{"service":"scrimed-qa-human-run-packet","route":"/qa-human-run-packet","apiRoute":"/api/qa-evidence/human-run-packet","briefRoute":"/api/qa-evidence/human-run-packet/brief","status":"manual-aal2-qa-human-run-packet-ready","proofStackStatus":"manual-aal2-qa-human-run-packet-dispatch-ready","briefProofStackStatus":"manual-aal2-qa-human-run-packet-brief-no-proof-claim","boundary":"SCRIMED QA Human Run Packet creates a no-secret dispatch packet for the approved human AAL2 synthetic QA run. It does not execute passkey ceremonies, mint or store tokens, persist packet hashes, process PHI, authorize live clinical care, certify security or compliance, guarantee reimbursement, approve production connectors, or claim retained authenticated QA proof before protected Manual QA Evidence is visible.","decisionState":"dispatch-template-ready","executionAllowedByCode":false,"humanAal2Required":true,"proofClaimAllowed":false,"buyerUseAllowed":false,"sourceLaunchKitStatus":"manual-aal2-qa-launch-kit-ready","sourceRunControlStatus":"manual-aal2-qa-run-control-ready","sourceCompletionBridgeStatus":"manual-aal2-qa-completion-bridge-ready","sourceActivationSealStatus":"manual-aal2-qa-activation-seal-ready","sourceProofPromotionStatus":"manual-aal2-qa-proof-promotion-gate-ready","sourceClaimGuardStatus":"manual-aal2-qa-claim-guard-ready","workflowCount":2,"controlCount":7,"hardStopControlCount":3,"requiredAttestationCount":4,"safeFieldCount":12,"postRunRouteCount":7,"blockedClaimCount":15,"acceptedAttestations":{"operatorRole":["tenant-admin","pilot-lead"],"dispatchAttestation":"human-aal2-required-no-code-bypass","proofBlockedAttestation":"no-retained-proof-until-protected-packet-visible","dataBoundary":"synthetic-business-workflow-only"},"controls":[{"control":"Approved human operator","state":"required-before-dispatch","owner":"Tenant-admin or pilot-lead","passSignal":"The operator role is tenant-admin or pilot-lead and the AAL2 browser session is fresh.","failClosedIf":"The session is stale, shared, non-AAL2, or the role is not allowed."},{"control":"Single synthetic target","state":"required-before-dispatch","owner":"Workflow owner","passSignal":"The packet names one synthetic target and one workspace slug before the run.","failClosedIf":"The target is broad, production-linked, patient-linked, payer-member-linked, or ambiguous."},{"control":"Manual workflow only","state":"required-before-dispatch","owner":"Release engineering","passSignal":"The selected workflow remains manual and requires require_authenticated_path=true.","failClosedIf":"The workflow is scheduled, unattended, or allows the authenticated path to be optional."},{"control":"No-secret evidence fields","state":"required-after-run","owner":"TrustOS reviewer","passSignal":"Only workflow ID, run URL, timestamp, safe object UUIDs, packet hash, and audit UUID are copied.","failClosedIf":"Tokens, credentials, PHI, payer member data, legal artifacts, reports, contracts, or clinical records appear."},{"control":"Protected packet visibility","state":"hard-stop","owner":"Tenant governance operator","passSignal":"Protected Manual QA Evidence shows packet SHA-256 and append-only audit event visibility.","failClosedIf":"Only a public packet preview, operator assertion, screenshot, or chat statement exists."},{"control":"Proof and claim gates","state":"hard-stop","owner":"Buyer diligence and claims governance","passSignal":"Completion Bridge, Activation Seal, Proof Promotion, Claim Guard, and Buyer Proof Release all preserve the retained-packet boundary.","failClosedIf":"Any buyer, investor, sales, PR, or operator language claims retained proof or production authority too early."},{"control":"Clinical authority blocked","state":"hard-stop","owner":"Clinical, legal, privacy, security, compliance, and customer authority owners","passSignal":"The packet remains a governed synthetic QA dispatch artifact only.","failClosedIf":"The packet is used as clinical care, PHI, payer submission, reimbursement, certification, connector, or regional approval."}],"workflows":[{"workflowKind":"sales-demo-session-qa","name":"Sales Demo Session QA activation","dispatchPath":".github/workflows/sales-demo-session-qa-smoke.yml","dispatchInputs":{"base_url":"https://app.scrimedsolutions.com","intake_id":"<synthetic-sales-opportunity-intake-id>","require_authenticated_path":true},"temporarySecret":"SCRIMED_SALES_QA_BEARER_TOKEN","preflightCommandTemplate":"SCRIMED_REQUIRE_SALES_QA=1 SCRIMED_SALES_QA_INTAKE_ID=<synthetic-intake-id> SCRIMED_SALES_QA_BEARER_TOKEN=<short-lived-aal2-token> node scripts/sales-demo-session-qa-token-preflight.mjs","smokeCommandTemplate":"SCRIMED_REQUIRE_SALES_QA=1 SCRIMED_BASE_URL=https://app.scrimedsolutions.com SCRIMED_SALES_QA_INTAKE_ID=<synthetic-intake-id> SCRIMED_SALES_QA_BEARER_TOKEN=<short-lived-aal2-token> node scripts/sales-demo-session-qa-smoke.mjs","defaultSyntheticTarget":"synthetic-sales-opportunity-intake-id","safeEvidenceTemplate":{"workflowKind":"sales-demo-session-qa","workflowRunId":"<numeric-scrimed-manual-run-id>","workflowRunUrl":"https://app.scrimedsolutions.com/qa-run-control?runId=<numeric-scrimed-manual-run-id>","executedAt":"<iso-8601-run-timestamp>","baseUrl":"https://app.scrimedsolutions.com","intakeId":"<synthetic-sales-opportunity-intake-id>","createdSessionId":"<created-demo-session-uuid>","packetAuditEventId":"<demo-session-packet-audit-event-uuid>","qaOutcome":"pass","operatorAttestation":"no-secrets-no-phi-aal2-human-run","tokenDisposalAttestation":"temporary-token-deleted-or-rotated","dataBoundary":"synthetic-business-workflow-only"},"manualPacketRoute":"/api/qa-evidence/manual-run-packet","completionBridgeRoute":"/qa-completion-bridge","protectedPersistenceRoute":"/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets","activationSealRoute":"/qa-activation-seal","proofPromotionRoute":"/qa-proof-promotion","claimGuardRoute":"/qa-claim-guard","buyerDiligenceRoute":"/pilot-workspace/access#buyer-room","operatorSequence":["Open /pilot-workspace/access in a fresh browser session and verify AAL2 posture.","Confirm protected workspace slug {workspaceSlug}.","Create only the temporary masked workflow secret for the selected run.","Run the preflight command before dispatching the authenticated workflow.","Dispatch the manual workflow with require_authenticated_path=true and one explicit synthetic target.","Copy only the safe metadata fields from the completed run.","Delete or rotate the temporary secret before generating or persisting evidence.","Validate no-secret metadata through /qa-completion-bridge.","Generate the Markdown packet through /api/qa-evidence/manual-run-packet.","Persist only accepted metadata through /api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets.","Confirm /qa-activation-seal, /qa-proof-promotion, and /qa-claim-guard.","Export Buyer Diligence only after protected packet SHA-256 and audit visibility exist."],"abortConditions":["No fresh human AAL2 session is available.","The target is not synthetic or metadata-only.","The token preflight fails or the token lifetime is too long.","The workflow requires a long-lived or committed credential.","Any evidence field contains a token, credential, PHI, patient identifier, payer member identifier, artifact URL, legal approval, security report, reimbursement determination, or production clinical record.","The operator cannot delete or rotate the temporary secret after the run.","Buyer Diligence is requested before no-secret evidence metadata is retained."]},{"workflowKind":"authority-reference-qa","name":"Authority Reference QA activation","dispatchPath":".github/workflows/authority-reference-qa-smoke.yml","dispatchInputs":{"base_url":"https://app.scrimedsolutions.com","workspace_slug":"atlas-synthetic-evaluation","require_authenticated_path":true},"temporarySecret":"SCRIMED_BEARER_TOKEN","preflightCommandTemplate":"SCRIMED_REQUIRE_AUTHORITY_REFERENCE_QA=1 SCRIMED_WORKSPACE_SLUG=<synthetic-workspace-slug> SCRIMED_BEARER_TOKEN=<short-lived-aal2-token> node scripts/authority-artifact-reference-qa-token-preflight.mjs","smokeCommandTemplate":"SCRIMED_REQUIRE_AUTHORITY_REFERENCE_QA=1 SCRIMED_BASE_URL=https://app.scrimedsolutions.com SCRIMED_WORKSPACE_SLUG=<synthetic-workspace-slug> SCRIMED_BEARER_TOKEN=<short-lived-aal2-token> node scripts/authority-artifact-reference-qa-smoke.mjs","defaultSyntheticTarget":"atlas-synthetic-evaluation","safeEvidenceTemplate":{"workflowKind":"authority-reference-qa","workflowRunId":"<numeric-scrimed-manual-run-id>","workflowRunUrl":"https://app.scrimedsolutions.com/qa-run-control?runId=<numeric-scrimed-manual-run-id>","executedAt":"<iso-8601-run-timestamp>","baseUrl":"https://app.scrimedsolutions.com","intakeId":"atlas-synthetic-evaluation","createdSessionId":"<created-authority-reference-uuid>","packetAuditEventId":"<authority-reference-packet-audit-event-uuid>","qaOutcome":"pass","operatorAttestation":"no-secrets-no-phi-aal2-human-run","tokenDisposalAttestation":"temporary-token-deleted-or-rotated","dataBoundary":"synthetic-business-workflow-only"},"manualPacketRoute":"/api/qa-evidence/manual-run-packet","completionBridgeRoute":"/qa-completion-bridge","protectedPersistenceRoute":"/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets","activationSealRoute":"/qa-activation-seal","proofPromotionRoute":"/qa-proof-promotion","claimGuardRoute":"/qa-claim-guard","buyerDiligenceRoute":"/pilot-workspace/access#buyer-room","operatorSequence":["Open /pilot-workspace/access in a fresh browser session and verify AAL2 posture.","Confirm protected workspace slug atlas-synthetic-evaluation.","Create only the temporary masked workflow secret for the selected run.","Run the preflight command before dispatching the authenticated workflow.","Dispatch the manual workflow with require_authenticated_path=true and one explicit synthetic target.","Copy only the safe metadata fields from the completed run.","Delete or rotate the temporary secret before generating or persisting evidence.","Validate no-secret metadata through /qa-completion-bridge.","Generate the Markdown packet through /api/qa-evidence/manual-run-packet.","Persist only accepted metadata through /api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets.","Confirm /qa-activation-seal, /qa-proof-promotion, and /qa-claim-guard.","Export Buyer Diligence only after protected packet SHA-256 and audit visibility exist."],"abortConditions":["No fresh human AAL2 session is available.","The target is not synthetic or metadata-only.","The token preflight fails or the token lifetime is too long.","The workflow requires a long-lived or committed credential.","Any evidence field contains a token, credential, PHI, patient identifier, payer member identifier, artifact URL, legal approval, security report, reimbursement determination, or production clinical record.","The operator cannot delete or rotate the temporary secret after the run.","Buyer Diligence is requested before no-secret evidence metadata is retained."]}],"postRunRoutes":["/qa-completion-bridge","/api/qa-evidence/manual-run-packet","/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets","/qa-activation-seal","/qa-proof-promotion","/qa-claim-guard","/pilot-workspace/access#buyer-room"],"blockedClaims":["retained authenticated QA proof","human AAL2 workflow completed","live clinical care authorized","PHI processing authorized","HIPAA certified","HIPAA compliant","SOC 2 certified","FDA cleared","FDA approved","reimbursement guaranteed","production connector approved","autonomous diagnosis authorized","autonomous treatment authorized","patient outreach authorized","payer submission authorized"],"dispatchRules":["Allowed now: generate a no-secret dispatch packet for an approved operator.","Allowed now: predefine the exact workflow, target, command templates, safe fields, and post-run checks.","Not allowed here: execute passkey/AAL2 ceremonies, mint tokens, store credentials, or persist evidence.","Not allowed yet: claim retained authenticated QA proof, buyer-ready proof, clinical authority, PHI authority, reimbursement certainty, certification, or production connector approval."],"nextRecommendedBuildStep":"Have an approved tenant-admin or pilot-lead operator use this packet for exactly one synthetic AAL2 workflow, validate the no-secret result through Completion Bridge, persist it through protected Manual QA Evidence, then confirm Activation Seal, Proof Promotion, Claim Guard, and Buyer Proof Release before Buyer Diligence export.","updated":"2026-06-22"}