{"service":"scrimed-manual-aal2-qa-execution-readiness","route":"/qa-execution-readiness","apiRoute":"/api/qa-evidence/execution-readiness","briefRoute":"/api/qa-evidence/execution-readiness/brief","status":"manual-aal2-qa-execution-readiness-ready","proofStackStatus":"manual-aal2-qa-execution-go-no-go-no-secret","briefProofStackStatus":"manual-aal2-qa-execution-brief-no-proof-claim","boundary":"SCRIMED Manual AAL2 QA Execution Readiness coordinates human-run authenticated synthetic QA. It does not mint bearer tokens, execute passkey ceremonies, store secrets, run unattended authenticated CI, process PHI, authorize clinical care, certify compliance, grant reimbursement certainty, approve production connectors, or claim authenticated proof before retained no-secret evidence exists.","executionDecision":"ready-for-human-run-not-code-bypass","buyerClaimStatus":"activation-ready-not-retained-authenticated-proof","workflowCount":2,"stageCount":7,"readyStages":1,"humanRequiredStages":2,"postRunStages":3,"remainingManualGateCount":2,"boundaryHumanAal2RequiredCount":11,"activationPlanStatus":"manual-aal2-qa-evidence-activation-plan-ready","manualRunPacketStatus":"manual-aal2-run-evidence-packet-ready","protectedPersistenceStatus":"tenant-scoped-aal2-manual-qa-evidence-ledger","dispatchWorkflows":[{"workflowKind":"sales-demo-session-qa","name":"Sales Demo Session QA activation","state":"ready-for-human-aal2-run-not-executed","dispatchPath":".github/workflows/sales-demo-session-qa-smoke.yml","preflightScript":"scripts/sales-demo-session-qa-token-preflight.mjs","smokeScript":"scripts/sales-demo-session-qa-smoke.mjs","targetInput":"intake_id","temporarySecret":"SCRIMED_SALES_QA_BEARER_TOKEN","protectedRoutes":["/api/sales-operations/qa/buyer-demo-sessions","/sales-operations","/pilot-deal-room"],"safeEvidenceFields":["workflowKind=sales-demo-session-qa","workflowRunId","workflowRunUrl","executedAt","baseUrl","intakeId","createdSessionId","packetAuditEventId","packetSha256 after protected persistence"],"hardStops":["bearer tokens","refresh tokens","passwords","patient identifiers","payer member identifiers","source contracts","clinical records","legal conclusions"],"retainedEvidenceRequired":["workflow run ID","workflow run URL","execution timestamp","created safe object ID","packet audit event ID","token disposal attestation","packet SHA-256 after protected persistence"],"buyerProofImpact":"Adds tenant-scoped evidence that SCRIMED can create and audit a governed synthetic buyer demo session under human AAL2 control.","boundary":"No authenticated sales-demo CI evidence can be claimed until a human runs the workflow with a fresh short-lived AAL2 token.","nextAction":"Run the manual workflow once a fresh AAL2 tenant-admin token and safe synthetic intake target are available."},{"workflowKind":"authority-reference-qa","name":"Authority Reference QA activation","state":"ready-for-human-aal2-run-not-executed","dispatchPath":".github/workflows/authority-reference-qa-smoke.yml","preflightScript":"scripts/authority-artifact-reference-qa-token-preflight.mjs","smokeScript":"scripts/authority-artifact-reference-qa-smoke.mjs","targetInput":"workspace_slug","temporarySecret":"SCRIMED_BEARER_TOKEN","protectedRoutes":["/api/pilot-workspaces/{workspaceSlug}/authority-artifact-references","/api/pilot-workspaces/{workspaceSlug}/authority-artifact-references/renewal-queue","/api/pilot-workspaces/{workspaceSlug}/authority-artifact-references/packet"],"safeEvidenceFields":["workflowKind=authority-reference-qa","workflowRunId","workflowRunUrl","executedAt","baseUrl","workspace slug as intakeId","created authority reference UUID as createdSessionId","authority packet audit event UUID as packetAuditEventId","packetSha256 after protected persistence"],"hardStops":["bearer tokens","refresh tokens","artifact URLs","signed approvals","legal opinions","security reports","reimbursement determinations","PHI","production credentials"],"retainedEvidenceRequired":["workflow run ID","workflow run URL","execution timestamp","created safe object ID","packet audit event ID","token disposal attestation","packet SHA-256 after protected persistence"],"buyerProofImpact":"Adds tenant-scoped evidence that SCRIMED can record and audit no-PHI authority-reference readiness metadata under human AAL2 control.","boundary":"No authenticated authority-reference CI evidence can be claimed until a human runs the workflow with a fresh short-lived AAL2 token.","nextAction":"Run the manual workflow once a fresh AAL2 tenant governance token and synthetic workspace target are available."}],"executionStages":[{"stage":"1. Human AAL2 session","state":"human-required","owner":"SCRIMED tenant-admin or pilot-lead operator","operatorAction":"Open the protected workspace in a fresh browser session and confirm AAL2 governance before minting any short-lived token.","evidenceAccepted":["operator role","workspace slug","AAL2 session timestamp"],"evidenceRejected":["bearer tokens","refresh tokens","passwords","API keys","PHI","patient identifiers","payer member identifiers","artifact URLs","signed approvals","legal opinions","security reports","reimbursement determinations","production credentials","clinical records"],"productionBoundary":"This confirms operator context only; it is not clinical, legal, security, reimbursement, or production authorization."},{"stage":"2. Explicit synthetic target","state":"ready","owner":"Release engineering and buyer-workflow owner","operatorAction":"Select exactly one synthetic Sales Operations intake ID or protected workspace slug before dispatch.","evidenceAccepted":["workflow kind","intake ID or workspace slug","base URL"],"evidenceRejected":["bearer tokens","refresh tokens","passwords","API keys","PHI","patient identifiers","payer member identifiers","artifact URLs","signed approvals","legal opinions","security reports","reimbursement determinations","production credentials","clinical records"],"productionBoundary":"Targets must remain synthetic or no-PHI metadata-only. No patient, payer member, EHR, source contract, or production connector target is allowed."},{"stage":"3. Token preflight","state":"human-required","owner":"Release engineering","operatorAction":"Run the workflow preflight so weak token shape, expiry, missing AAL2, missing session, or wrong target fails before authenticated requests.","evidenceAccepted":["preflight pass/fail","token lifetime policy status","target confirmation"],"evidenceRejected":["bearer tokens","refresh tokens","passwords","API keys","PHI","patient identifiers","payer member identifiers","artifact URLs","signed approvals","legal opinions","security reports","reimbursement determinations","production credentials","clinical records"],"productionBoundary":"Preflight is only a local safety gate. Protected SCRIMED APIs and Supabase Auth remain the verification authority."},{"stage":"4. Authenticated smoke","state":"blocked-until-run","owner":"Human operator","operatorAction":"Dispatch the manual workflow and allow it to create only synthetic/no-PHI metadata under the short-lived AAL2 session.","evidenceAccepted":["workflow run ID","workflow run URL","created synthetic object ID","packet audit event ID"],"evidenceRejected":["bearer tokens","refresh tokens","passwords","API keys","PHI","patient identifiers","payer member identifiers","artifact URLs","signed approvals","legal opinions","security reports","reimbursement determinations","production credentials","clinical records"],"productionBoundary":"A passing authenticated smoke proves the synthetic protected route only. It does not authorize live care or PHI workflows."},{"stage":"5. Secret disposal","state":"post-run-required","owner":"Human operator and security owner","operatorAction":"Delete or rotate the temporary masked GitHub secret immediately after workflow completion.","evidenceAccepted":["token disposal attestation","temporary secret name","disposal timestamp"],"evidenceRejected":["bearer tokens","refresh tokens","passwords","API keys","PHI","patient identifiers","payer member identifiers","artifact URLs","signed approvals","legal opinions","security reports","reimbursement determinations","production credentials","clinical records"],"productionBoundary":"The token itself is never evidence and must never be copied into SCRIMED, source control, docs, logs, packets, or runtime configuration."},{"stage":"6. No-secret packet and protected persistence","state":"post-run-required","owner":"Tenant governance operator","operatorAction":"Generate the no-secret manual QA packet, persist safe metadata through the protected workspace, and verify packet hash visibility.","evidenceAccepted":["packet SHA-256","append-only audit event","safe metadata fields","operator attestations"],"evidenceRejected":["bearer tokens","refresh tokens","passwords","API keys","PHI","patient identifiers","payer member identifiers","artifact URLs","signed approvals","legal opinions","security reports","reimbursement determinations","production credentials","clinical records"],"productionBoundary":"Persistence requires AAL2 tenant authorization and stores only synthetic business workflow metadata."},{"stage":"7. Buyer diligence export","state":"post-run-required","owner":"Sales engineering and trust reviewer","operatorAction":"Export Buyer Diligence only after retained packet hashes and audit evidence are visible.","evidenceAccepted":["Buyer Diligence export timestamp","manual QA packet hash","audit trail reference"],"evidenceRejected":["bearer tokens","refresh tokens","passwords","API keys","PHI","patient identifiers","payer member identifiers","artifact URLs","signed approvals","legal opinions","security reports","reimbursement determinations","production credentials","clinical records"],"productionBoundary":"Buyer export can claim retained manual QA evidence only after safe metadata is persisted."}],"hardStopRules":["Do not run authenticated QA without a fresh human AAL2 session.","Do not store long-lived tokens in GitHub, Vercel, source, docs, packets, logs, or runtime config.","Do not target PHI, payer member data, medical records, source contracts, production connectors, or live patient workflows.","Do not claim authenticated QA evidence until no-secret packet metadata is persisted and visible in Buyer Pilot Room.","Do not use this readiness layer as legal, security, clinical, reimbursement, or production authorization."],"claimRules":["Allowed now: SCRIMED has a controlled human-run AAL2 QA execution path.","Allowed now: SCRIMED has no-secret packet generation and protected persistence contracts.","Allowed now: public smoke verifies fail-closed protected routes and activation readiness.","Not allowed yet: SCRIMED has retained authenticated AAL2 QA proof for these workflows.","Not allowed yet: SCRIMED is authorized for live clinical care, PHI processing, payer submission, production connectors, security certification, or reimbursement certainty."],"buyerDiligenceSequence":["/api/qa-evidence/activation-plan/brief","/qa-run-control","/api/qa-evidence/manual-run-packet","/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets","/pilot-workspace/access#buyer-pilot-room","/api/pilot-workspaces/{workspaceSlug}/buyer-room/packet"],"nextRecommendedBuildStep":"Open /qa-run-control, run one workflow with its no-secret operator brief and a fresh human AAL2 token, delete or rotate the temporary secret, persist only safe metadata, then export Buyer Diligence after the packet hash appears.","updated":"2026-06-21"}