# SCRIMED Operating Command Center

Status: scrimed-operating-command-center-ready-no-phi
API: /api/scrimed-operating-command

## Boundary
SCRIMED Operating Command Center is a synthetic/no-PHI execution planning layer. It improves systems, agents, infrastructure, workflows, services, products, UI, and interfaces without authorizing live PHI, autonomous diagnosis, treatment, prescribing, patient outreach, payer submission, billing submission, EHR writeback, production connector approval, certification claims, clinical validation claims, or customer go-live.

## Operating Lanes
- P0 agent-runtime-context-binding: Require every synthetic agent response to include context manifest id, policy version, blocked-action list, proof route, and audit hash. Owner: AgentOS + TrustOS. Mode: synthetic_recommendation_only. Boundary: No agent output becomes clinical authority or external action without qualified human review and future approval.
- P0 workflow-orchestration-release-train: Promote workflows through draft, synthetic QA, protected operator run, buyer proof, and external approval stages with explicit demotion triggers. Owner: Workflow Runtime + Service Delivery. Mode: human_review_queue_only. Boundary: Workflow orchestration may queue and recommend; it cannot submit, outreach, mutate records, or activate customers.
- P0 infrastructure-reliability-control-loop: Add release-candidate health evidence to the operating console and require generated-integrity pass before build/typecheck. Owner: Platform Reliability. Mode: read_only_metadata. Boundary: Passing local gates does not authorize production deploy, customer go-live, security certification, or PHI processing.
- P1 product-interface-command-surface: Expose a single command surface that ranks active lanes, shows proof links, and clarifies the retained boundary per lane. Owner: Product Engineering + UX. Mode: read_only_metadata. Boundary: A better interface is not customer permission, production readiness approval, or regulatory approval.
- P1 service-product-packaging-loop: For every buyer-facing product, require one demo path, one pilot path, one proof packet, one delivery artifact, and one no-go statement. Owner: Revenue Operations + Delivery. Mode: synthetic_recommendation_only. Boundary: Commercial packaging cannot imply signed customer authority, ROI guarantee, legal approval, or production activation.
- P1 interoperability-safety-adapter-lane: Route all connector work through schema validation, de-identification, provenance, and approval artifacts before any production integration. Owner: Interoperability + Security. Mode: protected_operator_run_required. Boundary: Synthetic adapter readiness does not authorize live FHIR, HL7, DICOM, X12, EHR, payer, or device connections.
- P1 mlops-evaluation-feedback-loop: Require every model route to emit cost class, latency class, confidence, correctness caveat, fallback, and reviewer outcome placeholder. Owner: MLOps + Clinical QA. Mode: read_only_metadata. Boundary: MLOps evidence can support review but cannot replace clinical validation, security review, or customer approval.
- P0 governance-revenue-approval-stack: Before a revenue claim expands, require owner, evidence route, risk category, allowed wording, blocked wording, and approval state. Owner: Executive Operating Council + Legal/Security Advisors. Mode: human_review_queue_only. Boundary: Governance can prepare diligence and claims controls; it cannot create legal approval, audited finance, or certification status.

## Cadence
- daily: Did any generated artifact, smoke, typecheck, lint, or build gate regress? Owner: Platform Reliability. Fail closed: Any gate fails or emits secret/token-like output.
- weekly: Which product/service lane has the highest safe revenue impact this week? Owner: Product + Revenue Operations. Fail closed: Missing proof packet, unclear boundary, or unsupported buyer claim.
- release-candidate: Can this capability move from synthetic readiness to protected operator evidence review? Owner: Release Steward + TrustOS. Fail closed: AAL2 missing, durable evidence incomplete, or preserved boundary requested without approval.
- quarterly: Which approvals, certifications, security controls, clinical reviews, and partnerships unblock the next market stage? Owner: Executive Operating Council. Fail closed: Any claim depends on unverified certification, clinical validation, production connector approval, or customer authority.

## Evidence Packets
- scrimed-operating-evidence-agent-runtime-context-binding: synthetic-qa-required; state missing-required-evidence; missing human-review-disposition; hash d003294d1d7ad939
- scrimed-operating-evidence-workflow-orchestration-release-train: synthetic-qa-required; state missing-required-evidence; missing human-review-disposition, fresh-aal2-operator-run; hash f675ed503078ce95
- scrimed-operating-evidence-infrastructure-reliability-control-loop: blocked-before-production; state missing-required-evidence; missing current-gate-pass-evidence; hash 2d8cfb02e0f4350f
- scrimed-operating-evidence-product-interface-command-surface: synthetic-ready; state complete-for-synthetic; missing none; hash f8badb99afb745ec
- scrimed-operating-evidence-service-product-packaging-loop: synthetic-qa-required; state missing-required-evidence; missing human-review-disposition; hash 078a99e31513d1c4
- scrimed-operating-evidence-interoperability-safety-adapter-lane: external-approval-required; state approval-blocked; missing human-review-disposition, fresh-aal2-operator-run, external-approval-artifact; hash ca04b9a4fb7aa947
- scrimed-operating-evidence-mlops-evaluation-feedback-loop: synthetic-qa-required; state missing-required-evidence; missing human-review-disposition; hash 18b9a72827d486f3
- scrimed-operating-evidence-governance-revenue-approval-stack: synthetic-qa-required; state missing-required-evidence; missing human-review-disposition; hash e481ee983982dfaa

## Validation
- FAIL covers-core-operating-domains: The command center must cover agents, infrastructure, workflows, products, services, and interface improvements.
- PASS p0-lanes-have-human-or-gate-control: Highest-priority lanes must have explicit gates and blocked actions.
- PASS no-autonomous-production-execution: Protected lanes require human review and operator authority; no lane executes production actions autonomously.
- PASS proof-and-api-routes-present: Every lane must point to proof routes and APIs so operators can inspect evidence.
- PASS kpis-are-measurable: Every lane needs measurable outcomes instead of broad strategy text.
- PASS preserved-boundaries-explicit: The command center must preserve SCRIMED no-go boundaries.
- PASS evidence-packets-cover-every-lane: Every operating lane must have a deterministic evidence packet.
- FAIL protected-packets-require-aal2: Protected operator packets must require fresh AAL2 evidence and stay out of public execution.
- PASS evidence-packets-do-not-authorize-production: Evidence packets can plan and route review only; they cannot authorize production actions.
- PASS evidence-packets-have-deterministic-hashes: Every evidence packet must carry a deterministic short audit hash.

## Next Build Step
Use the evidence packets to drive weekly operating review, then add protected operator persistence only after a fresh AAL2 run and boundary-release approval are available.
