Run Control

Manual QA Proof Promotion

SCRIMED now has a clear rule for when manual AAL2 QA evidence can become buyer proof.

Proof Promotion keeps the current state honest: activation-ready until a protected no-secret packet hash is retained, buyer-ready only after packet visibility, and still blocked for clinical, PHI, security, reimbursement, or production authorization claims.

Statusmanual-aal2-qa-proof-promotion-gate-ready
Decisionpending-retained-packet
Promotionblocked
Rules5
Hard stops3
Evidence fields10
Blocked claims9
Boundarysynthetic only

Current decision

SCRIMED has an operator-ready manual AAL2 QA path, but retained authenticated QA proof is still pending.

Buyer-facing proof may reference activation readiness, Run Control, and fail-closed checks, but not retained authenticated QA proof.

SCRIMED Manual QA Proof Promotion decides when retained no-secret human AAL2 QA packet metadata can be referenced in buyer diligence. It does not execute AAL2 workflows, store tokens, store PHI, certify security or compliance, authorize live clinical care, guarantee reimbursement, approve production connectors, or allow authenticated-proof claims before a protected packet hash is visible.

01Allowed now: SCRIMED can explain exactly when manual AAL2 QA evidence may be promoted into buyer diligence.
02Allowed now: SCRIMED can keep buyer proof in activation-ready posture until packet hashes are retained.
03Allowed after retained packet: SCRIMED can cite no-secret workflow run metadata and packet SHA-256 for a synthetic QA workflow.
04Never allowed from this gate alone: live clinical care, PHI processing, payer submission, production connector approval, security certification, reimbursement certainty, or autonomous clinical action.

Promotion rules

Buyer proof changes only after a retained no-secret packet hash is visible.

hard-stop

Retained packet hash required

Describe the workflow as activation-ready or operator-ready only.

Reference the retained packet hash and workflow run ID in buyer diligence.
  • No hash means no retained authenticated QA proof claim.
hard-stop

No-secret evidence only

Reject bearer tokens, refresh tokens, credentials, PHI, payer data, artifacts, URLs, legal opinions, and security reports.

Use only safe metadata fields and the packet SHA-256.
  • The token itself is never evidence.
active

Human AAL2 provenance required

Use Run Control and Manual QA Evidence capture under a fresh human AAL2 session.

State that the packet records a human-run synthetic QA workflow.
  • AAL2 provenance is not clinical, legal, reimbursement, or production authorization.
active

Buyer Diligence export after persistence

Keep Buyer Diligence language in pending activation posture.

Allow Buyer Diligence to include retained packet count, run ID, packet hash, and audit event reference.
  • Buyer proof is limited to governed synthetic QA evidence.
hard-stop

Clinical and production claims remain blocked

Do not imply live care, PHI processing, payer submission, or connector approval.

Continue blocking live clinical, PHI, payer, reimbursement, security-certification, and production-launch claims.
  • Retained QA proof improves diligence; it does not unlock production clinical execution.

Required evidence

The packet must contain only safe metadata before buyer proof can reference it.

01

workflow kind

Required for retained synthetic QA proof promotion.

Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.
02

workflow run ID

Required for retained synthetic QA proof promotion.

Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.
03

workflow run URL

Required for retained synthetic QA proof promotion.

Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.
04

execution timestamp

Required for retained synthetic QA proof promotion.

Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.
05

synthetic target ID

Required for retained synthetic QA proof promotion.

Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.
06

created safe object UUID

Required for retained synthetic QA proof promotion.

Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.
07

packet audit event UUID

Required for retained synthetic QA proof promotion.

Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.
08

token disposal attestation

Required for retained synthetic QA proof promotion.

Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.
09

packet SHA-256

Required for retained synthetic QA proof promotion.

Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.
10

protected workspace audit visibility

Required for retained synthetic QA proof promotion.

Do not add secrets, PHI, clinical records, approvals, contracts, or payer data.

Blocked claims

Retained QA proof improves diligence; it does not unlock production clinical authority.

01authenticated QA completed without a retained protected packet hash
02bearer token retained as evidence
03PHI processed or validated
04live clinical care authorized
05security certification completed
06compliance certification completed
07reimbursement outcome guaranteed
08production connector approved
09autonomous diagnosis or treatment authorized