# SCRIMED Buyer Release Control Runbook

Status: buyer-release-control-runbook-ready
Execution decision: runbook-ready-protected-aal2-required
Share decision: internal-only-until-release-chain-retained
Protected verifier route: /api/pilot-workspaces/{workspaceSlug}/buyer-release-control-run
Protected verifier packet route: /api/pilot-workspaces/{workspaceSlug}/buyer-release-control-run/packet
Protected verifier timeline route: /api/pilot-workspaces/{workspaceSlug}/buyer-release-control-run/timeline
Operator run script: scripts/buyer-proof-release-operator-run.mjs
Operator run command: SCRIMED_REQUIRE_BUYER_PROOF_OPERATOR_RUN=1 SCRIMED_WORKSPACE_SLUG={workspaceSlug} SCRIMED_BEARER_TOKEN=<fresh-aal2-jwt> npm run smoke:buyer-proof-operator-run
Operator run status: aal2-buyer-proof-release-operator-run-script-token-boundary

## Boundary
SCRIMED Buyer Release Control Runbook is a public, metadata-only operator sequence for a future protected AAL2 buyer-specific release-control run. It does not execute protected writes, mint or store tokens, store recipient lists, store signed approvals, process PHI, approve public distribution, certify legal/privacy/security posture, authorize live clinical care, guarantee reimbursement, approve production connectors, or replace qualified human review.

This runbook is not release approval. It is a no-secret operator sequence for a future protected AAL2 run.

## Required Approval Domains
- finance-methodology-policy
- qualified-counsel-release-review
- executive-release-review
- privacy-security-review
- clinical-governance-boundary-review
- marketing-claims-review
- buyer-permission-review

## Required Reviewer Roles
- finance-reviewer
- qualified-counsel
- executive-sponsor
- privacy-security-owner
- clinical-governance-owner
- marketing-claims-owner
- buyer-permission-owner

## Required Release Authority Domains
- qualified-counsel
- customer-permission-owner
- executive-sponsor
- privacy-security-owner
- finance-owner
- clinical-governance-owner
- marketing-claims-owner

## Operator Sequence
1. Open /pilot-workspace/access with a fresh human AAL2 tenant-admin session.
2. Confirm the workspace is synthetic and the intended audience is buyer-diligence-room.
3. Record external approval evidence references for every required domain; keep real approvals outside SCRIMED.
4. Record a disabled versioned release decision for the exact bounded claim text.
5. Record metadata-only named reviewer signoffs for every required reviewer role.
6. Record a disabled distribution lockbox that references external controlled-room artifacts.
7. Record release-authority attestations for every required authority domain.
8. Record recipient segment controls and access-window metadata without recipient identifiers.
9. Reconcile external access logs using metadata counts and anomaly state only.
10. Refresh the Buyer Pilot Room and export the packet only after the protected chain shows retained packet/audit evidence.
11. Keep external sharing blocked unless qualified humans explicitly approve the full chain in external systems of record.

## 1. Reference externally retained approval evidence
- Step ID: external-approval-evidence
- State: external-artifact-required
- Protected route: /api/pilot-workspaces/{workspaceSlug}/external-approval-evidence
- Packet route: /api/pilot-workspaces/{workspaceSlug}/external-approval-evidence/packet
- Prerequisite: Qualified external systems retain the actual approvals; SCRIMED stores metadata references only.
- Operator action: Record one metadata reference per required approval domain after confirming the artifact is retained outside SCRIMED.
- Expected audit signal: append-only approval-reference packet audit event
- Expected packet type: external-approval-evidence-packet
- Boundary: A reference proves an external artifact exists for review; it is not the approval artifact itself.

Safe payload template:
```json
{
  "domainId": "<required-external-approval-domain>",
  "externalReferenceLabel": "external retained approval reference",
  "externalSystem": "external-system-of-record",
  "referenceLocator": "external-reference:metadata-only",
  "referenceOwner": "<qualified-owner-role>",
  "evidenceRetainedExternally": true,
  "attestation": "external-approval-evidence-reference-no-phi",
  "dataBoundary": "synthetic-business-workflow-only",
  "reviewNote": "metadata-only approval reference no phi"
}
```

Hard stops:
- Fresh human AAL2 tenant-admin session is unavailable.
- Any payload includes PHI, patient identifiers, payer member identifiers, clinical records, raw recipient lists, raw access logs, credentials, tokens, signed approvals, legal opinions, security reports, reimbursement determinations, or production connector data.
- The operator attempts to treat metadata references as legal, privacy, security, clinical, reimbursement, customer, public-release, or production authority.
- The external system of record cannot retain the real approval, reviewer, lockbox, recipient, or access-log artifact.
- The protected workspace rejects the request or does not emit an audited packet reference.

## 2. Record versioned release decision candidate
- Step ID: release-decision
- State: protected-aal2-required
- Protected route: /api/pilot-workspaces/{workspaceSlug}/release-decisions
- Packet route: /api/pilot-workspaces/{workspaceSlug}/release-decisions/packet
- Prerequisite: External approval evidence references are complete for the intended audience.
- Operator action: Record the exact claim text, claim category, distribution audience, and disabled release posture.
- Expected audit signal: versioned release-decision audit event
- Expected packet type: release-decision-packet
- Boundary: A versioned decision candidate keeps language controlled; it is not public-release approval.

Safe payload template:
```json
{
  "audience": "buyer-diligence",
  "claimCategory": "governance",
  "claimVersion": "claims-v1.0.0",
  "claimText": "SCRIMED provides governed synthetic pilot evidence for healthcare workflow intelligence review.",
  "distributionChannel": "buyer-data-room",
  "externalApprovalEvidenceRetained": true,
  "releaseDisabled": true,
  "attestation": "protected-release-decision-no-phi-no-public-approval",
  "dataBoundary": "synthetic-business-workflow-only",
  "reviewNote": "no-phi release decision readiness review"
}
```

Hard stops:
- Fresh human AAL2 tenant-admin session is unavailable.
- Any payload includes PHI, patient identifiers, payer member identifiers, clinical records, raw recipient lists, raw access logs, credentials, tokens, signed approvals, legal opinions, security reports, reimbursement determinations, or production connector data.
- The operator attempts to treat metadata references as legal, privacy, security, clinical, reimbursement, customer, public-release, or production authority.
- The external system of record cannot retain the real approval, reviewer, lockbox, recipient, or access-log artifact.
- The protected workspace rejects the request or does not emit an audited packet reference.

## 3. Capture named reviewer signoff metadata
- Step ID: named-reviewer-signoffs
- State: protected-aal2-required
- Protected route: /api/pilot-workspaces/{workspaceSlug}/reviewer-signoffs
- Packet route: /api/pilot-workspaces/{workspaceSlug}/reviewer-signoffs/packet
- Prerequisite: A release decision candidate exists and remains disabled.
- Operator action: Record metadata-only reviewer signoff references for every required reviewer role.
- Expected audit signal: reviewer-signoff packet audit event
- Expected packet type: reviewer-signoff-packet
- Boundary: SCRIMED stores reviewer metadata and packet audit evidence, not raw signed approvals or legal opinions.

Safe payload template:
```json
{
  "releaseDecisionRecordIds": [
    "<ready-release-decision-record-id>"
  ],
  "reviewerRole": "<required-reviewer-role>",
  "reviewerLabel": "qualified reviewer label",
  "reviewerReferenceLocator": "external-review:metadata-only",
  "externalSignoffRetained": true,
  "releaseDisabled": true,
  "attestation": "protected-named-reviewer-signoff-no-phi-no-public-approval",
  "dataBoundary": "synthetic-business-workflow-only",
  "reviewNote": "metadata-only reviewer signoff no phi"
}
```

Hard stops:
- Fresh human AAL2 tenant-admin session is unavailable.
- Any payload includes PHI, patient identifiers, payer member identifiers, clinical records, raw recipient lists, raw access logs, credentials, tokens, signed approvals, legal opinions, security reports, reimbursement determinations, or production connector data.
- The operator attempts to treat metadata references as legal, privacy, security, clinical, reimbursement, customer, public-release, or production authority.
- The external system of record cannot retain the real approval, reviewer, lockbox, recipient, or access-log artifact.
- The protected workspace rejects the request or does not emit an audited packet reference.

## 4. Record disabled distribution lockbox
- Step ID: distribution-lockbox
- State: metadata-only-ready
- Protected route: /api/pilot-workspaces/{workspaceSlug}/distribution-lockbox
- Packet route: /api/pilot-workspaces/{workspaceSlug}/distribution-lockbox/packet
- Prerequisite: Named reviewer metadata is complete for the intended release audience.
- Operator action: Create a disabled lockbox manifest that points to external controlled-room artifacts without distributing them.
- Expected audit signal: disabled lockbox packet audit event
- Expected packet type: distribution-lockbox-packet
- Boundary: The lockbox records distribution controls and disabled state; it does not send files or grant access.

Safe payload template:
```json
{
  "releaseDecisionRecordIds": [
    "<ready-release-decision-record-id>"
  ],
  "reviewerSignoffRecordIds": [
    "<ready-reviewer-signoff-record-id>"
  ],
  "distributionAudience": "buyer-diligence-room",
  "channelControl": "counsel-reviewed-room",
  "manifestVersion": "distribution-v1.0.0",
  "manifestTitle": "SCRIMED controlled buyer diligence packet",
  "artifactLocator": "external-lockbox:controlled-manifest",
  "customerPermissionReference": "external-permission:metadata-only",
  "counselReviewReference": "external-counsel-review:metadata-only",
  "distributionDisabled": true,
  "attestation": "protected-distribution-lockbox-no-phi-no-distribution",
  "dataBoundary": "synthetic-business-workflow-only",
  "reviewNote": "metadata-only distribution lockbox no phi"
}
```

Hard stops:
- Fresh human AAL2 tenant-admin session is unavailable.
- Any payload includes PHI, patient identifiers, payer member identifiers, clinical records, raw recipient lists, raw access logs, credentials, tokens, signed approvals, legal opinions, security reports, reimbursement determinations, or production connector data.
- The operator attempts to treat metadata references as legal, privacy, security, clinical, reimbursement, customer, public-release, or production authority.
- The external system of record cannot retain the real approval, reviewer, lockbox, recipient, or access-log artifact.
- The protected workspace rejects the request or does not emit an audited packet reference.

## 5. Record release-authority attestations
- Step ID: release-authority-attestations
- State: protected-aal2-required
- Protected route: /api/pilot-workspaces/{workspaceSlug}/release-authority-attestations
- Packet route: /api/pilot-workspaces/{workspaceSlug}/release-authority-attestations/packet
- Prerequisite: A disabled distribution lockbox exists and every external authority remains retained.
- Operator action: Record metadata-only authority attestations for each required release authority domain.
- Expected audit signal: release-authority packet audit event
- Expected packet type: release-authority-attestation-packet
- Boundary: Authority attestations describe retained external authority metadata; they do not make SCRIMED the authority.

Safe payload template:
```json
{
  "distributionLockboxRecordIds": [
    "<ready-distribution-lockbox-record-id>"
  ],
  "authorityDomain": "<required-release-authority-domain>",
  "distributionAudience": "buyer-diligence-room",
  "authorityReferenceLabel": "external release authority reference",
  "authorityReferenceLocator": "external-authority:metadata-only",
  "externalAuthorityRetained": true,
  "releaseDisabled": true,
  "attestation": "protected-release-authority-attestation-no-phi-no-release-approval",
  "dataBoundary": "synthetic-business-workflow-only",
  "reviewNote": "metadata-only release authority no phi"
}
```

Hard stops:
- Fresh human AAL2 tenant-admin session is unavailable.
- Any payload includes PHI, patient identifiers, payer member identifiers, clinical records, raw recipient lists, raw access logs, credentials, tokens, signed approvals, legal opinions, security reports, reimbursement determinations, or production connector data.
- The operator attempts to treat metadata references as legal, privacy, security, clinical, reimbursement, customer, public-release, or production authority.
- The external system of record cannot retain the real approval, reviewer, lockbox, recipient, or access-log artifact.
- The protected workspace rejects the request or does not emit an audited packet reference.

## 6. Record evidence-room recipient controls
- Step ID: recipient-attestations
- State: protected-aal2-required
- Protected route: /api/pilot-workspaces/{workspaceSlug}/evidence-room-recipient-attestations
- Packet route: /api/pilot-workspaces/{workspaceSlug}/evidence-room-recipient-attestations/packet
- Prerequisite: Release-authority metadata is complete and release remains disabled.
- Operator action: Record intended recipient segment, access window, revocation posture, and packet reference without storing recipient identifiers.
- Expected audit signal: recipient-control packet audit event
- Expected packet type: recipient-attestation-packet
- Boundary: Recipient controls are segment metadata only; SCRIMED does not store emails, recipient rosters, or access credentials.

Safe payload template:
```json
{
  "releaseAuthorityAttestationRecordIds": [
    "<ready-release-authority-attestation-record-id>"
  ],
  "distributionAudience": "buyer-diligence-room",
  "recipientSegment": "named-buyer-reviewers",
  "recipientScopeLabel": "named buyer diligence reviewer group",
  "evidenceRoomReferenceLabel": "external evidence room recipient control",
  "evidenceRoomReferenceLocator": "evidence-room:recipient-control",
  "packetReferenceLabel": "controlled recipient proof packet",
  "packetReferenceLocator": "evidence-room:packet-reference",
  "accessWindowStart": "<iso-8601-date>",
  "accessWindowEnd": "<iso-8601-date>",
  "revocationState": "access-not-issued",
  "revocationTrigger": "revoke and re-review evidence room access if scope changes",
  "externalRecipientAuthorityRetained": true,
  "exportDisabled": true,
  "attestation": "protected-evidence-room-recipient-attestation-no-phi",
  "dataBoundary": "synthetic-business-workflow-only",
  "reviewNote": "metadata-only recipient attestation no phi"
}
```

Hard stops:
- Fresh human AAL2 tenant-admin session is unavailable.
- Any payload includes PHI, patient identifiers, payer member identifiers, clinical records, raw recipient lists, raw access logs, credentials, tokens, signed approvals, legal opinions, security reports, reimbursement determinations, or production connector data.
- The operator attempts to treat metadata references as legal, privacy, security, clinical, reimbursement, customer, public-release, or production authority.
- The external system of record cannot retain the real approval, reviewer, lockbox, recipient, or access-log artifact.
- The protected workspace rejects the request or does not emit an audited packet reference.

## 7. Reconcile external evidence-room access logs
- Step ID: access-log-reconciliation
- State: protected-aal2-required
- Protected route: /api/pilot-workspaces/{workspaceSlug}/evidence-room-access-log-reconciliation
- Packet route: /api/pilot-workspaces/{workspaceSlug}/evidence-room-access-log-reconciliation/packet
- Prerequisite: Recipient attestations exist and the external evidence room retains access logs.
- Operator action: Record metadata-only access-log reconciliation, anomaly posture, and revocation state without copying raw logs.
- Expected audit signal: access-log reconciliation packet audit event
- Expected packet type: access-log-reconciliation-packet
- Boundary: SCRIMED records reconciliation metadata only; raw logs, device identifiers, IP addresses, and recipient identifiers stay out of SCRIMED.

Safe payload template:
```json
{
  "recipientAttestationRecordIds": [
    "<ready-recipient-attestation-record-id>"
  ],
  "distributionAudience": "buyer-diligence-room",
  "reconciliationScope": "pre-release-access-log-review",
  "externalLogSystemLabel": "external evidence room access ledger",
  "accessLogReferenceLabel": "metadata access log reconciliation",
  "accessLogReferenceLocator": "evidence-room:access-log-ledger",
  "reconciliationWindowStart": "<iso-8601-date>",
  "reconciliationWindowEnd": "<iso-8601-date>",
  "observedAccessEventCount": 0,
  "expectedRecipientSegmentCount": 1,
  "anomalyState": "none-observed",
  "revocationExerciseState": "not-issued",
  "anomalyEscalationPath": "escalate to governance owner and keep export disabled",
  "externalLogAuthorityRetained": true,
  "exportDisabled": true,
  "attestation": "protected-evidence-room-access-log-reconciliation-no-phi",
  "dataBoundary": "synthetic-business-workflow-only",
  "reviewNote": "metadata-only access log reconciliation no phi"
}
```

Hard stops:
- Fresh human AAL2 tenant-admin session is unavailable.
- Any payload includes PHI, patient identifiers, payer member identifiers, clinical records, raw recipient lists, raw access logs, credentials, tokens, signed approvals, legal opinions, security reports, reimbursement determinations, or production connector data.
- The operator attempts to treat metadata references as legal, privacy, security, clinical, reimbursement, customer, public-release, or production authority.
- The external system of record cannot retain the real approval, reviewer, lockbox, recipient, or access-log artifact.
- The protected workspace rejects the request or does not emit an audited packet reference.

## 8. Refresh Buyer Diligence packet after controls are retained
- Step ID: buyer-diligence-export-refresh
- State: hard-stop
- Protected route: /api/pilot-workspaces/{workspaceSlug}/buyer-room
- Packet route: /api/pilot-workspaces/{workspaceSlug}/buyer-room/packet
- Prerequisite: Every prior release-control packet is visible, externally retained artifacts are confirmed, and qualified humans approve continued internal diligence use.
- Operator action: Refresh the protected Buyer Pilot Room and export the Buyer Diligence packet only for internal controlled diligence unless external share readiness is complete.
- Expected audit signal: buyer-room packet-download audit event
- Expected packet type: buyer-diligence-export-packet
- Boundary: A refreshed packet can support controlled diligence only; external sharing remains blocked until qualified release-chain evidence is retained.

Safe payload template:
```json
{
  "action": "download-buyer-diligence-packet",
  "workspaceSlug": "{workspaceSlug}",
  "shareScope": "internal-protected-diligence-only",
  "requiredState": "release-control-chain-retained",
  "dataBoundary": "synthetic-business-workflow-only"
}
```

Hard stops:
- Fresh human AAL2 tenant-admin session is unavailable.
- Any payload includes PHI, patient identifiers, payer member identifiers, clinical records, raw recipient lists, raw access logs, credentials, tokens, signed approvals, legal opinions, security reports, reimbursement determinations, or production connector data.
- The operator attempts to treat metadata references as legal, privacy, security, clinical, reimbursement, customer, public-release, or production authority.
- The external system of record cannot retain the real approval, reviewer, lockbox, recipient, or access-log artifact.
- The protected workspace rejects the request or does not emit an audited packet reference.
- Any stakeholder asks to send the packet externally before recipient and access-log controls are reconciled.
- Any claim expands beyond retained synthetic QA, governance posture, buyer diligence readiness, or explicit limitations.

## Workarounds
- If a bearer token is not available in the current Codex session, use the runbook and browser-protected workspace instead of copying tokens into scripts.
- If GitHub Actions cannot safely receive a short-lived secret, execute the protected browser workflow and retain only no-secret packet IDs, hashes, timestamps, and audit-event IDs.
- If an approval artifact is confidential, store only a metadata reference label, external system label, owner, and validation timestamp in SCRIMED.
- If a buyer asks for external sharing before controls are retained, provide a controlled live review of the protected workspace and keep export distribution disabled.
- If a public or investor claim depends on legal, privacy, security, clinical, finance, marketing, customer, or release authority, route it through the release-control chain before use.

## Blocked Claims
- SCRIMED is authorized for live clinical care.
- SCRIMED can process production PHI.
- SCRIMED is HIPAA certified, SOC certified, FDA cleared, security certified, or regionally approved.
- SCRIMED guarantees reimbursement or payer acceptance.
- SCRIMED has production connector approval.
- SCRIMED can autonomously diagnose, treat, submit payer transactions, or contact patients.
- A buyer diligence packet is approved for public distribution.
- A metadata reference is equivalent to a signed approval, legal opinion, security report, or customer permission.

## Next Recommended Action
Run the protected buyer-release chain in /pilot-workspace/access#buyer-release-control-verifier with a fresh AAL2 human session, review the release-readiness timeline, retain the audited chain packet, then refresh the Buyer Diligence Export while keeping external distribution disabled until qualified release authority is complete.