# Verixa — Client Demo Scenario + End-User Acceptance Criteria (6 + 1 Workflows)

**Date:** 2026-06-10 · **Demo-ready:** 26 June 2026 · **Branch:** `dev-vimal-deploy`
**Demo tenant:** *Acme Sterile Pharma* (fictional) — Injectable Line 3 · synthetic data only.
**Workflows:** (1) Document Control · (2) Deviation · (3) RCA · (4) CAPA · (5) AI Governance Evidence · (6) Inspection Readiness · **+ MIRA (advisory)**.
**Status legend:** `[BUILT]` live · `[VERIFY]` confirm live in formal testing · `[TARGET]` target-state (build pending; narrate as roadmap, never mock).

**Code+URS verification (this revision):** every AC below reconciled against `dev-vimal-deploy` @ `cc6e6157` + Target-State URS. Five controls were **demoted to `[TARGET]` on verification** because the code is behind the URS or the claim overstates the system: **DV-11** (major practice-lead co-sign — service method exists but no HTTP route), **RC-9** (3-person RCA — approver ≠ closer not enforced; RCA close has no e-sig), **CA-13** (CAPA item-level reviewer-signed completion — not built), **DC-11** (doc effectivity by a person ≠ approver — not enforced), **IR-6** (scorecard UI ≠ formula, a DEC-22-09 non-conformance). Full evidence: `Verixa_Demo_Flow_Claim_vs_Code_vs_URS.html`.

**AI-governance one-liner (governs every workflow below):** Generative AI is **advisory only** in permitted (non-critical) paths, **never writes** a GxP record, and is **blocked by default** from critical decisions (severity, CAPA priority/drafting, disposition, closure, signature). The human with the right authority always decides; implemented AI suggestions and human decisions are logged in the available evidence chain, and complete regulated AI provenance is target-state until the governance build closes. Autonomous AI on critical decisions is **non-relaxably prohibited** (the full T3 hard-block is target-state until verified).

---

# PART A — Client-facing demo scenario (what we present)

**Banner on every screen:** *DEMO — synthetic data. Co-design evidence sprint. Not a production GxP deployment. Customer validates intended use.*

**Cast (3 users — segregation of duties is enforced, so one person cannot do every step):**
- **Ravi** — QA Reporter
- **Meera** — QA Investigator + RCA/CAPA author
- **Anand** — QA Approver / authorized closer

**The story (one continuous thread):**
1. **Deviation.** Ravi reviews an SOP-execution record on Line 3 and finds a step was executed before the required training-evidence was on record. He raises a documentation/process deviation, **selects the classification and severity himself**, and submits. *We show: a fully attributable record, and that the AI is **not allowed** to set severity.*
2. **RCA.** Meera opens an RCA, asks **MIRA** for help, and MIRA suggests investigation themes (**advisory, labelled**). Meera rewrites it to the real, **systemic** root cause — "the workflow didn't enforce training-evidence before task start." *We show: AI assists, the human decides, and the system keeps **both** the AI suggestion and the human's final text.*
3. **CAPA.** Meera **authors the corrective actions herself** (MIRA does not draft them) and sets effectiveness criteria. *We show the segregation blocks live: Meera cannot approve her own CAPA, and cannot close the deviation — Anand does both.*
4. **Document Control.** Meera uploads the revised SOP and asks **MIRA to review** it; MIRA flags gaps (missing sections, ambiguities); Meera decides on each and makes the edits herself; Anand e-signs the approval.
5. **AI Governance Evidence.** Anand generates the **hash-sealed evidence pack** — one click that seals the available records (who decided, what the AI proposed, advisory vs deterministic) and is tamper-evident. *Complete regulated AI provenance (model ID/version on every suggestion) is target-state until the governance build closes — we narrate that, we don't claim it live.*
6. **Inspection Readiness.** Anand assembles the inspection evidence — the full deviation → RCA → CAPA → e-signatures → audit trail — ready for an auditor.

**The three things a Head of Quality remembers (inspection-safe):**
1. *"AI cannot set or write critical GMP values. A qualified human decides, and the record proves who."*
2. *"AI assists only in permitted advisory paths. Controlled exceptions are customer-approved, signed, scoped, expiring, and audit-trailed."*
3. *"The evidence pack shows available AI suggestions, human decisions, overrides, and tamper evidence; complete regulated AI provenance is target-state until the governance build is closed."*

**Short sales line:** *"AI assists. Humans decide. Critical AI use requires a signed customer exception. T3 autonomy is a non-relaxable product prohibition."*

---

# PART B — End-user acceptance criteria (per workflow)

Format: **When** a user does X (with / without the required authority), **then** Y. Authority-role negatives are first-class (your "New Document disabled without role" example).

---

## 1. Document Control `[BUILT]`

| # | When (user action / role) | Then (expected) | AI-governance note | Status |
|---|---|---|---|---|
| DC-1 | User opens Document Control with `documents:create` | "New Document" is **enabled** and opens the form | — | [BUILT] |
| DC-2 | User **without** `documents:create` opens Document Control | "New Document" is **disabled** (greyed, not clickable) | — | [BUILT] |
| DC-3 | User uploads an SOP (type = SOP) | Document stored as controlled v1; audit entry (who/when) | — | [BUILT] |
| DC-4 | User clicks "MIRA Review" on the SOP | MIRA returns **advisory findings** (missing section / ambiguity / template deviation / improvement) + confidence, clearly labelled advisory | MIRA never edits the document (T1) | [BUILT] |
| DC-5 | User accepts / rejects / modifies a finding | Each decision is **logged** (original AI finding + human decision) | Provenance | [BUILT] |
| DC-6 | User edits the SOP after review | New version created; edits attributed to the **human** | AI assists, human authors | [BUILT] |
| DC-7 | Author attempts to approve their **own** document | **Blocked** (approver ≠ author, SoD) | — | [VERIFY] |
| DC-8 | Approver (with authority) e-signs | Approval recorded with signer identity, meaning, timestamp, version link; version history shows author/reviewer/approver | Part 11 e-sig | [VERIFY] |
| DC-9 | User requests MIRA review on a **batch record / MBR** | **Refused at gate** ("AI review not permitted for this document type") before any AI call | Conservative control (internal test, not buyer walkthrough) | [BUILT] |
| DC-10 | Uploaded SOP has no extractable body text | Review flags weak input (title+type only), does not silently "review" empty content | Honesty of AI input | [VERIFY] |
| DC-11 | The **effective date** is set by a document controller who **must differ from the approver** | Separate make-effective e-sign step **is real** (`document_publisher` authority) — but **publisher ≠ approver is not enforced**, and there is **no `document_controller` authority**. URS-12 treats effective as date-driven. | URS-12 §0.5 | **[TARGET]** — show the separate make-effective step; don't claim a forced different person |

## 2. Deviation `[BUILT]`

| # | When (user action / role) | Then (expected) | AI-governance note | Status |
|---|---|---|---|---|
| DV-1 | User with `deviations:create` opens Deviations | "New Deviation" **enabled**; form opens | — | [BUILT] |
| DV-2 | User **without** `deviations:create` | "New Deviation" **disabled** | — | [BUILT] |
| DV-3 | User creates a deviation; **selects classification + severity** | Unique ID issued; fields saved; audit entry | **Human owns severity** | [BUILT] |
| DV-4a | User attempts to invoke generative deviation classification/severity when T2 is not enabled | Request is **blocked** because `deviation_classification` is OFF by default | T2 default-off | [VERIFY] |
| DV-4b | Any generative AI attempts to autonomously set classification, severity, disposition, closure, or signature | **Refused** by non-relaxable T3 hard block (`DEVIATION_GENAI_PROHIBITED`); attempt audited | T3 prohibited | [TARGET] |
| DV-5 | User requests "similar prior deviations" | **Static, rule-based** similarity list, labelled **"rule-based suggestion — requires human review"**, no LLM | T0 deterministic / not AI-labelled | [VERIFY] |
| DV-6 | Unauthenticated / no-user create attempt | **401** — no record created | No anonymous writes | [BUILT] |
| DV-7 | Reporter is assigned as investigator | **Blocked** (investigator ≠ reporter, SoD) | — | [VERIFY] |
| DV-8 | Triage confirmed by user with classification authority; investigator assigned | Recorded; deviation enters investigation | — | [BUILT] |
| DV-9 | User edits a **closed** deviation field directly | **Refused** (post-closure immutability) | ALCOA+ Original | [VERIFY] |
| DV-10 | Close **minor** | Closure authority + QA reviewer e-sign | — | [BUILT] |
| DV-11 | Close **major** | + practice-lead co-sign + independent QA reviewer (reviewer ≠ investigator) | URS-16 §0.6 | **[TARGET]** — `majorCoSign()` exists but **no HTTP route** wired; narrate, don't demo live |
| DV-12 | Close **critical** | + **executive co-sign**; requires a linked closed CAPA | Critical review mandatory | [BUILT] |
| DV-13 | A generative AI advisory output influences a major or critical classification under an approved T2 exception | **Independent QA review is mandatory**; reviewer ≠ classifier/investigator | AIG-DEV-5; AI-conditioned review | [TARGET] |

## 3. RCA `[BUILT]`

| # | When (user action / role) | Then (expected) | AI-governance note | Status |
|---|---|---|---|---|
| RC-1 | User with `rcas:create` on a deviation | "Start RCA" **enabled**; RCA links to the deviation | — | [BUILT] |
| RC-2 | User **without** `rcas:create` | "Start RCA" **disabled** | — | [BUILT] |
| RC-3 | User requests MIRA assist | MIRA suggests theme/next-why prompts, **advisory-labelled**; the RCA record is **unchanged** until the human acts | T1 advisory; never auto-writes | [BUILT] |
| RC-4 | User edits MIRA's suggestion to the systemic cause and saves | System stores **MIRA original + human final**, model/version metadata, timestamp; record attributed to the **human** | Provenance (override logged) | [BUILT] |
| RC-5 | User fully discards MIRA's suggestion | MIRA's original output is **still retained** (provenance), marked rejected | Provenance on rejection | [VERIFY] |
| RC-6 | RCA creator attempts to approve their **own** RCA | **Blocked** (approver ≠ creator, SoD) | — | [BUILT] |
| RC-7 | Approver with `rca_lead` authority approves | Approval recorded | Authority precision | [BUILT] |
| RC-8 | AI gateway unavailable | User can still author RCA manually; workflow proceeds | Manual continuity | [VERIFY] |
| RC-9 | A **third** distinct user (approver ≠ closer) is required to close the RCA | Code enforces drafter ≠ approver **and** drafter ≠ closer only — **approver ≠ closer is not enforced** (a 2-user RCA passes), and RCA close has **no e-signature** ("administrative cleanup"). URS-17 mandates only SoD-17-01 creator ≠ approver. | Code/URS = 2-user SoD | **[TARGET]** — do not demo a forced 3-person RCA |

## 4. CAPA `[BUILT]`

| # | When (user action / role) | Then (expected) | AI-governance note | Status |
|---|---|---|---|---|
| CA-1 | User with `capas:create` from an approved RCA | "Create CAPA" **enabled**; CAPA links to deviation + RCA | — | [BUILT] |
| CA-2 | User **without** `capas:create` | "Create CAPA" **disabled** | — | [BUILT] |
| CA-3 | User authors the action plan + effectiveness criteria | Saved under the **human's** authorship | Human owns actions | [BUILT] |
| CA-4 | User asks MIRA to **draft the CAPA action** | **Not available** (`draft_capa` removed) | T3 prohibited | [BUILT] |
| CA-5 | User asks MIRA to **set priority / SLA** | **Not available** (T2 feature, OFF by default) | T2 default-off | [BUILT] |
| CA-6 | Any AI surface attempts to **write** to a CAPA table | **No AI write path** (`capas`, `capa_action_items`, `capa_effectiveness_checks`, `capa_cascade_items`) | Never-write floor | [VERIFY] |
| CA-7 | Author attempts to approve their **own** CAPA | **Blocked** (approver ≠ author, SoD) | — | [BUILT] |
| CA-8 | Author attempts the effectiveness check | **Blocked** (reviewer ≠ author, SoD) | — | [VERIFY] |
| CA-9 | Approver (≠ author) approves; effectiveness check performed (reviewer ≠ author) | Recorded with evidence/date/actor | — | [BUILT] |
| CA-10 | Closer (≠ author) closes with e-signature | Signer identity, meaning, timestamp, state link recorded | Part 11 e-sig | [BUILT] |
| CA-11 | User asks MIRA to **close / disposition / mark-effective** a CAPA | **Not possible** | Human-only disposition | [BUILT] |
| CA-12 | Close attempted before effectiveness verified | **Blocked** (lifecycle gate) | — | [VERIFY] |
| CA-13 | A separate reviewer (≠ assignee) **reviews + signs each action item's** completion | `capa_action_items` has `owner_id` only — **no reviewer field, no item-level SoD, no item e-sig** (mig 076); any permitted user can complete an item. URS-18 §1 wants reviewer-signed completion. | URS-18 §1 | **[TARGET]** — item-level reviewer not built; demo CAPA-level SoD instead |

## 5. AI Governance Evidence (evidence pack) `[BUILT]`

| # | When (user action / role) | Then (expected) | AI-governance note | Status |
|---|---|---|---|---|
| EV-1a | User with evidence-pack authority generates the pack | Pack is **assembled live from available records** and hash-sealed | Evidence pack generation | [BUILT] |
| EV-1b | Pack includes **every** regulated AI suggestion with type (advisory/deterministic), model ID/version, prompt/output hash, confidence, accept/edit/reject, reviewer, override reason, and final-record link | Completeness check passes; missing provenance fails the pack or marks it blocked | Provenance floor (LLM-audit + model-id fixes pending) | [TARGET] |
| EV-2 | User **without** authority | "Generate evidence pack" **disabled** | — | [VERIFY] |
| EV-3 | User opens the audit trail | Shows actor, role, UTC, before/after, reason, across the full chain | Part 11 §11.10(e) | [BUILT] |
| EV-4 | Pack contents are altered | Stored **content hash no longer matches** (tamper-evident) | Cryptographic integrity | [VERIFY] |
| EV-5 | A rejected AI suggestion existed in the chain | Pack shows it marked **rejected** (what AI proposed vs what the human decided) | Full provenance | [VERIFY] |
| EV-6 | Pack is regenerated | New pack, new hash + timestamp; prior pack immutable | Original/Enduring | [VERIFY] |
| EV-7 | A generative AI call ran without LLM audit (regulated mode) | Call **fails closed** (`LLM_AUDIT_REQUIRED`); pack never shows a generative call without its audit record | Provenance floor | [TARGET] |

## 6. Inspection Readiness `[VERIFY]`

| # | When (user action / role) | Then (expected) | AI-governance note | Status |
|---|---|---|---|---|
| IR-1 | User with inspection-readiness authority opens the module | "Generate readiness pack" **enabled** | — | [VERIFY] |
| IR-2 | User **without** authority | Action **disabled** | — | [VERIFY] |
| IR-3 | User generates the inspection pack for the closed deviation/CAPA | Assembles deviation + RCA + CAPA + e-signatures + effectiveness check + audit trail + AI-advisory history | Inspection retrieval | [VERIFY] |
| IR-4 | User exports the pack | Controlled export; metadata + signatures manifested; export audited | Controlled output | [VERIFY] |
| IR-5 | An out-of-scope module (OOS / batch) is requested in the demo tenant | **Unreachable** (hidden / not-found) | Scope discipline | [VERIFY] — permission-gated (`oos:read`/`batch:read`); demo persona must lack the perm |
| IR-6 | The on-screen scorecard **component breakdown reconciles to the overall score** ("answer to the decimal") | UI renders **5 legacy components @ 25/20/25/15/15**; the engine computes the score from **8 v1.2 components** — the breakdown does **not** sum to the headline. DEC-22-09 requires frontend-contract alignment. | URS-22 DEC-22-09 | **[TARGET]** — URS non-conformance; do **not** demo "answer to the decimal" until UI shows the 8 v1.2 components |

## 7. MIRA (the +1 — advisory engine) `[BUILT]`

| # | When (user action / role) | Then (expected) | AI-governance note | Status |
|---|---|---|---|---|
| MI-1 | User opens MIRA chat | MIRA answers questions / assists; clearly an **advisory copilot** | T1 | [BUILT] |
| MI-2 | MIRA attempts to modify a domain record | **Cannot** — MIRA never writes to records (it only suggests) | Never-write floor | [BUILT]* — **static-scan verified** (no AI write to any core register); OQ negative-tests pending, so phrase as "verified by code scan," not "proven" |
| MI-3 | User asks MIRA in chat to **draft a CAPA action / set severity / write a disposition** | Output is **blocked or routed** by the sanitizer — it does **not** return ungoverned record-ready controlled text | Sanitizer ON by default | [TARGET] |
| MI-4 | User asks MIRA to **explain** an RCA concept or summarise non-critical themes | **Allowed** (educational / non-record advisory) | T1, not over-blocked | [BUILT] |
| MI-5 | MIRA provides RCA themes / document-review findings | **Advisory, labelled**; human accepts/edits/rejects; every suggestion + decision logged | Permitted advisory, provenance | [BUILT] |
| MI-6 | A tenant has **not** approved a controlled exception and asks MIRA to draft controlled content | **Blocked** (T2 default-off) | Controlled exception required | [TARGET] |
| MI-7 | A tenant **with** an approved, unexpired exception uses chat-assisted drafting | Draft appears **only** as a provenance-logged tracked suggestion in the relevant editor — never free chat text | Governed routing; never-write + provenance still apply | [TARGET] |
| MI-8 | An EU-aligned tenant attempts to enable MIRA critical-decision drafting | **Hard-gated warning + blocked** (`T2_EU_GMP_BLOCKED`); attempt audited | Region gate | [TARGET] |

---

## 8. AI Critical-Use Exception — Admin / Governance Flow `[TARGET]`
*(Separate admin flow; not one of the 6+1 end-user workflows. Target-state — narrate, do not demo as live.)*

| # | When (admin action) | Then (expected) | AI-governance note | Status |
|---|---|---|---|---|
| AG-1 | Tenant admin attempts to enable a T2 feature without an approved exception | Enablement **blocked**; feature remains OFF | T2 is not a toggle | [TARGET] |
| AG-2 | EU-aligned tenant attempts T2 enablement | Hard-gated warning shown; default outcome `T2_EU_GMP_BLOCKED`; attempt audited | AIG-9 | [TARGET] |
| AG-3 | Customer proceeds after warning | System creates a **controlled exception record**: region basis, intended use, feature scope, affected modules, reason, effective date, expiry/review date, customer risk-acceptance | AIG-7 electronic record | [TARGET] |
| AG-4 | QA, Regulatory, and Executive approvers e-sign | **Three discrete signatures** linked to the exception record version, with signature meaning, timestamp, signer identity | Part 11 / Annex 11 | [TARGET] |
| AG-5 | Exception reaches effective state | T2 feature available **only** within approved scope and **only** as advisory, never-write | Controlled exception | [TARGET] |
| AG-6 | Exception expires | T2 feature **auto-disables**; re-approval required | Periodic review / expiry | [TARGET] |
| AG-7 | Scope, region, intended use, or feature list changes | Prior approval no longer authorizes use; **new version + re-signature** required | Change control | [TARGET] |
| AG-8 | Attempted direct toggle change bypassing the exception workflow | **Blocked and audited** | No config bypass | [TARGET] |

---

## Demo readiness — what must be confirmed live before 26 June
The load-bearing `[VERIFY]` items: **DV-4a** (severity AI off by default), **DV-7 / CA-7 / CA-8** (SoD blocks fire live with the 3-user setup), **DC-10** (uploaded SOP text reaches review), **EV-1a / EV-4** (evidence pack assembles live + hash-sealed), **IR-5** (OOS/batch unreachable). Anything that fails live is **cut from the walkthrough and narrated as roadmap — never mocked.** QA owns the cut; Founder owns the date.

Target-state items **DV-4b**, **EV-1b**, **EV-7**, **MI-3**, **MI-6/7/8**, and **AG-1…AG-8** shall **not** be demonstrated as live unless implemented and verified — narrate as roadmap only. Full execution detail (deterministic users, seeded records, navigation, evidence capture, owners, pass/fail rules, runbook, go/no-go) is in the companion **Verixa Demo Execution Test Pack — 6+1 Workflows**.

## What is target-state (narrate as roadmap, not demonstrated as live)
The controlled-exception enablement (MI-6/7/8, **AG-1…AG-8**), the chat sanitizer (MI-3), the T3 hard-prohibition (DV-4b), the AI-conditioned review (DV-13), and **evidence-pack provenance completeness (EV-1b, EV-7)** are **target-state** per the AI-governance build. For the 26 June demo, MIRA operates only in its permitted advisory paths (RCA themes, document review) and is simply **off** for the critical/drafting paths — which is the correct default.

**Demo-prompt discipline:** for the 26 June demo, **do not ask MIRA to draft CAPA actions, severity, or disposition** unless the sanitizer + gated-routing build is confirmed live. If not confirmed, narrate it as target-state and keep all demo prompts inside permitted advisory paths (RCA themes, document-review findings).

---

*Verixa verifies under its SDLC; the customer validates intended use. Synthetic data only; not based on any real company's records, systems, sites, or personnel. No "validated / compliant" claim.*
