{"service":"scrimed-manual-aal2-qa-launch-kit","route":"/qa-launch-kit","apiRoute":"/api/qa-evidence/launch-kit","briefRoute":"/api/qa-evidence/launch-kit/brief","status":"manual-aal2-qa-launch-kit-ready","proofStackStatus":"manual-aal2-qa-launch-kit-no-secret-human-handoff","briefProofStackStatus":"manual-aal2-qa-launch-kit-brief-no-token-storage","boundary":"SCRIMED Manual AAL2 QA Launch Kit packages the human-run workflow handoff for synthetic QA only. It does not execute passkey ceremonies, mint tokens, store credentials, store PHI, run unattended authenticated CI, certify security or compliance, authorize live clinical care, guarantee reimbursement, approve production connectors, or claim retained authenticated QA proof before protected no-secret packet hashes are visible.","launchDecision":"ready-for-human-launch-not-code-execution","buyerClaimStatus":"operator-handoff-ready-not-retained-authenticated-proof","sourceRunControlStatus":"manual-aal2-qa-run-control-ready","sourceProofPromotionStatus":"manual-aal2-qa-proof-promotion-gate-ready","proofPromotionState":"pending-retained-packet","workflowCount":2,"phaseCount":9,"hardStopPhaseCount":1,"safeCopyFieldCount":12,"blockedClaimCount":10,"phases":[{"phase":"Confirm human AAL2 session","state":"prepare","owner":"Tenant-admin or pilot-lead operator","operatorAction":"Sign in through the protected pilot workspace and confirm the browser session is fresh, scoped, and AAL2-capable.","passSignal":"The operator has an approved tenant role and current AAL2 browser session.","failClosedIf":"The session is stale, shared, missing AAL2, or scoped to the wrong tenant."},{"phase":"Select exactly one synthetic target","state":"prepare","owner":"Workflow owner","operatorAction":"Choose one synthetic sales intake ID or one synthetic protected workspace slug before dispatch.","passSignal":"The target is explicit, synthetic, and contains no PHI, payer member data, or production data.","failClosedIf":"The target is missing, broad, production-linked, or contains regulated data."},{"phase":"Create temporary masked workflow secret","state":"prepare","owner":"Security owner and operator","operatorAction":"Place the short-lived AAL2 token only in the manual GitHub Actions secret required for the selected workflow.","passSignal":"The token is short-lived, masked, workflow-specific, and never pasted into source, docs, chat, or packets.","failClosedIf":"The token is long-lived, copied into evidence, or stored anywhere outside the temporary secret path."},{"phase":"Run preflight and dispatch","state":"execute-human-run","owner":"Release engineering","operatorAction":"Run the workflow-specific preflight, then dispatch the manual workflow with require_authenticated_path=true.","passSignal":"Preflight passes and the manual workflow completes against the explicit synthetic target.","failClosedIf":"Preflight fails, authenticated path is optional, the target changes, or the workflow is scheduled."},{"phase":"Copy safe metadata only","state":"retain-evidence","owner":"TrustOS and tenant governance","operatorAction":"Copy only the workflow run ID, run URL, execution timestamp, synthetic target ID, created safe object UUID, and packet audit event UUID.","passSignal":"No token, credential, PHI, artifact URL, source contract, clinical record, or approval artifact enters SCRIMED evidence.","failClosedIf":"Any evidence field contains secret-like material or regulated identifiers."},{"phase":"Delete or rotate temporary secret","state":"retain-evidence","owner":"Security owner and operator","operatorAction":"Delete or rotate the temporary GitHub Actions secret immediately after the workflow completes.","passSignal":"Secret disposal attestation is true before packet generation or persistence.","failClosedIf":"The temporary token remains available after the run."},{"phase":"Persist no-secret packet","state":"retain-evidence","owner":"Tenant governance operator","operatorAction":"Generate the no-secret packet, then persist the same metadata through the protected Manual QA Evidence panel.","passSignal":"The protected workspace shows packet SHA-256 and append-only audit visibility.","failClosedIf":"Packet persistence is attempted without AAL2 tenant governance authorization."},{"phase":"Check Proof Promotion","state":"promote-proof","owner":"Sales engineering and trust reviewer","operatorAction":"Open Proof Promotion and confirm buyer-diligence-ready status before citing retained authenticated QA evidence.","passSignal":"Proof Promotion allows only retained packet metadata and blocked production claims remain visible.","failClosedIf":"Buyer material references retained authenticated QA proof before packet hash visibility."},{"phase":"Keep production authority blocked","state":"hard-stop","owner":"Clinical, legal, security, privacy, and compliance owners","operatorAction":"Keep live clinical care, PHI, payer submission, production connector, reimbursement, security-certification, and compliance claims blocked.","passSignal":"Buyer proof remains limited to governed synthetic QA evidence.","failClosedIf":"Any stakeholder attempts to convert retained QA proof into live-care or production authorization."}],"workflows":[{"workflowKind":"sales-demo-session-qa","name":"Sales Demo Session QA activation","dispatchPath":".github/workflows/sales-demo-session-qa-smoke.yml","dispatchInputs":{"base_url":"https://app.scrimedsolutions.com","intake_id":"<synthetic-sales-opportunity-intake-id>","require_authenticated_path":true},"temporarySecret":"SCRIMED_SALES_QA_BEARER_TOKEN","preflightCommandTemplate":"SCRIMED_REQUIRE_SALES_QA=1 SCRIMED_SALES_QA_INTAKE_ID=<synthetic-intake-id> SCRIMED_SALES_QA_BEARER_TOKEN=<short-lived-aal2-token> node scripts/sales-demo-session-qa-token-preflight.mjs","smokeCommandTemplate":"SCRIMED_REQUIRE_SALES_QA=1 SCRIMED_BASE_URL=https://app.scrimedsolutions.com SCRIMED_SALES_QA_INTAKE_ID=<synthetic-intake-id> SCRIMED_SALES_QA_BEARER_TOKEN=<short-lived-aal2-token> node scripts/sales-demo-session-qa-smoke.mjs","safeEvidenceTemplate":{"workflowKind":"sales-demo-session-qa","workflowRunId":"<numeric-scrimed-manual-run-id>","workflowRunUrl":"https://app.scrimedsolutions.com/qa-run-control?runId=<numeric-scrimed-manual-run-id>","executedAt":"<iso-8601-run-timestamp>","baseUrl":"https://app.scrimedsolutions.com","intakeId":"<synthetic-sales-opportunity-intake-id>","createdSessionId":"<created-demo-session-uuid>","packetAuditEventId":"<demo-session-packet-audit-event-uuid>","qaOutcome":"pass","operatorAttestation":"no-secrets-no-phi-aal2-human-run","tokenDisposalAttestation":"temporary-token-deleted-or-rotated","dataBoundary":"synthetic-business-workflow-only"},"evidencePacketRoute":"/api/qa-evidence/manual-run-packet","protectedPersistenceRoute":"/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets","proofPromotionRoute":"/qa-proof-promotion","postRunSafeCopyFields":["workflowKind","workflowRunId","workflowRunUrl","executedAt","baseUrl","intakeId or workspaceSlug","createdSessionId or created authority reference UUID","packetAuditEventId","qaOutcome=pass","operatorAttestation=no-secrets-no-phi-aal2-human-run","tokenDisposalAttestation=temporary-token-deleted-or-rotated","dataBoundary=synthetic-business-workflow-only"],"operatorSequence":["Open the protected workspace in a fresh browser session and confirm AAL2 posture.","Use one explicit synthetic Sales Operations intake ID as the target.","Create a temporary masked GitHub Actions secret for the short-lived AAL2 token.","Dispatch the manual workflow with require_authenticated_path=true.","Verify preflight passed before the authenticated smoke runs.","Copy only the workflow run ID, run URL, created safe object ID, packet audit event ID, and timestamp.","Delete or rotate the temporary secret immediately after the workflow completes.","Persist the safe metadata through /pilot-workspace/access -> Manual QA Evidence.","Export Buyer Diligence only after the packet hash and audit event are visible."],"abortConditions":["No fresh human AAL2 session is available.","The target is not synthetic or metadata-only.","The token preflight fails or the token lifetime is too long.","The workflow requires a long-lived or committed credential.","Any evidence field contains a token, credential, PHI, patient identifier, payer member identifier, artifact URL, legal approval, security report, reimbursement determination, or production clinical record.","The operator cannot delete or rotate the temporary secret after the run.","Buyer Diligence is requested before no-secret evidence metadata is retained."],"buyerProofPromotionRule":"Do not promote this workflow into Buyer Diligence until the protected workspace shows a retained packet SHA-256 and append-only audit event."},{"workflowKind":"authority-reference-qa","name":"Authority Reference QA activation","dispatchPath":".github/workflows/authority-reference-qa-smoke.yml","dispatchInputs":{"base_url":"https://app.scrimedsolutions.com","workspace_slug":"atlas-synthetic-evaluation","require_authenticated_path":true},"temporarySecret":"SCRIMED_BEARER_TOKEN","preflightCommandTemplate":"SCRIMED_REQUIRE_AUTHORITY_REFERENCE_QA=1 SCRIMED_WORKSPACE_SLUG=<synthetic-workspace-slug> SCRIMED_BEARER_TOKEN=<short-lived-aal2-token> node scripts/authority-artifact-reference-qa-token-preflight.mjs","smokeCommandTemplate":"SCRIMED_REQUIRE_AUTHORITY_REFERENCE_QA=1 SCRIMED_BASE_URL=https://app.scrimedsolutions.com SCRIMED_WORKSPACE_SLUG=<synthetic-workspace-slug> SCRIMED_BEARER_TOKEN=<short-lived-aal2-token> node scripts/authority-artifact-reference-qa-smoke.mjs","safeEvidenceTemplate":{"workflowKind":"authority-reference-qa","workflowRunId":"<numeric-scrimed-manual-run-id>","workflowRunUrl":"https://app.scrimedsolutions.com/qa-run-control?runId=<numeric-scrimed-manual-run-id>","executedAt":"<iso-8601-run-timestamp>","baseUrl":"https://app.scrimedsolutions.com","intakeId":"atlas-synthetic-evaluation","createdSessionId":"<created-authority-reference-uuid>","packetAuditEventId":"<authority-reference-packet-audit-event-uuid>","qaOutcome":"pass","operatorAttestation":"no-secrets-no-phi-aal2-human-run","tokenDisposalAttestation":"temporary-token-deleted-or-rotated","dataBoundary":"synthetic-business-workflow-only"},"evidencePacketRoute":"/api/qa-evidence/manual-run-packet","protectedPersistenceRoute":"/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets","proofPromotionRoute":"/qa-proof-promotion","postRunSafeCopyFields":["workflowKind","workflowRunId","workflowRunUrl","executedAt","baseUrl","intakeId or workspaceSlug","createdSessionId or created authority reference UUID","packetAuditEventId","qaOutcome=pass","operatorAttestation=no-secrets-no-phi-aal2-human-run","tokenDisposalAttestation=temporary-token-deleted-or-rotated","dataBoundary=synthetic-business-workflow-only"],"operatorSequence":["Open the protected workspace in a fresh browser session and confirm AAL2 posture.","Use the protected synthetic workspace slug as the explicit target.","Create a temporary masked GitHub Actions secret for the short-lived AAL2 token.","Dispatch the manual workflow with require_authenticated_path=true.","Verify preflight passed before the authenticated smoke runs.","Copy only the workflow run ID, run URL, created safe object ID, packet audit event ID, and timestamp.","Delete or rotate the temporary secret immediately after the workflow completes.","Persist the safe metadata through /pilot-workspace/access -> Manual QA Evidence.","Export Buyer Diligence only after the packet hash and audit event are visible."],"abortConditions":["No fresh human AAL2 session is available.","The target is not synthetic or metadata-only.","The token preflight fails or the token lifetime is too long.","The workflow requires a long-lived or committed credential.","Any evidence field contains a token, credential, PHI, patient identifier, payer member identifier, artifact URL, legal approval, security report, reimbursement determination, or production clinical record.","The operator cannot delete or rotate the temporary secret after the run.","Buyer Diligence is requested before no-secret evidence metadata is retained."],"buyerProofPromotionRule":"Do not promote this workflow into Buyer Diligence until the protected workspace shows a retained packet SHA-256 and append-only audit event."}],"blockedClaims":["human AAL2 workflow completed by code","bearer token retained as evidence","authenticated QA proof retained before packet hash visibility","PHI processed or validated","live clinical care authorized","security certification completed","compliance certification completed","reimbursement outcome guaranteed","production connector approved","autonomous diagnosis or treatment authorized"],"launchRules":["Allowed now: SCRIMED can hand an approved operator an exact no-secret launch packet.","Allowed now: SCRIMED can predefine dispatch inputs, command templates, safe evidence fields, abort conditions, and post-run promotion checks.","Not allowed yet: SCRIMED has completed the human AAL2 run or retained authenticated QA proof.","Never allowed from this launch kit: clinical care authority, PHI processing authority, payer submission authority, security certification, reimbursement certainty, production connector approval, or autonomous clinical action."],"nextRecommendedBuildStep":"Have an approved tenant-admin operator use /qa-human-run-packet to dispatch exactly one workflow with a fresh short-lived AAL2 token, persist only the no-secret packet metadata, then verify Claim Guard, Activation Seal, and Proof Promotion before exporting Buyer Diligence.","updated":"2026-06-22"}