Persistent Agent Workspace v1
Tenant-scoped agent work orders with saved state, Trust Cards, review gates, audit timelines, and proof packets.
SCRIMED Persistent Agent Workspace v1 turns protected synthetic pilot sessions into resumable enterprise work orders for RCM, research, clinical operations, investor workflows, security reviews, and data transformation. Live clinical execution remains blocked by design.
Workspace boundary
No limitation is left vague; every gap has a control, replacement path, or external approval gate.
Persistent Agent Workspace v1 coordinates tenant-scoped synthetic work orders, saved state contracts, Trust Cards, audit timelines, reviewer checkpoints, and proof packets. It does not authorize live PHI ingestion, autonomous clinical decisions, payer submission, patient outreach, medical-record mutation, or production connector execution.
No known limitation is left vague: each is either controlled by an active boundary, replaced with a safer synthetic quality process, or marked as an external approval gate that cannot be honestly resolved in code alone.
Protected work-order mutations now use /api/agent-workspaces/{workspaceSlug}/work-orders and detail transitions use /api/agent-workspaces/{workspaceSlug}/work-orders/{workOrderId}. Both routes remain bearer-token, tenant-isolated, and synthetic-only. Audited work-order proof packets use /api/agent-workspaces/{workspaceSlug}/work-orders/{workOrderId}/proof-packet; workspace dashboard filters support state, workOrderType, assignedReviewerId, minRetryCount, governanceStatus. Customer-tailored governance packs are available at /governance-packs.
Capabilities
Workspace v1 composes existing protected storage, governance, and audit controls into long-running work-order foundations.
Tenant-scoped workspace context
Builds on protected pilot workspaces, Supabase Auth, tenant memberships, and Postgres row-level security.
- Proof: /pilot-workspace
- Customer SSO, reviewer authority, purpose-of-use, consent, and deployment-specific access review before PHI.
Saved work-order state
Adds dedicated RLS-backed work-order and event tables with RPC-only protected mutation contracts for create, resume, transition, retry, review, and close states.
- Proof: /api/agent-workspaces/{workspaceSlug}/work-orders
- Database migration, RLS verification, authenticated tenant smoke test, retention policy, and advisor review are required per environment.
Isolated agent execution
Every work order is bound to a sandbox, memory scopes, tool scopes, denied actions, and human checkpoints.
- Proof: /agents
- Live tools require scoped credentials, connector approvals, timeout/retry policy, and emergency shutdown controls.
Model-router policy decisions
Work orders carry task-aware provider class, fallback, PHI sensitivity, latency, cost, and denial conditions.
- Proof: /trust-os
- Provider contracts, BAA/DPA posture, regional rules, telemetry, budget limits, and rollback tests.
Human approval checkpoints
Reviewer roles and dispositions are explicit before outputs can move from synthetic proof to buyer-facing evidence.
- Proof: /pilot-workspace
- Licensed clinical, RCM, research, legal, or security reviewer authority must be approved per workflow.
Downloadable proof packets
Workspace proof packets combine work-order plan, Trust Cards, reviewer checkpoints, audit timeline, blocked actions, limitations register, and explicit legal/privacy/security/safety boundaries.
- Proof: /api/agent-workspaces/{workspaceSlug}/work-orders/{workOrderId}/proof-packet
- Production packets need customer branding, legal disclaimers, evidence retention policy, confidentiality controls, and legal/privacy/security review.
Server-audited retention, legal hold, and incident export ledger
Adds an append-only tenant governance ledger for retention policies, legal holds, legal releases, and write-before-release incident exports with RLS visibility and AAL2 mutations.
- Proof: /api/agent-workspaces/{workspaceSlug}/governance-ledger
- Customer counsel, privacy owner, incident commander, retention schedule, DPA/BAA path, and customer-specific legal hold workflow must be approved before live regulated data.
Customer-specific governance workflow packs
Provides reusable retention, legal-review, legal-hold, incident-export, and blocked-claims workflow packs by buyer archetype for protected enterprise pilots.
- Proof: /governance-packs
- Each customer pack still requires buyer-specific legal, privacy, security, workflow-owner, and reviewer authority approval before production use.
Governance packs
Customer-specific retention and legal-review operating packs make the workspace sellable without crossing production boundaries.
Provider Operations Retention Review Pack
Provider organization evaluating synthetic workflow automation before PHI access.. Retention schedule, reviewer authority, proof packet handling, and release controls for synthetic care operations work orders.
- Retention: 90 to 180 days for synthetic pilot evidence
- Release gate: AAL2 tenant-admin or pilot-lead request with write-before-release ledger event
- Blocked claims: HIPAA compliant, SOC 2 certified, FDA cleared, Clinical decision support authorized
Payer And RCM Incident Export Pack
Organization testing RCM or payer intelligence with synthetic claims and policy evidence.. Controls for denial-risk work orders, retention of policy evidence, incident export, and no-submission boundaries.
- Retention: 120 to 365 days for synthetic payer workflow evidence
- Release gate: AAL2 tenant-admin or pilot-lead request with incident severity recorded
- Blocked claims: Revenue guaranteed, Coverage approved, Coding finalized, Payer submission authorized
TrialCore Research Legal Hold Pack
Research organization evaluating synthetic trial matching or eligibility review.. Research-review controls for eligibility evidence, legal hold, protocol-source retention, and no-outreach boundaries.
- Retention: 180 to 365 days for synthetic research evidence
- Release gate: AAL2 governance request and research reviewer awareness
- Blocked claims: Patient eligible, Enrollment recommended, Trial match clinically validated
Public Sector Sovereign Retention Pack
Public-sector buyer requiring regional retention, sovereignty, and audit evidence planning.. Sovereign deployment readiness, retention controls, incident export, and jurisdiction-specific approval gates.
- Retention: Customer-defined by jurisdiction and procurement requirements
- Release gate: AAL2 request plus named public-sector incident owner
- Blocked claims: Sovereign compliant, Government approved, Production authorized
Enterprise BAA/DPA Readiness Pack
Enterprise buyer preparing contract, privacy, security, and production-readiness diligence.. Contract-readiness controls for BAA/DPA path, retention schedule, legal review, incident export, and human-review operating model.
- Retention: 90 to 365 days until customer policy is approved
- Release gate: AAL2 governance request with customer owner mapped
- Blocked claims: HIPAA certified, SOC 2 certified, BAA approved, Production ready
Work orders
Each work order owns its agent, state machine, memory, tools, model policy, Trust Card, reviewer gates, and blocked actions.
RCM denial appeal generation
Revenue cycle, payer operations, and finance leadership. Draft a reviewable denial appeal outline from synthetic claim context, payer policy evidence, missing documentation, and reviewer disposition.
- Resume from missing-evidence review, appeal-draft revision, or governance disposition.
- metadata-only payer workflow; deny if live claim identifiers, member IDs, or PHI appear.
- Blocked: final coding, payer submission, reimbursement guarantee, coverage determination
Clinical trial matching
Research operations, oncology programs, academic medical centers, and trial networks. Create a reviewable eligibility work order with criteria trace, exclusion flags, missing evidence, and research-review queue.
- Resume from missing criteria, exclusion review, or research disposition.
- synthetic research workflow; deny patient outreach, enrollment claims, or treatment recommendation.
- Blocked: patient outreach, enrollment recommendation, treatment recommendation, live record ingestion
Pre-visit chart review
Clinics, physician groups, care teams, and clinical operations. Prepare a synthetic chart-review work order with risk signals, missing data, agenda prompts, and clinician review boundary.
- Resume from missing-data review, clinician clarification, or agenda revision.
- PHI-blocked until BAA, consent, FHIR profile validation, and clinician governance are approved.
- Blocked: diagnosis, treatment recommendation, patient instruction, medical-record mutation
Post-visit care plan drafting
Clinical teams, care coordination, and patient access operations. Draft review-only follow-up and care-plan support from synthetic context while preserving clinician authorship.
- Resume from clinician revision, task clarification, or education review.
- PHI-blocked and clinician-held; deny autonomous patient instruction or order entry.
- Blocked: order entry, patient outreach, final care plan, clinical advice without clinician review
Investor outreach tracking
Founder, executive leadership, investor relations, and strategic partnerships. Track investor outreach tasks, diligence artifacts, follow-up state, proof surfaces, and non-confidential messaging boundaries.
- Resume from next follow-up, diligence question, or proof packet export.
- business-contact and non-confidential company context only; deny PHI, secrets, and unsupported claims.
- Blocked: financial misrepresentation, unsupported medical claims, PHI disclosure, confidential buyer disclosure
Security scan
Security, engineering, enterprise diligence, and compliance reviewers. Create a repeatable security-review work order that tracks headers, dependency posture, route boundaries, logs, and evidence gaps.
- Resume from failing gate, mitigation task, external assessor review, or verification pass.
- no secrets in prompts; deny credential handling and production access tokens.
- Blocked: secrets capture, credential rotation without owner, claiming SOC 2/HIPAA certification, destructive remediation
Data transformation job
Interoperability, analytics, implementation, and data platform teams. Plan synthetic transformations across forms, tables, referrals, claims, FHIR resources, HL7 messages, and evidence packets.
- Resume from schema gap, fixture diff, terminology mapping, or integration review.
- synthetic fixture transformation only; deny production data movement without connector and privacy approval.
- Blocked: production data movement, PHI export, record mutation, connector certification claim
Model router
Every work order carries provider class, fallback behavior, PHI sensitivity, routing criteria, and denial conditions.
rcm-denial-appeal-generation
general-reasoning-model with fallback to deny-or-human-review-queue.
- task type
- workflow risk
- evidence requirements
- latency target
- cost budget
- context length
- provider availability
- PHI sensitivity
clinical-trial-matching
general-reasoning-model with fallback to deny-or-human-review-queue.
- task type
- workflow risk
- evidence requirements
- latency target
- cost budget
- context length
- provider availability
- PHI sensitivity
pre-visit-chart-review
approved-healthcare-model-required with fallback to deny-or-human-review-queue.
- task type
- workflow risk
- evidence requirements
- latency target
- cost budget
- context length
- provider availability
- PHI sensitivity
post-visit-care-plan-drafting
approved-healthcare-model-required with fallback to deny-or-human-review-queue.
- task type
- workflow risk
- evidence requirements
- latency target
- cost budget
- context length
- provider availability
- PHI sensitivity
investor-outreach-tracking
general-reasoning-model with fallback to deny-or-human-review-queue.
- task type
- workflow risk
- evidence requirements
- latency target
- cost budget
- context length
- provider availability
- PHI sensitivity
security-scan
general-reasoning-model with fallback to deny-or-human-review-queue.
- task type
- workflow risk
- evidence requirements
- latency target
- cost budget
- context length
- provider availability
- PHI sensitivity
data-transformation-job
approved-healthcare-model-required with fallback to deny-or-human-review-queue.
- task type
- workflow risk
- evidence requirements
- latency target
- cost budget
- context length
- provider availability
- PHI sensitivity
Audit and review
Work orders remain replayable, review-gated, and evidence-linked before any buyer-facing proof is released.
work-order-created
Planner Agent
- work-order type, tenant workspace, objective, state, owner agent, denied actions
agent-route-selected
Router Agent
- agent owner, tool scopes, memory scopes, model-router decision, fallback policy
trustqa-verification-held
TrustQA
- Trust Card requirement, source attribution, confidence, uncertainty, safety boundary
human-review-requested
Governance Agent
- checkpoint, reviewer role, disposition options, escalation state
proof-packet-exported
Tenant reviewer
- synthetic-only proof packet, audit timeline, blocked actions, limitation-resolution register
Reviewer checkpoints
Human review is a workflow primitive, not a footnote.
Clinical review
Any chart, care-plan, documentation, risk, education, or patient-facing draft.
- Allows synthetic proof packet release or customer-reviewed draft progression.
- Keeps the work order held and records evidence gap, unsafe claim, or review reason.
Payer or RCM review
Prior authorization, claims, denial appeal, coding, and reimbursement-adjacent work.
- Allows review-only packet progression without payer submission.
- Blocks submission-like actions and records missing policy or documentation evidence.
Research review
Trial matching, protocol screening, cohort review, and research operations.
- Allows eligibility evidence packet release for research review.
- Blocks outreach, enrollment language, and unsupported eligibility claims.
Security and privacy review
Workspace persistence, data transformation, model routing, connector use, and protected data handling.
- Allows the next gated pilot step within approved data boundary.
- Blocks production data movement and records remediation tasks.
Executive sponsor review
Commercial, investor, partnership, or enterprise expansion decisions.
- Allows business-facing packet release with controlled claims.
- Blocks public or buyer-facing release until claims and scope are corrected.
Known limitations
Limitations are converted into active controls, safer quality processes, or named external approvals.
Live PHI ingestion is not enabled.
SCRIMED cannot yet process real patient records inside production workflows.
- BAA/DPA, privacy notice, consent, retention, security review, and customer authorization.
Autonomous clinical decisions remain prohibited.
SCRIMED cannot diagnose, treat, instruct patients, or replace clinician judgment.
- Licensed clinician validation and regulatory intended-use review before clinical decision-support claims.
Clinical correctness and safety scores are not externally validated.
Validation fields cannot be marketed as clinical-performance claims.
- Clinician rubric, validation study, data-quality review, and governance sign-off.
Dedicated long-running work-order persistence requires per-environment migration verification.
Work-order creation and resume must fail closed until each deployment has the dedicated RLS tables, RPCs, and grants applied.
- Apply migration, verify RLS with an authenticated tenant, run database advisors, and approve customer-specific retention/legal-hold policy.
Production model routing across vendors is not active.
SCRIMED should not route PHI or regulated tasks to unapproved providers.
- Vendor contracts, BAA/DPA path, regional rules, telemetry, cost limits, and rollback tests.
Live EHR, payer, imaging, and device connectors remain blocked.
SCRIMED cannot mutate production records, submit payer transactions, or ingest live images/devices.
- Customer connector approval, security review, consent, audit, monitoring, and partner acceptance.
Sovereign deployment is not implemented.
Some hospitals, governments, and regions may require private, on-prem, or sovereign deployments before live data.
- Customer architecture review, regional compliance mapping, private networking, and local audit design.
Legal, HIPAA, SOC 2, regulatory, and reimbursement claims require external review.
SCRIMED cannot truthfully claim certification, clearance, compliance, reimbursement, or production readiness without evidence.
- Qualified counsel, security assessor, privacy owner, regulatory reviewer, and payer/reimbursement expert review.
API contracts
The public v1 surface is inspectable today; protected mutation contracts stay behind AAL2 tenant governance.
GET /agent-workspace
Public product evidence surface
Inspect Persistent Agent Workspace v1 work orders, state machine, limitations resolution, and proof routes.GET /api/agent-workspace
Public synthetic product API
Return the typed workspace summary for investor, buyer, and internal product diligence.GET /api/agent-workspace/brief
Public synthetic product API
Download the workspace architecture and limitation-resolution brief.GET /api/agent-workspace/proof-packet
Public synthetic product API
Download a preview proof packet for a deterministic synthetic Persistent Agent Workspace.GET / POST /api/pilot-workspaces/{workspaceSlug}/sessions
AAL2 bearer token + authorized tenant role + rate limit
Persist synthetic evaluation sessions that can anchor workspace work-order evidence.GET / POST /api/pilot-workspaces/{workspaceSlug}/trustos-decisions
AAL2 bearer token + authorized tenant role + rate limit
Commit TrustOS decisions and model-route governance evidence to the tenant ledger.GET / POST /api/agent-workspaces/{workspaceSlug}/work-orders
GET: bearer token + workspace membership. POST: AAL2 bearer token + authorized tenant role + rate limit.
List, filter, summarize, and create persistent synthetic work orders through dedicated RLS-backed tables and RPC-only mutations.GET / PATCH /api/agent-workspaces/{workspaceSlug}/work-orders/{workOrderId}
GET: bearer token + workspace membership. PATCH: AAL2 bearer token + authorized tenant role + rate limit.
Inspect a work order with its event trail or transition state for review, retry, assignment, proof readiness, blocking, or closure.GET /api/agent-workspaces/{workspaceSlug}/work-orders/{workOrderId}/proof-packet
AAL2 bearer token + authorized tenant role + rate limit + append-only audit event before release.
Download an audited Markdown proof packet for one persistent synthetic work order with Trust Card, event trail, reviewer checkpoints, blocked actions, and safety boundaries.GET / POST /api/agent-workspaces/{workspaceSlug}/governance-ledger
GET: bearer token + workspace membership. POST: AAL2 bearer token + tenant-admin or pilot-lead role + rate limit.
List and record append-only retention, legal-hold, legal-release, and incident-export governance evidence for a protected pilot workspace.POST /api/agent-workspaces/{workspaceSlug}/governance-ledger/incident-export
AAL2 bearer token + tenant-admin or pilot-lead role + rate limit + ledger write before Markdown release.
Download a server-audited incident export packet only after the governance-ledger incident-export event is committed.GET /api/agent-workspace/governance-packs
Public synthetic product API
Return customer-tailorable governance workflow packs for retention, legal review, legal hold, incident export, evidence artifacts, and blocked claims.GET /api/agent-workspace/governance-packs/brief
Public synthetic product API
Download a Markdown brief describing the governance workflow packs and authenticated smoke CI secret contract.