TrialCore audit boundary
TrialCore Denied Execution Audit Boundary
The denied execution audit boundary is metadata-only and explicitly excludes request bodies, patient identifiers, clinical free text, and connector payloads until execution-attempt, persistence, and privacy models are approved.
Evidence headers
/api/workflows/governed-execution/trialcore-eligibility-review-queue
01x-scrimed-guard: deny-by-default
02x-scrimed-audit-event: workflow.execution.denied
03x-scrimed-workflow: trialcore-eligibility-review-queue
04x-scrimed-body-handling: not-parsed
05x-scrimed-execution-mode: attempt-creation-disabled
06x-scrimed-idempotency: decision-required
Capture policy
persistence-decision-required
Durable audit storage, retention policy, access review, execution-attempt idempotency, and incident response ownership must be approved before governed execution moves beyond deny-by-default.
01workflow slug
02guarded endpoint
03HTTP method
04denied response code
05runtime mode
06contract route
07readiness route
08attempt readiness route
09request trace id when supplied in headers
10idempotency decision state
request body
Excluded from denied execution audit metadata until an approved privacy and persistence model exists.
patient identifiers
Excluded from denied execution audit metadata until an approved privacy and persistence model exists.
clinical free text
Excluded from denied execution audit metadata until an approved privacy and persistence model exists.
production connector payloads
Excluded from denied execution audit metadata until an approved privacy and persistence model exists.
authentication secrets
Excluded from denied execution audit metadata until an approved privacy and persistence model exists.
payment or insurance member identifiers
Excluded from denied execution audit metadata until an approved privacy and persistence model exists.