{"service":"scrimed-manual-aal2-qa-execution-console","status":"manual-aal2-qa-execution-console-ready","consoleState":"operator-aal2-run-required","publicSummaryOnly":true,"protectedExecutionRequired":true,"buyerProofReleaseReady":false,"route":"/qa-manual-execution-console","briefRoute":"/api/qa-evidence/manual-execution-console/brief","protectedRoute":"/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-execution-console","protectedWorkspaceRoute":"/pilot-workspace/access#manual-qa-execution-console","workflowCount":2,"stageCount":6,"hardStopCount":8,"blockedAuthorityClaimCount":7,"workflows":[{"workflowKind":"sales-demo-session-qa","name":"Sales Demo Session QA activation","dispatchPath":".github/workflows/sales-demo-session-qa-smoke.yml","defaultSyntheticTarget":"synthetic-sales-opportunity-intake-id","temporarySecret":"SCRIMED_SALES_QA_BEARER_TOKEN","preflightCommandTemplate":"SCRIMED_REQUIRE_SALES_QA=1 SCRIMED_SALES_QA_INTAKE_ID=<synthetic-intake-id> SCRIMED_SALES_QA_BEARER_TOKEN=<short-lived-aal2-token> node scripts/sales-demo-session-qa-token-preflight.mjs","smokeCommandTemplate":"SCRIMED_REQUIRE_SALES_QA=1 SCRIMED_BASE_URL=https://app.scrimedsolutions.com SCRIMED_SALES_QA_INTAKE_ID=<synthetic-intake-id> SCRIMED_SALES_QA_BEARER_TOKEN=<short-lived-aal2-token> node scripts/sales-demo-session-qa-smoke.mjs","safeEvidenceFields":["workflowKind","workflowRunId","workflowRunUrl","executedAt","baseUrl","synthetic sales opportunity intake ID","created demo session UUID","demo session packet audit event UUID","qaOutcome=pass","operatorAttestation=no-secrets-no-phi-aal2-human-run","tokenDisposalAttestation=temporary-token-deleted-or-rotated","dataBoundary=synthetic-business-workflow-only","packetSha256 after protected persistence"],"protectedPersistenceRoute":"/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets","buyerProofReleaseRoute":"/qa-buyer-proof-release","abortConditions":["No fresh human AAL2 session is available.","The target is not synthetic or metadata-only.","The token preflight fails or the token lifetime is too long.","The workflow requires a long-lived or committed credential.","Any evidence field contains a token, credential, PHI, patient identifier, payer member identifier, artifact URL, legal approval, security report, reimbursement determination, or production clinical record.","The operator cannot delete or rotate the temporary secret after the run.","Buyer Diligence is requested before no-secret evidence metadata is retained."]},{"workflowKind":"authority-reference-qa","name":"Authority Reference QA activation","dispatchPath":".github/workflows/authority-reference-qa-smoke.yml","defaultSyntheticTarget":"atlas-synthetic-evaluation","temporarySecret":"SCRIMED_BEARER_TOKEN","preflightCommandTemplate":"SCRIMED_REQUIRE_AUTHORITY_REFERENCE_QA=1 SCRIMED_WORKSPACE_SLUG=<synthetic-workspace-slug> SCRIMED_BEARER_TOKEN=<short-lived-aal2-token> node scripts/authority-artifact-reference-qa-token-preflight.mjs","smokeCommandTemplate":"SCRIMED_REQUIRE_AUTHORITY_REFERENCE_QA=1 SCRIMED_BASE_URL=https://app.scrimedsolutions.com SCRIMED_WORKSPACE_SLUG=<synthetic-workspace-slug> SCRIMED_BEARER_TOKEN=<short-lived-aal2-token> node scripts/authority-artifact-reference-qa-smoke.mjs","safeEvidenceFields":["workflowKind","workflowRunId","workflowRunUrl","executedAt","baseUrl","workspace slug as synthetic target","created authority reference UUID","authority reference packet audit event UUID","qaOutcome=pass","operatorAttestation=no-secrets-no-phi-aal2-human-run","tokenDisposalAttestation=temporary-token-deleted-or-rotated","dataBoundary=synthetic-business-workflow-only","packetSha256 after protected persistence"],"protectedPersistenceRoute":"/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets","buyerProofReleaseRoute":"/qa-buyer-proof-release","abortConditions":["No fresh human AAL2 session is available.","The target is not synthetic or metadata-only.","The token preflight fails or the token lifetime is too long.","The workflow requires a long-lived or committed credential.","Any evidence field contains a token, credential, PHI, patient identifier, payer member identifier, artifact URL, legal approval, security report, reimbursement determination, or production clinical record.","The operator cannot delete or rotate the temporary secret after the run.","Buyer Diligence is requested before no-secret evidence metadata is retained."]}],"stages":[{"id":"aal2-operator","name":"Fresh human AAL2 operator session","status":"blocked","owner":"Tenant-admin or pilot-lead","evidence":"No retained packet is visible yet; the operator must complete the protected browser session and manual workflow.","action":"Open the protected workspace with a fresh AAL2 session before dispatch."},{"id":"manual-dispatch","name":"Manual workflow dispatched against one synthetic target","status":"blocked","owner":"Release engineering and human operator","evidence":"The console has no retained workflow run ID yet.","action":"Use the Human Run Packet command template and one explicit synthetic target."},{"id":"secret-disposal","name":"Temporary secret deleted or rotated","status":"blocked","owner":"Security owner and operator","evidence":"No token-disposal attestation is retained yet.","action":"Delete or rotate temporary token material before packet persistence."},{"id":"safe-metadata","name":"No-secret metadata captured","status":"blocked","owner":"TrustOS reviewer","evidence":"No packet hash is visible yet.","action":"Persist only safe IDs, timestamps, run URL, packet audit UUID, and fixed attestations."},{"id":"append-only-audit","name":"Append-only audit signal visible","status":"blocked","owner":"Tenant governance","evidence":"No manual QA evidence audit signal is visible.","action":"Refresh protected audit events after packet persistence."},{"id":"buyer-proof-release","name":"Buyer Proof Release passed","status":"blocked","owner":"Buyer diligence and claims governance","evidence":"Buyer Proof Release state: locked-retained-packet-required.","action":"Complete the human AAL2 run, persist no-secret metadata, then verify Proof Promotion, Activation Seal, Claim Guard, and this release gate before Buyer Diligence export."}],"hardStops":["No fresh human AAL2 tenant governance session is available.","The operator cannot identify one explicit synthetic target.","The workflow is scheduled, unattended, or does not require the authenticated path.","The preflight token check fails or a long-lived credential is requested.","Any candidate evidence includes bearer tokens, refresh tokens, API keys, passwords, PHI, patient identifiers, payer member identifiers, clinical records, legal opinions, security reports, artifact URLs, reimbursement determinations, or production credentials.","Temporary token material was not deleted or rotated after the run.","Protected Manual QA Evidence cannot show a packet SHA-256 and append-only audit event.","Buyer Diligence or public language claims retained proof, live clinical care authority, PHI authority, certification, reimbursement certainty, connector approval, or production authorization before protected release."],"blockedAuthorityClaims":["human AAL2 proof has been completed without protected retained packet visibility","SCRIMED is authorized for live clinical care","SCRIMED can process production PHI","SCRIMED is HIPAA certified, SOC 2 certified, FDA cleared, or legally approved","SCRIMED guarantees reimbursement, payer approval, or claim submission authority","SCRIMED can autonomously diagnose, treat, contact patients, or execute clinical care","SCRIMED production EHR, FHIR, payer, imaging, or device connectors are approved"],"boundary":"SCRIMED Manual QA Execution Console coordinates human AAL2 synthetic QA execution, retained no-secret evidence capture, and Buyer Proof Release checks. It does not execute passkey ceremonies, mint or store tokens, store PHI, run unattended authenticated CI, certify security or compliance, authorize live clinical care, guarantee reimbursement, approve production connectors, or create public release authority."}