# SCRIMED Manual AAL2 QA Launch Kit

Status: manual-aal2-qa-launch-kit-ready
Launch decision: ready-for-human-launch-not-code-execution
Buyer claim status: operator-handoff-ready-not-retained-authenticated-proof
Proof promotion state: pending-retained-packet

## Boundary
SCRIMED Manual AAL2 QA Launch Kit packages the human-run workflow handoff for synthetic QA only. It does not execute passkey ceremonies, mint tokens, store credentials, store PHI, run unattended authenticated CI, certify security or compliance, authorize live clinical care, guarantee reimbursement, approve production connectors, or claim retained authenticated QA proof before protected no-secret packet hashes are visible.

## Launch Rules
- Allowed now: SCRIMED can hand an approved operator an exact no-secret launch packet.
- Allowed now: SCRIMED can predefine dispatch inputs, command templates, safe evidence fields, abort conditions, and post-run promotion checks.
- Not allowed yet: SCRIMED has completed the human AAL2 run or retained authenticated QA proof.
- Never allowed from this launch kit: clinical care authority, PHI processing authority, payer submission authority, security certification, reimbursement certainty, production connector approval, or autonomous clinical action.

## Launch Phases
- Confirm human AAL2 session (prepare): Sign in through the protected pilot workspace and confirm the browser session is fresh, scoped, and AAL2-capable. Pass: The operator has an approved tenant role and current AAL2 browser session. Fail closed if: The session is stale, shared, missing AAL2, or scoped to the wrong tenant.
- Select exactly one synthetic target (prepare): Choose one synthetic sales intake ID or one synthetic protected workspace slug before dispatch. Pass: The target is explicit, synthetic, and contains no PHI, payer member data, or production data. Fail closed if: The target is missing, broad, production-linked, or contains regulated data.
- Create temporary masked workflow secret (prepare): Place the short-lived AAL2 token only in the manual GitHub Actions secret required for the selected workflow. Pass: The token is short-lived, masked, workflow-specific, and never pasted into source, docs, chat, or packets. Fail closed if: The token is long-lived, copied into evidence, or stored anywhere outside the temporary secret path.
- Run preflight and dispatch (execute-human-run): Run the workflow-specific preflight, then dispatch the manual workflow with require_authenticated_path=true. Pass: Preflight passes and the manual workflow completes against the explicit synthetic target. Fail closed if: Preflight fails, authenticated path is optional, the target changes, or the workflow is scheduled.
- Copy safe metadata only (retain-evidence): Copy only the workflow run ID, run URL, execution timestamp, synthetic target ID, created safe object UUID, and packet audit event UUID. Pass: No token, credential, PHI, artifact URL, source contract, clinical record, or approval artifact enters SCRIMED evidence. Fail closed if: Any evidence field contains secret-like material or regulated identifiers.
- Delete or rotate temporary secret (retain-evidence): Delete or rotate the temporary GitHub Actions secret immediately after the workflow completes. Pass: Secret disposal attestation is true before packet generation or persistence. Fail closed if: The temporary token remains available after the run.
- Persist no-secret packet (retain-evidence): Generate the no-secret packet, then persist the same metadata through the protected Manual QA Evidence panel. Pass: The protected workspace shows packet SHA-256 and append-only audit visibility. Fail closed if: Packet persistence is attempted without AAL2 tenant governance authorization.
- Check Proof Promotion (promote-proof): Open Proof Promotion and confirm buyer-diligence-ready status before citing retained authenticated QA evidence. Pass: Proof Promotion allows only retained packet metadata and blocked production claims remain visible. Fail closed if: Buyer material references retained authenticated QA proof before packet hash visibility.
- Keep production authority blocked (hard-stop): Keep live clinical care, PHI, payer submission, production connector, reimbursement, security-certification, and compliance claims blocked. Pass: Buyer proof remains limited to governed synthetic QA evidence. Fail closed if: Any stakeholder attempts to convert retained QA proof into live-care or production authorization.

## Sales Demo Session QA activation
- Workflow kind: sales-demo-session-qa
- Dispatch path: .github/workflows/sales-demo-session-qa-smoke.yml
- Temporary secret: SCRIMED_SALES_QA_BEARER_TOKEN
- Evidence packet route: /api/qa-evidence/manual-run-packet
- Protected persistence route: /api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets
- Proof promotion route: /qa-proof-promotion
- Buyer proof rule: Do not promote this workflow into Buyer Diligence until the protected workspace shows a retained packet SHA-256 and append-only audit event.

Dispatch inputs:
```json
{
  "base_url": "https://app.scrimedsolutions.com",
  "intake_id": "<synthetic-sales-opportunity-intake-id>",
  "require_authenticated_path": true
}
```

Preflight command template:
```bash
SCRIMED_REQUIRE_SALES_QA=1 SCRIMED_SALES_QA_INTAKE_ID=<synthetic-intake-id> SCRIMED_SALES_QA_BEARER_TOKEN=<short-lived-aal2-token> node scripts/sales-demo-session-qa-token-preflight.mjs
```

Smoke command template:
```bash
SCRIMED_REQUIRE_SALES_QA=1 SCRIMED_BASE_URL=https://app.scrimedsolutions.com SCRIMED_SALES_QA_INTAKE_ID=<synthetic-intake-id> SCRIMED_SALES_QA_BEARER_TOKEN=<short-lived-aal2-token> node scripts/sales-demo-session-qa-smoke.mjs
```

Safe evidence template:
```json
{
  "workflowKind": "sales-demo-session-qa",
  "workflowRunId": "<numeric-scrimed-manual-run-id>",
  "workflowRunUrl": "https://app.scrimedsolutions.com/qa-run-control?runId=<numeric-scrimed-manual-run-id>",
  "executedAt": "<iso-8601-run-timestamp>",
  "baseUrl": "https://app.scrimedsolutions.com",
  "intakeId": "<synthetic-sales-opportunity-intake-id>",
  "createdSessionId": "<created-demo-session-uuid>",
  "packetAuditEventId": "<demo-session-packet-audit-event-uuid>",
  "qaOutcome": "pass",
  "operatorAttestation": "no-secrets-no-phi-aal2-human-run",
  "tokenDisposalAttestation": "temporary-token-deleted-or-rotated",
  "dataBoundary": "synthetic-business-workflow-only"
}
```

Safe copy fields:
- workflowKind
- workflowRunId
- workflowRunUrl
- executedAt
- baseUrl
- intakeId or workspaceSlug
- createdSessionId or created authority reference UUID
- packetAuditEventId
- qaOutcome=pass
- operatorAttestation=no-secrets-no-phi-aal2-human-run
- tokenDisposalAttestation=temporary-token-deleted-or-rotated
- dataBoundary=synthetic-business-workflow-only

Abort conditions:
- No fresh human AAL2 session is available.
- The target is not synthetic or metadata-only.
- The token preflight fails or the token lifetime is too long.
- The workflow requires a long-lived or committed credential.
- Any evidence field contains a token, credential, PHI, patient identifier, payer member identifier, artifact URL, legal approval, security report, reimbursement determination, or production clinical record.
- The operator cannot delete or rotate the temporary secret after the run.
- Buyer Diligence is requested before no-secret evidence metadata is retained.

## Authority Reference QA activation
- Workflow kind: authority-reference-qa
- Dispatch path: .github/workflows/authority-reference-qa-smoke.yml
- Temporary secret: SCRIMED_BEARER_TOKEN
- Evidence packet route: /api/qa-evidence/manual-run-packet
- Protected persistence route: /api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets
- Proof promotion route: /qa-proof-promotion
- Buyer proof rule: Do not promote this workflow into Buyer Diligence until the protected workspace shows a retained packet SHA-256 and append-only audit event.

Dispatch inputs:
```json
{
  "base_url": "https://app.scrimedsolutions.com",
  "workspace_slug": "atlas-synthetic-evaluation",
  "require_authenticated_path": true
}
```

Preflight command template:
```bash
SCRIMED_REQUIRE_AUTHORITY_REFERENCE_QA=1 SCRIMED_WORKSPACE_SLUG=<synthetic-workspace-slug> SCRIMED_BEARER_TOKEN=<short-lived-aal2-token> node scripts/authority-artifact-reference-qa-token-preflight.mjs
```

Smoke command template:
```bash
SCRIMED_REQUIRE_AUTHORITY_REFERENCE_QA=1 SCRIMED_BASE_URL=https://app.scrimedsolutions.com SCRIMED_WORKSPACE_SLUG=<synthetic-workspace-slug> SCRIMED_BEARER_TOKEN=<short-lived-aal2-token> node scripts/authority-artifact-reference-qa-smoke.mjs
```

Safe evidence template:
```json
{
  "workflowKind": "authority-reference-qa",
  "workflowRunId": "<numeric-scrimed-manual-run-id>",
  "workflowRunUrl": "https://app.scrimedsolutions.com/qa-run-control?runId=<numeric-scrimed-manual-run-id>",
  "executedAt": "<iso-8601-run-timestamp>",
  "baseUrl": "https://app.scrimedsolutions.com",
  "intakeId": "atlas-synthetic-evaluation",
  "createdSessionId": "<created-authority-reference-uuid>",
  "packetAuditEventId": "<authority-reference-packet-audit-event-uuid>",
  "qaOutcome": "pass",
  "operatorAttestation": "no-secrets-no-phi-aal2-human-run",
  "tokenDisposalAttestation": "temporary-token-deleted-or-rotated",
  "dataBoundary": "synthetic-business-workflow-only"
}
```

Safe copy fields:
- workflowKind
- workflowRunId
- workflowRunUrl
- executedAt
- baseUrl
- intakeId or workspaceSlug
- createdSessionId or created authority reference UUID
- packetAuditEventId
- qaOutcome=pass
- operatorAttestation=no-secrets-no-phi-aal2-human-run
- tokenDisposalAttestation=temporary-token-deleted-or-rotated
- dataBoundary=synthetic-business-workflow-only

Abort conditions:
- No fresh human AAL2 session is available.
- The target is not synthetic or metadata-only.
- The token preflight fails or the token lifetime is too long.
- The workflow requires a long-lived or committed credential.
- Any evidence field contains a token, credential, PHI, patient identifier, payer member identifier, artifact URL, legal approval, security report, reimbursement determination, or production clinical record.
- The operator cannot delete or rotate the temporary secret after the run.
- Buyer Diligence is requested before no-secret evidence metadata is retained.

## Blocked Claims
- human AAL2 workflow completed by code
- bearer token retained as evidence
- authenticated QA proof retained before packet hash visibility
- PHI processed or validated
- live clinical care authorized
- security certification completed
- compliance certification completed
- reimbursement outcome guaranteed
- production connector approved
- autonomous diagnosis or treatment authorized

## Next Recommended Build Step
Have an approved tenant-admin operator use /qa-human-run-packet to dispatch exactly one workflow with a fresh short-lived AAL2 token, persist only the no-secret packet metadata, then verify Claim Guard, Activation Seal, and Proof Promotion before exporting Buyer Diligence.