# SCRIMED Manual AAL2 QA Execution Readiness Brief

Status: manual-aal2-qa-execution-readiness-ready
Execution decision: ready-for-human-run-not-code-bypass
Buyer claim status: activation-ready-not-retained-authenticated-proof

## Boundary
SCRIMED Manual AAL2 QA Execution Readiness coordinates human-run authenticated synthetic QA. It does not mint bearer tokens, execute passkey ceremonies, store secrets, run unattended authenticated CI, process PHI, authorize clinical care, certify compliance, grant reimbursement certainty, approve production connectors, or claim authenticated proof before retained no-secret evidence exists.

## Hard Stop Rules
- Do not run authenticated QA without a fresh human AAL2 session.
- Do not store long-lived tokens in GitHub, Vercel, source, docs, packets, logs, or runtime config.
- Do not target PHI, payer member data, medical records, source contracts, production connectors, or live patient workflows.
- Do not claim authenticated QA evidence until no-secret packet metadata is persisted and visible in Buyer Pilot Room.
- Do not use this readiness layer as legal, security, clinical, reimbursement, or production authorization.

## Claim Rules
- Allowed now: SCRIMED has a controlled human-run AAL2 QA execution path.
- Allowed now: SCRIMED has no-secret packet generation and protected persistence contracts.
- Allowed now: public smoke verifies fail-closed protected routes and activation readiness.
- Not allowed yet: SCRIMED has retained authenticated AAL2 QA proof for these workflows.
- Not allowed yet: SCRIMED is authorized for live clinical care, PHI processing, payer submission, production connectors, security certification, or reimbursement certainty.

## Execution Stages
- 1. Human AAL2 session (human-required): Open the protected workspace in a fresh browser session and confirm AAL2 governance before minting any short-lived token. Accepted evidence: operator role, workspace slug, AAL2 session timestamp.
- 2. Explicit synthetic target (ready): Select exactly one synthetic Sales Operations intake ID or protected workspace slug before dispatch. Accepted evidence: workflow kind, intake ID or workspace slug, base URL.
- 3. Token preflight (human-required): Run the workflow preflight so weak token shape, expiry, missing AAL2, missing session, or wrong target fails before authenticated requests. Accepted evidence: preflight pass/fail, token lifetime policy status, target confirmation.
- 4. Authenticated smoke (blocked-until-run): Dispatch the manual workflow and allow it to create only synthetic/no-PHI metadata under the short-lived AAL2 session. Accepted evidence: workflow run ID, workflow run URL, created synthetic object ID, packet audit event ID.
- 5. Secret disposal (post-run-required): Delete or rotate the temporary masked GitHub secret immediately after workflow completion. Accepted evidence: token disposal attestation, temporary secret name, disposal timestamp.
- 6. No-secret packet and protected persistence (post-run-required): Generate the no-secret manual QA packet, persist safe metadata through the protected workspace, and verify packet hash visibility. Accepted evidence: packet SHA-256, append-only audit event, safe metadata fields, operator attestations.
- 7. Buyer diligence export (post-run-required): Export Buyer Diligence only after retained packet hashes and audit evidence are visible. Accepted evidence: Buyer Diligence export timestamp, manual QA packet hash, audit trail reference.

## Dispatch Workflows
- Sales Demo Session QA activation (sales-demo-session-qa): state ready-for-human-aal2-run-not-executed; dispatch .github/workflows/sales-demo-session-qa-smoke.yml; target intake_id; temporary secret SCRIMED_SALES_QA_BEARER_TOKEN; next Run the manual workflow once a fresh AAL2 tenant-admin token and safe synthetic intake target are available.
- Authority Reference QA activation (authority-reference-qa): state ready-for-human-aal2-run-not-executed; dispatch .github/workflows/authority-reference-qa-smoke.yml; target workspace_slug; temporary secret SCRIMED_BEARER_TOKEN; next Run the manual workflow once a fresh AAL2 tenant governance token and synthetic workspace target are available.

## Buyer Diligence Sequence
- /api/qa-evidence/activation-plan/brief
- /qa-run-control
- /api/qa-evidence/manual-run-packet
- /api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets
- /pilot-workspace/access#buyer-pilot-room
- /api/pilot-workspaces/{workspaceSlug}/buyer-room/packet

## Next Recommended Build Step
Open /qa-run-control, run one workflow with its no-secret operator brief and a fresh human AAL2 token, delete or rotate the temporary secret, persist only safe metadata, then export Buyer Diligence after the packet hash appears.