Decision memo · June 19, 2026

Process Discovery needs a production home

The discovery motion is proven. What is unresolved is where the production version lives — because the surface we choose sets how much security and trust hardening stands between us and a real customer.

Audience: CEO + C-suite Decision: production surface Lens: speed bounded by trust
#01

Why we are deciding this now

Process Discovery is no longer blocked by whether the idea makes sense. It is blocked by productionizing the stakeholder interview and evidence loop — and the surface that loop runs on is what sets the cost.


What is proven

The workflow has its ingredients.

Ontology, stakeholder interviews, and ROI discovery are enough to move from discovery into a production decision.

What gates it

The interview loop has to actually run.

Emails must send, replies must land and be attributed, and process maps must update from that evidence — at customer reliability.

Why the surface decides

The surface sets the trust tax.

Auth, data isolation, audit, approval gates, and compliance all follow from where this lands — and that tax, not the feature, sets the timeline.

#02

The core insight: the platform tax is a trust tax

This flips the usual intuition that the most-built option is the fastest. The feature is the cheap part, and it is the same everywhere. The expensive, variable part is the security and trust hardening — and that is the entire decision.


The platform tax decomposition On every path the Process Discovery feature is about six weeks and identical. What varies is the security and trust tax stacked on top: tiny for a standalone pilot, already paid for Beam, and two to three months for Prism. Feature · ~6 wk Security & trust tax Standalone ~1–1.5 mo total pilot-only controls Beam ★ ~2 mo total tax already paid — inherited Prism ~4–5 mo total +2–3 mo hardening same on every path the only variable — and the whole decision

Read it left to right: everything left of the dashed line — the Process Discovery feature — is identical on every path. The only thing that grows is the tax to make customer data safe on that surface, and that tax, not the feature, is what separates a two-month build from a five-month one.

#03

The recommendation, and the proof

The recommendation is Beam. The path diagram shows how the pieces sequence; the scorecard shows why, criterion by criterion. The rows are about trust, safety, and fit — the build speed itself is shared, as the chart above shows.


Recommended path from standalone pilot to Beam platform production A standalone app is an optional pilot wedge, Beam platform is the recommended production home that unlocks agent handoff, and Prism is kept off the critical path because it is not production-ready. Standalone app ~1mo pilot learning wedge then Beam platform ~2mo MVP trust tax paid recommended unlocks Agent handoff avoid Prism desktop app +2–3mo trust tax not production
Executive scorecard — every criterion, side by side
Decision criterion Standalone wedgeAllow — wedge only Beam platformRecommended PrismAvoid as product
Best use Fast pilot wedge Production product home Internal discovery & handoff
Security & trust tax on top Pilot-only controls Inherited — already paid +2–3 months to build from scratch
Time to production-ready MVP ~1–1.5 months ~2 months ~4–5 months
Customer trust & data isolation (today) Not built — pilot only Tenant-isolated at the API; audit & SOC 2 posture inherited None — local data, no RLS, no SOC 2
Fit with customers & sales story New app to introduce; weak as a story Customers already work here; one platform story New product to stand up; weak as a story
Verdict Use only to accelerate validation Recommended Do not use as production path
#04

The three paths up close

The numbers are in the scorecard above. This is the one-paragraph read on what each path actually is, and the role it should play.


~1–1.5 mo pilot

Standalone app

The fastest way to a live customer signal, bought by staying narrow. It skips the security and trust tax entirely — which is exactly why it cannot hold real customer data for long.

Best used as: a parallel accelerator to Beam, not a fork in the roadmap. Push outputs into Beam the moment the API contract exists.

Why it stays a wedge
  • Good for learning, weak as a system of record — it should never hold the durable customer truth.
  • No approval or audit controls, so hold off on autonomous external outreach.
  • The moment it needs real auth and audit, it converges on the Beam timeline anyway.
Standalone app ontology screenshot showing the process ontology graph and query interface ⤢ Click to enlarge
~6 wk + 2–3 mo hardening

Prism

The feature is not harder to build here. The problem is that Prism is a single-user desktop app today, so going customer-facing means productionizing Prism itself first — a desktop-to-SaaS shift, with every security and trust control built from scratch.

Best used as: the internal discovery and handoff workbench that feeds Beam — genuinely useful, just not the customer runtime.

The trust tax Prism still owes
  • Per-customer data isolation and workspace permissions — none today, local storage with no row-level security.
  • Immutable, exportable, per-customer audit trail — today it is local JSON only.
  • SOC 2, penetration test, data residency — all required before a regulated buyer, all unbuilt.
  • Approval gates and an email interview channel — the active security pass is still mid-flight.
Prism operating map screenshot showing the process discovery map and assistant panel ⤢ Click to enlarge
#05

The real cost is trust

The hardening — per-customer isolation, audit trails, approval gates, encryption, compliance — is not optional polish, and skipping it does not save the time. It relocates the cost to the worst possible moment: a customer incident.


Skipping the trust tax relocates the cost to a customer incident Paying the security and trust tax now is a bounded, planned cost early that settles low. Skipping it stays near zero for a long time, then spikes far higher at a customer incident where trust is lost. Exposure / cost time → Customer incident — trust lost incident Pay now — bounded, planned Pay the trust tax now Skip it — the cost waits for the worst moment

Skipping looks cheaper for a long time. That is the trap: the cost does not disappear, it compounds in the dark and surfaces as a breach or a failed enterprise review — exactly when it is most expensive and least recoverable.

Risk 1

Cross-tenant exposure and breach

Without per-customer isolation, an immutable audit trail, encryption-at-rest, and approval gates on outbound email, sensitive process evidence and stakeholder quotes are exposed to cross-tenant leakage, unreviewed external messages, and untraceable actions. On a surface that has not paid the trust tax, that is exactly the gap a breach walks through.

Risk 2

Trust you only get to lose once

Regulated buyers in banking and insurance ask for the audit trail, data residency, and SOC 2 posture before they move past POC. No hardening means no enterprise deal — and a single breach with a design partner erases the credibility the whole discovery motion depends on. Trust is the product here.

Why the surface decides everything

Beam already carries most of this hardening; Prism would have to build all of it under deadline pressure. "Just ship it in Prism" quietly means "ship the trust risk too" — and that is the one thing in this motion you cannot rebuild after it breaks.

#06

The one decision

This is a single call, not a list: which surface do we productionize Process Discovery on? Pilot scope, owners, and the success metric all follow from that one choice.


Build Process Discovery on the Beam platform.

Use the standalone app only as a short pilot wedge if we need a faster signal, and keep Prism as the internal discovery workbench. Everything else — pilot scope, owners, the success metric — is execution that follows this one decision.