# Verixa — User Requirements Specification

# Module 39A (Addendum): Phase-1 Demo Environment — Segregation & Evaluation Controls

> **Two-document split (matches the HTML flow phases).** **URS-39A (this document)** = Phase-1 Demo Environment. **URS-39B** = Phase-2 verified production build delta. Phase-3 partner validation is governed by the partner's own CSV/CSA. This document governs ONLY the demo/evaluation environment; it does **not** contain GxP production build requirements (those are in URS-39B).

| Field | Value |
|---|---|
| Module ID | URS-39A (Phase-1 Demo Environment; companion to **URS-39B** Phase-2 build; addendum to target-state URS 1–36 + URS-38) |
| Document type | **Demo / evaluation-environment control spec.** Non-GxP. No regulated records are created here. |
| Architecture Bindings | MIRA/AI surfaces in the demo are **advisory only** and clearly labelled "AI-generated". No critical-GMP AI decisioning. No real customer data in AI prompts. |
| Module Owner | Product Owner + DevOps (env) · QA (G-DEMO gate) · Commercial (onboarding) |
| Governed by | `Verixa_Pilot_Execution_Plan_v3_MASTER.md` §1; pilot flow §G-DEMO; June Sprint Plan Rule 2 |
| Demo-ready date | **🔒 HARD-LOCKED: Fri 26-Jun-2026** (commercial commitment). G-DEMO must pass before any external access. |
| Status | **Demo control spec — not a GxP/validation document.** The demo is an **evaluation environment**; it is **NOT** validated, NOT production-verified, NOT a system of record. Verixa never represents the demo as "validated" or "production-verified." |

---

## 0. Document Framing

### 0.1 Purpose
This document defines the controls for the **Phase-1 demo / evaluation environment** used for customer identification and onboarding (June–August). The demo shows all six workflows + MIRA **visually complete** so prospects can evaluate the product, while guaranteeing — through segregation, synthetic data, no record-of-record, and watermarking — that the demo can never be confused with a validated/production system and creates no regulated records. **Demo features may be visually complete (including stubs/mocks) without being production-verified** under URS-39B.

### 0.2 Audience
Product owner, DevOps/infrastructure, QA (for the G-DEMO gate), commercial/onboarding, and prospects evaluating the platform.

### 0.3 Relationship to URS-39B (Phase-2)
URS-39A and URS-39B are intentionally separate. A demo workflow being visible/usable in URS-39A scope does **not** mean it is built or verified under URS-39B. The G-DEMO gate (this document) gates **external demo access**; the per-workflow go-live rule (URS-39B / v3 MASTER) gates **production-verified release**. They are independent gates.

### 0.4 Plain-language primer
The demo is a sandbox to show the product and win the design partner. It must look real and cover all six workflows + MIRA, but it must use only fake data, must never create a real quality record, must be visibly labelled an evaluation, and must be technically separated from any production system.

### 0.5 Conventions
- **Requirement IDs:** `URS-39A-DEMO-<n>`. Acceptance: `AC-39A-<n>`. Test cases: `TC-39A-<n>`.
- **Priority:** MUST (demo cannot be shown externally without it) / SHOULD.
- **Status:** all PLANNED; environment/segregation evidence `Unknown — evidence required` until the G-DEMO gate is executed and signed.

---

## 1. Document Control
| Item | Value |
|---|---|
| Version | 0.1 Draft |
| Date | 2026-05-31 |
| Companion | URS-39B (Phase-2 verified production build) |
| Approval (target) | Product Owner + QA (G-DEMO) + Founder |

---

## 2. Scope

### 2.1 In scope
The segregated demo/evaluation environment and its controls; demo content covering all six workflows (Document Control, Deviation, RCA, CAPA, Inspection Readiness, Findings) + the MIRA copilot, presented for evaluation; the G-DEMO segregation gate.

### 2.2 Out of scope
All GxP production build requirements (→ URS-39B); validation/verification of any workflow; creation of any regulated record; use of real customer/production data; any claim of "validated" or "production-verified" for the demo; migration of demo data into production (prohibited unless a controlled validated plan exists).

---

## 3. Demo Environment Requirements

- **URS-39A-DEMO-1 (MUST):** The evaluation environment **shall** be segregated from any production system — **separate tenant and separate infrastructure** (separate database/storage; no shared production data plane).
- **URS-39A-DEMO-2 (MUST):** The demo **shall** use **synthetic / demo data only**. No customer data and no production data shall be present.
- **URS-39A-DEMO-3 (MUST):** **No customer GxP record (record-of-record) shall be created** in the demo environment. Demo actions produce **demo artefacts only**, never a regulated record. **Technical definition:** a row/object created via normal app use in the demo is a *demo artefact (not a GxP record)* **only if** it (a) is created in the evaluation environment, (b) uses synthetic data, (c) is watermarked, (d) is excluded from production migration, (e) is excluded from G-7 evidence, and (f) is not used for any regulated decision. If any condition fails, it must be treated as a regulated record (which the demo must prevent).
- **URS-39A-DEMO-4 (MUST):** Every demo screen **shall** display a persistent, visible watermark/banner: **"Evaluation — not for GxP records."**
- **URS-39A-DEMO-5 (MUST):** **External demo access shall be permitted only after the G-DEMO segregation gate (§4) is QA-signed.** Internal preparation may proceed earlier.
- **URS-39A-DEMO-6 (MUST):** **Demo data shall not be migrated into production** unless governed by a separate, controlled, validated migration plan.
- **URS-39A-DEMO-7 (MUST):** The demo **shall not** be represented (verbally, in UI, or in collateral) as "validated," "production-verified," "Part 11 compliant," or "audit-ready." Demo completeness ≠ production-verified.
- **URS-39A-DEMO-8 (MUST):** MIRA/AI in the demo **shall** be advisory, clearly labelled "AI-generated," and operate on synthetic data only; no real customer/PHI/PII data shall be placed in AI prompts.
- **URS-39A-DEMO-9 (SHOULD):** Demo accounts **shall** be demo-only (no production credentials); demo data reset/refresh is permitted and shall not affect any production system.
- **URS-39A-DEMO-10 (MUST):** Demo content **shall** cover all six workflows + MIRA sufficiently for onboarding by the **hard-locked 26-Jun-2026** date; stubs/mocks are acceptable for not-yet-built backend paths, provided DEMO-1..8 hold.

**Acceptance:** `AC-39A-1` env segregation + synthetic-only + no-record-of-record verified by QA at G-DEMO; `AC-39A-2` watermark present on every demo screen; `AC-39A-3` no external access before signed G-DEMO; `AC-39A-4` MIRA outputs labelled, synthetic-only; `AC-39A-5` all six + MIRA demoable by 26-Jun.

**Tests:** `TC-39A-1` environment segregation (separate tenant/infra; no production data plane); `TC-39A-2` watermark present on all screens; `TC-39A-3` attempt to create a GxP record-of-record fails/produces demo-only artefact; `TC-39A-4` external access blocked pre-G-DEMO; `TC-39A-5` MIRA prompt/response uses synthetic data and is labelled; `TC-39A-6` demo covers all six workflows + MIRA; `TC-39A-7` a demo-created document/deviation/CAPA **cannot** be exported, migrated to production, or referenced in any production evidence pack (G-7).

---

## 4. G-DEMO Segregation Gate (QA-signed, before any external access)

| Gate item | Pass criterion | Status |
|---|---|---|
| Environment segregation | Separate tenant + infrastructure; no production data plane | `Unknown — evidence required` |
| Synthetic data only | No customer/production data present | `Unknown — evidence required` |
| No record-of-record | No regulated record can be created | `Unknown — evidence required` |
| Watermark | "Evaluation — not for GxP records" on every screen | `Unknown — evidence required` |
| MIRA labelled + synthetic | AI outputs labelled; synthetic prompts only | `Unknown — evidence required` |
| Access control | External access disabled until this gate signs | `Unknown — evidence required` |
| **G-DEMO decision** | **Signed by QA before any external demo** | Pending |

**Rule:** the demo date is hard-locked (26-Jun) but the gate is a **hard control** — no external party is given access until G-DEMO is signed. A label alone is insufficient; segregation must be verified.

### 4.1 G-DEMO required evidence inventory (attach before signing)
These are **DevOps/config/infra controls**, not code-only — so G-DEMO requires explicit evidence artefacts (each `Unknown — evidence required` until captured):

| # | Evidence artefact | Owner |
|---|---|---|
| E1 | Demo tenant ID | DevOps |
| E2 | Infra/environment name (separate from production) | DevOps |
| E3 | DB/storage separation evidence (screenshot/export proving no shared production data plane) | DevOps |
| E4 | Synthetic data seed manifest (what data is loaded; confirms no real/customer data) | Product + DevOps |
| E5 | Watermark coverage evidence (component path **and** screen inventory/screenshots proving every screen carries the banner) | Frontend + QA |
| E6 | External-access control evidence (access disabled until gate signed) | DevOps + Security |
| E7 | Confirmation no production credentials are valid in the demo | Security |
| E8 | Confirmation no demo→production data-migration path is enabled | DevOps |
| E9 | QA **G-DEMO sign-off record** (date, signer) | QA |
| E10 | External demo access log showing first external access occurred only **after** QA G-DEMO sign-off | DevOps + QA |

---

## 5. Traceability Matrix

| URS-39A ID | Source/driver | Acceptance | Test | Priority |
|---|---|---|---|---|
| URS-39A-DEMO-1..3 | v3 MASTER §1 / June Sprint Rule 2 | AC-39A-1 | TC-39A-1/3 | MUST |
| URS-39A-DEMO-4 | pilot flow §G-DEMO | AC-39A-2 | TC-39A-2 | MUST |
| URS-39A-DEMO-5 | pilot flow §G-DEMO | AC-39A-3 | TC-39A-4 | MUST |
| URS-39A-DEMO-6 | v3 MASTER (no demo→prod) | AC-39A-1 | (migration review) | MUST |
| URS-39A-DEMO-7 | language guard (never "validated") | AC-39A-3 | (collateral review) | MUST |
| URS-39A-DEMO-8 | ARCH-AI-001 / EU AI Act transparency | AC-39A-4 | TC-39A-5 | MUST |
| URS-39A-DEMO-9 | access control | AC-39A-1 | TC-39A-1 | SHOULD |
| URS-39A-DEMO-10 | hard-locked 26-Jun demo | AC-39A-5 | TC-39A-6 | MUST |

No orphan requirements. The G-DEMO gate (§4) is the QA evidence checkpoint.

---

## 6. What the demo shows (for onboarding) vs what it is NOT
**Shows:** all six workflows + MIRA, visually complete, on synthetic data, for customer identification + onboarding + design-partner LOI. **Is NOT:** validated, production-verified, a system of record, Part 11-controlled, or a basis for any compliance claim. Production-verified release is governed separately by URS-39B + the per-workflow go-live rule.

---

## Boundary Check — URS Expert
| Boundary Check | Result |
|---|---|
| Primary skill used | verixa-full-gxp-ai-eqms-urs-expert |
| Owned deliverable | Phase-1 demo/evaluation environment control spec (URS-39A) |
| Other skills consulted | Head of QA (G-DEMO disposition), Security/Privacy (segregation/isolation adequacy → handoff), AI Validation (MIRA advisory labelling) |
| Out-of-scope items avoided | Production build requirements → URS-39B; validation strategy → CSV/CSA; tenant-isolation adequacy → Security/Privacy; final QA approval → Head of QA |
| Final status | Draft within skill boundary (demo control spec; G-DEMO is a human QA gate) |

## Source Ledger
| Source | Date | Supports | Limitation |
|---|---|---|---|
| Skill: verixa-full-gxp-ai-eqms-urs-expert (loaded) | 2026-05-31 | URS template + demo control structure | Workbench; human review required |
| Governance | `Verixa_Pilot_Execution_Plan_v3_MASTER.md` §1; pilot flow §G-DEMO; June Sprint Plan Rule 2 | Demo segregation controls, hard-locked date | Advisory |
| Regulatory | EU AI Act 2024/1689 (MIRA advisory/limited-risk transparency — RA/legal to confirm article) | verified | AI labelling in demo | Interpretation, not legal opinion |
| Status | Environment segregation / G-DEMO execution | — | `Unknown — evidence required` |

*Demo control spec. The demo is an evaluation environment — NOT validated, NOT production-verified, NOT a system of record. Verixa never claims "validated." Companion: URS-39B (Phase-2 verified production build). Read-only analysis — no Verixa repo files modified.*
