{"route":"/api/qa-evidence/manual-run-packet","protectedPersistenceRoute":"/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets","status":"manual-aal2-run-evidence-packet-ready","authorityReferenceBridgeStatus":"authority-reference-qa-evidence-bridge-ready","supportedWorkflowKinds":["sales-demo-session-qa","authority-reference-qa"],"persistenceStatus":"tenant-scoped-aal2-manual-qa-evidence-ledger","requiredFields":["workflowKind","workflowRunId","workflowRunUrl","executedAt","baseUrl","intakeId","createdSessionId","packetAuditEventId","qaOutcome","operatorAttestation","tokenDisposalAttestation","dataBoundary"],"acceptedAttestations":{"qaOutcome":"pass","operatorAttestation":"no-secrets-no-phi-aal2-human-run","tokenDisposalAttestation":"temporary-token-deleted-or-rotated","dataBoundary":"synthetic-business-workflow-only"},"forbiddenContent":"Do not submit bearer tokens, refresh tokens, passwords, API keys, PHI, patient identifiers, payer member identifiers, source contracts, credentials, or legal/security conclusions.","acceptedRunSources":["SCRIMED GitHub Actions manual workflow run","SCRIMED Run Control local human AAL2 execution witness"],"workflowRunUrlPolicy":"workflowRunUrl must point to either a SCRIMED GitHub Actions run or https://app.scrimedsolutions.com/qa-run-control?runId={numericRunId}.","persistenceBoundary":"The public route validates and returns a Markdown evidence packet without storing data. The protected workspace route persists the same sanitized metadata only after AAL2 tenant governance authorization and server-side storage controls.","authorityReferencePersistence":"For authority-reference QA, createdSessionId carries the created authority reference UUID and packetAuditEventId carries the authority reference packet audit event UUID. The packet labels these fields explicitly; the database column names remain generic legacy storage."}