# Verixa Phase-1A — Demo Scenarios & Acceptance Criteria (User Perspective)

**Date:** 2026-06-10 · **Owner:** Vimal (Founder) · **Demo-ready milestone:** 26 June 2026
**Branch under test:** `dev-vimal-deploy` · **Tenant:** *Acme Sterile Pharma* (fictional) — Injectable Line 3
**Purpose:** The single test target for Phase-1A. Formal testing validates against the acceptance criteria below; if a criterion fails live, the step is cut from the running demo (never mocked).

> **Why positive + negative + edge:** Verixa's strength is not the happy path — every QMS has one. Verixa's claims are *proven by what it refuses to do*: it blocks generative AI from quality decisions, blocks segregation-of-duties violations, blocks back-dating, blocks AI from writing GxP records, and preserves provenance of every AI suggestion and human override. The **negative and edge cases below are the demo's proof points.**

---

## 0. Controls, conventions, status

**Banner (every screen):** *DEMO — synthetic data. Co-design evidence sprint. Not production GxP deployment. Customer validates intended use in their environment.*

**Users (segregation-of-duties is server-enforced — one user cannot do every step):**
| User | Role | Authority |
|---|---|---|
| **Ravi** | QA Reporter | creates deviations |
| **Meera** | QA Investigator + RCA/CAPA author | investigates, authors RCA + CAPA |
| **Anand** | QA Approver / authorized closer | triage, RCA/CAPA approval, effectiveness review, closure |

**Banned phrases (no speaker uses):** validated · compliant · audit-ready · inspection-ready · Annex 22-aligned. For India/US buyers cite **21 CFR Part 11 / ALCOA+ / FDA CSA (Feb 2026)**, never Annex 22.

**Environment language:** say *"demo environment"*, not *"segregated"* (segregation evidence not yet signed off).

**Status legend:** `[BUILT]` live on `dev-vimal-deploy` · `[VERIFY]` confirm live in formal testing · `[PENDING]` blocked on a decision (out of demo until resolved).

**AC ID convention:** `AC-<FLOW>-P#` (positive) · `-N#` (negative — system correctly refuses) · `-E#` (edge). Every AC is pass/fail from the **user's** screen, with the **claim it proves**.

**Out-of-scope (hidden + routes unreachable in the demo tenant):** OOS/OOT, batch disposition, production tenant, customer-specific validation, autonomous MIRA action, MIRA-chat authoring of controlled content.

---

## 1. DEVIATION — *"our AI is forbidden from the risk decision"*

**User story:** As **Ravi (QA Reporter)**, during review of an SOP-execution record on Injectable Line 3, I find the operator executed a step for which prerequisite **training-evidence was not enforced at task start**. I raise a documentation/process deviation. (No OOS, no batch, no product-release decision.)

### Positive
| ID | Given / When / Then | Expected (user sees) | Proves | Status |
|---|---|---|---|---|
| AC-DEV-P1 | **Given** Ravi is logged in with `deviations:create`, **when** he creates a deviation with synthetic data, **then** the system issues a unique deviation ID and saves description, source-record link, classification, severity, detection date | New deviation with server-generated ID; all fields persisted; synthetic banner visible | Attributable creation, no mock record | [BUILT] |
| AC-DEV-P2 | **Given** the new deviation, **when** Ravi submits it, **then** an audit-trail entry records actor, role, server UTC timestamp, and action="created" | Audit trail shows Ravi as creator with timestamp | ALCOA+ Attributable + Contemporaneous (Part 11 §11.10(e)) | [BUILT] |
| AC-DEV-P3 | **Given** an open deviation, **when** Anand confirms triage and assigns **Meera** as investigator, **then** assignment is recorded and Meera ≠ Ravi is satisfied | Investigator = Meera; audit entry | Governed handoff | [BUILT] |
| AC-DEV-P4 | **Given** the deviation exists, **when** Ravi requests "similar prior deviations", **then** a **static-deterministic** similarity list appears, labelled "AI-suggested — requires human review", with no LLM call | Advisory similarity panel, clearly labelled | Permitted advisory AI in non-critical path (URS-16 J-24) | [VERIFY] |

### Negative — *the moat*
| ID | Given / When / Then | Expected | Proves | Status |
|---|---|---|---|---|
| AC-DEV-N1 | **Given** any user on a deviation, **when** an attempt is made to have **generative AI suggest classification, severity, or closure disposition**, **then** the system returns **`403 DEVIATION_GENAI_PROHIBITED`** and logs the blocked attempt | Hard refusal; no AI severity ever offered | **Generative AI blocked from critical GMP decisions** (URS-16 DEC-16-19; Annex 22; CSA high-process-risk) — *the differentiator* | [VERIFY] |
| AC-DEV-N2 | **Given** an unauthenticated/`userId`-null request, **when** a deviation create is attempted, **then** it fails with **401** and no record is written | Cannot create an unattributed record | ALCOA+ Attributable — no anonymous writes (QS-2) | [BUILT] |
| AC-DEV-N3 | **Given** Ravi is the reporter, **when** Ravi is assigned as investigator, **then** the system blocks it (**investigator ≠ reporter**, SoD-16-01) | SoD violation refused | Segregation of duties enforced server-side | [VERIFY] |
| AC-DEV-N4 | **Given** a **closed** deviation, **when** any user attempts a direct field edit, **then** the system refuses (post-closure immutability) | Closed record cannot be silently altered | ALCOA+ Original / Enduring (immutability) | [VERIFY] |

### Edge
| ID | Given / When / Then | Expected | Proves | Status |
|---|---|---|---|---|
| AC-DEV-E1 | **Given** a **draft** deviation, **when** a user tries to advance it to "open" via a status PATCH, **then** the server re-runs the full Phase-1 intake gate (classification, severity, practice domain, priority, detection date, immediate action, scope anchor) and blocks if incomplete | Draft cannot shortcut into the lifecycle | Controlled lifecycle, no gate bypass | [VERIFY] |
| AC-DEV-E2 | **Given** a client supplies a back-dated `created_at`/detection timestamp, **when** the record is saved, **then** the server overrides with `NOW()` (UTC) for system timestamps | Back-dating impossible | ALCOA+ Contemporaneous (QS-3) | [VERIFY] |
| AC-DEV-E3 | **Given** a critical-severity deviation, **when** closure is attempted **without** a linked closed CAPA, **then** closure is blocked | Critical closure gated on linked CAPA | Risk-proportionate control (URS-16 critical closure) | [VERIFY] |

**Money-moment (Scenario 1):** run **AC-DEV-N1 live** — attempt AI severity, show the **403 block**. *"Veeva's AI drafts your CAPA plan. Ours is forbidden from touching the risk decision — and the system enforces it."*

---

## 2. RCA — *advisory AI, human owns the conclusion* `[BUILT]`

**User story:** As **Meera (Investigator)**, I open an RCA linked to the deviation, ask MIRA for help, and write the **systemic** root cause myself.

### Positive
| ID | Given / When / Then | Expected | Proves | Status |
|---|---|---|---|---|
| AC-RCA-P1 | **Given** the deviation, **when** Meera creates an RCA, **then** it links to the deviation ID and records Meera as author | RCA tied to the deviation, attributable | Traceability deviation→RCA | [BUILT] |
| AC-RCA-P2 | **Given** the RCA editor, **when** Meera requests MIRA assist, **then** MIRA returns theme/next-why suggestions marked **"advisory — requires human review"** and **does not** alter the RCA record | Advisory panel; record unchanged until Meera acts | HITL; AI never auto-binds a GxP field (ARCH-AI-001 AC-6) | [BUILT] |
| AC-RCA-P3 | **Given** MIRA's suggestion, **when** Meera edits it to *"the execution-record workflow did not enforce prerequisite training-evidence verification before SOP task execution"* and saves, **then** the system stores **both** MIRA's original output and Meera's final text, with model metadata, timestamp, and `outcome_label = ai_assisted_overridden` | Both AI draft and human text retained; record attributed to Meera | **AI suggested, human decided, both traced** | [BUILT] |
| AC-RCA-P4 | **Given** the saved RCA, **when** Anand approves it, **then** approval is recorded under Anand's authority | RCA approved by ≠ author | Approval governance | [BUILT] |

### Negative
| ID | Given / When / Then | Expected | Proves | Status |
|---|---|---|---|---|
| AC-RCA-N1 | **Given** MIRA produced advisory text, **when** no human acts, **then** the controlled RCA remains unchanged (MIRA cannot write it) | AI output never silently becomes the record | HITL integrity | [BUILT] |
| AC-RCA-N2 | **Given** Meera authored the RCA, **when** Meera attempts to approve it, **then** blocked (**approver ≠ RCA creator**, SoD-17) | Self-approval refused | SoD | [BUILT] |
| AC-RCA-N3 | **Given** a user with only `final_quality_approver` authority, **when** they attempt RCA approval, **then** blocked (RCA approval requires the **`rca_lead`** authority — strict equality) | Wrong-authority approval refused | Authority-profile precision | [VERIFY] |

### Edge
| ID | Given / When / Then | Expected | Proves | Status |
|---|---|---|---|---|
| AC-RCA-E1 | **Given** MIRA's suggestion, **when** Meera accepts it **verbatim** (no edit), **then** `outcome_label = ai_assisted_accepted` and the record is still attributed to Meera | Even unedited acceptance is human-owned + traced | Provenance on acceptance | [VERIFY] |
| AC-RCA-E2 | **Given** Meera **fully discards** MIRA's suggestion, **then** MIRA's original output is still retained in `ai_requests` and `outcome_label = ai_assisted_rejected` | "What the AI proposed" survives even when rejected | Provenance on rejection (closes the chat copy-paste gap) | [VERIFY] |
| AC-RCA-E3 | **Given** the AI gateway is **unavailable**, **when** Meera opens the RCA, **then** she can author it manually (`bypass_ai`, reason recorded) and the workflow proceeds | AI downtime never blocks the regulated workflow | Manual continuity (ARCH-AI-001 AC-1) | [VERIFY] |

**Money-moment (Scenario 2):** run **AC-RCA-P3 + E2 live** — MIRA suggests, Meera rewrites to the systemic cause, both are retained. *"The AI assisted; the human decided; the record proves it."*

---

## 3. CAPA — *human-authored, segregation enforced live*

**User story:** As **Meera**, I author the CAPA myself; **Anand** approves and closes. MIRA does **not** draft CAPA actions.

### Positive
| ID | Given / When / Then | Expected | Proves | Status |
|---|---|---|---|---|
| AC-CAPA-P1 | **Given** the approved RCA, **when** Meera creates a CAPA, **then** it links to **both** the deviation and the RCA and requires a source linkage + scope anchor | CAPA traceable to RCA + deviation | Traceability chain | [BUILT] |
| AC-CAPA-P2 | **Given** the CAPA, **when** Meera authors the action plan (enforce training-evidence gate before task start; QA-review the gate; retrain users; sample next N records) and sets effectiveness criteria, **then** all are saved under Meera's authorship | Human-authored actions; no AI text | Human ownership of corrective actions | [BUILT] |
| AC-CAPA-P3 | **Given** the CAPA plan, **when** Anand (≠ author) approves, **then** approval recorded | Approved by ≠ author | SoD on approval | [BUILT] |
| AC-CAPA-P4 | **Given** a CAPA with elapsed effectiveness window (pre-seeded synthetic), **when** Anand performs the effectiveness check, **then** result/evidence/date/actor recorded and linked | Effectiveness check is live workflow, not a spreadsheet | ICH Q10 effectiveness, in-system | [BUILT] |
| AC-CAPA-P5 | **Given** effectiveness verified, **when** Anand closes the CAPA with e-signature, **then** signer identity, role, signature meaning, timestamp, and linked CAPA state are recorded | Closure bound to a human e-signature | Part 11 §11.50/§11.70 | [BUILT] |

### Negative — *segregation + AI prohibition*
| ID | Given / When / Then | Expected | Proves | Status |
|---|---|---|---|---|
| AC-CAPA-N1 | **Given** Meera authored the CAPA, **when** Meera attempts to approve it, **then** **blocked** (approver ≠ author) | Self-approval refused | SoD | [BUILT] |
| AC-CAPA-N2 | **Given** Meera authored the CAPA, **when** Meera attempts the effectiveness check, **then** **blocked** (reviewer ≠ author) | Self-review refused | SoD | [VERIFY] |
| AC-CAPA-N3 | **Given** Meera is the investigator on the deviation, **when** Meera attempts to **close the deviation**, **then** **blocked** (closer ≠ investigator, ≠ reporter) | Self-closure refused; Anand must close | SoD | [VERIFY] |
| AC-CAPA-N4 | **Given** any AI surface, **when** an attempt is made to **write** to `capas` / `capa_action_items` / `capa_effectiveness_checks` / `capa_cascade_items`, **then** **no AI write path exists** | AI cannot author or alter CAPA records | **GenAI prohibited from CAPA authoring/disposition** (URS-18; CC-AIGOV-2026-002) | [BUILT] |
| AC-CAPA-N5 | **Given** MIRA, **when** asked to close/disposition/mark-effective a CAPA, **then** **not possible** (ranking-not-disposition; MIRA has no close capability) | MIRA cannot close anything | Human-only disposition | [BUILT] |
| AC-CAPA-N6 | **Given** a CAPA whose effectiveness is **not** verified, **when** closure is attempted, **then** **blocked** | Cannot close before effectiveness verified | Lifecycle gate | [VERIFY] |
| AC-CAPA-N7 | **Given** a CAPA with **no** source linkage, **when** save is attempted, **then** **rejected** (source_type + source_id required) | Orphan CAPA refused | Traceability enforced | [VERIFY] |

### Edge
| ID | Given / When / Then | Expected | Proves | Status |
|---|---|---|---|---|
| AC-CAPA-E1 | **Given** a **closed** CAPA, **when** a governed reopen is performed (executive co-sign + reason), **then** a **new iteration** is appended and the **prior closed evidence is not erased or mutated** | Reopen preserves history | ALCOA+ Original / Enduring (DEC-18-22) | [VERIFY] |
| AC-CAPA-E2 | **Given** MIRA priority/SLA advisory, **when** the demo runs, **then** this feature is **not shown** pending the CC-AIGOV-2026-002 §3.4 decision (disable or validate) | Unresolved feature kept out | Don't demo an undecided governance item | [PENDING] |
| AC-CAPA-E3 | **Given** the deviation `batch_id` field, **when** populated, **then** it is **free-text reference only** — no link into a batch module, no batch-disposition gate fires | Batch stays out of Phase-1 (CC-PILOT-2026-001) | Scope discipline | [VERIFY] |

**Money-moment (Scenario 3):** run **AC-CAPA-N1 + N3 live** — Meera is blocked from approving her own CAPA and from closing the deviation; Anand does both. *"The system won't let one person investigate and judge their own work."*

---

## 4. DOCUMENT CONTROL — *MIRA reviews your SOP; you own every word* `[BUILT]`

**User story:** As **Meera**, I upload the SOP being revised in response to the deviation and ask MIRA to review it; I decide on every finding.

### Positive
| ID | Given / When / Then | Expected | Proves | Status |
|---|---|---|---|---|
| AC-DOC-P1 | **Given** a synthetic SOP, **when** Meera uploads it (document type = SOP), **then** it is stored as a controlled document with version 1 and audit entry | Controlled upload | Document control | [BUILT] |
| AC-DOC-P2 | **Given** the uploaded SOP, **when** Meera requests MIRA review, **then** MIRA returns findings — `missing_section` / `ambiguity` / `template_deviation` / `improvement` — each with a suggested action and confidence, marked **advisory** | Findings panel, advisory | Permitted advisory AI on non-critical doc | [BUILT] |
| AC-DOC-P3 | **Given** the findings, **when** Meera **accepts / rejects / modifies** each, **then** each decision is logged (original AI finding + human decision) | Per-finding HITL recorded | Human-owned review; provenance | [BUILT] |
| AC-DOC-P4 | **Given** accepted findings, **when** Meera edits the SOP via the authoring/version flow, **then** the edits are hers and a new version is created | MIRA never edited the document | AI assists, human authors | [BUILT] |
| AC-DOC-P5 | **Given** the revised SOP, **when** Anand (≠ author) e-signs approval, **then** version history shows author, reviewer, approver, effective date | Governed approval + version trail | Part 11 e-sig + version control | [VERIFY] |

### Negative
| ID | Given / When / Then | Expected | Proves | Status |
|---|---|---|---|---|
| AC-DOC-N1 | **Given** a **batch record / MBR / batch-release** document, **when** AI review is requested, **then** **refused at the gate** (`DOC_TYPE_NOT_ALLOWED_FOR_AI_REVIEW`, 422) before any LLM call | AI review blocked on batch-critical records | Conservative AI control (internal test — **not** in buyer walkthrough) | [BUILT] |
| AC-DOC-N2 | **Given** MIRA findings, **when** no human acts, **then** the SOP is unchanged (MIRA cannot write to the document) | AI never edits the controlled document | HITL integrity | [BUILT] |
| AC-DOC-N3 | **Given** Meera authored the revision, **when** Meera attempts to approve it, **then** **blocked** (approver ≠ author) | Self-approval refused | SoD on documents | [VERIFY] |
| AC-DOC-N4 | **Given** MIRA, **when** asked to **approve/reject/supersede** the document or call it compliant, **then** **refused** (review checklist only, no disposition) | MIRA cannot disposition a document | Ranking-not-disposition | [BUILT] |

### Edge
| ID | Given / When / Then | Expected | Proves | Status |
|---|---|---|---|---|
| AC-DOC-E1 | **Given** an uploaded SOP with **no extractable body text**, **when** review is requested, **then** the system falls back to title+type only and flags the weak input | No silent "review" of empty content | Honesty of AI input (cut the demo step if this triggers) | [VERIFY] |
| AC-DOC-E2 | **Given** a finding, **when** Meera **modifies** it then accepts, **then** both the original AI finding and the human-modified version are retained (`was_overridden`) | Provenance on modification | Traceable human override | [VERIFY] |
| AC-DOC-E3 | **Given** an edited SOP, **when** Meera re-runs review, **then** a fresh findings set is produced and prior decisions are retained in audit | Re-review doesn't erase history | Enduring records | [VERIFY] |

**Money-moment (Scenario 4):** run **AC-DOC-P2→P4 live** — upload SOP, MIRA flags gaps, Meera decides each, Meera edits. *"MIRA finds the gaps; you own every word."*

---

## 5. EVIDENCE PACK — *the governance, made visible* `[BUILT]`

**User story:** As **Anand**, after closure I generate the evidence pack and open the audit trail in front of the buyer.

### Positive
| ID | Given / When / Then | Expected | Proves | Status |
|---|---|---|---|---|
| AC-EV-P1 | **Given** the closed deviation/CAPA, **when** Anand generates the **AI-evidence pack**, **then** it assembles **live from the underlying records** — every AI suggestion, every human edit/accept/reject, model metadata, `outcome_label`, with a content hash | Hash-sealed, append-only AI-evidence snapshot | **"Did AI influence this, and was the human the decider?"** answered + sealed | [BUILT] |
| AC-EV-P2 | **Given** the audit trail view, **when** Anand opens it, **then** it shows actor, role, UTC timestamp, before/after values, and reason where required, across the full chain | Attributable, contemporaneous trail | ALCOA+ / Part 11 §11.10(e) | [BUILT] |
| AC-EV-P3 | **Given** the record bundle, **when** generated, **then** it includes deviation + RCA + CAPA + e-signatures + effectiveness check + audit trail + AI-advisory history | One-click evidence bundle | Inspection retrieval | [VERIFY] |

### Negative
| ID | Given / When / Then | Expected | Proves | Status |
|---|---|---|---|---|
| AC-EV-N1 | **Given** the pack, **when** generated, **then** it is **not** a pre-baked PDF or static seed — it is built from current records | No mock evidence | Data integrity of the artifact itself | [VERIFY] |
| AC-EV-N2 | **Given** a generated pack, **when** its content is altered, **then** the stored **content hash no longer matches** (tamper-evident) | Sealed pack detects tampering | Cryptographic integrity | [VERIFY] |

### Edge
| ID | Given / When / Then | Expected | Proves | Status |
|---|---|---|---|---|
| AC-EV-E1 | **Given** an existing pack, **when** Anand regenerates it, **then** a **new** pack with a new hash + timestamp is created and the prior pack is immutable (append-only) | Packs are versioned, never overwritten | Original / Enduring | [VERIFY] |
| AC-EV-E2 | **Given** the chain contained a **rejected** AI suggestion, **when** the pack is opened, **then** it shows `outcome_label = ai_assisted_rejected` — what the AI proposed vs what the human decided | Even rejected AI is on the record | Full AI provenance | [VERIFY] |

**Money-moment (Close):** run **AC-EV-P1 + E2 live** — generate the sealed pack, show a *rejected* AI suggestion still recorded. *"One click: who decided, what the AI proposed, and proof nothing was tampered with."*

---

## 6. Cross-cutting validations (apply to every flow)
| ID | Validation | Proves | Status |
|---|---|---|---|
| AC-X-1 | Every mutation writes an audit-trail entry (actor, role, UTC, before/after, reason) | Part 11 §11.10(e) | [BUILT] |
| AC-X-2 | No GxP record can be created with a null/anonymous user (401) | ALCOA+ Attributable | [BUILT] |
| AC-X-3 | Server generates all timestamps (no client back-dating) | ALCOA+ Contemporaneous | [VERIFY] |
| AC-X-4 | OOS, batch, production-tenant routes are **unreachable** in the demo tenant (direct URL → not found/blocked) | Scope discipline + CC-PILOT-2026-001 | [VERIFY] |
| AC-X-5 | Every AI response carries `advisory: true`; no AI output binds a GxP field without human action | HITL (ARCH-AI-001 AC-6) | [BUILT] |
| AC-X-6 | No banned phrase spoken; every spoken claim logged in the Public Claim Register | Claim control | (process) |

---

## 7. Demo-pass gate (run before any external demo)
A flow enters the **live** walkthrough only if its `[BUILT]` ACs pass and its `[VERIFY]` ACs are confirmed green in the demo environment. Anything `[VERIFY]` that fails → **cut from the running demo, narrate as roadmap, never mock.** `[PENDING]` items (CAPA prioritization) stay out until CC-AIGOV-2026-002 §3.4 is decided. **QA owns the cut decision; Founder owns the demo date.**

Three dry-runs precede any buyer demo: **product**, **QA/validation**, **hostile-buyer**.

**Must-confirm-live before 26 June (the load-bearing `[VERIFY]` items):**
1. AC-DEV-N1 — the `403 DEVIATION_GENAI_PROHIBITED` block actually fires (the moat beat).
2. AC-CAPA-N1/N3 — SoD blocks fire live with the 3-user setup.
3. AC-DOC-E1 — uploaded SOP body text reaches the review service.
4. AC-EV-P1/N2 — evidence pack assembles live and is hash-sealed.

---

## 8. Buyer-relevance (separate from QA pass — sales signal, not pass/fail)
- **Deviation block (AC-DEV-N1):** *we forbid AI from the risk decision* — the stance incumbents who sell AI-generated CAPA plans can't copy.
- **RCA provenance (AC-RCA-P3/E2):** AI assists, human decides, both traced.
- **CAPA SoD (AC-CAPA-N1/N3):** no one judges their own work.
- **Doc review (AC-DOC-P2–P4):** MIRA finds gaps; you own every word.
- **Evidence pack (AC-EV-P1/E2):** one sealed answer to *"did AI touch this, who decided."*

Lead the conversation on the **documentation/investigation burden** (the felt pain); win on **principled refusal + sealed evidence** (the moat).

---

*Verixa **verifies** under its SDLC; the customer **validates** intended use in their environment. This document makes no "validated / compliant" claim. Synthetic data only; not based on any real company's records, systems, sites, or personnel.*
