Healthcare Intelligence OS

Persistent Agent Workspace v1

Tenant-scoped agent work orders with saved state, Trust Cards, review gates, audit timelines, and proof packets.

SCRIMED Persistent Agent Workspace v1 turns protected synthetic pilot sessions into resumable enterprise work orders for RCM, research, clinical operations, investor workflows, security reviews, and data transformation. Live clinical execution remains blocked by design.

Statuspersistent-agent-workspace-v1-ready
Capabilities8
Work orders7
States9
Event types8
Model routes7
Review gates5
Audit events5
Governance packs5
Quality replacements2
External approvals3

Workspace boundary

No limitation is left vague; every gap has a control, replacement path, or external approval gate.

Persistent Agent Workspace v1 coordinates tenant-scoped synthetic work orders, saved state contracts, Trust Cards, audit timelines, reviewer checkpoints, and proof packets. It does not authorize live PHI ingestion, autonomous clinical decisions, payer submission, patient outreach, medical-record mutation, or production connector execution.

No known limitation is left vague: each is either controlled by an active boundary, replaced with a safer synthetic quality process, or marked as an external approval gate that cannot be honestly resolved in code alone.

Protected work-order mutations now use /api/agent-workspaces/{workspaceSlug}/work-orders and detail transitions use /api/agent-workspaces/{workspaceSlug}/work-orders/{workOrderId}. Both routes remain bearer-token, tenant-isolated, and synthetic-only. Audited work-order proof packets use /api/agent-workspaces/{workspaceSlug}/work-orders/{workOrderId}/proof-packet; workspace dashboard filters support state, workOrderType, assignedReviewerId, minRetryCount, governanceStatus. Customer-tailored governance packs are available at /governance-packs.

Capabilities

Workspace v1 composes existing protected storage, governance, and audit controls into long-running work-order foundations.

active-control

Tenant-scoped workspace context

Builds on protected pilot workspaces, Supabase Auth, tenant memberships, and Postgres row-level security.

  • Proof: /pilot-workspace
  • Customer SSO, reviewer authority, purpose-of-use, consent, and deployment-specific access review before PHI.
active-control

Saved work-order state

Adds dedicated RLS-backed work-order and event tables with RPC-only protected mutation contracts for create, resume, transition, retry, review, and close states.

  • Proof: /api/agent-workspaces/{workspaceSlug}/work-orders
  • Database migration, RLS verification, authenticated tenant smoke test, retention policy, and advisor review are required per environment.
v1-ready

Isolated agent execution

Every work order is bound to a sandbox, memory scopes, tool scopes, denied actions, and human checkpoints.

  • Proof: /agents
  • Live tools require scoped credentials, connector approvals, timeout/retry policy, and emergency shutdown controls.
v1-ready

Model-router policy decisions

Work orders carry task-aware provider class, fallback, PHI sensitivity, latency, cost, and denial conditions.

  • Proof: /trust-os
  • Provider contracts, BAA/DPA posture, regional rules, telemetry, budget limits, and rollback tests.
active-control

Human approval checkpoints

Reviewer roles and dispositions are explicit before outputs can move from synthetic proof to buyer-facing evidence.

  • Proof: /pilot-workspace
  • Licensed clinical, RCM, research, legal, or security reviewer authority must be approved per workflow.
active-control

Downloadable proof packets

Workspace proof packets combine work-order plan, Trust Cards, reviewer checkpoints, audit timeline, blocked actions, limitations register, and explicit legal/privacy/security/safety boundaries.

  • Proof: /api/agent-workspaces/{workspaceSlug}/work-orders/{workOrderId}/proof-packet
  • Production packets need customer branding, legal disclaimers, evidence retention policy, confidentiality controls, and legal/privacy/security review.
active-control

Server-audited retention, legal hold, and incident export ledger

Adds an append-only tenant governance ledger for retention policies, legal holds, legal releases, and write-before-release incident exports with RLS visibility and AAL2 mutations.

  • Proof: /api/agent-workspaces/{workspaceSlug}/governance-ledger
  • Customer counsel, privacy owner, incident commander, retention schedule, DPA/BAA path, and customer-specific legal hold workflow must be approved before live regulated data.
active-control

Customer-specific governance workflow packs

Provides reusable retention, legal-review, legal-hold, incident-export, and blocked-claims workflow packs by buyer archetype for protected enterprise pilots.

  • Proof: /governance-packs
  • Each customer pack still requires buyer-specific legal, privacy, security, workflow-owner, and reviewer authority approval before production use.

Governance packs

Customer-specific retention and legal-review operating packs make the workspace sellable without crossing production boundaries.

pilot-ready

Provider Operations Retention Review Pack

Provider organization evaluating synthetic workflow automation before PHI access.. Retention schedule, reviewer authority, proof packet handling, and release controls for synthetic care operations work orders.

Included in protected enterprise pilot scope and annual platform readiness review.
  • Retention: 90 to 180 days for synthetic pilot evidence
  • Release gate: AAL2 tenant-admin or pilot-lead request with write-before-release ledger event
  • Blocked claims: HIPAA compliant, SOC 2 certified, FDA cleared, Clinical decision support authorized
pilot-ready

Payer And RCM Incident Export Pack

Organization testing RCM or payer intelligence with synthetic claims and policy evidence.. Controls for denial-risk work orders, retention of policy evidence, incident export, and no-submission boundaries.

Premium add-on for RCM, payer, and revenue integrity protected pilots.
  • Retention: 120 to 365 days for synthetic payer workflow evidence
  • Release gate: AAL2 tenant-admin or pilot-lead request with incident severity recorded
  • Blocked claims: Revenue guaranteed, Coverage approved, Coding finalized, Payer submission authorized
customer-tailoring-required

TrialCore Research Legal Hold Pack

Research organization evaluating synthetic trial matching or eligibility review.. Research-review controls for eligibility evidence, legal hold, protocol-source retention, and no-outreach boundaries.

Research operations premium pilot module with external governance tailoring.
  • Retention: 180 to 365 days for synthetic research evidence
  • Release gate: AAL2 governance request and research reviewer awareness
  • Blocked claims: Patient eligible, Enrollment recommended, Trial match clinically validated
external-review-required

Public Sector Sovereign Retention Pack

Public-sector buyer requiring regional retention, sovereignty, and audit evidence planning.. Sovereign deployment readiness, retention controls, incident export, and jurisdiction-specific approval gates.

Strategic platform partnership and public-sector protected pilot requirement.
  • Retention: Customer-defined by jurisdiction and procurement requirements
  • Release gate: AAL2 request plus named public-sector incident owner
  • Blocked claims: Sovereign compliant, Government approved, Production authorized
customer-tailoring-required

Enterprise BAA/DPA Readiness Pack

Enterprise buyer preparing contract, privacy, security, and production-readiness diligence.. Contract-readiness controls for BAA/DPA path, retention schedule, legal review, incident export, and human-review operating model.

Required for protected enterprise pilot conversion and annual operating license diligence.
  • Retention: 90 to 365 days until customer policy is approved
  • Release gate: AAL2 governance request with customer owner mapped
  • Blocked claims: HIPAA certified, SOC 2 certified, BAA approved, Production ready

Work orders

Each work order owns its agent, state machine, memory, tools, model policy, Trust Card, reviewer gates, and blocked actions.

v1-ready

RCM denial appeal generation

Revenue cycle, payer operations, and finance leadership. Draft a reviewable denial appeal outline from synthetic claim context, payer policy evidence, missing documentation, and reviewer disposition.

PayerIQ + RCM Agent
  • Resume from missing-evidence review, appeal-draft revision, or governance disposition.
  • metadata-only payer workflow; deny if live claim identifiers, member IDs, or PHI appear.
  • Blocked: final coding, payer submission, reimbursement guarantee, coverage determination
v1-ready

Clinical trial matching

Research operations, oncology programs, academic medical centers, and trial networks. Create a reviewable eligibility work order with criteria trace, exclusion flags, missing evidence, and research-review queue.

TrialCore
  • Resume from missing criteria, exclusion review, or research disposition.
  • synthetic research workflow; deny patient outreach, enrollment claims, or treatment recommendation.
  • Blocked: patient outreach, enrollment recommendation, treatment recommendation, live record ingestion
production-gated

Pre-visit chart review

Clinics, physician groups, care teams, and clinical operations. Prepare a synthetic chart-review work order with risk signals, missing data, agenda prompts, and clinician review boundary.

Sanar AI + CareExplain
  • Resume from missing-data review, clinician clarification, or agenda revision.
  • PHI-blocked until BAA, consent, FHIR profile validation, and clinician governance are approved.
  • Blocked: diagnosis, treatment recommendation, patient instruction, medical-record mutation
production-gated

Post-visit care plan drafting

Clinical teams, care coordination, and patient access operations. Draft review-only follow-up and care-plan support from synthetic context while preserving clinician authorship.

CareExplain + Perfect Chart
  • Resume from clinician revision, task clarification, or education review.
  • PHI-blocked and clinician-held; deny autonomous patient instruction or order entry.
  • Blocked: order entry, patient outreach, final care plan, clinical advice without clinician review
v1-ready

Investor outreach tracking

Founder, executive leadership, investor relations, and strategic partnerships. Track investor outreach tasks, diligence artifacts, follow-up state, proof surfaces, and non-confidential messaging boundaries.

Investor Agent
  • Resume from next follow-up, diligence question, or proof packet export.
  • business-contact and non-confidential company context only; deny PHI, secrets, and unsupported claims.
  • Blocked: financial misrepresentation, unsupported medical claims, PHI disclosure, confidential buyer disclosure
quality-process-replacement

Security scan

Security, engineering, enterprise diligence, and compliance reviewers. Create a repeatable security-review work order that tracks headers, dependency posture, route boundaries, logs, and evidence gaps.

Governance Agent + Watchtower
  • Resume from failing gate, mitigation task, external assessor review, or verification pass.
  • no secrets in prompts; deny credential handling and production access tokens.
  • Blocked: secrets capture, credential rotation without owner, claiming SOC 2/HIPAA certification, destructive remediation
production-gated

Data transformation job

Interoperability, analytics, implementation, and data platform teams. Plan synthetic transformations across forms, tables, referrals, claims, FHIR resources, HL7 messages, and evidence packets.

Interoperability Agent + DocuTwin
  • Resume from schema gap, fixture diff, terminology mapping, or integration review.
  • synthetic fixture transformation only; deny production data movement without connector and privacy approval.
  • Blocked: production data movement, PHI export, record mutation, connector certification claim

Model router

Every work order carries provider class, fallback behavior, PHI sensitivity, routing criteria, and denial conditions.

synthetic-only

rcm-denial-appeal-generation

general-reasoning-model with fallback to deny-or-human-review-queue.

metadata-only payer workflow; deny if live claim identifiers, member IDs, or PHI appear.
  • task type
  • workflow risk
  • evidence requirements
  • latency target
  • cost budget
  • context length
  • provider availability
  • PHI sensitivity
synthetic-only

clinical-trial-matching

general-reasoning-model with fallback to deny-or-human-review-queue.

synthetic research workflow; deny patient outreach, enrollment claims, or treatment recommendation.
  • task type
  • workflow risk
  • evidence requirements
  • latency target
  • cost budget
  • context length
  • provider availability
  • PHI sensitivity
phi-blocked

pre-visit-chart-review

approved-healthcare-model-required with fallback to deny-or-human-review-queue.

PHI-blocked until BAA, consent, FHIR profile validation, and clinician governance are approved.
  • task type
  • workflow risk
  • evidence requirements
  • latency target
  • cost budget
  • context length
  • provider availability
  • PHI sensitivity
phi-blocked

post-visit-care-plan-drafting

approved-healthcare-model-required with fallback to deny-or-human-review-queue.

PHI-blocked and clinician-held; deny autonomous patient instruction or order entry.
  • task type
  • workflow risk
  • evidence requirements
  • latency target
  • cost budget
  • context length
  • provider availability
  • PHI sensitivity
synthetic-only

investor-outreach-tracking

general-reasoning-model with fallback to deny-or-human-review-queue.

business-contact and non-confidential company context only; deny PHI, secrets, and unsupported claims.
  • task type
  • workflow risk
  • evidence requirements
  • latency target
  • cost budget
  • context length
  • provider availability
  • PHI sensitivity
synthetic-only

security-scan

general-reasoning-model with fallback to deny-or-human-review-queue.

no secrets in prompts; deny credential handling and production access tokens.
  • task type
  • workflow risk
  • evidence requirements
  • latency target
  • cost budget
  • context length
  • provider availability
  • PHI sensitivity
phi-blocked

data-transformation-job

approved-healthcare-model-required with fallback to deny-or-human-review-queue.

synthetic fixture transformation only; deny production data movement without connector and privacy approval.
  • task type
  • workflow risk
  • evidence requirements
  • latency target
  • cost budget
  • context length
  • provider availability
  • PHI sensitivity

Audit and review

Work orders remain replayable, review-gated, and evidence-linked before any buyer-facing proof is released.

v1-ready

work-order-created

Planner Agent

  • work-order type, tenant workspace, objective, state, owner agent, denied actions
v1-ready

agent-route-selected

Router Agent

  • agent owner, tool scopes, memory scopes, model-router decision, fallback policy
active-control

trustqa-verification-held

TrustQA

  • Trust Card requirement, source attribution, confidence, uncertainty, safety boundary
active-control

human-review-requested

Governance Agent

  • checkpoint, reviewer role, disposition options, escalation state
active-control

proof-packet-exported

Tenant reviewer

  • synthetic-only proof packet, audit timeline, blocked actions, limitation-resolution register

Reviewer checkpoints

Human review is a workflow primitive, not a footnote.

human review

Clinical review

Any chart, care-plan, documentation, risk, education, or patient-facing draft.

Licensed clinician or approved delegated clinical reviewer
  • Allows synthetic proof packet release or customer-reviewed draft progression.
  • Keeps the work order held and records evidence gap, unsafe claim, or review reason.
human review

Payer or RCM review

Prior authorization, claims, denial appeal, coding, and reimbursement-adjacent work.

Qualified RCM, payer operations, or coding reviewer
  • Allows review-only packet progression without payer submission.
  • Blocks submission-like actions and records missing policy or documentation evidence.
human review

Research review

Trial matching, protocol screening, cohort review, and research operations.

Research operations reviewer, investigator delegate, or clinical research lead
  • Allows eligibility evidence packet release for research review.
  • Blocks outreach, enrollment language, and unsupported eligibility claims.
human review

Security and privacy review

Workspace persistence, data transformation, model routing, connector use, and protected data handling.

Security, privacy, legal, or compliance owner
  • Allows the next gated pilot step within approved data boundary.
  • Blocks production data movement and records remediation tasks.
human review

Executive sponsor review

Commercial, investor, partnership, or enterprise expansion decisions.

Founder, executive sponsor, or authorized business owner
  • Allows business-facing packet release with controlled claims.
  • Blocks public or buyer-facing release until claims and scope are corrected.

Known limitations

Limitations are converted into active controls, safer quality processes, or named external approvals.

active-control

Dedicated long-running work-order persistence requires per-environment migration verification.

Work-order creation and resume must fail closed until each deployment has the dedicated RLS tables, RPCs, and grants applied.

Use dedicated agent workspace work-order tables, append-only work-order events, explicit authenticated grants, and RPC-only mutations with route-level AAL2 and rate-limit checks.
  • Apply migration, verify RLS with an authenticated tenant, run database advisors, and approve customer-specific retention/legal-hold policy.

API contracts

The public v1 surface is inspectable today; protected mutation contracts stay behind AAL2 tenant governance.

v1-ready

GET /agent-workspace

Public product evidence surface

Inspect Persistent Agent Workspace v1 work orders, state machine, limitations resolution, and proof routes.
v1-ready

GET /api/agent-workspace

Public synthetic product API

Return the typed workspace summary for investor, buyer, and internal product diligence.
v1-ready

GET /api/agent-workspace/brief

Public synthetic product API

Download the workspace architecture and limitation-resolution brief.
v1-ready

GET /api/agent-workspace/proof-packet

Public synthetic product API

Download a preview proof packet for a deterministic synthetic Persistent Agent Workspace.
active-control

GET / POST /api/pilot-workspaces/{workspaceSlug}/sessions

AAL2 bearer token + authorized tenant role + rate limit

Persist synthetic evaluation sessions that can anchor workspace work-order evidence.
active-control

GET / POST /api/pilot-workspaces/{workspaceSlug}/trustos-decisions

AAL2 bearer token + authorized tenant role + rate limit

Commit TrustOS decisions and model-route governance evidence to the tenant ledger.
active-control

GET / POST /api/agent-workspaces/{workspaceSlug}/work-orders

GET: bearer token + workspace membership. POST: AAL2 bearer token + authorized tenant role + rate limit.

List, filter, summarize, and create persistent synthetic work orders through dedicated RLS-backed tables and RPC-only mutations.
active-control

GET / PATCH /api/agent-workspaces/{workspaceSlug}/work-orders/{workOrderId}

GET: bearer token + workspace membership. PATCH: AAL2 bearer token + authorized tenant role + rate limit.

Inspect a work order with its event trail or transition state for review, retry, assignment, proof readiness, blocking, or closure.
active-control

GET /api/agent-workspaces/{workspaceSlug}/work-orders/{workOrderId}/proof-packet

AAL2 bearer token + authorized tenant role + rate limit + append-only audit event before release.

Download an audited Markdown proof packet for one persistent synthetic work order with Trust Card, event trail, reviewer checkpoints, blocked actions, and safety boundaries.
active-control

GET / POST /api/agent-workspaces/{workspaceSlug}/governance-ledger

GET: bearer token + workspace membership. POST: AAL2 bearer token + tenant-admin or pilot-lead role + rate limit.

List and record append-only retention, legal-hold, legal-release, and incident-export governance evidence for a protected pilot workspace.
active-control

POST /api/agent-workspaces/{workspaceSlug}/governance-ledger/incident-export

AAL2 bearer token + tenant-admin or pilot-lead role + rate limit + ledger write before Markdown release.

Download a server-audited incident export packet only after the governance-ledger incident-export event is committed.
active-control

GET /api/agent-workspace/governance-packs

Public synthetic product API

Return customer-tailorable governance workflow packs for retention, legal review, legal hold, incident export, evidence artifacts, and blocked claims.
active-control

GET /api/agent-workspace/governance-packs/brief

Public synthetic product API

Download a Markdown brief describing the governance workflow packs and authenticated smoke CI secret contract.