QA Human Run Packet
SCRIMED now has a no-secret dispatch packet for the first approved human AAL2 synthetic QA run.
The Human Run Packet converts Launch Kit readiness into an operator-ready dispatch artifact while keeping execution human-required, proof claims blocked, and clinical, PHI, reimbursement, certification, connector, and production authority outside the product boundary.
Boundary
Dispatch-ready still means human AAL2 required and not retained authenticated proof.
SCRIMED QA Human Run Packet creates a no-secret dispatch packet for the approved human AAL2 synthetic QA run. It does not execute passkey ceremonies, mint or store tokens, persist packet hashes, process PHI, authorize live clinical care, certify security or compliance, guarantee reimbursement, approve production connectors, or claim retained authenticated QA proof before protected Manual QA Evidence is visible.
Dispatch controls
Every dispatch condition has an owner, pass signal, and fail-closed rule.
Approved human operator
The operator role is tenant-admin or pilot-lead and the AAL2 browser session is fresh.
- Fail closed: The session is stale, shared, non-AAL2, or the role is not allowed.
Single synthetic target
The packet names one synthetic target and one workspace slug before the run.
- Fail closed: The target is broad, production-linked, patient-linked, payer-member-linked, or ambiguous.
Manual workflow only
The selected workflow remains manual and requires require_authenticated_path=true.
- Fail closed: The workflow is scheduled, unattended, or allows the authenticated path to be optional.
No-secret evidence fields
Only workflow ID, run URL, timestamp, safe object UUIDs, packet hash, and audit UUID are copied.
- Fail closed: Tokens, credentials, PHI, payer member data, legal artifacts, reports, contracts, or clinical records appear.
Protected packet visibility
Protected Manual QA Evidence shows packet SHA-256 and append-only audit event visibility.
- Fail closed: Only a public packet preview, operator assertion, screenshot, or chat statement exists.
Proof and claim gates
Completion Bridge, Activation Seal, Proof Promotion, Claim Guard, and Buyer Proof Release all preserve the retained-packet boundary.
- Fail closed: Any buyer, investor, sales, PR, or operator language claims retained proof or production authority too early.
Clinical authority blocked
The packet remains a governed synthetic QA dispatch artifact only.
- Fail closed: The packet is used as clinical care, PHI, payer submission, reimbursement, certification, connector, or regional approval.
Workflow packets
The packet names the workflow, target, command templates, safe evidence, and post-run proof gates.
Sales Demo Session QA activation
Default synthetic target: synthetic-sales-opportunity-intake-id. Buyer proof remains blocked until protected packet SHA-256 and append-only audit event visibility exist.
.github/workflows/sales-demo-session-qa-smoke.yml
{
"base_url": "https://app.scrimedsolutions.com",
"intake_id": "<synthetic-sales-opportunity-intake-id>",
"require_authenticated_path": true
}SCRIMED_SALES_QA_BEARER_TOKEN
SCRIMED_REQUIRE_SALES_QA=1 SCRIMED_SALES_QA_INTAKE_ID=<synthetic-intake-id> SCRIMED_SALES_QA_BEARER_TOKEN=<short-lived-aal2-token> node scripts/sales-demo-session-qa-token-preflight.mjs
/api/qa-evidence/manual-run-packet
SCRIMED_REQUIRE_SALES_QA=1 SCRIMED_BASE_URL=https://app.scrimedsolutions.com SCRIMED_SALES_QA_INTAKE_ID=<synthetic-intake-id> SCRIMED_SALES_QA_BEARER_TOKEN=<short-lived-aal2-token> node scripts/sales-demo-session-qa-smoke.mjs
/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets
{
"workflowKind": "sales-demo-session-qa",
"workflowRunId": "<numeric-scrimed-manual-run-id>",
"workflowRunUrl": "https://app.scrimedsolutions.com/qa-run-control?runId=<numeric-scrimed-manual-run-id>",
"executedAt": "<iso-8601-run-timestamp>",
"baseUrl": "https://app.scrimedsolutions.com",
"intakeId": "<synthetic-sales-opportunity-intake-id>",
"createdSessionId": "<created-demo-session-uuid>",
"packetAuditEventId": "<demo-session-packet-audit-event-uuid>",
"qaOutcome": "pass",
"operatorAttestation": "no-secrets-no-phi-aal2-human-run",
"tokenDisposalAttestation": "temporary-token-deleted-or-rotated",
"dataBoundary": "synthetic-business-workflow-only"
}12 steps
- Open /pilot-workspace/access in a fresh browser session and verify AAL2 posture.
- Confirm protected workspace slug {workspaceSlug}.
- Create only the temporary masked workflow secret for the selected run.
- Run the preflight command before dispatching the authenticated workflow.
- Dispatch the manual workflow with require_authenticated_path=true and one explicit synthetic target.
- Copy only the safe metadata fields from the completed run.
- Delete or rotate the temporary secret before generating or persisting evidence.
- Validate no-secret metadata through /qa-completion-bridge.
- Generate the Markdown packet through /api/qa-evidence/manual-run-packet.
- Persist only accepted metadata through /api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets.
- Confirm /qa-activation-seal, /qa-proof-promotion, and /qa-claim-guard.
- Export Buyer Diligence only after protected packet SHA-256 and audit visibility exist.
7 hard stops
- No fresh human AAL2 session is available.
- The target is not synthetic or metadata-only.
- The token preflight fails or the token lifetime is too long.
- The workflow requires a long-lived or committed credential.
- Any evidence field contains a token, credential, PHI, patient identifier, payer member identifier, artifact URL, legal approval, security report, reimbursement determination, or production clinical record.
- The operator cannot delete or rotate the temporary secret after the run.
- Buyer Diligence is requested before no-secret evidence metadata is retained.
Authority Reference QA activation
Default synthetic target: atlas-synthetic-evaluation. Buyer proof remains blocked until protected packet SHA-256 and append-only audit event visibility exist.
.github/workflows/authority-reference-qa-smoke.yml
{
"base_url": "https://app.scrimedsolutions.com",
"workspace_slug": "atlas-synthetic-evaluation",
"require_authenticated_path": true
}SCRIMED_BEARER_TOKEN
SCRIMED_REQUIRE_AUTHORITY_REFERENCE_QA=1 SCRIMED_WORKSPACE_SLUG=<synthetic-workspace-slug> SCRIMED_BEARER_TOKEN=<short-lived-aal2-token> node scripts/authority-artifact-reference-qa-token-preflight.mjs
/api/qa-evidence/manual-run-packet
SCRIMED_REQUIRE_AUTHORITY_REFERENCE_QA=1 SCRIMED_BASE_URL=https://app.scrimedsolutions.com SCRIMED_WORKSPACE_SLUG=<synthetic-workspace-slug> SCRIMED_BEARER_TOKEN=<short-lived-aal2-token> node scripts/authority-artifact-reference-qa-smoke.mjs
/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets
{
"workflowKind": "authority-reference-qa",
"workflowRunId": "<numeric-scrimed-manual-run-id>",
"workflowRunUrl": "https://app.scrimedsolutions.com/qa-run-control?runId=<numeric-scrimed-manual-run-id>",
"executedAt": "<iso-8601-run-timestamp>",
"baseUrl": "https://app.scrimedsolutions.com",
"intakeId": "atlas-synthetic-evaluation",
"createdSessionId": "<created-authority-reference-uuid>",
"packetAuditEventId": "<authority-reference-packet-audit-event-uuid>",
"qaOutcome": "pass",
"operatorAttestation": "no-secrets-no-phi-aal2-human-run",
"tokenDisposalAttestation": "temporary-token-deleted-or-rotated",
"dataBoundary": "synthetic-business-workflow-only"
}12 steps
- Open /pilot-workspace/access in a fresh browser session and verify AAL2 posture.
- Confirm protected workspace slug atlas-synthetic-evaluation.
- Create only the temporary masked workflow secret for the selected run.
- Run the preflight command before dispatching the authenticated workflow.
- Dispatch the manual workflow with require_authenticated_path=true and one explicit synthetic target.
- Copy only the safe metadata fields from the completed run.
- Delete or rotate the temporary secret before generating or persisting evidence.
- Validate no-secret metadata through /qa-completion-bridge.
- Generate the Markdown packet through /api/qa-evidence/manual-run-packet.
- Persist only accepted metadata through /api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets.
- Confirm /qa-activation-seal, /qa-proof-promotion, and /qa-claim-guard.
- Export Buyer Diligence only after protected packet SHA-256 and audit visibility exist.
7 hard stops
- No fresh human AAL2 session is available.
- The target is not synthetic or metadata-only.
- The token preflight fails or the token lifetime is too long.
- The workflow requires a long-lived or committed credential.
- Any evidence field contains a token, credential, PHI, patient identifier, payer member identifier, artifact URL, legal approval, security report, reimbursement determination, or production clinical record.
- The operator cannot delete or rotate the temporary secret after the run.
- Buyer Diligence is requested before no-secret evidence metadata is retained.
Post-run route chain
The packet is only complete after protected persistence and proof gates are checked.
Blocked claims