Manual QA Execution Console
SCRIMED now has one protected command lane for human AAL2 synthetic QA execution.
The console ties operator readiness, manual workflow dispatch, no-secret evidence capture, retained packet visibility, audit signals, and Buyer Proof Release into one bounded execution path.
Boundary
SCRIMED has a protected operator console for human AAL2 synthetic QA execution, but no buyer proof or production authority exists until retained no-secret packet evidence and Buyer Proof Release pass.
SCRIMED Manual QA Execution Console coordinates human AAL2 synthetic QA execution, retained no-secret evidence capture, and Buyer Proof Release checks. It does not execute passkey ceremonies, mint or store tokens, store PHI, run unattended authenticated CI, certify security or compliance, authorize live clinical care, guarantee reimbursement, approve production connectors, or create public release authority.
Execution stages
The console is built around retained packet visibility, not operator assertions.
Fresh human AAL2 operator session
No retained packet is visible yet; the operator must complete the protected browser session and manual workflow.
- Open the protected workspace with a fresh AAL2 session before dispatch.
Manual workflow dispatched against one synthetic target
The console has no retained workflow run ID yet.
- Use the Human Run Packet command template and one explicit synthetic target.
Temporary secret deleted or rotated
No token-disposal attestation is retained yet.
- Delete or rotate temporary token material before packet persistence.
No-secret metadata captured
No packet hash is visible yet.
- Persist only safe IDs, timestamps, run URL, packet audit UUID, and fixed attestations.
Append-only audit signal visible
No manual QA evidence audit signal is visible.
- Refresh protected audit events after packet persistence.
Buyer Proof Release passed
Buyer Proof Release state: locked-retained-packet-required.
- Complete the human AAL2 run, persist no-secret metadata, then verify Proof Promotion, Activation Seal, Claim Guard, and this release gate before Buyer Diligence export.
Approved workflows
Only two synthetic AAL2 QA workflows are currently allowed through this console.
Sales Demo Session QA activation
Target synthetic-sales-opportunity-intake-id. Temporary secret SCRIMED_SALES_QA_BEARER_TOKEN. Buyer proof stays locked until the protected workspace can read retained packet metadata.
.github/workflows/sales-demo-session-qa-smoke.yml
SCRIMED_REQUIRE_SALES_QA=1 SCRIMED_SALES_QA_INTAKE_ID=<synthetic-intake-id> SCRIMED_SALES_QA_BEARER_TOKEN=<short-lived-aal2-token> node scripts/sales-demo-session-qa-token-preflight.mjs
/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets
SCRIMED_REQUIRE_SALES_QA=1 SCRIMED_BASE_URL=https://app.scrimedsolutions.com SCRIMED_SALES_QA_INTAKE_ID=<synthetic-intake-id> SCRIMED_SALES_QA_BEARER_TOKEN=<short-lived-aal2-token> node scripts/sales-demo-session-qa-smoke.mjs
13 fields
- workflowKind
- workflowRunId
- workflowRunUrl
- executedAt
- baseUrl
- synthetic sales opportunity intake ID
- created demo session UUID
- demo session packet audit event UUID
- qaOutcome=pass
- operatorAttestation=no-secrets-no-phi-aal2-human-run
- tokenDisposalAttestation=temporary-token-deleted-or-rotated
- dataBoundary=synthetic-business-workflow-only
- packetSha256 after protected persistence
Authority Reference QA activation
Target atlas-synthetic-evaluation. Temporary secret SCRIMED_BEARER_TOKEN. Buyer proof stays locked until the protected workspace can read retained packet metadata.
.github/workflows/authority-reference-qa-smoke.yml
SCRIMED_REQUIRE_AUTHORITY_REFERENCE_QA=1 SCRIMED_WORKSPACE_SLUG=<synthetic-workspace-slug> SCRIMED_BEARER_TOKEN=<short-lived-aal2-token> node scripts/authority-artifact-reference-qa-token-preflight.mjs
/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets
SCRIMED_REQUIRE_AUTHORITY_REFERENCE_QA=1 SCRIMED_BASE_URL=https://app.scrimedsolutions.com SCRIMED_WORKSPACE_SLUG=<synthetic-workspace-slug> SCRIMED_BEARER_TOKEN=<short-lived-aal2-token> node scripts/authority-artifact-reference-qa-smoke.mjs
13 fields
- workflowKind
- workflowRunId
- workflowRunUrl
- executedAt
- baseUrl
- workspace slug as synthetic target
- created authority reference UUID
- authority reference packet audit event UUID
- qaOutcome=pass
- operatorAttestation=no-secrets-no-phi-aal2-human-run
- tokenDisposalAttestation=temporary-token-deleted-or-rotated
- dataBoundary=synthetic-business-workflow-only
- packetSha256 after protected persistence
Hard stops