Launch Kit

QA Human Run Packet

SCRIMED now has a no-secret dispatch packet for the first approved human AAL2 synthetic QA run.

The Human Run Packet converts Launch Kit readiness into an operator-ready dispatch artifact while keeping execution human-required, proof claims blocked, and clinical, PHI, reimbursement, certification, connector, and production authority outside the product boundary.

Statusmanual-aal2-qa-human-run-packet-ready
Decisiondispatch-template-ready
Workflows2
Controls7
Hard stops3
Attestations4
Post-run routes7
Proof claimblocked

Boundary

Dispatch-ready still means human AAL2 required and not retained authenticated proof.

SCRIMED QA Human Run Packet creates a no-secret dispatch packet for the approved human AAL2 synthetic QA run. It does not execute passkey ceremonies, mint or store tokens, persist packet hashes, process PHI, authorize live clinical care, certify security or compliance, guarantee reimbursement, approve production connectors, or claim retained authenticated QA proof before protected Manual QA Evidence is visible.

01Allowed now: generate a no-secret dispatch packet for an approved operator.
02Allowed now: predefine the exact workflow, target, command templates, safe fields, and post-run checks.
03Not allowed here: execute passkey/AAL2 ceremonies, mint tokens, store credentials, or persist evidence.
04Not allowed yet: claim retained authenticated QA proof, buyer-ready proof, clinical authority, PHI authority, reimbursement certainty, certification, or production connector approval.

Dispatch controls

Every dispatch condition has an owner, pass signal, and fail-closed rule.

required-before-dispatch

Approved human operator

The operator role is tenant-admin or pilot-lead and the AAL2 browser session is fresh.

Tenant-admin or pilot-lead
  • Fail closed: The session is stale, shared, non-AAL2, or the role is not allowed.
required-before-dispatch

Single synthetic target

The packet names one synthetic target and one workspace slug before the run.

Workflow owner
  • Fail closed: The target is broad, production-linked, patient-linked, payer-member-linked, or ambiguous.
required-before-dispatch

Manual workflow only

The selected workflow remains manual and requires require_authenticated_path=true.

Release engineering
  • Fail closed: The workflow is scheduled, unattended, or allows the authenticated path to be optional.
required-after-run

No-secret evidence fields

Only workflow ID, run URL, timestamp, safe object UUIDs, packet hash, and audit UUID are copied.

TrustOS reviewer
  • Fail closed: Tokens, credentials, PHI, payer member data, legal artifacts, reports, contracts, or clinical records appear.
hard-stop

Protected packet visibility

Protected Manual QA Evidence shows packet SHA-256 and append-only audit event visibility.

Tenant governance operator
  • Fail closed: Only a public packet preview, operator assertion, screenshot, or chat statement exists.
hard-stop

Proof and claim gates

Completion Bridge, Activation Seal, Proof Promotion, Claim Guard, and Buyer Proof Release all preserve the retained-packet boundary.

Buyer diligence and claims governance
  • Fail closed: Any buyer, investor, sales, PR, or operator language claims retained proof or production authority too early.
hard-stop

Clinical authority blocked

The packet remains a governed synthetic QA dispatch artifact only.

Clinical, legal, privacy, security, compliance, and customer authority owners
  • Fail closed: The packet is used as clinical care, PHI, payer submission, reimbursement, certification, connector, or regional approval.

Workflow packets

The packet names the workflow, target, command templates, safe evidence, and post-run proof gates.

sales-demo-session-qa

Sales Demo Session QA activation

Default synthetic target: synthetic-sales-opportunity-intake-id. Buyer proof remains blocked until protected packet SHA-256 and append-only audit event visibility exist.

Dispatch

.github/workflows/sales-demo-session-qa-smoke.yml

{
  "base_url": "https://app.scrimedsolutions.com",
  "intake_id": "<synthetic-sales-opportunity-intake-id>",
  "require_authenticated_path": true
}
Preflight

SCRIMED_SALES_QA_BEARER_TOKEN

SCRIMED_REQUIRE_SALES_QA=1 SCRIMED_SALES_QA_INTAKE_ID=<synthetic-intake-id> SCRIMED_SALES_QA_BEARER_TOKEN=<short-lived-aal2-token> node scripts/sales-demo-session-qa-token-preflight.mjs
Smoke

/api/qa-evidence/manual-run-packet

SCRIMED_REQUIRE_SALES_QA=1 SCRIMED_BASE_URL=https://app.scrimedsolutions.com SCRIMED_SALES_QA_INTAKE_ID=<synthetic-intake-id> SCRIMED_SALES_QA_BEARER_TOKEN=<short-lived-aal2-token> node scripts/sales-demo-session-qa-smoke.mjs
Safe evidence

/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets

{
  "workflowKind": "sales-demo-session-qa",
  "workflowRunId": "<numeric-scrimed-manual-run-id>",
  "workflowRunUrl": "https://app.scrimedsolutions.com/qa-run-control?runId=<numeric-scrimed-manual-run-id>",
  "executedAt": "<iso-8601-run-timestamp>",
  "baseUrl": "https://app.scrimedsolutions.com",
  "intakeId": "<synthetic-sales-opportunity-intake-id>",
  "createdSessionId": "<created-demo-session-uuid>",
  "packetAuditEventId": "<demo-session-packet-audit-event-uuid>",
  "qaOutcome": "pass",
  "operatorAttestation": "no-secrets-no-phi-aal2-human-run",
  "tokenDisposalAttestation": "temporary-token-deleted-or-rotated",
  "dataBoundary": "synthetic-business-workflow-only"
}
Operator sequence

12 steps

  • Open /pilot-workspace/access in a fresh browser session and verify AAL2 posture.
  • Confirm protected workspace slug {workspaceSlug}.
  • Create only the temporary masked workflow secret for the selected run.
  • Run the preflight command before dispatching the authenticated workflow.
  • Dispatch the manual workflow with require_authenticated_path=true and one explicit synthetic target.
  • Copy only the safe metadata fields from the completed run.
  • Delete or rotate the temporary secret before generating or persisting evidence.
  • Validate no-secret metadata through /qa-completion-bridge.
  • Generate the Markdown packet through /api/qa-evidence/manual-run-packet.
  • Persist only accepted metadata through /api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets.
  • Confirm /qa-activation-seal, /qa-proof-promotion, and /qa-claim-guard.
  • Export Buyer Diligence only after protected packet SHA-256 and audit visibility exist.
Abort if

7 hard stops

  • No fresh human AAL2 session is available.
  • The target is not synthetic or metadata-only.
  • The token preflight fails or the token lifetime is too long.
  • The workflow requires a long-lived or committed credential.
  • Any evidence field contains a token, credential, PHI, patient identifier, payer member identifier, artifact URL, legal approval, security report, reimbursement determination, or production clinical record.
  • The operator cannot delete or rotate the temporary secret after the run.
  • Buyer Diligence is requested before no-secret evidence metadata is retained.
authority-reference-qa

Authority Reference QA activation

Default synthetic target: atlas-synthetic-evaluation. Buyer proof remains blocked until protected packet SHA-256 and append-only audit event visibility exist.

Dispatch

.github/workflows/authority-reference-qa-smoke.yml

{
  "base_url": "https://app.scrimedsolutions.com",
  "workspace_slug": "atlas-synthetic-evaluation",
  "require_authenticated_path": true
}
Preflight

SCRIMED_BEARER_TOKEN

SCRIMED_REQUIRE_AUTHORITY_REFERENCE_QA=1 SCRIMED_WORKSPACE_SLUG=<synthetic-workspace-slug> SCRIMED_BEARER_TOKEN=<short-lived-aal2-token> node scripts/authority-artifact-reference-qa-token-preflight.mjs
Smoke

/api/qa-evidence/manual-run-packet

SCRIMED_REQUIRE_AUTHORITY_REFERENCE_QA=1 SCRIMED_BASE_URL=https://app.scrimedsolutions.com SCRIMED_WORKSPACE_SLUG=<synthetic-workspace-slug> SCRIMED_BEARER_TOKEN=<short-lived-aal2-token> node scripts/authority-artifact-reference-qa-smoke.mjs
Safe evidence

/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets

{
  "workflowKind": "authority-reference-qa",
  "workflowRunId": "<numeric-scrimed-manual-run-id>",
  "workflowRunUrl": "https://app.scrimedsolutions.com/qa-run-control?runId=<numeric-scrimed-manual-run-id>",
  "executedAt": "<iso-8601-run-timestamp>",
  "baseUrl": "https://app.scrimedsolutions.com",
  "intakeId": "atlas-synthetic-evaluation",
  "createdSessionId": "<created-authority-reference-uuid>",
  "packetAuditEventId": "<authority-reference-packet-audit-event-uuid>",
  "qaOutcome": "pass",
  "operatorAttestation": "no-secrets-no-phi-aal2-human-run",
  "tokenDisposalAttestation": "temporary-token-deleted-or-rotated",
  "dataBoundary": "synthetic-business-workflow-only"
}
Operator sequence

12 steps

  • Open /pilot-workspace/access in a fresh browser session and verify AAL2 posture.
  • Confirm protected workspace slug atlas-synthetic-evaluation.
  • Create only the temporary masked workflow secret for the selected run.
  • Run the preflight command before dispatching the authenticated workflow.
  • Dispatch the manual workflow with require_authenticated_path=true and one explicit synthetic target.
  • Copy only the safe metadata fields from the completed run.
  • Delete or rotate the temporary secret before generating or persisting evidence.
  • Validate no-secret metadata through /qa-completion-bridge.
  • Generate the Markdown packet through /api/qa-evidence/manual-run-packet.
  • Persist only accepted metadata through /api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets.
  • Confirm /qa-activation-seal, /qa-proof-promotion, and /qa-claim-guard.
  • Export Buyer Diligence only after protected packet SHA-256 and audit visibility exist.
Abort if

7 hard stops

  • No fresh human AAL2 session is available.
  • The target is not synthetic or metadata-only.
  • The token preflight fails or the token lifetime is too long.
  • The workflow requires a long-lived or committed credential.
  • Any evidence field contains a token, credential, PHI, patient identifier, payer member identifier, artifact URL, legal approval, security report, reimbursement determination, or production clinical record.
  • The operator cannot delete or rotate the temporary secret after the run.
  • Buyer Diligence is requested before no-secret evidence metadata is retained.

Post-run route chain

The packet is only complete after protected persistence and proof gates are checked.

01/qa-completion-bridge
02/api/qa-evidence/manual-run-packet
03/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets
04/qa-activation-seal
05/qa-proof-promotion
06/qa-claim-guard
07/pilot-workspace/access#buyer-room

Blocked claims

The run packet cannot be used as production authority or retained proof by itself.

01retained authenticated QA proof
02human AAL2 workflow completed
03live clinical care authorized
04PHI processing authorized
05HIPAA certified
06HIPAA compliant
07SOC 2 certified
08FDA cleared
09FDA approved
10reimbursement guaranteed
11production connector approved
12autonomous diagnosis authorized
13autonomous treatment authorized
14patient outreach authorized
15payer submission authorized