{"service":"scrimed-manual-aal2-qa-run-control","route":"/qa-run-control","apiRoute":"/api/qa-evidence/run-control","briefRoute":"/api/qa-evidence/run-control/brief","status":"manual-aal2-qa-run-control-ready","proofStackStatus":"manual-aal2-qa-run-control-no-secret-operator-brief","briefProofStackStatus":"manual-aal2-qa-run-control-brief-no-auth-claim","boundary":"SCRIMED Manual AAL2 QA Run Control creates a no-secret operator mission-control layer for human-run synthetic QA. It does not execute AAL2 ceremonies, mint tokens, store credentials, run unattended authenticated CI, process PHI, authorize clinical care, certify security or compliance, guarantee reimbursement, approve production connectors, or claim retained authenticated proof before protected no-secret evidence is persisted.","executionDecision":"operator-control-ready-human-aal2-required","buyerClaimStatus":"operator-brief-ready-not-retained-authenticated-proof","sourceReadinessStatus":"manual-aal2-qa-execution-readiness-ready","sourceLedgerStatus":"qa-evidence-ledger-active","workflowCount":2,"gateCount":7,"hardStopGateCount":1,"forbiddenEvidenceCount":16,"commandTemplateCount":4,"evidenceTemplateCount":2,"gates":[{"gate":"Fresh human AAL2 session","state":"required-before-run","owner":"Tenant-admin or pilot-lead operator","passSignal":"Operator confirms AAL2 session and scoped role in the protected workspace.","failSignal":"No AAL2 session, stale session, ambiguous role, or shared account.","boundary":"AAL2 confirms operator context only; it is not clinical, legal, security, or reimbursement authority."},{"gate":"Synthetic target selected","state":"required-before-run","owner":"Workflow owner","passSignal":"Exactly one synthetic intake ID or workspace slug is selected before dispatch.","failSignal":"Target is missing, broad, production-linked, or contains regulated data.","boundary":"Targets must remain synthetic business workflow metadata."},{"gate":"Short-lived token preflight","state":"required-before-run","owner":"Release engineering","passSignal":"Preflight passes with AAL2, session_id, expiry, and minimum remaining lifetime checks.","failSignal":"Weak token shape, missing AAL2, missing session, expired token, or excessive lifetime.","boundary":"Preflight is not signature verification; protected APIs remain the authority."},{"gate":"Manual workflow dispatch","state":"required-during-run","owner":"Human operator","passSignal":"Manual GitHub workflow passes against the explicit synthetic target.","failSignal":"Workflow is scheduled, target is implicit, or authenticated path is optional.","boundary":"Passing smoke proves only the synthetic protected route under review-gated conditions."},{"gate":"Secret disposal","state":"required-after-run","owner":"Security owner and human operator","passSignal":"Temporary masked secret is deleted or rotated immediately after completion.","failSignal":"Token remains in GitHub, Vercel, source, docs, logs, packets, screenshots, or chat.","boundary":"The token is never evidence and must not be retained."},{"gate":"No-secret packet persistence","state":"required-after-run","owner":"Tenant governance operator","passSignal":"Only safe metadata is persisted through the protected Manual QA Evidence route.","failSignal":"Packet contains secrets, PHI, approvals, reports, clinical records, or unsupported identifiers.","boundary":"Retained proof is limited to synthetic workflow metadata and packet hash."},{"gate":"Buyer proof promotion","state":"hard-stop","owner":"Sales engineering and trust reviewer","passSignal":"Buyer Diligence is exported after packet hash and audit event are visible.","failSignal":"Buyer material claims authenticated proof before no-secret metadata is persisted.","boundary":"Buyer proof can reference retained QA evidence only after protected persistence."}],"workflows":[{"workflowKind":"sales-demo-session-qa","name":"Sales Demo Session QA activation","state":"ready-for-operator-control-human-aal2-required","dispatchPath":".github/workflows/sales-demo-session-qa-smoke.yml","dispatchInputs":{"base_url":"https://app.scrimedsolutions.com","intake_id":"<synthetic-sales-opportunity-intake-id>","require_authenticated_path":true},"temporarySecret":"SCRIMED_SALES_QA_BEARER_TOKEN","preflightCommandTemplate":"SCRIMED_REQUIRE_SALES_QA=1 SCRIMED_SALES_QA_INTAKE_ID=<synthetic-intake-id> SCRIMED_SALES_QA_BEARER_TOKEN=<short-lived-aal2-token> node scripts/sales-demo-session-qa-token-preflight.mjs","smokeCommandTemplate":"SCRIMED_REQUIRE_SALES_QA=1 SCRIMED_BASE_URL=https://app.scrimedsolutions.com SCRIMED_SALES_QA_INTAKE_ID=<synthetic-intake-id> SCRIMED_SALES_QA_BEARER_TOKEN=<short-lived-aal2-token> node scripts/sales-demo-session-qa-smoke.mjs","safeEvidenceTemplate":{"workflowKind":"sales-demo-session-qa","workflowRunId":"<numeric-scrimed-manual-run-id>","workflowRunUrl":"https://app.scrimedsolutions.com/qa-run-control?runId=<numeric-scrimed-manual-run-id>","executedAt":"<iso-8601-run-timestamp>","baseUrl":"https://app.scrimedsolutions.com","intakeId":"<synthetic-sales-opportunity-intake-id>","createdSessionId":"<created-demo-session-uuid>","packetAuditEventId":"<demo-session-packet-audit-event-uuid>","qaOutcome":"pass","operatorAttestation":"no-secrets-no-phi-aal2-human-run","tokenDisposalAttestation":"temporary-token-deleted-or-rotated","dataBoundary":"synthetic-business-workflow-only"},"evidencePacketRoute":"/api/qa-evidence/manual-run-packet","protectedPersistenceRoute":"/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets","buyerProofPromotionRule":"Do not promote this workflow into Buyer Diligence until the protected workspace shows a retained packet SHA-256 and append-only audit event.","abortConditions":["No fresh human AAL2 session is available.","The target is not synthetic or metadata-only.","The token preflight fails or the token lifetime is too long.","The workflow requires a long-lived or committed credential.","Any evidence field contains a token, credential, PHI, patient identifier, payer member identifier, artifact URL, legal approval, security report, reimbursement determination, or production clinical record.","The operator cannot delete or rotate the temporary secret after the run.","Buyer Diligence is requested before no-secret evidence metadata is retained."],"acceptedEvidenceFields":["workflow run ID","workflow run URL","execution timestamp","created safe object ID","packet audit event ID","token disposal attestation","packet SHA-256 after protected persistence"],"forbiddenEvidence":["bearer tokens","refresh tokens","passwords","API keys","JWT strings","PHI","patient identifiers","payer member identifiers","artifact URLs","signed approvals","legal opinions","security reports","reimbursement determinations","source contracts","production credentials","clinical records"],"operatorSequence":["Open the protected workspace in a fresh browser session and confirm AAL2 posture.","Use one explicit synthetic Sales Operations intake ID as the target.","Create a temporary masked GitHub Actions secret for the short-lived AAL2 token.","Dispatch the manual workflow with require_authenticated_path=true.","Verify preflight passed before the authenticated smoke runs.","Copy only the workflow run ID, run URL, created safe object ID, packet audit event ID, and timestamp.","Delete or rotate the temporary secret immediately after the workflow completes.","Persist the safe metadata through /pilot-workspace/access -> Manual QA Evidence.","Export Buyer Diligence only after the packet hash and audit event are visible."]},{"workflowKind":"authority-reference-qa","name":"Authority Reference QA activation","state":"ready-for-operator-control-human-aal2-required","dispatchPath":".github/workflows/authority-reference-qa-smoke.yml","dispatchInputs":{"base_url":"https://app.scrimedsolutions.com","workspace_slug":"atlas-synthetic-evaluation","require_authenticated_path":true},"temporarySecret":"SCRIMED_BEARER_TOKEN","preflightCommandTemplate":"SCRIMED_REQUIRE_AUTHORITY_REFERENCE_QA=1 SCRIMED_WORKSPACE_SLUG=<synthetic-workspace-slug> SCRIMED_BEARER_TOKEN=<short-lived-aal2-token> node scripts/authority-artifact-reference-qa-token-preflight.mjs","smokeCommandTemplate":"SCRIMED_REQUIRE_AUTHORITY_REFERENCE_QA=1 SCRIMED_BASE_URL=https://app.scrimedsolutions.com SCRIMED_WORKSPACE_SLUG=<synthetic-workspace-slug> SCRIMED_BEARER_TOKEN=<short-lived-aal2-token> node scripts/authority-artifact-reference-qa-smoke.mjs","safeEvidenceTemplate":{"workflowKind":"authority-reference-qa","workflowRunId":"<numeric-scrimed-manual-run-id>","workflowRunUrl":"https://app.scrimedsolutions.com/qa-run-control?runId=<numeric-scrimed-manual-run-id>","executedAt":"<iso-8601-run-timestamp>","baseUrl":"https://app.scrimedsolutions.com","intakeId":"atlas-synthetic-evaluation","createdSessionId":"<created-authority-reference-uuid>","packetAuditEventId":"<authority-reference-packet-audit-event-uuid>","qaOutcome":"pass","operatorAttestation":"no-secrets-no-phi-aal2-human-run","tokenDisposalAttestation":"temporary-token-deleted-or-rotated","dataBoundary":"synthetic-business-workflow-only"},"evidencePacketRoute":"/api/qa-evidence/manual-run-packet","protectedPersistenceRoute":"/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets","buyerProofPromotionRule":"Do not promote this workflow into Buyer Diligence until the protected workspace shows a retained packet SHA-256 and append-only audit event.","abortConditions":["No fresh human AAL2 session is available.","The target is not synthetic or metadata-only.","The token preflight fails or the token lifetime is too long.","The workflow requires a long-lived or committed credential.","Any evidence field contains a token, credential, PHI, patient identifier, payer member identifier, artifact URL, legal approval, security report, reimbursement determination, or production clinical record.","The operator cannot delete or rotate the temporary secret after the run.","Buyer Diligence is requested before no-secret evidence metadata is retained."],"acceptedEvidenceFields":["workflow run ID","workflow run URL","execution timestamp","created safe object ID","packet audit event ID","token disposal attestation","packet SHA-256 after protected persistence"],"forbiddenEvidence":["bearer tokens","refresh tokens","passwords","API keys","JWT strings","PHI","patient identifiers","payer member identifiers","artifact URLs","signed approvals","legal opinions","security reports","reimbursement determinations","source contracts","production credentials","clinical records"],"operatorSequence":["Open the protected workspace in a fresh browser session and confirm AAL2 posture.","Use the protected synthetic workspace slug as the explicit target.","Create a temporary masked GitHub Actions secret for the short-lived AAL2 token.","Dispatch the manual workflow with require_authenticated_path=true.","Verify preflight passed before the authenticated smoke runs.","Copy only the workflow run ID, run URL, created safe object ID, packet audit event ID, and timestamp.","Delete or rotate the temporary secret immediately after the workflow completes.","Persist the safe metadata through /pilot-workspace/access -> Manual QA Evidence.","Export Buyer Diligence only after the packet hash and audit event are visible."]}],"operatorBriefRoutes":["/api/qa-evidence/run-control/brief","/api/qa-evidence/execution-readiness/brief","/api/qa-evidence/activation-plan/brief"],"claimRules":["Allowed now: SCRIMED has operator-ready AAL2 QA run-control briefs and workflow-specific safe evidence templates.","Allowed now: SCRIMED can tell an operator exactly what to run, what to copy, what to reject, and when buyer proof can be promoted.","Not allowed yet: SCRIMED has retained authenticated AAL2 QA proof for these workflows.","Not allowed yet: SCRIMED is authorized for live clinical care, PHI processing, payer submission, production connectors, security certification, reimbursement certainty, or regional clinical deployment."],"nextRecommendedBuildStep":"Use this run-control layer, then /qa-human-run-packet, during the first human AAL2 run; persist the no-secret evidence packet through the protected workspace, then update Buyer Diligence only after packet hash visibility is verified.","updated":"2026-06-21"}