{"service":"scrimed-qa-completion-bridge","route":"/qa-completion-bridge","apiRoute":"/api/qa-evidence/completion-bridge","briefRoute":"/api/qa-evidence/completion-bridge/brief","status":"manual-aal2-qa-completion-bridge-ready","proofStackStatus":"manual-aal2-qa-completion-bridge-no-secret-pre-persistence","briefProofStackStatus":"manual-aal2-qa-completion-bridge-brief-no-retained-proof-claim","boundary":"SCRIMED QA Completion Bridge validates no-secret candidate metadata after a human AAL2 synthetic QA run and before protected persistence. It does not execute passkey ceremonies, mint or store tokens, persist evidence, store PHI, authorize live clinical care, certify security or compliance, guarantee reimbursement, approve production connectors, or allow buyer proof promotion before protected packet hashes are visible.","completionDecisionState":"waiting-for-human-aal2-run","buyerClaimStatus":"completion-bridge-ready-not-retained-authenticated-proof","launchKitRoute":"/qa-launch-kit","humanRunPacketRoute":"/qa-human-run-packet","launchKitStatus":"manual-aal2-qa-launch-kit-ready","proofPromotionRoute":"/qa-proof-promotion","proofPromotionState":"pending-retained-packet","manualPacketRoute":"/api/qa-evidence/manual-run-packet","protectedPersistenceRoute":"/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets","contractStatus":"manual-aal2-run-evidence-packet-ready","checkpointCount":5,"hardStopCount":2,"safeFieldCount":12,"blockedClaimCount":10,"supportedWorkflowKinds":["sales-demo-session-qa","authority-reference-qa"],"requiredFields":["workflowKind","workflowRunId","workflowRunUrl","executedAt","baseUrl","intakeId","createdSessionId","packetAuditEventId","qaOutcome","operatorAttestation","tokenDisposalAttestation","dataBoundary"],"acceptedAttestations":{"qaOutcome":"pass","operatorAttestation":"no-secrets-no-phi-aal2-human-run","tokenDisposalAttestation":"temporary-token-deleted-or-rotated","dataBoundary":"synthetic-business-workflow-only"},"checkpoints":[{"checkpoint":"Human AAL2 workflow run","state":"required-before-bridge","owner":"Tenant-admin or pilot-lead operator","evidenceRequired":"One explicit synthetic workflow run ID, run URL, timestamp, target ID, created object UUID, and packet audit event UUID.","passSignal":"The candidate payload references exactly one completed human-run synthetic workflow.","failClosedIf":"The run did not happen, was scheduled/unattended, used a broad target, or references regulated data."},{"checkpoint":"No-secret candidate validation","state":"validated-by-bridge","owner":"TrustOS and release engineering","evidenceRequired":"Safe metadata only, accepted attestations, valid GitHub Actions or SCRIMED Run Control URL, ISO timestamp, and UUID evidence object IDs.","passSignal":"The public bridge returns ready-for-protected-persistence and a packet preview SHA-256.","failClosedIf":"The payload contains bearer/JWT-like material, PHI, payer member data, credentials, invalid attestations, or unsupported workflow kind."},{"checkpoint":"Protected packet persistence","state":"protected-only","owner":"Tenant governance operator","evidenceRequired":"AAL2 protected workspace session and POST to the tenant-scoped manual QA evidence route.","passSignal":"The protected workspace returns a retained packet hash and append-only audit event.","failClosedIf":"The operator lacks AAL2 governance authorization or the protected write rejects the payload."},{"checkpoint":"Proof Promotion decision","state":"hard-stop","owner":"Buyer diligence reviewer","evidenceRequired":"Visible retained packet SHA-256, workflow run ID, audit event reference, and blocked production claims.","passSignal":"Proof Promotion moves buyer language from activation-ready to retained no-secret QA evidence.","failClosedIf":"Buyer material claims authenticated proof before protected packet hash visibility."},{"checkpoint":"Clinical and production authority","state":"hard-stop","owner":"Clinical, legal, privacy, security, reimbursement, and customer authority owners","evidenceRequired":"Separate signed customer/legal/security/privacy/clinical/regional/reimbursement/connector approvals.","passSignal":"Authority remains explicitly blocked unless external approvals exist.","failClosedIf":"Anyone treats QA completion evidence as PHI, live-care, payer, connector, security-certification, or reimbursement authorization."}],"safeFieldExamples":["workflowKind","workflowRunId","workflowRunUrl","executedAt","baseUrl","intakeId or workspaceSlug","createdSessionId or authority reference UUID","packetAuditEventId","qaOutcome=pass","operatorAttestation=no-secrets-no-phi-aal2-human-run","tokenDisposalAttestation=temporary-token-deleted-or-rotated","dataBoundary=synthetic-business-workflow-only"],"blockedClaims":["human AAL2 workflow executed by this bridge","token, credential, or bearer material stored as evidence","protected packet persisted by the public bridge","buyer proof promoted before retained packet hash visibility","PHI or payer member data processed","live clinical care authorized","security or compliance certification completed","reimbursement outcome guaranteed","production connector approved","autonomous diagnosis or treatment authorized"],"bridgeRules":["Allowed now: validate a no-secret candidate packet after a human AAL2 synthetic run.","Allowed now: generate a packet preview hash for operator comparison before protected persistence.","Not allowed here: persist evidence, store tokens, claim retained proof, or promote buyer diligence.","Required next: use the protected AAL2 workspace persistence route, then Proof Promotion."],"nextRecommendedBuildStep":"After the approved operator uses /qa-human-run-packet and completes one synthetic workflow, run the no-secret metadata through QA Completion Bridge, persist it through the protected Manual QA Evidence route, then confirm Claim Guard, Activation Seal, and Proof Promotion before exporting Buyer Diligence.","updated":"2026-06-22"}