Decision memo - June 19, 2026

Process Discovery needs a production home

We know the discovery motion is worth pursuing. The decision now is where the production version should live so interviews, ontology capture, ROI discovery, and Beam agent handoff work with enterprise reliability.

Audience: Aqib + Jonas Question: production surface Lens: business metrics first

Recommendation: build the production version inside Beam platform.

The feature itself is ~6 weeks of work on any path — modern coding tools make that fast, and in Prism it is already mostly built. What changes between options is the platform tax. Beam lands the MVP in about 2 months and a standalone wedge validates in ~1-1.5 months, while turning Prism into a customer-facing product adds another 2-3 months of security hardening on top of the feature — roughly 4-5 months in total.

Approve Beam platform MVP in three spins, ~2 months

Allow Standalone pilot wedge in ~1-1.5 months

Avoid Prism production path because hardening adds 2-3 months

#01

The problem

Process Discovery is no longer blocked by whether the idea makes sense. It is blocked by productionizing the stakeholder interview and evidence loop.

What is proven enough

The workflow has ingredients.

Ontology, stakeholder interviews, and ROI discovery are enough to justify moving from discovery into a production decision.

What gates progress

The interview loop must actually run.

Emails need to send, replies need to land, evidence needs to be attributed, and process maps need to update from that evidence.

Why platform matters

The surface decides the timeline.

Auth, customer data, permissions, audit, connectors, deployment, and rework risk are all consequences of where this lands.

#02

Recommendation and scorecard

Beam is the recommendation. The scorecard scores all three options against the criteria that actually move this decision — green is the home to build, red is the path to avoid.

Executive scorecard — the criteria that decide it

Decision criterion	Standalone wedgeAllow — wedge only	Beam platformRecommended	PrismAvoid as product
Time to production-ready MVP	~1-1.5 months	~2 months	~4-5 months
What it takes to get there	Pilot-only controls (throwaway)	Platform already hardened — inherited	+2-3 months to productionize Prism itself
Rework risk	Medium	Low	High
Fit with customers & sales story	New app to introduce; weak as a story	Customers already work here; one platform story	New product to stand up; weak as a customer story
Verdict	Use only to accelerate validation	Recommended	Do not use as production path

#03

Deep dive into the options

The production home determines which work we do now and which work becomes throwaway. This is the deeper read on each path.

Time to production readiness

Standalone pilot

~1-1.5 month MVP

Beam platform

~2 month MVP

Prism

~4-5 months total

Prism split: ~6 weeks feature build + 2-3 months security hardening / productionization

~1 month pilot

Standalone app that pushes into Beam

Standalone app ontology screenshot showing process ontology graph and query interface

Use this only if the immediate goal is customer signal before the Beam surface is ready. It should not become a separate production system.

Feature build~6 weeks

Security hardeningPilot-only

Rework riskMedium

Fastest path to a live customer signal — a demoable interview-to-process-map loop in a couple of weeks.
Good for learning, weak as a system of record; do not stand up a separate long-term auth, data, or deployment model.
Push outputs into Beam once the API contract exists — an accelerator to Beam, not a fork in the roadmap.

~2 month MVP

Beam platform

Build the MVP directly into the production surface where customers already connect tools, run agents, review outputs, and trust the workspace.

Feature build~6 weeks

Production-ready MVP~2 months (3 spins)

Rework riskLow

Customers already authenticate and work in Beam every day — no second app to trust, and the strongest one-platform sales story.
The hard parts already exist and are hardened: multi-tenant workspaces and RBAC, Gmail/Outlook reply handling, SES, consent gates, agent runtime, audit, and encryption.
Process Discovery naturally ends in Beam (process map to ROI to agent handoff), so the output lives where the next action happens — at the lowest rework risk.

Known platform issues

Productize native reply handling for interview loops.
Clarify permissions and RBAC for customer process data.
Harden connector reliability for email, calendar, Slack or Teams, and documents.

~6wk build + 2-3mo hardening

Prism

The feature itself is not materially harder to build in Prism. The delay is that Prism is a single-user desktop app today, so the customer-facing path means productionizing Prism itself first.

Feature build~6 weeks

Security hardening+2-3 months

Total to production~4-5 months

Rework riskHigh

Prism is a single-user desktop app today, so the customer-facing path means productionizing Prism itself first — a desktop-to-SaaS shift, not a feature add.
The enterprise foundations are missing: no multi-tenant isolation (local data, no RLS), security hardening still in flight, audit local-only, no SOC 2 or data residency.
Keep Prism as the internal discovery and handoff workbench that feeds Beam — useful, but not the customer runtime.

Prism security hardening and checks

Per-customer data isolation and workspace permission review (RLS).
Approval gates for outbound stakeholder communication.
Immutable audit trail, retention, and admin controls.
SOC 2 and data-residency posture for regulated buyers.
Secure reply capture and evidence attribution at enterprise reliability.

#04

What skipping the security work leaves

The hardening — per-customer isolation, audit trails, approval gates, encryption, compliance — is not optional polish. Skipping it does not save the time; it moves the cost to the worst possible moment, a customer incident. Two things it leaves us exposed to.

Risk 1

Potential security breaches

Without per-customer isolation, an immutable audit trail, encryption-at-rest, and approval gates on outbound email, sensitive process evidence and stakeholder quotes are exposed to cross-tenant leakage, unreviewed external messages, and untraceable actions. On Prism today, workspace data sits in local storage with no row-level security and the security pass is still mid-flight — that is exactly the gap a breach walks through.

Risk 2

Lack of trust with customers

Regulated buyers in banking and insurance ask for the audit trail, data residency, and SOC 2 posture before they move past POC. No hardening means no enterprise deal — and a single breach with a design partner erases the credibility the whole discovery motion depends on. Trust is the product here; you only get to lose it once.

Why this decides the production home

Beam already carries most of this hardening. Prism would have to build all of it under deadline pressure — which is why "just ship it in Prism" quietly means "ship the security risk too."

#05

The one decision

This is a single call, not four: which platform do we build and productionize Process Discovery on? Pilot scope, owners, and the success metric all follow from that one choice.

Build Process Discovery on the Beam platform.

Use the standalone app only as a short pilot wedge if we need a faster signal, and keep Prism as the internal discovery workbench. Everything else — pilot scope, owners, the success metric — is execution that follows this one decision.