# Verixa — Demo Scenarios & Acceptance Criteria (v2)

**Aligned to:** AI Governance Tiered Model + URS Addenda (URS-16/18/32), 2026-06-10. **Supersedes** the 2026-06-10 v1 scenario file.
**Demo-ready:** 26 June 2026 · **Branch:** `dev-vimal-deploy` · **Tenant:** *Acme Sterile Pharma* (fictional) — Injectable Line 3
**Use:** Single test target. Formal testing validates against the acceptance criteria; if a criterion fails live, the step is cut (never mocked).

> **Why the negative path is the proof:** Verixa's strength is governed AI — and the governance shows in what it *refuses*. The blocks, the never-writes, the immutable provenance, the segregation of duties below are the demo's proof points, and they are exactly what the AI-Output-Segregation patent (P02b) claims.

---

## 0. Controls + AI-governance model (the governing frame)

**Banner (every screen):** *DEMO — synthetic data. Co-design evidence sprint. Not production GxP deployment. Customer validates intended use.*

**AI-governance tiers (what runs in this demo):**
| Tier | Definition | In the demo |
|---|---|---|
| **T0** | Validated deterministic automation (formulas/RPN/SPC) — **not "AI"** | Permitted everywhere; not an AI beat |
| **T1** | Generative AI, advisory, **non-critical** | **Shown** — RCA themes, document review |
| **T2** | Generative AI, advisory, **on/influencing a critical decision** | **OFF by default — not shown** (EU-blocked; US/India validation-gated). Covers generative **deviation classification/severity** (`deviation_classification`), risk score (`risk_ai`), CAPA priority (`capa_prioritization`). CAPA-drafting removed (T3). |
| **T3** | Autonomous generative on a critical decision | **Prohibited — shown as a block** |

**What MIRA does / does not do in this demo:**
| MIRA on… | Behavior | Tier |
|---|---|---|
| RCA | Suggests themes/next-why (advisory, human rewrites) | T1 — shown |
| Document (SOP) | Returns review findings (advisory, human decides each) | T1 — shown |
| Deviation severity/classification | Generative path (`deviation_classification`) is **T2 — disabled by default** (not shown); deterministic keyword classifier is **T0** (labelled rule-based, not AI); static similarity is advisory. Hard prohibition (403) is target-state — confirm/harden. | T2 off / T0 / target-state block |
| CAPA actions | **Does not draft** (`draft_capa` removed; CAPA tables read-only) | T3 prohibited |
| CAPA priority / risk score | **Off** (T2, default-disabled) | T2 — not shown |
| Closing/approving/disposition | **Cannot** | T3 prohibited |

**Users (SoD enforced):** Ravi (Reporter) · Meera (Investigator + RCA/CAPA author) · Anand (Approver/closer).
**Banned phrases:** validated · compliant · audit-ready · inspection-ready · Annex 22-aligned. For India/US cite **21 CFR Part 11 / ALCOA+ / FDA CSA (Feb 2026)**.
**Environment:** say *"demo environment"*, not "segregated."
**Status:** `[BUILT]` live · `[VERIFY]` confirm live in testing.
**Out-of-scope, hidden + routes unreachable:** OOS/OOT, batch disposition, production tenant, MIRA-chat authoring, all T2/T3 surfaces.

---

## 1. DEVIATION — *governed AI: blocked from the risk decision*

**User story:** As **Ravi**, during review of an SOP-execution record on Line 3, I find a step was executed where prerequisite training-evidence wasn't enforced at task start. I raise a documentation/process deviation. (No OOS, no batch, no release.)

### Positive
| ID | Given / When / Then | Proves | Status |
|---|---|---|---|
| AC-DEV-P1 | Ravi creates the deviation with synthetic data; **he selects classification and severity himself** → unique ID, fields persisted, audit entry (actor/role/UTC) | Attributable human-owned classification | [BUILT] |
| AC-DEV-P2 | Ravi requests "similar prior deviations" → **static-deterministic** similarity list, labelled "AI-suggested — requires human review", no LLM call | T0/static advisory permitted in critical path | [VERIFY] |
| AC-DEV-P3 | Anand confirms triage, assigns Meera → recorded; Meera ≠ Ravi satisfied | Governed handoff + SoD | [BUILT] |

### Negative — *the moat*
| ID | Given / When / Then | Proves | Status |
|---|---|---|---|
| AC-DEV-N1 | An attempt to have **generative AI suggest classification/severity/closure** → **`403 DEVIATION_GENAI_PROHIBITED`**, logged | **T3/T2 prohibition: generative AI blocked from critical decision** (URS-16 DEC-16-19; P02b sanitizer) — *the differentiator* | [VERIFY] |
| AC-DEV-N2 | Unauthenticated/`userId`-null create → **401**, no record | ALCOA+ Attributable | [BUILT] |
| AC-DEV-N3 | Ravi (reporter) assigned as investigator → **blocked** (SoD-16-01) | Segregation of duties | [VERIFY] |
| AC-DEV-N4 | Direct edit of a **closed** deviation → **refused** | ALCOA+ Original/Enduring | [VERIFY] |

### Edge
| ID | Given / When / Then | Proves | Status |
|---|---|---|---|
| AC-DEV-E1 | Draft → "open" via status PATCH with incomplete intake → server re-runs full intake gate, blocks | No lifecycle bypass | [VERIFY] |
| AC-DEV-E2 | Client supplies back-dated timestamp → server overrides with `NOW()` UTC | ALCOA+ Contemporaneous | [VERIFY] |
| AC-DEV-E3 | Critical-severity closure without a linked closed CAPA → **blocked** | Risk-proportionate control | [VERIFY] |

**Money-moment:** run **AC-DEV-N1 live** — attempt AI severity → the 403 block. *"Veeva's AI drafts your CAPA plan. Ours is forbidden from the risk decision — and the system enforces it."*

---

## 2. RCA — *T1 advisory: AI assists, human owns the conclusion* `[BUILT]`

**User story:** As **Meera**, I open an RCA, ask MIRA for help, and write the systemic root cause myself.

### Positive
| ID | Given / When / Then | Proves | Status |
|---|---|---|---|
| AC-RCA-P1 | Meera creates an RCA → links to deviation, attributed to Meera | Traceability | [BUILT] |
| AC-RCA-P2 | Meera requests MIRA assist → theme/next-why suggestions, **advisory-labelled**, record unchanged until she acts | T1 HITL; AI never auto-binds (P02b staging) | [BUILT] |
| AC-RCA-P3 | Meera edits to *"the execution-record workflow did not enforce prerequisite training-evidence verification before SOP task execution"* and saves → system stores **MIRA original + Meera's final**, model metadata, `outcome_label = ai_assisted_overridden`, attributed to Meera | **AI suggested, human decided, both traced** (P02b human-decision record) | [BUILT] |
| AC-RCA-P4 | Anand approves (SoD: approver ≠ creator) | Approval governance | [BUILT] |

### Negative
| ID | Given / When / Then | Proves | Status |
|---|---|---|---|
| AC-RCA-N1 | MIRA produced advisory text, no human action → controlled RCA unchanged | HITL integrity | [BUILT] |
| AC-RCA-N2 | Meera (author) attempts to approve own RCA → **blocked** (SoD-17) | SoD | [BUILT] |
| AC-RCA-N3 | `final_quality_approver`-only user attempts RCA approval → **blocked** (needs `rca_lead`) | Authority precision | [VERIFY] |

### Edge
| ID | Given / When / Then | Proves | Status |
|---|---|---|---|
| AC-RCA-E1 | Meera accepts MIRA verbatim → `ai_assisted_accepted`, still attributed to Meera | Provenance on acceptance | [VERIFY] |
| AC-RCA-E2 | Meera **fully discards** MIRA → original AI output retained, `ai_assisted_rejected` | Provenance on rejection (P02b immutable proposal) | [VERIFY] |
| AC-RCA-E3 | AI gateway unavailable → Meera authors RCA manually (`bypass_ai`), workflow proceeds | Manual continuity (ARCH-AI-001) | [VERIFY] |

**Money-moment:** **AC-RCA-P3 + E2 live** — MIRA suggests, Meera rewrites to the systemic cause, both retained even on rejection.

---

## 3. CAPA — *human-authored; AI cannot draft, prioritise, or close*

**User story:** As **Meera**, I author the CAPA myself; **Anand** approves and closes. MIRA has no write/draft/priority role here.

### Positive
| ID | Given / When / Then | Proves | Status |
|---|---|---|---|
| AC-CAPA-P1 | Meera creates a CAPA → links to deviation + RCA, requires source + scope | Traceability chain | [BUILT] |
| AC-CAPA-P2 | Meera **authors the action plan** (training-evidence gate before task start; QA-review the gate; retrain; sample N records) + effectiveness criteria | Human ownership of corrective actions | [BUILT] |
| AC-CAPA-P3 | Anand (≠ author) approves | SoD on approval | [BUILT] |
| AC-CAPA-P4 | Pre-seeded CAPA with elapsed window → Anand performs effectiveness check; result/evidence/date/actor recorded | Effectiveness in-system | [BUILT] |
| AC-CAPA-P5 | Anand closes with e-signature → signer identity, role, meaning, timestamp, linked state | Part 11 §11.50/§11.70 | [BUILT] |

### Negative — *SoD + AI prohibition*
| ID | Given / When / Then | Proves | Status |
|---|---|---|---|
| AC-CAPA-N1 | Meera (author) approves own CAPA → **blocked** | SoD | [BUILT] |
| AC-CAPA-N2 | Meera (author) performs effectiveness check → **blocked** (reviewer ≠ author) | SoD | [VERIFY] |
| AC-CAPA-N3 | Meera (investigator) closes the deviation → **blocked** (closer ≠ investigator) | SoD | [VERIFY] |
| AC-CAPA-N4 | Any AI surface attempts to **write** to `capas`/`capa_action_items`/`capa_effectiveness_checks`/`capa_cascade_items` → **no AI write path** | **GenAI prohibited from CAPA authoring** (URS-18; P02b prohibited-field layer) | [BUILT] |
| AC-CAPA-N5 | MIRA asked to **draft a CAPA action** → **not available** (`draft_capa` removed) | T3 prohibition | [BUILT] |
| AC-CAPA-N6 | MIRA asked to **prioritise / set SLA** → **not available** (T2, default-off) | T2 default-disabled | [BUILT] |
| AC-CAPA-N7 | MIRA asked to **close/disposition/mark-effective** → **not possible** | Human-only disposition | [BUILT] |
| AC-CAPA-N8 | Major or critical CAPA closed without effectiveness verified → **blocked** | Lifecycle gate | [VERIFY] |

### Edge
| ID | Given / When / Then | Proves | Status |
|---|---|---|---|
| AC-CAPA-E1 | Closed CAPA → governed reopen (executive co-sign + reason) appends a new iteration; **prior closed evidence not erased** | ALCOA+ Original/Enduring | [VERIFY] |
| AC-CAPA-E2 | CAPA with no source linkage → **rejected** | Traceability enforced | [VERIFY] |
| AC-CAPA-E3 | Deviation `batch_id` populated → **free-text reference only**, no batch-disposition gate fires | Scope discipline (CC-PILOT-2026-001) | [VERIFY] |

**Severity-tiered closure (unchanged, shown via closure):** minor (closure authority + QA reviewer) · **major (+ practice-lead co-sign + independent QA reviewer, SoD-16-02)** · **critical (+ executive co-sign, DEC-16-21)** — *critical review is mandatory.* (Tenant-configurable major review + AI-conditioned review are URS requirements, default-simple here.)

**Money-moment:** **AC-CAPA-N1 + N3 live** — Meera blocked from approving her own CAPA and from closing the deviation; Anand does both. *"No one judges their own work."* And **AC-CAPA-N5/N6** — MIRA can't draft or prioritise the CAPA.

---

## 4. DOCUMENT CONTROL — *T1 advisory: MIRA reviews your SOP; you own every word* `[BUILT]`

**User story:** As **Meera**, I upload the SOP being revised and ask MIRA to review it; I decide each finding.

### Positive
| ID | Given / When / Then | Proves | Status |
|---|---|---|---|
| AC-DOC-P1 | Meera uploads a synthetic SOP (type=SOP) → controlled document v1 + audit | Document control | [BUILT] |
| AC-DOC-P2 | Meera requests MIRA review → findings (`missing_section`/`ambiguity`/`template_deviation`/`improvement`) + confidence, **advisory** | T1 permitted advisory | [BUILT] |
| AC-DOC-P3 | Meera **accepts/rejects/modifies each** finding → each decision logged | Human-owned review; provenance | [BUILT] |
| AC-DOC-P4 | Meera edits the SOP via authoring/version flow → her edits, new version; **MIRA never edited** | AI assists, human authors | [BUILT] |
| AC-DOC-P5 | Anand (≠ author) e-signs → version history (author/reviewer/approver/effective date) | Part 11 e-sig + version control | [VERIFY] |

### Negative
| ID | Given / When / Then | Proves | Status |
|---|---|---|---|
| AC-DOC-N1 | AI review requested on a **batch record/MBR** → **refused at gate** (`DOC_TYPE_NOT_ALLOWED_FOR_AI_REVIEW`, 422) before any LLM call — *internal test, not buyer walkthrough* | Conservative AI control | [BUILT] |
| AC-DOC-N2 | MIRA findings, no human action → SOP unchanged | HITL integrity | [BUILT] |
| AC-DOC-N3 | Meera (author) approves own revision → **blocked** | SoD on documents | [VERIFY] |
| AC-DOC-N4 | MIRA asked to **approve/reject/supersede** the document or call it compliant → **refused** | Ranking-not-disposition | [BUILT] |

### Edge
| ID | Given / When / Then | Proves | Status |
|---|---|---|---|
| AC-DOC-E1 | Uploaded SOP with **no extractable body text** → review falls back to title+type only, flags weak input | Honesty of AI input (cut step if triggered) | [VERIFY] |
| AC-DOC-E2 | Meera **modifies** a finding then accepts → original AI finding + human-modified both retained | Provenance on modification | [VERIFY] |

**Money-moment:** **AC-DOC-P2→P4 live** — upload SOP, MIRA flags gaps, Meera decides each, Meera edits. *"MIRA finds the gaps; you own every word."*

---

## 5. EVIDENCE PACK — *the governance, made visible (the patented moat)* `[BUILT]`

**User story:** As **Anand**, after closure I generate the evidence pack and open the audit trail in front of the buyer.

### Positive
| ID | Given / When / Then | Proves | Status |
|---|---|---|---|
| AC-EV-P1 | Anand generates the **AI-evidence pack** → assembles **live from records**: every AI suggestion + its **per-inference type (`advisory` / `deterministic`)**, every human accept/edit/reject, model + version, `outcome_label`, with a **content hash** | **"Did AI influence this, was the human the decider?"** answered + sealed — **P02b claims (c),(d),(f)** | [BUILT] |
| AC-EV-P2 | Anand opens the audit trail → actor, role, UTC, before/after, reason, across the full chain | ALCOA+ / Part 11 §11.10(e) | [BUILT] |
| AC-EV-P3 | The pack includes deviation + RCA + CAPA + e-sigs + effectiveness + audit trail + AI-advisory history | Inspection retrieval | [VERIFY] |

### Negative
| ID | Given / When / Then | Proves | Status |
|---|---|---|---|
| AC-EV-N1 | Pack is **not** a pre-baked PDF/static seed — built from current records | Data integrity of the artifact | [VERIFY] |
| AC-EV-N2 | Altering a generated pack → **content hash no longer matches** (tamper-evident) | Cryptographic integrity (P03/P02b) | [VERIFY] |

### Edge
| ID | Given / When / Then | Proves | Status |
|---|---|---|---|
| AC-EV-E1 | Regenerate → new pack, new hash + timestamp; prior pack immutable | Original/Enduring | [VERIFY] |
| AC-EV-E2 | Chain contained a **rejected** AI suggestion → pack shows `ai_assisted_rejected` (what AI proposed vs human decided) | Full AI provenance (P02b immutable proposal) | [VERIFY] |

**Money-moment:** **AC-EV-P1 + E2 live** — generate the sealed pack; show a *rejected* AI suggestion still recorded, and that AI output is tagged advisory-vs-deterministic. *"One click: who decided, what the AI proposed, advisory or deterministic, and proof nothing was tampered with."*

---

## 6. Cross-cutting validations
| ID | Validation | Proves | Status |
|---|---|---|---|
| AC-X-1 | Every mutation writes an audit entry (actor/role/UTC/before-after/reason) | Part 11 §11.10(e) | [BUILT] |
| AC-X-2 | No GxP record created with null/anonymous user (401) | ALCOA+ Attributable | [BUILT] |
| AC-X-3 | Server generates all timestamps (no back-dating) | ALCOA+ Contemporaneous | [VERIFY] |
| AC-X-4 | OOS, batch, production-tenant, and all T2/T3 AI routes **unreachable** in the demo tenant | Scope + tier enforcement | [VERIFY] |
| AC-X-5 | Every AI response carries `advisory: true`; advisory output cannot bind a GxP-critical field | HITL / P02b write-prevention | [BUILT] |
| AC-X-6 | No banned phrase spoken; every spoken claim in the Public Claim Register | Claim control | (process) |

---

## 7. AI-governance demonstration map (what each beat proves)
| Demo beat | Tier / claim proven |
|---|---|
| Deviation 403 block (AC-DEV-N1) | T3/T2 prohibition; P02b forbidden-term sanitizer |
| RCA suggest→rewrite→both logged (AC-RCA-P3/E2) | T1 advisory; P02b human-decision + immutable proposal |
| CAPA no-draft / no-priority / no-close (AC-CAPA-N4–N7) | T3 prohibition; P02b prohibited-field write prevention |
| SoD blocks (AC-CAPA-N1/N3) | Segregation of duties |
| Document review, human owns edits (AC-DOC-P2–P4) | T1 advisory |
| Evidence pack: advisory/deterministic tag + hash seal (AC-EV-P1/N2/E2) | P02b per-inference classifier (f) + evidence pack (c) + tamper-evidence |

This is also your competitive line: **you block generative AI where incumbents enable it, and prove it at the record level** — the position Veeva/MasterControl structurally can't copy.

---

## 8. Demo-pass gate (before any external demo)
A flow enters the live walkthrough only if its `[BUILT]` ACs pass and its `[VERIFY]` ACs are confirmed green in the demo environment. Anything `[VERIFY]` that fails → **cut, narrate as roadmap, never mock.** **QA owns the cut decision; Founder owns the date.** Three dry-runs first: product · QA/validation · hostile-buyer.

**Must-confirm-live before 26 June (load-bearing):**
1. **AC-DEV-N1** — the `403 DEVIATION_GENAI_PROHIBITED` block fires (the moat beat).
2. **AC-CAPA-N1/N3** — SoD blocks fire live with the 3-user setup.
3. **AC-DOC-E1** — uploaded SOP body text reaches the review service.
4. **AC-EV-P1/N2** — evidence pack assembles live, tags advisory/deterministic, and is hash-sealed.
5. **AC-X-4** — OOS/batch and all T2 surfaces are unreachable in the demo tenant.

---

## 9. Buyer-relevance (sales signal, not pass/fail)
- **Deviation block (AC-DEV-N1):** *we forbid AI from the risk decision.*
- **RCA provenance (AC-RCA-P3/E2):** AI assists, human decides, both traced.
- **CAPA (AC-CAPA-N4/N5):** AI cannot author, prioritise, or close a CAPA.
- **Doc review (AC-DOC-P2–P4):** MIRA finds gaps; you own every word.
- **Evidence pack (AC-EV-P1/E2):** one sealed answer to *"did AI touch this, who decided, advisory or deterministic."*

Lead on the **documentation/investigation burden** (felt pain); win on **governed AI + sealed evidence** (the moat — and the patent).

---

*Verixa verifies under its SDLC; the customer validates intended use. Synthetic data only; not based on any real company's records, systems, sites, or personnel. No "validated/compliant" claim.*
