# SCRIMED QA Evidence Ledger Brief

Status: qa-evidence-ledger-active
Boundary: SCRIMED QA Evidence Ledger records synthetic-only release, smoke, token-policy, fail-closed, and operator-gate evidence. It is not a clinical validation report, security certification, legal opinion, SOC report, HIPAA attestation, or authorization for live healthcare execution.
Buyer-safe summary: SCRIMED verifies release health, protected-route containment, token-policy readiness, and no-secret evidence capture today; remaining authenticated QA evidence requires deliberate short-lived AAL2 operator runs against synthetic targets.

## Current Deployment Evidence
- Environment: production
- Commit SHA: 7bf596c25bed03d6148923e4ab939a2abbfb2fff
- Commit ref: main
- Deployment URL: https://scrimed-site-2jx6xfd2i-temitayo-dahunsis-projects.vercel.app

## Evidence Entries
- Public production smoke (passed, 2026-06-18): Production smoke verified public HTML, product console proof-stack posture, readiness APIs, and protected-route fail-closed behavior on app.scrimedsolutions.com. Artifact: scripts/public-production-smoke.mjs. Limitation: Does not authenticate or mutate tenant-admin records.. Workaround: Protected routes must return a fail-closed response without credentials; authenticated mutation evidence is isolated behind AAL2 operator-token QA..
- Local production build and smoke (passed, 2026-06-18): TypeScript, ESLint, generated integrity, production build, and local production smoke passed using the bundled Node runtime when the managed shell omitted node/npm from PATH. Artifact: next build --webpack plus local production smoke. Limitation: The local Codex shell may not expose npm or node on PATH consistently.. Workaround: Use the bundled Node absolute path for local verification; GitHub Actions and Vercel continue to run standard Node 22 commands..
- Sales demo session token policy (passed, 2026-06-18): Short-lived AAL2 JWT preflight, no-secret safe skip, policy self-test, explicit intake targeting, and manual-only GitHub workflow are implemented. Artifact: scripts/sales-demo-session-qa-token-preflight.mjs. Limitation: Static preflight decodes claims but does not verify JWT signature; protected SCRIMED APIs and Supabase Auth remain the verification authority.. Workaround: Preflight blocks weak token shape before network access; authenticated route verification still happens inside the protected API..
- First authenticated Sales Demo Session QA CI run (manual-gate, 2026-06-18): The runnable workflow, token preflight, smoke harness, and protected API path are present; the first live authenticated CI run still requires a fresh AAL2 operator session and explicit buyer-opportunity target. Artifact: .github/workflows/sales-demo-session-qa-smoke.yml. Limitation: No long-lived bearer token should be stored in repo, docs, runtime config, or unattended CI.. Workaround: Keep the workflow manual, store the token only as a temporary masked GitHub Actions secret, run against one explicit intake ID, then delete or rotate the secret immediately after evidence capture..
- Authenticated Authority Reference QA run (manual-gate, 2026-06-21): The protected authority-reference QA script, renewal queue, packet audit path, and manual workflow wrapper are present; the first authenticated run still requires a fresh short-lived AAL2 tenant token. Artifact: .github/workflows/authority-reference-qa-smoke.yml. Limitation: No long-lived bearer token should be stored in source, runtime config, docs, or unattended CI.. Workaround: Run the manual workflow with a temporary masked GitHub Actions secret, capture only the workflow run ID, created authority reference ID, packet audit event ID, and packet hash, then delete or rotate the secret..
- Manual AAL2 QA evidence activation plan (workaround-active, 2026-06-21): A no-secret activation plan now gives operators workflow-specific target inputs, token preflight paths, safe evidence fields, prohibited content, persistence route, Buyer Diligence impact, and retained boundaries before any AAL2 run. Artifact: /api/qa-evidence/activation-plan. Limitation: The activation plan coordinates the human run; it does not mint tokens, execute passkey ceremonies, or create authenticated proof by itself.. Workaround: Use the plan as the mandatory bridge between manual GitHub workflow execution, secret disposal, protected Manual QA Evidence persistence, and Buyer Diligence export..
- Manual AAL2 QA run control (workaround-active, 2026-06-21): A no-secret run-control layer gives operators workflow-specific dispatch inputs, preflight command templates, smoke command templates, safe evidence payloads, abort conditions, and buyer-proof promotion rules before any human AAL2 token is used. Artifact: /api/qa-evidence/run-control. Limitation: Run Control prepares the first authenticated synthetic QA run; it still does not execute passkey ceremonies, mint tokens, store credentials, or claim retained authenticated evidence.. Workaround: Use Run Control as the mandatory mission brief before the human workflow dispatch, then persist only safe packet metadata after token disposal..
- Manual AAL2 QA launch kit (workaround-active, 2026-06-22): A no-secret Launch Kit now packages the approved human AAL2 handoff with workflow dispatch inputs, command templates, safe-copy fields, secret-disposal checks, packet persistence steps, and Proof Promotion checks before any buyer proof claim. Artifact: /api/qa-evidence/launch-kit. Limitation: The Launch Kit does not execute passkey ceremonies, mint tokens, store credentials, run the workflow, persist packet hashes, or authorize clinical, PHI, reimbursement, security-certification, connector, or production claims.. Workaround: Use the Launch Kit as the final operator handoff before the human run so the only remaining gate is the out-of-band short-lived AAL2 workflow execution and protected packet persistence..
- Manual AAL2 QA human run packet (workaround-active, 2026-06-22): A no-secret Human Run Packet now converts Launch Kit readiness into a bounded dispatch artifact with operator role, synthetic target, AAL2/no-code-bypass attestation, proof-blocked attestation, post-run route chain, controls, hard stops, and blocked claims. Artifact: /api/qa-evidence/human-run-packet. Limitation: The Human Run Packet still does not execute passkey ceremonies, mint tokens, run workflows, persist packet hashes, authorize production data, or claim retained authenticated proof.. Workaround: Use the packet to make the first human AAL2 run deterministic and auditable while protected Manual QA Evidence remains the only source of retained proof..
- Manual AAL2 QA execution console (workaround-active, 2026-06-22): A protected Manual QA Execution Console now unifies human AAL2 run readiness, manual workflow dispatch, no-secret metadata capture, retained packet visibility, audit signals, and Buyer Proof Release readiness in one operator lane. Artifact: /api/qa-evidence/manual-execution-console. Limitation: The console coordinates execution but does not mint tokens, execute passkey ceremonies, run authenticated CI unattended, store secrets, process PHI, create retained packets by itself, or authorize production healthcare activity.. Workaround: Use the public route for the no-secret runbook and the protected workspace panel to read retained packet and audit visibility before any Buyer Diligence proof language is released..
- Protected AAL2 synthetic QA run evidence package (workaround-active, 2026-06-22): A dated buyer-safe evidence package now maps the first protected AAL2 synthetic QA run to required categories, retained packet visibility, audit signals, boundary checks, remaining blockers, and a go/no-go release recommendation. Artifact: /api/qa-evidence/aal2-run-evidence. Limitation: The package truthfully records current evidence posture; it does not itself execute the human AAL2 workflow, create retained packet hashes, or approve buyer proof release.. Workaround: Use the package as the formal NO-GO/GO evidence summary around the protected Manual QA Execution Console and Buyer Proof Release gate..
- Manual AAL2 QA completion bridge (workaround-active, 2026-06-22): A no-secret Completion Bridge now validates candidate post-run QA metadata, generates a packet preview hash, and keeps buyer proof blocked until protected packet persistence and Proof Promotion succeed. Artifact: /api/qa-evidence/completion-bridge. Limitation: The bridge does not execute the human AAL2 run, store evidence, store tokens, create protected packet hashes, or authorize clinical, PHI, reimbursement, security-certification, connector, or production claims.. Workaround: Use the bridge immediately after the human Launch Kit workflow to reject unsafe candidate metadata before submitting the same no-secret payload through protected Manual QA Evidence persistence..
- Manual AAL2 QA claim guard (workaround-active, 2026-06-22): A no-secret Claim Guard now classifies buyer, investor, sales, PR, and operator language into current-safe, retained-packet-required, blocked-authority, or qualified-review states so claims do not outrun evidence. Artifact: /api/qa-evidence/claim-guard. Limitation: The Claim Guard provides current-state guidance only; it does not replace counsel, certify security or compliance, create retained QA proof, authorize PHI processing, authorize live clinical care, guarantee reimbursement, or approve production connectors.. Workaround: Use Claim Guard before Buyer Diligence, public materials, investor updates, sales language, PR, advertising, and operator summaries while protected packet proof and qualified approvals are pending..
- Manual AAL2 QA activation seal (workaround-active, 2026-06-22): A no-secret Activation Seal now distinguishes public candidate completeness from protected packet visibility and blocks packet-backed buyer proof language until retained QA evidence is visible. Artifact: /api/qa-evidence/activation-seal. Limitation: The Activation Seal does not execute AAL2 workflows, create protected packet hashes, store tokens, store PHI, certify security or compliance, authorize live clinical care, guarantee reimbursement, approve production connectors, or create public release authority.. Workaround: Use Activation Seal after protected Manual QA Evidence persistence and before Buyer Diligence export so retained packet hash, audit event, Proof Promotion, Claim Guard, and blocked production-authority language are checked together..
- Manual QA proof promotion gate (workaround-active, 2026-06-21): A retained-packet promotion gate now decides whether manual AAL2 synthetic QA evidence may be referenced in Buyer Diligence, requiring visible no-secret packet metadata before authenticated-proof language is allowed. Artifact: /api/qa-evidence/proof-promotion. Limitation: Proof Promotion does not execute the human AAL2 run, create packet hashes, store credentials, or authorize clinical, PHI, reimbursement, security-certification, connector, or production claims.. Workaround: Use Proof Promotion to keep buyer-facing language in activation-ready posture until protected packet hashes are visible, then reference only safe workflow run metadata and packet SHA-256..
- Manual QA buyer proof release gate (workaround-active, 2026-06-22): A protected Buyer Proof Release gate now consolidates retained Manual QA Evidence, Proof Promotion, Activation Seal, Claim Guard, and hard authority boundaries into one no-go/go decision before Buyer Diligence references retained QA proof. Artifact: /api/qa-evidence/buyer-proof-release. Limitation: The release gate does not execute the human AAL2 run, create retained packets, store tokens, store PHI, authorize public distribution, certify security or compliance, authorize clinical care, guarantee reimbursement, approve connectors, or grant production authority.. Workaround: Use the public route for no-secret candidate validation, then require the protected workspace route to read retained packet and audit evidence before packet-backed Buyer Diligence language is allowed..
- Manual AAL2 run evidence capture (workaround-active, 2026-06-18): A stateless evidence packet generator validates non-secret workflow run metadata, created evidence object ID, packet audit event ID, operator attestation, token-disposal attestation, and workflow kind after the manual QA workflow completes. Artifact: /api/qa-evidence/manual-run-packet. Limitation: The packet generator does not execute the authenticated QA run by itself.. Workaround: Use it immediately after the manual workflow run to produce a sanitized packet, then persist the same non-secret run metadata through the protected tenant-scoped evidence route..
- Tenant-scoped manual QA evidence persistence (workaround-active, 2026-06-18): A protected AAL2 workspace route can persist sanitized manual QA evidence packets into tenant-scoped audit storage and surface the resulting packet/audit signal inside Buyer Pilot Rooms. Artifact: /api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets. Limitation: Persistence is intentionally unavailable without a verified AAL2 tenant governance session and server-held runtime authorization.. Workaround: Keep the public packet generator stateless for no-secret packet creation; use the protected persistence route only after human AAL2 QA has completed..
- Protected route fail-closed coverage (fail-closed, 2026-06-18): Unauthenticated protected APIs return 401 or dependency-safe 503 responses with data-boundary headers instead of silently mutating records. Artifact: scripts/public-production-smoke.mjs. Limitation: Fail-closed evidence proves containment, not successful authenticated workflow execution.. Workaround: Pair fail-closed checks with manual AAL2 QA runs and packet-level audit evidence before customer-facing proof release..
- Production runtime error watch (passed, 2026-06-18): Production runtime logs were checked after deployment with no error or fatal events returned for the verification window. Artifact: Vercel production runtime logs. Limitation: Current check is operator-run evidence, not a contractual 24/7 managed SOC or customer-specific alerting program.. Workaround: Keep public proof bounded to release verification and target-operating-model language until monitoring ownership, notification policy, and support agreements are approved..

## Known Limitations
- First authenticated Sales Demo Session QA CI evidence is pending (manual-action-required): SCRIMED has the workflow and token policy, but cannot claim an authenticated CI mutation run until a fresh AAL2 operator token is used deliberately. Current control: Manual-only GitHub workflow, short-lived JWT preflight, explicit intake targeting, Run Control mission brief, Launch Kit handoff, Human Run Packet dispatch validation, protected Manual QA Execution Console, Completion Bridge candidate validation, Claim Guard overclaim prevention, Activation Seal final check, Proof Promotion gate, Buyer Proof Release gate, fail-closed public smoke, and no long-lived secret storage. Resolution path: Use /pilot-workspace/access#manual-qa-execution-console, mint a fresh AAL2 token from the tenant-admin session, run the workflow once against a synthetic intake ID, archive only safe IDs, validate them through /qa-completion-bridge, persist the packet hash, delete or rotate the token secret, then use /qa-buyer-proof-release before buyer proof claims.
- Authority Reference QA retained AAL2 evidence is captured (contained): SCRIMED has one protected authority-reference synthetic QA run retained as no-secret AAL2 evidence through Run Control. GitHub-hosted CI evidence remains optional until browser secret placement is available. Current control: Run Control witness, short-lived JWT preflight, workspace targeting, protected authority-reference smoke, Manual QA Evidence persistence, packet SHA-256 retention, append-only audit event, Claim Guard, Activation Seal, Proof Promotion, Buyer Proof Release, fail-closed public smoke, and no long-lived secret storage. Resolution path: Use the retained packet hash and audit event only for bounded buyer diligence. Re-run through GitHub Actions later if a separate CI-hosted evidence trail is required.
- First protected AAL2 synthetic category evidence is retained (contained): The required buyer-proof QA categories now have one retained no-secret AAL2 packet, packet hash, and append-only audit signal. Category notes remain bounded to synthetic QA posture and do not create clinical validation, PHI authority, or live-care approval. Current control: AAL2 Run Evidence Package, Manual QA Execution Console, Human Run Packet, Completion Bridge, Activation Seal, Proof Promotion, Claim Guard, Buyer Proof Release, synthetic-only headers, fail-closed protected routes, and no-secret packet validation. Resolution path: Use the protected Buyer Proof Release output for buyer diligence, include only the workflow run ID, packet hash, audit event reference, synthetic boundary, and blocked authority language, and keep production authority gates closed.
- Managed local shell may omit npm/node from PATH (contained): Local package scripts can fail even when the repository, CI, and Vercel build path are healthy. Current control: Bundled Node absolute path verifies TypeScript, ESLint, generated integrity, Next build, and smoke scripts without changing the product. Resolution path: Restore PATH in the local Codex shell when available; keep CI and Vercel on standard Node 22.
- Live clinical execution remains intentionally blocked (external-review-required): SCRIMED remains sellable as a governed synthetic pilot and enterprise evaluation product, not live diagnosis, treatment, payer submission, or autonomous care execution. Current control: Synthetic-only evidence, human-review boundaries, protected route fail-closed behavior, claims controls, and clinical/legal/privacy/security review gates. Resolution path: Complete customer-specific identity, privacy, BAA, connector, audit, clinical validation, risk, and human operating controls before any production healthcare workflow.

## Token Policy
- Status: short-lived-aal2-token-preflight-and-manual-ci-policy
- Runbook: docs/operator-token-rotation.md
- Workflow: .github/workflows/sales-demo-session-qa-smoke.yml
- Required claims: aal=aal2, session_id, exp, iat
- Max token lifetime seconds: 3900

## Manual AAL2 QA Activation Plan
- Status: manual-aal2-qa-evidence-activation-plan-ready
- Route: /api/qa-evidence/activation-plan
- Brief: /api/qa-evidence/activation-plan/brief
- Workflow count: 2
- Completion criteria: Preflight passed for the short-lived AAL2 token.; Authenticated smoke passed against the explicit synthetic target.; Temporary secret was deleted or rotated after run completion.; Manual QA Evidence packet was persisted through the protected workspace session.; Packet hash and append-only audit event are visible in Buyer Pilot Room.; Buyer Diligence Export was generated after persistence.
- Boundary: Authenticated QA evidence remains pending until a human operator performs the AAL2 run; code must not bypass this with committed credentials or long-lived secrets.

## Protected AAL2 Synthetic QA Run Evidence Package
- Status: protected-aal2-synthetic-qa-evidence-package-ready
- Route: /qa-aal2-run-evidence
- API: /api/qa-evidence/aal2-run-evidence
- Brief: /api/qa-evidence/aal2-run-evidence/brief
- Protected route: /api/pilot-workspaces/{workspaceSlug}/qa-evidence/aal2-run-evidence
- Boundary: SCRIMED AAL2 Synthetic QA Run Evidence records the first protected human-reviewed AAL2 synthetic QA evidence posture. It does not bypass human AAL2, store credentials, store PHI, touch production systems, trigger live patient workflows, perform autonomous clinical action, certify HIPAA/SOC/FDA/security status, guarantee reimbursement, approve connectors, approve buyer proof release, or authorize live clinical care.

## Next Recommended Build Step
Use /pilot-workspace/access#manual-qa-execution-console to dispatch exactly one approved human AAL2 synthetic workflow, then validate through /qa-completion-bridge, persist through protected Manual QA Evidence, and confirm /qa-buyer-proof-release before Buyer Diligence export.