true and BRAINKIT_IDENTITY_GATEWAY_SECRET behind the OAuth/header gateway before client traffic.
- Signed gateway requests: Set BRAINKIT_REQUIRE_GATEWAY_SIGNATURE=true before production so the Business Brain rejects unsigned identity-header requests.
- Bearer JWT verification: Set BRAINKIT_REQUIRE_BEARER_JWT=true with OAuth issuer, audience, and JWKS/public-key or trusted gateway signing material.
- Belden Studio LLC operator allowlist: Set BRAINKIT_OPERATOR_EMAILS so only approved Belden Studio LLC operators can access hosted operator routes.
- Managed persistence: BrainKit database preflight is using postgres; managed Postgres is configured, SSL is required, backups are not confirmed, and restore testing is not recorded.
- Database preflight: Run /api/brainkit/database-preflight and complete every managed database confirmation before client launch.
- ChatGPT Business referral handoff: BELDEN_CHATGPT_BUSINESS_REFERRAL_URL is not configured.