Execution attempt readiness
Execution attempts now have a no-PHI envelope contract, replay metadata, and scorecards before execution authority.
SCRIMED keeps protected workflow execution disabled while the platform defines attempt identity, idempotency, durable state, replay behavior, failure quarantine, model-route telemetry, runtime-safety handoff, privacy boundaries, and global compliance expectations.
Active replacement
attempt-creation-disabled
Deny-by-default governed execution endpoints remain the active replacement until idempotency, durable attempt storage, concurrency, retry, failure quarantine, runtime-safety handoff, privacy, and regional attempt-compliance decisions are approved.
Envelope contract
Metadata can be replayed; protected actions still cannot run.
GO for synthetic, metadata-only execution-attempt envelopes, replay evidence, model-route telemetry review, and no-PHI scorecards. NO-GO for live clinical production, PHI, production persistence, protected workflow execution, payer submission, patient outreach, EHR writeback, or production connector use.
Durable store
Attempt metadata now has a tenant-scoped persistence and review path.
GO for migration-ready, tenant-scoped, no-PHI durable execution-attempt metadata, idempotency, replay lookup, and human review disposition APIs. NO-GO for live clinical production, PHI, autonomous workflow execution, production connectors, patient outreach, payer submission, EHR writeback, final billing, or production model routing.
Attempt envelope
Every future attempt needs stable identity before it can run.
prior-auth-evidence-packet
payer-policy-synthesis-human-review-gated; robustness scenarios perfect-chart-conflict-unit-completeness, clinical-copilot-unit-abbreviation-citation
idem_a1b4a5d1b7141182c03dd057 | replay_c1552eead2ab4068b6e0c3dcclinical-documentation-draft-review
clinical-evidence-draft-human-review-gated; robustness scenarios docutwin-noisy-incomplete-draft, ambient-scribe-noise-multilingual-injection
idem_49ff8508346b6770c3dd43ed | replay_54b10f0d1ea07e11625de8e7referral-queue-administrative-summary
administrative-summarization-human-review-gated; robustness scenarios sanar-conflict-temporal-escalation, careexplain-multilingual-education-boundary
idem_6158a14f1292a091335537c7 | replay_ab1d10a31eb91039d9944159organization-policy-route-check
organization-policy-review-human-review-gated; robustness scenarios trialcore-eligibility-temporal-evidence, oncoid-abbreviation-guideline-conflict
idem_1b0731ae05183c88be751df5 | replay_5baa3594a4f08a86eb1a00e7trustops-signal-remediation-review
workflow-planning-human-review-gated; robustness scenarios sanar-conflict-temporal-escalation, clinical-copilot-unit-abbreviation-citation
idem_c457962a73ff77a59c0f5b5f | replay_b8c7009f50d041cc33d9967cexecution-attempt-idempotency-replay
regression
pass-for-synthetic-contract; human review requiredexecution-attempt-no-phi-boundary
synthetic-patient
pass-for-synthetic-contract; human review requiredexecution-attempt-model-route-telemetry
agent-scorecard
pass-for-synthetic-contract; human review requiredexecution-attempt-compute-fabric-binding
agent-scorecard
pass-for-synthetic-contract; human review requiredexecution-attempt-human-review-gate
clinical-safety
pass-for-synthetic-contract; human review requiredexecution-attempt-clinical-robustness-binding
clinical-robustness
pass-for-synthetic-contract; human review requiredexecution-attempt-audit-linkage
evidence-quality
pass-for-synthetic-contract; human review requiredexecution-attempt-protected-capability-denial
adversarial
pass-for-synthetic-contract; human review requiredexecution-attempt-failure-recovery
missing-data
pass-for-synthetic-contract; human review requiredexecution-attempt-context-fingerprint
hallucination-check
pass-for-synthetic-contract; human review requiredClinical Robustness Lab
Adversarial, missing-data, hallucination, evidence-quality, prompt-injection, regression, and clinical-safety scorecards bound to every durable attempt.
Add persisted evaluation datasets and reviewer-calibrated clinical readiness scores before clinical production use.Agent Orchestration Layer
Agent runtime identity, permission lists, denied capabilities, human approval gates, trace ids, and immutable event hooks on every envelope.
Specialty agents remain review-gated until scoped tools, memory hooks, and supervisor policies are approved per tenant.Enterprise MCP Gateway
Tool registry metadata, no connector access, route-level authorization, AAL2 governance session, and immutable audit events before tool use.
OAuth, scoped tokens, revocation endpoints, and tool-level allowlists must be live before MCP tools can operate.Dynamic Model Routing
Provider class, model version placeholder, cost, latency, confidence, fallback provider, and routing rationale are retained for every attempt.
Approved model registry, provider contracts, privacy review, budget limits, and routing observability must be activated.Lazy Capability Loading
Attempt records retain only task-relevant context refs, evidence refs, policy refs, allowed tools, and blocked tools.
Capability loader must enforce retrieval source, memory, model, and tool activation per task before live workflow workers run.Dynamic Few-Shot Engine
Validated example references are treated as evidence-bound retrieval inputs, not generic chain-of-thought prompts.
Persist reviewed examples with outcome, reviewer, specialty, risk level, and source before model execution.Live Steering Engine
Quarantine triggers, human approval gates, failure recovery, and protected-action denial are durable before execution.
Mid-run drift, cost, tool misuse, missing citations, and unsafe conclusion monitors must pause or terminate workers.ReferralOS
Referral queue summary attempts can be persisted as no-outreach metadata and routed to reviewer-held operations handoff.
Provider matching, insurance verification, scheduling, leakage analytics, and closed-loop feedback require approved connectors.Ambient Clinical Workflow
Documentation draft attempts carry clinician-review gates, no chart writeback, no orders, no patient instructions, and no PHI authority.
Conversation capture, note drafting, coding, prior auth, education, follow-up, referral, and medication workflows require human signoff.Research Pipeline Engine
Evidence refs, policy refs, source attribution, confidence, and human review state are preserved for research-like synthesis attempts.
Literature retrieval, contradiction detection, guideline comparison, trial matching, and recommendation review need validated sources.Scientific Agent Toolkit
Specialty-ready metadata lanes can bind oncology, imaging, genomics, trials, public health, and population health evidence cards.
Each scientific agent needs retrieval verification, citation checks, evidence grading, and accountable human review.Edge / Private AI Architecture
No-PHI and no-connector authority headers keep private deployment and local inference lanes distinct from public metadata evidence.
Local inference, speech, vision, imaging, FHIR gateway, knowledge graph, offline mode, and data-residency controls must be tenant approved.MLOps / AIOps Foundation
Attempt contract version, model route telemetry, scorecards, trace ids, replay tokens, and review dispositions create a registry-ready spine.
Prompt registry, model registry, evaluation datasets, reviewer queues, CI evals, regression detection, and rollback support must be connected.Security and Compliance
Least privilege, RLS deny-all tables, PHI guards, immutable events, no secrets, retention, regional tags, and fail-closed protected routes.
HIPAA program artifacts, BAAs/DPAs, secret scanning, SBOM, exploitability review, consent, and residency controls require external review.Progressive Delivery
Migration-ready store, canary rollout plan, protected fail-closed routes, health checks, and rollback-oriented hard stops.
Feature flags, staged tenant rollout, blast-radius controls, dashboards, and rollback drills must pass before broader activation.Observability
Model, prompt boundary, tool plan, latency budget, token/cost placeholders, confidence, reviewer outcome, clinical risk, and PHI risk are retained.
Live telemetry streams and dashboards must connect costs, latency, token use, hallucination risk, reviewer outcome, and escalation events.received
attempt lifecycle
Future execution requests enter preflight without connector access, workflow mutation, or patient-facing action.deduplicated
attempt lifecycle
Idempotency policy decides whether the request is new, replayed, conflicting, expired, or rejected.preflight-denied
attempt lifecycle
Current production behavior remains deny-by-default before body parsing or attempt persistence.review-required
attempt lifecycle
Human review gates hold clinical, documentation, research, or operational actions before execution.approved-for-execution
attempt lifecycle
Only approved, authenticated, authorized, persisted, and traceable attempts can enter execution.completed
attempt lifecycle
Completion requires immutable audit linkage, result evidence, reviewer state, and blocked-action retention.failed-quarantined
attempt lifecycle
Failures route to quarantine, retry, compensation, or incident review without silent replay.Attempt identity envelope
Trust infrastructure
Require workflow slug, contract version, request trace id, idempotency key, tenant reference, caller identity reference, patient-context authorization reference, review owner, runtime mode, and audit event link before any executable attempt can exist.Idempotency key policy
Platform architecture
Approve key generation, uniqueness scope, TTL, replay response, conflict response, expiration behavior, and required client headers for each governed execution route.Attempt state machine
Workflow platform
Use received, deduplicated, preflight-denied, review-required, approved-for-execution, completed, and failed-quarantined states as the reference execution lifecycle.Durable attempt store
Platform architecture
Select durable storage for attempt identity, idempotency records, state transitions, review state, trace references, retry counters, and audit linkage.Concurrency and lock model
Platform reliability
Define per-workflow, per-tenant, per-patient-context, and per-idempotency-key locking behavior before parallel requests can compete.Retry and replay policy
Reliability engineering
Approve retry windows, replay eligibility, deterministic response reuse, retry-after behavior, and operator-visible retry history.Failure quarantine and compensation
Trust operations
Define failure categories, quarantine triggers, compensation workflow, escalation owners, incident linkage, and blocked-action retention.Rate-limit handoff and misuse throttles
Security operations
Approve the execution-attempt handoff into runtime safety readiness for tenant, user, service, workflow, patient-context, regional, throttle, misuse, and shutdown decisions before executable attempts are accepted.Metadata-only body boundary
Privacy
Keep current denied execution behavior body-free and prohibit request bodies, PHI, clinical free text, connector payloads, secrets, and insurance identifiers from attempt readiness records.Regional attempt compliance
Global compliance
Map attempt retention, residency, failover, export, deletion, and legal-hold behavior for the United States, UAE, Saudi Arabia, Kuwait, Nigeria, Kenya, Rwanda, Ghana, and Europe.Protected authority remains blocked
boundary
No live patient data or production PHI in envelope input, traces, scorecards, docs, or fixtures.Protected authority remains blocked
boundary
No autonomous diagnosis, treatment, prescribing, clinical triage, patient instruction, or patient outreach.Protected authority remains blocked
boundary
No payer submission, claim submission, final coding, billing action, appeal filing, or reimbursement assurance.Protected authority remains blocked
boundary
No EHR writeback, record mutation, connector write, production connector call, or customer go-live action.Protected authority remains blocked
boundary
No production model routing without approved provider terms, privacy/security review, telemetry, fallback, and human review.Protected authority remains blocked
boundary
No durable production execution store claim until tenant-scoped storage, idempotency TTL, locking, retry, and regional retention are approved.