# Client Onboarding Playbook UI70

## 1) Provisioning
- Create user with role (`analyst` or `admin`) and assign:
  - `tenantId`
  - `plan` (`starter`, `growth`, `enterprise`)
- Confirm governance endpoint and token scope are tenant-safe.

## 2) First Access Hardening
- Login lockout protection active (failed-attempt threshold + temporary lock).
- Session TTL active (automatic expiration and forced re-login).
- Verify auth by role routing:
  - analyst -> `/attribution-v2/app/analysis/`
  - admin -> `/attribution-v2/app/admin/`

## 3) Data Activation
1. Upload donations + DRTV.
2. Run schema validation (contract v2 required).
3. Run analysis and save first report.
4. Verify Scientific Scorecard and Recommendation Gate.

## 4) Client Handover Package
- Export Executive Readout (HTML)
- Export KPI Trust Report (CSV)
- Export Scientific Audit (JSON)

## 5) Technical Acceptance
- Run:
  - `node scripts/verify-go-to-market-technical-readiness.cjs`
  - `node scripts/verify-security-hardening.cjs`
  - `node scripts/verify-analyst-performance-budget.cjs`
- Keep reports in `artifacts/` for internal audit trail.