Buyer Proof Release

Manual QA Execution Console

SCRIMED now has one protected command lane for human AAL2 synthetic QA execution.

The console ties operator readiness, manual workflow dispatch, no-secret evidence capture, retained packet visibility, audit signals, and Buyer Proof Release into one bounded execution path.

Statusmanual-aal2-qa-execution-console-ready
Console stateoperator-aal2-run-required
Workflows2
Stages6
Hard stops8
Blocked claims7
Buyer prooflocked
Data boundarysynthetic only

Boundary

SCRIMED has a protected operator console for human AAL2 synthetic QA execution, but no buyer proof or production authority exists until retained no-secret packet evidence and Buyer Proof Release pass.

SCRIMED Manual QA Execution Console coordinates human AAL2 synthetic QA execution, retained no-secret evidence capture, and Buyer Proof Release checks. It does not execute passkey ceremonies, mint or store tokens, store PHI, run unattended authenticated CI, certify security or compliance, authorize live clinical care, guarantee reimbursement, approve production connectors, or create public release authority.

01Fresh human AAL2 operator session: blocked
02Manual workflow dispatched against one synthetic target: blocked
03Temporary secret deleted or rotated: blocked
04No-secret metadata captured: blocked
05Append-only audit signal visible: blocked
06Buyer Proof Release passed: blocked

Execution stages

The console is built around retained packet visibility, not operator assertions.

blocked

Fresh human AAL2 operator session

No retained packet is visible yet; the operator must complete the protected browser session and manual workflow.

Tenant-admin or pilot-lead
  • Open the protected workspace with a fresh AAL2 session before dispatch.
blocked

Manual workflow dispatched against one synthetic target

The console has no retained workflow run ID yet.

Release engineering and human operator
  • Use the Human Run Packet command template and one explicit synthetic target.
blocked

Temporary secret deleted or rotated

No token-disposal attestation is retained yet.

Security owner and operator
  • Delete or rotate temporary token material before packet persistence.
blocked

No-secret metadata captured

No packet hash is visible yet.

TrustOS reviewer
  • Persist only safe IDs, timestamps, run URL, packet audit UUID, and fixed attestations.
blocked

Append-only audit signal visible

No manual QA evidence audit signal is visible.

Tenant governance
  • Refresh protected audit events after packet persistence.
blocked

Buyer Proof Release passed

Buyer Proof Release state: locked-retained-packet-required.

Buyer diligence and claims governance
  • Complete the human AAL2 run, persist no-secret metadata, then verify Proof Promotion, Activation Seal, Claim Guard, and this release gate before Buyer Diligence export.

Approved workflows

Only two synthetic AAL2 QA workflows are currently allowed through this console.

sales-demo-session-qa

Sales Demo Session QA activation

Target synthetic-sales-opportunity-intake-id. Temporary secret SCRIMED_SALES_QA_BEARER_TOKEN. Buyer proof stays locked until the protected workspace can read retained packet metadata.

preflight

.github/workflows/sales-demo-session-qa-smoke.yml

SCRIMED_REQUIRE_SALES_QA=1 SCRIMED_SALES_QA_INTAKE_ID=<synthetic-intake-id> SCRIMED_SALES_QA_BEARER_TOKEN=<short-lived-aal2-token> node scripts/sales-demo-session-qa-token-preflight.mjs
smoke

/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets

SCRIMED_REQUIRE_SALES_QA=1 SCRIMED_BASE_URL=https://app.scrimedsolutions.com SCRIMED_SALES_QA_INTAKE_ID=<synthetic-intake-id> SCRIMED_SALES_QA_BEARER_TOKEN=<short-lived-aal2-token> node scripts/sales-demo-session-qa-smoke.mjs
safe evidence

13 fields

  • workflowKind
  • workflowRunId
  • workflowRunUrl
  • executedAt
  • baseUrl
  • synthetic sales opportunity intake ID
  • created demo session UUID
  • demo session packet audit event UUID
  • qaOutcome=pass
  • operatorAttestation=no-secrets-no-phi-aal2-human-run
  • tokenDisposalAttestation=temporary-token-deleted-or-rotated
  • dataBoundary=synthetic-business-workflow-only
  • packetSha256 after protected persistence
authority-reference-qa

Authority Reference QA activation

Target atlas-synthetic-evaluation. Temporary secret SCRIMED_BEARER_TOKEN. Buyer proof stays locked until the protected workspace can read retained packet metadata.

preflight

.github/workflows/authority-reference-qa-smoke.yml

SCRIMED_REQUIRE_AUTHORITY_REFERENCE_QA=1 SCRIMED_WORKSPACE_SLUG=<synthetic-workspace-slug> SCRIMED_BEARER_TOKEN=<short-lived-aal2-token> node scripts/authority-artifact-reference-qa-token-preflight.mjs
smoke

/api/pilot-workspaces/{workspaceSlug}/qa-evidence/manual-run-packets

SCRIMED_REQUIRE_AUTHORITY_REFERENCE_QA=1 SCRIMED_BASE_URL=https://app.scrimedsolutions.com SCRIMED_WORKSPACE_SLUG=<synthetic-workspace-slug> SCRIMED_BEARER_TOKEN=<short-lived-aal2-token> node scripts/authority-artifact-reference-qa-smoke.mjs
safe evidence

13 fields

  • workflowKind
  • workflowRunId
  • workflowRunUrl
  • executedAt
  • baseUrl
  • workspace slug as synthetic target
  • created authority reference UUID
  • authority reference packet audit event UUID
  • qaOutcome=pass
  • operatorAttestation=no-secrets-no-phi-aal2-human-run
  • tokenDisposalAttestation=temporary-token-deleted-or-rotated
  • dataBoundary=synthetic-business-workflow-only
  • packetSha256 after protected persistence

Hard stops

The console refuses proof promotion when safety, privacy, or authority boundaries are unclear.

01No fresh human AAL2 tenant governance session is available.
02The operator cannot identify one explicit synthetic target.
03The workflow is scheduled, unattended, or does not require the authenticated path.
04The preflight token check fails or a long-lived credential is requested.
05Any candidate evidence includes bearer tokens, refresh tokens, API keys, passwords, PHI, patient identifiers, payer member identifiers, clinical records, legal opinions, security reports, artifact URLs, reimbursement determinations, or production credentials.
06Temporary token material was not deleted or rotated after the run.
07Protected Manual QA Evidence cannot show a packet SHA-256 and append-only audit event.
08Buyer Diligence or public language claims retained proof, live clinical care authority, PHI authority, certification, reimbursement certainty, connector approval, or production authorization before protected release.