{"service":"scrimed-persistent-agent-workspace-v1","route":"/agent-workspace","apiRoute":"/api/agent-workspace","briefRoute":"/api/agent-workspace/brief","proofPacketRoute":"/api/agent-workspace/proof-packet","workOrderMutationRoute":"/api/agent-workspaces/{workspaceSlug}/work-orders","workOrderDetailRoute":"/api/agent-workspaces/{workspaceSlug}/work-orders/{workOrderId}","workOrderProofPacketRoute":"/api/agent-workspaces/{workspaceSlug}/work-orders/{workOrderId}/proof-packet","governanceLedgerRoute":"/api/agent-workspaces/{workspaceSlug}/governance-ledger","incidentExportRoute":"/api/agent-workspaces/{workspaceSlug}/governance-ledger/incident-export","governancePacksRoute":"/governance-packs","governancePacksApiRoute":"/api/agent-workspace/governance-packs","governancePacksBriefRoute":"/api/agent-workspace/governance-packs/brief","workOrderDashboardFilters":["state","workOrderType","assignedReviewerId","minRetryCount","governanceStatus"],"status":"persistent-agent-workspace-v1-ready","boundary":"Persistent Agent Workspace v1 coordinates tenant-scoped synthetic work orders, saved state contracts, Trust Cards, audit timelines, reviewer checkpoints, and proof packets. It does not authorize live PHI ingestion, autonomous clinical decisions, payer submission, patient outreach, medical-record mutation, or production connector execution.","foundation":{"protectedWorkspaceStatus":"protected-pilot-infrastructure-configured","protectedWorkspaceRoute":"/pilot-workspace","agentOSStatus":"synthetic-agent-platform-ready","agentOSRoute":"/agents","trustOSStatus":"executable-synthetic-governance-ready","trustOSRoute":"/trust-os","atlasStatus":"continuous-validation-operating-layer","atlasRoute":"/atlas","tenantIsolation":{"provider":"Postgres row-level security","configured":true,"control":"Every workspace, session, and audit query is constrained by authenticated membership policies."},"durableStore":{"provider":"Supabase Postgres","configured":true,"control":"Synthetic sessions and audit events persist in tenant-scoped tables; no service-role key is used by runtime APIs."},"rateLimit":{"provider":"Upstash Redis","configured":true,"fallback":"A bounded in-process limiter is retained for temporary distributed-provider outages."}},"previewWorkspace":{"id":"preview-workspace-atlas","tenantId":"preview-tenant","tenantName":"Synthetic Enterprise Preview","slug":"atlas-synthetic-evaluation","name":"Atlas Governed Workflow Evaluation","status":"synthetic-pilot","boundary":"Protected pilot workspaces retain governed synthetic evaluation evidence only. They do not accept live PHI, execute clinical care, submit payer transactions, contact patients, or authorize autonomous diagnosis or treatment.","createdAt":"2026-06-10T12:00:00.000Z"},"capabilityCount":8,"workOrderCount":7,"workOrderStateCount":9,"workOrderEventTypeCount":8,"governanceActionTypeCount":4,"incidentSeverityCount":5,"governanceWorkflowPackCount":5,"modelRouterDecisionCount":7,"reviewerCheckpointCount":5,"auditTimelineEventCount":5,"limitationCount":8,"activeLimitations":3,"qualityReplacements":2,"externalApprovals":3,"capabilities":[{"capability":"Tenant-scoped workspace context","status":"active-control","implementation":"Builds on protected pilot workspaces, Supabase Auth, tenant memberships, and Postgres row-level security.","proofRoute":"/pilot-workspace","productionGate":"Customer SSO, reviewer authority, purpose-of-use, consent, and deployment-specific access review before PHI."},{"capability":"Saved work-order state","status":"active-control","implementation":"Adds dedicated RLS-backed work-order and event tables with RPC-only protected mutation contracts for create, resume, transition, retry, review, and close states.","proofRoute":"/api/agent-workspaces/{workspaceSlug}/work-orders","productionGate":"Database migration, RLS verification, authenticated tenant smoke test, retention policy, and advisor review are required per environment."},{"capability":"Isolated agent execution","status":"v1-ready","implementation":"Every work order is bound to a sandbox, memory scopes, tool scopes, denied actions, and human checkpoints.","proofRoute":"/agents","productionGate":"Live tools require scoped credentials, connector approvals, timeout/retry policy, and emergency shutdown controls."},{"capability":"Model-router policy decisions","status":"v1-ready","implementation":"Work orders carry task-aware provider class, fallback, PHI sensitivity, latency, cost, and denial conditions.","proofRoute":"/trust-os","productionGate":"Provider contracts, BAA/DPA posture, regional rules, telemetry, budget limits, and rollback tests."},{"capability":"Human approval checkpoints","status":"active-control","implementation":"Reviewer roles and dispositions are explicit before outputs can move from synthetic proof to buyer-facing evidence.","proofRoute":"/pilot-workspace","productionGate":"Licensed clinical, RCM, research, legal, or security reviewer authority must be approved per workflow."},{"capability":"Downloadable proof packets","status":"active-control","implementation":"Workspace proof packets combine work-order plan, Trust Cards, reviewer checkpoints, audit timeline, blocked actions, limitations register, and explicit legal/privacy/security/safety boundaries.","proofRoute":"/api/agent-workspaces/{workspaceSlug}/work-orders/{workOrderId}/proof-packet","productionGate":"Production packets need customer branding, legal disclaimers, evidence retention policy, confidentiality controls, and legal/privacy/security review."},{"capability":"Server-audited retention, legal hold, and incident export ledger","status":"active-control","implementation":"Adds an append-only tenant governance ledger for retention policies, legal holds, legal releases, and write-before-release incident exports with RLS visibility and AAL2 mutations.","proofRoute":"/api/agent-workspaces/{workspaceSlug}/governance-ledger","productionGate":"Customer counsel, privacy owner, incident commander, retention schedule, DPA/BAA path, and customer-specific legal hold workflow must be approved before live regulated data."},{"capability":"Customer-specific governance workflow packs","status":"active-control","implementation":"Provides reusable retention, legal-review, legal-hold, incident-export, and blocked-claims workflow packs by buyer archetype for protected enterprise pilots.","proofRoute":"/governance-packs","productionGate":"Each customer pack still requires buyer-specific legal, privacy, security, workflow-owner, and reviewer authority approval before production use."}],"workOrders":[{"type":"rcm-denial-appeal-generation","name":"RCM denial appeal generation","status":"v1-ready","buyer":"Revenue cycle, payer operations, and finance leadership","agentOwner":"PayerIQ + RCM Agent","objective":"Draft a reviewable denial appeal outline from synthetic claim context, payer policy evidence, missing documentation, and reviewer disposition.","stateMachine":["drafted","planned","routed","sandboxed","trustqa-held","human-review","proof-ready"],"memoryScopes":["session","operational","knowledge"],"toolScopes":["policy evidence retrieval","claims metadata parser","appeal outline generator"],"modelRouterPolicy":"metadata-only payer workflow; deny if live claim identifiers, member IDs, or PHI appear.","trustCardRequirement":"Policy source, confidence, missing evidence, reviewer status, and no-reimbursement-guarantee boundary.","reviewerCheckpoints":["Payer or RCM review","Governance review"],"auditEvents":["work order drafted","policy evidence attached","appeal outline generated","review requested"],"resumableState":"Resume from missing-evidence review, appeal-draft revision, or governance disposition.","deliverable":"Appeal draft outline, policy rationale, missing-evidence list, and proof packet.","blockedActions":["final coding","payer submission","reimbursement guarantee","coverage determination"]},{"type":"clinical-trial-matching","name":"Clinical trial matching","status":"v1-ready","buyer":"Research operations, oncology programs, academic medical centers, and trial networks","agentOwner":"TrialCore","objective":"Create a reviewable eligibility work order with criteria trace, exclusion flags, missing evidence, and research-review queue.","stateMachine":["drafted","planned","routed","sandboxed","trustqa-held","human-review","proof-ready"],"memoryScopes":["session","knowledge"],"toolScopes":["criteria parser","trial evidence registry","eligibility gap detector"],"modelRouterPolicy":"synthetic research workflow; deny patient outreach, enrollment claims, or treatment recommendation.","trustCardRequirement":"Trial source, eligibility criteria version, confidence, uncertainty, and research reviewer state.","reviewerCheckpoints":["Research review","Clinical review","Governance review"],"auditEvents":["work order drafted","criteria mapped","evidence gaps attached","research review requested"],"resumableState":"Resume from missing criteria, exclusion review, or research disposition.","deliverable":"Eligibility trace, missing-evidence list, exclusion flags, and research proof packet.","blockedActions":["patient outreach","enrollment recommendation","treatment recommendation","live record ingestion"]},{"type":"pre-visit-chart-review","name":"Pre-visit chart review","status":"production-gated","buyer":"Clinics, physician groups, care teams, and clinical operations","agentOwner":"Sanar AI + CareExplain","objective":"Prepare a synthetic chart-review work order with risk signals, missing data, agenda prompts, and clinician review boundary.","stateMachine":["drafted","planned","routed","sandboxed","trustqa-held","human-review","proof-ready"],"memoryScopes":["session","operational","knowledge"],"toolScopes":["FHIR context mapper","missing-data detector","agenda prompt generator"],"modelRouterPolicy":"PHI-blocked until BAA, consent, FHIR profile validation, and clinician governance are approved.","trustCardRequirement":"Source trace, confidence, missing context, guideline/source version, and clinician reviewer status.","reviewerCheckpoints":["Clinical review","Governance review"],"auditEvents":["work order drafted","context mapped","risk prompt held","clinician review requested"],"resumableState":"Resume from missing-data review, clinician clarification, or agenda revision.","deliverable":"Pre-visit review brief, missing-data prompts, and clinician-held Trust Card.","blockedActions":["diagnosis","treatment recommendation","patient instruction","medical-record mutation"]},{"type":"post-visit-care-plan-drafting","name":"Post-visit care plan drafting","status":"production-gated","buyer":"Clinical teams, care coordination, and patient access operations","agentOwner":"CareExplain + Perfect Chart","objective":"Draft review-only follow-up and care-plan support from synthetic context while preserving clinician authorship.","stateMachine":["drafted","planned","routed","sandboxed","trustqa-held","human-review","proof-ready"],"memoryScopes":["session","operational"],"toolScopes":["care-plan outline generator","follow-up task planner","patient education draft support"],"modelRouterPolicy":"PHI-blocked and clinician-held; deny autonomous patient instruction or order entry.","trustCardRequirement":"Clinician reviewer status, source trace, uncertainty, patient-facing boundary, and blocked actions.","reviewerCheckpoints":["Clinical review","Governance review"],"auditEvents":["care-plan draft opened","education draft held","follow-up tasks staged","clinical review requested"],"resumableState":"Resume from clinician revision, task clarification, or education review.","deliverable":"Draft care-plan support packet, follow-up queue outline, and reviewer checklist.","blockedActions":["order entry","patient outreach","final care plan","clinical advice without clinician review"]},{"type":"investor-outreach-tracking","name":"Investor outreach tracking","status":"v1-ready","buyer":"Founder, executive leadership, investor relations, and strategic partnerships","agentOwner":"Investor Agent","objective":"Track investor outreach tasks, diligence artifacts, follow-up state, proof surfaces, and non-confidential messaging boundaries.","stateMachine":["drafted","planned","routed","sandboxed","human-review","proof-ready"],"memoryScopes":["session","operational"],"toolScopes":["diligence brief builder","follow-up tracker","proof-route selector"],"modelRouterPolicy":"business-contact and non-confidential company context only; deny PHI, secrets, and unsupported claims.","trustCardRequirement":"Claims register status, proof route, update timestamp, and reviewer status.","reviewerCheckpoints":["Executive sponsor review","Governance review"],"auditEvents":["outreach work order drafted","claims checked","proof routes attached","follow-up state recorded"],"resumableState":"Resume from next follow-up, diligence question, or proof packet export.","deliverable":"Investor follow-up tracker, diligence brief, claims-safe messaging packet.","blockedActions":["financial misrepresentation","unsupported medical claims","PHI disclosure","confidential buyer disclosure"]},{"type":"security-scan","name":"Security scan","status":"quality-process-replacement","buyer":"Security, engineering, enterprise diligence, and compliance reviewers","agentOwner":"Governance Agent + Watchtower","objective":"Create a repeatable security-review work order that tracks headers, dependency posture, route boundaries, logs, and evidence gaps.","stateMachine":["drafted","planned","routed","sandboxed","trustqa-held","human-review","proof-ready"],"memoryScopes":["operational","knowledge"],"toolScopes":["quality gate runner","runtime log review","security-header inspector"],"modelRouterPolicy":"no secrets in prompts; deny credential handling and production access tokens.","trustCardRequirement":"Evidence route, scan timestamp, severity, reviewer status, and remediation boundary.","reviewerCheckpoints":["Security review","Governance review"],"auditEvents":["scan work order opened","quality gates run","runtime logs reviewed","security review requested"],"resumableState":"Resume from failing gate, mitigation task, external assessor review, or verification pass.","deliverable":"Security evidence packet, blocker register, remediation queue, and verification timeline.","blockedActions":["secrets capture","credential rotation without owner","claiming SOC 2/HIPAA certification","destructive remediation"]},{"type":"data-transformation-job","name":"Data transformation job","status":"production-gated","buyer":"Interoperability, analytics, implementation, and data platform teams","agentOwner":"Interoperability Agent + DocuTwin","objective":"Plan synthetic transformations across forms, tables, referrals, claims, FHIR resources, HL7 messages, and evidence packets.","stateMachine":["drafted","planned","routed","sandboxed","trustqa-held","human-review","proof-ready"],"memoryScopes":["session","operational","knowledge"],"toolScopes":["schema mapper","FHIR/HL7 validator","fixture diff checker"],"modelRouterPolicy":"synthetic fixture transformation only; deny production data movement without connector and privacy approval.","trustCardRequirement":"Source schema, target schema, validation status, fixture fingerprint, and reviewer status.","reviewerCheckpoints":["Integration architect review","Privacy review","Governance review"],"auditEvents":["transformation work order drafted","schema mapped","fixture validated","review requested"],"resumableState":"Resume from schema gap, fixture diff, terminology mapping, or integration review.","deliverable":"Transformation map, fixture validation packet, schema gap list, and connector-readiness proof.","blockedActions":["production data movement","PHI export","record mutation","connector certification claim"]}],"governanceWorkflowPacks":[{"slug":"provider-operations-retention-review","name":"Provider Operations Retention Review Pack","status":"pilot-ready","buyerSegment":"Hospitals, clinics, physician groups, and care operations leaders","customerArchetype":"Provider organization evaluating synthetic workflow automation before PHI access.","scope":"Retention schedule, reviewer authority, proof packet handling, and release controls for synthetic care operations work orders.","workspaceFit":["pre-visit-chart-review","post-visit-care-plan-drafting","data-transformation-job"],"customerInputsRequired":["Pilot sponsor","Workflow owner","Record retention preference","Clinical reviewer role","Privacy contact","Security contact"],"retentionPolicyTemplate":{"defaultDuration":"90 to 180 days for synthetic pilot evidence","retentionTrigger":"Work-order creation, governed transition, proof-packet release, or incident export.","deletionGate":"Tenant-admin attestation plus privacy/security approval before evidence deletion.","approvalOwner":"Customer privacy owner or designated pilot governance lead"},"legalReviewWorkflow":{"steps":["Confirm synthetic-only pilot scope and no live PHI processing.","Map reviewer authority for clinical-adjacent drafts.","Approve proof-packet language and prohibited claims.","Record retention decision in the governance ledger."],"requiredApprovals":["Pilot sponsor","Privacy owner","Clinical governance owner"],"externalGates":["BAA/DPA path if live PHI is proposed","Licensed clinician validation before clinical claims"]},"incidentExportWorkflow":{"trigger":"Suspected boundary violation, unsafe claim, evidence-release dispute, or customer diligence request.","severityModel":["low","moderate","high","critical"],"exportPacket":["Committed governance-ledger entry","Workspace summary","Work-order snapshot","Boundary controls","Known limitations"],"releaseGate":"AAL2 tenant-admin or pilot-lead request with write-before-release ledger event"},"evidenceArtifacts":["Retention ledger entry","Legal-hold or release ledger entry when applicable","Work-order proof packet","Incident export packet"],"automationBoundaries":["No diagnosis","No treatment guidance","No patient outreach","No medical-record mutation","No production connector execution"],"blockedClaims":["HIPAA compliant","SOC 2 certified","FDA cleared","Clinical decision support authorized"],"pricingUse":"Included in protected enterprise pilot scope and annual platform readiness review."},{"slug":"payer-rcm-incident-export","name":"Payer And RCM Incident Export Pack","status":"pilot-ready","buyerSegment":"Payers, revenue cycle teams, denial management, and finance operators","customerArchetype":"Organization testing RCM or payer intelligence with synthetic claims and policy evidence.","scope":"Controls for denial-risk work orders, retention of policy evidence, incident export, and no-submission boundaries.","workspaceFit":["rcm-denial-appeal-generation","data-transformation-job"],"customerInputsRequired":["RCM owner","Payer operations owner","Policy source owner","No-submission acknowledgement","Revenue metric baseline"],"retentionPolicyTemplate":{"defaultDuration":"120 to 365 days for synthetic payer workflow evidence","retentionTrigger":"Denial work-order creation, policy source mapping, proof packet download, or incident export.","deletionGate":"Finance/RCM approval plus tenant-admin attestation.","approvalOwner":"RCM governance lead or payer operations owner"},"legalReviewWorkflow":{"steps":["Confirm no live claim identifiers, member IDs, or payer credentials.","Map payer policy source handling and citation boundaries.","Approve no-reimbursement-guarantee language.","Record retention or legal-hold decision in the governance ledger."],"requiredApprovals":["RCM owner","Compliance reviewer","Executive sponsor"],"externalGates":["Customer legal review before payer submission workflows","Coding/reimbursement expert review"]},"incidentExportWorkflow":{"trigger":"Potential payer-submission implication, unsupported reimbursement claim, or policy-source dispute.","severityModel":["low","moderate","high","critical"],"exportPacket":["Governance-ledger incident entry","Denial work-order snapshot","Policy evidence status","No-submission controls","Revenue metric caveats"],"releaseGate":"AAL2 tenant-admin or pilot-lead request with incident severity recorded"},"evidenceArtifacts":["Policy-source trace","Retention ledger entry","Work-order proof packet","Incident export packet"],"automationBoundaries":["No final coding","No payer submission","No coverage determination","No reimbursement guarantee"],"blockedClaims":["Revenue guaranteed","Coverage approved","Coding finalized","Payer submission authorized"],"pricingUse":"Premium add-on for RCM, payer, and revenue integrity protected pilots."},{"slug":"trialcore-research-legal-hold","name":"TrialCore Research Legal Hold Pack","status":"customer-tailoring-required","buyerSegment":"Academic medical centers, research operations, oncology programs, and trial networks","customerArchetype":"Research organization evaluating synthetic trial matching or eligibility review.","scope":"Research-review controls for eligibility evidence, legal hold, protocol-source retention, and no-outreach boundaries.","workspaceFit":["clinical-trial-matching","data-transformation-job"],"customerInputsRequired":["Research operations owner","Protocol source owner","IRB or governance contact where applicable","Research reviewer role","Protocol-version handling rule"],"retentionPolicyTemplate":{"defaultDuration":"180 to 365 days for synthetic research evidence","retentionTrigger":"Eligibility work-order creation, criteria trace release, review disposition, or incident export.","deletionGate":"Research governance approval plus tenant-admin attestation.","approvalOwner":"Research governance lead"},"legalReviewWorkflow":{"steps":["Confirm synthetic research workflow and no patient outreach.","Map criteria source, protocol version, and eligibility uncertainty language.","Approve reviewer role and escalation path.","Record legal-hold decision when protocol evidence must be preserved."],"requiredApprovals":["Research operations owner","Governance reviewer","Executive sponsor"],"externalGates":["IRB/legal review where applicable","Licensed clinician or investigator review before claims"]},"incidentExportWorkflow":{"trigger":"Eligibility claim dispute, protocol-source issue, or patient-outreach boundary concern.","severityModel":["low","moderate","high","critical"],"exportPacket":["Ledger incident entry","Eligibility work-order snapshot","Criteria source state","Reviewer status","No-outreach controls"],"releaseGate":"AAL2 governance request and research reviewer awareness"},"evidenceArtifacts":["Eligibility trace","Legal-hold ledger entry","Research proof packet","Incident export packet"],"automationBoundaries":["No enrollment recommendation","No patient outreach","No treatment recommendation","No live record ingestion"],"blockedClaims":["Patient eligible","Enrollment recommended","Trial match clinically validated"],"pricingUse":"Research operations premium pilot module with external governance tailoring."},{"slug":"public-sector-sovereign-retention","name":"Public Sector Sovereign Retention Pack","status":"external-review-required","buyerSegment":"Government health programs, ministries of health, and public-sector agencies","customerArchetype":"Public-sector buyer requiring regional retention, sovereignty, and audit evidence planning.","scope":"Sovereign deployment readiness, retention controls, incident export, and jurisdiction-specific approval gates.","workspaceFit":["security-scan","data-transformation-job","pre-visit-chart-review"],"customerInputsRequired":["Jurisdiction","Data residency requirement","Public-sector sponsor","Procurement route","Incident commander","Regional counsel"],"retentionPolicyTemplate":{"defaultDuration":"Customer-defined by jurisdiction and procurement requirements","retentionTrigger":"Workspace activation, work-order release, security evidence update, or incident export.","deletionGate":"Government sponsor approval plus regional counsel/security review.","approvalOwner":"Customer-designated public-sector governance owner"},"legalReviewWorkflow":{"steps":["Map jurisdiction, data residency, and sovereignty expectations.","Confirm synthetic-only pilot boundary until approved deployment profile exists.","Approve incident owner and evidence release path.","Record retention and legal-hold decisions in the governance ledger."],"requiredApprovals":["Public-sector sponsor","Regional counsel","Security owner"],"externalGates":["Sovereign-cloud architecture review","Procurement/legal approval","Regional privacy review"]},"incidentExportWorkflow":{"trigger":"Sovereignty concern, evidence-release request, security review finding, or jurisdictional escalation.","severityModel":["low","moderate","high","critical"],"exportPacket":["Incident ledger entry","Sovereign readiness controls","Workspace/work-order snapshot","Jurisdictional gates","Production exclusions"],"releaseGate":"AAL2 request plus named public-sector incident owner"},"evidenceArtifacts":["Sovereign readiness register","Retention ledger entry","Legal-hold ledger entry","Incident export packet"],"automationBoundaries":["No cross-border live data movement","No production connector execution","No public health reporting","No patient-level intervention"],"blockedClaims":["Sovereign compliant","Government approved","Production authorized"],"pricingUse":"Strategic platform partnership and public-sector protected pilot requirement."},{"slug":"enterprise-baa-dpa-readiness","name":"Enterprise BAA/DPA Readiness Pack","status":"customer-tailoring-required","buyerSegment":"Large providers, payers, employers, and enterprise healthcare operators","customerArchetype":"Enterprise buyer preparing contract, privacy, security, and production-readiness diligence.","scope":"Contract-readiness controls for BAA/DPA path, retention schedule, legal review, incident export, and human-review operating model.","workspaceFit":["security-scan","data-transformation-job","pre-visit-chart-review","post-visit-care-plan-drafting"],"customerInputsRequired":["Procurement owner","Privacy owner","Security owner","Legal owner","Workflow sponsor","Reviewer authority matrix"],"retentionPolicyTemplate":{"defaultDuration":"90 to 365 days until customer policy is approved","retentionTrigger":"Protected pilot activation, reviewer disposition, proof release, or incident export.","deletionGate":"Legal/privacy approval plus tenant-admin attestation.","approvalOwner":"Customer legal/privacy owner"},"legalReviewWorkflow":{"steps":["Confirm product boundary and no-PHI pilot posture.","Map BAA/DPA decision path before live data.","Approve claims register and proof-packet language.","Record retention/legal-hold actions in the governance ledger."],"requiredApprovals":["Legal owner","Privacy owner","Security owner","Workflow sponsor"],"externalGates":["BAA/DPA execution before PHI","Security review","Incident response runbook approval"]},"incidentExportWorkflow":{"trigger":"Diligence request, legal review question, privacy/security concern, or claims-boundary escalation.","severityModel":["low","moderate","high","critical"],"exportPacket":["Ledger entry","Claims and boundary controls","Work-order evidence","Reviewer status","Remaining external gates"],"releaseGate":"AAL2 governance request with customer owner mapped"},"evidenceArtifacts":["BAA/DPA readiness notes","Retention ledger entry","Legal-review packet","Incident export packet"],"automationBoundaries":["No PHI processing before written approval","No live connector execution","No autonomous clinical decision","No compliance certification claim"],"blockedClaims":["HIPAA certified","SOC 2 certified","BAA approved","Production ready"],"pricingUse":"Required for protected enterprise pilot conversion and annual operating license diligence."}],"governanceWorkflowPackBoundary":"SCRIMED governance workflow packs are customer-tailored synthetic pilot operating templates. They are not legal advice, privacy advice, security certification, HIPAA certification, SOC 2 certification, FDA clearance, payer approval, reimbursement assurance, breach determination, or production authorization.","governanceSmokeCiSecretContract":{"bearerTokenSecret":"SCRIMED_BEARER_TOKEN","optionalBaseUrlVariable":"SCRIMED_BASE_URL","optionalWorkspaceSlugVariable":"SCRIMED_WORKSPACE_SLUG","publicReadinessSmoke":"scripts/public-production-smoke.mjs","requiredSmokeFlag":"SCRIMED_REQUIRE_AUTHENTICATED_SMOKE=1"},"modelRouterDecisions":[{"workOrderType":"rcm-denial-appeal-generation","defaultProviderClass":"general-reasoning-model","fallbackProviderClass":"deny-or-human-review-queue","phiSensitivity":"synthetic-only","routingCriteria":["task type","workflow risk","evidence requirements","latency target","cost budget","context length","provider availability","PHI sensitivity"],"denialCondition":"metadata-only payer workflow; deny if live claim identifiers, member IDs, or PHI appear."},{"workOrderType":"clinical-trial-matching","defaultProviderClass":"general-reasoning-model","fallbackProviderClass":"deny-or-human-review-queue","phiSensitivity":"synthetic-only","routingCriteria":["task type","workflow risk","evidence requirements","latency target","cost budget","context length","provider availability","PHI sensitivity"],"denialCondition":"synthetic research workflow; deny patient outreach, enrollment claims, or treatment recommendation."},{"workOrderType":"pre-visit-chart-review","defaultProviderClass":"approved-healthcare-model-required","fallbackProviderClass":"deny-or-human-review-queue","phiSensitivity":"phi-blocked","routingCriteria":["task type","workflow risk","evidence requirements","latency target","cost budget","context length","provider availability","PHI sensitivity"],"denialCondition":"PHI-blocked until BAA, consent, FHIR profile validation, and clinician governance are approved."},{"workOrderType":"post-visit-care-plan-drafting","defaultProviderClass":"approved-healthcare-model-required","fallbackProviderClass":"deny-or-human-review-queue","phiSensitivity":"phi-blocked","routingCriteria":["task type","workflow risk","evidence requirements","latency target","cost budget","context length","provider availability","PHI sensitivity"],"denialCondition":"PHI-blocked and clinician-held; deny autonomous patient instruction or order entry."},{"workOrderType":"investor-outreach-tracking","defaultProviderClass":"general-reasoning-model","fallbackProviderClass":"deny-or-human-review-queue","phiSensitivity":"synthetic-only","routingCriteria":["task type","workflow risk","evidence requirements","latency target","cost budget","context length","provider availability","PHI sensitivity"],"denialCondition":"business-contact and non-confidential company context only; deny PHI, secrets, and unsupported claims."},{"workOrderType":"security-scan","defaultProviderClass":"general-reasoning-model","fallbackProviderClass":"deny-or-human-review-queue","phiSensitivity":"synthetic-only","routingCriteria":["task type","workflow risk","evidence requirements","latency target","cost budget","context length","provider availability","PHI sensitivity"],"denialCondition":"no secrets in prompts; deny credential handling and production access tokens."},{"workOrderType":"data-transformation-job","defaultProviderClass":"approved-healthcare-model-required","fallbackProviderClass":"deny-or-human-review-queue","phiSensitivity":"phi-blocked","routingCriteria":["task type","workflow risk","evidence requirements","latency target","cost budget","context length","provider availability","PHI sensitivity"],"denialCondition":"synthetic fixture transformation only; deny production data movement without connector and privacy approval."}],"auditTimeline":[{"event":"work-order-created","status":"v1-ready","actor":"Planner Agent","retainedEvidence":"work-order type, tenant workspace, objective, state, owner agent, denied actions"},{"event":"agent-route-selected","status":"v1-ready","actor":"Router Agent","retainedEvidence":"agent owner, tool scopes, memory scopes, model-router decision, fallback policy"},{"event":"trustqa-verification-held","status":"active-control","actor":"TrustQA","retainedEvidence":"Trust Card requirement, source attribution, confidence, uncertainty, safety boundary"},{"event":"human-review-requested","status":"active-control","actor":"Governance Agent","retainedEvidence":"checkpoint, reviewer role, disposition options, escalation state"},{"event":"proof-packet-exported","status":"active-control","actor":"Tenant reviewer","retainedEvidence":"synthetic-only proof packet, audit timeline, blocked actions, limitation-resolution register"}],"reviewerCheckpoints":[{"checkpoint":"Clinical review","requiredFor":"Any chart, care-plan, documentation, risk, education, or patient-facing draft.","reviewerRole":"Licensed clinician or approved delegated clinical reviewer","approvalEffect":"Allows synthetic proof packet release or customer-reviewed draft progression.","denialEffect":"Keeps the work order held and records evidence gap, unsafe claim, or review reason."},{"checkpoint":"Payer or RCM review","requiredFor":"Prior authorization, claims, denial appeal, coding, and reimbursement-adjacent work.","reviewerRole":"Qualified RCM, payer operations, or coding reviewer","approvalEffect":"Allows review-only packet progression without payer submission.","denialEffect":"Blocks submission-like actions and records missing policy or documentation evidence."},{"checkpoint":"Research review","requiredFor":"Trial matching, protocol screening, cohort review, and research operations.","reviewerRole":"Research operations reviewer, investigator delegate, or clinical research lead","approvalEffect":"Allows eligibility evidence packet release for research review.","denialEffect":"Blocks outreach, enrollment language, and unsupported eligibility claims."},{"checkpoint":"Security and privacy review","requiredFor":"Workspace persistence, data transformation, model routing, connector use, and protected data handling.","reviewerRole":"Security, privacy, legal, or compliance owner","approvalEffect":"Allows the next gated pilot step within approved data boundary.","denialEffect":"Blocks production data movement and records remediation tasks."},{"checkpoint":"Executive sponsor review","requiredFor":"Commercial, investor, partnership, or enterprise expansion decisions.","reviewerRole":"Founder, executive sponsor, or authorized business owner","approvalEffect":"Allows business-facing packet release with controlled claims.","denialEffect":"Blocks public or buyer-facing release until claims and scope are corrected."}],"apiContracts":[{"method":"GET","route":"/agent-workspace","status":"v1-ready","access":"Public product evidence surface","purpose":"Inspect Persistent Agent Workspace v1 work orders, state machine, limitations resolution, and proof routes."},{"method":"GET","route":"/api/agent-workspace","status":"v1-ready","access":"Public synthetic product API","purpose":"Return the typed workspace summary for investor, buyer, and internal product diligence."},{"method":"GET","route":"/api/agent-workspace/brief","status":"v1-ready","access":"Public synthetic product API","purpose":"Download the workspace architecture and limitation-resolution brief."},{"method":"GET","route":"/api/agent-workspace/proof-packet","status":"v1-ready","access":"Public synthetic product API","purpose":"Download a preview proof packet for a deterministic synthetic Persistent Agent Workspace."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/sessions","status":"active-control","access":"AAL2 bearer token + authorized tenant role + rate limit","purpose":"Persist synthetic evaluation sessions that can anchor workspace work-order evidence."},{"method":"GET / POST","route":"/api/pilot-workspaces/{workspaceSlug}/trustos-decisions","status":"active-control","access":"AAL2 bearer token + authorized tenant role + rate limit","purpose":"Commit TrustOS decisions and model-route governance evidence to the tenant ledger."},{"method":"GET / POST","route":"/api/agent-workspaces/{workspaceSlug}/work-orders","status":"active-control","access":"GET: bearer token + workspace membership. POST: AAL2 bearer token + authorized tenant role + rate limit.","purpose":"List, filter, summarize, and create persistent synthetic work orders through dedicated RLS-backed tables and RPC-only mutations."},{"method":"GET / PATCH","route":"/api/agent-workspaces/{workspaceSlug}/work-orders/{workOrderId}","status":"active-control","access":"GET: bearer token + workspace membership. PATCH: AAL2 bearer token + authorized tenant role + rate limit.","purpose":"Inspect a work order with its event trail or transition state for review, retry, assignment, proof readiness, blocking, or closure."},{"method":"GET","route":"/api/agent-workspaces/{workspaceSlug}/work-orders/{workOrderId}/proof-packet","status":"active-control","access":"AAL2 bearer token + authorized tenant role + rate limit + append-only audit event before release.","purpose":"Download an audited Markdown proof packet for one persistent synthetic work order with Trust Card, event trail, reviewer checkpoints, blocked actions, and safety boundaries."},{"method":"GET / POST","route":"/api/agent-workspaces/{workspaceSlug}/governance-ledger","status":"active-control","access":"GET: bearer token + workspace membership. POST: AAL2 bearer token + tenant-admin or pilot-lead role + rate limit.","purpose":"List and record append-only retention, legal-hold, legal-release, and incident-export governance evidence for a protected pilot workspace."},{"method":"POST","route":"/api/agent-workspaces/{workspaceSlug}/governance-ledger/incident-export","status":"active-control","access":"AAL2 bearer token + tenant-admin or pilot-lead role + rate limit + ledger write before Markdown release.","purpose":"Download a server-audited incident export packet only after the governance-ledger incident-export event is committed."},{"method":"GET","route":"/api/agent-workspace/governance-packs","status":"active-control","access":"Public synthetic product API","purpose":"Return customer-tailorable governance workflow packs for retention, legal review, legal hold, incident export, evidence artifacts, and blocked claims."},{"method":"GET","route":"/api/agent-workspace/governance-packs/brief","status":"active-control","access":"Public synthetic product API","purpose":"Download a Markdown brief describing the governance workflow packs and authenticated smoke CI secret contract."}],"limitationResolutionRegister":[{"limitation":"Live PHI ingestion is not enabled.","impact":"SCRIMED cannot yet process real patient records inside production workflows.","resolutionStatus":"quality-process-replacement","replacementProcess":"Use synthetic fixtures, no-PHI buyer intake, protected pilot sessions, TrustOS decisions, and metadata-only evidence packets.","proofRoute":"/pilot-evidence","remainingGate":"BAA/DPA, privacy notice, consent, retention, security review, and customer authorization."},{"limitation":"Autonomous clinical decisions remain prohibited.","impact":"SCRIMED cannot diagnose, treat, instruct patients, or replace clinician judgment.","resolutionStatus":"active-control","replacementProcess":"Every clinical-adjacent work order is held behind TrustQA, Clinical Guardian, reviewer checkpoints, blocked actions, and proof packet boundaries.","proofRoute":"/trust-os","remainingGate":"Licensed clinician validation and regulatory intended-use review before clinical decision-support claims."},{"limitation":"Clinical correctness and safety scores are not externally validated.","impact":"Validation fields cannot be marketed as clinical-performance claims.","resolutionStatus":"external-approval-required","replacementProcess":"Expose completeness, source attribution, evidence trail, confidence, reviewer status, and audit fields while marking clinical scoring as clinician-validation required.","proofRoute":"/healthcare-intelligence-os","remainingGate":"Clinician rubric, validation study, data-quality review, and governance sign-off."},{"limitation":"Dedicated long-running work-order persistence requires per-environment migration verification.","impact":"Work-order creation and resume must fail closed until each deployment has the dedicated RLS tables, RPCs, and grants applied.","resolutionStatus":"active-control","replacementProcess":"Use dedicated agent workspace work-order tables, append-only work-order events, explicit authenticated grants, and RPC-only mutations with route-level AAL2 and rate-limit checks.","proofRoute":"/api/agent-workspaces/{workspaceSlug}/work-orders","remainingGate":"Apply migration, verify RLS with an authenticated tenant, run database advisors, and approve customer-specific retention/legal-hold policy."},{"limitation":"Production model routing across vendors is not active.","impact":"SCRIMED should not route PHI or regulated tasks to unapproved providers.","resolutionStatus":"quality-process-replacement","replacementProcess":"Attach provider-class, fallback, PHI sensitivity, denial conditions, and human escalation to every work-order template.","proofRoute":"/agent-workspace","remainingGate":"Vendor contracts, BAA/DPA path, regional rules, telemetry, cost limits, and rollback tests."},{"limitation":"Live EHR, payer, imaging, and device connectors remain blocked.","impact":"SCRIMED cannot mutate production records, submit payer transactions, or ingest live images/devices.","resolutionStatus":"active-control","replacementProcess":"Use interoperability standards registry, synthetic conformance kits, fixture validation, and connector-readiness gates.","proofRoute":"/interoperability/evaluations","remainingGate":"Customer connector approval, security review, consent, audit, monitoring, and partner acceptance."},{"limitation":"Sovereign deployment is not implemented.","impact":"Some hospitals, governments, and regions may require private, on-prem, or sovereign deployments before live data.","resolutionStatus":"external-approval-required","replacementProcess":"Define managed cloud, private cloud, hospital-controlled, government/sovereign, and edge/on-prem profiles with required controls.","proofRoute":"/healthcare-intelligence-os","remainingGate":"Customer architecture review, regional compliance mapping, private networking, and local audit design."},{"limitation":"Legal, HIPAA, SOC 2, regulatory, and reimbursement claims require external review.","impact":"SCRIMED cannot truthfully claim certification, clearance, compliance, reimbursement, or production readiness without evidence.","resolutionStatus":"external-approval-required","replacementProcess":"Keep claims register, Trust Center, diligence brief, prohibited-claims controls, and buyer-facing boundary language active.","proofRoute":"/trust-center","remainingGate":"Qualified counsel, security assessor, privacy owner, regulatory reviewer, and payer/reimbursement expert review."}],"resolvedPosition":"No known limitation is left vague: each is either controlled by an active boundary, replaced with a safer synthetic quality process, or marked as an external approval gate that cannot be honestly resolved in code alone.","nextImplementationStep":"Promote selected governance pack slugs from routed buyer intake into protected workspace activation metadata, then make authenticated governance-ledger smoke required once the approved AAL2 tenant secret is stored in GitHub Actions.","updated":"2026-06-15"}