{"service":"scrimed-manual-qa-proof-promotion","route":"/qa-proof-promotion","apiRoute":"/api/qa-evidence/proof-promotion","briefRoute":"/api/qa-evidence/proof-promotion/brief","status":"manual-aal2-qa-proof-promotion-gate-ready","proofStackStatus":"retained-manual-qa-proof-promotion-gate-no-secret","briefProofStackStatus":"manual-qa-proof-promotion-brief-retained-packet-required","boundary":"SCRIMED Manual QA Proof Promotion decides when retained no-secret human AAL2 QA packet metadata can be referenced in buyer diligence. It does not execute AAL2 workflows, store tokens, store PHI, certify security or compliance, authorize live clinical care, guarantee reimbursement, approve production connectors, or allow authenticated-proof claims before a protected packet hash is visible.","decision":{"state":"pending-retained-packet","promotionAllowed":false,"packetCount":0,"auditSignalCount":0,"latestPacketHash":"pending","latestWorkflowRunId":"pending","latestWorkflowKind":"pending","latestCreatedAt":"pending","buyerSafeClaim":"SCRIMED has an operator-ready manual AAL2 QA path, but retained authenticated QA proof is still pending.","buyerProofLanguage":"Buyer-facing proof may reference activation readiness, Run Control, and fail-closed checks, but not retained authenticated QA proof.","nextAction":"Use /qa-run-control, complete one human AAL2 synthetic QA workflow, persist the no-secret packet, then promote after packet hash visibility.","blockedClaims":["authenticated QA completed without a retained protected packet hash","bearer token retained as evidence","PHI processed or validated","live clinical care authorized","security certification completed","compliance certification completed","reimbursement outcome guaranteed","production connector approved","autonomous diagnosis or treatment authorized"],"requiredEvidence":["workflow kind","workflow run ID","workflow run URL","execution timestamp","synthetic target ID","created safe object UUID","packet audit event UUID","token disposal attestation","packet SHA-256","protected workspace audit visibility"]},"promotionDecisionState":"pending-retained-packet","promotionAllowed":false,"sourceLedgerStatus":"qa-evidence-ledger-active","sourceRunControlStatus":"manual-aal2-qa-run-control-ready","protectedPersistenceRoute":"/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets","ruleCount":5,"hardStopRuleCount":3,"requiredEvidence":["workflow kind","workflow run ID","workflow run URL","execution timestamp","synthetic target ID","created safe object UUID","packet audit event UUID","token disposal attestation","packet SHA-256","protected workspace audit visibility"],"blockedClaims":["authenticated QA completed without a retained protected packet hash","bearer token retained as evidence","PHI processed or validated","live clinical care authorized","security certification completed","compliance certification completed","reimbursement outcome guaranteed","production connector approved","autonomous diagnosis or treatment authorized"],"rules":[{"rule":"Retained packet hash required","status":"hard-stop","beforePromotion":"Describe the workflow as activation-ready or operator-ready only.","afterPromotion":"Reference the retained packet hash and workflow run ID in buyer diligence.","boundary":"No hash means no retained authenticated QA proof claim."},{"rule":"No-secret evidence only","status":"hard-stop","beforePromotion":"Reject bearer tokens, refresh tokens, credentials, PHI, payer data, artifacts, URLs, legal opinions, and security reports.","afterPromotion":"Use only safe metadata fields and the packet SHA-256.","boundary":"The token itself is never evidence."},{"rule":"Human AAL2 provenance required","status":"active","beforePromotion":"Use Run Control and Manual QA Evidence capture under a fresh human AAL2 session.","afterPromotion":"State that the packet records a human-run synthetic QA workflow.","boundary":"AAL2 provenance is not clinical, legal, reimbursement, or production authorization."},{"rule":"Buyer Diligence export after persistence","status":"active","beforePromotion":"Keep Buyer Diligence language in pending activation posture.","afterPromotion":"Allow Buyer Diligence to include retained packet count, run ID, packet hash, and audit event reference.","boundary":"Buyer proof is limited to governed synthetic QA evidence."},{"rule":"Clinical and production claims remain blocked","status":"hard-stop","beforePromotion":"Do not imply live care, PHI processing, payer submission, or connector approval.","afterPromotion":"Continue blocking live clinical, PHI, payer, reimbursement, security-certification, and production-launch claims.","boundary":"Retained QA proof improves diligence; it does not unlock production clinical execution."}],"claimRules":["Allowed now: SCRIMED can explain exactly when manual AAL2 QA evidence may be promoted into buyer diligence.","Allowed now: SCRIMED can keep buyer proof in activation-ready posture until packet hashes are retained.","Allowed after retained packet: SCRIMED can cite no-secret workflow run metadata and packet SHA-256 for a synthetic QA workflow.","Never allowed from this gate alone: live clinical care, PHI processing, payer submission, production connector approval, security certification, reimbursement certainty, or autonomous clinical action."],"nextRecommendedBuildStep":"Run one human AAL2 workflow from /qa-run-control, persist the no-secret packet, then let Buyer Pilot Room export reference the retained packet hash through this promotion gate.","updated":"2026-06-21"}