{"service":"scrimed-build-roadmap","status":"scrimed-build-roadmap-active-no-phi","updated":"2026-06-30","route":"/scrimed-build-roadmap","apiRoute":"/api/scrimed-build-roadmap","briefRoute":"/api/scrimed-build-roadmap/brief","boundary":"SCRIMED Build Roadmap is a no-PHI, architecture-and-governance planning layer. It does not authorize live PHI, autonomous diagnosis, treatment, prescribing, patient outreach, payer submission, billing submission, EHR writeback, production connector use, certification claims, clinical validation claims, compliance completion claims, or customer go-live.","directiveCount":10,"moduleCount":6,"worldModelLayerCount":6,"benchmarkDimensionCount":5,"priorityStackCount":8,"domainCounts":{"ai-interface":1,"context-world-model":1,"semantic-graph":1,"memory-audit":1,"context-injection":1,"validation-governance":1,"workforce-talent":1,"resource-management":1,"healthcare-world-model":1,"benchmarking":1},"priorityPrinciple":"SCRIMED must be a governed healthcare meta-harness: orchestrating agents, data, documentation, evidence, and outcomes with human oversight at every high-stakes step.","priorityStack":[{"id":"omnigent-style-meta-harness","name":"Omnigent-style Meta-Harness","priority":"P0","strategicIntent":"Unify coding, clinical, documentation, evidence, and operations agents under one orchestrator with shared sessions, guardrails, policies, auditability, and approval gates.","implementationLane":["single orchestrator contract","shared session context","agent permission manifest","policy gate","human approval checkpoint"],"governedInputs":["metadata-only agent request","policy refs","task objective","selected tools","review state"],"expectedOutputs":["orchestration plan","tool access decision","approval route","audit hash","blocked action list"],"humanOversight":"Human approval remains required before any protected clinical, payer, connector, outreach, or system-of-record action.","validationMethod":["all agents must declare identity, allowed tools, blocked tools, risk level, and reviewer role","orchestrator must block high-stakes actions unless human_review_required or blocked","shared session must exclude PHI, secrets, and raw connector payloads"],"protectedBoundaries":["no live PHI","no autonomous clinical authority","no direct database or connector action by models"],"nextBuildStep":"Bind Agent Runtime, TrustOps, Intelligence Platform evaluator, and Dynamic Context Injection into one metadata-only orchestration contract."},{"id":"documentation-before-authorization-engine","name":"Documentation-Before-Authorization Engine","priority":"P0","strategicIntent":"Detect prior-authorization documentation gaps before submission, including symptom language, functional status, visit timing, medical-necessity phrasing, policy criteria, and denial risk.","implementationLane":["payer-policy checklist schema","documentation gap detector","medical necessity phrase map","visit timing validator","pre-submission risk packet"],"governedInputs":["synthetic payer policy metadata","synthetic documentation checklist","reviewer rubric","evidence refs"],"expectedOutputs":["documentation gap list","prior-auth risk score","reviewer packet","missing evidence map","submission blocked status"],"humanOversight":"RCM or clinical reviewer must approve any payer-facing packet; SCRIMED does not submit prior authorizations or claims.","validationMethod":["synthetic payer scenarios must flag missing symptoms, function, timing, and evidence language","route must block payer_submission tools","outputs must state policy source freshness and uncertainty"],"protectedBoundaries":["no payer submission","no billing submission","no medical necessity final determination"],"nextBuildStep":"Create synthetic prior-auth documentation gap fixtures and connect them to TrustOps reviewer queues."},{"id":"edge-clinical-trial-evidence-layer","name":"Edge Clinical Trial Evidence Layer","priority":"P1","strategicIntent":"Prepare site/device-level trial evidence capture that can validate, hash, and sync decentralized-trial metadata without exposing live participant data.","implementationLane":["edge evidence envelope","site/device provenance","tamper-evident hash","offline sync status","trial monitor review queue"],"governedInputs":["synthetic device event","site metadata","protocol metadata","consent-state placeholder","sync checkpoint"],"expectedOutputs":["evidence envelope","provenance hash","validation status","sync readiness","monitor review flag"],"humanOversight":"Trial monitor, investigator, or sponsor-designated reviewer must validate before operational or regulatory use.","validationMethod":["hashes must be deterministic for metadata fixtures","missing consent or protocol context must block promotion","offline sync must preserve provenance and conflict status"],"protectedBoundaries":["no live participant data","no regulatory submission","no clinical trial enrollment action"],"nextBuildStep":"Add a metadata-only edge trial evidence envelope to the Clinical Memory Graph and Evidence Binding layer."},{"id":"on-device-deidentification","name":"On-Device De-Identification","priority":"P0","strategicIntent":"Move PHI detection/redaction toward local browser, Mac, and mobile-capable preprocessing for documents and messages before any external inference path.","implementationLane":["document-type detector","PHI span scanner","redaction manifest","local-first processing policy","de-identification audit summary"],"governedInputs":["synthetic PDF metadata","synthetic HL7 v2 metadata","synthetic CDA/FHIR/CSV/NDJSON metadata","synthetic chat log metadata"],"expectedOutputs":["redaction manifest","document class","PHI risk score","human verification flag","blocked upload reason"],"humanOversight":"Human verification remains required before any de-identified artifact is used beyond synthetic demo mode.","validationMethod":["fixtures must cover PDFs, scans, images, HL7 v2, CDA, FHIR, CSV, NDJSON, and chat logs","raw source payloads must not be logged","uncertain detection routes to manual verification"],"protectedBoundaries":["no raw PHI upload","no raw connector payload logging","no external inference without explicit authorization"],"nextBuildStep":"Define a local de-identification manifest schema and no-secret fixture set for all supported document families."},{"id":"clinical-ai-benchmark-lab","name":"Clinical AI Benchmark Lab","priority":"P0","strategicIntent":"Measure SCRIMED against general models by specialty using physician-style grading dimensions without claiming clinical validation.","implementationLane":["specialty benchmark suites","physician grader rubric","source-quality scoring","verifiability checks","completeness and utility scoring"],"governedInputs":["synthetic specialty cases","public-reference metadata","rubric version","model route metadata"],"expectedOutputs":["clinical readiness score","source quality score","verifiability score","utility score","review requirement"],"humanOversight":"Qualified physician graders or designated clinical reviewers remain the authority for benchmark disposition.","validationMethod":["benchmarks must score accuracy, utility, source quality, verifiability, and completeness","model self-verification is never sufficient","results cannot claim FDA, clinical validation, or production approval"],"protectedBoundaries":["no diagnosis","no treatment recommendation","no clinical validation claim"],"nextBuildStep":"Extend ClinicalBench with specialty rubrics and evaluator outputs that preserve evidence, uncertainty, and reviewer status."},{"id":"automation-orchestrator","name":"Automation Orchestrator","priority":"P0","strategicIntent":"Advance SCRIMED from chatbot UX toward governed workflow execution with tool calls, retries, approvals, audit logs, and rollback plans.","implementationLane":["workflow state machine","tool invocation registry","approval gate","retry and fallback policy","audit event stream"],"governedInputs":["synthetic workflow event","tool permission","approval status","failure mode","rollback plan"],"expectedOutputs":["workflow plan","safe tool decision","approval checkpoint","retry decision","audit trace"],"humanOversight":"Automation can recommend or prepare actions, but protected healthcare actions remain blocked or approval-gated.","validationMethod":["each workflow step must have allowed action, blocked action, owner, and failure behavior","tool calls must be permissioned","high-risk steps must require human review"],"protectedBoundaries":["no autonomous outreach","no EHR writeback","no payer or billing submission"],"nextBuildStep":"Promote existing execution-attempt envelopes into a deterministic workflow-orchestration contract."},{"id":"pre-indexed-intelligence","name":"Pre-Indexed Intelligence","priority":"P1","strategicIntent":"Reduce thin-connector dependency by building ingest-time pipelines with enriched indexes, provenance, grounding, and retrieval evaluation.","implementationLane":["ingest-time parser","structure-preserving chunker","provenance index","retrieval evaluation set","grounding quality report"],"governedInputs":["synthetic document metadata","page/table/label/value/unit metadata","source lineage","index policy"],"expectedOutputs":["enriched index record","provenance chain","retrieval score","grounding report","staleness flag"],"humanOversight":"Governance reviewer approves production indexes, source scope, retention, and connector activation.","validationMethod":["indexes must preserve pages, tables, labels, values, units, citations, images, and references where represented","retrieval evaluation must score grounding and source traceability","raw connector payloads remain excluded from logs"],"protectedBoundaries":["no raw schema exposure to agents","no production connector approval","no unreviewed source ingestion"],"nextBuildStep":"Add pre-indexed intelligence requirements to Clinical Data Fabric and TrustOps retrieval-evaluation contracts."},{"id":"ai-medical-education-layer","name":"AI Medical Education Layer","priority":"P1","strategicIntent":"Expand SCRIMED University into clinician training, AI literacy, skill assessment, feedback loops, and personalized learning paths.","implementationLane":["clinician training track","skill assessment rubric","AI literacy modules","feedback capture","personalized learning plan"],"governedInputs":["curriculum metadata","synthetic learner profile","rubric version","feedback summary"],"expectedOutputs":["learning plan","skill assessment","feedback packet","readiness milestone","non-certification disclaimer"],"humanOversight":"Education leaders and clinical governance reviewers approve curriculum and assessment language before external use.","validationMethod":["education outputs must include non-certification disclaimer","skill assessment must avoid credentialing or legal certification claims","feedback loops must remain no-PHI"],"protectedBoundaries":["no credentialing claim","no certification claim","no clinical competency authorization"],"nextBuildStep":"Add SCRIMED University assessment metadata and feedback loops to the product readiness registry."}],"metaHarness":{"service":"scrimed-meta-harness","status":"scrimed-meta-harness-ready-synthetic-only","syntheticOnly":true,"noPhiConfirmed":true,"noExternalSideEffects":true,"boundary":"SCRIMED Meta-Harness is a synthetic/no-PHI orchestration control plane for coding, clinical, documentation, evidence, operations, and trust/safety agents. It coordinates shared sessions, policies, guardrails, permissions, human approval gates, and audit metadata. It does not process live PHI, grant autonomous clinical authority, submit payer work, write to EHRs, activate production connectors, log raw payloads, or execute protected actions.","session":{"sessionId":"meta-harness-synthetic-session-001","status":"synthetic_shared_session_ready","syntheticOnly":true,"noPhiConfirmed":true,"rawConnectorPayloadsAllowed":false,"sharedContextRefs":["scrimed-build-roadmap-priority-stack","scrimed-dynamic-context-manifest","scrimed-intelligence-platform-evaluator","scrimed-trustops-boundary-policy"],"policyRefs":["scrimed-safety-governance-v2026-06-29","no-live-phi","human-review-high-stakes","no-system-of-record-mutation"],"guardrails":["no raw connector payloads","no autonomous diagnosis, treatment, prescribing, outreach, payer submission, or EHR writeback","all high-risk clinical, payer, and connector actions require human review","models may draft or summarize but cannot execute protected actions"],"approvalGate":"human_approval_required_for_high_stakes"},"agentCount":6,"agents":[{"agentId":"coding_agent","name":"Coding Agent","purpose":"Inspects code and proposes safe implementation plans.","riskTier":"moderate","allowedTools":["read_only_code_inspector","schema_validator","audit_recorder"],"blockedTools":["ehr_writeback","payer_submission","patient_outreach","production_connector_activation","raw_payload_logger"],"reviewerRole":"platform_reviewer","canAccessPhi":false,"canExecuteProtectedAction":false,"telemetryRequired":true},{"agentId":"clinical_agent","name":"Clinical Agent","purpose":"Synthesizes synthetic clinical workflow context with evidence and review gates.","riskTier":"high","allowedTools":["synthetic_context_loader","schema_validator","evidence_binder","human_approval_queue","audit_recorder"],"blockedTools":["ehr_writeback","payer_submission","patient_outreach","production_connector_activation","raw_payload_logger"],"reviewerRole":"clinical_reviewer","canAccessPhi":false,"canExecuteProtectedAction":false,"telemetryRequired":true},{"agentId":"documentation_agent","name":"Documentation Agent","purpose":"Creates synthetic documentation gap packets and reviewer-ready drafts.","riskTier":"moderate","allowedTools":["synthetic_context_loader","schema_validator","policy_gate","evidence_binder","audit_recorder"],"blockedTools":["ehr_writeback","payer_submission","patient_outreach","production_connector_activation","raw_payload_logger"],"reviewerRole":"payer_policy_reviewer","canAccessPhi":false,"canExecuteProtectedAction":false,"telemetryRequired":true},{"agentId":"evidence_agent","name":"Evidence Agent","purpose":"Binds sources, provenance, policy refs, and audit hashes.","riskTier":"moderate","allowedTools":["schema_validator","evidence_binder","audit_recorder"],"blockedTools":["ehr_writeback","payer_submission","patient_outreach","production_connector_activation","raw_payload_logger"],"reviewerRole":"privacy_security_reviewer","canAccessPhi":false,"canExecuteProtectedAction":false,"telemetryRequired":true},{"agentId":"operations_agent","name":"Operations Agent","purpose":"Routes synthetic workflow states, bottlenecks, owners, and queue readiness.","riskTier":"moderate","allowedTools":["synthetic_context_loader","policy_gate","audit_recorder"],"blockedTools":["ehr_writeback","payer_submission","patient_outreach","production_connector_activation","raw_payload_logger"],"reviewerRole":"platform_reviewer","canAccessPhi":false,"canExecuteProtectedAction":false,"telemetryRequired":true},{"agentId":"trust_safety_agent","name":"Trust & Safety Agent","purpose":"Verifies boundaries, blocked tools, approval gates, and audit requirements.","riskTier":"critical","allowedTools":["schema_validator","policy_gate","human_approval_queue","audit_recorder"],"blockedTools":["ehr_writeback","payer_submission","patient_outreach","production_connector_activation","raw_payload_logger"],"reviewerRole":"privacy_security_reviewer","canAccessPhi":false,"canExecuteProtectedAction":false,"telemetryRequired":true}],"safeTools":["synthetic_context_loader","schema_validator","policy_gate","evidence_binder","audit_recorder","human_approval_queue","read_only_code_inspector"],"blockedTools":["ehr_writeback","payer_submission","patient_outreach","production_connector_activation","raw_payload_logger"],"sampleRequests":[{"requestId":"meta-harness-low-risk-code-review","sessionId":"meta-harness-synthetic-session-001","task":"Synthetic code inspection and implementation plan with no live data.","requestedAgentIds":["coding_agent","trust_safety_agent"],"requestedTools":["read_only_code_inspector","schema_validator","audit_recorder"],"riskTier":"moderate","requestedAction":"synthetic_planning"},{"requestId":"meta-harness-clinical-review-packet","sessionId":"meta-harness-synthetic-session-001","task":"Draft a synthetic clinical documentation review packet with evidence binding.","requestedAgentIds":["clinical_agent","documentation_agent","evidence_agent","trust_safety_agent"],"requestedTools":["synthetic_context_loader","schema_validator","policy_gate","evidence_binder","human_approval_queue","audit_recorder"],"riskTier":"high","requestedAction":"draft_reviewer_packet"},{"requestId":"meta-harness-blocked-protected-action","sessionId":"meta-harness-synthetic-session-001","task":"Attempt to send protected payer, outreach, and EHR actions.","requestedAgentIds":["operations_agent","trust_safety_agent"],"requestedTools":["payer_submission","patient_outreach","ehr_writeback","raw_payload_logger"],"riskTier":"critical","requestedAction":"protected_action_attempt"}],"decisions":[{"requestId":"meta-harness-low-risk-code-review","status":"human_review_required","assignedAgents":["coding_agent","trust_safety_agent"],"toolDecisions":[{"toolId":"read_only_code_inspector","status":"allowed","reason":"Tool is explicitly permissioned for at least one assigned agent inside the synthetic session."},{"toolId":"schema_validator","status":"allowed","reason":"Tool is explicitly permissioned for at least one assigned agent inside the synthetic session."},{"toolId":"audit_recorder","status":"allowed","reason":"Tool is explicitly permissioned for at least one assigned agent inside the synthetic session."}],"blockedActions":[],"approvalGate":"human_review_required","noPhiConfirmed":true,"syntheticOnly":true,"noExternalSideEffects":true,"auditHash":"scrimed-intel-27f15c5e","boundary":"SCRIMED Meta-Harness is a synthetic/no-PHI orchestration control plane for coding, clinical, documentation, evidence, operations, and trust/safety agents. It coordinates shared sessions, policies, guardrails, permissions, human approval gates, and audit metadata. It does not process live PHI, grant autonomous clinical authority, submit payer work, write to EHRs, activate production connectors, log raw payloads, or execute protected actions."},{"requestId":"meta-harness-clinical-review-packet","status":"human_review_required","assignedAgents":["clinical_agent","documentation_agent","evidence_agent","trust_safety_agent"],"toolDecisions":[{"toolId":"synthetic_context_loader","status":"allowed","reason":"Tool is explicitly permissioned for at least one assigned agent inside the synthetic session."},{"toolId":"schema_validator","status":"allowed","reason":"Tool is explicitly permissioned for at least one assigned agent inside the synthetic session."},{"toolId":"policy_gate","status":"allowed","reason":"Tool is explicitly permissioned for at least one assigned agent inside the synthetic session."},{"toolId":"evidence_binder","status":"allowed","reason":"Tool is explicitly permissioned for at least one assigned agent inside the synthetic session."},{"toolId":"human_approval_queue","status":"allowed","reason":"Tool is explicitly permissioned for at least one assigned agent inside the synthetic session."},{"toolId":"audit_recorder","status":"allowed","reason":"Tool is explicitly permissioned for at least one assigned agent inside the synthetic session."}],"blockedActions":[],"approvalGate":"human_review_required","noPhiConfirmed":true,"syntheticOnly":true,"noExternalSideEffects":true,"auditHash":"scrimed-intel-cea21115","boundary":"SCRIMED Meta-Harness is a synthetic/no-PHI orchestration control plane for coding, clinical, documentation, evidence, operations, and trust/safety agents. It coordinates shared sessions, policies, guardrails, permissions, human approval gates, and audit metadata. It does not process live PHI, grant autonomous clinical authority, submit payer work, write to EHRs, activate production connectors, log raw payloads, or execute protected actions."},{"requestId":"meta-harness-blocked-protected-action","status":"blocked","assignedAgents":["operations_agent","trust_safety_agent"],"toolDecisions":[{"toolId":"payer_submission","status":"blocked","reason":"Tool is outside SCRIMED's current no-PHI, no-system-of-record, no-protected-action boundary."},{"toolId":"patient_outreach","status":"blocked","reason":"Tool is outside SCRIMED's current no-PHI, no-system-of-record, no-protected-action boundary."},{"toolId":"ehr_writeback","status":"blocked","reason":"Tool is outside SCRIMED's current no-PHI, no-system-of-record, no-protected-action boundary."},{"toolId":"raw_payload_logger","status":"blocked","reason":"Tool is outside SCRIMED's current no-PHI, no-system-of-record, no-protected-action boundary."}],"blockedActions":["blocked tool: payer_submission","blocked tool: patient_outreach","blocked tool: ehr_writeback","blocked tool: raw_payload_logger","protected action attempt blocked"],"approvalGate":"blocked_before_execution","noPhiConfirmed":true,"syntheticOnly":true,"noExternalSideEffects":true,"auditHash":"scrimed-intel-7e70933a","boundary":"SCRIMED Meta-Harness is a synthetic/no-PHI orchestration control plane for coding, clinical, documentation, evidence, operations, and trust/safety agents. It coordinates shared sessions, policies, guardrails, permissions, human approval gates, and audit metadata. It does not process live PHI, grant autonomous clinical authority, submit payer work, write to EHRs, activate production connectors, log raw payloads, or execute protected actions."}],"validation":{"status":"fail","checks":[{"check":"agent-identity-registry-complete","passed":true,"detail":"Coding, clinical, documentation, evidence, operations, and trust/safety agents must have identities."},{"check":"permissions-declared","passed":true,"detail":"Every agent must declare allowed tools, blocked tools, risk tier, reviewer role, and telemetry requirement."},{"check":"shared-session-no-phi","passed":true,"detail":"The shared session cannot contain PHI, secrets, or raw connector payloads."},{"check":"high-stakes-human-review","passed":true,"detail":"High-risk clinical, payer, connector, or trust/safety orchestration must require human review."},{"check":"protected-actions-blocked","passed":true,"detail":"Protected payer submission, outreach, EHR writeback, connector activation, and raw-payload logging remain blocked."}]}},"preIndexedIntelligence":{"service":"pre-indexed-intelligence","status":"pre-indexed-intelligence-ready-synthetic-only","syntheticOnly":true,"livePhiProcessed":false,"rawPayloadStored":false,"rawSchemaExposedToAgents":false,"productionConnectorApproved":false,"boundary":"Pre-Indexed Intelligence is a synthetic/no-PHI, metadata-only ingest-time intelligence scaffold. It preserves document structure, provenance, grounding metadata, and retrieval evaluation for future Clinical Data Fabric and TrustOps workflows. It does not ingest live PHI, store raw connector payloads, expose raw schemas to agents, approve production connectors, make clinical recommendations, submit payer work, contact patients, or write back to EHRs.","sourceCount":6,"retrievalTaskCount":5,"records":[{"sourceId":"preindex-fhir-synthetic-care-summary","status":"human_review_required","documentFamily":"fhir_bundle","syntheticOnly":true,"livePhiProcessed":false,"rawPayloadStored":false,"rawSchemaExposedToAgents":false,"productionConnectorApproved":false,"structurePreserved":["fhir_resources","references","labels","values","units"],"indexPolicies":["synthetic_only","metadata_only","human_review_required","production_connector_blocked"],"chunks":[{"chunkId":"preindex-fhir-synthetic-care-summary-chunk-1","sourceId":"preindex-fhir-synthetic-care-summary","sourceAnchor":"fhir_bundle:fhir_resources:1","structureElements":["fhir_resources"],"agentAccessibleFields":["source_id","source_anchor","structure_elements","provenance_hash"],"excludedFields":["raw_payload","raw_schema","patient_identifier","connector_credential"],"provenanceHash":"scrimed-intel-d2747697"},{"chunkId":"preindex-fhir-synthetic-care-summary-chunk-2","sourceId":"preindex-fhir-synthetic-care-summary","sourceAnchor":"fhir_bundle:references:2","structureElements":["references"],"agentAccessibleFields":["source_id","source_anchor","structure_elements","provenance_hash"],"excludedFields":["raw_payload","raw_schema","patient_identifier","connector_credential"],"provenanceHash":"scrimed-intel-ebe29c48"},{"chunkId":"preindex-fhir-synthetic-care-summary-chunk-3","sourceId":"preindex-fhir-synthetic-care-summary","sourceAnchor":"fhir_bundle:labels:3","structureElements":["labels"],"agentAccessibleFields":["source_id","source_anchor","structure_elements","provenance_hash"],"excludedFields":["raw_payload","raw_schema","patient_identifier","connector_credential"],"provenanceHash":"scrimed-intel-5332157f"}],"provenanceChain":["synthetic-fhir-r4-fixture","clinical-data-fabric-policy"],"groundingReport":{"structureCoverageScore":53,"provenanceCoverageScore":70,"retrievalReadinessScore":64,"staleSourceFlag":false,"reviewerRequired":true},"safetyBoundary":"Pre-Indexed Intelligence is a synthetic/no-PHI, metadata-only ingest-time intelligence scaffold. It preserves document structure, provenance, grounding metadata, and retrieval evaluation for future Clinical Data Fabric and TrustOps workflows. It does not ingest live PHI, store raw connector payloads, expose raw schemas to agents, approve production connectors, make clinical recommendations, submit payer work, contact patients, or write back to EHRs.","auditHash":"scrimed-intel-399afec7"},{"sourceId":"preindex-payer-policy-synthetic-afib","status":"human_review_required","documentFamily":"prior_auth_policy_summary","syntheticOnly":true,"livePhiProcessed":false,"rawPayloadStored":false,"rawSchemaExposedToAgents":false,"productionConnectorApproved":false,"structurePreserved":["sections","payer_criteria","labels","values","citations"],"indexPolicies":["synthetic_only","metadata_only","human_review_required","production_connector_blocked"],"chunks":[{"chunkId":"preindex-payer-policy-synthetic-afib-chunk-1","sourceId":"preindex-payer-policy-synthetic-afib","sourceAnchor":"prior_auth_policy_summary:sections:1","structureElements":["sections"],"agentAccessibleFields":["source_id","source_anchor","structure_elements","provenance_hash"],"excludedFields":["raw_payload","raw_schema","patient_identifier","connector_credential"],"provenanceHash":"scrimed-intel-bd9b996a"},{"chunkId":"preindex-payer-policy-synthetic-afib-chunk-2","sourceId":"preindex-payer-policy-synthetic-afib","sourceAnchor":"prior_auth_policy_summary:payer_criteria:2","structureElements":["payer_criteria"],"agentAccessibleFields":["source_id","source_anchor","structure_elements","provenance_hash"],"excludedFields":["raw_payload","raw_schema","patient_identifier","connector_credential"],"provenanceHash":"scrimed-intel-f32949ef"},{"chunkId":"preindex-payer-policy-synthetic-afib-chunk-3","sourceId":"preindex-payer-policy-synthetic-afib","sourceAnchor":"prior_auth_policy_summary:labels:3","structureElements":["labels"],"agentAccessibleFields":["source_id","source_anchor","structure_elements","provenance_hash"],"excludedFields":["raw_payload","raw_schema","patient_identifier","connector_credential"],"provenanceHash":"scrimed-intel-7fe2c031"}],"provenanceChain":["documentation-before-authorization-policy","synthetic-prior-auth-rubric"],"groundingReport":{"structureCoverageScore":47,"provenanceCoverageScore":70,"retrievalReadinessScore":56,"staleSourceFlag":false,"reviewerRequired":true},"safetyBoundary":"Pre-Indexed Intelligence is a synthetic/no-PHI, metadata-only ingest-time intelligence scaffold. It preserves document structure, provenance, grounding metadata, and retrieval evaluation for future Clinical Data Fabric and TrustOps workflows. It does not ingest live PHI, store raw connector payloads, expose raw schemas to agents, approve production connectors, make clinical recommendations, submit payer work, contact patients, or write back to EHRs.","auditHash":"scrimed-intel-f511478c"},{"sourceId":"preindex-referral-synthetic-delay","status":"human_review_required","documentFamily":"referral_packet","syntheticOnly":true,"livePhiProcessed":false,"rawPayloadStored":false,"rawSchemaExposedToAgents":false,"productionConnectorApproved":false,"structurePreserved":["pages","sections","tables","labels","workflow_steps","images"],"indexPolicies":["synthetic_only","metadata_only","human_review_required","production_connector_blocked"],"chunks":[{"chunkId":"preindex-referral-synthetic-delay-chunk-1","sourceId":"preindex-referral-synthetic-delay","sourceAnchor":"referral_packet:pages:1","structureElements":["pages"],"agentAccessibleFields":["source_id","source_anchor","structure_elements","provenance_hash"],"excludedFields":["raw_payload","raw_schema","patient_identifier","connector_credential"],"provenanceHash":"scrimed-intel-3d1b79e0"},{"chunkId":"preindex-referral-synthetic-delay-chunk-2","sourceId":"preindex-referral-synthetic-delay","sourceAnchor":"referral_packet:sections:2","structureElements":["sections"],"agentAccessibleFields":["source_id","source_anchor","structure_elements","provenance_hash"],"excludedFields":["raw_payload","raw_schema","patient_identifier","connector_credential"],"provenanceHash":"scrimed-intel-47e6f188"},{"chunkId":"preindex-referral-synthetic-delay-chunk-3","sourceId":"preindex-referral-synthetic-delay","sourceAnchor":"referral_packet:tables:3","structureElements":["tables"],"agentAccessibleFields":["source_id","source_anchor","structure_elements","provenance_hash"],"excludedFields":["raw_payload","raw_schema","patient_identifier","connector_credential"],"provenanceHash":"scrimed-intel-a84271a9"}],"provenanceChain":["synthetic-referral-fixture","trustops-signal-engine"],"groundingReport":{"structureCoverageScore":47,"provenanceCoverageScore":70,"retrievalReadinessScore":56,"staleSourceFlag":false,"reviewerRequired":true},"safetyBoundary":"Pre-Indexed Intelligence is a synthetic/no-PHI, metadata-only ingest-time intelligence scaffold. It preserves document structure, provenance, grounding metadata, and retrieval evaluation for future Clinical Data Fabric and TrustOps workflows. It does not ingest live PHI, store raw connector payloads, expose raw schemas to agents, approve production connectors, make clinical recommendations, submit payer work, contact patients, or write back to EHRs.","auditHash":"scrimed-intel-d3c4af30"},{"sourceId":"preindex-guideline-synthetic-care-gap","status":"human_review_required","documentFamily":"clinical_guideline_summary","syntheticOnly":true,"livePhiProcessed":false,"rawPayloadStored":false,"rawSchemaExposedToAgents":false,"productionConnectorApproved":false,"structurePreserved":["sections","citations","references","labels","values"],"indexPolicies":["synthetic_only","metadata_only","human_review_required","production_connector_blocked"],"chunks":[{"chunkId":"preindex-guideline-synthetic-care-gap-chunk-1","sourceId":"preindex-guideline-synthetic-care-gap","sourceAnchor":"clinical_guideline_summary:sections:1","structureElements":["sections"],"agentAccessibleFields":["source_id","source_anchor","structure_elements","provenance_hash"],"excludedFields":["raw_payload","raw_schema","patient_identifier","connector_credential"],"provenanceHash":"scrimed-intel-4b85b8e5"},{"chunkId":"preindex-guideline-synthetic-care-gap-chunk-2","sourceId":"preindex-guideline-synthetic-care-gap","sourceAnchor":"clinical_guideline_summary:citations:2","structureElements":["citations"],"agentAccessibleFields":["source_id","source_anchor","structure_elements","provenance_hash"],"excludedFields":["raw_payload","raw_schema","patient_identifier","connector_credential"],"provenanceHash":"scrimed-intel-2362a74f"},{"chunkId":"preindex-guideline-synthetic-care-gap-chunk-3","sourceId":"preindex-guideline-synthetic-care-gap","sourceAnchor":"clinical_guideline_summary:references:3","structureElements":["references"],"agentAccessibleFields":["source_id","source_anchor","structure_elements","provenance_hash"],"excludedFields":["raw_payload","raw_schema","patient_identifier","connector_credential"],"provenanceHash":"scrimed-intel-3540bcff"}],"provenanceChain":["synthetic-guideline-summary","clinical-robustness-lab-rubric"],"groundingReport":{"structureCoverageScore":53,"provenanceCoverageScore":70,"retrievalReadinessScore":59,"staleSourceFlag":false,"reviewerRequired":true},"safetyBoundary":"Pre-Indexed Intelligence is a synthetic/no-PHI, metadata-only ingest-time intelligence scaffold. It preserves document structure, provenance, grounding metadata, and retrieval evaluation for future Clinical Data Fabric and TrustOps workflows. It does not ingest live PHI, store raw connector payloads, expose raw schemas to agents, approve production connectors, make clinical recommendations, submit payer work, contact patients, or write back to EHRs.","auditHash":"scrimed-intel-cf83a0b4"},{"sourceId":"preindex-trial-synthetic-protocol","status":"human_review_required","documentFamily":"trial_protocol_summary","syntheticOnly":true,"livePhiProcessed":false,"rawPayloadStored":false,"rawSchemaExposedToAgents":false,"productionConnectorApproved":false,"structurePreserved":["sections","tables","labels","values","references"],"indexPolicies":["synthetic_only","metadata_only","human_review_required","production_connector_blocked"],"chunks":[{"chunkId":"preindex-trial-synthetic-protocol-chunk-1","sourceId":"preindex-trial-synthetic-protocol","sourceAnchor":"trial_protocol_summary:sections:1","structureElements":["sections"],"agentAccessibleFields":["source_id","source_anchor","structure_elements","provenance_hash"],"excludedFields":["raw_payload","raw_schema","patient_identifier","connector_credential"],"provenanceHash":"scrimed-intel-98da94ae"},{"chunkId":"preindex-trial-synthetic-protocol-chunk-2","sourceId":"preindex-trial-synthetic-protocol","sourceAnchor":"trial_protocol_summary:tables:2","structureElements":["tables"],"agentAccessibleFields":["source_id","source_anchor","structure_elements","provenance_hash"],"excludedFields":["raw_payload","raw_schema","patient_identifier","connector_credential"],"provenanceHash":"scrimed-intel-99682937"},{"chunkId":"preindex-trial-synthetic-protocol-chunk-3","sourceId":"preindex-trial-synthetic-protocol","sourceAnchor":"trial_protocol_summary:labels:3","structureElements":["labels"],"agentAccessibleFields":["source_id","source_anchor","structure_elements","provenance_hash"],"excludedFields":["raw_payload","raw_schema","patient_identifier","connector_credential"],"provenanceHash":"scrimed-intel-e8b519b3"}],"provenanceChain":["edge-trial-evidence-roadmap","synthetic-protocol-fixture"],"groundingReport":{"structureCoverageScore":53,"provenanceCoverageScore":70,"retrievalReadinessScore":59,"staleSourceFlag":false,"reviewerRequired":true},"safetyBoundary":"Pre-Indexed Intelligence is a synthetic/no-PHI, metadata-only ingest-time intelligence scaffold. It preserves document structure, provenance, grounding metadata, and retrieval evaluation for future Clinical Data Fabric and TrustOps workflows. It does not ingest live PHI, store raw connector payloads, expose raw schemas to agents, approve production connectors, make clinical recommendations, submit payer work, contact patients, or write back to EHRs.","auditHash":"scrimed-intel-4061ff07"},{"sourceId":"preindex-rcm-synthetic-denial-playbook","status":"human_review_required","documentFamily":"rcm_denial_playbook","syntheticOnly":true,"livePhiProcessed":false,"rawPayloadStored":false,"rawSchemaExposedToAgents":false,"productionConnectorApproved":false,"structurePreserved":["sections","tables","labels","workflow_steps","payer_criteria"],"indexPolicies":["synthetic_only","metadata_only","human_review_required","production_connector_blocked"],"chunks":[{"chunkId":"preindex-rcm-synthetic-denial-playbook-chunk-1","sourceId":"preindex-rcm-synthetic-denial-playbook","sourceAnchor":"rcm_denial_playbook:sections:1","structureElements":["sections"],"agentAccessibleFields":["source_id","source_anchor","structure_elements","provenance_hash"],"excludedFields":["raw_payload","raw_schema","patient_identifier","connector_credential"],"provenanceHash":"scrimed-intel-a3119ea2"},{"chunkId":"preindex-rcm-synthetic-denial-playbook-chunk-2","sourceId":"preindex-rcm-synthetic-denial-playbook","sourceAnchor":"rcm_denial_playbook:tables:2","structureElements":["tables"],"agentAccessibleFields":["source_id","source_anchor","structure_elements","provenance_hash"],"excludedFields":["raw_payload","raw_schema","patient_identifier","connector_credential"],"provenanceHash":"scrimed-intel-b9ff58c5"},{"chunkId":"preindex-rcm-synthetic-denial-playbook-chunk-3","sourceId":"preindex-rcm-synthetic-denial-playbook","sourceAnchor":"rcm_denial_playbook:labels:3","structureElements":["labels"],"agentAccessibleFields":["source_id","source_anchor","structure_elements","provenance_hash"],"excludedFields":["raw_payload","raw_schema","patient_identifier","connector_credential"],"provenanceHash":"scrimed-intel-59c90529"}],"provenanceChain":["synthetic-rcm-playbook","trustops-denial-signal"],"groundingReport":{"structureCoverageScore":40,"provenanceCoverageScore":70,"retrievalReadinessScore":54,"staleSourceFlag":false,"reviewerRequired":true},"safetyBoundary":"Pre-Indexed Intelligence is a synthetic/no-PHI, metadata-only ingest-time intelligence scaffold. It preserves document structure, provenance, grounding metadata, and retrieval evaluation for future Clinical Data Fabric and TrustOps workflows. It does not ingest live PHI, store raw connector payloads, expose raw schemas to agents, approve production connectors, make clinical recommendations, submit payer work, contact patients, or write back to EHRs.","auditHash":"scrimed-intel-ea337fc8"}],"retrievalEvaluations":[{"task":"patient_matching","candidateSourceIds":["preindex-fhir-synthetic-care-summary"],"groundingScore":64,"sourceTraceabilityScore":70,"minimumPassingScore":80,"status":"needs_review","reason":"Retrieval requires reviewer verification before any protected healthcare use.","humanReviewRequired":true,"auditHash":"scrimed-intel-d11177b7"},{"task":"document_similarity","candidateSourceIds":["preindex-payer-policy-synthetic-afib","preindex-referral-synthetic-delay","preindex-trial-synthetic-protocol"],"groundingScore":57,"sourceTraceabilityScore":70,"minimumPassingScore":80,"status":"needs_review","reason":"Retrieval requires reviewer verification before any protected healthcare use.","humanReviewRequired":true,"auditHash":"scrimed-intel-68d78a90"},{"task":"clinical_retrieval","candidateSourceIds":["preindex-fhir-synthetic-care-summary","preindex-guideline-synthetic-care-gap","preindex-trial-synthetic-protocol"],"groundingScore":61,"sourceTraceabilityScore":70,"minimumPassingScore":80,"status":"needs_review","reason":"Retrieval requires reviewer verification before any protected healthcare use.","humanReviewRequired":true,"auditHash":"scrimed-intel-ec192c55"},{"task":"payer_policy_lookup","candidateSourceIds":["preindex-payer-policy-synthetic-afib","preindex-rcm-synthetic-denial-playbook"],"groundingScore":55,"sourceTraceabilityScore":70,"minimumPassingScore":80,"status":"needs_review","reason":"Retrieval requires reviewer verification before any protected healthcare use.","humanReviewRequired":true,"auditHash":"scrimed-intel-238a7ad6"},{"task":"recommendation_search","candidateSourceIds":["preindex-fhir-synthetic-care-summary","preindex-referral-synthetic-delay","preindex-guideline-synthetic-care-gap","preindex-rcm-synthetic-denial-playbook"],"groundingScore":58,"sourceTraceabilityScore":70,"minimumPassingScore":80,"status":"needs_review","reason":"Retrieval requires reviewer verification before any protected healthcare use.","humanReviewRequired":true,"auditHash":"scrimed-intel-94cd4457"}],"validation":{"status":"pass","checks":[{"check":"synthetic-metadata-only","passed":true,"detail":"Index records must remain synthetic, metadata-only, no-PHI, and hidden from raw schemas."},{"check":"retrieval-tasks-covered","passed":true,"detail":"Patient matching, document similarity, clinical retrieval, payer-policy lookup, and recommendation search must be represented."},{"check":"structure-preservation-covered","passed":true,"detail":"The scaffold must preserve structure metadata such as pages, tables, labels, values, units, citations, images, references, FHIR resources, and payer criteria where represented."},{"check":"production-connectors-blocked","passed":true,"detail":"No pre-indexed intelligence record may approve production connectors or source ingestion."},{"check":"human-review-required","passed":true,"detail":"Retrieval evaluations remain reviewer-gated before protected clinical, payer, or operational use."}]}},"documentationBeforeAuthorization":{"service":"documentation-before-authorization-engine","status":"documentation-before-authorization-ready-synthetic-only","syntheticOnly":true,"noPhiConfirmed":true,"payerSubmissionAllowed":false,"boundary":"Documentation-Before-Authorization Engine is synthetic/no-PHI pre-submission intelligence. It can identify documentation gaps, draft reviewer packets, and estimate prior-auth risk for demo workflows only. It does not submit prior authorizations, file claims, determine medical necessity, provide legal advice, contact payers, write to EHRs, or use live patient data.","requirementCount":10,"requiredRequirementCount":9,"requirements":[{"id":"symptom_language","label":"Symptom language","purpose":"Confirm the packet states relevant symptoms or clinical rationale in reviewer-friendly language.","required":true,"owner":"clinical_reviewer","evidenceType":"synthetic note excerpt metadata"},{"id":"functional_status","label":"Functional status","purpose":"Confirm the packet captures activity limitation, burden, or functional impact when policy criteria require it.","required":true,"owner":"clinical_reviewer","evidenceType":"synthetic assessment metadata"},{"id":"visit_timing","label":"Visit timing","purpose":"Confirm the related visit or review date falls inside the synthetic policy timing window.","required":true,"owner":"rcm_reviewer","evidenceType":"synthetic encounter timestamp metadata"},{"id":"medical_necessity_rationale","label":"Medical necessity rationale","purpose":"Confirm a reviewer-authored rationale is present; SCRIMED does not make final medical-necessity determinations.","required":true,"owner":"payer_policy_reviewer","evidenceType":"reviewer rationale placeholder"},{"id":"prior_therapy_history","label":"Prior therapy history","purpose":"Confirm prior therapies, alternatives, failures, contraindications, or policy-specific history are represented when required.","required":true,"owner":"clinical_reviewer","evidenceType":"synthetic treatment-history metadata"},{"id":"diagnosis_specific_evidence","label":"Diagnosis-specific evidence","purpose":"Confirm required diagnostic, guideline, or specialty-specific evidence fields are present before reviewer packet creation.","required":true,"owner":"clinical_reviewer","evidenceType":"synthetic evidence card metadata"},{"id":"policy_reference","label":"Policy reference","purpose":"Confirm policy version, source label, and freshness metadata are included.","required":true,"owner":"payer_policy_reviewer","evidenceType":"synthetic payer-policy metadata"},{"id":"recent_visit_note","label":"Recent visit note","purpose":"Confirm a recent visit-note placeholder or reviewer-approved alternative is present.","required":true,"owner":"rcm_reviewer","evidenceType":"synthetic visit-note metadata"},{"id":"contraindication_context","label":"Contraindication context","purpose":"Flag missing contraindication or exception context when it affects policy interpretation.","required":false,"owner":"clinical_reviewer","evidenceType":"synthetic exception metadata"},{"id":"reviewer_attestation","label":"Reviewer attestation","purpose":"Confirm human reviewer status is captured before any external-facing packet is considered.","required":true,"owner":"payer_policy_reviewer","evidenceType":"human review status"}],"syntheticPacketCount":2,"syntheticPackets":[{"packetId":"doc-auth-afib-ablation-synthetic-gap","scenario":"Synthetic AFib ablation-style prior-auth readiness check with missing symptom language, functional status, recent timing, and reviewer attestation.","payerPolicyClass":"synthetic_prior_auth_policy","procedureFamily":"cardiology procedure authorization","syntheticOnly":true,"noPhi":true,"documentedRequirementIds":["medical_necessity_rationale","prior_therapy_history","diagnosis_specific_evidence","policy_reference"],"evidenceRefs":["policy-synthetic-cardiology-001","evidence-card-synthetic-therapy-history"],"reviewerStatus":"queued","requestedAction":"pre_submission_gap_check"},{"packetId":"doc-auth-imaging-synthetic-review-ready","scenario":"Synthetic imaging authorization packet with all required metadata present and still routed to human review.","payerPolicyClass":"synthetic_prior_auth_policy","procedureFamily":"advanced imaging authorization","syntheticOnly":true,"noPhi":true,"documentedRequirementIds":["symptom_language","functional_status","visit_timing","medical_necessity_rationale","prior_therapy_history","diagnosis_specific_evidence","policy_reference","recent_visit_note","reviewer_attestation"],"evidenceRefs":["policy-synthetic-imaging-001","evidence-card-synthetic-symptoms","evidence-card-synthetic-function","evidence-card-synthetic-visit-timing"],"reviewerStatus":"reviewed_for_demo","requestedAction":"draft_reviewer_packet"}],"evaluations":[{"packetId":"doc-auth-afib-ablation-synthetic-gap","status":"documentation-before-authorization-evaluated","readiness":"blocked_before_submission","riskLevel":"high","missingRequiredIds":["symptom_language","functional_status","visit_timing","recent_visit_note","reviewer_attestation"],"presentRequiredIds":["medical_necessity_rationale","prior_therapy_history","diagnosis_specific_evidence","policy_reference"],"missingEvidenceLabels":["Symptom language","Functional status","Visit timing","Recent visit note","Reviewer attestation"],"priorAuthRiskSignals":["missing symptom language","missing functional status","missing visit timing","missing recent visit note","missing reviewer attestation","human reviewer attestation incomplete"],"recommendedOwner":"clinical_reviewer","recommendedActions":["Complete missing documentation: Symptom language, Functional status, Visit timing, Recent visit note, Reviewer attestation","Route to human reviewer before any payer-facing use.","Keep payer submission blocked until external authorization, customer approval, and compliance review exist."],"automationEligibility":"blocked","humanReviewRequired":true,"payerSubmissionAllowed":false,"noPhiConfirmed":true,"syntheticOnly":true,"auditHash":"scrimed-intel-40ecb0ad","boundary":"Documentation-Before-Authorization Engine is synthetic/no-PHI pre-submission intelligence. It can identify documentation gaps, draft reviewer packets, and estimate prior-auth risk for demo workflows only. It does not submit prior authorizations, file claims, determine medical necessity, provide legal advice, contact payers, write to EHRs, or use live patient data."},{"packetId":"doc-auth-imaging-synthetic-review-ready","status":"documentation-before-authorization-evaluated","readiness":"review_ready","riskLevel":"low","missingRequiredIds":[],"presentRequiredIds":["symptom_language","functional_status","visit_timing","medical_necessity_rationale","prior_therapy_history","diagnosis_specific_evidence","policy_reference","recent_visit_note","reviewer_attestation"],"missingEvidenceLabels":[],"priorAuthRiskSignals":[],"recommendedOwner":"rcm_reviewer","recommendedActions":["Maintain reviewer packet with all required metadata present.","Route to human reviewer before any payer-facing use.","Keep payer submission blocked until external authorization, customer approval, and compliance review exist."],"automationEligibility":"recommendation_only","humanReviewRequired":true,"payerSubmissionAllowed":false,"noPhiConfirmed":true,"syntheticOnly":true,"auditHash":"scrimed-intel-13d48030","boundary":"Documentation-Before-Authorization Engine is synthetic/no-PHI pre-submission intelligence. It can identify documentation gaps, draft reviewer packets, and estimate prior-auth risk for demo workflows only. It does not submit prior authorizations, file claims, determine medical necessity, provide legal advice, contact payers, write to EHRs, or use live patient data."}],"workbench":{"route":"/documentation-before-authorization","apiRoute":"/api/documentation-before-authorization","mode":"interactive-synthetic-review-packet","acceptedInput":"registered scenario identifiers and enumerated documentation requirement states only","freeTextAccepted":false,"payerSubmissionAllowed":false,"workSessionHandoff":"SCRIMED Work revenue-cycle prepare-only Definition-of-Done contract"},"validation":{"status":"pass","checks":[{"check":"missing-documentation-detected","passed":true,"detail":"Synthetic prior-auth readiness packets must detect missing symptom, functional-status, visit-timing, evidence, and reviewer-attestation gaps."},{"check":"payer-submission-blocked","passed":true,"detail":"The engine cannot submit prior authorizations, claims, appeals, or payer packets."},{"check":"human-review-required","passed":true,"detail":"Every output remains reviewer-gated before external-facing use."},{"check":"synthetic-no-phi-only","passed":true,"detail":"Fixtures and evaluations are synthetic/no-PHI only."}]}},"onDeviceDeidentification":{"service":"on-device-deidentification","status":"on-device-deidentification-ready-synthetic-only","syntheticOnly":true,"livePhiProcessed":false,"rawPayloadStored":false,"externalInferenceAllowed":false,"boundary":"On-Device De-Identification is a synthetic/no-PHI local-first privacy scaffold for browser, Mac, and iPhone-capable preprocessing. It emits metadata-only redaction manifests for PDFs, scans, images, HL7 v2, CDA, FHIR, CSV, NDJSON, and chat logs. It does not store raw payloads, process live PHI, send data to external inference, certify de-identification, or authorize production connector use.","documentTypeCount":9,"runtimeTargets":["browser","mac","iphone"],"fixtures":[{"fixtureId":"deid-pdf-synthetic-intake","label":"Synthetic PDF intake packet","documentType":"pdf","runtimeTargets":["browser","mac"],"syntheticOnly":true,"livePhiProcessed":false,"rawPayloadStored":false,"simulatedDetectedCategories":["patient_name","date_of_birth","mrn"],"uncertainCategories":["address"],"structurePreserved":["pages","headings","tables","labels"]},{"fixtureId":"deid-scan-synthetic-referral","label":"Synthetic scanned referral","documentType":"scan","runtimeTargets":["mac","iphone"],"syntheticOnly":true,"livePhiProcessed":false,"rawPayloadStored":false,"simulatedDetectedCategories":["patient_name","phone"],"uncertainCategories":["free_text_identifier"],"structurePreserved":["page image","ocr block","confidence"]},{"fixtureId":"deid-image-synthetic-card","label":"Synthetic image attachment","documentType":"image","runtimeTargets":["browser","iphone"],"syntheticOnly":true,"livePhiProcessed":false,"rawPayloadStored":false,"simulatedDetectedCategories":["device_identifier"],"uncertainCategories":["patient_name"],"structurePreserved":["image metadata","ocr region","label"]},{"fixtureId":"deid-hl7-v2-synthetic-adt","label":"Synthetic HL7 v2 ADT message","documentType":"hl7_v2","runtimeTargets":["mac"],"syntheticOnly":true,"livePhiProcessed":false,"rawPayloadStored":false,"simulatedDetectedCategories":["patient_name","mrn","phone"],"uncertainCategories":["account_number"],"structurePreserved":["segments","fields","components"]},{"fixtureId":"deid-cda-synthetic-summary","label":"Synthetic CDA continuity document","documentType":"cda","runtimeTargets":["browser","mac"],"syntheticOnly":true,"livePhiProcessed":false,"rawPayloadStored":false,"simulatedDetectedCategories":["patient_name","date_of_birth","address"],"uncertainCategories":["free_text_identifier"],"structurePreserved":["sections","entries","code systems"]},{"fixtureId":"deid-fhir-synthetic-bundle","label":"Synthetic FHIR R4 bundle","documentType":"fhir","runtimeTargets":["browser","mac"],"syntheticOnly":true,"livePhiProcessed":false,"rawPayloadStored":false,"simulatedDetectedCategories":["patient_name","mrn","email"],"uncertainCategories":["device_identifier"],"structurePreserved":["resources","references","coding"]},{"fixtureId":"deid-csv-synthetic-roster","label":"Synthetic CSV operations roster","documentType":"csv","runtimeTargets":["browser","mac"],"syntheticOnly":true,"livePhiProcessed":false,"rawPayloadStored":false,"simulatedDetectedCategories":["patient_name","phone","email"],"uncertainCategories":["account_number"],"structurePreserved":["headers","rows","columns"]},{"fixtureId":"deid-ndjson-synthetic-export","label":"Synthetic NDJSON event export","documentType":"ndjson","runtimeTargets":["mac"],"syntheticOnly":true,"livePhiProcessed":false,"rawPayloadStored":false,"simulatedDetectedCategories":["mrn","device_identifier"],"uncertainCategories":["free_text_identifier"],"structurePreserved":["lines","resource type","event id"]},{"fixtureId":"deid-chat-log-synthetic-support","label":"Synthetic chat log","documentType":"chat_log","runtimeTargets":["browser","mac","iphone"],"syntheticOnly":true,"livePhiProcessed":false,"rawPayloadStored":false,"simulatedDetectedCategories":["patient_name","phone","email"],"uncertainCategories":["free_text_identifier"],"structurePreserved":["turns","speaker labels","timestamps"]}],"manifests":[{"fixtureId":"deid-pdf-synthetic-intake","status":"manual_verification_required","documentType":"pdf","runtimeTargets":["browser","mac"],"localFirstRequired":true,"externalInferenceAllowed":false,"livePhiProcessed":false,"rawPayloadStored":false,"simulatedDetectedCategories":["patient_name","date_of_birth","mrn"],"uncertainCategories":["address"],"redactionActions":["redact simulated patient name","redact simulated date of birth","redact simulated mrn","queue manual verification for possible address","preserve document structure metadata","block external inference until explicit authorization exists"],"structurePreserved":["pages","headings","tables","labels"],"humanVerificationRequired":true,"automationEligibility":"metadata_manifest_only","auditHash":"scrimed-intel-c4a02514","boundary":"On-Device De-Identification is a synthetic/no-PHI local-first privacy scaffold for browser, Mac, and iPhone-capable preprocessing. It emits metadata-only redaction manifests for PDFs, scans, images, HL7 v2, CDA, FHIR, CSV, NDJSON, and chat logs. It does not store raw payloads, process live PHI, send data to external inference, certify de-identification, or authorize production connector use."},{"fixtureId":"deid-scan-synthetic-referral","status":"manual_verification_required","documentType":"scan","runtimeTargets":["mac","iphone"],"localFirstRequired":true,"externalInferenceAllowed":false,"livePhiProcessed":false,"rawPayloadStored":false,"simulatedDetectedCategories":["patient_name","phone"],"uncertainCategories":["free_text_identifier"],"redactionActions":["redact simulated patient name","redact simulated phone","queue manual verification for possible free text identifier","preserve document structure metadata","block external inference until explicit authorization exists"],"structurePreserved":["page image","ocr block","confidence"],"humanVerificationRequired":true,"automationEligibility":"metadata_manifest_only","auditHash":"scrimed-intel-43c78ea5","boundary":"On-Device De-Identification is a synthetic/no-PHI local-first privacy scaffold for browser, Mac, and iPhone-capable preprocessing. It emits metadata-only redaction manifests for PDFs, scans, images, HL7 v2, CDA, FHIR, CSV, NDJSON, and chat logs. It does not store raw payloads, process live PHI, send data to external inference, certify de-identification, or authorize production connector use."},{"fixtureId":"deid-image-synthetic-card","status":"manual_verification_required","documentType":"image","runtimeTargets":["browser","iphone"],"localFirstRequired":true,"externalInferenceAllowed":false,"livePhiProcessed":false,"rawPayloadStored":false,"simulatedDetectedCategories":["device_identifier"],"uncertainCategories":["patient_name"],"redactionActions":["redact simulated device identifier","queue manual verification for possible patient name","preserve document structure metadata","block external inference until explicit authorization exists"],"structurePreserved":["image metadata","ocr region","label"],"humanVerificationRequired":true,"automationEligibility":"metadata_manifest_only","auditHash":"scrimed-intel-b9bde5a3","boundary":"On-Device De-Identification is a synthetic/no-PHI local-first privacy scaffold for browser, Mac, and iPhone-capable preprocessing. It emits metadata-only redaction manifests for PDFs, scans, images, HL7 v2, CDA, FHIR, CSV, NDJSON, and chat logs. It does not store raw payloads, process live PHI, send data to external inference, certify de-identification, or authorize production connector use."},{"fixtureId":"deid-hl7-v2-synthetic-adt","status":"manual_verification_required","documentType":"hl7_v2","runtimeTargets":["mac"],"localFirstRequired":true,"externalInferenceAllowed":false,"livePhiProcessed":false,"rawPayloadStored":false,"simulatedDetectedCategories":["patient_name","mrn","phone"],"uncertainCategories":["account_number"],"redactionActions":["redact simulated patient name","redact simulated mrn","redact simulated phone","queue manual verification for possible account number","preserve document structure metadata","block external inference until explicit authorization exists"],"structurePreserved":["segments","fields","components"],"humanVerificationRequired":true,"automationEligibility":"metadata_manifest_only","auditHash":"scrimed-intel-e4cf5f1e","boundary":"On-Device De-Identification is a synthetic/no-PHI local-first privacy scaffold for browser, Mac, and iPhone-capable preprocessing. It emits metadata-only redaction manifests for PDFs, scans, images, HL7 v2, CDA, FHIR, CSV, NDJSON, and chat logs. It does not store raw payloads, process live PHI, send data to external inference, certify de-identification, or authorize production connector use."},{"fixtureId":"deid-cda-synthetic-summary","status":"manual_verification_required","documentType":"cda","runtimeTargets":["browser","mac"],"localFirstRequired":true,"externalInferenceAllowed":false,"livePhiProcessed":false,"rawPayloadStored":false,"simulatedDetectedCategories":["patient_name","date_of_birth","address"],"uncertainCategories":["free_text_identifier"],"redactionActions":["redact simulated patient name","redact simulated date of birth","redact simulated address","queue manual verification for possible free text identifier","preserve document structure metadata","block external inference until explicit authorization exists"],"structurePreserved":["sections","entries","code systems"],"humanVerificationRequired":true,"automationEligibility":"metadata_manifest_only","auditHash":"scrimed-intel-ec2c8e0b","boundary":"On-Device De-Identification is a synthetic/no-PHI local-first privacy scaffold for browser, Mac, and iPhone-capable preprocessing. It emits metadata-only redaction manifests for PDFs, scans, images, HL7 v2, CDA, FHIR, CSV, NDJSON, and chat logs. It does not store raw payloads, process live PHI, send data to external inference, certify de-identification, or authorize production connector use."},{"fixtureId":"deid-fhir-synthetic-bundle","status":"manual_verification_required","documentType":"fhir","runtimeTargets":["browser","mac"],"localFirstRequired":true,"externalInferenceAllowed":false,"livePhiProcessed":false,"rawPayloadStored":false,"simulatedDetectedCategories":["patient_name","mrn","email"],"uncertainCategories":["device_identifier"],"redactionActions":["redact simulated patient name","redact simulated mrn","redact simulated email","queue manual verification for possible device identifier","preserve document structure metadata","block external inference until explicit authorization exists"],"structurePreserved":["resources","references","coding"],"humanVerificationRequired":true,"automationEligibility":"metadata_manifest_only","auditHash":"scrimed-intel-a370ea14","boundary":"On-Device De-Identification is a synthetic/no-PHI local-first privacy scaffold for browser, Mac, and iPhone-capable preprocessing. It emits metadata-only redaction manifests for PDFs, scans, images, HL7 v2, CDA, FHIR, CSV, NDJSON, and chat logs. It does not store raw payloads, process live PHI, send data to external inference, certify de-identification, or authorize production connector use."},{"fixtureId":"deid-csv-synthetic-roster","status":"manual_verification_required","documentType":"csv","runtimeTargets":["browser","mac"],"localFirstRequired":true,"externalInferenceAllowed":false,"livePhiProcessed":false,"rawPayloadStored":false,"simulatedDetectedCategories":["patient_name","phone","email"],"uncertainCategories":["account_number"],"redactionActions":["redact simulated patient name","redact simulated phone","redact simulated email","queue manual verification for possible account number","preserve document structure metadata","block external inference until explicit authorization exists"],"structurePreserved":["headers","rows","columns"],"humanVerificationRequired":true,"automationEligibility":"metadata_manifest_only","auditHash":"scrimed-intel-d1aa70eb","boundary":"On-Device De-Identification is a synthetic/no-PHI local-first privacy scaffold for browser, Mac, and iPhone-capable preprocessing. It emits metadata-only redaction manifests for PDFs, scans, images, HL7 v2, CDA, FHIR, CSV, NDJSON, and chat logs. It does not store raw payloads, process live PHI, send data to external inference, certify de-identification, or authorize production connector use."},{"fixtureId":"deid-ndjson-synthetic-export","status":"manual_verification_required","documentType":"ndjson","runtimeTargets":["mac"],"localFirstRequired":true,"externalInferenceAllowed":false,"livePhiProcessed":false,"rawPayloadStored":false,"simulatedDetectedCategories":["mrn","device_identifier"],"uncertainCategories":["free_text_identifier"],"redactionActions":["redact simulated mrn","redact simulated device identifier","queue manual verification for possible free text identifier","preserve document structure metadata","block external inference until explicit authorization exists"],"structurePreserved":["lines","resource type","event id"],"humanVerificationRequired":true,"automationEligibility":"metadata_manifest_only","auditHash":"scrimed-intel-efa2f0ab","boundary":"On-Device De-Identification is a synthetic/no-PHI local-first privacy scaffold for browser, Mac, and iPhone-capable preprocessing. It emits metadata-only redaction manifests for PDFs, scans, images, HL7 v2, CDA, FHIR, CSV, NDJSON, and chat logs. It does not store raw payloads, process live PHI, send data to external inference, certify de-identification, or authorize production connector use."},{"fixtureId":"deid-chat-log-synthetic-support","status":"manual_verification_required","documentType":"chat_log","runtimeTargets":["browser","mac","iphone"],"localFirstRequired":true,"externalInferenceAllowed":false,"livePhiProcessed":false,"rawPayloadStored":false,"simulatedDetectedCategories":["patient_name","phone","email"],"uncertainCategories":["free_text_identifier"],"redactionActions":["redact simulated patient name","redact simulated phone","redact simulated email","queue manual verification for possible free text identifier","preserve document structure metadata","block external inference until explicit authorization exists"],"structurePreserved":["turns","speaker labels","timestamps"],"humanVerificationRequired":true,"automationEligibility":"metadata_manifest_only","auditHash":"scrimed-intel-bb21a697","boundary":"On-Device De-Identification is a synthetic/no-PHI local-first privacy scaffold for browser, Mac, and iPhone-capable preprocessing. It emits metadata-only redaction manifests for PDFs, scans, images, HL7 v2, CDA, FHIR, CSV, NDJSON, and chat logs. It does not store raw payloads, process live PHI, send data to external inference, certify de-identification, or authorize production connector use."}],"validation":{"status":"pass","checks":[{"check":"document-families-covered","passed":true,"detail":"PDFs, scans, images, HL7 v2, CDA, FHIR, CSV, NDJSON, and chat logs must have synthetic manifest fixtures."},{"check":"browser-mac-iphone-targets-covered","passed":true,"detail":"Local-first deployment targets must include browser, Mac, and iPhone-capable pathways."},{"check":"raw-payload-storage-blocked","passed":true,"detail":"No raw document, connector, message, image, or transcript payload is stored in this scaffold."},{"check":"external-inference-blocked","passed":true,"detail":"External inference remains blocked until explicit authorization, privacy review, and customer approval exist."},{"check":"human-verification-required","passed":true,"detail":"Every redaction manifest requires human verification before use beyond synthetic demos."}]}},"directives":[{"id":"llms-interface-layer","directive":"Treat LLMs as the interface layer, not the whole system.","domain":"ai-interface","stage":"active-roadmap","productImplication":"SCRIMED should use models for reasoning, summarization, drafting, translation, and human-facing interfaces while deterministic services own state, rules, identity, policy, evidence, and execution boundaries.","architectureChange":["Separate model interface adapters from workflow state machines.","Route all protected actions through policy, schema, evidence, and human-review services.","Keep model output as draft or recommendation until validated."],"implementationTracks":["Model adapter interface","Workflow orchestrator","Policy gate","Evidence binding","Human review queue"],"validationMethod":["Route contract tests prove models do not write directly to systems of record.","Generated outputs must pass structured schema checks.","Human-review flags must remain true for protected healthcare workflows."],"safetyBoundary":"Demo/synthetic planning only; requires schema validation, evidence grounding, rules checks, audit logging, and human review before any protected healthcare workflow can advance.","nextBuildStep":"Add interface-layer tags to model routes so every AI output declares draft, recommendation, or metadata-only status."},{"id":"world-model-context-layers","directive":"Add world-model/context layers for messy healthcare data.","domain":"context-world-model","stage":"starter-build-ready","productImplication":"SCRIMED must represent incomplete, conflicting, delayed, noisy, and context-dependent healthcare data before model calls, not hope a prompt can resolve operational reality.","architectureChange":["Create context layers for patient journey state, clinical workflow state, payer state, RCM state, access state, geography, time, capacity, and evidence freshness.","Add uncertainty, missingness, conflict, source, and timestamp fields to context packets.","Compress context before model use while preserving provenance."],"implementationTracks":["Context packet schema","World-model state registry","Uncertainty labels","Source freshness checks","Conflict detection"],"validationMethod":["Synthetic messy-data fixtures test missing, conflicting, stale, temporal, and unit-inconsistent inputs.","Context packets must expose uncertainty and missingness.","Reviewer queues receive escalation when context is insufficient."],"safetyBoundary":"Demo/synthetic planning only; requires schema validation, evidence grounding, rules checks, audit logging, and human review before any protected healthcare workflow can advance.","nextBuildStep":"Create synthetic world-model fixtures for time-series, geography, physical constraints, payer rules, workflow state, and patient journey state."},{"id":"active-ontology-semantic-graph","directive":"Build active ontology + semantic graph for clinical, payer, RCM, patient-access, and operations logic.","domain":"semantic-graph","stage":"starter-build-ready","productImplication":"SCRIMED should reason over governed relationships between concepts, rules, workflows, evidence, owners, and allowed actions rather than free-text guesses.","architectureChange":["Create ontology domains for clinical, payer, RCM, patient access, operations, workforce, resource, and governance logic.","Bind semantic graph nodes to evidence, policy, workflow state, and reviewer ownership.","Require graph-derived constraints before model execution."],"implementationTracks":["Ontology registry","Semantic graph node schema","Relation vocabulary","Evidence lineage","Policy constraint resolver"],"validationMethod":["Graph nodes must have type, owner, evidence requirement, and safety boundary.","Edges must be constrained to known relationship types.","Contradictory graph paths must route to human review."],"safetyBoundary":"Demo/synthetic planning only; requires schema validation, evidence grounding, rules checks, audit logging, and human review before any protected healthcare workflow can advance.","nextBuildStep":"Extend the TrustOps semantic graph with ontology node types for payer rules, RCM denial logic, access queues, workforce capacity, and resource constraints."},{"id":"long-term-memory-traces","directive":"Store agent reasoning traces, audit logs, and decisions as long-term memory.","domain":"memory-audit","stage":"requires-protected-pilot","productImplication":"SCRIMED needs durable institutional memory for decisions, evidence, reviewer outcomes, incidents, model routes, tool calls, and audit events without storing hidden chain-of-thought or PHI.","architectureChange":["Persist decision trace metadata, cited rationale summaries, inputs hashes, evidence refs, policy refs, model route, tool calls, and reviewer disposition.","Separate human-readable rationale summaries from private model chain-of-thought.","Tie long-term memory to retention, deletion, tenant, residency, and review controls."],"implementationTracks":["Decision memory schema","Audit event ledger","Evidence envelope hash","Reviewer disposition","Retention and deletion policy"],"validationMethod":["No hidden model chain-of-thought is required or exposed.","Memory records must be metadata-only unless future PHI approval exists.","Every persisted decision must include evidence refs, policy refs, and reviewer status."],"safetyBoundary":"No-PHI memory only. Store decision trace metadata and rationale summaries, not hidden chain-of-thought, live patient data, credentials, or production connector payloads.","nextBuildStep":"Map TrustOps review packets and execution-attempt durable envelopes into a shared long-term decision-memory contract."},{"id":"dynamic-context-injection","directive":"Add dynamic context injection: deep reasoning at session start, skill/module listing every turn, and task reminders updated every turn.","domain":"context-injection","stage":"active-roadmap","productImplication":"SCRIMED agents should receive the right module, skill, policy, task, evidence, and safety context at the right moment without preloading everything.","architectureChange":["Create a context-injection manifest for session start, every turn, and task completion.","Run deep planning summaries at session start without exposing hidden chain-of-thought.","List relevant skills/modules every turn and refresh task reminders as state changes."],"implementationTracks":["Session context primer","Per-turn skill/module manifest","Task reminder ledger","Lazy capability loading","Context compression"],"validationMethod":["Context manifests must cite selected modules and omitted modules.","Task reminders must be versioned and updated after each workflow state change.","Prompt payloads must exclude secrets, PHI, and irrelevant tools."],"safetyBoundary":"Dynamic context injection may guide synthetic agent runs only; it cannot grant tool access, bypass permissions, expose secrets, or authorize protected actions.","nextBuildStep":"Create a per-turn context manifest schema with selected modules, skill list, active reminders, omitted context, safety boundaries, and evidence refs."},{"id":"avoid-self-correction-trap","directive":"Avoid the self-correction trap: never trust model self-verification alone; validate with schemas, evidence, external data, rules, and human review.","domain":"validation-governance","stage":"active-roadmap","productImplication":"SCRIMED should treat self-critique as one weak signal, not proof. Quality comes from independent validators, evidence, rules, benchmark suites, and accountable reviewers.","architectureChange":["Require schema validation for structured outputs.","Bind claims to evidence cards and source freshness.","Use deterministic rule checks before release.","Escalate missing, conflicting, or high-risk outputs to human review."],"implementationTracks":["Structured-output validator","Evidence verifier","Rule engine","Human-review gate","Regression benchmark"],"validationMethod":["Every generated brief must pass schema fidelity checks.","Evidence and source attribution must be present for clinical or operational claims.","Human-review status must remain unresolved until qualified disposition."],"safetyBoundary":"Demo/synthetic planning only; requires schema validation, evidence grounding, rules checks, audit logging, and human review before any protected healthcare workflow can advance.","nextBuildStep":"Promote schema, evidence, rules, external-data hooks, and reviewer disposition into a release gate for all TrustOps and module briefs."},{"id":"workforce-talent-module","directive":"Add workforce/talent module for healthcare hiring, onboarding, vacancy-risk, and labor-cost savings.","domain":"workforce-talent","stage":"starter-build-ready","productImplication":"SCRIMED can expand into operational workforce intelligence for clinics, health systems, and service delivery without touching patient data.","architectureChange":["Create workforce demand, vacancy risk, onboarding readiness, credential checklist, training state, and labor-cost model objects.","Connect workforce signals to access, scheduling, referral, and operations bottlenecks.","Keep employment, HR, legal, and finance claims review-gated."],"implementationTracks":["Workforce capacity model","Vacancy-risk signal","Onboarding checklist","Labor-cost savings model","Hiring readiness packet"],"validationMethod":["Use synthetic staffing scenarios only.","Cost-savings claims require assumptions, ranges, evidence, and finance review.","No hiring, employment, legal, or payroll action is automated."],"safetyBoundary":"Workforce module is operational planning only; it does not provide legal, HR, payroll, employment, credentialing, labor-law, or financial advice.","nextBuildStep":"Add workforce/talent registry entries to TrustOps with synthetic vacancy-risk and onboarding-readiness signals."},{"id":"project-resource-management","directive":"Add project/resource management module tracking compute, storage, quota, model usage, pipeline cost, and agent workload.","domain":"resource-management","stage":"starter-build-ready","productImplication":"SCRIMED needs operating economics and capacity intelligence to protect margins, prevent runaway AI costs, and make enterprise scaling credible.","architectureChange":["Track compute, storage, quota, model usage, pipeline cost, agent workload, review queue load, and tenant capacity.","Connect resource signals to cost guardrails, model routing, deployment readiness, and sales/package margin controls.","Create budget thresholds and recommendation-only mitigation packets."],"implementationTracks":["Resource usage ledger","Model cost telemetry","Pipeline cost estimator","Agent workload queue","Budget guardrail signal"],"validationMethod":["Synthetic usage scenarios test quota exhaustion, model cost spikes, pipeline delays, and overloaded agent queues.","Cost estimates must state assumptions and confidence.","Mitigations are recommendation-only until approved."],"safetyBoundary":"Resource module is operational planning only; it cannot mutate cloud infrastructure, change billing, rotate secrets, disable services, or make financial guarantees.","nextBuildStep":"Bind model usage, pipeline cost, quota, storage, and agent workload to the TrustOps Signal Engine as synthetic cost-risk signals."},{"id":"healthcare-world-models","directive":"Build toward healthcare world models: time-series, geography, physical constraints, clinical workflow state, payer rules, and patient journey state.","domain":"healthcare-world-model","stage":"requires-protected-pilot","productImplication":"SCRIMED should model healthcare as a dynamic system with time, place, capacity, policy, workflow, and journey state before recommending operations changes.","architectureChange":["Create world-model layers for time-series trends, geography, physical capacity, clinical state, payer rules, patient journey, workforce, and resource constraints.","Represent temporal ordering, dependencies, uncertainty, state transitions, and blocked actions.","Use world-model outputs to constrain workflow selection and escalation."],"implementationTracks":["Time-series state layer","Geography and facility layer","Physical constraints layer","Clinical workflow state layer","Payer rules layer","Patient journey state layer"],"validationMethod":["Synthetic scenarios test impossible timing, geography mismatch, capacity conflicts, payer-rule conflicts, and incomplete journey state.","World-model conflicts must block automation and route to review.","Outputs must expose limitations and confidence."],"safetyBoundary":"Healthcare world models are synthetic or approved de-identified planning layers only; they cannot infer live patient care actions or override clinical review.","nextBuildStep":"Create the first synthetic world-model test suite covering temporal order, facility geography, physical capacity, payer rules, and journey state."},{"id":"benchmark-layer","directive":"Add benchmark layer for structured outputs, schema fidelity, reasoning validity, and operational accuracy.","domain":"benchmarking","stage":"active-roadmap","productImplication":"SCRIMED needs product-specific benchmarks that measure operational correctness and safety rather than generic leaderboard performance.","architectureChange":["Create benchmark suites for schema fidelity, evidence grounding, reasoning validity, semantic graph consistency, workflow accuracy, and operational impact.","Tie benchmark results to release gates and TrustOps scores.","Track regressions by module, prompt, model route, and workflow version."],"implementationTracks":["Benchmark Studio","ClinicalBench","TrustOps score integration","Regression report","Release gate"],"validationMethod":["Structured outputs must match schemas.","Reasoning summaries must be evidence-grounded and rule-consistent.","Operational outputs must match expected workflow state and owner routing."],"safetyBoundary":"Demo/synthetic planning only; requires schema validation, evidence grounding, rules checks, audit logging, and human review before any protected healthcare workflow can advance.","nextBuildStep":"Add benchmark dimensions to the TrustOps registry and require benchmark status in every build-roadmap release summary."}],"modules":[{"id":"dynamic-context-injection-engine","name":"Dynamic Context Injection Engine","purpose":"Inject session-start planning summaries, per-turn module/skill listings, active task reminders, omitted context, and safety boundaries into agent runs.","inputs":["task request","module registry","skill registry","policy gate","active reminders","evidence refs"],"outputs":["context manifest","selected module list","task reminder update","omitted context log","safety boundary note"],"controls":["no secrets","no PHI","lazy capability loading","context compression","permission-aware tool listing"],"blockedActions":["tool permission grant","secret exposure","PHI injection","protected action approval"],"ownerPlaceholder":"Agent platform lead","firstMilestone":"Define per-turn context manifest schema and contract smoke for selected modules, skill list, task reminders, and omitted context."},{"id":"active-ontology-semantic-graph","name":"Active Ontology + Semantic Graph","purpose":"Represent clinical, payer, RCM, patient-access, operations, workforce, resource, and governance logic as typed graph nodes and constrained relationships.","inputs":["ontology registry","policy refs","evidence refs","workflow state","synthetic events"],"outputs":["semantic graph","constraint map","conflict report","evidence lineage","owner routing"],"controls":["typed nodes","known relation vocabulary","evidence required","human review on conflict"],"blockedActions":["untyped free-form graph mutation","source-less claims","autonomous system-of-record action"],"ownerPlaceholder":"Knowledge systems lead","firstMilestone":"Add payer, RCM, access, operations, workforce, and resource ontology node types to the existing TrustOps semantic graph."},{"id":"decision-memory-ledger","name":"Decision Memory Ledger","purpose":"Store metadata-only decision memory for agent runs, audit logs, evidence refs, policy refs, model route, reviewer disposition, and outcome labels.","inputs":["execution attempt envelope","TrustOps review packet","audit event","reviewer disposition","benchmark result"],"outputs":["decision memory record","evidence envelope hash","review history","regression trigger","retention event"],"controls":["metadata-only by default","retention policy","deletion policy","tenant scope","no hidden chain-of-thought"],"blockedActions":["PHI memory without approval","hidden chain-of-thought disclosure","cross-tenant replay"],"ownerPlaceholder":"TrustOps + platform reliability","firstMilestone":"Bind TrustOps review packets and execution-attempt envelopes into one memory-record contract."},{"id":"workforce-talent-intelligence","name":"Workforce / Talent Intelligence","purpose":"Model healthcare hiring, onboarding, vacancy risk, credential readiness, training readiness, staffing capacity, and labor-cost savings assumptions.","inputs":["synthetic staffing scenarios","role catalog","onboarding checklist","capacity assumptions","labor-cost assumptions"],"outputs":["vacancy-risk signal","onboarding-readiness packet","staffing capacity estimate","labor-cost savings range"],"controls":["synthetic-only","finance review","HR/legal review","assumption disclosure","no payroll mutation"],"blockedActions":["hiring decision","employment advice","payroll action","credentialing approval","labor-law advice"],"ownerPlaceholder":"Operations + people systems lead","firstMilestone":"Create synthetic vacancy-risk and onboarding-readiness fixtures tied to access and scheduling bottlenecks."},{"id":"project-resource-intelligence","name":"Project / Resource Management Intelligence","purpose":"Track compute, storage, quota, model usage, pipeline cost, agent workload, reviewer load, and tenant capacity.","inputs":["synthetic usage events","model route telemetry","pipeline estimates","quota thresholds","agent queue load"],"outputs":["cost-risk signal","quota-risk signal","agent workload report","pipeline cost estimate","margin protection packet"],"controls":["budget guardrails","assumption disclosure","human approval","no infrastructure mutation","no financial guarantees"],"blockedActions":["cloud mutation","billing mutation","service shutdown","secret rotation","financial guarantee"],"ownerPlaceholder":"Platform finance + reliability","firstMilestone":"Add synthetic cost spike, quota exhaustion, pipeline delay, and overloaded-agent signals to TrustOps."},{"id":"operational-benchmark-layer","name":"Operational Benchmark Layer","purpose":"Benchmark structured outputs, schema fidelity, evidence grounding, reasoning-summary validity, semantic consistency, and operational accuracy.","inputs":["synthetic scenarios","expected schemas","rules","evidence cards","workflow expected state","reviewer rubric"],"outputs":["benchmark report","schema-fidelity score","reasoning-validity score","operational-accuracy score","release gate"],"controls":["schema validation","evidence validation","rule checks","external data hooks","human review"],"blockedActions":["leaderboard-only claims","self-verification-only release","clinical validation claim"],"ownerPlaceholder":"Evaluation + TrustOps lead","firstMilestone":"Create no-PHI benchmark fixtures for TrustOps review packets, module briefs, semantic graph nodes, and workflow owner routing."}],"worldModelLayers":[{"id":"time-series-layer","name":"Time-Series Layer","scope":"Tracks temporal order, trends, delays, sequence conflicts, freshness, seasonality, and state changes.","modeledState":["event time","workflow age","trend window","freshness","sequence validity"],"validationSources":["synthetic event stream","timestamp rules","freshness checks","temporal contradiction tests"],"blockedUntil":["Live patient timelines require PHI approval, consent/data-use review, retention rules, and customer authorization."]},{"id":"geography-layer","name":"Geography Layer","scope":"Models site, service area, region, distance, jurisdiction, care availability, and local operating constraints.","modeledState":["facility location","service area","region","travel constraint","jurisdiction"],"validationSources":["synthetic facility map","region policy refs","routing constraints","jurisdiction checks"],"blockedUntil":["Real location or patient travel data requires approved privacy and customer governance."]},{"id":"physical-constraints-layer","name":"Physical Constraints Layer","scope":"Represents rooms, staff, equipment, modality capacity, appointment slots, and operational bottlenecks.","modeledState":["capacity","resource availability","equipment state","queue load","slot feasibility"],"validationSources":["synthetic capacity fixtures","queue simulations","constraint solver checks","operations review"],"blockedUntil":["Production scheduling, staffing, or equipment actions require customer approval and connector review."]},{"id":"clinical-workflow-state-layer","name":"Clinical Workflow State Layer","scope":"Tracks draft, review, escalation, signoff, blocked state, evidence sufficiency, and clinical risk labels.","modeledState":["workflow status","review state","risk level","evidence sufficiency","blocked action"],"validationSources":["ClinicalBench","reviewer rubric","evidence cards","policy gate"],"blockedUntil":["Live clinical workflows require clinical governance, PHI controls, and qualified human review."]},{"id":"payer-rules-layer","name":"Payer Rules Layer","scope":"Represents synthetic payer policy requirements, prior-auth criteria, denial logic, and documentation checklists.","modeledState":["policy version","criteria match","documentation gap","denial reason","manual verification state"],"validationSources":["synthetic payer-policy fixture","rule engine","RCM reviewer rubric","source freshness"],"blockedUntil":["Real payer submissions, appeals, or claims require customer, payer, legal, and compliance approval."]},{"id":"patient-journey-state-layer","name":"Patient Journey State Layer","scope":"Models synthetic journey milestones, handoffs, care gaps, preferences, access state, and continuity risk.","modeledState":["journey milestone","handoff","care gap","access state","continuity risk"],"validationSources":["synthetic journey fixture","care-gap benchmark","human review","policy boundary"],"blockedUntil":["Live patient journey memory requires PHI, consent, retention, deletion, and customer approval."]}],"contextInjectionCadence":[{"cadence":"session-start","action":"Generate a concise planning summary, selected roadmap modules, known boundaries, current task objective, and evidence requirements without exposing hidden chain-of-thought.","retainedMemory":"session context manifest"},{"cadence":"every-turn","action":"List relevant skills/modules, active task reminders, safety boundaries, omitted tools/context, and required validators for the current step.","retainedMemory":"turn context manifest"},{"cadence":"after-state-change","action":"Update task reminders, workflow state, owner, blocked actions, validation status, and next safe action.","retainedMemory":"task reminder ledger"}],"benchmarkDimensions":[{"id":"structured-output-fidelity","name":"Structured Output Fidelity","measures":["schema completeness","field types","required boundaries","stable ids","hash reproducibility"],"passCondition":"Generated output validates against typed schema with required safety and evidence fields.","failureResponse":"Block release and route to module owner with schema errors."},{"id":"schema-fidelity","name":"Schema Fidelity","measures":["nested object shape","array constraints","enum values","score ranges","timestamp validity"],"passCondition":"All structured values conform to expected enum, score, and timestamp rules.","failureResponse":"Regenerate only after schema issue is fixed; do not self-approve."},{"id":"reasoning-validity","name":"Reasoning Validity","measures":["evidence-grounded rationale summary","rule consistency","uncertainty disclosure","contradiction handling"],"passCondition":"Rationale summary is evidence-grounded, rule-consistent, and routed to review when uncertain.","failureResponse":"Escalate to human review and attach contradiction report."},{"id":"operational-accuracy","name":"Operational Accuracy","measures":["owner routing","workflow state","queue state","blocked action","recommended next step"],"passCondition":"Output matches expected synthetic workflow state, owner, and allowed next action.","failureResponse":"Open TrustOps signal and pause automation recommendation."},{"id":"semantic-graph-consistency","name":"Semantic Graph Consistency","measures":["node type","edge type","evidence lineage","policy constraint","conflict detection"],"passCondition":"Graph paths use valid ontology types and expose conflicts.","failureResponse":"Block graph-derived output and send conflict packet to governance review."}],"validation":{"status":"fail","checks":[{"check":"all-user-directives-applied","passed":true,"detail":"All 10 requested build-roadmap directives must be represented."},{"check":"llms-interface-not-whole-system","passed":true,"detail":"LLMs must remain the interface layer, while deterministic systems own state, policy, and execution boundaries."},{"check":"self-correction-not-trusted-alone","passed":true,"detail":"Model self-verification cannot be sufficient without schema, evidence, rule, and human review checks."},{"check":"world-model-layers-covered","passed":true,"detail":"Healthcare world models must include time-series, geography, physical constraints, clinical workflow, payer rules, and patient journey state."},{"check":"workforce-and-resource-modules-present","passed":true,"detail":"Roadmap must include workforce/talent and project/resource management modules."},{"check":"benchmark-dimensions-present","passed":true,"detail":"Benchmark layer must cover structured outputs, schema fidelity, reasoning validity, and operational accuracy."},{"check":"priority-stack-items-present","passed":true,"detail":"Priority stack must include meta-harness, documentation-before-authorization, edge trial evidence, on-device de-identification, Clinical AI Benchmark Lab, Automation Orchestrator, Pre-Indexed Intelligence, and AI Medical Education."},{"check":"governed-healthcare-meta-harness-principle","passed":true,"detail":"SCRIMED must orchestrate agents, data, documentation, evidence, and outcomes with human oversight at every high-stakes step."},{"check":"priority-stack-boundaries-preserved","passed":true,"detail":"Every priority-stack item must preserve blocked production authority and include validation methods."},{"check":"no-phi-and-no-autonomous-actions","passed":false,"detail":"Every roadmap directive must retain no-PHI or synthetic-only boundaries."}]},"currentGoScope":"GO for no-PHI roadmap architecture, synthetic fixtures, internal build planning, schema and benchmark design, module registry updates, and investor/buyer diligence explanation.","noGoScope":"NO-GO for live PHI, autonomous diagnosis, treatment, prescribing, patient outreach, payer submission, billing submission, EHR writeback, production connector use, certification claims, compliance completion claims, clinical validation claims, or customer go-live.","recommendedNextBuildStep":"Implement the Dynamic Context Injection Engine and Operational Benchmark Layer first, then connect workforce/resource synthetic signals to TrustOps before any broader automation expansion."}