D3 — Validation & Acceptance Report

All signal sources configured: EHR FHIR (ANC, DPYD, tumor), BMS (pressure, PM2.5), EPA AirNow, NWS UV, CDC Wastewater, NASA FIRMS, NOAA NWS. Test patient record created in EHR sandbox.

1. Trigger lab draw event in EHR sandbox → verify CC-001 received within 60s.
2. Submit DPYD genotype result → verify CC-002 received.
3. Push BMS pressure reading → verify CC-004 received continuously.
4. Verify EPA AirNow polling returns CC-006 within 1 hr window.
5. Verify NASA FIRMS returns CC-009 within 12 hr window.
6. Verify CDC wastewater returns CC-008 within weekly window.
7. Check normalization: each signal normalized to 0–100 scale.
8. Verify failover: disconnect BMS pressure sensor → confirm alert fires within 5 min.

All 10 signals received within spec. Normalized values within 0–100. Failover alert fires on sensor disconnect.

CC-004 and CC-005 active with known test values. ERI weight configuration: CC-004 = 50%, CC-005 = 50%.

1. Input CC-004 = 2.5 Pa (normal), CC-005 = 10 μg/m³ (normal) → verify ERI = high (safe).
2. Input CC-004 = 0.8 Pa (critical), CC-005 = 10 → verify ERI drops to warning.
3. Input CC-004 = 0.5 Pa, CC-005 = 40 → verify ERI = critical.
4. Verify ERI recalculates within 60s of signal change.
5. Verify ERI feeds into GOV-002 and GOV-004 trigger evaluation.

ERI scores match expected values for all 3 test conditions. Recalculation latency < 60s. GOV-002/004 triggers fire when ERI crosses threshold.

CC-001 active with test lab values in EHR sandbox. LPRM weight: CC-001 = 25%.

1. Input ANC = 2000 (normal) → verify LPRM reflects low risk.
2. Input ANC = 800 (neutropenic) → verify LPRM shifts to moderate.
3. Input ANC = 400 (severe) → verify LPRM = critical.
4. Verify LPRM triggers GOV-002 when ANC < 500 combined with environmental breach.
5. Verify time-decay flag when ANC reading > 24 hrs old.

LPRM scores match expected risk levels. GOV-002 triggers on ANC < 500 + environmental breach. Stale data flagged.

All 7 authority roles configured. Test governance events for each of the 5 rules prepared.

1. Trigger GOV-001 (DPYD poor metabolizer) → verify routes to AUTH-001 within 5 min.
2. Trigger GOV-002 (ANC < 500 + pressure < 1.0 Pa) → verify routes to AUTH-003 within 30 min.
3. Trigger GOV-003 (actionable EGFR mutation) → verify routes to AUTH-005 pre-tumor-board.
4. Trigger GOV-004 (AQI > 150) → verify routes to AUTH-004 within 15 min.
5. Trigger GOV-005 (BRCA1 positive) → verify routes to AUTH-007 within 48 hrs.
6. Let GOV-001 response window expire → confirm auto-escalation to AUTH-002.

All 5 rules route to correct primary authority. Auto-escalation fires when response window expires.

At least one governance event resolved by an authority. Receipt template configured per D2 spec.

1. Resolve GOV-001 (PGx dose reduction) → verify receipt with all 15 fields.
2. Verify Decision ID format: GR-YYYYMMDD-RMCTR-SEQ.
3. Verify confidence within 0.00–1.00.
4. Verify Judge result (PASSED/BLOCKED) with reason.
5. Verify STATUS = SEALED after signing.
6. Verify Patent Ref TPP96862 present.
7. Repeat for GOV-002 → verify different receipt fields per D2 spec.

All 15 fields present. Decision ID format correct. Confidence valid. Judge result documented. Status sealed. Patent ref included.

Confidence threshold set to 0.70. Test signal combination that produces ambiguous recommendation.

1. Input conflicting signals: ANC = 600 (borderline) + CC-004 = 1.5 Pa (borderline) → verify confidence < 0.70.
2. Verify recommendation BLOCKED (not passed to authority).
3. Verify escalation fires to designated escalation authority.
4. Verify receipt shows BLOCKED with confidence value and escalation target.
5. Input clear signals: ANC = 200 + CC-004 = 0.5 Pa → verify confidence ≥ 0.70 and recommendation passes normally.

Low-confidence blocked and escalated. High-confidence passes normally. Receipt documents block reason.

At least 3 sealed receipts in chain.

1. Generate 3 receipts through GOV-001, GOV-002, GOV-004 normal flow.
2. Recompute SHA-256 of receipt 1 from raw fields in deterministic order (Decision ID through Patent Ref) → verify matches stored hash.
3. Verify receipt 2 chain hash = receipt 1 SHA-256. Verify receipt 3 chain hash = receipt 2 SHA-256.
4. Attempt direct modification of receipt 1 sealed fields → verify system rejects.
5. Verify chain break detection: corrupt receipt 2 hash → verify integrity violation flagged and escalated to CISO-CIO.
6. Verify genesis receipt uses GENESIS-RMC chain hash.

All SHA-256 hashes match recomputation. Chain links verified across 3 receipts. Modification rejected. Chain break detected and escalated. Genesis receipt format correct.

At least 2 roles configured with different permission levels.

1. Log in as AUTH-003 (Infection Preventionist) → verify can view GOV-002 receipts.
2. As AUTH-003, attempt to view GOV-001 (chemo dosing) receipts → verify ACCESS DENIED.
3. As AUTH-003, attempt to modify authority matrix → verify ACCESS DENIED.
4. Verify audit log captures both denied attempts with timestamp, user, action, resource.
5. Log in as AUTH-001 (PGx Specialist) → verify can view GOV-001 receipts but NOT GOV-002.
6. Attempt API call with expired session token → verify rejected.
7. Verify no receipt data accessible without authentication.

Role-based access enforced. Cross-rule receipt access denied. Authority matrix modification denied. All denied attempts logged. Expired tokens rejected. Unauthenticated access blocked.