{"service":"scrimed-agent-governance","status":"scrimed-agent-governance-active-synthetic-no-phi","apiRoute":"/api/scrimed-agent-governance","briefRoute":"/api/scrimed-agent-governance/brief","boundary":"SCRIMED Agent Governance is a synthetic/no-PHI control plane. It evaluates metadata-only agent session state and does not authorize PHI export, autonomous clinical care, diagnosis, treatment, prescribing, EHR writeback, payer submission, production deployment, certification claims, or customer go-live.","identityRegistry":[{"agentId":"sentinel-supervisor","name":"Project SENTINEL Supervisor","declaredScope":"trust_safety","allowedTools":["policy_preview","audit_hash","review_queue"],"blockedTools":["ehr_writeback","payer_submit","patient_message","external_export"],"owner":"Trust and Safety"},{"agentId":"prior-auth-documentation-agent","name":"Prior Authorization Documentation Agent","declaredScope":"payer_workflow","allowedTools":["policy_gap_check","packet_draft","citation_review"],"blockedTools":["payer_submit","patient_message","ehr_writeback"],"owner":"RCM Governance"},{"agentId":"clinical-context-agent","name":"Clinical Context Agent","declaredScope":"clinical_intelligence","allowedTools":["synthetic_context_retrieval","evidence_map","review_packet"],"blockedTools":["diagnose","prescribe","ehr_writeback","patient_message"],"owner":"Clinical Safety"}],"policies":[{"id":"phi-touched-block-export","trigger":"If PHI touched, block export and require human review.","decision":"require_review","riskDelta":45,"reason":"PHI access changes the action boundary; export cannot proceed without qualified approval.","humanApprovalRequired":true},{"id":"untrusted-content-restrict-tools","trigger":"If untrusted external content read, restrict tool actions.","decision":"require_review","riskDelta":25,"reason":"Untrusted content can inject instructions or poison retrieval context.","humanApprovalRequired":true},{"id":"cost-threshold-requires-approval","trigger":"If agent cost exceeds threshold, require approval.","decision":"require_review","riskDelta":15,"reason":"Cost guardrails prevent runaway agent loops and unexpected billing exposure.","humanApprovalRequired":true},{"id":"external-communication-review","trigger":"If action attempts external communication, require review.","decision":"require_review","riskDelta":30,"reason":"External communication can create legal, clinical, patient, or payer consequences.","humanApprovalRequired":true},{"id":"outside-declared-scope-deny","trigger":"If agent task is outside declared scope, deny.","decision":"deny","riskDelta":50,"reason":"Agents are deny-by-default outside their declared identity and permission scope.","humanApprovalRequired":true},{"id":"clinical-recommendation-decision-support-only","trigger":"If clinical recommendation requested, return decision-support-only boundary.","decision":"require_review","riskDelta":40,"reason":"Clinical content can support review but cannot become autonomous diagnosis, treatment, or prescribing.","humanApprovalRequired":true}],"sampleSession":{"sessionId":"synthetic-session-agent-governance-001","agentId":"clinical-context-agent","declaredScope":"clinical_intelligence","requestedAction":"summarize synthetic care context for reviewer decision support","phiAccessed":false,"confidentialDocumentAccessed":false,"untrustedContentRead":true,"externalActionRequested":false,"costUsd":7.5,"clinicalRecommendationRequested":true,"targetTool":"evidence_map"},"sampleEvaluation":{"decision":"require_review","dynamicRiskScore":65,"humanApprovalRequired":true,"matchedPolicies":["untrusted-content-restrict-tools","clinical-recommendation-decision-support-only"],"safeBoundary":"Decision support only. Human approval is required for PHI, clinical, external, payer, EHR, deployment, or out-of-scope actions.","auditHash":"scrimed-intel-fbf4539a"},"productionReadiness":false,"noPhiConfirmed":true}