Execution attempt readiness
Governed execution cannot create attempts until idempotency, replay, concurrency, and failure paths are explicit.
SCRIMED keeps executable workflow attempts disabled while the platform defines attempt identity, idempotency, durable state, retry behavior, failure quarantine, runtime-safety handoff, privacy boundaries, and global compliance expectations.
Active replacement
attempt-creation-disabled
Deny-by-default governed execution endpoints remain the active replacement until idempotency, durable attempt storage, concurrency, retry, failure quarantine, runtime-safety handoff, privacy, and regional attempt-compliance decisions are approved.
01Governed execution must not create, persist, retry, replay, or release execution attempts until execution-attempt readiness is approved.
02No executable workflow should create, replay, retry, or release an attempt without a durable idempotency and audit-linked state model.
Attempt envelope
Every future attempt needs stable identity before it can run.
01workflow slug
02contract version
03request trace id
04idempotency key
05tenant reference
06caller identity reference
07patient-context authorization reference
08review owner
09runtime mode
10audit event link
state
received
attempt lifecycle
Future execution requests enter preflight without connector access, workflow mutation, or patient-facing action.state
deduplicated
attempt lifecycle
Idempotency policy decides whether the request is new, replayed, conflicting, expired, or rejected.state
preflight-denied
attempt lifecycle
Current production behavior remains deny-by-default before body parsing or attempt persistence.state
review-required
attempt lifecycle
Human review gates hold clinical, documentation, research, or operational actions before execution.state
approved-for-execution
attempt lifecycle
Only approved, authenticated, authorized, persisted, and traceable attempts can enter execution.state
completed
attempt lifecycle
Completion requires immutable audit linkage, result evidence, reviewer state, and blocked-action retention.state
failed-quarantined
attempt lifecycle
Failures route to quarantine, retry, compensation, or incident review without silent replay.defined
Attempt identity envelope
Trust infrastructure
Require workflow slug, contract version, request trace id, idempotency key, tenant reference, caller identity reference, patient-context authorization reference, review owner, runtime mode, and audit event link before any executable attempt can exist.decision-required
Idempotency key policy
Platform architecture
Approve key generation, uniqueness scope, TTL, replay response, conflict response, expiration behavior, and required client headers for each governed execution route.defined
Attempt state machine
Workflow platform
Use received, deduplicated, preflight-denied, review-required, approved-for-execution, completed, and failed-quarantined states as the reference execution lifecycle.decision-required
Durable attempt store
Platform architecture
Select durable storage for attempt identity, idempotency records, state transitions, review state, trace references, retry counters, and audit linkage.decision-required
Concurrency and lock model
Platform reliability
Define per-workflow, per-tenant, per-patient-context, and per-idempotency-key locking behavior before parallel requests can compete.decision-required
Retry and replay policy
Reliability engineering
Approve retry windows, replay eligibility, deterministic response reuse, retry-after behavior, and operator-visible retry history.decision-required
Failure quarantine and compensation
Trust operations
Define failure categories, quarantine triggers, compensation workflow, escalation owners, incident linkage, and blocked-action retention.decision-required
Rate-limit handoff and misuse throttles
Security operations
Approve the execution-attempt handoff into runtime safety readiness for tenant, user, service, workflow, patient-context, regional, throttle, misuse, and shutdown decisions before executable attempts are accepted.defined
Metadata-only body boundary
Privacy
Keep current denied execution behavior body-free and prohibit request bodies, PHI, clinical free text, connector payloads, secrets, and insurance identifiers from attempt readiness records.decision-required
Regional attempt compliance
Global compliance
Map attempt retention, residency, failover, export, deletion, and legal-hold behavior for the United States, UAE, Saudi Arabia, Kuwait, Nigeria, Kenya, Rwanda, Ghana, and Europe.